Ethical Hacking 101: Getting Started
Welcome to the world of ethical hacking. The outline of this article is given below. Let’s get started! 😉
- Introduction to Ethical Hacking
- Prerequisites
- Career Opportunities
- Getting started
Introduction to Ethical Hacking
First, we need to know what hacking actually means and who are hackers?
What is hacking?
Hacking is the activity of identifying weaknesses in a computer system or a network to exploit the security to gain access to personal data or business data.
Who are hackers?
A hacker is any person who uses computer programming or technical skills to solve a challenge or problem. As it goes there is a good side and a bad side, there are also people who fall somewhere in between.
Types of Hackers
Ethical Hacker (White hat): A security hacker who gains authorized access to systems with a view of fixing the identified weaknesses. They may also perform penetration testing and vulnerability assessments.
Cracker (Black hat): A hacker who gains unauthorized access to computer systems for personal gain. The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts, etc.
Grey hat: A hacker who is in between ethical and black hat hackers. They break into computer systems without authority to identify weaknesses and reveal them to the system owner.
Script kiddies: A non-skilled person who gains access to computer systems using already made tools.
Hacktivist: A hacker who uses hacking skills to send social, religious, and political, etc. messages. This is usually done by hijacking websites and leaving a message on the hijacked website.
Phreaker: A hacker who identifies and exploits weaknesses in telephones instead of computers.
Prerequisites
Just like anything else becoming a hacker isn’t easy. A strong foundation of basic concepts like operating systems, networking, and programming can prove to be beneficial, This section will help you just with that.
Getting familiar with Linux based operating systems:
I strongly suggest you install any Linux OS on a Virtual Machine and get it running. Explore yourself and try to understand the working. You can try installing Kali Linux or Parrot OS to see the variety of security tools they have.
Networking:
Networking is a very important concept one must know. I suggest you go to the CISCO networking academy website and have a look at their free course.
Programming:
Programming is another essential thing that one must know. It’s very important to know how a program gets executed and how it behaves. I suggest you start with Python.
Career Opportunities
An Ethical Hacker’s role is a proactive one as they prevent cybercrimes and protect cyberspace from intrusion. They ensure data security and protect computer systems from illegal hacking activities. It is more like identifying the weak point in the network and gaining access to the devices connected to the system. Ethical hacking is generally done by a company or an individual to check the strength of IT security.
With the rise of digitization, everything is available at our tips with the touch of our smartphones, tablets, or computers. With it, the rise of threats has also increased daily. There are new ways to hack our systems, bank accounts, using our credit/debit cards without our permission. So, nowadays, there is a raising need for data security. Also, various companies, including IT security companies, need Ethical Hackers so that they can keep their IT environment safe. The scope of it is vast as various government organizations also hire them.
At present, there is a massive gap between the ongoing demand and supply of Ethical Hackers, especially in India. India requires nearly 2 million ethical hackers by 2025. This brings a huge scope for fresh minds to build up a steady career with constant growth and a high-paying salary.
Getting Started
After we are done with all the basics it’s time to expand our knowledge and perform some real hacking.
Hacking a target has 6 different phrases or guidelines to be followed.
1. Reconnaissance
Reconnaissance is the process of gathering information. In this phase, the hacker tries to gather as much information as possible about the target system. The information like the network range, number of active devices, discovering the open ports and access points, etc.,
Reconnaissance is of two types.
a. Active Reconnaissance:
Here, the hacker directly interacts with the target system to gain information. The information acquired can be relevant and accurate but the chances of getting detected are high. If you are detected then the system admin can take severe action against all your activities.
b. Passive Reconnaissance:
Here, the information is gathered without actually interacting with the target system.
2. Scanning
In this phase, the hacker tries to exploit all the vulnerabilities of the target system.
3. Gaining Access
In this phase, the hacker tries to access the target system using the vulnerabilities that were exploited in the scanning phase without raising any alarms.
4. Maintaining Access
This is one of the most important phases of Ethical Hacking. In this phase, the hackers install various backdoors and payloads onto the target system. The payload is a term that is used for describing the activities that are performed on a system after gaining unauthorized access. Backdoors help the hacker to gain quicker access to the target system in the future.
5. Clearing Tracks
This is an unethical phase. In this, the hacker tries to delete all the logs of the activities that take place during the hacking process. Even ethical hackers need to perform this phase to demonstrate how Black-hat hackers could go about their activities.
6. Reporting
Reporting is the last phase of Ethical hacking. In this phase the ethical hacker has to provide a report with all their findings, the tools used and various vulnerabilities exploited.
Practice Hacking Legally:
After understanding these 6 guidelines let's install Kali Linux and get ready for some real hacking. I’ll list some cool websites where you can practice your skills.
Tryhackme: https://tryhackme.com/
Hackthebox: https://www.hackthebox.eu/
Vulnhub: https://www.vulnhub.com/
Apart from these websites CTF’s are great for learning, Log on to https://ctftime.org/ and participate in ongoing competitions.
