SlideShare a Scribd company logo

What is a Hacker (part 1): Types, tools and techniques

K
Klaus Drosch

The popular definition of a hacker is someone who uses their technical abilities to gain unauthorized access to computers. In reality hackers are as diverse as people in general, having expert technical abilities does not have to make you a criminal; it can make you a hero.

Technology
1 of 5
Download to read offline
What is a Hacker (part 1): Types, tools and techniques The popular definition of a hacker is someone who uses their technical abilities to gain unauthorized access to computers. In reality hackers are as diverse as people in general, having expert technical abilities does not have to make you a criminal; it can make you a hero. Types of hackers As with people, there are many different types of hackers with wildly different world views and motivations. The term “Hats” comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat respectively. • White Hat Hacker First of all, we have the good guys; these are the ethical hackers that use their power for good. Usually they are employed or contracted by companies and governmental entities to find vulnerabilities before other hackers will. White hat hackers always operate within the confines of the law. Famous: Charlie Miller, Tsutomu Shimomura, Greg Hoglund
• Black Hat Hacker On the opposite side of the spectrum, the Black Hats operate outside any moral and legal framework, motivated by personal or financial gain. They break into systems, steal login credentials and private data which they use for extortion or put up for sale online. Infamous: Kevin Mitnick, Jonathan James, Albert Gonzalez • Grey Hat Hacker As the name suggests the Grey Hat hacker is a mix of both White and Black hats. They look for vulnerabilities without permission but often report them to the owner, some- times for free and sometimes with demand for compensation. If that demand is not meet they might leak the information online or exploit it, becoming a Black Hat. Famous: Adrian Lamo, Gary McKinnon, Kevin Poulsen • Red Hat Hacker These are the hunters of the hacker world, and their prey are Black Hats. Their sole ob- jective is to destroy the efforts of illegal hackers and take their infrastructure down. • Blue Hat Hacker These are novice hackers who’s main agenda is revenge on anyone who makes them angry. They have little interest in learning and use ready-made scripts to do their dirty work. • Green Hat Hacker You will find the Green Hats on online hacking forums asking questions to the more seasoned professionals. These are the amateurs eager to learn the tools of the trade and become a full-blown hacker.
Common hacking tools Most Hacking tools are used by both security researchers and criminals. If the tool finds a vulnerability it can be patched, or exploited, depending on your ethical alignment. • Rootkits Special software that allows a hacker to gain remote access to a victim’s computer. Origi- nally, rootkits were developed to fix software problems remotely but have since then been weaponized by hackers. In the news: Sony BMG copy protection rootkit scandal, Greek wiretapping case • Keyloggers Software designed to eavesdrop on the victim’s computer, recording every keystroke the user does. Everything is intercepted and stored on a log file, credit card numbers, person- al communication, phone numbers, passwords. In the news: Selectric Bug (Oldschool), PunkeyPOS • Vulnerability scanners A software that scans large networks of computers to find weaknesses that can be exploited or patched. For example, a White Hat scans to find holes to patch while a Black Hat scans to find holes to exploit. Most used: Sn1per, Nessus, MBSA, GFI Languard • Worm, Virus & Trojan Worms and Viruses are malicious programs designed to steal your data and spread to other computers within the network. Trojans are impostors, files that look like desirable programs but contain malicious code. The main difference is that Trojans do not infect other computers; they do not self-replicate. Most destructive: ILOVEYOU, MyDOOM, Storm Worm, SLAMMER • Botnet A Botnet is a series of hijacked computers all around the world that the Hacker controls. They can be used to perform DDoS-attacks, bringing down specific servers with massive amount of traffic. Botnets are created and managed by Hackers that either use them for their own purposes or sell them as a service.
Common hacking techniques Usually a Hacker deploys multiple techniques to reach their goal, sometimes the simplest ways are the most efficient. Using social engineering techniques exploiting human kindness, greed and curiosity to gain access is not uncommon. • Phishing The Hacker makes a perfect copy of a popular website and uses a URL that is close enough to the original to go unnoticed. He then sends a legitimate-looking email to the target containing a link to the phishing site. The target will unknowingly sign in to the fake website giving the hacker his login credentials. More info: Phishing.org, Tripwire Attacks: Phish Phry, Walter Stephan, FMS Scam • SQL Injections Most websites use an SQL database to store information about their customers. An ap- plication communicating with that database can be exploited with SQL-injections if it’s poorly coded. The attack is executed on the website’s user-input fields (search box, login box, etc) that accept illegal input, giving the hacker access to the database. More info: Wiki, Portswigger Attacks: TalkTalk, WTO, Wall Street Journal • DoS/DDoS In a Denial of Service attack, the hacker uses a Botnet (network of hijacked computers) to flood a specific server with massive amounts of traffic. The server is quickly overload- ed, and all websites hosted on it will be offline. More info: Wiki, Cloudflare Attacks: Github, Occupy Central Hong Kong, CloudFlare • Brute Force Essentially it’s guessing passwords until the hacker get’s it right. If a user has a weak password, i.e. “1234” or “password”, the hacker can try to guess it either by hand or using specialized tools. More info: Wiki, Infosec Attacks: GitHub, Alibaba’s Taobao, U.S Utility Control System
Original post can be found at our homepage: https://www.bitidentify.com/blog/hacker-types-tools-and-techniques/ • Fake WAP Free WiFi is common in public spaces like airports & coffee shops making it an ideal target for a hacker to exploit. The hacker creates a fake Wireless Access Point (WAP) mimicking the name of the real WiFi, so users connect to it. While the users is connect- ed to the fake WiFi the hacker can read all information going through it, login creden- tials, credit card, and personal messages. More info: Wiki, Lifewire Examples: 7-year old break public network in 11 minutes, WiFi Pineapple • Sniffing/Snooping The hacker monitors traffic on unsecured networks to find relevant information that can be used in a future attack. More info: Wiki, GreyCampus Examples: Sniffing attack against European hotels • Bait & Switch In this attack, the Hacker buys advertising space on popular websites, and the ads will redirect the target to a page full of malware. The hacker’s ads will look legitimate and very appealing to the target, but as soon as the target clicks them they will be infected. It’s called Bait & Switch since the hacker’s baiting with good ads and then switching the link to a bad page. More info: Wiki Examples: Hackers sell access to Bait-and-Switch empire • Cookie Theft Most websites use cookies to store user data and make them load faster; this can be passwords, browsing history, etc. If the connections are not secured trough SSL the hacker can steal this data and use the cookie to authenticate themselves as the target. More info: Wiki Examples: Yahoo Cookie Forging Attack, iOS Cookie theft • Waterhole Attacks The Hacker studies the target’s daily routines to find out his favorite physical locations (café f.ex); these are the waterholes. Once the Hacker knows the waterholes and the timing of the target he sets his trap using a combination of techniques. He might create a Fake WAP free WiFi access point at that location, and knowing the target’s favorite websites, he uses Phishing to steal the login credentials. More info: Wiki Examples: US Department of Labor, Forbes, ICAO • UI Redress/ClickJacking In essence, the Hacker tricks the target to click on a specific link by making it look like something else. It’s very common on movie streaming or torrent download pages; when the user clicks on “Download” or “Play”, it’s an advertising link they are clicking. In other cases it can be used to trick the target to transfer money to the Hacker from their online bank. More info: Wiki, Nodeswat Examples: Facebook

Recommended

Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Hacking
HackingHacking
HackingDianna Marie Manalo
 
Power Point Hacker
Power Point HackerPower Point Hacker
Power Point Hackeryanizaki
 
Hacking
HackingHacking
HackingKarañ Lavharé
 
Hackers
HackersHackers
HackersMahmoud Saeed
 
Hacking-Basics
Hacking-BasicsHacking-Basics
Hacking-BasicsGaurav Singh
 
What is cybersecurity about?
What is cybersecurity about?What is cybersecurity about?
What is cybersecurity about?Daniel Agudo Garcia
 
Dark Web Forensics
Dark Web Forensics Dark Web Forensics
Dark Web Forensics Deepak Kumar (D3)
 

Recommended

Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Hacking
HackingHacking
HackingDianna Marie Manalo
 
Power Point Hacker
Power Point HackerPower Point Hacker
Power Point Hackeryanizaki
 
Hacking
HackingHacking
HackingKarañ Lavharé
 
Hackers
HackersHackers
HackersMahmoud Saeed
 
Hacking-Basics
Hacking-BasicsHacking-Basics
Hacking-BasicsGaurav Singh
 
What is cybersecurity about?
What is cybersecurity about?What is cybersecurity about?
What is cybersecurity about?Daniel Agudo Garcia
 
Dark Web Forensics
Dark Web Forensics Dark Web Forensics
Dark Web Forensics Deepak Kumar (D3)
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat IntelligenceMarlabs
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
A perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionageA perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionageGohsuke Takama
 
The Anatomy of an Anonymous Attack
The Anatomy of an Anonymous AttackThe Anatomy of an Anonymous Attack
The Anatomy of an Anonymous AttackImperva
 
All About Hacking..!!
All About Hacking..!!All About Hacking..!!
All About Hacking..!!Mahatma Gandhi Institute of Edu and Research Center
 
Hacker culture
Hacker cultureHacker culture
Hacker cultureJack Hsu
 
Learn Hacking
Learn HackingLearn Hacking
Learn Hackinghackingtraining
 
Hacking
Hacking Hacking
Hacking ANUSHAMOL2
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาOnwadee18
 
Hacking
HackingHacking
HackingMohamad Fadhil Yaacob
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking HandoutNerium International
 
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common KeywordsComputer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywordskhansalman19
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 
Hacking
HackingHacking
HackingVipinYadav257
 
Introduction of Cyber Security
Introduction of Cyber SecurityIntroduction of Cyber Security
Introduction of Cyber Securitypenetration Tester
 
Intro
IntroIntro
IntroKalkey
 
Hacking
HackingHacking
Hackingpranav patade
 
HACKING
HACKINGHACKING
HACKINGShubham Agrawal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 

More Related Content

What's hot

Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat IntelligenceMarlabs
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
A perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionageA perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionageGohsuke Takama
 
The Anatomy of an Anonymous Attack
The Anatomy of an Anonymous AttackThe Anatomy of an Anonymous Attack
The Anatomy of an Anonymous AttackImperva
 
Hacker culture
Hacker cultureHacker culture
Hacker cultureJack Hsu
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาOnwadee18
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common KeywordsComputer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywordskhansalman19
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 

What's hot (16)

Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat Intelligence
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
 
A perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionageA perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionage
 
The Anatomy of an Anonymous Attack
The Anatomy of an Anonymous AttackThe Anatomy of an Anonymous Attack
The Anatomy of an Anonymous Attack
 
All About Hacking..!!
All About Hacking..!!All About Hacking..!!
All About Hacking..!!
 
Hacker culture
Hacker cultureHacker culture
Hacker culture
 
Learn Hacking
Learn HackingLearn Hacking
Learn Hacking
 
Hacking
Hacking Hacking
Hacking
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
 
Hacking
HackingHacking
Hacking
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking Handout
 
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common KeywordsComputer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
 
social engineering
social engineering social engineering
social engineering
 

Similar to What is a Hacker (part 1): Types, tools and techniques

Introduction of Cyber Security
Introduction of Cyber SecurityIntroduction of Cyber Security
Introduction of Cyber Securitypenetration Tester
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Ethical hacking 2016
Ethical hacking 2016 Ethical hacking 2016
Ethical hacking 2016 arohan6
 
module 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptxmodule 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptxGautam708801
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Shawon Raffi
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingAkshay Kale
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security ritik shukla
 
Application of computer to legal practice (hacking)
Application of computer to legal practice (hacking)Application of computer to legal practice (hacking)
Application of computer to legal practice (hacking)Solomon Oho
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingManas Das
 

Similar to What is a Hacker (part 1): Types, tools and techniques (20)

Hacking
HackingHacking
Hacking
 
Introduction of Cyber Security
Introduction of Cyber SecurityIntroduction of Cyber Security
Introduction of Cyber Security
 
Intro
IntroIntro
Intro
 
Hacking
HackingHacking
Hacking
 
HACKING
HACKINGHACKING
HACKING
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking 2016
Ethical hacking 2016 Ethical hacking 2016
Ethical hacking 2016
 
module 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptxmodule 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptx
 
Hacking
HackingHacking
Hacking
 
unit-1.pptx
unit-1.pptxunit-1.pptx
unit-1.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 
Hacking
HackingHacking
Hacking
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Hacking (cs192 report )
Hacking (cs192 report )Hacking (cs192 report )
Hacking (cs192 report )
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security
 
Application of computer to legal practice (hacking)
Application of computer to legal practice (hacking)Application of computer to legal practice (hacking)
Application of computer to legal practice (hacking)
 
Hackers ESP
Hackers ESPHackers ESP
Hackers ESP
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

More from Klaus Drosch

Look trough your windows 10 privacy settings
Look trough your windows 10 privacy settingsLook trough your windows 10 privacy settings
Look trough your windows 10 privacy settingsKlaus Drosch
 
How to beat the Coronavirus with a game
How to beat the Coronavirus with a gameHow to beat the Coronavirus with a game
How to beat the Coronavirus with a gameKlaus Drosch
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 
What is a Hacker (part 2): How data is stolen
What is a Hacker (part 2): How data is stolenWhat is a Hacker (part 2): How data is stolen
What is a Hacker (part 2): How data is stolenKlaus Drosch
 
In 21st-century-tv-watches-you
In 21st-century-tv-watches-youIn 21st-century-tv-watches-you
In 21st-century-tv-watches-youKlaus Drosch
 
Bitidentify Security Technology
Bitidentify Security TechnologyBitidentify Security Technology
Bitidentify Security TechnologyKlaus Drosch
 
Features and Benefits
Features and BenefitsFeatures and Benefits
Features and BenefitsKlaus Drosch
 

More from Klaus Drosch (7)

Look trough your windows 10 privacy settings
Look trough your windows 10 privacy settingsLook trough your windows 10 privacy settings
Look trough your windows 10 privacy settings
 
How to beat the Coronavirus with a game
How to beat the Coronavirus with a gameHow to beat the Coronavirus with a game
How to beat the Coronavirus with a game
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
 
What is a Hacker (part 2): How data is stolen
What is a Hacker (part 2): How data is stolenWhat is a Hacker (part 2): How data is stolen
What is a Hacker (part 2): How data is stolen
 
In 21st-century-tv-watches-you
In 21st-century-tv-watches-youIn 21st-century-tv-watches-you
In 21st-century-tv-watches-you
 
Bitidentify Security Technology
Bitidentify Security TechnologyBitidentify Security Technology
Bitidentify Security Technology
 
Features and Benefits
Features and BenefitsFeatures and Benefits
Features and Benefits
 

Recently uploaded

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 

Recently uploaded (20)

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 

What is a Hacker (part 1): Types, tools and techniques

  • 1. What is a Hacker (part 1): Types, tools and techniques The popular definition of a hacker is someone who uses their technical abilities to gain unauthorized access to computers. In reality hackers are as diverse as people in general, having expert technical abilities does not have to make you a criminal; it can make you a hero. Types of hackers As with people, there are many different types of hackers with wildly different world views and motivations. The term “Hats” comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat respectively. • White Hat Hacker First of all, we have the good guys; these are the ethical hackers that use their power for good. Usually they are employed or contracted by companies and governmental entities to find vulnerabilities before other hackers will. White hat hackers always operate within the confines of the law. Famous: Charlie Miller, Tsutomu Shimomura, Greg Hoglund
  • 2. • Black Hat Hacker On the opposite side of the spectrum, the Black Hats operate outside any moral and legal framework, motivated by personal or financial gain. They break into systems, steal login credentials and private data which they use for extortion or put up for sale online. Infamous: Kevin Mitnick, Jonathan James, Albert Gonzalez • Grey Hat Hacker As the name suggests the Grey Hat hacker is a mix of both White and Black hats. They look for vulnerabilities without permission but often report them to the owner, some- times for free and sometimes with demand for compensation. If that demand is not meet they might leak the information online or exploit it, becoming a Black Hat. Famous: Adrian Lamo, Gary McKinnon, Kevin Poulsen • Red Hat Hacker These are the hunters of the hacker world, and their prey are Black Hats. Their sole ob- jective is to destroy the efforts of illegal hackers and take their infrastructure down. • Blue Hat Hacker These are novice hackers who’s main agenda is revenge on anyone who makes them angry. They have little interest in learning and use ready-made scripts to do their dirty work. • Green Hat Hacker You will find the Green Hats on online hacking forums asking questions to the more seasoned professionals. These are the amateurs eager to learn the tools of the trade and become a full-blown hacker.
  • 3. Common hacking tools Most Hacking tools are used by both security researchers and criminals. If the tool finds a vulnerability it can be patched, or exploited, depending on your ethical alignment. • Rootkits Special software that allows a hacker to gain remote access to a victim’s computer. Origi- nally, rootkits were developed to fix software problems remotely but have since then been weaponized by hackers. In the news: Sony BMG copy protection rootkit scandal, Greek wiretapping case • Keyloggers Software designed to eavesdrop on the victim’s computer, recording every keystroke the user does. Everything is intercepted and stored on a log file, credit card numbers, person- al communication, phone numbers, passwords. In the news: Selectric Bug (Oldschool), PunkeyPOS • Vulnerability scanners A software that scans large networks of computers to find weaknesses that can be exploited or patched. For example, a White Hat scans to find holes to patch while a Black Hat scans to find holes to exploit. Most used: Sn1per, Nessus, MBSA, GFI Languard • Worm, Virus & Trojan Worms and Viruses are malicious programs designed to steal your data and spread to other computers within the network. Trojans are impostors, files that look like desirable programs but contain malicious code. The main difference is that Trojans do not infect other computers; they do not self-replicate. Most destructive: ILOVEYOU, MyDOOM, Storm Worm, SLAMMER • Botnet A Botnet is a series of hijacked computers all around the world that the Hacker controls. They can be used to perform DDoS-attacks, bringing down specific servers with massive amount of traffic. Botnets are created and managed by Hackers that either use them for their own purposes or sell them as a service.
  • 4. Common hacking techniques Usually a Hacker deploys multiple techniques to reach their goal, sometimes the simplest ways are the most efficient. Using social engineering techniques exploiting human kindness, greed and curiosity to gain access is not uncommon. • Phishing The Hacker makes a perfect copy of a popular website and uses a URL that is close enough to the original to go unnoticed. He then sends a legitimate-looking email to the target containing a link to the phishing site. The target will unknowingly sign in to the fake website giving the hacker his login credentials. More info: Phishing.org, Tripwire Attacks: Phish Phry, Walter Stephan, FMS Scam • SQL Injections Most websites use an SQL database to store information about their customers. An ap- plication communicating with that database can be exploited with SQL-injections if it’s poorly coded. The attack is executed on the website’s user-input fields (search box, login box, etc) that accept illegal input, giving the hacker access to the database. More info: Wiki, Portswigger Attacks: TalkTalk, WTO, Wall Street Journal • DoS/DDoS In a Denial of Service attack, the hacker uses a Botnet (network of hijacked computers) to flood a specific server with massive amounts of traffic. The server is quickly overload- ed, and all websites hosted on it will be offline. More info: Wiki, Cloudflare Attacks: Github, Occupy Central Hong Kong, CloudFlare • Brute Force Essentially it’s guessing passwords until the hacker get’s it right. If a user has a weak password, i.e. “1234” or “password”, the hacker can try to guess it either by hand or using specialized tools. More info: Wiki, Infosec Attacks: GitHub, Alibaba’s Taobao, U.S Utility Control System
  • 5. Original post can be found at our homepage: https://www.bitidentify.com/blog/hacker-types-tools-and-techniques/ • Fake WAP Free WiFi is common in public spaces like airports & coffee shops making it an ideal target for a hacker to exploit. The hacker creates a fake Wireless Access Point (WAP) mimicking the name of the real WiFi, so users connect to it. While the users is connect- ed to the fake WiFi the hacker can read all information going through it, login creden- tials, credit card, and personal messages. More info: Wiki, Lifewire Examples: 7-year old break public network in 11 minutes, WiFi Pineapple • Sniffing/Snooping The hacker monitors traffic on unsecured networks to find relevant information that can be used in a future attack. More info: Wiki, GreyCampus Examples: Sniffing attack against European hotels • Bait & Switch In this attack, the Hacker buys advertising space on popular websites, and the ads will redirect the target to a page full of malware. The hacker’s ads will look legitimate and very appealing to the target, but as soon as the target clicks them they will be infected. It’s called Bait & Switch since the hacker’s baiting with good ads and then switching the link to a bad page. More info: Wiki Examples: Hackers sell access to Bait-and-Switch empire • Cookie Theft Most websites use cookies to store user data and make them load faster; this can be passwords, browsing history, etc. If the connections are not secured trough SSL the hacker can steal this data and use the cookie to authenticate themselves as the target. More info: Wiki Examples: Yahoo Cookie Forging Attack, iOS Cookie theft • Waterhole Attacks The Hacker studies the target’s daily routines to find out his favorite physical locations (café f.ex); these are the waterholes. Once the Hacker knows the waterholes and the timing of the target he sets his trap using a combination of techniques. He might create a Fake WAP free WiFi access point at that location, and knowing the target’s favorite websites, he uses Phishing to steal the login credentials. More info: Wiki Examples: US Department of Labor, Forbes, ICAO • UI Redress/ClickJacking In essence, the Hacker tricks the target to click on a specific link by making it look like something else. It’s very common on movie streaming or torrent download pages; when the user clicks on “Download” or “Play”, it’s an advertising link they are clicking. In other cases it can be used to trick the target to transfer money to the Hacker from their online bank. More info: Wiki, Nodeswat Examples: Facebook