An Introduction to Ethical Hacking

July 13, 2017 | Views: 15112

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Information security overview

1- Definition

Information security is a state of well-being of information and infrastructure in which the possibility of theft, tampering, and disruption of information and services is kept low.

2- Essential terminology

  • Hack value – is the notion among hackers that something is worth doing or is interesting.
  • Vulnerability  – is the existence of a weakness (design or implementation error) that can lead to an unexpected event compromising the security of the system.
  • Exploit – is a breach of an IT system security through vulnerabilities.
  • Payload – is the part of an exploit code that performs an intended malicious action.
  • Zero-Day attack – is an attack that exploits the computer vulnerability before software engineer releases a patch.
  • Daisy chaining – it involves gaining access to a network and /or computer and then using the same information to gain access to multiple networks and computers that contains desirable information.
  • Doxing – Publishing personally identifiable information about an individual or organization.
  • Bot – is a software application that can be controlled remotely to execute or automate predefined tasks.
  • Warfare – or info war refers to the use of information and communication technologies to take advantage over an opponent.
  • Hacking – Unauthorized attempts to bypass the security mechanisms of an information system or network.
  • Hacker – is a person with excellent computer skills, with the ability to create and explore the computer software and hardware.
  • Ethical hacking – is the use of hacking tools and tricks to identify vulnerabilities so as to ensure the system security.

3- Elements of information security

  • Confidentiality: the information is only accessible by persons authorized to.
  • Integrity: the trustworthiness of data.
  • Availability: systems available to whom requires them.
  • Authenticity.
  • Non-repudiation: not denying sending or receiving data.

4- Levels of security

Levels of security in any system can be defined by the strength of three components which are functionality, security, and usability.

Functionality represents the features, security represents the restrictions and usability represent the graphical user interface (GUI).

We can find a close association between these three levels and move toward one of them is losing the two others.

II/ Information Security Threats and attacks

Attack = motive + method + vulnerability

Threat categories:

  • Network threats.
  • Host-based threats.
  • Applications threats.

Some threats and attack vectors:

  • Cloud computing threats.
  • Advanced Persistent Threats (APT).
  • Viruses and worms.
  • Botnets
  • Insider attacks…

Motives behind attacks:

  • Information theft.
  • Manipulating data.
  • Damaging the reputation of the target.
  • Propagating religious or political beliefs.
  • Taking revenge.


III/ Hackers classes and hacking phases

A. Hackers classes

  • Black hats: are hackers with malicious intentions.
  • White hats: are ethical hackers.
  • Grey hats: are black and white hackers.
  • Suicide hackers: are hackers that are not afraid of going jail or facing any sort of punishment.
  • Script kiddies: Unskilled hackers who use real hackers’ tools and programs.
  • Cyber terrorists: hackers having religious or political beliefs with motive of creating a large-scale fear.
  • State sponsored hackers: hackers engaged by governments.
  • Hacktivists: hackers promoting a political agenda or a social change.

B. Hacking phases:

1. Reconnaissance

Reconnaissance is the preparation phase. It seeks to gather information about the target. There’s two kind of reconnaissance; active and passive.

  • Active reconnaissance permits direct interaction by any mean with the target.
  • Passive reconnaissance does not permit any direct interaction with the target.

2. Scanning

Scanning is the pre-attack phase, it’s done on the basis of information gathered during recon phase. This phase includes the usage of port scanners, net mappers, and many other tools.

Information extracted by the attacker during this phase are live machine, OS details…

3. Gaining access

Gaining access is the point where the attacker obtains access to the system or the application. The attacker can then, escalate privileges to gain a complete control of the system.

4. Maintaining access

Maintaining access is the retention the system’s owner.

5. Cleaning tracks

Clearing tracks are hiding its malicious acts to prevent being uncovered.

This was an introduction to ethical hacking covering an overview of information security, threats, and attack vectors, it also covers hacker types and hacking phases. The Next article will cover information security controls, laws, and standards. Stay tuned!

Brought to you by Zyed Nammouchi

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. I concur.. very nice!

  2. Good job! The hacking phases are a little different than EC-Council teaches or PTES indicates but your article covers elements of real world hacks carried out against systems every day. I think that’s very important to recognize if you’re trying to stop attacks.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?