Ethical Hacking and Penetration Testing Guide by
RAFAY BALOCH
Chapter 1
Introduction to Hacking
There are many definitions for “hacker.” Ask this question from
a phalanx and you’ll get a new answer every time because
“more mouths will have more talks” and this is the reason
behind the different definitions of hackers which in my opinion
is quite justified for everyone has a right to think differently.
In the early 1990s, the word “hacker” was used to describe a
great programmer, someone who was able to build complex
logics. Unfortunately, over time the word gained negative hype,
and the media started referring to a hacker as someone who
discovers new ways of hacking into a system, be it a computer
system or a programmable logic controller, someone who is
capable of hacking into banks, stealing credit card information,
etc. This is the picture that is created by the media and this is
untrue because everything has a positive and a negative aspect
to it. What the media has been highlighting is only the negative
aspect; the people that have been protecting organizations by
responsibly disclosing vulnerabilities are not highlighted.
However, if you look at the media’s definition of a hacker in
the 1990s, you would find a few common characteristics, such
as creativity, the ability to solve complex problems, and new
ways of compromising targets. Therefore, the term has been
broken down into three types:
1. White hat hacker—This kind of hacker is often referred
to as a security professional or security researcher. Such
hackers are employed by an organization and are
permitted to attack an organization to find
vulnerabilities that an attacker might be able to exploit.
2. Black hat hacker—Also known as a cracker, this kind of
hacker is referred to as a bad guy, who uses his or her
knowledge for negative purposes. They are often referred
to by the media as hackers.
3. Gray hat hacker—This kind of hacker is an intermediate
between a white hat and a black hat hacker. For instance,
a gray hat hacker would work as a security professional
for an organization and responsibly disclose everything
to them; however, he or she might leave a backdoor to
access it later and might also sell the confidential
information, obtained after the compromise of a
company’s target server, to competitors.
Similarly, we have categories of hackers about whom you might
hear oftentimes. Some of them are as follows:
Script kiddie—Also known as skid, this kind of hacker is
someone who lacks knowledge on how an exploit works
and relies upon using exploits that someone else created.
A script kiddie may be able to compromise a target but
certainly cannot debug or modify an exploit in case it does
not work.
Elite hacker—An elite hacker, also referred to as l33t or
1337, is someone who has deep knowledge on how an
exploit works; he or she is able to create exploits, but also
modify codes that someone else wrote. He or she is
someone with elite skills of hacking.
Hacktivist—Hacktivists are defined as group of hackers
that hack into computer systems for a cause or purpose.
The purpose may be political gain, freedom of speech,
human rights, and so on.
Ethical hacker—An ethical hacker is as a person who is
hired and permitted by an organization to attack its
systems for the purpose of identifying vulnerabilities,
which an attacker might take advantage of. The sole
difference between the terms “hacking” and “ethical
hacking” is the permission.
Important Terminologies
Let’s now briefly discuss some of the important terminologies that I
will be using throughout this book.
ASSET
An asset is any data, device, or other component of the environment
that supports information-related activities that should be protected
from anyone besides the people that are allowed to view or
manipulate the data/information.
VULNERABILITY
Vulnerability is defined as a flaw or a weakness inside the asset that
could be used to gain unauthorized access to it. The successful
compromise of a vulnerability may result in data manipulation,
privilege elevation, etc.
To be continue
0 Comments