Menu

TECH-AWARENESS # 8 – Understanding the Ethical Hacking

# Prelude

The online world is a dangerous neighborhood and « Worst » operates in SILENCE.

# Chapter 1 – The Essence of Cybersecurity

Digital age can sometimes be stressful. An aspect of relying on digital dependency can haunt you often. Nowadays, everything from paying bills and accessing your personal banking details is done through various devices and networks. Cybercrime and data breaches can make anyone nervous. Here comes “Cybersecurity professionals” into the picture. Such people are authorized to protect our network, systems and private information.
Cyber Security is all about protecting your devices and network from unauthorized access or modification. The Internet is not only the chief source of information, but it is also a medium through which people do business.
Cybersecurity operates in different areas :
-Network security including (Firewalls, IDS/IPS, Web layer security, bastion Hosts, Private & Public Subnets, External connectivity..)
-Data Security – an area that has to do with Encryption mechanisms, Data resiliency & replication, Data availability & Integrity
-User Access Mechanisms – API access, User access, Federated access, Authentification & authorization mechanisms (MFA)
-Governance & Compliance is more of Physical data location requirements – SLAs – Contractual responsibilities and Audit Assessments.
-Monitoring & Event Management include Security assessments, proactive threat monitoring, Logging & Analysis, Notifications, Traffic pattern analysis.
-Disaster Recovery & Business Continuity – an area for Replication mechanisms, Failover techniques, minimizing service interruptions.

# Chapter 2 – The dangerous liaisons of Hacking & Cybersecurity

CS involves “legal” hacking. « To catch a criminal, one has to think like a criminal. »

Hackers use tools to steal or destroy information whereas Ethical Hackers use same tools to safeguard systems from “hackers with malicious intent”. Ethical Hacking is legal and hacking is done with permission from the client.

#Chapter 3 – The Art of Being a Hacker

Hacking is how you do Science.

*The Recipe
Being a hacker or cultivating a hackers mindset is not just simple, but an effortless endeavour. All you have to do is be ready. You have to be ready to be wrong. You have to be ready to screw up. You have to be ready to give up all your ego, all your pride and prejudice. you have to be ready to get your hands dirty. You have to be ready to grind it out. Just learn how to fall, fall gracefully, and humbly get up again and get back to it.
A Hacker would not follow normal user rules. He has natural ability to misuse software. He thinks necessarily outside the box. He’s determined.
The second part of the ‘Recipe’ is the obsessive want to explore your craft and become the best “whatever” the field is. As long as you obsessively try to solve problems, and you are not afraid of failing and coming up with innovative solutions, you are a hacker.
*The Technical skills
The intangible skills lone can’t give you success in the field of information security, you need to have the in depth understanding of how technology is actually working; you need to understand the systems and processes, from electrical pulses to radio frequency, from bits to bytes and from Windows OS to Linux OS.
-Coding : understanding how to write code is the KEY, you should understand the tool you are using for your test. You should master the C/C++, Python, Ruby, Golang… Be fluent at Algorithms (Search,Sorting,Recursive..) and wing the Data Structures.
-Operating Systems : understand the concept, the flow and the architecture of an operating system. Do not limit yourself to any specific OS, but be familiar with Linux/Unix, Windows/MS Dos, MacOS Android, IOS, Windows Mobile.
-Network : you can’t be an expert on everything but at least know everything a little. Understand the OSI layer model and its protocols (HTTP, FTP, IP, TCP,BGP, NAT, DHCP etc). Learn the art of routing, how router and switches work, understand the wireless protocols for WiFI hacking. Set your intention to learn!
-Hardware : Raspberry pi, Arduino, Esp, Antenna and a double large turkey sandwich !

# Chapter 4 – Attack vectors

If you’ve ever studied famous battles in history, you’ll know that no two are exactly alike. There are similar strategies and tactics time-proven to be effective. Similarly, when a criminal is trying to hack an organization, they won’t re-invent the wheel unless they absolutely have to: They’ll draw upon common types of hacking techniques that are known to be highly effective, such as:
-Remote attacks (DoS, DNS Poisoning…)
-Social Engineering
-Access Control attacks
-Insider Attacks (Advanced Persistent Threats
-Injection attacks (XSS, SQL injection,…)
-Eavesdropping attacks also known as Sniffing or snopping

Conceptually, cybersecurity risks can be divided into two main categories: passive and active attacks. In active attacks the attacker intercepts the connection and modifies the information. Whereas, in a passive attack, the attacker intercepts the transit information with the intention of reading and analyzing the information not for altering it.

# Chapter 5 – Ethical Hacking Careers

This has been a lucrative career option for many, and not without good reason! It’s a challenging job that never gets boring, pays well and also brings a greater sense of achievement. Nonetheless, the thin red line between legal and illegal is permission.
Computer experts are often hired by companies to hack into their system to find vulnerabilities and weak endpoints so that they can be fixed. This is done as a precautionary measure against legitimate hackers who have malicious intent. Those people are to be defined as ethical hackers. In this case we could talk about a Career !
There are various specialities in this domain once you wear the white hat. Let’s pencil it down :
-Analyst
-Information Security Officer CISO or ISO
-Security Architect
-Cryptographer vs Cryptanalyst
-Network / Systems / UNIX / DevOps Engineer
-Programmer
-Pentester (Penetration Tester)
-Software Assurance Tester/Engineer
-Security Engineer
-Auditor

# Chapter 6 – Conclusion

Crimes done behind the computer are the 21st century’s problem. With the technology increasing, criminals don’t have to rob banks, nor do they have to be outside in order to commit any crime. Their weapons aren’t guns anymore; they attack with mouse cursors, passwords and a large double Turkey sandwich. Now Hacking is meaningless word in view of the endless definitions that could take. Setting the right intentions and determining factors are the ultimate guideline to either a brilliant career achievements or a meaningless walk through death penalties. Cyber security is about much more than hacking. Mitigation and prevention are all about defense: building systems that make it difficult for hackers to do things they should not be able to do. Learning how to attack a system helps you better defend against attacks—and vice versa.

Special thanks to Hamza Makraz for this great and enlightening « leak of information » Your instructions will be carefully followed. Let’s hack now !