AC U2O2 KK11
The role of ethical hacking
Ethical hacking is also known as "white hat hacking" or "penetration testing".
It involves an authorised attempt to break into a system and report its security holes to the system's owner so the problems can be fixed.
- The term 'White Hat' comes from old cowboy movies where the Good Guy always wore a white hat.
- The Bad Guy always wore a black hat - hence "Black Hat Hacking". AKA Cracking.
- Grey/Gray Hat Hacking comes between - it's generally harmless and well-intentioned. Grey hats don't steal data or cause damage, and they tell the system's owner how they broke in, but they were naughty because
- they weren't invited to try to break into the system, and/or
- they demand payment to reveal their findings or fix the faults in the system.
The purpose of ethical hacking is to discover security weaknesses in a system for the benefit of the system's owner. It's like showing your mum how easy it is for someone to get into her bank account by showing her exactly how a bad person would go about doing it by guessing her password "123456".
It's Hacking with Good Intentions ™.
Ethical Hacking (EH) or White Hat Hacking
- EH is done with the knowledge and consent of the owner of the system. Otherwise it's about as legal as breaking into your neighbour's house and then showing them how you did it.
- Black-Box hacking means the hacker is not given any privileged knowledge of the system, e.g. passwords, site maps, staff rosters, networking technology details etc that would not available to the average citizen. White-Box hacking allows the hacker some secret inside information.
- You should not cause damage to the system or its data, or interfere with the normal operation of the owner's organisation.
- Your explanation of how you penetrated the system should be complete, and only be shared with the system's owner, and not be used for any other purpose.
- Obviously, you will not introduce new threats or weaknesses into the system (e.g. planting backdoors or malware, removing or changing passwords etc)
- EH can employ any non-destructive means of penetration that a Black Hat would use, including technological and social engineering.
- Specific times should be allocated for the penetration attempts. This avoids problems where the "victim" mistakenly believes a break-in attempt is harmless and does not immediately take drastic countermeasures.
- For some people, EH is a career.
EH techniques include:
- port scanning (e.g. using nmap)
- cracking wi-fi encryption keys (e.g. with John The Ripper or Hashcat)
- gaining remote access to servers and workstations
- planting remote control software
- social engineering
- spearphishing (phishing aimed at a specific person)
- legitimate information-finding software: wi-fi scanners, ping, DNS lookup, Telnet etc
- specialist malicious software: keyloggers, password crackers, credential stuffers. Burp Suite is a professional web vulnerability scanner
- creating malicious websites
- techniques, such as: man-in-the-middle attacks, DNS spoofing, scripting, SQL injection (e.g. with sqlmap)
- knowlege of popular systems such as Linux, Apache, Microsoft Server.
Fun note: There are TAFE courses in EH and official Certified Ethical Hacker certification.
The NSW TAFE's Penetration Testing and Ethical Hacking course over 8-10 hours for $250 covers:
- Common threats & Mitigation Strategies
- Discover vulnerable applications
- Penetration testing of operating system
- Vulnerability scanning, Exploit, Post Exploit, Payload
- Ethical hacking processes and procedures
- Port scanning tools and enumeration methods
- System hacking methodologies
- Common sniffing tools.
They also have a code of ethics for ethical hacking |
