ETHICAL HACKING

What is Ethical Hacking? :

Ethical Hacking is an authorized practice of bypassing system
security to identify potential data breaches and threats in a network. The
company that owns the system or network allows Cyber Security engineers to
perform such activities in order to test the system’s defences .Thus, unlike
malicious hacking, this process is planned, approved, and more importantly,
legal.

Who is Hacker? :
A hacker is a person who breaks into a computer system or other
Electronic devices legally or illegally. The reasons for hacking can be many:
installing malware, stealing or destroying data, disrupting service, and more.
Hacking can also be done for ethical reasons, such as trying to find software
vulnerabilities so they can be fixed.

Ethical hackers are legally permitted to break into certain

computer systems to find flaws. Businesses and government organizations often
hire ethical hackers to uncover software vulnerabilities or other security
weaknesses so they can be fixed before they are exploited by malicious hackers.

Hacking experts follow four key protocol concepts:

 Stay legal: Obtain proper approval before accessing and performing a

security assessment.
 Define the scope: Determine the scope of the assessment so that the
ethical hacker’s work remains legal and within the organization’s
approved boundaries.
 Report Vulnerabilities: Notify the organization of all vulnerabilities
discovered during the assessment. Provide remediation advice for
resolving these vulnerabilities.
 Respect Data Sensitivity: Depending on the data sensitivity, ethical
hackers may have to agree to a non-disclosure agreement, in addition
to other terms and conditions required by the assessed organization.

1
Types of Hackers:

 White hat hackers

 Black hat hackers
 Grey hat hackers
 Script kiddies
 Green hat hackers
 Blue hat hackers
 Red hat hackers
 State/Nation sponsored hackers
 Malicious insider
 Elite hackers
 Gaming hackers
 Botnets

1. White hat hackers: Authorized hackers

Typically hired by governments or large businesses, white hat

hackers identify and fix loopholes or weaknesses found in organizational
security systems to help prevent an external attack or data breach.

Motives: Help businesses, prevent cyber security attacks.

2. Black hat hackers: Criminal hackers

A black hat hacker is a cybercriminal who breaks into computer

systems with malicious or criminal intent. They go out of their way to find
vulnerabilities in computer systems and software, which they exploit for
financial gain or other malicious purposes.

These individuals can do serious harm to individuals and

organizations alike by stealing sensitive or personal data, compromising entire
computer systems, or altering critical networks.

Motives: To profit from data breaches.

3. Grey hat hackers: “just for fun” hackers

2
 A grey hat hacker is a Cyber-Security expert who finds ways to
hack into computer networks and systems, but without the malicious intent of a
black hat hacker.

Typically, they engage in hacking activities for the pure

enjoyment of finding gaps in computer systems, and they might even let the
owner know if any weak points are found. However, they don’t always take the
most ethical route when employing their hacking activities they may penetrate
systems or networks without the owner’s permission (even though they aren’t
trying to cause any harm).

Motives: Personal enjoyment.

4. Script kiddies: Amateur hackers

Script kiddies are amateur hackers that don’t possess the same
level of skill or expertise as more advanced hackers in the field. To make up for
this, they turn to existing malware created by other hackers to carry out their
attacks.

Motives: To cause disruption.

5. Green hat hackers: Hackers-in-Training

A green hat hacker is someone who is new to the hacking world
but is intently focused on increasing their cyber-attack skills. They primarily
focus on gaining knowledge on how to perform cyber-attacks on the same level
as their black hat counterparts. Their main intent is to eventually evolve into a
full-fledged hacker, so they spend their time looking for learning opportunities
from more experienced hackers.

Motives: To learn how to become an experienced hacker

6. Blue hat hackers: Authorized Software hackers

Blue hat hackers are hired by organizations to bug-test new
software or system network before it’s released. Their role is to find loopholes
or security vulnerabilities in the new software and remedy them before it
launches.

Motives: To identify vulnerabilities in new organizational software before it’s

released.

7. Red hat hackers: Government hired hackers

3
 Red hat hackers are hired by government agencies to spot
vulnerabilities in security systems, with a specific focus on finding and
disarming black hat hackers. They’re known to be particularly ruthless in their
hunt for black hat criminals, and typically use any means possible to take them
down. This often looks like using the same tactics as black hat hackers and
using them against them using the same malware, viruses and other strategies to
compromise their machines from the inside out.

Motives: To find and destroy black hat hackers.

8. State/Nation Sponsored hackers: International thread

prevent
State/nation sponsored hackers are appointed by a country’s
government to gain access to another nation’s computer systems. Their cyber-
security skills are used to retrieve confidential information from other countries
in preparation for a potential upcoming threat or attack, as well as to keep a
pulse on sensitive situations that could pose a threat in the future. These types of
hackers are hired solely by government agencies.

Motives: To monitor and prevent international threats.

9. Malicious Insider: Whistle-Bowler hackers

Malicious insider hackers are individuals who employ a cyber-
attack from within the organization they work for. Also known as whistle-
blowers, their motivation for attack can vary from acting on a personal grudge
they have against someone they work for to finding and exposing illegal activity
within the organization.

Motives: To expose or exploit an organization’s confidential information.

10. Elite Hackers: The Most Advanced Hackers

Elite hackers are the cream of the crop in the world of
cybercriminals, and are considered to be the highest skilled hackers in their
field. They’re often the first ones to discover cutting-edge attack methods, and
are known to be the experts and innovators in the hacking world.

Motives: To perform advanced cyber-attacks on organizations and individuals.

11. Gaming Hackers:

4
 A gaming hacker is someone who focuses their hacking efforts
on competitors in the gaming world. With the gaming industry booming, it’s no
surprise that its own specialized category of gaming hackers have emerged as a
result. Professional gamers might spend thousands of dollars on high-
performance hardware and gaming credits, and hackers typically carry out their
attacks in an attempt to steal competitor’s credit caches or cause distributed
denial-of-service attacks to take them out of the game.

Motives: To compromise gaming competitors.

12. Botnets: A large-scale hackers

Botnet hackers are malware coders who create bots to perform
high-volume attacks across as many devices as possible, typically targeting
routers, cameras and other Internet of Things devices. The bots operate by
looking for unsecured devices (or devices who still have their default login
credentials intact) to plant themselves in. Botnets can be used directly by the
hacker who created them, but they’re also frequently available for purchase on
the dark web for other hackers to take advantage of.

Motives: To compromise a high volume of network systems

Phases of Ethical Hacking:

 Reconnaissance
 Scanning
 Gaining Access
 Maintaining Access
 Clearing Track

1. Reconnaissance:

Reconnaissance, also known as the preparatory phase, is where

the hacker gathers information about a target before launching an attack and is
completed in phases prior to exploiting system vulnerabilities. One of the first
phases of Reconnaissance is dumpster. It is during this phase that the hacker
finds valuable information such as old passwords, names of important
employees (such as the head of the network department), and performs an active
reconnaissance to know how the organization functions. As a next step, the
hacker completes a process called foot-printing to collect data on the security
posture, reduces the focus area such as finding out specific IP addresses,
identifies vulnerabilities within the target system, and finally draws a network
map to know exactly how the network infrastructure works to break into it

5
easily. Foot-printing provides important information such as the domain name,
TCP and UDP services, system names, and passwords. There are also other
ways to do foot-printing, including impersonating a website by mirroring it,
using search engines to find information about the organization, and even using
the information of current employees for impersonation.

2. Scanning:
In this phase, the hacker identifies a quick way to gain access to a
network and look for information. There are three methods of scanning: pre-
attack, port scanning/sniffing, and information extraction. Each of these phases
demonstrates a specific set of vulnerabilities that the hacker can utilize to
exploit the system's weaknesses. The pre-attack phase is where the hacker scans
the network for specific information based on the information gathered during
reconnaissance. The port scanner or sniffing phase is where scanning includes
the use of dial, port scanners, vulnerability scanners, and other data-gathering
equipment. The information extraction phase is where the attackers collect
information about ports, live machines and OS details to launch an attack.

3. Gaining access:
The hacker gains access to the system, applications, and network,
and escalates their user privileges to control the systems connected to it.

4. Maintaining Access:
Here, the hacker secures access to the organization’s Rootkits and
Trojans and uses it to launch additional attacks on the network.

5. Clearing tracks:
Once the hacker gains access, they cover their tracks to escape the
security personnel. They do this by clearing the cache and cookies, tampering
the log files, and closing all the open ports. This step is important because it
clears the system information making hacking a great deal harder to track.

How to hack some electronic devices? :

Some forms of hacking are not illegal, like ethical hacking, many
people want to hack for illegal reasons, like black hat hackers. Because ethical
hacking and illegal hacking involve mainly the same coding, cracking, and
networking expertise, Computer Hope cannot help you with learning how to
hack.

6
 Hacking a computer to view or steal protected information does
not resolve anything and only causes further issues, such as being fined or sent
to prison. Instead of doing anything illegal, learn an alternative operating
system (e.g., Linux), set up computer networks, read security news, and learn a
programming language.

If you've done this and still want to hack, try hacking your home
network. That way, you don't have to worry about getting in trouble. Hacking
your network helps you learn how to hack and teaches you how to defend
yourself from hackers, which is a valuable skill needed by businesses. Also, we
recommend taking a training course on ethical hacking to assist you in getting a
computer security-related job.

Importance of Ethical Hacking:

Information is the most valuable asset in today’s business
environment. From government agencies to private companies, all kinds and
sizes of organizations deal with massive amounts of sensitive and valuable data
on a daily basis. As a result, they are often targeted by terrorist groups, hacker
teams, Cyber-criminals and such.

In order to be safe and protected, organisations of all sizes take

numerous security measures but simply locking your doors and shutting your
windows can’t ensure your safety. In today’s world, organizations need to take
proactive measures and update their security on a regular basis. Every day,
hackers find new methods to penetrate through the barriers of firewalls,
antivirus software and such, so your organization needs to keep up.

Ethical hackers, or white hat hackers, offer a new approach to

safety. In order to test your security measures, they perform ‘pen tests’ on your
organisation. In other words, they ‘hack’ your systems for you and provide you
with insight and valuable information regarding your organization’s security
posture. As a result, you catch the opportunity to see your organization from the
perspective of a hacker without facing actual threats like sensitive data theft.

When you know how hackers see and approach your

organization, you can update your security measures accordingly. Thus, you can
make sure that the walls around your organization are thick and protective
enough.

Types of ethical hacking:

7
 There are different kinds of ethical hacking practices since
almost every component of a system can be hacked and these ‘hacking’
performances require deep knowledge regarding that component. Below you
can find a list of different ethical hacking practices:

 Web application hacking

 System hacking
 Hacking wireless networks
 Web server hacking
 Social engineering

1. Web application hacking:

Web hacking refers to exploitation of applications via HTTP

which can be done by manipulating the application via its graphical web
interface, tampering the Uniform Resource Identifier (URI) or tampering HTTP
elements not contained in the URI. Methods that can be used to hack web
applications are SQL Injection attacks, Cross Site Scripting (XSS), Cross Site
Request Forgeries (CSRF), Insecure Communications, etc.

2. System hacking:
System hacking is defined as the compromise between
computer systems and software to access the target computer and steal or
misuse their sensitive information. The malware and the attacker identify and
exploit the vulnerability of the computer system to gain unauthorized access.
For example,

Hackers use varied techniques to hack into Linux systems:

 Hacking Linux using the SHADOW file.

 Another technique used is bypassing the user password
option in Linux.
 Other technique includes detecting the bug on Linux
distribution and taking advantage of the same.

3. Wireless network hacking:

Wireless network technology is becoming increasingly popular
but at the same time, it has many security issues. A wireless local area network
(WLAN) allows workers to access digital resources without being tethered to
their desks. However, the convenience of WLANs also introduces security
concerns that do not exist in a wired world. Connecting to a network no longer

8
requires an Ethernet cable. Instead, data packets are airborne and available to
anyone with the ability to intercept and decode them. Several reports have
explained weaknesses in the Wired Equivalent Privacy (WEP) algorithm by
802.11x standard to encrypt wireless data.

4. Web server hacking:

Today, most online services are implemented as web applications.
Online banking, web search engines, email applications, and social networks
are just a few examples of such web services. Web content is generated in real
time by a software application running at server-side. So, hackers attack on the
web server to steal credential information, passwords, and business
information by using DOS attacks, SYN flood, ping flood, port scan, sniffing
attacks, and social engineering attacks. In the area of web security, despite
strong encryption on the browser-server channel, web users still have no
assurance about what happens at the other end.

5. Social engineering:

In ethical hacking, social engineering has become a popular (and very

effective) strategy of testing how really vulnerable an organization’s staff.

When used in an ethical way, social engineering allows you to detect

weaknesses to better address your staff-related security issues. An additional
objective of a social engineering mandate is to establish solutions to increase the
global level of the confidentiality, integrity and availability of your corporate
data.

Benefits:
 The primary benefit of Ethical Hacking is to prevent data from
being stolen and malicious attackers.
 Discovering vulnerabilities from an attacker’s POV so that weak
points can be fixed.
 Implementing secure network that prevent security breaches.
 Defending national security by protecting data from terrorists.
 Protect networks with real world assessments.

Skills required for becoming an Ethical Hacker:

9
 An ethical hacker should have in-depth knowledge about all the systems,
networks, program codes, security measures, etc. to perform hacking efficiently.
Some of these skills include:

 Knowledge of programming - It is required for security professionals

working in the field of application security and Software Development
Life Cycle (SDLC).
 Scripting knowledge - This is required for professionals dealing with
network-based attacks and host-based attacks.
 Networking skills - This skill is important because threats mostly
originate from networks. You should know about all of the devices
present in the network, how they are connected, and how to identify if
they are compromised.
 Understand the Database - Attacks are mostly targeted at databases.
Knowledge of database management systems such as SQL will help
you to effectively inspect operations carried out in databases.
 Knowledge of multiple platforms like Windows, Linux, Unix etc.
 The ability to work with different hacking tools available in the market.
 Knowledge of search engines and servers.

Protect yourself while online:

 Continually check the accuracy of personal accounts and deal with any
discrepancies right away.
 Use extreme caution when entering chat rooms or posting personal Web
pages.
 Limit the personal information you post on a personal Web pages.
 Carefully monitor requests by online “friends” or acquaintances for
predatory behaviour.
 Keep personal and financial information out of online conversations.
 Use extreme caution when agreeing to meet an online “friend” or
acquaintance in person.

Security Tips to Prevent Hacking:

 Use a 2-way firewall.

 Update your operating system regularly.
 Increase your browser security settings.
 Avoid questionable Web sites.
 Only download software from sites you trust. Carefully evaluate free
software and file-sharing applications before downloading them.

10
Practice safe email and virus/malware protocols:

 Don't open messages from unknown senders.

 Immediately delete messages you suspect to be spam.
 Make sure that you have the best security software products installed on
your PC.
 Use antivirus protection.
 Get antispyware software protection.

Conclusion:
Ethical Hacking is a challenging area of study as it requires mastery of
everything that makes up a system or network. In today’s world, cyber-security
has become a trending topic of increasing interest among many businesses.
With malicious hackers finding newer ways to breach the defences of networks
almost every day, the role of ethical hackers has become increasingly important
across all sectors.

11