Because of the frequent mention of the word “hacker“, in a negative context, as people doing some bad things, I want to try in this post to explain that there are different types of hackers and that there are “good” hackers among them who are otherwise known as ethical hackers or white hats.
Who are ethical hackers?
Ethical hackers are people who are well trained in various types of system security testing. Their main task is to find security flaws in a system and to inform those responsible. What is very important to note here is that such testing requires the written consent of the company being tested. I mention this because some good-intentioned hackers have tried to test some sites in the past without any approval, and even though their intent was not bad in itself, it is considered a criminal offense under applicable law. Also, ethical hackers should never engage in “dirty work” because they will thus move into the Gray Hats category, which is the most hated category among hackers, because white hats believe they cannot trust because they do occasionally some illegal jobs besides their basic job, while on the other hand they are also not liked by Black hats because they are employed as ethical hackers working in companies as cybersecurity consultants in over 90 percent of their time and are directly opposed to their goals. Having gone through an explanation of who ethical hackers really are, let’s now see how and where they train.
Where are “ethical hackers” trained?
There are several professional courses where you get a certificate that introduces you to a group of ethical hackers. Among them, the most famous is the EC Council CEH (Certified Ethical Hacker) course, which takes 4 hours and a total of 125 questions, and the mark of the test itself is 312-50. In addition, Offensive Security OSCP (Offensive Security Certified Professional) training, which is especially appreciated by experts for its practical 24-hour practical placement and where practical hacking is done, is very popular, but if you succeeded in hacking the systems, that have been prepared, you get a certificate. Another big plus for this certification is that Offensive security is actually the author of the most famous Linux distribution used by hackers called Kali.
Aside from these two, there are many other certifications that are somehow related to this topic directly or indirectly:
- CPTC – Certified Penetration Testing Consultant
- CPTE – Certified Penetration Testing Engineer
- CompTIA – Security +
- CSTA – Certified Security Testing Associate
- GPEN – GIAC Certified Penetration Tester
- ECSA – EC-Council Certified Security Analyst
- CEPT – Certified Expert Penetration Tester
What tools do ethical hackers use?
If you thought the tools used by black and white hackers were different, you were fooled. The tools they use are exactly the same, the only difference is that ethical hackers only use these tools if they have a contract with the company that will be tested beforehand. Some of the tools that are mostly used are already installed in Kali Linux itself, which is the most common choice of all hackers, and in addition to this distribution, there is another one that is quite common, namely Backbox.
There are quite a number of quality tools in both distributions, and I’ll list some of them here:
- maltego – a tool for gathering information
- dradis – a hacker collaboration tool
- OpenVas – vulnerability scanner
- Nmap – scanner
- hping3 – Advanced Scanner
- tracert – routing path
- nslookup – DNS records
- Metasploit / Armitage – a hacking tool
- yersinia – DOS attacks
- john the ripper – a tool for breaking the code
- aircrack-ng – breaking wifi code
- SET (Social-Engineer Toolkit) – Social Engineering
Are there any rules of conduct for ethical hackers?
There are certain rules that ethical hackers must follow in order to be good in their business, that is, to build a good reputation. Certainly, they must never, in any case, provide any third party with any information about the system under test, which should be subject to a non-disclosure agreement with the company. Another thing that is widely known is that they must never accept to do anything that is in harmony with the principles of ethics, that is, they should never under any circumstances accept engaging in illegal activities. Also, when accessing exam preparation materials for certain certifications, it is required to accept the rules that the tools that will be obtained and learned there will never be used for destructive purposes in order to preserve their certification and access information reserved solely for ethical hackers.
I hope in this post I was able to get a little closer to the general public of who the “hackers” really are and that there is a category of “good guys” among them, which is primarily the goal of enhancing security rather than destruction and destruction.