Hello, world! Great to be back and writing. I've been on a mission lately exploring the operating systems of the Linux world from mainstream to underground distros.
I've found a lot of great tools, and new ways of exploring how I go about testing products and services. Today I wanted to start the journey with Ethical Hacking.
What is an Ethical Hacker?
An ethical hacker (also known as a white hat) is somebody who understands the nature of exploiting vulnerable systems and has the ability to cause all hell and wreak havoc on systems connected to the internet. Especially with the Internet of Things, EVERYTHING is hackable!
But, instead of the normal "Bring down your website and business!" type of hackers. These hackers are testing for vulnerabilities in their own systems, whether for work or personal projects, or just for fun.
Ethical Hackers break the system and apply or tell you how to apply fixes. Better the good guys than the bad guys taking over your system, right?
Right!
Tools and Skills an Ethical Hacker should utilize
- Kali OS (Custom Linux build with all the tools pre-loaded)
- Upload Kali OS on Shells.com for a high bandwidth virtual machine
- A VPN to help hide identity. Whether legitimate or not, 'hacking' can be seen as a cybercrime by many governments. Don't let that be you.
- Keeping the proper intentions and morals.
Yeah, you can rage hell on systems, or you can have the owners of those systems pay you to keep it secure. It's a certain type of gratification when you check your system logs and see all the failed attempts and even blocked IP addresses because you found your system's weakness before they did.
Nice and sleek. Kali Linux
What skills and certifications should an ethical hacker obtain?
An ethical hacker should have a wide range of computer skills. They often specialize, becoming subject matter experts (SME) on a particular area within the ethical hacking domain.
All ethical hackers should have:
- Expertise in scripting languages
- Proficiency in operating systems
- Thorough knowledge of networking
- A great understanding of information security
Some of the most common vulnerabilities discovered by ethical hackers include:
Injection attacks and ethical hackers
An injection attack is a sophisticated tactic where a protagonist can inject their own programming on a target to gain access.
Broken authentication and ethical hackers
Used to be and still remains a significant problem with Wifi. Strong encryption and passwords are a MUST. Most wifi passwords are easily bruteforce'd, decrypted, or your password is sniffed out of the air by a program called AirCrack-Ng.
Security misconfiguration and ethical hackers
You know what they say... RTFM! Misconfigured software is a common one easily solved with "Best configuration for X" on a search engine.
Use of components with known vulnerabilities. Things such as old PHP libraries for a website, or old software not being updated. It only takes one vulnerability for an intruder to gain access to everything.
Sensitive data exposure and ethical hackers
Keep your user's data encrypted and away from the public eye. Hackers today will scrape the entire website to get all user data it can see. They will then manipulate the users and often sell their information.
Until the next edition, be safe...!
By Shane Britt, Shells.com