SlideShare a Scribd company logo

Black Hat "Ethical

Download as DOCX, PDF
A.T Multitech Corporation Ltd
A.T Multitech Corporation Ltd

What is Black Hat Ethical Hacking, if you want to know, feel free to read this article explaining what goes beyond the terminology we know about hackers.

Technology
1 of 4
Black Hat “Ethical”Hacking – What doesthat mean?BlackHat / Ethical? To understandthat,youneedtoknowwhat all the Hats mean,Black,White,Grey,Red, Blue sothat you will be able to understandwhatBlackHat “Ethical”Hacking isabout. WikipediaClassifies“BlackHat”: Black-hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black-hat hackers break into secure networks to destroy, modify, or steal data or to make the network unusable for those who are authorized to use the network Now,that alsocomes witha price,itsskill,because talent,youcanhave insomething,butskill,cannotbe measuredinwords,butwork,and results,notevenapapercan prove the true skill because itlimitssomeone to say “You have a CEH” itmeansyou are very skillful inthe securityindustry. Its notlike thatthough,manypeople trainandstudyand gainskill onhow to install,configureandmaintain networks,butitisnot necessarilytheirskillto“Test”themthe way a real “Hacker” would,because itslike Martial Arts,theyteach youthe skill andart of defendingyourself.If youmisuse it,theyare notresponsible,yetyouearn the skill of defensefromanoffensive perspective. There are people whoare skillful inthe offensiveside,whatwe are sayingis,true securityiscombiningthe work of defensiveside,incollaborationwithanoffensiveside,toworktogether,topreventfromareal offensiveside. It takesone to knowone. That requiresaNEW Positiontobe createdthat will handle thisspecifictask. “You take the good,you take the bad, youtake themboth,andthere youhave the factsof life” Its like 2strong opposite sidespushingonthe oppositedirections,one gainsskillonmaintainingthe right directionandthe otherhas skill tomaintainthe leftdirection. Ethical,comesinbetween,andsays,Whatif youmanagedto grow inyour company,both.Sotheycan testreal life scenarioseachone withtheirexpertise andofferastrongerdefensive systemforyourcompany.Todo that, youneedto allowthe positiontodevelop,anduntil then,askfromthe “BlackHat” Techniques,tobe tested. Black Hats are skillful theyare notone,theyare many,theyare a community,itsnotsomethingyoulearn,it’sa wayyou live,the onlyissue isthe ethical partbehindit,the fact that itcan take secondsto identify fromaquick
scan of an IPAddress,the vulnerabilities,thenitall goesdowntohow much skillful youare toexploitthat,how fasthow confidentyouare,togeta session,andhowyouknow that“Shell”isjustthe beginning. The Factthat youcan use social engineeringandmanipulatethe humanelementbehindthe hardware,use physical access, techniquesthatdevelopsfromexperience inusingsuchtoolstotestyourinternal,externalnetwork,andthe abilitytotestitfrom a real worldscenario. Whenyoustudyhow to protectsomething,theyare alreadytesting howto breakit, itspassion.Some don’tdoitfor unethical reasons,some doitforthe passion,andofferitas a service,helpingyouandyourIT people,see itfromthisperspective,anditsupto youhow much investmentyou wantto put to fix those,oraccept themas “Known”Businessrisks. Q: Hey,you have port22 open,andithas no protectionfrombrute force,soour scannerthat ran a simple dictionary test,foundyourrootpassword.Are youOK withthat? A1: Yes we are aware of that risk. A2: How can we fix that? That is justan example of averybasicquestionof anapproach that a hackerlooksat, theirmindsetworks differently,theycansearchor an SQL Injectiononyourwebsite of amistake youdidnotsee,because youpaida developertodoa site,anarticle buthe didn’tpayattentionthatthe wayhe wrote it, allowedanattackertotake advantage of it,and escalatedtill he gotthe detailsneededtohave accessonyour network. Black Hats,lookfor such details,doyouwantto know if youare safe ? You can. The Word “Shell”isthe beginning, toahacker, is like GODACCESSinthe IT world.Afterashell,ahackercan quicklyescalate privileges,andonce youhave a meterpretersessionwithSystemrights,thatiscompletelyover. You can sniff traffic,youcan be ina MITM environment (Game Over) where fromone compromiseddevice you launcha massive attackcompromisingeverydevice havingaccesstoit,installingmassive keyloggers across, decryptinghistoryfilesfrombrowsers,makingpersistency,stealingaccounts,bitcoins,social media,important workand that isjust the beginning,yes recordaudio,accessthe webcam,,if it’saphone dumpthe call lists,the SMS, sendand spoof asthat personand more. Thisis a glimpse of whattheycan do, and a skillful “BlackHat”doesnotneedto explainhow he doesit,he does it.And doesitfast.
Nowyes,that iscriminal.Butimagine,you getpeoplewithsuchmindsetskill toperformapenetrationtestingin your network,notasoftware thatcan scan good but letthe personbehinditwithsuchmindsetsdothe scan. It means,all youhave to do isgive himan IP,a Name of a Companyand the jobof a blackhat “Ethical” Hackeris to getyou proof of how he compromisedyournetworkandnot“IF”. How to fix andmitigate eachone,whatsteps are neededfromyourside todo,so that youcan overcome,nota simulatedattack,buta real one.How Importantisit to you? No software cando that,but signingaNon-DisclosedAgreementwiththem,grantsthemthe righttodo whatever isneeded,totestyournetwork,andhavingdocumentedeverythingforyourteamto read,studyand start preformingthe changes,some of themrequire educational lessonsforyouremployees,maybeyouneedtohire more people toactuallydevelopthisinyourcompanyanddependingonif youhave the time andthe rightpeople for thisjob,or yououtsource itand have your people fix regularly,orjustacceptit as “KnownBusinessRisk”. Thisis whatBlack Hat Ethical Hacking isabout. Since there are terminologiesof White Hats,BlackHats,Grey Hats,and Blue Hats, youalreadyknow aboutthat. Black Hat “ethical”Hacking,is a newclassification.And importanttoointhe CyberSecurityWorld. Securityisa myth... the goodpeople gettostudyhow to make thingsmore secure,andthe badpeople are testing newmethodsagainstthose,likeacat and mouse,the problemis,amajorfact called“Human”element,iswhata blackhat can use,totake over anyhardware systemfromany brandand vendorandany IDS Systeminthe world. That elementweaknessisthe mostvulnerable anddangerousfactor.“Social Engineering”. Hackingis 90% Recon and10% ExecutionandPostWork or 1% Execution(ShellAccess,Exploitdone) andthe 9% Postwork andClean. Reconnaissance andsocial engineeringhastodo witha lot of research,aboutthe company,the people working for it,yourexposure onthe internet,if amembersubscribedintoanexternal site like apizzaonlinedelivery,with hisworkemail,andusingthe same password. Thingslike thatcan be discoveredinminutesorhours,anddays,so all the yearsof worka black hatcan see this quickly,programslike Maltego,Scripts,SkillandpythoncustomwrittenusingAPIKeysof searchengines,social media,Shodun,ToolslikeRecon-NG,canbe used,that isskill,andthe attack getswell prepared,andtargeted througha social engineermethod, thatwill make thatpersonvulnerable,andthisisall ittakes,one window,one click,one mistake fora blackhat to compromise youcompletely. WhichSecurityDevice canprotectyou fromthat? In Conclusion: The bestway to secure yourself isto growyourown securityinyourcompany,create itbasedon your needs, investinpeople whoknowaboutthe otherside othings,like blue andredteam, create yourownred teamand
blue team,have themtestreal scenarios,letthe redteamshow the skill tothe blue team, sothat the blue team can withtheirexpertiseprotectandtake the rightstepsto preventsuchtechniques. Letthe passiontakesit course,itspassionthatwill letyoumake the difference.Lose that,andwatchwhat happens.. But to do this,youneedtoallowthe RED (BlackHat) Team show youhow its done,not“Show”you,but letyou “get” a taste of howstrong the war isagainst,because DDoSCAN be done from a 12 yearold,on a 3G Card he got, froma phone runninga terminal,andSSHto a raspberryPI somewhere,withONECommand.AndthisCAN ruinyour networks,andcreate havocwithyourhardware.AndYES there is preventiontothat,and itsVERY Simple because the mindsetof aBlackHat the waytheylearn,isthe opposite of the wayit istaught. Andthat isa small percentthatknowthat,so true securityisallowingbothtoperformthis. Black Hat Ethical Hacking– offerssuchBlackBox Techniques –If you are Certainand confidentthatIf youget attackedyouare readyto applythe remedyandmitigate yourrisks,whynottestthat fromthis perspective, because CyberCriminalsare there,anddoinggreatdamage,itsnot“IF” youwill getattacked,its“When”youwill getattacked,howbadlyyou will be damagedbasedonthe necessary precautionstakenagainstsuchanattack. WrittenbyChrisAbou-Chabke //blackhatethicalhacking.com

Recommended

Social Engineering - By Chris Hills
Social Engineering - By Chris HillsSocial Engineering - By Chris Hills
Social Engineering - By Chris HillsChris Hills CPP, CRMP
 
Zero-Knowledge Proofs in Light of Digital Identity
Zero-Knowledge Proofs in Light of Digital IdentityZero-Knowledge Proofs in Light of Digital Identity
Zero-Knowledge Proofs in Light of Digital IdentityClare Nelson, CISSP, CIPP-E
 
5
55
5powerfulmusic1
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta
 
Kinds of hackers
Kinds of hackersKinds of hackers
Kinds of hackersAlex Havaianas
 
Ethical hacking 2016
Ethical hacking 2016 Ethical hacking 2016
Ethical hacking 2016 arohan6
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 

Recommended

Social Engineering - By Chris Hills
Social Engineering - By Chris HillsSocial Engineering - By Chris Hills
Social Engineering - By Chris HillsChris Hills CPP, CRMP
 
Zero-Knowledge Proofs in Light of Digital Identity
Zero-Knowledge Proofs in Light of Digital IdentityZero-Knowledge Proofs in Light of Digital Identity
Zero-Knowledge Proofs in Light of Digital IdentityClare Nelson, CISSP, CIPP-E
 
5
55
5powerfulmusic1
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta
 
Kinds of hackers
Kinds of hackersKinds of hackers
Kinds of hackersAlex Havaianas
 
Ethical hacking 2016
Ethical hacking 2016 Ethical hacking 2016
Ethical hacking 2016 arohan6
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Types of Hacker
Types of Hacker Types of Hacker
Types of HackerMukund Kumar Bharti
 
the best hacking ppt
the best hacking pptthe best hacking ppt
the best hacking pptfuckubitches
 
hacker-180906055756.pptx
hacker-180906055756.pptxhacker-180906055756.pptx
hacker-180906055756.pptxAlefya1
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 
Hacking
HackingHacking
Hackingpranav patade
 
hacking
hackinghacking
hackingCourtney Cole
 
Module 9 (social engineering)
Module 9 (social engineering)Module 9 (social engineering)
Module 9 (social engineering)Wail Hassan
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 
CSSE-Ethical-Hacking-ppt.pptx
CSSE-Ethical-Hacking-ppt.pptxCSSE-Ethical-Hacking-ppt.pptx
CSSE-Ethical-Hacking-ppt.pptxVishnuVarma47
 
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Edureka!
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfxererenhosdominaram
 
Ehtical hacking speech
Ehtical hacking speechEhtical hacking speech
Ehtical hacking speechtalhaabid
 
Ethical hacking basics
Ethical hacking basicsEthical hacking basics
Ethical hacking basicsMeenesh Jain
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for ActivistsGreg Stromire
 
Security
SecuritySecurity
SecurityBob Cherry
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Michele Chubirka
 
Learn Hacking
Learn HackingLearn Hacking
Learn Hackinghackingtraining
 
Offensive Security basics part 1
Offensive Security basics part 1Offensive Security basics part 1
Offensive Security basics part 1wharpreet
 
unit-1.pptx
unit-1.pptxunit-1.pptx
unit-1.pptxSrinivas Kanakala
 
Hack and Crack Slide
Hack and Crack SlideHack and Crack Slide
Hack and Crack SlideCikgu Syam
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

More Related Content

Similar to Black Hat "Ethical

the best hacking ppt
the best hacking pptthe best hacking ppt
the best hacking pptfuckubitches
 
hacker-180906055756.pptx
hacker-180906055756.pptxhacker-180906055756.pptx
hacker-180906055756.pptxAlefya1
 
Module 9 (social engineering)
Module 9 (social engineering)Module 9 (social engineering)
Module 9 (social engineering)Wail Hassan
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 
CSSE-Ethical-Hacking-ppt.pptx
CSSE-Ethical-Hacking-ppt.pptxCSSE-Ethical-Hacking-ppt.pptx
CSSE-Ethical-Hacking-ppt.pptxVishnuVarma47
 
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Edureka!
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfxererenhosdominaram
 
Ehtical hacking speech
Ehtical hacking speechEhtical hacking speech
Ehtical hacking speechtalhaabid
 
Ethical hacking basics
Ethical hacking basicsEthical hacking basics
Ethical hacking basicsMeenesh Jain
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for ActivistsGreg Stromire
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Michele Chubirka
 
Offensive Security basics part 1
Offensive Security basics part 1Offensive Security basics part 1
Offensive Security basics part 1wharpreet
 
Hack and Crack Slide
Hack and Crack SlideHack and Crack Slide
Hack and Crack SlideCikgu Syam
 

Similar to Black Hat "Ethical (20)

Types of Hacker
Types of Hacker Types of Hacker
Types of Hacker
 
the best hacking ppt
the best hacking pptthe best hacking ppt
the best hacking ppt
 
hacker-180906055756.pptx
hacker-180906055756.pptxhacker-180906055756.pptx
hacker-180906055756.pptx
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hacking
HackingHacking
Hacking
 
hacking
hackinghacking
hacking
 
Module 9 (social engineering)
Module 9 (social engineering)Module 9 (social engineering)
Module 9 (social engineering)
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
 
CSSE-Ethical-Hacking-ppt.pptx
CSSE-Ethical-Hacking-ppt.pptxCSSE-Ethical-Hacking-ppt.pptx
CSSE-Ethical-Hacking-ppt.pptx
 
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
 
Ehtical hacking speech
Ehtical hacking speechEhtical hacking speech
Ehtical hacking speech
 
Ethical hacking basics
Ethical hacking basicsEthical hacking basics
Ethical hacking basics
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for Activists
 
Security
SecuritySecurity
Security
 
Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)
 
Learn Hacking
Learn HackingLearn Hacking
Learn Hacking
 
Offensive Security basics part 1
Offensive Security basics part 1Offensive Security basics part 1
Offensive Security basics part 1
 
unit-1.pptx
unit-1.pptxunit-1.pptx
unit-1.pptx
 
Hack and Crack Slide
Hack and Crack SlideHack and Crack Slide
Hack and Crack Slide
 

Recently uploaded

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Recently uploaded (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Black Hat "Ethical

  • 1. Black Hat “Ethical”Hacking – What doesthat mean?BlackHat / Ethical? To understandthat,youneedtoknowwhat all the Hats mean,Black,White,Grey,Red, Blue sothat you will be able to understandwhatBlackHat “Ethical”Hacking isabout. WikipediaClassifies“BlackHat”: Black-hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black-hat hackers break into secure networks to destroy, modify, or steal data or to make the network unusable for those who are authorized to use the network Now,that alsocomes witha price,itsskill,because talent,youcanhave insomething,butskill,cannotbe measuredinwords,butwork,and results,notevenapapercan prove the true skill because itlimitssomeone to say “You have a CEH” itmeansyou are very skillful inthe securityindustry. Its notlike thatthough,manypeople trainandstudyand gainskill onhow to install,configureandmaintain networks,butitisnot necessarilytheirskillto“Test”themthe way a real “Hacker” would,because itslike Martial Arts,theyteach youthe skill andart of defendingyourself.If youmisuse it,theyare notresponsible,yetyouearn the skill of defensefromanoffensive perspective. There are people whoare skillful inthe offensiveside,whatwe are sayingis,true securityiscombiningthe work of defensiveside,incollaborationwithanoffensiveside,toworktogether,topreventfromareal offensiveside. It takesone to knowone. That requiresaNEW Positiontobe createdthat will handle thisspecifictask. “You take the good,you take the bad, youtake themboth,andthere youhave the factsof life” Its like 2strong opposite sidespushingonthe oppositedirections,one gainsskillonmaintainingthe right directionandthe otherhas skill tomaintainthe leftdirection. Ethical,comesinbetween,andsays,Whatif youmanagedto grow inyour company,both.Sotheycan testreal life scenarioseachone withtheirexpertise andofferastrongerdefensive systemforyourcompany.Todo that, youneedto allowthe positiontodevelop,anduntil then,askfromthe “BlackHat” Techniques,tobe tested. Black Hats are skillful theyare notone,theyare many,theyare a community,itsnotsomethingyoulearn,it’sa wayyou live,the onlyissue isthe ethical partbehindit,the fact that itcan take secondsto identify fromaquick
  • 2. scan of an IPAddress,the vulnerabilities,thenitall goesdowntohow much skillful youare toexploitthat,how fasthow confidentyouare,togeta session,andhowyouknow that“Shell”isjustthe beginning. The Factthat youcan use social engineeringandmanipulatethe humanelementbehindthe hardware,use physical access, techniquesthatdevelopsfromexperience inusingsuchtoolstotestyourinternal,externalnetwork,andthe abilitytotestitfrom a real worldscenario. Whenyoustudyhow to protectsomething,theyare alreadytesting howto breakit, itspassion.Some don’tdoitfor unethical reasons,some doitforthe passion,andofferitas a service,helpingyouandyourIT people,see itfromthisperspective,anditsupto youhow much investmentyou wantto put to fix those,oraccept themas “Known”Businessrisks. Q: Hey,you have port22 open,andithas no protectionfrombrute force,soour scannerthat ran a simple dictionary test,foundyourrootpassword.Are youOK withthat? A1: Yes we are aware of that risk. A2: How can we fix that? That is justan example of averybasicquestionof anapproach that a hackerlooksat, theirmindsetworks differently,theycansearchor an SQL Injectiononyourwebsite of amistake youdidnotsee,because youpaida developertodoa site,anarticle buthe didn’tpayattentionthatthe wayhe wrote it, allowedanattackertotake advantage of it,and escalatedtill he gotthe detailsneededtohave accessonyour network. Black Hats,lookfor such details,doyouwantto know if youare safe ? You can. The Word “Shell”isthe beginning, toahacker, is like GODACCESSinthe IT world.Afterashell,ahackercan quicklyescalate privileges,andonce youhave a meterpretersessionwithSystemrights,thatiscompletelyover. You can sniff traffic,youcan be ina MITM environment (Game Over) where fromone compromiseddevice you launcha massive attackcompromisingeverydevice havingaccesstoit,installingmassive keyloggers across, decryptinghistoryfilesfrombrowsers,makingpersistency,stealingaccounts,bitcoins,social media,important workand that isjust the beginning,yes recordaudio,accessthe webcam,,if it’saphone dumpthe call lists,the SMS, sendand spoof asthat personand more. Thisis a glimpse of whattheycan do, and a skillful “BlackHat”doesnotneedto explainhow he doesit,he does it.And doesitfast.
  • 3. Nowyes,that iscriminal.Butimagine,you getpeoplewithsuchmindsetskill toperformapenetrationtestingin your network,notasoftware thatcan scan good but letthe personbehinditwithsuchmindsetsdothe scan. It means,all youhave to do isgive himan IP,a Name of a Companyand the jobof a blackhat “Ethical” Hackeris to getyou proof of how he compromisedyournetworkandnot“IF”. How to fix andmitigate eachone,whatsteps are neededfromyourside todo,so that youcan overcome,nota simulatedattack,buta real one.How Importantisit to you? No software cando that,but signingaNon-DisclosedAgreementwiththem,grantsthemthe righttodo whatever isneeded,totestyournetwork,andhavingdocumentedeverythingforyourteamto read,studyand start preformingthe changes,some of themrequire educational lessonsforyouremployees,maybeyouneedtohire more people toactuallydevelopthisinyourcompanyanddependingonif youhave the time andthe rightpeople for thisjob,or yououtsource itand have your people fix regularly,orjustacceptit as “KnownBusinessRisk”. Thisis whatBlack Hat Ethical Hacking isabout. Since there are terminologiesof White Hats,BlackHats,Grey Hats,and Blue Hats, youalreadyknow aboutthat. Black Hat “ethical”Hacking,is a newclassification.And importanttoointhe CyberSecurityWorld. Securityisa myth... the goodpeople gettostudyhow to make thingsmore secure,andthe badpeople are testing newmethodsagainstthose,likeacat and mouse,the problemis,amajorfact called“Human”element,iswhata blackhat can use,totake over anyhardware systemfromany brandand vendorandany IDS Systeminthe world. That elementweaknessisthe mostvulnerable anddangerousfactor.“Social Engineering”. Hackingis 90% Recon and10% ExecutionandPostWork or 1% Execution(ShellAccess,Exploitdone) andthe 9% Postwork andClean. Reconnaissance andsocial engineeringhastodo witha lot of research,aboutthe company,the people working for it,yourexposure onthe internet,if amembersubscribedintoanexternal site like apizzaonlinedelivery,with hisworkemail,andusingthe same password. Thingslike thatcan be discoveredinminutesorhours,anddays,so all the yearsof worka black hatcan see this quickly,programslike Maltego,Scripts,SkillandpythoncustomwrittenusingAPIKeysof searchengines,social media,Shodun,ToolslikeRecon-NG,canbe used,that isskill,andthe attack getswell prepared,andtargeted througha social engineermethod, thatwill make thatpersonvulnerable,andthisisall ittakes,one window,one click,one mistake fora blackhat to compromise youcompletely. WhichSecurityDevice canprotectyou fromthat? In Conclusion: The bestway to secure yourself isto growyourown securityinyourcompany,create itbasedon your needs, investinpeople whoknowaboutthe otherside othings,like blue andredteam, create yourownred teamand
  • 4. blue team,have themtestreal scenarios,letthe redteamshow the skill tothe blue team, sothat the blue team can withtheirexpertiseprotectandtake the rightstepsto preventsuchtechniques. Letthe passiontakesit course,itspassionthatwill letyoumake the difference.Lose that,andwatchwhat happens.. But to do this,youneedtoallowthe RED (BlackHat) Team show youhow its done,not“Show”you,but letyou “get” a taste of howstrong the war isagainst,because DDoSCAN be done from a 12 yearold,on a 3G Card he got, froma phone runninga terminal,andSSHto a raspberryPI somewhere,withONECommand.AndthisCAN ruinyour networks,andcreate havocwithyourhardware.AndYES there is preventiontothat,and itsVERY Simple because the mindsetof aBlackHat the waytheylearn,isthe opposite of the wayit istaught. Andthat isa small percentthatknowthat,so true securityisallowingbothtoperformthis. Black Hat Ethical Hacking– offerssuchBlackBox Techniques –If you are Certainand confidentthatIf youget attackedyouare readyto applythe remedyandmitigate yourrisks,whynottestthat fromthis perspective, because CyberCriminalsare there,anddoinggreatdamage,itsnot“IF” youwill getattacked,its“When”youwill getattacked,howbadlyyou will be damagedbasedonthe necessary precautionstakenagainstsuchanattack. WrittenbyChrisAbou-Chabke //blackhatethicalhacking.com