Ethical hacking

What is the meaning of ethical ?
• being in accordance with the rules or standards for right
conduct or practice, especially the standards of a profession :
It was not considered ethical for physicians to advertise.

What is hacking?
• gain unauthorized access to data in a system or computer.
• During the 1990s, the term "hacker" originally denoted a skilled
programmer proficient in machine code and computer operating systems.
In particular, these individuals could always hack on an unsatisfactory
system to solve problems and engage in a little software company
espionage by interpreting a competitor's code.
• Unfortunately, some of these hackers also became experts at accessing
password-protected computers, files, and networks and came to known as
"crackers." Of course, an effective and dangerous "cracker" must be a good
hacker and the terms became intertwined. Hacker won out in popular use
and in the media and today refers to anyone who performs some form of
computer sabotage.

The History Of Hacking
• It all began in the 1960s at MIT, origin of the term “hacker”, where extremely skilled individuals practiced hardcore
programming in FORTRAN and other older languages. Some may ignorantly dub them “nerds” or “geeks” but these
individuals were, by far, the most intelligent, individual, and intellectually advanced people who happen to be the
pioneers and forefathers of the talented individuals that are today the true hackers. The true hackers amongst our
societies have an unquenchable thirst for knowledge. Boredom is never an object of challenge for hackers. They
have an almost anomalous ability to absorb, retain, and exert vast amounts of knowledge with regard to intricate
details. In 1969, Bell Labs employee Ken Thompson invented UNIX and permanently changed the future of the
computer industry. Then in the very early 1970s, Dennis Ritchie invented the computer programming language “C”
which was specifically invented to be used with UNIX. Programmers ceased to use assembler, while developing an
appreciation for the portability of “C.”
• Hackers used to be viewed as people who sat locked in a room all day programming nonstop, hours on end. No
one seemed to mind hackers back in the 1960s when this was the most widely excepted reputation. In fact, most
people had no idea what hacking was. The term hacker was accepted as a positive label slapped onto computer
gurus who could push computer systems beyond the defined limits. Hackers emerged out of the artificial
intelligence labs at MIT in the 1960s. A network known as ARPANET was founded by the Department of Defense
as a means to link government offices. In time, ARPANET evolved into what is today known as the Internet.

Types of hackers :-
Black hat hackers:-
• Black-hat hackers, or simply “black hats,” are the type of hacker
the popular media seems to focus on. Black-hat hackers violate
computer security for personal gain (such as stealing credit card
numbers or harvesting personal data for sale to identity thieves)
or for pure maliciousness (such as creating a botnet and using
that botnet to perform DDOS attacks against websites they don’t
like.)
• Black hats fit the widely-held stereotype that hackers are
criminals performing illegal activities for personal gain and
attacking others. They’re the computer criminals.
• A black-hat hacker who finds a new, “zero-day” security
vulnerability would sell it to criminal organizations on the black
market or use it to compromise computer systems.
• Media portrayals of black-hat hackers may be accompanied by
silly stock photos like the below one, which is intended as a
parody.

White hat hackers :-
• White-hat hackers are the opposite of the black-hat hackers. They’re the
“ethical hackers,” experts in compromising computer security systems
who use their abilities for good, ethical, and legal purposes rather than
bad, unethical, and criminal purposes.
• For example, many white-hat hackers are employed to test an
organizations’ computer security systems. The organization authorizes the
white-hat hacker to attempt to compromise their systems. The white-hat
hacker uses their knowledge of computer security systems to compromise
the organization’s systems, just as a black hat hacker would. However,
instead of using their access to steal from the organization or vandalize its
systems, the white-hat hacker reports back to the organization and
informs them of how they gained access, allowing the organization to
improve their defenses. This is known as “penetration testing,” and it’s
one example of an activity performed by white-hat hackers.
• A white-hat hacker who finds a security vulnerability would disclose it to
the developer, allowing them to patch their product and improve its
security before it’s compromised. Various organizations pay “bounties” or
award prizes for revealing such discovered vulnerabilities, compensating
white-hats for their work.

Grey hat hackers :-
• Very few things in life are clear black-and-white categories. In reality,
there’s often a gray area. A gray-hat hacker falls somewhere between a
black hat and a white hat. A gray hat doesn’t work for their own personal
gain or to cause carnage, but they may technically commit crimes and do
arguably unethical things.
• For example, a black hat hacker would compromise a computer system
without permission, stealing the data inside for their own personal gain or
vandalizing the system. A white-hat hacker would ask for permission
before testing the system’s security and alert the organization after
compromising it. A gray-hat hacker might attempt to compromise a
computer system without permission, informing the organization after the
fact and allowing them to fix the problem. While the gray-hat hacker
didn’t use their access for bad purposes, they compromised a security
system without permission, which is illegal.
• If a gray-hat hacker discovers a security flaw in a piece of software or on a
website, they may disclose the flaw publically instead of privately
disclosing the flaw to the organization and giving them time to fix it. They
wouldn’t take advantage of the flaw for their own personal gain — that
would be black-hat behavior — but the public disclosure could cause
carnage as black-hat hackers tried to take advantage of the flaw before it
was fixed.

Some other types of hackers:-
• Elite hacker
 A social status among hackers, elite is used to describe the most skilled. Newly discovered exploits circulate among these hackers.
Elite groups such as Masters of Deceptionconferred a kind of credibility on their members.
• Script kiddie
 A script kiddie (also known as a skid or skiddie) is an unskilled hacker who breaks into computer systems by using automated tools written
by others (usually by other black hat hackers), hence the term script (i.e. a prearranged plan or set of activities) kiddie (i.e. kid, child—an
individual lacking knowledge and experience, immature),usually with little understanding of the underlying concept.
• Neophyte
 A neophyte ("newbie", or "noob") is someone who is new to hacking or phreaking and has almost no knowledge or experience of the
workings of technology and hacking.
• Blue hat
 A blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for
exploits so they can be closed. Microsoft also uses the term BlueHat to represent a series of security briefing events.
• Hacktivist
 A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message.
 Hacktivism can be divided into two main groups:
 Cyberterrorism — Activities involving website defacement or denial-of-service attacks; and,
 Freedom of information — Making information that is not public, or is public in non-machine-readable formats, accessible to the public.

Types of Data stolen from the organization:-

Some Types of hacking:-
 Injection attack :- Injection Attacking occurs when there are flaws in your
SQL Database, SQL libraries, or even the operating system itself. Employees open
seemingly credible files with hidden commands, or “injections”, unknowingly.
In doing so, they’ve allowed hackers to gain unauthorized access to private data
such as social security numbers, credit card number or other financial data.
 Cross site scripting attack :-Cross Site Scripting, also known as an XSS
attack, occurs when an application, url “get request”, or file packet is sent to the
web browser window and bypassing the validation process. Once an XSS script is
triggered, it’s deceptive property makes users believe that the compromised page
of a specific website is legitimate.
For example, if www.example.com/abcd.html has XSS script in it, the user might
see a popup window asking for their credit card info and other sensitive info

 click jacking attack :- Click jacking, also called a UI Redress Attack, is when a
hacker uses multiple opaque layers to trick a user into clicking the top layer without them
knowing.
Thus the attacker is “hijacking” clicks that are not meant for the actual page, but for a page
where the attacker wants you to be.
For example, using a carefully crafted combination of style sheets, iframes, and text boxes, a user
can be led to believe they are typing in the password for their bank account, but are actually
typing into an invisible frame controlled by the attacker.
 social engineering attacks :- A social engineering attack is not technically
a “hack”.
It happens when you divulge private information in good faith, such as a credit card
number, through common online interactions such as email, chat, social media sites, or
virtually any website.
The problem, of course, is that you’re not getting into what you think you’re getting into.
A classic example of a social engineering attack is the “Microsoft tech support” scam.
This is when someone from a call center pretends to be a MS tech support member who
says that your computer is slow and/or infected, and can be easily fixed – at a cost, of
course.

Phishing attack :- Phishing is the attempt to acquire sensitive information such as
usernames, passwords, and credit card details (and sometimes, indirectly, money), often for
malicious reasons, by masquerading as a trustworthy entity in an electronic
communication. The word is a neologism created as a homophone of fishing due to the
similarity of using a bait in an attempt to catch a victim. Communications purporting to be from
popular social web sites, auction sites, banks, online payment processors or IT administrators
are commonly used to lure unsuspecting victims. Phishing emails may contain links to websites
that are infected with malware. Phishing is typically carried out by email spoofing or instant
messaging, and it often directs users to enter details at a fake website whose look and feel are
almost identical to the legitimate one. Phishing is an example of social engineering techniques
used to deceive users, and exploits the poor usability of current web security
technologies. Attempts to deal with the growing number of reported phishing incidents
include legislation, user training, public awareness, and technical security measures. Many
websites have now created secondary tools for applications, like maps for games, but they
should be clearly marked as to who wrote them, and users should not use the same passwords
anywhere on the internet.

The great knowledge of memory is not ignorance,it is
the illusion of knowledge……
Thank you

Ethical hacking

More Related Content

What's hot

Viewers also liked

Similar to Ethical hacking

Recently uploaded

Ethical hacking