About

SHORT-TIPS TO BECAME ETHICAL HACKER

I’ve shared few effective tips on How can you become an ethical hacker. All the tips and guide are purely based on my experience, knowledge and few tips by security researchers. I’ve explained what you should know and learn to become an ethical hacker.

What you must know to become an Ethical Hacker?

  • Right meaning and role of an Ethical Hacker
  • Programming languages and Networking
  • Proper sources to learn Hacking
  • Use Penetration Testing Lab
  • Learn Kali Linux (Penetration Testing OS)
  • Professional Ethical Hacking Certifications
  • Patience and Passion of learning

Note::: Short Introduction to Ethical Hacking

 

Who is an Ethical Hacker and what’s its role?

An ethical hacker is someone who is trained with hacking skills not to hack but to secure the target by finding its weakness and reporting the vulnerability to security experts. An ethical hacker plays an important role in computer security by securing onlineapplications, software and business databases. An ethical hacker has a legal license and rights to test application for vulnerabilities.

Learn Programming languages and Networking

Programming and Networking are the two most important things in Hacking and Security. Every application you use is programmed in particular programming language and with the help of networking it can be used online or shared computer network, Now if you want to hack an application so first of all you’ve to understand how it works and without knowing programming language you cannot understand its logic and so it becomes harder for you to find vulnerability in its logic.

Networking is another essential topic in hacking and security. Networking is the major part of internet security. If you want to be a professional security expert or hacker then learning networking is very important because the whole internet relies on TCP/IP and In order to find vulnerabilities in web sites and applications you must need to understand the network logic.

Sources of learning Ethical Hacking For Free

Internet is the only best place to learn Ethical Hacking for free of cost. All you need is little Googling skill and patience to learn. There are countless Hacking and Pentesting blogs on internet where you can learn a lot about Hacking, Pentesting and Security. The another best way is watching video tutorials, Security Researcher’s vulnerability POCs, reading white papers and free online eBooks etc. I also suggest to join Hacking forums.

Create Virtual Penetration Testing lab

Creating virtual penetration testing lab in your computer is the best method to learn web application pentesting and hacking. A virtual pentesting lab is a real vulnerable application which can be used to explore, demonstrate common web vulnerabilities and its impact. Pentesting lab is widely used by Security Experts and newbies in hacking to learn new web vulnerabilities and how to discover them. I highly suggest you to use a pentesting lab to learn and hone your hacking skills.

Learn Kali Linux – Advance Penetration Testing OS

Kali Linux is an operating system especially made for hackers and penetration testers, It has hundreds of pre-installed Hacking tools, Automated scanners, fuzzing, forensics and other essential penetration testing tools. One must learn to operate Kali Linux and learn to use its tools. Kali Linux is the latest version of (BackTrack), It is one of the most popular and widely used by Hackers.

Creating Pentesting Lab In kali linux Is a super best method to Learn Web-hacking and Other stuff like this

Get Professional Certifications

If you’re really serious about considering hacking and security as your career choice then you must get Penetration testing license, Ethical hacking and Security certificates.

Keep patience and be passionate about learning

So you want be a hacker? Good but its not easy you know. It takes years to become a professional ethical hacker or a security expert so be patient, nobody is born expert, start from scratch and be passionate about learning new things. Keep yourself inspired by reading inspirational Interviews of successful Hackers and Security researchers.

EVERY EXPERT IN ANYTHING WAS ONCE A BEGINNER AND BEGINNING IS THE HARDEST PART.

Hacker And Types Of Hackers

A hacker is basically someone who breaks into computer networks or standalone personal computer systems for the challenge of it or because they want to profit from their innate hacking capabilities. The hacker subculture that has developed among these new-age outlaws is often defined as the computer underground, although as of late it has evolved into a more open society of sorts. At any rate, here are the different types of hackers.

White Hat security professional

A white hat ethical hacker / cracker  is A good .Who tests the security of internet Products and ask the developer to make Necessary changes to avoid hacking

Grey Hat hacker

A grey hat hacker / cracker is actually a white hat hacker in Day time but ,he do evil things in Nights(Hacks System ,security Credientials) or things like that.Most of white hat hackers are Grey-Hat hackers(Means they are good as well as Bad Guys)

Black Hat  hacker / cracker

A black hat hacker / cracker is indeed a bad Guys Who love to tease other people,steal their passwords ,Hack into their system,Defaces website and these kinds of Illegal Stuff.

Elite Hacker

elite hackers are those hackers who works for the betterment of society

Script Kiddie cracker

A script kiddie is basically a non-expert hacker or a kid who want to learn hacking.He uses scripts of High class hackers to hack systems but indeed he doesn’t know.Whats going on in background

STEPS OF ETHICAL HACKING

Phase 1—Reconnaissance
Phase 2—Scanning
Phase 3—Gaining Access
Phase 4—Maintaining Access
Phase 5—Covering Tracks

Passive and Active Reconnaissance
Passive reconnaissance involves gathering information regarding a potential target without .the targeted individual’s or company’s knowledge. Passive reconnaissance can be as simple as watching a building to identify what time employees enter the building and when they leave.However, it’s usually done using Internet searches or by Googling an individual or company to gain information. This process is generally called information gathering. Social engineering and dumpster divingare also considered passive information-gathering methods.

Sniffing the network is another means of passive reconnaissance and can yield useful information such as IP address ranges, naming conventions, hidden servers or networks, and other available services on the system or network. Sniffing network traffic is similar to building monitoring: A hacker watches the flow of data to see what time certain transactions take place and where the traffic is going.
Active reconnaissance
involves probing the network to discover individual hosts, IP addresses,
and services on the network. This usually involves more risk of detection than passive reconnaissance and is sometimes called rattling the doorknobs. Active reconnaissance can give a hacker an indication of security measures in place (is the front door locked?), but the process also increases the chance of being caught or at least raising suspicion.
Both passive and active reconnaissance can lead to the discovery of useful information to use in an attack. For example, it’s usually easy to find the type of web server and the operating system (OS) version number that a company is using. This information may enable a hacker to find a vulnerability in that OS version and exploit the vulnerability to gain more access.
Phase 2: Scanning
Scanning involves taking the information discovered during reconnaissance and using it to examine the network. Tools that a hacker may employ during the scanning phase can include dialers, port scanners, network mappers, sweepers, and vulnerability scanners. Hackers are
seeking any information that can help them perpetrate attack such as computer names, IP addresses, and user accounts.
Gaining Access 
This is the phase where the real hacking takes place. Vulnerabilities discovered during the reconnaissance and scanning phase are now exploited to gain access. The method of connection the hacker uses for an exploit can be a local area network (LAN, either wired or wireless), local access to a PC, the Internet, or offline. Examples include stack-based buffer overflows, denial of service (DoS), and session hijacking. These topics will be discussed in later chapters. Gaining access is known in the hacker world as owning the system.
Maintaining Access
Once a hacker has gained access, they want to keep that access for future exploitation and attacks. Sometimes, hackers harden the system from other hackers or security personnel by securing their exclusive access with backdoors, rootkits, and Trojans. Once the hacker owns the system, they can use it as a base to launch additional attacks. In this case, the owned system is sometimes referred to as a zombie system.
Covering Tracks
Once hackers have been able to gain and maintain access, they cover their tracks to avoid detection by security personnel, to continue to use the owned system, to remove evidence of hacking, or to avoid legal action. Hackers try to remove all traces of the attack, such as log files
or intrusion detection system (IDS) alarms. Examples of activities during this phase of the attack include steganography, the use of tunneling protocols, and altering log files.

Types Of Attacks

  • Injection Attacks
  • Cross Site Scripting
  • Click Jacking
  • Dns Poisoning
  • Social Engineering Attacks
  • Remote Code Execution Attacks
  • Daniel Of Services (DOS ) And DDOS

Pre-Requisites Of Being Ethical Hacker

well there are multiple things you should be perfectly aware of

  • you should know about Networking-How network Devices Talk to each other
  • You should be well Aware Of Network and Web Architecture to test security of Websites
  • You should Be enthusiastic and passion to learn

Written by :Tamoor Nasir

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s