Introduction to Ethical Hacking
When security experts offer “safety talks” to business groups, they share definitions for VPN’s, encryption, laptop security, network security, online piracy and so on. Then, they explore instances when establishing security are ineffective: vulnerabilities are found and harmful components creep in.
At this point, the security expert introduces the idea of “Ethical Hackers,” whose primary occupation is to eliminate vulnerabilities before “genuine” Hackers do.
What are Ethical Hackers?
Ethical Hackers could be called “infiltration analyzers,” but their roles include wider efforts.
According to TechTarget, an Ethical Hacker is “a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit.”
What do Ethical Hackers Do?
In addition to the customary obligations of PenTesters, Ethical Hackers perform supplementary and various tasks. Fundamentally, they duplicate “genuine hacks” at work. Rather than abusing vulnerabilities to cause harm, they seek countermeasures to protect and seal systems using these and other techniques:
- Port Filtering: Tools like Nmap and Nessus help uncover open ports. Vulnerabilities can be seen; remedial measures can be implemented.
- Social Engineering:
- He/she will scrounge through trash cans for passwords, graphics and sticky notes with the fundamental data, which can be used to create assaults. (To thwart such attacks, reliable companies require workers to shred unwanted paperwork and properly dispose of potentially desirable media.)
- He/she “shoulder surfs” to access urgent data or uses the “game of reflection” to capture workers’ passwords.
- Navigating IDS, IPS, Honeypots and Firewalls: Using different methodologies and systems sniffing, he/she tries to bypass encryption and remote division.
- Identity Theft: He/she manages issues around identity theft and tablet mismanagement.
Should You Become an Ethical Hacker?
In the last few decades, there’s been an increasing demand for Ethical Hackers to protect systems from dangerous intrusions. As with any calling, you’ll need need energy and focus. These elements, coupled with effective learning management systems will empower you to make an entrance into the field of Ethical Hacking.
Basic Hacking Concepts You Should Know
1:PenTesting
PenTesting, like forensics, is as much an art as it is a science; you can only be taught so much. Technical techniques and tools are all very good, but you really need a mind that can think sideways and approach tasks from many angles.
2: Footprinting
Footprinting includes tools and tricks to get information about a computer, IP and MAC addresses and related user and system information. A simple command such has IPCONFIG for windows and IFCONFIG for linux would show the IP of a machine.
3: Scanning
Before you begin PenTesting, you must have some information about a network and system. A PenTester will often scan an entire network with tools like nMap, zenmap, ping, hping, etc.
4: Enumeration
During the enumeration phase, you’ll discover hosts/devices on a network. The information collected during this reconnaissance phase is then applied.
5: System Hacking
System hacking begins with logging into a system without credentials. You’ll not only bypass the credentials, but then you may navigate into a root user position through privileged escalation.
6: Trojans
Trojans are generally non-self-replicating types of malware programs containing malicious code. A Trojan often acts as a backdoor, communicating with a controller that has unauthorized access to an affected computer. While Trojans and backdoors are not easily detectable by themselves, computers may slow due to heavy processor loads or network usage.
7: Viruses and Worms
A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections to spread. A worm is capable of replicating itself on a system. Rather than one computer sending out a single worm, it could send out hundreds or thousands of copies to yield a devastating effect.
8: Sniffing Traffic
Sniffers are programs that monitor and analyze network traffic – detecting and finding problems. Various techniques and tools are used for sniffing, such as Kali Linux, MITM attack, tshark, urlsnarf, etc.
9: Social Engineering
An example of social engineering is when Ethical Hackers create phishing pages on websites to obtain credential of users. See information above for additional examples.
10: Denial of Service
A DoS attack generally consists of temporarily interrupting, suspending or downing a host connected to the Internet, usually through overwhelming amounts of traffic.
11: Session Hijacking
Session Hijacking is used to gain unauthorized access to information or services in a computer system. Session hijacking is also known as “Man in the Middle Attack.” This can be performed with the help of Kali Linux, which is based on Debian Linux.
12: Hacking Web Servers
Web servers can be hacked in various ways, including Denial of Service Attacks, Domain Name System Hijacking, Phishing etc. A short list of hacking tools include Metasploit, Mpack, Zeus, etc.
13: Webapplication
Webapplication is used to intercept the proxy as an intruder, as a repeater, etc. – after hacking a website. Webapplication is used to upload injections and scripts in websites, like the popular “c99 injection.”
14: SQL Injection
SQL injection is used to insert a query and confuse the database of system to gain unauthorized access. Hackers can use SQL injections to extract the data from a website without credentials. This kind of attack is often performed manually, yet there are many tools available to carry out the attack to give the same result, many comes preinstalled in Kali Linux.
15: Wireless Intrusion
Ethical Hackers study various types of wireless interfaces and how to exploit them. Concurrently, they can also learn associated encryption formats like WEP, WPA, WPA2, etc. Most of their favorite tools includes: BetterCap, Aircrack-ng etc...
16: Mobile Hacking
Ethical Hackers learn how to sniff a network for mobile apps, hack another user’s Smartphone, extract the data from a Smartphone and how to root the Smartphone, etc.
17: IDS, Firewalls and Honeypots
IDS stands for Intrusion Detection System. IDS is a device or software application that monitors network or system activities. Firewalls are used to set rules for inbound and outbound traffic. There are two types of firewalls: software and hardware. Software firewalls are less expensive then hardware firewalls.
18: Buffer Overflows
A buffer overflow occurs when a program attempts to put more data in a buffer than it can hold. Normally, this can occur due to the vulnerabilities in system drivers. When drivers start performing improperly, the system can crash, causing the dreaded “blue screen.”
19: Cryptography
Cryptography is the study and application of techniques that conceal the real meaning of information by transforming it into non-human readable formats and vice-versa.
- The process of transforming information into non- human readable form is called encryption.
- The process of reversing encryption is called decryption.
- Decryption is done using a secret key, which is only known to the legitimate recipients of the information.
- Learn more by searching for more information on: CAESAR CIPHER, CIPHER TEXT, KEY etc... to have a background knowledge of how Cryptography works.
Conclusion
Everyone should be concerned about falling prey to hack attempts. From my perspective, the thrill of being a Ethical Hacker, and helping people stay safe, is truly unmatched.
Credits
This articles was first written by HakTuts in 2015 and served as a framework for this post, other additionals were added to provide more information for readers.
Posts
0 Comments