The Comprehensive Guide to Ethical Hacking
What are Ethical Hackers?Ethical Hackers could be called "infiltration analyzers," but their roles include wider efforts. According to TechTarget, an Ethical Hacker is "a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit."
What do Ethical Hackers Do?In addition to the customary obligations of PenTesters, Ethical Hackers perform supplementary and various tasks. Fundamentally, they duplicate "genuine hacks" at work. Rather than abusing vulnerabilities to cause harm, they seek countermeasures to protect and seal systems using these and other techniques:
- Port Filtering: Tools like Nmap and Nessus help uncover open ports. Vulnerabilities can be seen; remedial measures can be implemented.
- Social Engineering:
- He/she will scrounge through trash cans for passwords, graphics and sticky notes with the fundamental data, which can be used to create assaults. (To thwart such attacks, reliable companies require workers to shred unwanted paperwork and properly dispose of potentially desirable media.)
- He/she "shoulder surfs" to access urgent data or uses the "game of reflection" to capture workers' passwords.
- Navigating IDS, IPS, Honeypots and Firewalls: Using different methodologies and systems sniffing, he/she tries to bypass encryption and remote division.
- Identity Theft: He/she manages issues around identity theft and tablet mismanagement.
Should You Become an Ethical Hacker?In the last few decades, there's been an increasing demand for Ethical Hackers to protect systems from dangerous intrusions. As with any calling, you'll need need energy and focus. These elements, coupled with effective learning management systems will empower you to make an entrance into the field of Ethical Hacking.
Basic Hacking Concepts You Should Know1:PenTestingPenTesting, like forensics, is as much an art as it is a science; you can only be taught so much. Technical techniques and tools are all very good, but you really need a mind that can think sideways and approach tasks from many angles.2: Footprinting
Footprinting includes tools and tricks to get information about a computer, IP and MAC addresses and related user and system information.3: ScanningBefore you begin PenTesting, you must have some information about a network and system. A PenTester will often scan an entire network with tools like nMap, zenmap, ping, hping, etc.4: EnumerationDuring the enumeration phase, you'll discover hosts/devices on a network. The information collected during this reconnaissance phase is then applied.5: System HackingSystem hacking begins with logging into a system without credentials. You'll not only bypass the credentials, but then you may navigate into a root user position through privileged escalation.6: TrojansTrojans are generally non-self-replicating types of malware programs containing malicious code. A Trojan often acts as a backdoor, communicating with a controller that has unauthorized access to an affected computer. While Trojans and backdoors are not easily detectable by themselves, computers may slow due to heavy processor loads or network usage.7: Viruses and WormsA computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections to spread. A worm is capable of replicating itself on a system. Rather than one computer sending out a single worm, it could send out hundreds or thousands of copies to yield a devastating effect.8: Sniffing TrafficSniffers are programs that monitor and analyze network traffic - detecting and finding problems. Various techniques and tools are used for sniffing, such as Kali Linux, MITM attack, tshark, urlsnarf, etc.9: Social EngineeringAn example of social engineering is when Ethical Hackers create phishing pages on websites to obtain credential of users. See information above for additional examples.10: Denial of ServiceA DoS attack generally consists of temporarily interrupting, suspending or downing a host connected to the Internet, usually through overwhelming amounts of traffic.11: Session HijackingSession Hijacking is used to gain unauthorized access to information or services in a computer system. Session hijacking is also known as "Man in the Middle Attack." This can be performed with the help of Kali Linux, which is based on Debian Linux.12: Hacking Web ServersWeb servers can be hacked in various ways, including Denial of Service Attacks, Domain Name System Hijacking, Phishing etc. A short list of hacking tools include Metasploit, Mpack, Zeus, etc.13: WebapplicationWebapplication is used to intercept the proxy as an intruder, as a repeater, etc. - after hacking a website. Webapplication is used to upload injections and scripts in websites, like the popular "c99 injection."14: SQL InjectionSQL injection is used to insert a query and confuse the database of system to gain unauthorized access. Hackers can use SQL injections to extract the data from a website without credentials.15: Wireless IntrusionEthical Hackers study various types of wireless interfaces and how to exploit them. Concurrently, they can also learn associated encryption formats like WEP, WPA, WPA2, etc.16: Mobile HackingEthical Hackers learn how to sniff a network for mobile apps, hack another user's Smartphone, extract the data from a Smartphone and how to root the Smartphone, etc.17: IDS, Firewalls and HoneypotsIDS stands for Intrusion Detection System. IDS is a device or software application that monitors network or system activities. Firewalls are used to set rules for inbound and outbound traffic. There are two types of firewalls: software and hardware. Software firewalls are less expensive then hardware firewalls.18: Buffer OverflowsA buffer overflow occurs when a program attempts to put more data in a buffer than it can hold. Normally, this can occur due to the vulnerabilities in system drivers. When drivers start performing improperly, the system can crash, causing the dreaded "blue screen."19: CryptographyCryptography is the study and application of techniques that conceal the real meaning of information by transforming it into non-human readable formats and vice-versa.
- The process of transforming information into non- human readable form is called encryption.
- The process of reversing encryption is called decryption.
- Decryption is done using a secret key, which is only known to the legitimate recipients of the information.