Ethical Hacking....?

-

Ethical Hacking, also known as penetration testing, intrusion testing, or red teaming, is the controversial act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers.

An Ethical Hacker, also known as a whitehat hacker, or simply a whitehat, is a security professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems. Nowadays, certiļ¬ed ethical hackers are among the most sought after information security employees in large organizations such as Wipro, Infosys, IBM, Airtel and Reliance among others.

Definition:
Ethical hacking refers to the act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers. Ethical hacking is also known as penetration testing, intrusion testing, or red teaming. An ethical hacker is a security professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems. By conducting penetration tests, an ethical hacker looks to answer the following four basic questions:
1. What information/locations/systems can an attacker gain access?
2. What can an attacker see on the target?
3. What can an attacker do with available information?
4. Does anyone at the target system notice the attempts?

The Ethical Hacking Process:
1.Planning
2.Reconnaissance
3.Enumeration
4.Vulnerability Analysis
5.Exploitation
6.Final Analysis
7.Deliverables
8.Integration

10 Commandments of Ethical Hacking:
1. Thou shalt set thy goals
         An ethical hacker should set simple goals, such as finding unauthorized wireless access points or obtaining information from a wired network system. In any case, the goals should be articulate and well communicated.
2. Thou shalt plan thy work, lest thou go off course
         Ethical hackers are bound by constraints. Consequently, it is important to develop a strategy plan which should include identifying the networks to test, specifying the testing interval, specifying the testing process, and obtaining approval of the plan.
3. Thou shalt obtain permission
         Written permission is required and should state that an ethical hacker is authorized to perform a test according to the plan. It should also say that the organization will provide legal and organizational support in case criminally charges or lawsuits arise. This is conditional on staying within the bounds of the approved plan.
4. Thou shalt work ethically
         An ethical hacker is bound to confidentiality and non-disclosure of information they may uncover. Ethical hackers must also be compliant with their organization's governance and local laws. An ethical hack must not be performed when the company policy or the law for that matter, explicitly forbids it.
5. Thou shalt keep records
         Patience and thoroughness are attributes of a good ethical hacker. A hallmark of ethical hacker professionalism is keeping adequate records to support findings. The date and details regarding each test, whether or not they were successful, should be logged and recorded and a duplicate copy of the log book should be kept.
6. Thou shalt respect the privacy of others
         An ethical hacker must not abuse their authority. Ethical hackers must snoop into confidential corporate records or private lives. The information that is uncovered should be treated with the same care one would give to their own personal information.
7. Thou shalt do no harm
         The actions of an ethical hacker may have unplanned repercussions. It is easy to get caught up in the work and cause a denial of service or trample on someone else's rights. It is important to stick to the original plan.
8. Thou shalt use a scientific process
         The work of an ethical hacker should adopt an empirical method. An empirical method will help set quantifiable goals, develop consistent and repeatable tests, and provide tests that are valid in the future.
9. Thou shalt not covet thy neighbour's tools
         Ethical hackers will always discover new tools to help them get their job done. Tools are abundant on the Internet and more are coming out all the time. The temptation to grab them all is fierce. Although it is possible to use all of the tools that are available, it is recommended that an ethical hacker choose one and stick with it.
10. Thou shalt report all thy findings
         Ethical hackers should plan to report any high-risk vulnerabilities discovered during testing as soon as they are found. Reports are one way for the organization to determine the completeness and thoroughness of the work of an ethical hacker and provides a means for peers to review methodologies, findings, analysis, and conclusions.

Required Skills:
         An ethical hacker is required to possess a vast arrangement of computer skills. It is not feasible for each ethical hacker to be an expert is every field and thus ethical hacking tiger teams whose members have complementing skills are created to provide an organization with a team possessing the complete skill set required of an ethical hacker.
         Organizations may have a wide variety of computer systems and it is essential for any ethical hacker to have expertise in operating systems, as well as network hardware platforms. It is also fundamental that an ethical hacker posses a solid foundation of the principles of information security

Comments

  1. soumya20 September 2018 at 15:17

    I really want to say thanks to you, for sharing this valuable content, please update more content on Ethical Hacking Online Course

    ReplyDelete
  2. Aruna Ram27 September 2018 at 14:31

    Thank you for your information.I must say life saving rules foe all hackers.This ethical hacking tutorial is really important for software engineers. Thanks for posting.
    Ethical Hacking Training in Chennai
    Ethical Hacking Training in Bangalore
    Ethical Hacking Training in Chennai Velachery
    Hacking in Saidapet

    ReplyDelete

Post a Comment

Popular posts from this blog

Crack Gmail and LinkedIn Account Using Brute Force Attack With Simple Python Script

-
Image
Hello Friends, I have written a simple python script with which you can crack Gmail or LinkedIn account by simpling performing Brute Force Attack In cryptography, a brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search. When password guessing, this method is very fast when used to check all short passwords, but for longer passwords other methods such as the dictionary attack are used because a brute-force search takes too long. Longer passwords, passphrases and keys have more possible values, making them exponentially more difficult to crack than shorter ones. Software that performs brute-force attacks Aircrack-ng
Read more

WinHex...Data Recovery and Forensics Tool

-
Image
WinHex as a disk editing program and has developed into a forensic tools that is useful to digital evidence examiners of all skill levels. WinHex is a universal hex editor, particularly helpful in the realm of computer forensics, data recovery, low-level data editing. With WinHex you can view and hex edit the following: any kind of file, in particular binary files hard disks floppy disks CD-ROM & DVD (read-only) smart media, compact flash, memory sticks all other drive types accessible in Windows even your computer's RAM! Its An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards. The disk editor specially supports the following file systems: FAT12, FAT16, FAT32, NTFS. Useful to inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards. Th
Read more

Download Youtube Playlist And Videos Using Python

-
Image
In this post I'll show you how to download Youtube Playlist and Youtube Videos. You might be knowing there are various software's and tricks which allow us to download youtube videos and save them, one which I found was youtube-dl , you can download source code of it from youtube-dl.org . But I have written a Python (learn Python basics) script to download youtube videos at our convenience without relying on the third party software. Let's Start You might be knowing one trick, if we want to download youtube video without using software is to append "ss" before the youtube video link like ssyoutube.com/watch?v=videoID and then this will take you to savefrom.net and from there you can download the video easily. Now to download one video is an easy task, but suppose you want to download a complete playlist of say >50 videos is too much hectic. As you always have to open each video of that playlist and then edit the URL and download it using Savefr
Read more