How to start a career in hacking and security

- Jaimin Gohel

About Speaker

 

  • InfoSec Enthusiast
  • Speaker
    • Null Ahmedabad
    • Mozilla Gujarat

Hacking

Hacking is unauthorized intrusion into a computer or a network. The person engaged in hacking activities is generally referred to as a hacker. This hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system.

The main idea behind ethical hacking is to replicate a malicious hacker at work and instead of exploiting the vulnerabilities for malicious purposes, seek countermeasures to shore up the system’s defenses. An ethical hacker might employ all or some of these strategies to penetrate a system.

Ethical Hacking

  • Script Kiddie
    • Script kiddies normally don’t care about hacking. They copy code and use it for a virus or an SQLi or something else. Script Kiddies will never hack for themselves; they’ll just download overused software (LOIC or Metasploit, for example) and watch a YouTube video on how to use it.
    • A common Script Kiddie attack is DoSing or DDoSing (Denial of Service and Distributed Denial of Service), in which they flood an IP with so much information it collapses under the strain.

Types of hackers

  • White Hat
    • White hats, also known as ethical hackers, White Hat hackers are the good guys of the hacker world. They'll help you PenTest company's digital infrastructure and give suggestions to fix them. We need more of these type of hackers.
  • Black Hat

    • Black hats, also known as crackers, these are the men and women you hear about in the news. They find banks or other companies with weak security and steal money, credit card information or compromise the system.
    • The surprising truth about their methods of attack is that they often use common hacking practices they learned early on.
  • Gray Hat
    • Nothing is ever just black or white; the same is true in the world of hacking. Gray Hat hackers don’t steal money or information (although, sometimes they deface a website or two),  yet they don’t help people for good (but, they could if they wanted to).
    • These hackers comprise most of the hacking world, even though Black Hat hackers garner most (if not all) of the media’s attention.

 

  • Green Hat
    • These are the hacker “n00bz,” but unlike Script Kiddies, they care about hacking and strive to become full-blown hackers. They’re often flamed by the hacker community for asking many basic questions.
    • When their questions are answered, they’ll listen with the intent and curiosity of a child listening to family stories.
  • Blue Hat
    • If a Script Kiddie took revenge, he/she might become a Blue Hat. Blue Hat hackers will seek vengeance on those who’ve made them angry.
    • Most Blue Hats are n00bz, but like the Script Kiddies, they have no desire to learn.

 

  • Hacktivist
    • A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial of-service attacks.

Phases of Penetration Testing

  • Phase 1 | Reconnaissance
  • Phase 2 | Scanning
  • Phase 3 | Gaining Access
  • Phase 4 | Maintaining Access
  • Phase 5 | Covering Tracks

Phase 1 | Reconnaissance

  • Reconnaissance is the act of gathering preliminary data or intelligence on your target. The data is gathered in order to better plan for your attack.

 

  • Reconnaissance can be performed actively (meaning that you are directly touching the target) or passively (meaning that your recon is being performed through an intermediary).

Phase 2 | Scanning

  • The phase of scanning requires the application of technical tools to gather further intelligence on your target, but in this case, the intel being sought is more commonly about the systems that they have in place.

 

  • A good example would be the use of a vulnerability scanner on a target network.

Phase 3 | Gaining Access

  • Gaining access requires taking control of one or more network devices in order to either extract data from the target, or to use that device to then launch attacks on other targets.

 

  • Examples include buffer overflows, denial of service (DoS), and session hijacking.

Phase 4 | Maintaining Access

  • Maintaining access requires taking the steps involved in being able to be persistently within the target environment in order to gather as much data as possible.

 

  • The attacker must remain stealthy in this phase, so as to not get caught while using the host environment.

Phase 5 | Covering Tracks

  • The final phase of covering tracks simply means that the attacker must take the steps necessary to remove all semblance of detection.

 

  • Any changes that were made, authorizations that were escalated etc. All must return to a state of non-recognition by the host network’s administrators.

Terminologies

  • Attack − An attack is an action that is done on a system to get its access and extract sensitive data.

 

  • Back door − A back door, or trap door, is a hidden entry to a computing device or software that bypasses security measures, such as logins and password protections.

 

  • Denial of service attack (DoS) − A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.

  • Vulnerability − A vulnerability is a weakness which allows a hacker to compromise the security of a computer or network system.

 

  • Exploit − Exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to compromise the security of a computer or network system.

 

  • Phishing − Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking emails, in an attempt to gather personal and financial information from recipients.

  • Malware − Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.

 

  • Social engineering − Social engineering implies deceiving someone with the purpose of acquiring sensitive and personal information, like credit card details or user names and passwords.

 

  • Firewall − A firewall is a filter designed to keep unwanted intruders outside a computer system or network while allowing safe communication between systems and users on the inside of the firewall.

The Fundamental Skills

  • Basic Computer Skills
  • Networking Skills

  • Linux Skills

  • Wireshark or Tcpdump

  • Virtualization

  • Security concepts & Technologies
  • Wireless Technologies

The Intermediate Skills

  • Scripting

  • Database Skills

  • Web Applications

  • Forensics

  • Advanced TCP/IP

  • Cryptography

  • Reverse Engineering

The Intangible Skills

  • Think Creatively

  • Problem-Solving Skills

  • Persistence

Resources and credits

Questions?

Thank you.