--Originally published at Don't Trust Humans, Trust Computers
Hackers!!!
Those vicious guys that are trying to break in into your computer and get all your personal information and sale it in the black market…well that’s what most of the people think when they hear the word “hacker”. But what if I tell you that the hacker isn’t the bad guy, and instead it is the hero that came to save the day. You may thing that I am talking nonsense; that ALL hacker are bad because that’s what you saw on tv or movies. But in reality not all hackers are bad (even tough there are bad hackers) and these hackers provide an HUGE amount of help to a company’s system. To those hackers that help companies check if there are threats in their systems or computers, we call them ethical hackers and to the action of doing this we call it ethical hacking.
Ethical hacking is a very important action that every company should go trough. It is important because thanks to that, companies can check the vulnerabilities that their systems have, and with that they can make changes to them. This concept of ethical hacking comes from the idea of “thinking like a thief”, to be one step ahead of those who will try to harm any system or computer. To those hacker that we consider bad, we call them black hat and to those we consider good we call them white hat.
This white hackers do various test to check the vulnerability of the system, and this kind of tests are called penetration testing or intrusion testing. A penetration testing gives an scenario of how secure the system is and it shows things like:
- Check the weakness in the system.
- Analyze all the possible weaknesses and possible treats.
- Give recommendations of how to solve those
and get rid of vulnerabilities.
When making a pen-test, there are different points of view that a hacker need to take in consideration. Two of them are making a pen-test with or without an objective. If a pen-test is made with an objective, the hackers are trying to find weaknesses in specific parts of the system. And when is made without an objective hackers simple explore the whole system trying to find the vulnerabilities. Others points of view consist of external and internal pen-test. An external pen-test is when the test is been executed outside the company, and hackers check how the systems are towards external attacks. And the internal pen-test is when the tests are made inside the company to verify the security inside the organization.
Also when a pen-test is going to be in action, there are a couple scenarios in which it could take place. The first one is the red teaming in which only a certain people in the company now about this test, and the rest of the company don’t. And the second one is the blue teaming where people are aware of the pen-test, and this happens because an incident may have happen and people are aware of the situation and that it needs to be fix.
There exists a wide range of tools and techniques ethical hackers can use. Here are some of the most use tools by hackers (all of this tools are free and open source) :
- Armitage.
- NMap.
- WireShark.
- Faraday.
- IronWasp.
- Drozer.
- Clutch.
- BeEF.
- Social Engineering toolkit.
Ethical hackers need to take in consideration the confidentiality towards their clients. They can’t go telling everyone about the pen-tests they have made and the results they got from them. Its’s important that a ethical hacker has well define his/her values and code of ethics before taking a job of this kind, besides respecting the clients integrity is what makes them white hat hackers. So the next time you hear the word hacker, don’t panic and think that is a bad thing, just make sure if the person that is been called hacker is making things inside the law, because if not well… that a another story.
Stay safe
A.C.
References https://www.seguridad.unam.mx/descarga.dsc?arch=2776 http://www.computerhope.com/jargon/e/ethihack.htm https://www.checkmarx.com/2016/05/16/quick-guide-ethical-hacking-top-hacking-tools/
