Ethical Hacking for Beginners (Chapter -1)

 

What is Ethical Hacking?

Hacking is basically the activity of identifying a vulnerable (Weak) computer system or a computer network and gaining access(penetrate through) to that system to get personal data or compromise that system or take over that system. Ethical hacking is that same thing but doing it legally or ethically (you can say ‘safe practice’) by taking permission(Mostly written) from that authority on which you are going to penetrate through their system so that if anything happens (damage) by your side unintentionally to that authority or to someone who is connected with that authority, they can’t sue you up.

Types of Hackers:-

These are Major types of hackers you can see through the globe:-

1. Blackhat Hackers(Crackers):- These are the bad guys. Who gains unauthorized access to a system. And steal personal data/ money, misuse them or may compromise or damage your system, violate policy regulations, or may blackmail you for anything(mostly money or sensitive data).
2. Whitehat Hackers(Ethical Hackers):- These are the good guys or you can say Cyber Security tester. Who can hack into your system with your permission and let you know about your system's vulnerability or let you know about new security threats and vulnerabilities to make you safe from the latest security threat or data breach.
3. Greyhat Hackers(Mixed of two):- These are the mixed kind of guys who may be doing hacking for fun or may be trying to be cool by doing hacking activity. They might hack into your system without your permission or may contact you to let you know your system’s vulnerability. Or may sell your personal data, that totally depends upon them.

Apart from these are the 3 types you can see some other non-popular types of hackers:-

1. Hacktivists:- These are mostly a group of hackers or maybe an individual whose motive is to hack a system for social or political or religious reasons and after that, they just leave their message on that compromised system. In most of the cases, they don’t damage/harm the system. Eg:- Anonymous group
2. Script Kiddies:- These are the newbies who have almost 0 knowledge about computer systems(Mostly Programming Language or networking) but passionate about hacking. So they copy other hackers' tools or scripts or methods to hack.

What are the skills you require to be an Ethical Hacker?

1. You should have to familiar with Linux Environment
2. Basic and good understanding of Computer Networks (How network protocols work, what is ports etc.) & Familiar with Databases.
   
3. Good understanding of Computer hardware(Computer Architecture, Memory blocks, Buffer, Cache, virtualization, bios, firmware) & network security(eg.- firewall, IPS, IDS, Proxy, VPN)
4. Very good understanding of Various programming/ scripting languages ( Python, Bash, Java, HTML, PHP, C, etc.)
   

*If you don’t have any of these skills, don’t worry, I will teach you everything. You just have to know how to use a computer, That's it. Rest of all I will cover.

What are the basic types of cyber attacks?

• Malware Attack(Virus, worms, trojan, rootkit, spyware, adware, ransomware, 
• Phishing Attack
• Keylogging Attack
• Man in the Middle (MITM) attack
• SQL Injection
• Denial of service (DoS) attack
• Social Engineering attack
• Zero-day Exploit attack
• DNS Spoofing attack
• Cross-site scripting (XSS) attack
• Session Hijacking attack
• Insider Threat 
• Birthday Attack
• Brute Force Attack   Etc.

*(Will discuss these all methods later with examples.)

What are the Safe Practices in Ethical hacking?

• Stay Legal:- Get a proper approval before penetrating through someone’s system.
• Don’t Push Your Limit:- Work in between the safe zone. This means in which area only you got the approval to work on work only in that area. (Eg.:- You got an approval of vulnerability analysis of a website from a client so you will only penetrate through that website, not the other sites it’s backlinked(connected) to) 
• Respect Others Privacy:-  Don’t misuse others data while you get the approval to penetrate through one’s system. Maybe in some cases you have to sign an NDA(Non-disclosure agreement). If you are found to be disobeying that agreement they can sue you up.
• Report Vulnerability:- As you’re working as an Ethical Hacker your work is to notify the organization about the vulnerability not to misuse that vulnerability.
• NEVER WORK FOR ANY UNAUTHORISED PARTY:- Yes this is the most important point which you will face several times in your Cyber Security / Ethical Hacking career, when you will be treated as an Ethical Hacker. Maybe your friend will ask you to hack his girlfriend’s Facebook account or hack someone’s website to download some premium content for free. NEVER DO THAT. I repeat NEVER DO THAT. You will get sued legally for that, and maybe your Ethical Hacking career gets spoiled as well. Who’re they to order you to penetrate through facebook’s system? Do they have a written permission from Facebook? Or from the service provider? If they gave you one, verify that, I’m sure that will be fake. Facebook never gave permission to hack an individual's personal account. Yes, they have a bug bounty program but that is another thing (I will discuss that later.). I have already faced this same issue so many times in my career.

What are the Cyber Security certifications you can get and you will need:-

• CEH (Certified Ethical Hacking) certification from EC Council
• CHFI(Computer Hacking Forensic Investigation) Certification from EC Council
• CompTIA security+
• CCNA(Cisco Certified Network Associate)
• CCNP(Cisco Certified Network Professional)
• LPT (Licenced Penetration Tester) 
• NPT (Network Penetration Tester)
• WAPT(Web Application Penetration Tester)
• CND(Certified Network Defender) etc.

We will discuss some ethical hacking/ Cyber Security terminologies and their details in the next chapters. Till then Happy learning.✌

If you have any doubts or queries please comment down below I'll try to answer them all.