Jump to content

Venom Academy/Ethical Hacking/What are hackers?

From Wikibooks, open books for an open world

Explanation and Methodology

[edit | edit source]

Hackers are people who perform the act of hijacking a process thread or security system to gain control over something. For example in a nutshell a hacker could use his/her skills to hack a victims social media pages, thus far we can notice that the hacker has hijacked the credentials of the victim. Hackers can either be hacking in order to find a vulnerability and report the vulnerability or they could be hacking to gain total control over the system.

Types of hackers

[edit | edit source]

In Hacking it is believed that hackers can be divided into three types. Each hacker may have similar activities to perform, but what makes them differ is their motives and reasons to why they hack. The types of hackers are divided below

  • White Hat hackers - These are the types of hackers that perform hacking to find vulnerabilities, find criminals and all sorts of other positive motives. Examples may include penetration testers, digital forensics investigator and e.t.c
  • Black Hat Hackers - These are the types of hackers who perform hacking for their own malicious gain without the thought of other people in mind.
  • Grey Hat Hackers - These type of hackers are somehow in between the above two. They are usually referred as hackers that make their own decisions.

Commonly used words

[edit | edit source]

Below are some of the commonly used words

  • Hacking - The activity done in order to hijack something from a victim e.g Authentication
  • Authentication - This is the process whereby the information that was given is being validated, for example if a password is entered an authentication process will be done by the system to check if it's correct
  • Vulnerability - A point or section in a computing system that can be exploited
  • Privilege escalation - This is also known as cracking, this is the point whereby a hacker tries to gain elevated privilege of a certain system.
  • Information Gathering - This is an activity performed by a hacker to allow him/her to collect information on a certain system such as the name of the system, the ports that are open and e.t.c

Types of teaming in hacking

[edit | edit source]

Hacking has certain activities that are performed, it's either they are good or bad. In this way hacking has groups in which hackers motives are divided. These teamings have totally different motives from one another

  • The Red Team - These are known as the group that attacks the security systems and exploit vulnerabilities
  • The Blue Team - These are known as the group that defends the security systems. They may be the ones that patchup vulnerabilities in computer networks.

CIA triads

[edit | edit source]

The CIA triads describe the main things or targets that hackers need, these also include what hackers also use within the long run. The main CIA triads are:

  • Confidentiality - Objects that are accessed by limited people.
  • Integrity - Data that is valid and not been altered.
  • Availability - The information that is freely available when needed.

Laws in Ethical Hacking

[edit | edit source]

In ethical hacking there are laws that are put into place in order to protect both users and the hackers themselves. These laws are also put into place to prevent cyber terrorism. These main laws are:

  • HIPPA - The law that protects medial information
  • PCI-DSS - Process and storing card data, usually known to be great for securing industries
  • SOX - Law that protects investors
  • DMCA - Law that protects copyright acts
  • FISMA - Requires information security programs in the federal systems
  • IOC/IEC 27001:2013 - Protects data implementation and risk mitigation