best books for hacking
The concept of hacking
You hear about this all the time: A big bank was hacked. Tumblr was hacked. The infidelity website Ashley Madison was hacked and now everybody knows who was cheating on each other. But there’s a lot more to it, and it's a lot less flashy than what you see in the movies.
Hacking isn’t about typing in a few magic words with one hand on one keyboard and the other hand on another keyboard. Or like, two people using the same keyboard at once. Hacking is difficult, and it usually takes careful planning and a fair amount of time. Stopping malicious hackers can be even more challenging.
But some people dedicate a lot of time and energy to doing just that. Hacking is when an unauthorized person gets into a computer system. A hacker breaks in, and then suddenly they have access to information they aren’t supposed to have. You hear people say their Facebook or Twitter was hacked, but that’s not exactly the same thing we’re talking about here.
can facebook be hacked what is Facebook hacking?
When someone’s personal Facebook account is hacked, that’s usually because the hacker found out their password. It can be devastating, but it’s not on the same level as breaking into a company’s whole infrastructure and stealing a billion passwords.
Thankfully, these large-scale attacks are much harder to do. But they do still happen — in December, for example, Yahoo announced that they had been hacked back in 2013 and just realized that more than a billion accounts had been compromised with personal data like answers to security questions and passwords. That’s why companies have to be really vigilant to protect against hackers.
what choice do hackers have after stealing Infos
Once a hacker gets in, they have a few choices: They can gather information, they can cause some damage to the computer system, or they can do nothing at all, and just tell the company about the security risk. And that’s the difference between the three major types of computer hackers: There are black hats, hackers who are basically the bad guys: they hack into systems to get information or otherwise cause damage.
Which is very illegal, by the way. There are also white hats, hackers who are either breaking into their own systems or are hired to break into other people’s systems— not to cause damage, but to test out vulnerabilities that can then be fixed. And then there are grey hats, hackers who, as the name would suggest, sort of walk the line between black and white hat hacking.
They don’t actively seek to cause damage, but they still do things that are illegal or considered unethical — like, they might break into a system without being hired to do that. They wouldn’t steal any information, and they'd tell the company afterward, but they might publish the vulnerability online in the meantime.
But whether you’re a black hat, a whitehat, or a grey hat, the techniques used in hacking are largely the same. If you’re a white hat testing system vulnerabilities, you have to know how to do all the same things a black hat hacker would. It’s like Defense Against the Dark Arts Harry Potter — you have to know what the dark side is doing if you’re going to be able to defend yourself against it.
One of the main things white hats do is called a penetration test, or pen test for short. You test a system for vulnerabilities, then fix any that you find, instead of causing damage like a black hat would. This is a pretty standard procedure, so looking at the steps is a great way to explore some of the basic principles of hacking. Usually, the first step in a pen test is reconnaissance, or recon, while you gather data about the target to figure out the best way to hack into their system.
For example, if you were a black hat, it would help to know what kinds of operating systems the target’s computers are running so that you could launch an attack that’s tailored to those operating systems. So if you’re a white hat, you’ll want to know what data you can access so you can figure out what vulnerabilities need to be fixed.
different types of recons in hacking
There are two different types of recon: passive and active. Passive recon is where a hacker gathers information without actually interacting with any of the target’s computer systems. There are lots of different ways to do passive recon: you can look for information that’s already out there, like files that are publicly available on a website.
Or a black hat might even try to steal old hard drives the target threw away. Passive recon strategies can take a while, but when a black hat uses them, they’re also difficult for companies to detect and fight — because there is nothing fishy to detect.
The hacker isn’t touching the company systems, so there’s no warning that an attack is being planned. The best a company can do is try to make sure that they don’t leave any clues lying around by destroying as much unneeded data as possible, even if it seems harmless.
It also helps if you don’t just toss old hard drives into the dumpster outback. Active recon, on the other hand, is when a hacker tries to learn valuable information about a company by interacting directly with the company’s systems.
Hackers can get information more quickly this way, but it’s also easier to detect. That’s because companies can track things like which computers are communicating with their servers — the more central computer that provides data to other computers.
If they notice a strange machine on the network, or suspicious commands being sent, they can take action — like by blocking the address sending those commands. So as a white hat, part of pen testing usually involves doing some sort of active recon yourself, to see if the protections you’ve set up can stop a black hat from learning too much. Usually, you start by looking for open connections, or ports.
Each open port serves as a kind of link between the device and the internet, where data can be exchanged. And that can be dangerous because a hacker can use an open port to send code that attacks a machine. As a white hat, once you’ve found an open port, the next step might be to see if you can tell what kind of hardware is running the port, and what operating system it uses.
Because that is exactly what a black hat would. If you find that a black hat could collect enough information to launch an attack, you might have to rethink the ports you have open or find ways to stop machines from disclosing information about themselves.
And for the most part, you’re going to want to keep as many ports closed as you can. One of the ways to do that is by using a firewall, which is either a program or a whole device that’s designed to block unwanted access to a computer. Among other things, firewalls keep track of computer ports and make sure that the only ports that are open are ones that need to be open.
They’re like a computer’s security guard, making sure that all the right doors are locked. Now, once you’ve done some recon, you may want to move on to protect against attacks that take advantage of your specific setup. Basically, you make a list of the hardware and operating system versions you’re running and see if they have any known hacks.
When people find ways to exploit an operating system or a piece of software, the exploit will usually be published online. Then, the company that makes the OS or software will try to patch the vulnerability. But patches and updates won’t always be installed on your systems right away, so it’s important to see if you’re running older, vulnerable versions.
is it important to always update your systems?
Of course, a black hat could also come up with new exploits and use those. But that takes much more effort and skill,so protecting against known hacks can make it much less likely that you’ll be hacked. Another part of the penetration test has to do with websites.
For every website on the internet, there’s the part you’re supposed to be able to see. Like on YouTube, you can see different channel pages and video pages. And you can watch me do this with my hands. But there’s also a whole administrative side to websites, with pages and files that you aren’t supposed to see. Those pages might store information the developer needs to run the site or files that the public isn’t supposed to be able to access — like, databases of user names and addresses.
Ideally, you want those pages and files secured that some random dude named Steve can’t access all of them just by just typing a certain URL. And the way to figure out if someone could get access to them is to do what a black hat would do: try different URLs and see if you end up finding pages or files that shouldn’t be publicly accessible.
some basic penetration test you should do to ensure you are safe
To do this, you can use crawlers — programs that automatically map out the site by visiting different links and directories. You can also use programs that try the typical URL where this kind of information might be stored. So pages like yourwebsite.com/info, or /files, or whatever. If the crawler lands on an error page, that can be important too.
Companies need to make sure that the error that comes up doesn’t contain information that a hacker can use against them. If an error says that a certain page is private, for example, that tells a black hat that this page would be a great target if they do get into your system. So you’ll want to be careful about how much info shows up on your error pages.
Another part of the website test involves pages that use forms, like where you type in your shipping address or fill out hundreds of questions for your OkCupid profile. If these forms aren’t set up properly, blackhats can use them as a way to send malicious code into a system.
Often, they can use this kind of code to collect information from any databases a company might be using, like to nab all the credit card numbers anyone’s ever submitted. So it’s important to make sure that a website checks its form inputs for anything that looks suspicious and to test those protections trying to break through them yourself.
There are often more steps to a penetration test, but those are the basics. Once the test is done, it’s time to go through the results and fix any vulnerabilities. Even then, a company’s systems might not be totally safe from all hacking attempts.
Black hats are always thinking up more creative ways to break into systems, and when they have a specific target, like a government other high-profile organization, white hats have to be constantly on the lookout for attacks.
But as long as they keep track of possible security threats and stay one step ahead of the black hats, which apparently Yahoo is completely incapable of doing, they can put up a pretty strong defense.
1st ebook -
Social media hacking Hack Facebook, what’s app, Instagram, Twitter accounts
2nd ebook
Wifi Hacking for Beginners
3rd ebook
Gray Hat Hacking - The Ethical Hacker’s Handbook
4th ebook
Hacking The Art of Exploitation
5th ebook
Understanding Network Hacks Attack and Defense with Python
![LEARN BLACK HAT HACKING SECRETS IN ETHICAL WAY FULL COURSE [DOWNLOAD]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJcPXrjM1lru0_Jp6tesPQjMFtKzRZPYwVilnvz1AM8xZ0z093K7j-iBhvs58RompLf589p2f8mzmHo74JGVrfdnRDX4Ud6UvnfDGLnvadjayxQORBrE5GMBcnnof91SxVBOxvXaWzS1c/w72-h72-p-k-no-nu/hacking+course+free.jpg)
No comments:
Post a Comment