Open in app

Sign in

Write

Sign in

Ethical Hacking

Jeewantha Lahiru
5 min readMay 27, 2021

In today’s times with the extensive use of the internet and modern technologies, there is a massive challenge in protecting all our digital data, such as net banking information account credentials and medical reports, to name a few.

Hacking is the activity of identifying weaknesses in a computer system or a network to exploit the security to gain access to personal data or business data. An example of computer hacking can be: using a password cracking algorithm to gain access to a computer system.

let’s have a look at three different kind of Hackers.

  1. Black Hat hackers are individuals who illegally hack into a system for monetary gain.
  2. On the contrary, we have white hat hackers who explain the system’s vulnerabilities by hacking into it with permission, to defend the organization. This form of hacking is absolutely legal and ethical. They are also often referred to as ethical hackers.
  3. Thirdly the grey hat hackers, the color grey, is a blend of both white and black these hackers discover vulnerabilities in the system and report it to the owner of the system, which is a good act. Still, they do this without seeking the owner’s approval. Sometimes, grey hat hackers also ask for money in return for the spotted vulnerabilities.

There are 5 phases of hacking,

Reconnaissance:

This is the first step of Hacking. It is also called as Footprinting and information gathering Phase. This is the preparatory phase where we collect as much information as possible about the target. We usually collect information about three groups,

  1. Network
  2. Host
  3. People involved

There are two types of footprinting,

Active: Directly interacting with the target to gather information about the target. Eg Using Nmap tool to scan the target

Passive: Trying to collect the information about the target without directly accessing the target. This involves collecting information from social media, public websites etc.

Scanning

Three types of scanning are involved:

Port scanning: This phase involves scanning the target for the information like open ports, Live systems, various services running on the host.

Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which can be exploited. Usually done with help of automated tools

Network Mapping: Finding the topology of network, routers, firewalls servers if any, and host information and drawing a network diagram with the available information. This map may serve as a valuable piece of information throughout the hacking process.

Gaining Access

This phase is where an attacker breaks into the system/network using various tools or methods. After entering into a system, he has to increase his privilege to administrator level so he can install an application he needs or modify data or hide data.

Maintaining Access

Hacker may just hack the system to show it was vulnerable or he can be so mischievous that he wants to maintain or persist the connection in the background without the knowledge of the user. This can be done using Trojans, Rootkits or other malicious files. The aim is to maintain the access to the target until he finishes the tasks he planned to accomplish in that target.

Clearing Track

No thief wants to get caught. An intelligent hacker always clears all evidence so that in the later point of time, no one will find any traces leading to him. This involves modifying/corrupting/deleting the values of Logs, modifying registry values and uninstalling all applications he used and deleting all folders he created.

Most of hackers use kali linux operating system.

Kali Linux

Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.

Cyber Security

Cybersecurity is important because it protects all categories of data from theft and damage. This includes sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems. Without a cybersecurity program, an organization cannot defend itself against data breach campaigns, making it an irresistible target for cybercriminals.

CIA in cyber security

The CIA triad (also called CIA triangle) is a guide for measures in information security. It stands for Confidentiality, Integrity, and Availability. The goal of CIA triad pertaining to information security solutions especially applicable to business organizations. The CIA security triangle shows the fundamental goals that must be included in information security measures. The CIA triad serves as a tool or guide for securing information systems and networks and related technological assets.

machine learning in security

Machine learning has become a vital technology for cybersecurity. Machine learning preemptively stamps out cyber threats and bolsters security infrastructure through pattern detection, real-time cyber crime mapping and thorough penetration testing. A subset of artificial intelligence, machine learning uses algorithms born of previous datasets and statistical analysis to make assumptions about a computer’s behavior. The computer can then adjust its actions and even perform functions for which it hasn’t been explicitly programmed. With its ability to sort through millions of files and identify potentially hazardous ones, machine learning is increasingly being used to uncover threats and automatically squash them before they can wreak havoc.

Ethical Hacking
Hacking
Cybersecurity

--

--

Jeewantha Lahiru

Written by Jeewantha Lahiru

65 Followers

Undergraduate Software Engineer in University of Kelaniya

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams