The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.[1] Ethical hacking is a term coined by IBM meant to imply a broader category than just penetration testing.[2] Contrasted with black hat, a malicious hacker, the name comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat respectively.[3]
While penetration testing concentrates on attacking software and computer systems from the start – scanning ports, examining known defects and patch installations, for example – ethical hacking may include other things. A full blown ethical hack might include emailing staff to ask for password details, rummaging through executive’s dustbins and usually breaking and entering – all, of course, with NO knowledge and consent of the targets. ONLY the owners, CEOs and Board Members (stake holders) who asked for such a security review of this magnitude are aware. To try to replicate some of the destructive techniques a real attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late at night while systems are less critical.[2] In most recent cases these hacks perpetuate for the long term con (days, if not weeks, of long term human infiltration into an organization). Some examples include leaving USB/flash key drives with hidden auto-start software in a public area, as if someone lost the small drive and an unsuspecting employee found it and took it.
Some other methods of carrying out these include:
- DoS attacks
- Social engineering tactics
- Security scanners such as:
- Frameworks such as:
Such methods identify and exploit known vulnerabilities, and attempt to evade security to gain entry into secured areas. They are able to do this by hiding software and system 'back-doors' that could be used as a link to the information or access the non-ethical hacker, also known as 'black-hat' or 'grey-hat', may want to reach.
The United States National Security Agency offers certifications such as the CNSS 4011. Such a certification covers orderly, ethical hacking techniques and team-management. Aggressor teams are called "red" teams. Defender teams are called "blue" teams.
By Matrix Hacker
I really enjoy simply reading all of your weblogs. Simply wanted to inform you that you have people like me who appreciate your work. Definitely a great post. Hats off to you! The information that you have provided is very helpful.
ReplyDelete