What is Hacking? Types of Hackers and Types of Hacking - Curious CORP

Monday, July 22, 2019

What is Hacking? Types of Hackers and Types of Hacking

You must have heard about hacking and stuff. To most of us hacking resembles to those sci-fi Hollywood movies where hacker clicks some buttons and hacks the entire system with some serious sound effects in the background. 



Guess what ?...

This is not even close to what hacking is. Most part of it doesn't even resembles to what really is hacking. 

Hacking contains a lot of programming, networking and some others stuffs. You have to brains into it to properly understand it.

Lets just dive in and see what hacking really is all about ?

What is Hacking? Types of Hackers and Types of Hacking

What is Hacking ?

As you must have heard of famous quote, that "Nothing is Perfect". 

Similarly in Hacking World we say "Nothing is Secure".

Hacking is a practice of finding loopholes and security vulnerabilities in a system and exploiting it.

Now what is Ethical Hacking ? Is it different from Hacking.

Ethical Hacking generally means hacking with a purpose of finding loopholes and security in system for the betterment and security enhancement of the system.

Hacking in a ethical way with proper permissions and legal authority is Ethical Hacking.

Ethical Hacking is not illegal. But hacking without consent of the owner does.


What are the Types of Hacking ?


Hacking is mainly divided into two categories depending upon what you intentions are...

  • Ethical Hacking
  • Unethical Hacking

Ethical Hacking

Ethical hacking means hacking with a purpose of improving the security in the system by finding security loopholes and Vulnerabilities. An Ethical Hacker has a good intention toward Hacking. 

It is legal if you take permission.

Unethical Hacking

Unethical Hacking means with a purpose of finding vulnerabilities and loopholes with an intention to misuse the system and damage it for their advantage and committing a heinous cyber crime.

It is illegal.



Fields in which ethical hacking is being used

  • It security
  • Social engineering
  • Spyware
  • Encryption and decryption
  • Network security
  • Malware
  • Computer security
  • Reverse engineering
  • Web application security
  • Hashing/ salting
  • Forensics 
  • cryptography

 

Types of Hackers

White hat hacker vs black hat hacker


Hacker is a person who uses his knowledge of hacking to find vulnerabilities and loopholes of a system and exploiting it.

In the hacking world, there are mainly three types of hackers.

  • Black Hat Hacker
  • White Hat Hacker
  • Grey Hat Hacker

Black Hat Hackers

Black hat hackers are those hackers who try to benefit themselves by exploiting vulnerabilities and damaging assets of the system.

They hack people and organizations and steal information for professional gains of themselves.

White Hat Hackers

White hat hackers are those hackers who try to strengthen and secure the vulnerable system by finding loopholes in the system.

They hack people and organizations to secure their system after taking their legal consent.

Grey Hat Hackers

Grey Hat Hackers are those hackers which are a mixture of black hat hackers and white hat hackers. At point they help organizations to secure their system like a white hat hackers.

Also, sometimes they indulge in black hat hacking procedures.


Now we have gained knowledge about what types of hackers are there. So you must be wondering....



How do these Hackers Hack ?

These hackers have their own personal preferences of practicing hacking. These hackers perform several step by step procedure to get what they desire...

The basic steps of every hackers includes

  • Collecting information
  • Finds weak entry points and gets inside them
  • Trying to stay inside the system
  • Clear all the footprints.

However these steps over the period of time have evolved differently for black and white hat hackers.

Steps followed by black hat hackers

The black hat hackers follow the below steps to achieve the target.

Information Gathering

Here the hacker tries to gather as much as possible information about the target. 

For example, if a hackers is trying to hack a website he try to find out,

What kind of server the website is running on.
What back-end language is used to build the website.
What type of users are coming on to the website.
What architecture is the web server based upon.

Vulnerability Assessment

Now that the hackers has gathered so much information about the targeted he tries many manual and automated techniques to find vulnerabilities in the website. He may use many automated tools to scan for possible vulnerabilities.

These tools scan the entire web application and extract as much as details and Vulnerabilities about it. The hackers then verifies the vulnerability reported by the tools using manual process and also he checks for possible bugs in the web application. This is done to check that vulnerabilities are not false alarms.


Penetration testing and gaining access

The hackers has found many vulnerabilities in the previous step and now he tries to use to vulnerabilities to exploit it and gain access to critical information. They hacker may try to gain access to the database and steal user information.

Maintaining Access

After getting information gathered in the previous step hacker tries to get access into the system and might look for more privilege access to the server.

For example, if a hacker gets the username and password of a user. He may try to get access to the admin login because it has more privileges.

Clearing Footprints

Once the hacker gets what he wants he clears all the footprints he left behind. He clears all the server log files and reverts the server to same what it was before it was hacked. So no one can track him down using his footprints.


Steps used by white hat hackers

The below steps are used by the white hat hackers when performing hacking. The industry uses a different term for them which is "Security Experts"


Legal documentation

When a white hat hacker is employed by an organization to the security of their system.
The first step is to record everything in writing. This includes signing MoU(Memorandum of Understanding), NDA(Non-Disclosure Agreement), financial agreement. Documentation is an important part of the agreement.

Scope Assessment

In this step, the organization and hacker conclude at what scope or length this exercise is needed to be done. They decide what parts if the application is need to be tested and the time which it will take.

Information Assessment

In this step the client gives some predefined information to the hacker so that the hacker can start exploring. This includes some test accounts and logins, details of server, languages used etc.
The hacker uses this information to penetrate into the system.

Vulnerability Assessment

After finding the Vulnerabilities of the system, the hacker verifies it by performing it and documents the Vulnerabilities that he has found.

Penetration Testing

After finding every possible vulnerability of the system, the hacker tries penetrate into the system using those and Vulnerabilities and documents the outcome of the penetration testing. A white hat hacker does not causes harm to the system like black hat hacker. He penetrates into the system to find that to what extent the damage could be done.

Reporting and patch assistance

After finding loopholes the hacker documents everything and generates a well defined report for the developer and the business manager and also helps the developer in the patching of the vulnerability found in the system.

Rechecking

After the patching of the system, the appointed hacker tries to again test for any vulnerability he can found and if found he assists in patching the vulnerability.




Conclusion

This was a Little introduction of hacking, its types, hacker and type of hackers in the world. Remember hacking without consent of the owner is considered crime. You can go search for cyber law stating act that have been made for practice of hacking.

No comments:

Post a Comment