SlideShare a Scribd company logo

What is a Hacker (part 1): Types, tools and techniques

K
Klaus Drosch

The popular definition of a hacker is someone who uses their technical abilities to gain unauthorized access to computers. In reality hackers are as diverse as people in general, having expert technical abilities does not have to make you a criminal; it can make you a hero.

Technology
1 of 5
Download to read offline
What is a Hacker (part 1): Types, tools and techniques The popular definition of a hacker is someone who uses their technical abilities to gain unauthorized access to computers. In reality hackers are as diverse as people in general, having expert technical abilities does not have to make you a criminal; it can make you a hero. Types of hackers As with people, there are many different types of hackers with wildly different world views and motivations. The term “Hats” comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat respectively. • White Hat Hacker First of all, we have the good guys; these are the ethical hackers that use their power for good. Usually they are employed or contracted by companies and governmental entities to find vulnerabilities before other hackers will. White hat hackers always operate within the confines of the law. Famous: Charlie Miller, Tsutomu Shimomura, Greg Hoglund
• Black Hat Hacker On the opposite side of the spectrum, the Black Hats operate outside any moral and legal framework, motivated by personal or financial gain. They break into systems, steal login credentials and private data which they use for extortion or put up for sale online. Infamous: Kevin Mitnick, Jonathan James, Albert Gonzalez • Grey Hat Hacker As the name suggests the Grey Hat hacker is a mix of both White and Black hats. They look for vulnerabilities without permission but often report them to the owner, some- times for free and sometimes with demand for compensation. If that demand is not meet they might leak the information online or exploit it, becoming a Black Hat. Famous: Adrian Lamo, Gary McKinnon, Kevin Poulsen • Red Hat Hacker These are the hunters of the hacker world, and their prey are Black Hats. Their sole ob- jective is to destroy the efforts of illegal hackers and take their infrastructure down. • Blue Hat Hacker These are novice hackers who’s main agenda is revenge on anyone who makes them angry. They have little interest in learning and use ready-made scripts to do their dirty work. • Green Hat Hacker You will find the Green Hats on online hacking forums asking questions to the more seasoned professionals. These are the amateurs eager to learn the tools of the trade and become a full-blown hacker.
Common hacking tools Most Hacking tools are used by both security researchers and criminals. If the tool finds a vulnerability it can be patched, or exploited, depending on your ethical alignment. • Rootkits Special software that allows a hacker to gain remote access to a victim’s computer. Origi- nally, rootkits were developed to fix software problems remotely but have since then been weaponized by hackers. In the news: Sony BMG copy protection rootkit scandal, Greek wiretapping case • Keyloggers Software designed to eavesdrop on the victim’s computer, recording every keystroke the user does. Everything is intercepted and stored on a log file, credit card numbers, person- al communication, phone numbers, passwords. In the news: Selectric Bug (Oldschool), PunkeyPOS • Vulnerability scanners A software that scans large networks of computers to find weaknesses that can be exploited or patched. For example, a White Hat scans to find holes to patch while a Black Hat scans to find holes to exploit. Most used: Sn1per, Nessus, MBSA, GFI Languard • Worm, Virus & Trojan Worms and Viruses are malicious programs designed to steal your data and spread to other computers within the network. Trojans are impostors, files that look like desirable programs but contain malicious code. The main difference is that Trojans do not infect other computers; they do not self-replicate. Most destructive: ILOVEYOU, MyDOOM, Storm Worm, SLAMMER • Botnet A Botnet is a series of hijacked computers all around the world that the Hacker controls. They can be used to perform DDoS-attacks, bringing down specific servers with massive amount of traffic. Botnets are created and managed by Hackers that either use them for their own purposes or sell them as a service.
Common hacking techniques Usually a Hacker deploys multiple techniques to reach their goal, sometimes the simplest ways are the most efficient. Using social engineering techniques exploiting human kindness, greed and curiosity to gain access is not uncommon. • Phishing The Hacker makes a perfect copy of a popular website and uses a URL that is close enough to the original to go unnoticed. He then sends a legitimate-looking email to the target containing a link to the phishing site. The target will unknowingly sign in to the fake website giving the hacker his login credentials. More info: Phishing.org, Tripwire Attacks: Phish Phry, Walter Stephan, FMS Scam • SQL Injections Most websites use an SQL database to store information about their customers. An ap- plication communicating with that database can be exploited with SQL-injections if it’s poorly coded. The attack is executed on the website’s user-input fields (search box, login box, etc) that accept illegal input, giving the hacker access to the database. More info: Wiki, Portswigger Attacks: TalkTalk, WTO, Wall Street Journal • DoS/DDoS In a Denial of Service attack, the hacker uses a Botnet (network of hijacked computers) to flood a specific server with massive amounts of traffic. The server is quickly overload- ed, and all websites hosted on it will be offline. More info: Wiki, Cloudflare Attacks: Github, Occupy Central Hong Kong, CloudFlare • Brute Force Essentially it’s guessing passwords until the hacker get’s it right. If a user has a weak password, i.e. “1234” or “password”, the hacker can try to guess it either by hand or using specialized tools. More info: Wiki, Infosec Attacks: GitHub, Alibaba’s Taobao, U.S Utility Control System
Original post can be found at our homepage: https://www.bitidentify.com/blog/hacker-types-tools-and-techniques/ • Fake WAP Free WiFi is common in public spaces like airports & coffee shops making it an ideal target for a hacker to exploit. The hacker creates a fake Wireless Access Point (WAP) mimicking the name of the real WiFi, so users connect to it. While the users is connect- ed to the fake WiFi the hacker can read all information going through it, login creden- tials, credit card, and personal messages. More info: Wiki, Lifewire Examples: 7-year old break public network in 11 minutes, WiFi Pineapple • Sniffing/Snooping The hacker monitors traffic on unsecured networks to find relevant information that can be used in a future attack. More info: Wiki, GreyCampus Examples: Sniffing attack against European hotels • Bait & Switch In this attack, the Hacker buys advertising space on popular websites, and the ads will redirect the target to a page full of malware. The hacker’s ads will look legitimate and very appealing to the target, but as soon as the target clicks them they will be infected. It’s called Bait & Switch since the hacker’s baiting with good ads and then switching the link to a bad page. More info: Wiki Examples: Hackers sell access to Bait-and-Switch empire • Cookie Theft Most websites use cookies to store user data and make them load faster; this can be passwords, browsing history, etc. If the connections are not secured trough SSL the hacker can steal this data and use the cookie to authenticate themselves as the target. More info: Wiki Examples: Yahoo Cookie Forging Attack, iOS Cookie theft • Waterhole Attacks The Hacker studies the target’s daily routines to find out his favorite physical locations (café f.ex); these are the waterholes. Once the Hacker knows the waterholes and the timing of the target he sets his trap using a combination of techniques. He might create a Fake WAP free WiFi access point at that location, and knowing the target’s favorite websites, he uses Phishing to steal the login credentials. More info: Wiki Examples: US Department of Labor, Forbes, ICAO • UI Redress/ClickJacking In essence, the Hacker tricks the target to click on a specific link by making it look like something else. It’s very common on movie streaming or torrent download pages; when the user clicks on “Download” or “Play”, it’s an advertising link they are clicking. In other cases it can be used to trick the target to transfer money to the Hacker from their online bank. More info: Wiki, Nodeswat Examples: Facebook

Recommended

Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Hacking
HackingHacking
HackingDianna Marie Manalo
 
Power Point Hacker
Power Point HackerPower Point Hacker
Power Point Hackeryanizaki
 
Hacking
HackingHacking
HackingKarañ Lavharé
 
Hackers
HackersHackers
HackersMahmoud Saeed
 
Hacking-Basics
Hacking-BasicsHacking-Basics
Hacking-BasicsGaurav Singh
 
What is cybersecurity about?
What is cybersecurity about?What is cybersecurity about?
What is cybersecurity about?Daniel Agudo Garcia
 
Dark Web Forensics
Dark Web Forensics Dark Web Forensics
Dark Web Forensics Deepak Kumar (D3)
 

Recommended

Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Hacking
HackingHacking
HackingDianna Marie Manalo
 
Power Point Hacker
Power Point HackerPower Point Hacker
Power Point Hackeryanizaki
 
Hacking
HackingHacking
HackingKarañ Lavharé
 
Hackers
HackersHackers
HackersMahmoud Saeed
 
Hacking-Basics
Hacking-BasicsHacking-Basics
Hacking-BasicsGaurav Singh
 
What is cybersecurity about?
What is cybersecurity about?What is cybersecurity about?
What is cybersecurity about?Daniel Agudo Garcia
 
Dark Web Forensics
Dark Web Forensics Dark Web Forensics
Dark Web Forensics Deepak Kumar (D3)
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat IntelligenceMarlabs
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
A perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionageA perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionageGohsuke Takama
 
The Anatomy of an Anonymous Attack
The Anatomy of an Anonymous AttackThe Anatomy of an Anonymous Attack
The Anatomy of an Anonymous AttackImperva
 
All About Hacking..!!
All About Hacking..!!All About Hacking..!!
All About Hacking..!!Mahatma Gandhi Institute of Edu and Research Center
 
Hacker culture
Hacker cultureHacker culture
Hacker cultureJack Hsu
 
Learn Hacking
Learn HackingLearn Hacking
Learn Hackinghackingtraining
 
Hacking
Hacking Hacking
Hacking ANUSHAMOL2
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาOnwadee18
 
Hacking
HackingHacking
HackingMohamad Fadhil Yaacob
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking HandoutNerium International
 
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common KeywordsComputer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywordskhansalman19
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 
Hacking
HackingHacking
HackingVipinYadav257
 
Introduction of Cyber Security
Introduction of Cyber SecurityIntroduction of Cyber Security
Introduction of Cyber Securitypenetration Tester
 
Intro
IntroIntro
IntroKalkey
 
Hacking
HackingHacking
Hackingpranav patade
 
HACKING
HACKINGHACKING
HACKINGShubham Agrawal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 

More Related Content

What's hot

Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat IntelligenceMarlabs
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
A perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionageA perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionageGohsuke Takama
 
The Anatomy of an Anonymous Attack
The Anatomy of an Anonymous AttackThe Anatomy of an Anonymous Attack
The Anatomy of an Anonymous AttackImperva
 
Hacker culture
Hacker cultureHacker culture
Hacker cultureJack Hsu
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาOnwadee18
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common KeywordsComputer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywordskhansalman19
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 

What's hot (16)

Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat Intelligence
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
 
A perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionageA perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionage
 
The Anatomy of an Anonymous Attack
The Anatomy of an Anonymous AttackThe Anatomy of an Anonymous Attack
The Anatomy of an Anonymous Attack
 
All About Hacking..!!
All About Hacking..!!All About Hacking..!!
All About Hacking..!!
 
Hacker culture
Hacker cultureHacker culture
Hacker culture
 
Learn Hacking
Learn HackingLearn Hacking
Learn Hacking
 
Hacking
Hacking Hacking
Hacking
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
 
Hacking
HackingHacking
Hacking
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking Handout
 
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common KeywordsComputer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
 
social engineering
social engineering social engineering
social engineering
 

Similar to What is a Hacker (part 1): Types, tools and techniques

Introduction of Cyber Security
Introduction of Cyber SecurityIntroduction of Cyber Security
Introduction of Cyber Securitypenetration Tester
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Ethical hacking 2016
Ethical hacking 2016 Ethical hacking 2016
Ethical hacking 2016 arohan6
 
module 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptxmodule 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptxGautam708801
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Shawon Raffi
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingAkshay Kale
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security ritik shukla
 
Application of computer to legal practice (hacking)
Application of computer to legal practice (hacking)Application of computer to legal practice (hacking)
Application of computer to legal practice (hacking)Solomon Oho
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingManas Das
 

Similar to What is a Hacker (part 1): Types, tools and techniques (20)

Hacking
HackingHacking
Hacking
 
Introduction of Cyber Security
Introduction of Cyber SecurityIntroduction of Cyber Security
Introduction of Cyber Security
 
Intro
IntroIntro
Intro
 
Hacking
HackingHacking
Hacking
 
HACKING
HACKINGHACKING
HACKING
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking 2016
Ethical hacking 2016 Ethical hacking 2016
Ethical hacking 2016
 
module 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptxmodule 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptx
 
Hacking
HackingHacking
Hacking
 
unit-1.pptx
unit-1.pptxunit-1.pptx
unit-1.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 
Hacking
HackingHacking
Hacking
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Hacking (cs192 report )
Hacking (cs192 report )Hacking (cs192 report )
Hacking (cs192 report )
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security
 
Application of computer to legal practice (hacking)
Application of computer to legal practice (hacking)Application of computer to legal practice (hacking)
Application of computer to legal practice (hacking)
 
Hackers ESP
Hackers ESPHackers ESP
Hackers ESP
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

More from Klaus Drosch

Look trough your windows 10 privacy settings
Look trough your windows 10 privacy settingsLook trough your windows 10 privacy settings
Look trough your windows 10 privacy settingsKlaus Drosch
 
How to beat the Coronavirus with a game
How to beat the Coronavirus with a gameHow to beat the Coronavirus with a game
How to beat the Coronavirus with a gameKlaus Drosch
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 
What is a Hacker (part 2): How data is stolen
What is a Hacker (part 2): How data is stolenWhat is a Hacker (part 2): How data is stolen
What is a Hacker (part 2): How data is stolenKlaus Drosch
 
In 21st-century-tv-watches-you
In 21st-century-tv-watches-youIn 21st-century-tv-watches-you
In 21st-century-tv-watches-youKlaus Drosch
 
Bitidentify Security Technology
Bitidentify Security TechnologyBitidentify Security Technology
Bitidentify Security TechnologyKlaus Drosch
 
Features and Benefits
Features and BenefitsFeatures and Benefits
Features and BenefitsKlaus Drosch
 

More from Klaus Drosch (7)

Look trough your windows 10 privacy settings
Look trough your windows 10 privacy settingsLook trough your windows 10 privacy settings
Look trough your windows 10 privacy settings
 
How to beat the Coronavirus with a game
How to beat the Coronavirus with a gameHow to beat the Coronavirus with a game
How to beat the Coronavirus with a game
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
 
What is a Hacker (part 2): How data is stolen
What is a Hacker (part 2): How data is stolenWhat is a Hacker (part 2): How data is stolen
What is a Hacker (part 2): How data is stolen
 
In 21st-century-tv-watches-you
In 21st-century-tv-watches-youIn 21st-century-tv-watches-you
In 21st-century-tv-watches-you
 
Bitidentify Security Technology
Bitidentify Security TechnologyBitidentify Security Technology
Bitidentify Security Technology
 
Features and Benefits
Features and BenefitsFeatures and Benefits
Features and Benefits
 

Recently uploaded

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Recently uploaded (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

What is a Hacker (part 1): Types, tools and techniques

  • 1. What is a Hacker (part 1): Types, tools and techniques The popular definition of a hacker is someone who uses their technical abilities to gain unauthorized access to computers. In reality hackers are as diverse as people in general, having expert technical abilities does not have to make you a criminal; it can make you a hero. Types of hackers As with people, there are many different types of hackers with wildly different world views and motivations. The term “Hats” comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat respectively. • White Hat Hacker First of all, we have the good guys; these are the ethical hackers that use their power for good. Usually they are employed or contracted by companies and governmental entities to find vulnerabilities before other hackers will. White hat hackers always operate within the confines of the law. Famous: Charlie Miller, Tsutomu Shimomura, Greg Hoglund
  • 2. • Black Hat Hacker On the opposite side of the spectrum, the Black Hats operate outside any moral and legal framework, motivated by personal or financial gain. They break into systems, steal login credentials and private data which they use for extortion or put up for sale online. Infamous: Kevin Mitnick, Jonathan James, Albert Gonzalez • Grey Hat Hacker As the name suggests the Grey Hat hacker is a mix of both White and Black hats. They look for vulnerabilities without permission but often report them to the owner, some- times for free and sometimes with demand for compensation. If that demand is not meet they might leak the information online or exploit it, becoming a Black Hat. Famous: Adrian Lamo, Gary McKinnon, Kevin Poulsen • Red Hat Hacker These are the hunters of the hacker world, and their prey are Black Hats. Their sole ob- jective is to destroy the efforts of illegal hackers and take their infrastructure down. • Blue Hat Hacker These are novice hackers who’s main agenda is revenge on anyone who makes them angry. They have little interest in learning and use ready-made scripts to do their dirty work. • Green Hat Hacker You will find the Green Hats on online hacking forums asking questions to the more seasoned professionals. These are the amateurs eager to learn the tools of the trade and become a full-blown hacker.
  • 3. Common hacking tools Most Hacking tools are used by both security researchers and criminals. If the tool finds a vulnerability it can be patched, or exploited, depending on your ethical alignment. • Rootkits Special software that allows a hacker to gain remote access to a victim’s computer. Origi- nally, rootkits were developed to fix software problems remotely but have since then been weaponized by hackers. In the news: Sony BMG copy protection rootkit scandal, Greek wiretapping case • Keyloggers Software designed to eavesdrop on the victim’s computer, recording every keystroke the user does. Everything is intercepted and stored on a log file, credit card numbers, person- al communication, phone numbers, passwords. In the news: Selectric Bug (Oldschool), PunkeyPOS • Vulnerability scanners A software that scans large networks of computers to find weaknesses that can be exploited or patched. For example, a White Hat scans to find holes to patch while a Black Hat scans to find holes to exploit. Most used: Sn1per, Nessus, MBSA, GFI Languard • Worm, Virus & Trojan Worms and Viruses are malicious programs designed to steal your data and spread to other computers within the network. Trojans are impostors, files that look like desirable programs but contain malicious code. The main difference is that Trojans do not infect other computers; they do not self-replicate. Most destructive: ILOVEYOU, MyDOOM, Storm Worm, SLAMMER • Botnet A Botnet is a series of hijacked computers all around the world that the Hacker controls. They can be used to perform DDoS-attacks, bringing down specific servers with massive amount of traffic. Botnets are created and managed by Hackers that either use them for their own purposes or sell them as a service.
  • 4. Common hacking techniques Usually a Hacker deploys multiple techniques to reach their goal, sometimes the simplest ways are the most efficient. Using social engineering techniques exploiting human kindness, greed and curiosity to gain access is not uncommon. • Phishing The Hacker makes a perfect copy of a popular website and uses a URL that is close enough to the original to go unnoticed. He then sends a legitimate-looking email to the target containing a link to the phishing site. The target will unknowingly sign in to the fake website giving the hacker his login credentials. More info: Phishing.org, Tripwire Attacks: Phish Phry, Walter Stephan, FMS Scam • SQL Injections Most websites use an SQL database to store information about their customers. An ap- plication communicating with that database can be exploited with SQL-injections if it’s poorly coded. The attack is executed on the website’s user-input fields (search box, login box, etc) that accept illegal input, giving the hacker access to the database. More info: Wiki, Portswigger Attacks: TalkTalk, WTO, Wall Street Journal • DoS/DDoS In a Denial of Service attack, the hacker uses a Botnet (network of hijacked computers) to flood a specific server with massive amounts of traffic. The server is quickly overload- ed, and all websites hosted on it will be offline. More info: Wiki, Cloudflare Attacks: Github, Occupy Central Hong Kong, CloudFlare • Brute Force Essentially it’s guessing passwords until the hacker get’s it right. If a user has a weak password, i.e. “1234” or “password”, the hacker can try to guess it either by hand or using specialized tools. More info: Wiki, Infosec Attacks: GitHub, Alibaba’s Taobao, U.S Utility Control System
  • 5. Original post can be found at our homepage: https://www.bitidentify.com/blog/hacker-types-tools-and-techniques/ • Fake WAP Free WiFi is common in public spaces like airports & coffee shops making it an ideal target for a hacker to exploit. The hacker creates a fake Wireless Access Point (WAP) mimicking the name of the real WiFi, so users connect to it. While the users is connect- ed to the fake WiFi the hacker can read all information going through it, login creden- tials, credit card, and personal messages. More info: Wiki, Lifewire Examples: 7-year old break public network in 11 minutes, WiFi Pineapple • Sniffing/Snooping The hacker monitors traffic on unsecured networks to find relevant information that can be used in a future attack. More info: Wiki, GreyCampus Examples: Sniffing attack against European hotels • Bait & Switch In this attack, the Hacker buys advertising space on popular websites, and the ads will redirect the target to a page full of malware. The hacker’s ads will look legitimate and very appealing to the target, but as soon as the target clicks them they will be infected. It’s called Bait & Switch since the hacker’s baiting with good ads and then switching the link to a bad page. More info: Wiki Examples: Hackers sell access to Bait-and-Switch empire • Cookie Theft Most websites use cookies to store user data and make them load faster; this can be passwords, browsing history, etc. If the connections are not secured trough SSL the hacker can steal this data and use the cookie to authenticate themselves as the target. More info: Wiki Examples: Yahoo Cookie Forging Attack, iOS Cookie theft • Waterhole Attacks The Hacker studies the target’s daily routines to find out his favorite physical locations (café f.ex); these are the waterholes. Once the Hacker knows the waterholes and the timing of the target he sets his trap using a combination of techniques. He might create a Fake WAP free WiFi access point at that location, and knowing the target’s favorite websites, he uses Phishing to steal the login credentials. More info: Wiki Examples: US Department of Labor, Forbes, ICAO • UI Redress/ClickJacking In essence, the Hacker tricks the target to click on a specific link by making it look like something else. It’s very common on movie streaming or torrent download pages; when the user clicks on “Download” or “Play”, it’s an advertising link they are clicking. In other cases it can be used to trick the target to transfer money to the Hacker from their online bank. More info: Wiki, Nodeswat Examples: Facebook