When the engineers begin to create networks, protocols, computers, etc, etc, they never thought that they need to set any kind of security to protect the network or computer itself.
Now this is becoming the norm. we need to protect our network or better say we need to protect the human life and the information, specially the private information, something that only belong to one person or group.
Now lets go to the meat:
What is an ethical hacker?
Ethical hacker is a professional with different IT skills and background with security in mind who is very knowledge with hacking tools and techniques, in other words WHAT YOU ARE TRYING TO BECOME.
What is the objective of the Ethical Hacker?
The main goal is using the same tools and techniques that other hackers use to attack a network or an application or a system to find the weakness in those computer systems and give recommendation how to protect it.
Also the ethical hacker try to:
- See the system in the same way of what any attacker see it.
- Also see if the attacker can get any benefit of the information that try to access.
- Also he try to understand what the organization try to protect.
- What kind of attacker can try to attack that network like competition, disgruntled employee, etc.
- What resources the company is willing to expend to protect the information or computer system.
Types of Hackers:
- White Hats: This are the ethical ones who make sure the information is protected
- Black Hats: This are the unethical, the bad guys who try to brake a computer system and get any benefit of it.
- Cyber Terrorist: This hackers has different motivations like political and others, try to create chaos and terror.
- Spy hackers: This could be any hacker who try to brake and company or big corporation and try to steal trade secret, market and information that the competition can use to gain profit or take advantage of the other companies or market.
- State Sponsored Hackers: This are governments with militaries objectives that try to infiltrate other countries to get knowledge of their military, tactics and capacity
- Hacktivists: Some hackers activist are motivated by religion, politics or other means to expose something that they considered wrong.
I was running a scan to a server behind a Watchguard firewall and then I got banned, the firewall blacklisted my public IP address, this killed me because I manage the firewall and when I begin to troubleshooting what happened I was not able to reach the firewall itself or VPN is.
Now if you do:
C:\Users\Raul>nmap -T2 192.168.1.20
Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-05 17:22 Central Standard Time
Nmap scan report for 192.168.1.20
Host is up (0.086s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
993/tcp open imaps
3389/tcp open ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 927.56 seconds
Did you notice the time, it took 927 seconds, mean 15 minutes, Yes, to avoid the to be detected you need to move slowly and slowly, one packet at the time so the IPS will time out and ignore the packet.
You could run nmap 192.168.1.20 without the T2 switch and would be faster if there is NOT any IPS/IDS, if there is one you lost the connection and you would need to wait until the IPS remove your IP address from the black listed list.
So to make sure you do not lose time and get good result in your pentest scope, you need to be snick, LOL
Takes time to sharp your skill, just keep practicing and you will get it.
This sites is dedicated to increase IT Security through forums, blogs, tutorials and security products analysis. You can help to increase the security awareness through your post and recommendations.
This is a work in progress, free feel to contribute.
Kali Linux 2.0 has the different password list in /usr/share
You can see the wordlist folder, now lets go inside:
The file that has the main list is rockyou.txt.gz. You will need to extract it.
- Are Vulnerability scanners broken?
- Basic Powershell scrip to block IP address during Dictionary Attack to Remote Desktop
- Certified Ethical Hacker CEH what can I get from it?
- Certified Incident Handling Engineer Mile2 review
- Certified Penetration Testing Engineer (CPTE) Training Series Mile2 review
- Good backup make the day
- How to Accomplish your Certification Goals when become boring ?
- How to become a Security Analyst ?
- How to Convert from Virtualbox hard drive VDI to VHD for your Pentest lab
- How to Study for Certifications?
- I want to be Ethical Hacker
- Introduction to Ethical Hacking
- NMAP switch to avoid IPS or IDS detection
- Packet Sniffing Metasploit with Meterpreter
- Pentest or hack to your new Security Analyst job
- Script Cisco Firewall Configuration for Firewall Review PCI
- Security Models CISSP
- Small Business Protection Again Ransomware
- Thanks CISSP you help me in this job
- Type of Access control (CISSP)
- Welcome to Learn-Security.net
- What certification takes first OSCP or eCPPT?
- Where are the different password lists in Kali Linux 2.0 ?
- Where to start on Certifications?