Get into cybersecurity with no experience, Lesson 3- What is ethical hacking? What are its types and its different phases?
In the early 1990s, the word “hacker” was used to describe a great programmer, someone who was able to build complex logic. Unfortunately, over time the word gained negative hype, and the media started referring to a hacker as someone who discovers new ways of hacking into a system, be it a computer system or a programmable logic controller, someone who is capable of hacking into banks, stealing credit card information, etc. This is the picture that is created by the media and this is untrue because everything has a positive and a negative aspect to it. What the media has been highlighting is only the negative aspect.
WHAT IS HACKING AND WHO IS A HACKER?
In general we can say that Exploiting loop hole is Hacking. So Considering in Computer terminology we can say that” Gaining an Unauthorized Access into a System or network is called Hacking” and the one who performs hacking or this type of tasks in known as Hacker.
Now the question is, WHO IS AN ETHICAL HACKER?
An ethical hacker is as a person who is hired and permitted by an organization
to attack its systems for the purpose of identifying vulnerabilities, which an attacker might take advantage of. The sole difference between the terms “hacking” and “ethical hacking” is the permission.
TYPES OF HACKERS?
However, if you look at media’s definition, the term has been broken into mainly three types:-
WHITE HAT HACKER- They are the good guys, often referred to as security professional or security researcher. They have skills and uses them to increase the security posture of systems and defends it from malicious attacks. They are employed by an organization and takes permission of data owner before performing an attack.
BLACK HAT HACKER- Also known as cracker, this kind of hacker is referred to as a bad guy, who uses his or her skills for illegal or malicious purposes. They don’t take permission from data owner and are the ‘typical’ hacker shown by media, thus getting a bad name to cybersecurity industry.
GRAY HAT HACKER- This kind of hacker is an intermediate between a whit hat and black hat hacker. They have split personality, for an instance, in favorable conditions gray hat hacker would work as a white hat hacker, defending a network and not breaking any law and responsibly disclosing everything to them; however, he or she might leave a backdoor in the system or might sell confidential information, obtained after the compromise of a company’s target server, to competitors.
Similarly, we have categories of hackers about whom you might hear oftentimes. Some of them are as follows:-
i. Script kiddie- (also known as skid) is that kind of hacker who lacks knowledge on how the program or exploit works. He/she relies upon the exploits made by other hackers. A skid cannot modify an exploit in case it doesn’t work.
ii. Hacktivist- They are group of hackers who hacks for a cause. The purpose might be political gain, human rights, freedom of speech and so on.
and many more.
Some important terminologies in hacking
i. Vulnerability(loop hole)- It is the existence of a software flaw, logic design or implementation error that can lead to unexpected and undesirable event executing bad or damaging instruction in the system.
ii. Threat- It is a situation that could lead to potential breach of security. Hackers look for threat when performing security analysis. A successful exploitation of vulnerability is a threat.
iii. Exploit- Piece of code, software, or technology which an hacker uses and takes advantage of a bug, glitch, vulnerability to cause unintended behavior in the system.
For the better understanding, let’s take an example- Windows XP had some loophole due to which hacker used some piece of code to gain access over it. Here, Windows XP- threat, loophole- Vulnerability, Piece of code- exploit.
You must have heard of penetration testing or hacker who claims that they are penetration testers. Now what is penetration testing?, many people confuse it with vulnerability assessments but they are not the same. so let’s talk about what is a penetration test and how is it different from vulnerability assessments.
Penetration test- It comprises a set of procedures that aim at protecting a firm’s security. The penetration tests prove helpful in finding vulnerabilities in an organization and check whether an attacker will be able to exploit them to gain unauthorized access to the system.
Vulnerability assessments- In a vulnerability assessment, our goal is to figure out all the vulnerabilities in the system and document them accordingly.
Phases of Hacking
- Information gathering (footprinting/Reconnaissance)- It is the first phase in phases of hacking. It is an activity in which a hacker tries to gather information about a target preparatory to launching an attack. Risk to organization is notable in this phase.
- Scanning/Enumeration- In scanning, Hacker looks for vulnerabilities in the system and in enumeration, hacker ranks those vulnerabilities according to the severity. Risk to organization is notable in this phase.
- Gaining access(exploitation phase)- In this phase, an actual attack is implemented on the system. Access is gained in this phase and harm can be done to the system. Risk to organization is highest in this phase.
- Maintaining access- Once an access is gained, hacker wants to maintain that access. For maintaining access, many thing can be done like downloading password files, installing software and sniffers(we’ll come to them in the upcoming blogs).
- Clear the tracks- It is done so that no one is aware of hacker’s unauthorized activities on the system.
Hope you like this blog.
The next blog will be on “Categories and types of penetration testing”.
Social media accounts-
GitHub username- Chitranjan404
Twitter username- Chitranjan404
*Legal Disclaimer: The tools and approaches offered are open-source, which means that they are freely available to everyone. You are solely responsible for any actions and/or activities relating to the material included within this blog. Misuse of the material contained in this blog may result in criminal charges being filed against the individuals involved. If any criminal charges are made against anyone who uses the material on this blog to break the law, the author will not be held liable. Hacking, software cracking, and/or piracy are not encouraged on this blog. The information on this blog is solely for educational purposes.