0P3N Blog Blog Post
Ready to Start Your Career?
Create Free Account
By: HakTuts
June 15, 2015

The Comprehensive Guide to Ethical Hacking

By: HakTuts
June 15, 2015
By: HakTuts
June 15, 2015
The Comprehensive Guide to Ethical Hacking - CybraryIntroduction to Ethical HackingWhen security experts offer "safety talks" to business groups, they share definitions for VPN's, encryption, laptop security, network security, online piracy and so on. Then, they explore instances when establishing security are ineffective: vulnerabilities are found and harmful components creep in. At this point, the security expert introduces the idea of "Ethical Hackers," whose primary occupation is to eliminate vulnerabilities before "genuine" Hackers do. 
What are Ethical Hackers?Ethical Hackers could be called "infiltration analyzers," but their roles include wider efforts. According to TechTarget, an Ethical Hacker is "a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit." 
What do Ethical Hackers Do?In addition to the customary obligations of PenTesters, Ethical Hackers perform supplementary and various tasks. Fundamentally, they duplicate "genuine hacks" at work. Rather than abusing vulnerabilities to cause harm, they seek countermeasures to protect and seal systems using these and other techniques:
  • Port Filtering: Tools like Nmap and Nessus help uncover open ports. Vulnerabilities can be seen; remedial measures can be implemented.
  • Social Engineering:
    • He/she will scrounge through trash cans for passwords, graphics and sticky notes with the fundamental data, which can be used to create assaults. (To thwart such attacks, reliable companies require workers to shred unwanted paperwork and properly dispose of potentially desirable media.)
    • He/she "shoulder surfs" to access urgent data or uses the "game of reflection" to capture workers' passwords.
  • Navigating IDS, IPS, Honeypots and Firewalls: Using different methodologies and systems sniffing, he/she tries to bypass encryption and remote division.
  • Identity Theft: He/she manages issues around identity theft and tablet mismanagement.
 
Should You Become an Ethical Hacker?In the last few decades, there's been an increasing demand for Ethical Hackers to protect systems from dangerous intrusions. As with any calling, you'll need need energy and focus. These elements, coupled with effective learning management systems will empower you to make an entrance into the field of Ethical Hacking.
Basic Hacking Concepts You Should Know1:PenTestingPenTesting, like forensics, is as much an art as it is a science; you can only be taught so much. Technical techniques and tools are all very good, but you really need a mind that can think sideways and approach tasks from many angles.2: Footprinting 

Footprinting includes tools and tricks to get information about a computer, IP and MAC addresses and related user and system information.

3: ScanningBefore you begin PenTesting, you must have some information about a network and system. A PenTester will often scan an entire network with tools like nMap, zenmap, ping, hping, etc.4: EnumerationDuring the enumeration phase, you'll discover hosts/devices on a network. The information collected during this reconnaissance phase is then applied.5: System HackingSystem hacking begins with logging into a system without credentials. You'll not only bypass the credentials, but then you may navigate into a root user position through privileged escalation.6: TrojansTrojans are generally non-self-replicating types of malware programs containing malicious code. A Trojan often acts as a backdoor, communicating with a controller that has unauthorized access to an affected computer. While Trojans and backdoors are not easily detectable by themselves, computers may slow due to heavy processor loads or network usage.7: Viruses and WormsA computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections to spread. A worm is capable of replicating itself on a system. Rather than one computer sending out a single worm, it could send out hundreds or thousands of copies to yield a devastating effect.8: Sniffing TrafficSniffers are programs that monitor and analyze network traffic - detecting and finding problems. Various techniques and tools are used for sniffing, such as Kali Linux, MITM attack, tshark, urlsnarf, etc.9: Social EngineeringAn example of social engineering is when Ethical Hackers create phishing pages on websites to obtain credential of users. See information above for additional examples.10: Denial of ServiceA DoS attack generally consists of temporarily interrupting, suspending or downing a host connected to the Internet, usually through overwhelming amounts of traffic.11: Session HijackingSession Hijacking is used to gain unauthorized access to information or services in a computer system. Session hijacking is also known as "Man in the Middle Attack." This can be performed with the help of Kali Linux, which is based on Debian Linux.12: Hacking Web ServersWeb servers can be hacked in various ways, including Denial of Service Attacks, Domain Name System Hijacking, Phishing etc. A short list of hacking tools include Metasploit, Mpack, Zeus, etc.13: WebapplicationWebapplication is used to intercept the proxy as an intruder, as a repeater, etc. - after hacking a website. Webapplication is used to upload injections and scripts in websites, like the popular "c99 injection."14: SQL InjectionSQL injection is used to insert a query and confuse the database of system to gain unauthorized access. Hackers can use SQL injections to extract the data from a website without credentials.15: Wireless IntrusionEthical Hackers study various types of wireless interfaces and how to exploit them. Concurrently, they can also learn associated encryption formats like WEP, WPA, WPA2, etc.16: Mobile HackingEthical Hackers learn how to sniff a network for mobile apps, hack another user's Smartphone, extract the data from a Smartphone and how to root the Smartphone, etc.17: IDS, Firewalls and HoneypotsIDS stands for Intrusion Detection System. IDS is a device or software application that monitors network or system activities. Firewalls are used to set rules for inbound and outbound traffic. There are two types of firewalls: software and hardware. Software firewalls are less expensive then hardware firewalls.18: Buffer OverflowsA buffer overflow occurs when a program attempts to put more data in a buffer than it can hold. Normally, this can occur due to the vulnerabilities in system drivers. When drivers start performing improperly, the system can crash, causing the dreaded "blue screen."19: CryptographyCryptography is the study and application of techniques that conceal the real meaning of information by transforming it into non-human readable formats and vice-versa.
  • The process of transforming information into non- human readable form is called encryption.
  • The process of reversing encryption is called decryption.
  • Decryption is done using a secret key, which is only known to the legitimate recipients of the information.
ConclusionEveryone should be concerned about falling prey to hack attempts. From my perspective, the thrill of being a Ethical Hacker, and helping people stay safe, is truly unmatched. 

You might also like...

7 Types of Hackers You Should Know

Hacking Competitions That Will Get You Noticed

Join over 2 million IT and cyber professionals advancing their careers

OR REGISTER WITH

Google

Already have an account? Sign In »

Ready to Share Your Original Content?

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry