Hacking is not a crime, it’s a profession till the time you play with it safely
Everyone thinks Hacking is an illegal activity , they brake the privacy of people, But actually hacking is a counter technology to find out the new solution for security problems.
Activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks or simply the gaining of unauthorized access to data in a system or network is recognized as hacking.
There Five Steps involved in every successful cyber attack.
5 Phases of hacking
- Reconnaissance — collecting information about the target include Foot printing, Passive Scanning, Enumeration
- Scanning — Phase of scanning include port scanning, vulnerability scanning, network mapping etc
- Gaining Access — Breaking to the system. It includes privilege escalation (increasing the privilege to administrator level)
- Maintaining Access — Maintaining the connection in the background until attacker finishes the tasks. This involves use of Trojans, Rootkits or other malicious files.
- Clearing Tracks — Clearing tracks to avoid detection. This phase involves deleting Logs, modifying registry values and intrusion detection system (IDS) alarms.
Types of Hackers
Black hats are the bad guys of the digital world. break into computer networks with purely negative motives such as monetary gain or reputation.
White hat hackers are the good guys of cyber space. They are employed by organizations to test out existing cyber security measures and discover vulnerabilities, to prevent the bad guys from exploiting them.
As the name says Grey hat hackers are a blend of both black hat and white hat activities. Often, they will look for vulnerabilities in a system without the owner’s permission. If issues are found, they will report them to the owner, sometimes requesting a small fee to fix the issue.
There are many sub categories such as Script kiddies, Red hats, Hacktivists, Blue hats, State/Nation sponsored, Malicious insider or whistle blowers,Social Engineering Hackers, Elite Hackers etc read more
common hacking techniques
Variety of techniques are used by hackers to compromise a system.
|Botnets||compremised network of computers|
|Browser hijacks||a form of unwanted software that modifies a web browser’s settings without a user’s permission|
|Denial of service (DoS)||flooding the target machine superfluous requests in an attempt to overload systems|
|Malware||program specifically designed to disrupt, damage, or gain unauthorized access to a computer|
|Eavesdropping (sniffing/snooping)||theft of information as it is transmitted over a network from one connected device to another|
|Key logging||a type of monitoring software designed to record keystrokes made by a user and sends to a third party|
|Social Engineering||psychological manipulation to trick users into making security mistakes or giving away sensitive information|
|Watering Hole||attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit|
|WAP Attacks||Attacks on Wireless Access Points|
|MITM Attacks||Attacker secretly relays and possibly alters the communications between two parties|
|Malvertising||Hackers inject malicious code into legitimate online advertising networks|
|drive-by download||unintentional download of malicious code to your machine that leaves you open to a cyber attack|
Common Web application attacks
- SQL injection
- Script injection Attacks
- Carriage Return Line Feed Injection (CRLF)
- Template Injection (SSTI)
- Server Side Request Forgery (SSRF)
- Cross-site request forgery (CSRF or XSRF)
- Cross Site Scripting (XSS)
- XML External Entity Vulnerability
- Remote Code Execution
- Session hijacking (Cookie Theft)
- ClickJacking Attacks (UI redress attack)
- DNS Spoofing (DNS cache poisoning)
- Bait and switch
- Sub Domain Takeover
I’m here to share what I know, and as always I hope you will make correction where I’m wrong, because it is from mistakes that we learn 😊