How to be become an Ethical Hacker Hacking
Hacking is about identifying weaknesses and vulnerabilities of systems and gaining access to it.
A Hackers gets unauthorized access by targeting system while ethical hackers have an official permission in a lawful and legitimate manner to assess the security posture of a target system(s).
The goal of an ethical hacker is to reveal the system weaknesses and vulnerabilities for a company to document and fix them accordingly.
What Hacking is NOT?
There’s a few things we would like to clarify before you delve into becoming the next best hacker. This might burst your bubble especially if you are not fully motivated to pursue this career/hobby but, hacking is simply put, not something you can learn in a few days or even in a few months.
Yes, you will learn a lot in those days but to become a really good hacker or even one of the best, (and we’re not talking about showing a few awesome tricks to your friends for them to believe you are hacker) you will need to dedicate at least several years to be even worthy of being called a hacker.
Hacking is also not a “press one button” and somehow you got into a system or cracked a facebook account like in the movies. It takes weeks or even months to gather information about one company or target and exploit in the best possible way. Keep note that the more research you do, the more likely you will be able to pwn the target. (the same applies for learning for an exam. If you missed 2 chapters because you were lazy or didn’t double check that there’s additional information. That can cost you to fail, and in the hacking world that could mean you’re either busted or you didn’t present the correct information to your client).
Hacker Types
Just like there are good and bad guys in the real world with different shades of their personality, the types of hackers vary by their agenda, methodologies and skill practice.
White Hat Hacker
Meet the right guys on the dark web. White hat hackers, also known as ethical hackers are the cybersecurity experts who help the Govt and organizations by performing penetration testing and identifying loopholes in their cybersecurity. They even do other methodologies and ensure protection from black hat hackers and other malicious cyber crimes.
Simply stated, these are the right people who are on your side. They will hack into your system with the good intention of finding vulnerabilities and help you remove virus and malware from your system.
Black Hat Hacker
Taking credit for the negative persona around “hacking,” these guys are your culprits. A black hat hacker is the type of hacker you should be worried. Heard a news about a new cybercrime today? One of the black hat hackers may be behind it.
While their agenda may be monetary most of the time, it’s not always just that. These hackers look for vulnerabilities in individual PCs, organizations and bank systems. Using any loopholes they may find, they can hack into your network and get access to your personal, business and financial information.
Gray Hat Hacker
Gray hat hackers fall somewhere in between white hat and black hat hackers. While they may not use their skills for personal gain, they can, however, have both good and bad intentions. For instance, a hacker who hacks into an organization and finds some vulnerability may leak it over the Internet or inform the organization about it.
It all depends upon the hacker. Nevertheless, as soon as hackers use their hacking skills for personal gain they become black hat hackers. There is a fine line between these two. So, let me make it simple for you.
Because a gray hat hacker doesn’t use his skills for personal gain, he is not a black hat hacker. Also, because he is not legally authorized to hack the organization’s cybersecurity, he can’t be considered a white hat either.
Script Kiddies
A derogatory term often used by amateur hackers who don’t care much about the coding skills. These hackers usually download tools or use available hacking codes written by other developers and hackers. Their primary purpose is often to impress their friends or gain attention.
However, they don’t care about learning. By using off-the-shelf codes and tools, these hackers may launch some attacks without bothering for the quality of the attack. Most common cyber attacks by script kiddies might include DoS and DDoS attacks.
Green Hat Hacker
These hackers are the amateurs in the online world of hacking. Consider them script kiddies but with a difference. These newbies have a desire to become full-blown hackers and are very curious to learn. You may find them engrossed in the hacking communities bombarding their fellow hackers with questions.
You can identify them by their spark to grow and learn more about the hacking trade. Once you answer a single question, the hackers will listen with undivided attention and ask another question until you answer all their queries.
Blue Hat Hacker
These are another form of novice hackers much like script kiddies whose main agenda is to take revenge on anyone who makes them angry. They have no desire for learning and may use simple cyber attacks like flooding your IP with overloaded packets which will result in DoS attacks.
A script kiddie with a vengeful agenda can be considered a blue hat hacker.
Red Hat Hacker
Red Hat Hackers have an agenda similar to white hat hackers which in simple words is halting the acts of Blackhat hackers. However, there is a major difference in the way they operate. They are ruthless when it comes to dealing with black hat hackers.
Instead of reporting a malicious attack, they believe in taking down the black hat hacker completely. Red hat hacker will launch a series of aggressive cyber attacks and malware on the hacker that the hacker may as well have to replace the whole system.
State / Nation Sponsored Hacker
State or Nation sponsored hackers are those who have been employed by their state or nation’s government to snoop in and penetrate through full security to gain confidential information from other governments to stay at the top online.
They have an endless budget and extremely advanced tools at their disposal to target individuals, companies or rival nations.
Hacktivist
If you’ve ever come across social activists propagandizing a social, political or religious agenda, then you might as well meet hacktivist, the online version of an activist. Hacktivist is a hacker or a group of anonymous hackers who think they can bring about social changes and often hack government and organizations to gain attention or share their displeasure over opposing their line of thought.
Malicious Insider / Whistleblower
A malicious insider or a whistleblower may be an employee with a grudge or a strategic employee compromised or hired by rivals to garner trade secrets of their opponents to stay on top of their game.
These hackers may take privilege from their easy access to information and their role within the company to hack the system.
Getting your mindset right
Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.
Attackers follow a fixed methodology. To beat a hacker, you have to think like one, so it’s important to understand the methodology. The steps a hacker follows can be broadly divided into five phases, which include pre-attack and attack phases:
- Performing Reconnaissance
- Scanning and enumeration
- Gaining access
- Maintaining access
- Covering tracks and placing backdoors