The Comprehensive Guide to Ethical Hacking

June 15, 2015 | Views: 17798

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Introduction to Ethical Hacking

When security experts offer “safety talks” to business groups, they share definitions for VPN’s, encryption, laptop security, network security, online piracy and so on. Then, they explore instances when establishing security are ineffective: vulnerabilities are found and harmful components creep in.

At this point, the security expert introduces the idea of “Ethical Hackers,” whose primary occupation is to eliminate vulnerabilities before “genuine” Hackers do.

 


What are Ethical Hackers?

Ethical Hackers could be called “infiltration analyzers,” but their roles include wider efforts.

According to TechTarget, an Ethical Hacker is “a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit.”

 


What do Ethical Hackers Do?

In addition to the customary obligations of PenTesters, Ethical Hackers perform supplementary and various tasks. Fundamentally, they duplicate “genuine hacks” at work. Rather than abusing vulnerabilities to cause harm, they seek countermeasures to protect and seal systems using these and other techniques:

  • Port Filtering: Tools like Nmap and Nessus help uncover open ports. Vulnerabilities can be seen; remedial measures can be implemented.
  • Social Engineering:
    • He/she will scrounge through trash cans for passwords, graphics and sticky notes with the fundamental data, which can be used to create assaults. (To thwart such attacks, reliable companies require workers to shred unwanted paperwork and properly dispose of potentially desirable media.)
    • He/she “shoulder surfs” to access urgent data or uses the “game of reflection” to capture workers’ passwords.
  • Navigating IDS, IPS, Honeypots and Firewalls: Using different methodologies and systems sniffing, he/she tries to bypass encryption and remote division.
  • Identity Theft: He/she manages issues around identity theft and tablet mismanagement.

 


Should You Become an Ethical Hacker?

In the last few decades, there’s been an increasing demand for Ethical Hackers to protect systems from dangerous intrusions. As with any calling, you’ll need need energy and focus. These elements, coupled with effective learning management systems will empower you to make an entrance into the field of Ethical Hacking.


Basic Hacking Concepts You Should Know

1:PenTesting

PenTesting, like forensics, is as much an art as it is a science; you can only be taught so much. Technical techniques and tools are all very good, but you really need a mind that can think sideways and approach tasks from many angles.

2: Footprinting 

Footprinting includes tools and tricks to get information about a computer, IP and MAC addresses and related user and system information.

3: Scanning

Before you begin PenTesting, you must have some information about a network and system. A PenTester will often scan an entire network with tools like nMap, zenmap, ping, hping, etc.

4: Enumeration

During the enumeration phase, you’ll discover hosts/devices on a network. The information collected during this reconnaissance phase is then applied.

5: System Hacking

System hacking begins with logging into a system without credentials. You’ll not only bypass the credentials, but then you may navigate into a root user position through privileged escalation.

6: Trojans

Trojans are generally non-self-replicating types of malware programs containing malicious code. A Trojan often acts as a backdoor, communicating with a controller that has unauthorized access to an affected computer. While Trojans and backdoors are not easily detectable by themselves, computers may slow due to heavy processor loads or network usage.

7: Viruses and Worms

A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections to spread. A worm is capable of replicating itself on a system. Rather than one computer sending out a single worm, it could send out hundreds or thousands of copies to yield a devastating effect.

8: Sniffing Traffic

Sniffers are programs that monitor and analyze network traffic – detecting and finding problems. Various techniques and tools are used for sniffing, such as Kali Linux, MITM attack, tshark, urlsnarf, etc.

9: Social Engineering

An example of social engineering is when Ethical Hackers create phishing pages on websites to obtain credential of users. See information above for additional examples.

10: Denial of Service

A DoS attack generally consists of temporarily interrupting, suspending or downing a host connected to the Internet, usually through overwhelming amounts of traffic.

11: Session Hijacking

Session Hijacking is used to gain unauthorized access to information or services in a computer system. Session hijacking is also known as “Man in the Middle Attack.” This can be performed with the help of Kali Linux, which is based on Debian Linux.

12: Hacking Web Servers

Web servers can be hacked in various ways, including Denial of Service Attacks, Domain Name System Hijacking, Phishing etc. A short list of hacking tools include Metasploit, Mpack, Zeus, etc.

13: Webapplication

Webapplication is used to intercept the proxy as an intruder, as a repeater, etc. – after hacking a website. Webapplication is used to upload injections and scripts in websites, like the popular “c99 injection.”

14: SQL Injection

SQL injection is used to insert a query and confuse the database of system to gain unauthorized access. Hackers can use SQL injections to extract the data from a website without credentials.

15: Wireless Intrusion

Ethical Hackers study various types of wireless interfaces and how to exploit them. Concurrently, they can also learn associated encryption formats like WEP, WPA, WPA2, etc.

16: Mobile Hacking

Ethical Hackers learn how to sniff a network for mobile apps, hack another user’s Smartphone, extract the data from a Smartphone and how to root the Smartphone, etc.

17: IDS, Firewalls and Honeypots

IDS stands for Intrusion Detection System. IDS is a device or software application that monitors network or system activities. Firewalls are used to set rules for inbound and outbound traffic. There are two types of firewalls: software and hardware. Software firewalls are less expensive then hardware firewalls.

18: Buffer Overflows

A buffer overflow occurs when a program attempts to put more data in a buffer than it can hold. Normally, this can occur due to the vulnerabilities in system drivers. When drivers start performing improperly, the system can crash, causing the dreaded “blue screen.”

19: Cryptography

Cryptography is the study and application of techniques that conceal the real meaning of information by transforming it into non-human readable formats and vice-versa.

  • The process of transforming information into non- human readable form is called encryption.
  • The process of reversing encryption is called decryption.
  • Decryption is done using a secret key, which is only known to the legitimate recipients of the information.

Conclusion

Everyone should be concerned about falling prey to hack attempts. From my perspective, the thrill of being a Ethical Hacker, and helping people stay safe, is truly unmatched.

 


You might also like…

7 Types of Hackers You Should Know

Hacking Competitions That Will Get You Noticed

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
25 Comments
  1. I hope theres an actual pentest 🙂

  2. nice job bro….

Page 5 of 5«12345
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel