[ULTIMATE BEGINNER HANDBOOK TO COMPUTER HACKING ESSENTIALS: LEARN ETHICAL HACKING, PENETRATION TESTING AND BASIC SECURITY: 50+ FREE RESOURCES TO HELP YOU MASTER THE ART OF HACKING]
What is a Hacker?
Originally Hackers Were Not Computer Based
So What Is a Hacker Now
Why are hackers important?
Differences: Black, White, Grey, and Red Hacker?
Black Hat Hacker : Bad Guy
White Hat Hacker: Good Guy
Grey Hat Hacker: The I “do it for fun” guy
Red Hat Hacker: The “I do it for legal money” guy
Neophyte: The Noob
Definition and Importance: Ethical Hacker
Guidelines of an Ethical Hacker
Importance of an Ethical Hacker
The Tools: Ethical Hacker
Why Un-Ethical Hackers?
What’s the Difference?
Some People Just like to watch it Burn
The Tools: Un-Ethical Hacker
Beware the DEEP WEB (and ironically made by the Navy)
Developed by the Navy
How it works
They are Watching
Preventive Security and Reactive Security
What do we Detect? A lot. When do we Detect it? All the time.
SSH, HTTPS, HTTP, SSL and FTP: Web Safety
SSH and FTP are Server Side Transfer, While HTTP and HTTPS are Web Side Transfer
How Blindingly Simple: Hack Your Windows Password
How to Hack Someone Else on Your Group Network
WHAT IS A HACKER?
ORIGINALLY HACKERS WERE NOT COMPUTER BASED
Hacker literally means to break to your benefit, which means that when you used something in manner that it was originally not intended to be used; you have become a hacker. Originally, when you decided to optimize or make something better by taking it a part and then putting it back together in a more efficient way, sometimes even adding something to make it better, this in it of itself was what it meant to be a hacker. If you took a toaster and changed the quality of the heating coils so that it would take less
SO WHAT IS A HACKER NOW
Hackers are now often associated with computers and while terms like Life Hacker are still popular terminology, a term that directly describes an action, the general meaning of a hacker is within a computer. A hacker is a person who programs, navigates, or develops a method that allows them access into an area that they are not normally
WHY ARE HACKERS IMPORTANT?
Hackers make the world go around in the cyber world and the main cause for
improvements in technology in general. Whenever a person is able to gain access they are not supposed to gain access to, the person who runs security must now come up with a new and improved way to protect the company. The same goes for the advertisement and media industry, because people are blocking advertisements and downloading media all of the time. It is so simplistic to download a YouTube video that the music industry focuses heavily on live events for money instead of the actual music album itself. Artists have to put intricate watermarks on their photos in order to ensure that hackers do not just simply download the pictures from the source and sell them. If it were not for hackers, the development of technology would be a lot slower and the world would not benefit.
After all, it’s not just security hackers improve, but technology itself. We will discuss how they do it later, but hackers can download information in mid-process if it is not fast enough and unsecure. This has lead to developing methods that let web browser provide a fast connection to their users and a direct line to not only make it difficult for hackers, but also makes it faster for the consumers of the internet. Not all of the
DIFFERENCES: BLACK, WHITE, GREY, AND RED HACKER?
There are several types of hackers in the world and they all have reasons of why they chose to do it like they do. We will put these in a chronological order from when they were first coined to the final color of the Hat Hacker family. The reason why they are given a color is to help people identify which hackers are good and which hackers are bad, and, just like in the world, not everyone is strictly good or bad. The “Hat Hacker” part refers to an old style of changing identity in theatres, which was simply to put on a different hat and this let the audience know that you were in a different character.
BLACK HAT HACKER : BAD GUY
A black hat hacker is a literal cyber bad person that only wants to make as much trouble as possible just because they can. These hackers normally do this for egotistical reasons and are usually only show themselves where a new security system has come out, and these individuals feel challenged. While they are the “classical bad guy,” they do have their benefits for existing. Without Black Hat Hackers, there would be no need for all of the other hackers to exist, or security for that reason, and they are actually the reason why jobs are generated for Ethical Hackers.
WHITE HAT HACKER: GOOD GUY
Just because they are a White Hat Hacker, does not mean they are an Ethical Hacker. A White Hat Hacker only hacks when they feel like they need to, but strictly go out of their way to make sure that they do not hurt anyone in the process. This type of hacker is generally associated with the individuals who provide personalized bug fixers for software and generally try to improve upon software issues that the company seems to be ignoring. You can usually find them on forums, helping people solve issues with their code and just being the good guy for the general public. They don’t do anything for
GREY HAT HACKER: THE I “DO IT FOR FUN” GUY
The Grey Hat Hacker is usually the person who hacks video games and tests their skills against varying levels of security because they find it fun. These hackers are
RED HAT HACKER: THE “I DO IT FOR LEGAL MONEY” GUY
Red Hat Hackers are usually a mix on Ethical and Un-Ethical Hackers. The reason why they are called Red Hat Hackers is for the terminology of “Red Tape.” That is right, Red Hat Hackers are usually on the level of hacking government institutions,
information hubs, and generally anything that falls underneath the category of sensitive information. The FBI and CIA hold a list of the world’s Red Hat Hackers to keep track of what they do, where they go, and what jobs they are working on as a preventative measure against being hacked themselves. A really big example of this is when the group Anonymous and LulzSec managed to Hack the CIA and cause them a lot of issues for, not only their employees, but also the security companies that place their trust in the CIA.
NEOPHYTE: THE NOOB
DEFINITION AND IMPORTANCE: ETHICAL HACKER
An Ethical Hacker only hacks to prevent others from being able to do things that are morally improper to users of the technology. That is essentially their purpose, but they have to follow specific guidelines that normal hackers do not have to follow.
GUIDELINES OF AN ETHICAL HACKER
An Ethical Hacker has to do a couple of things that a normal hacker does not have to do in order to fulfill their purpose.
THEY MUST RECORD EVERYTHING
HACK VS. HACK
Often times, Ethical Hackers must go against each other to determine what a real-time scenario would be like in the case that a hacker is cable of getting far enough to the point where the security person must be able to protect the information by hand. This is done so that the programmers can develop scripts to specifically protect against these types of attacks so that the protection is faster than the hands of a hacker.
HACK FROM MORE THAN ONE DEVICE
Another part of the process of an Ethical Hacker is to determine the social weaknesses of an industry and how easy it can be for a person to be the source of the problem. This may involve having lunch with a person and pickpocketing their phone while they’re no looking, or determining whether that individual spends a lot of time surfing the internet while they are on break. Additionally, they determine how is it is for an individual to break the NDA that nearly everyone signs in the beginning and whether a person could get enough information from an individual to do actual damage to the business. There are specific key parts an Ethical Hacker must look out for in the social network that is behind the physical network.
IMPORTANCE OF AN ETHICAL HACKER
THE TOOLS: ETHICAL HACKER
The tools of the Ethical Hacker often reflect the capabilities of the Ethical Hacker. As mentioned before, an Ethical Hacker must be able to have a lot of data in order to ensure that they have a round-about understanding of what security issues they must be dealing with.
TRACKING DATA PROGRAMS
There are several programs that track data submission and methods, and these allow Ethical Hackers to determine the origin of a hacker, where they came in, and even how they got in. Such programs will track IP addresses, Data Packages, Mac Address
Orgins, and even determine the speed at which the information was passed to collect data on the speed of the internet that is being used. This allows the Ethical Hacker to cover up those areas with additional security and also allows them to ensure that scripts that they make to prevent entry are faster than the most likely speed of internet the other hacker will be using.
Another large problem in it of itself is the ability to write the language that the security issues are taking place in. If an ethical hacker has been hired to protect a specific program and not just the computers, odds are is that the Ethical Hacker will need to know the language of the program in order to make sure they can write their own scripts in that same language so that their preventative protections can be put into place. A part of this issue are the actual holes within a language. If a hacker knows what language is being used, not only can the program be at risk, but the actual code of the program can be altered. An example of this is a PHP based website, which is vulnerable to the classic GET, DELETE, and POST methods, which are a part of the language. Unless there are specific measures put into place, the hacker on the other end will have a very easy time simple going into a comment box and pulling all of the data from a website on to their hard drive.
cameras are for when the Ethical Hacker needs to do a Risk Assessment on the person within the video and determine which factors led to a specific success, or which
questions, when asked in the right order, would pull out the most information.
Additionally, video recordings can be used by the Human Resources Department to determine if the employee is in a stressed state and needs to be taken care of in terms of their working conditions. Ethical Hackers are often mindful that a person’s weaknesses are not their own fault and that an average employee is not expected to be one hundred percent fool proof. Even the janitor may look up something on his phone while being connected to the internet at work and has no idea that someone took his phone, and modified it, while he was on his lunch break. This process is done often to ensure that people are mindful of what they do and how their actions can affect the business.
FORENSIC ANALYST PROGRAMS
There is a fine line between a Forensic Analyst and an Ethical Hacker because most of what they do are extremely similar. Therefore, what will usually benefit a Forensic Analyst will often benefit an Ethical Hacker, and vice versa. These programs will keep log files of occurrences throughout the day on a network, track unauthorized uses,
pinpoint origin points for viruses, and are generally helpful in every step of the process. The only problem is that not everything a Forensic Analyst can use, can also be used by an Ethical Hacker. A Forensic Analyst can go into personal emails and sensitive
material that Ethical Hackers are told not to touch, and, in some areas, Ethical Hackers are even told not to touch specific areas of the network because the information on that side is too sensitive for an individual to have their hands on. However, the benefit to this is that that section of the network is usually closed off from the rest of the network as much as possible and often requires little to no effort when it comes to providing a solution. Since the network remains untouched, Ethical Hackers only have to track incoming and outgoing data from that network
scripts are a vital part of the protection program as a script will always be faster than the human hand, so anything that can be written in the form of the script will be ten times better than if the Ethical Hacker would have to do it by hand.
One of the pet peeves of the entire industry is Driver Documentation and there’s a very good reason. Your computer has hundreds, if not thousands of drivers, that are needed in order to make the computer work effectively. A driver is a binary-level software that allows the computer to communicate with either the hardware or the software.
Documentation of those drivers tells security specialists and Ethical Hackers what needs to be done to protect the end user from the security holes that those drivers have. If there isn’t enough or a proper form of documentation, that means the security
WHY UN-ETHICAL HACKERS?
An Un-Ethical Hacker is very similar to a Black Hat Hacker and are often associated with them, but there are specific parts that make them different. Not all Un-Ethical Hackers are bad, which may seem strange at first, but these hackers are equally as important as Ethical Hackers
WHAT’S THE DIFFERENCE?
Un-Ethical Hackers are like the Hulk version of Ethical Hackers and will relentlessly attack a network to find problems. They will often use tactics that are against the law, such as kidnapping and blackmail, to accomplish their goals. The only problem is that Un-Ethical Hackers sell the information to the highest bidder and only do it because it is profitable. These hackers will often mutli-hack systems as well, just to get the network to the point where they can move pasts the preventative steps that an Ethical Hacker put into place.
SOME PEOPLE JUST LIKE TO WATCH IT BURN
It’s plain and simple, for the most part. Un-Ethical Hackers often see a big business like a giant juicy steak that needs to be cooked. If a company claims it has the best security in the world, you can be sure that an Un-Ethical Hacker has already started to break that security. People have a tendency to go after the things that will provide them the most challenge and thrill, and this is the biggest way any hacker can truly determine what they are capable of. Not only do these hackers have to get past the system, but also they will often have to cyber fight with another hacker or a team of hackers in a cyber-gladiator type match. It requires an intense amount of skill to do this and Un-Ethical hackers are sought out by security businesses like trophies for hunters.
ANOTHER GET-RICH QUICK SCHEME
These Red Hat Hackers will often sell the information they steal or the tactics they used to break a network to the highest bidder. The prices go extremely high, with some
Facebook is near impossible. However, as the Tunisians proved, hacking giant
powerful companies like Facebook is not an impossibility and poses a serious threat to the online world.
However, the process is often illegal and once the hacker manages to sell the
information, they will be put on the list and watched until the day they die. Often times, any type of money they got from the deal will go to just making sure the company can’t get their hands on them and that they live in a place that shields them from the
THE TOOLS: UN-ETHICAL HACKER
The Un-Ethical Hacker has quite a bit more on their plate than the Ethical Hacker and it’s important to know what they have, in order to protect the businesses that they go against. These hackers are often either employed by a competitor or just out there to get information on businesses their local government is interested in.
MORE THAN ONE COMPUTER
They often have an entire room built with computers all interconnecting in order to ensure that they can handle even the biggest jobs. This is why having efficient scripting is important and why creating scripts to defeat your own scripts will improve your scripts even further, and why you need to do this. Often times, the reason why a place is hacked is that the Ethical Hacker did not get far enough to detect a specific type of script that would protect against the scripts the Un-Ethical Hacker created.
Another dynamic tool that Un-Ethical Hackers have under their belts is the ability for sheer processing power, which can run over tens of thousands of scripts at once. An Ethical Hacker is limited to the processing power they are given to work with while the Un-Ethical Hacker is only limited by how much money they have to purchase
processors, and how much power they can afford to have. This is why some
governments employ Un-Ethical Hackers and give them all the resources they need to attack foreign companies for their information.
On top of this, the most important part of the entire process is to not get caught and this is where the importance of more than one computer comes in. Each computer has its own Mac Address, which identifies the hardware similar to the driver’s license that you use. Having more than one Mac Address along with every one of those Mac Addresses coming from a different IP address scrambles the origin of where the hack is coming from. This is the standard step most Un-Ethical Hackers use to hide their location.
PRE-RENDERED ADAPTABLE SCRIPTS
the person who is trying to keep the website secure. However, an important part to note is that these scripts are not artificially intelligent and will continue to brute attack unless they are stopped, and they may be flawed and backfire.
How you develop an adaptable script is through knowing the Append functions of a language and making a ton of if/else statements that have already been thought of to ensure that the next append will take the most likely path that the Ethical Hacker used in order to block the script. In other words, one script may have over 1,000 if/else
statements and only one append function for failures so that it takes note of what fails, and what looks like it worked. Then, behind that, if one of the scripts looks like it
worked, another adaptable script begins at that point to start targeting if/else parameters to see if it can go any further. These scripts can take weeks to build, but it essentially makes short handle of almost any network and will break through a network within a few hours. Additionally, these scripts could run over a million if/else statements
previously scripted by those within the same line of work and were downloaded off of the Deep Web.
If you have heard anything bad about a foreign country, nine times out of ten the bad was something involving the use of a sweat shop. These also exist for Un-Ethical Hackers and the ones that use them, use them at their full extent. In a slight twist of irony, though, almost any work at an Un-Ethical Hacker Sweat Shop will have enough knowledge about computer by the time the shop is shut down, that the person who work in the sweat shop will have something they can work with in foreign countries for money. But, why? Sweat Shops like these are often used in government funded operations to make the adaptable scripts we were talking about, but in droves. Essentially, the sweat shops are taught how to write the scripts and then told they need to write a certain amount of scripts to beat a specific algorithm. What occurs is a lot of common scripts, but, when compiled, you also have tens, hundreds, and even thousands of if/else statements that are not common. This also for a better versed script and, to go even further, so scripters are then required to beat that list of scripts with another drove of scripts. The entire process takes close to three months or even half a year depending on how much manpower they put into. The result is an extremely large compiled list of if/else statements that will absolutely destroy the network they are going against.
with notable historical moments of NSA hacks, Pharmaceutical Company hacks, and very similar world-surprising moments.
The last part that Un-Ethical hackers use against Ethical Hackers is the list of bugs that they know will work against certain securities and languages. Most people are unaware that there are thousands, and even millions, of exploitable bugs in software and people spend their free time to figure out where they are. The help button on software is
BEWARE THE DEEP WEB (AND IRONICALLY MADE BY THE NAVY)
The Deep Web is referring to the portion of the internet that is not tracked by popular search engines. Think of the search engines you use as the nice parts of the city while the Deep Web is where all the drug deals, murders, and black market deal go down;
because that’s basically what it is. The Deep Web is notorious for this and it truly is an amazing tool if used properly.
DEVELOPED BY THE NAVY
The Deep Web was actually a project developed by the Navy as a part of the internet. Initially, it was just supposed to be away for special agents to be able to communicate and hold information on the internet without their enemies being able to gain access to it without having search an impossibly high amount of number of internet crack holes in the Deep Web. This worked very effectively and provided a large backbone for the internet to prosper off of, but at the same time, because it was a part of the internet, people began to use it for personal reasons. After a while, the deeply technologically sophisticated people in the world knew of the Deep Web and relied on the Deep Web for a good portion of secretive services.
WHO USES IT NOW
The Navy still uses the Deep Web, but they are no longer the primary users of this form of internet. Indeed, the primary users of the Deep Web are those within the mercenary industry, slave trade industry, drug industry, and the “don’t want to know” industry, because you’ll have nightmares if you know they exist. It is a place where dirty business can be done in secret, information is the currency, and no one knows anyone on the Deep Web if they do not know them in real life.
HOW IT WORKS
Web, you will have to know exactly where you are going or you will go nowhere at all. This is because the Deep Web is so large and vast that there are no crawlers, scripts that retrieve links, that can span even its surface. This is the place where governments hide most of their dirty secrets, so do not expect it to be easy to navigate. So long as you are not downloading anything, even cookies, you will not be seen while exploring. If you have another browser up though, it can be crossed referenced with a repetitive IP address ping location. If that happens, they know where you are and will start looking into you, no matter whether you’re there out of curiosity or not. After all, the Deep Web is like a special club that not a lot of people know about.
As mentioned before, unless you know exactly where you are going then you will go nowhere at all. This is because you cannot simply stumble on an address like in Google or Bing, you have to have the actual address. Additionally, if you go to a website, be very careful and make sure you’re going to appropriate websites because there is a lot of bad things on the Deep Web.
Dissection of The Homeless – No one knows who provided the information or even how the website was found. However, this website features several different cultures and provides not only documentation, but actual videos of people abducting the
homeless and then dissecting them – just because they can.
War Crimes – That is exactly what it provides and users post videos they have of War Crimes they have committed. Many languages are used on its forums and there are a lot of videos of cruel torture and similar… war crimes.
The Russian Sleep Experiment – This Deep Web website is truly disturbing and shows the bizarre nature of the human makeup. It’s basically an experiment to see what would happen if the human body was able to deprive itself of sleep and live. The results are truly disturbing.
picsofdeadkids – That’s exactly what you think it is. It is a site that is dedicated to pictures of dead children and not just wake pictures.
Web, and a few good reasons why you want to be extremely careful while you’re on it.
THEY ARE WATCHING
The Deep Web is literally a 24/7 watched area by the authorities of the world and if you don’t follow the protocols, you can be sure that they’re already watching everything that you do. The reason for this is that most people going on the Deep Web are there for reasons that authorities would put them in jail for. Even those putting the Deep Web into their search engines are often put on the watch list as well.
WHY IT IS STILL USEFUL
While it may seem like a horror show at first, the Deep Web has its uses. Not only is it a place where information can be shared secretly and a person can build the entire
PREVENTIVE SECURITY AND REACTIVE SECURITY
There are two methods of security that every Ethical Hacker is concerned with most of the time, and that’s how to prevent hackers from getting in and what to do on the
Preventive Security or Proactive security, which are really the same thing only one sounds better to businesses, is the practice of attempting to prevent things from tampering with the network. This involves setting up firewalls, scripts, and similar programs to prevent hackers from getting into the network. Hackers are not the only concern to Ethical Hackers, but they are the primary concern. There are a few other attackers that any person, including an Ethical Hacker, must be aware of to ensure the safety of their system.
ENCRYPTIONS AND KEY-FILES
The first bit of business to set up an encryption. There are several different types of encryptions, too much to cover here, but it is important that you know what they are and how they work. An encryption is literally a re-distribution of values to ensure that your information cannot be hacked You will often use a program for your encryption and only that program can unlock that encrypted file for you. A popular discontinued program was Truecrypt, which is still popular for basic encryption needs, and it allowed several different types of encryptions, including three-way encryptions. To grab a basic idea of what an encryption is doing, we will take a word and encrypt it.
Basic = CiZ@B
If you notice, this is a rather bad encryption, but it gets the point across. Another bit that you may need to know is the existence of a “Key-file.” Key files are extremely useful and ensure that no matter what you have that’s encrypted can’t be accessed without the file, as it is the key needed to open the file. Encryption is used to protect sensitive data from not only being stolen but also broken into. Additionally, nearly everything can be encrypted and it all runs on mathematics. The better the encryption, the more difficult it is for others to get into it, but, most often, it can be problematic to encrypt everything.
PAPER OVER DATA
The biggest protection against the average hacker is paper. The problem with this is that this is not seen as good practice inside of a business, as an account program is faster and less likely to make calculation mistake than an actual accountant is just as a machine is less likely to drip coffee on an important blueprint. However, the best way to utilize this protection is to have old important files be put on paper and locked away when they are no longer being used. This will not only save on a lot of data storage, but it will ensure that hackers can only obtain the most recent information from a business if they get in. Some businesses will actually just put the files on a standalone server that can only be accessed from the computer dashboard that has been placed on top. However, this is rare since these types of computers are expensive because they must be
customized for the business.
WHAT DO WE DETECT? A LOT. WHEN DO WE DETECT IT? ALL THE TIME.
There are four different software elements you will need to know how to detect to prevent a compromise within the system. Often times, these software elements only get on the computer when a user unknowingly downloads it through allowing
advertisements, going to a specific website, and there’s just a whole manner of ways they can get them.
Literally, it means Bad-Ware, and it does exactly what you think it does. You will
notice it immediately because it will try to shut down computers with the blue screen, it will lock you out of the screen, it will make sure you can get on the internet, and it may encrypt all of your files. There’s no end to the havoc that Malware will cause on your computer’s life and they are most common viruses you will ever receive. Beware of cookies and downloads, because Malware is practically everywhere there is a loading screen for your internet on a website that is not run by an organization or the
Key loggers, Screen Capturers, and Camera Peekers galore. Spyware is extremely difficult to detect and will even throw false flag detections to ensure that you have a difficult time determining where it is. This type of virus is specifically built for spying and the worst ones can hide inside of the RAM, which lets them stay there while you try to figure out how to get them. Worst yet, they will disappear into the computer once it is shut off and some are so horrible that you have to reinstall the entire operating system on a different disk just to get rid of them.
Very difficult to put on the computer and almost impossible to detect. Portals or Worms literally just sit there and funnel information disguised as a registered connection to wherever they may be sending the connection. The reason why they are difficult to detect is that they are often registered, which means they become Windows Registered and are then inside of the Registry. They are extremely rare because only a building full of people in the world can make them nowadays for the new Operating Systems, but they were extremely popular before Spyware.
CHOOSE YOUR SECURITY TOOLS
Reactive Security is when you get attacked, none of your preventive measures worked, and now you are trying to react to it.
WHEN IN DOUBT
When you think that they have already one, it’s time to unplug the internet and shut down. This has happened before, especially within popular websites or programs that get hacked. An example of this is the recent Sony Network hack, which was shut down in mid-process to stop the hack from fully getting in. So long as the device is off and not connected to the internet, it’s almost impossible to get back into it. However, this is only if the hackers are not part of the NSA, who have a back door into almost every processor.
DATA BACK UP
It is always important to have what’s called a RAW data back up, which is to say that all of the raw information about projects are held on a drive that isn’t connected to the internet and is only updated in intervals. The most popular set up is USB Storage filing, which allows the separation of information into separate USB flash drives so that even if one of the flash drives is corrupt, not all of the flash drives will be corrupted.
Another popular consumer option s RAID, but RAID is not an Enterprise option. This falls underneath what is known as Redundancy Back Up, which is to say that you have another file size matching the original size that holds ghost files of the original files. This is not an enterprise option because it’s twice as expensive and can take days for just 500 GB to recover depending on how cheaply your computers are built, which they will be the minimum unless you are working for a technical company.
The last option is Web or Wireless Back Up, which is not an Enterprise option either. This is because it primarily relies on your internet connection and how fast it can
deposit the file into the storage area. When working on the Enterprise level, having over a hundred files being uploaded at the same time can take up a lot of the internet.
Data Recovery is frighteningly easy and this is because of how hard drives are
designed. There are several ways to recover the information that has been lost from an attack, as it will often still be on your computer. However, when the data that is
recovered from the drive looks as though it was tampered with, it is important to notify everyone that the company has been hacked so that they can change their information and affirm that their lives are in order. Most of the time you will be dealing with stolen account details like standard credit card theft, but occasionally you may have to deal with identity theft. It is important to notify the authorities when this is discovered because a Forensic Technician will need to come in and gather all the details. Either way, you will need to determine the source of the attack by finding the very first file that was transferred and every file after that to see which one is the common IP address.
STUDY THE DATA
If you have the Forensic Tools from before on the computer, you will want to see what went wrong, what simply didn’t work, how long it took them to get in, and what can you do to improve the security of the network. This is the most important part of Reactive Security, since Preventative Security is where you will ensure that this cannot take place again and you can only gather that information as part of your reaction. Skipping this step could mean the entire shut down of an enterprise, so it is extremely important to make sure that you utilize every bit of data to prevent it from happening again.
SSH, HTTPS, HTTP, SSL AND FTP: WEB SAFETY
As an Ethical Hacker, most of the issues that you will be solving will be dealing with the internet. This means that you not only have to know the software issues and how to protect from the computer, but you will also want to know how to safely transfer information across the internet. There are four primary methods of transferring
information and each one has its restriction. Additionally, the more secure it is the more selective the freedom of range the transfer module will allow you.
SSH literally stands for Secure Shell and it is extremely useful for logging into another computer over the network, move files, and generally have control of the computer. This comes in replacement of a lot of technology that did similar things and is almost
unbreakable. It is the current standard of web development and is expected whenever a website is developed. It protects against DNS spoofing, which is a way that a hacker can gain even further access into your system by creating a computer that your network recognizes. It also prevents IP source routing so that the hacker can’t use the Tracert command to get into your website, and we’ll show you an example of this later on so you know how this is used.
HTTPS literally means Hyper Text Transfer Protocol Secure, which is similar to SSH but with less restrictions. SSH is primarily used to transfer data over a local network while HTTPS is used to transfer information over the web browser for consumers. This allows for a secure connection to take place over the world wide web.
HTTP is similar to HTTPS and has many of the same functions of the newer version, but it is considered to be not really secure. The difference between the two really just has to do with where the website is located and the type of server that it’s located on. If an HTTP websites is located on an HTTPS server, you can just put the S in front of the address like this;
It will work just as it would with the HTTP. However, HTTP has been around a long time is still rather popular among businesses since upgrading their website to HTTPS is not really a requirement at this time. The only benefit between the two is that HTTP is actually faster and less problematic that HTTPS since it does not have to go through as many protocols.
SSL literally means Secure Socket Layer and is a little bit different, mainly dealing with transactions, but it is important to note that SSL is a standards-based method that
enables HTTPS and allows the connection to be encrypted. This is the software that makes HTTPS a viable option for security and protects its users from outside attacks that can come through the website.
FTP literally means File Transfer Protocol and it is the older method to SSH. FTP and SSH are both ways to transfer files over the internet to the server. FTP is similar to HTTP and is rather old technology, but it still fairly common among businesses.
SSH AND FTP ARE SERVER SIDE TRANSFER, WHILE HTTP AND HTTPS ARE WEB SIDE TRANSFER
They all use the internet to do what they are supposed to do, but one involves
HOW BLINDINGLY SIMPLE: HACK YOUR WINDOWS PASSWORD
Your Windows is a lot less secure than you think and using encryption to protect your files can be really important. First, you need to understand what the Safe Mode is. If you do not know what the Safe Mode is, this will be a good guide for you. In technical
terms, this is called a Safe Boot and Safe Mode was not originally on the computer. In fact, almost nothing was actually on the computer back in the time when people used gold toothbrushes to clean motherboards. Initially, you had a boot file on a Floppy and when your computer messed up, you simply restarted and pushed the Floppy back in to the computer. Once we started having a bigger local space, Operating System
manufacturers thought it would be easier to just have a Safe Mode on the computer.
The Safe Mode is a version of the software that was the last working configuration of the computer, which is why many of your programs will still be there when you boot up the computer. There are several modes in Safe Mode and, generally, you will want to use just the regular Safe Mode. However, for this exercise, we want to only have the command prompt and not boot up the actual Operating System. This is called;
Safe Mode with Command Prompt
On Windows, when you started up the computer, it is set up by default so that when you press F8 on your keyboard a DOS menu will show up on your computer to let you choose the type of Safe Mode you want to use. When you select Safe Mode with Command Prompt, you will only be booting the Command Prompt. So, what is the Command Prompt?
The Command Prompt is actually Windows’ version of a CLI, or command line
interpreter, that lets you alter data within your system without using the Windows GUI, graphical user interface. It’s very important to note that the Command Prompt is not DOS, the menu before it was a DOS menu, but the Command Prompt is just an interpreter to tell your computer what it is that you want it to do.
We will be using too bits of data within this, one is called a command and the other is called an identifier. A command is just that; a word that tells your computer what you want to do. In this case, the command will be;
Net is a command that is literally referring to a network that you will want to access. You have Net file, Net Config, and a lot of other “net’s”. In this case, you will want to type
User is an identifier that literally means a “User of this Computer.” So far, we have told the computer that we want to “Access the Network of Users on this Computer.” Next, you will want to access an actual account. This is where the user-name comes in to play, as this will identify which user you want to access and change. Our user will be called Bob;
net user Bob
Therefore, what we have told the computer is that we want to “Access the Network of Users on this Computer so that we can alter the Data of Bob.” Now that we have gone this far, the next part is the password of Bob. We will change this to “Y” like so;
net user Bob Y
HOW TO HACK SOMEONE ELSE ON YOUR GROUP NETWORK
If you plan on becoming an Ethical Hacker, It's important never to engage in "black hat" hacking, so be sure that you ask for that person’s permission. Time to head back on to that wonderful Command Prompt for this one. The Command Prompt is where most basic hacking takes place and will often be the primary place where one where practice their skills on unsuspecting victims. Do note that this is only showing how to access a computer on your own network provided you don’t already have access to it.
To see if they are even on your network you have to type;
This will tell you who is on the same network as you are. Do note that if you are on a hardline connection and if they are on a wireless connection, you will not be on the same network unless you are specifically connected through the Group Network. If you are both using the same connection, you should be on the same network unless you have one of the very unique modems that prevent this. However, most likely this is not one of your modems and you will be able to do this.
You will see something similar to;
These are the actual names of the computers on your network. Next you will use the Tracert command and this command allows you to track the data to the point of
destination, which is where their IP address is. So, let’s target Bob again (poor Bob);
The command line will run this and let’s say we find his IP address, which looks like this;
Tracing route to bob-pc.lan [192.168.1.78]
need to Change our Directory, so then we type;
This will bring us all the way to the C: drive and then we type;
This will allow you to access the Windows directory. Then you will want to grab so Network Binary Statistics on the Attributes from his ip address, so you type;
nbtstat -a 192.168.1.78
This will bring you the LAN and the WAN of your network to find that individual. So now that we have that, let’s go ahead and view his stuff to see what we want to use.
net view \\192.168.1.78
What will come up are the current “disks” on his computer and these are folders that are open to the internet by default. So, let’s go ahead and start going through their stuff, let’s say his “Documents” are there.
net use x: \\192.168.1.78 \documents
A BLUNT GUIDE: BECOME AN ETHICAL HACKER
There are a few steps to becoming an employed Ethical Hacker and you want to begin with learning the basics of how a computer works. You’ll want to see how to can hack into other computers and learn the basics of networking. Once you have a good grasp on the technology, you’ll want to head over and grab some certificates, but it does depend on where you get your certificates as to what business will want to employ you.
Both Windows and Cisco provide Security Certificates for their hardware/software components. Both of these places are where you’re going to want to grab your
certificates because Windows is the most popular Operating System and Cisco is the most popular hardware industry. Both of these certificates are equally as important, but be sure to start at the very bottom and work towards a basic security certificate. There are companies that look to hire people with the bare minimum of certificates, so don’t feel pressured like you have to be above and beyond, but ideally you’ll want to work towards those certificates as time passes.
Practice, practice, and practice to get far in the industry, because the more you practice the better you become. Learn a programming language, learn how to develop websites, or just try and solve issues in your own community. There are a lot of way to put your skills to use. The best part is that you learn something extra every time you practice because no two-software configurations are ever the same, and no two computers will have the same issue for the same reason; until you are in a massive organization and then you’ll see it a lot.
OOL focuses on objects and will have code that is very readable by most anyone that understands a little bit of code. Objects are simply data that has data inside of it. FOL is a language based entirely around functions and how they interact with each other.
EXTRA FREE RESOURCES FOR HACKERS
Looking to secure your job as an ethical hacker? Here are highly recommended books and resources on hacking for beginnings or advanced hackers. This list will help you save time in looking for additional free resources to help you further your studies. We will update this book with more resources shortly.
1. The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series)
2. CEH Certified Ethical Hacker All-in-One Exam Guide 3. Metasploit: The Penetration Tester's Guide
4. Hacking: The Art of Exploitation, 2nd Edition
5. BackTrack 5 Wireless Penetration Testing Beginner's Guide
1. How to learn Ethical hacking - Astalavista.com 2. Introduction to Penetration Testing
3. Penetration Testing Tutorial - Guru99.com
4. Cybrary – This platform provides free online IT and Security training videos that are super easy to follow.
5. Hacking Tutorials for Beginners - BreakTheSecurity.com 6. Simple How To Articles By Open Web Application Security 7. Information Gathering with Nmap
http://www.evilzone.org/ http://www.securitytube.net/ http://www.metasploit.com/
Defcon: How I Met your Girlfriend – Defcon, a most popular hacker conference
Open Security Training- Youtube 90 hour Playlist
Cryptography Course By Dan Boneh of Stanford University
Vulnerability Databases And Resources
Forums For Hackers And Security Professionals
Stackoverflow for security professionals