A hacking methodology refers to the step-by-step approach used by an aggressor to attack a target such as a computer network. There is no specific step-by-step approach used by all hackers. As can be expected when a group operates outside the rules as hackers do, rules do not apply the same way. A major difference … Read more
The difference between an ethical hacker and a hacker is something that can easily get you into an argument. Just saying the word hacker in the wrong place can get you into an hours-long conversation of the history of hacking and how hackers are all good guys who mean nothing but the best for the … Read more
As the story goes, the earliest hackers were a group of people who were passionate and curious about new technology. They were the equivalent of those modern-day individuals who not only want the latest technology, such as a smartphone or iPhone, but also want to learn all the juicy details about what the device does … Read more
Whatever your computer- and network-security technology, practically any hack is possible if an attacker is in your building or data center. That’s why looking for physical security vulnerabilities and fixing them before they’re exploited is so important. In small companies, some physical security issues might not be a problem. Many physical security vulnerabilities depend on … Read more
The amount of information you can gather about an organization’s business and information systems that is widely available on the Internet is staggering. To see for yourself, the techniques outlined in the following sections can be used to gather information about your own organization. Social media Social media sites are the new means for businesses … Read more
You can use identified security vulnerabilities to do the following: Gain further information about the host and its data. Obtain a remote command prompt. Start or stop certain services or applications. Access other systems. Disable logging or other security controls. Capture screenshots. Access sensitive files. Send an e-mail as the administrator. Perform SQL injection. Launch … Read more
After finding potential security holes, the next step is to confirm whether they’re indeed vulnerabilities in the context of your environment. Before you test, perform some manual searching. You can research websites and vulnerability databases, such as these: Common Vulnerabilities and Exposures ( http://cve.mitre.org/cve ) US-CERT Vulnerability Notes Database ( www.kb.cert.org/vuls ) NIST National Vulnerability … Read more
To catch a thief, you must think like a thief. That’s the basis for ethical hacking. Knowing you enemy is absolutely critical. The law of averages works against security. With the increased number of hackers and their expanding knowledge, and the growing number of system vulnerabilities and other unknowns, eventually all computer systems and applications … Read more
Malicious user — meaning a rogue employee, contractor, intern, or other user who abuses his or her trusted privileges — is a common term in security circles and in headlines about information breaches. The issue isn’t necessarily users “hacking” internal systems, but rather users who abuse the computer access privileges they’ve been given. Users ferret … Read more
Hacker has two meanings: Traditionally, hackers like to tinker with software or electronic systems. Hackers enjoy exploring and learning how computer systems operate. They love discovering new ways to work — both mechanically and electronically. In recent years, hacker has taken on a new meaning — someone who maliciously breaks into systems for personal gain. … Read more