Phone Phreaking:

➔ Early hacking by exploring phone networks without permission.

Ethical Hacking:
➔ Finding and fixing security weaknesses before hackers exploit them.

Steps in Hacking:

 Gather Information:
➔ Collect data about the target from websites, users, and publications.
 Plan Attack:
➔ Create a detailed strategy for the attack.
 Acquire Tools:
➔ Get hacking programs needed for the attack.
 Attack:
➔ Use weaknesses to break into the target system.
 Use Acquired Knowledge:
➔ Use collected personal info for attacks like password guessing.

Social Engineering Countermeasures:

 Counter familiarity exploit:

➔ Avoid trusting people just because they seem familiar.
 Counter intimidating circumstances:
➔ Stay calm and verify identities before acting.
 Counter phishing techniques:
➔ Double-check emails, links, and requests for information.
 Counter tailgating attacks:
➔ Don’t allow unknown people to enter secure areas without permission.
 Counter human curiosity:
➔ Don’t open suspicious links, attachments, or gifts.
 Counter human greed:
➔ Be cautious of offers that seem "too good to be true".

Hacker-Cracker Separation:
➔ White Hat (good), Grey Hat (mixed), Black Hat (bad), Script Kiddie (amateur); Cracker =
Black Hat hacker.

🔹 Hackers' Motivation:
➔ Hackers solve problems for personal satisfaction, not for fame or money.

🔹 Hacker Mindset (Raymond's Principles):

1. World full of problems:

➔ Hackers find solving problems exciting, not boring.
2. No problem twice:
➔ Solve problems correctly the first time with proper understanding.
3. Boredom is evil:
➔ Innovation dies with repetitive boring work.
 4. Freedom is good:
➔ Hackers need freedom to create and solve.
5. Attitude ≠ Competence:
➔ Good attitude must be supported by real skills and learning.

🔹 Overall:
➔ Hackers are relentless, curious, and creative problem solvers.

Ethical Hacker's Attitude:

➔ Ethical hacking uses the same tools and techniques as criminal hackers but with
permission to find vulnerabilities and improve security.

🔹 Purpose of Ethical Hacking:

➔ To discover system weaknesses from an attacker’s view and make systems more secure.

🔹 Ethical Hacking vs Security Auditing:

Ethical Hacking Security Auditing

Focuses on finding vulnerabilities and
exploiting them.
Highly technical and less structured.
Focuses on checking if security policies are
properly followed.
Checklist-based, risk-based, often non-
technical.

🔹 Policy Considerations:
➔ If ethical hacking is part of a business, a documented security testing policy is needed
(who, what type, and how often testing happens).

🔹 Definition of Hacking:
➔ Hacking = Finding and exploiting weaknesses in computer systems/networks to gain
access.

Malicious Users (Internal Attackers):

➔ Malicious users are trusted individuals (like employees, contractors) who try to
compromise systems for fraudulent gains or revenge.

🔹 Definition of Malicious Users:

➔ A rogue employee, contractor, or intern who abuses their trusted privileges to cause
harm or steal sensitive information.

🔹 Types of Malicious Attacks:

➔ Internal attackers:

 Search databases for sensitive data.

 Email confidential info to competitors or the cloud.
 Delete sensitive files from unauthorized servers.
 Innocent users (non-malicious) may still cause damage by moving, deleting, or
corrupting data accidentally.
🔹 Why Malicious Users Are Dangerous:
➔ Insider knowledge makes malicious users the worst threat as they don’t need advanced
computer skills to exploit vulnerabilities. They know where sensitive information is stored
and can misuse trusted access.

🔹 Management Trust:
➔ These malicious users take advantage of the trust granted by management, which makes
them hard to detect and prevent.

Why Hack Your Own Systems?

1. Think Like a Thief to Catch a Thief:

o To protect your systems, you need to understand how hackers think and work.
o This helps you find vulnerabilities (weak spots) that attackers might exploit.
2. Security Weaknesses Are Everywhere:
o With more hackers and new vulnerabilities, it’s almost certain that every
system will eventually be hacked.
o Traditional security systems like firewalls or encryption can create a false
sense of security. They focus on big threats, but don’t always catch smaller
weaknesses.
3. Test Your Own Systems:
o To better secure your systems, you need to attack them in a controlled way to
discover vulnerabilities.
o Ethical hacking is one of the best ways to identify and fix these weaknesses
before the bad guys do.
4. The Goal: Protect Known Weaknesses:
o You can’t protect everything, but you can protect what you know. You
need to focus on the vulnerabilities that are well-known and commonly
targeted by hackers.
5. Thinking Like a Hacker:
o As hackers keep evolving, you need to keep learning. By understanding their
methods, you can stop them before they succeed.
6. Testing Everything, Not Just Parts:
o It’s important to test the entire system, not just individual components. The
more you test, the better the chances of finding hidden vulnerabilities that
affect the whole system.

Hackers use different methods to attack systems, which can include:

1. Nontechnical attacks: Exploiting human nature through social engineering, like

tricking people into giving up information.
2. Network-infrastructure attacks: Attacking networks, often from anywhere in the
world, by exploiting weaknesses in network connections or flooding networks with
traffic.
3. Operating-system attacks: Exploiting vulnerabilities in widely used operating
systems like Windows and Linux.
4. Application and specialized attacks: Targeting applications like email servers and
web apps, often with malware, spam, or exploiting known software weaknesses.
Obeying the Ethical Hacking Commandments –
Important Points:
✅ 1. Working Ethically:

 Always work with honesty, professional morals, and principles.

 Perform hacking only for authorized purposes to support company goals.
 Never misuse the information collected during testing.
 No hidden agendas; trustworthiness is essential.

✅ 2. Respecting Privacy:

 Treat all gathered information (logs, passwords) with complete confidentiality.

 Never use the data for spying or personal advantage.
 If needed, report critical issues to appropriate managers.
 Always involve others to maintain a "watch the watcher" system.

✅ 3. Not Crashing Your Systems:

 Avoid crashing systems during testing by planning properly.

 Understand the power of hacking tools and techniques before using them.
 Denial of Service (DoS) conditions can happen if too many tests are done too fast.
 Use security tools carefully, especially during business hours.
 Avoid account lockouts or system failures due to careless actions (like password changes).

Summary Tip:
👉 Ethical hacking must always be careful, responsible, planned, and respectful to both the systems
and the organization.

1. Planning the Ethical Hacking Process

 Plan all activities in advance.

 Decide strategic and tactical issues before testing.
 Get approval and sponsorship from management or customer.
 Always document the permission to avoid legal issues.

🔹 2. Formulating the Plan

 Clearly define the testing scope:

o Systems to be tested.
o Risks involved.
o Testing timeline and methods.
o Actions when vulnerabilities are found.
o Deliverables like assessment reports.
 Start testing with the most critical systems first.
 Handle DoS and social engineering attacks carefully.
 Perform tests during low-usage hours if possible.
🔹 3. Selecting Tools

 Choose the right tools for specific tasks.

 Know the limitations of tools (false positives/negatives).
 Use a combination of tools for better results.
 Popular Tools:
o Nmap
o SuperScan
o QualysGuard
o WebInspect
o LC4
o Nessus
o Nikto
o Kismet
 Familiarize with tools before using (read guides, manuals, or take training).

🔹 4. Executing the Plan

 Perform tests carefully and quietly.

 Encrypt or password-protect testing results.
 Investigation steps:
1. Search online for company details (Google hacking).
2. Narrow focus to specific systems.
3. Perform scanning and detailed tests.
4. Execute attacks if needed (as per scope).

🔹 5. Evaluating the Results

 Analyze and correlate vulnerabilities found.

 Experience improves evaluation skills.
 Prepare a professional report for management or customer.

🔹 6. Moving On

 Apply recommendations and fix vulnerabilities.

 Keep testing regularly (weekly/monthly).
 Stay updated as new threats and vulnerabilities appear constantly.

Popular Tools and Their Uses:

 Nmap – Scans networks and finds open ports and devices.

 SuperScan – Quickly scans IP addresses and detects services running.
 QualysGuard – Finds security vulnerabilities in network systems.
 WebInspect – Tests websites and web applications for security flaws.
 LC4 – Recovers or cracks Windows passwords.
 Nessus – Scans systems for known security vulnerabilities.
 Nikto – Scans websites for dangerous files and outdated software.
 Kismet – Detects wireless (Wi-Fi) networks and finds hidden networks.

Start
 ↓

Planning

Formulating the Plan

- Get Approval

- Define Scope

- Decide Timeline

Selecting Tools

- Choose Right Tools

- Learn Tools Before Use

Executing the Plan

- Perform Tests Carefully

- Protect Test Results

Evaluating Results

- Analyze Vulnerabilities

- Prepare Reports

Moving On

- Fix Issues

- Plan Regular Testing

End
Hacker Mindset:

1. Purpose of Hacking: Hackers may hack for knowledge, thrill, or even malicious
gain. They explore systems and manipulate them to see how far they can go.
2. Hacker Classifications:
o Script Kiddies: Beginners using pre-made tools without understanding the
technicalities.
o Criminal Hackers: Skilled experts using hacking tools for malicious
purposes.
o Security Researchers: Professionals creating tools and analyzing
vulnerabilities for security improvement.
3. Motivations:
o Hacktivists: Hackers with political or social agendas.
o Cyber-terrorists: Attack government or public utilities.
o Hackers for Hire: Operate for profit within organized crime.
o Internal Threats: Insiders with access to sensitive systems pose a significant
risk.
4. Why Hackers Hack: They might do it for fun, to challenge authority, or to promote
personal agendas such as political or social change. Some may hack out of curiosity
or boredom, while others might be seeking revenge or financial gain.
5. Security Implications: Hackers use techniques like exploiting network
vulnerabilities, hiding their tracks, and using anonymity resources (like proxy servers)
to remain undetected.

Ethical Hackers:

 Role: Ethical hackers test systems to identify vulnerabilities. Their objective is to

improve security by identifying and reporting weaknesses in systems.
 Job Requirements: Ethical hackers need a bachelor’s degree in cybersecurity or
related fields, certifications (e.g., CEH - Certified Ethical Hacker), and strong
analytical, communication, and technical skills.
 Skills: Apart from technical expertise, ethical hackers should have interpersonal skills
for working with clients and team members, along with attention to detail and
customer service capabilities.

The knowledge required to become an ethical hacker includes a mix of technical skills,
hands-on practice, and a deep understanding of security principles. Here's an outline of the
key points:

1. Programming Knowledge

 Learn C Programming: C is fundamental for understanding how computers work at

a low level.
 Learn Multiple Languages: Knowing multiple programming languages, like Python,
C++, or JavaScript, is crucial for various types of hacking activities, including
scripting and web development.

2. Operating Systems
  Master UNIX/Linux: UNIX-based systems (like Linux) are often used for hacking
due to their robustness and flexibility. You need to learn command-line tools and how
to navigate Linux systems.
 Learn Multiple OS: Familiarity with Windows, Mac, and Linux systems is essential
because different systems have different vulnerabilities.

3. Networking Knowledge

 Learn Networking Concepts: Understanding protocols like TCP/IP, DNS, HTTP,

and SSH is vital for identifying vulnerabilities in network communication.

4. Cryptography

 Understand Cryptography: Learn how data is encrypted and decrypted, as well as

different encryption algorithms. This knowledge helps in breaking or securing data.

5. Practical Hacking and Security Tools

 Use Ethical Hacking Tools such as:

o Burp Suite: For web application security testing.
o Wireshark: For network protocol analysis.
o Metasploit: A tool for exploiting known vulnerabilities.
o Aircrack-ng: For cracking WEP/WPA wireless keys.
o Nessus: For vulnerability scanning.
 Practice using SQLMap and other tools to test for SQL injection and other
vulnerabilities.

6. Penetration Testing

 Understand and apply Pen Testing Techniques: The process of testing a system’s
security by trying to exploit its vulnerabilities, often using tools like Burp Suite,
Wireshark, and Metasploit.

7. Ethical Hacking Challenges

 Participate in Hacking Challenges: Engage in online competitions or platforms such

as:
o Hackquest.de
o HackTheBox
o TryHackMe
o Hackchallenge.net

8. Experimentation and Continuous Learning

 Regularly experiment with security techniques in a controlled environment.

 Backup data, start small, and know when to stop.
 Automate repetitive tasks and constantly improve your methods.

9. Books and Courses

  Read expert-level books on hacking, cybersecurity, and network defense.
 Stay updated with ongoing security talks and webinars.

10. Contribute to Open-Source Projects

 Get involved in open-source security projects, contributing to software that

enhances network and data security.

11. Be Responsible

 Ethical Responsibility: Always remember to be a responsible hacker. Do not use

these skills for malicious purposes, and be aware of the legal implications of hacking.

Career Pathways in Ethical Hacking

 Back-End Developer
 Software Developer
 Computer Networking Specialist

By following these steps and focusing on continual learning and practical experience, you can
build a strong foundation to become an ethical hacker.