The Basics — Ethical Hacking as a Beginner [01]

Hello World, I come from Web Development and this post marks my start of learning about Ethical Hacking and Cyber Security.

Understanding Ethical Hacking

• Authorized Intrusion: Ethical hackers are “good” hackers. They use the same skills and tools as malicious hackers but operate with the organization’s permission to find weaknesses.
• Proactive Defense: The goal is to identify vulnerabilities before criminal hackers exploit them. This allows organizations to patch security holes and strengthen their defenses.

How Ethical Hacking Fits in Cybersecurity

• Vulnerability Assessment: It’s a core component of risk assessment and management, helping organizations understand what systems are most likely to be targeted and the potential impact.
• Penetration Testing: This broader cybersecurity practice often includes ethical hacking to simulate real-world attacks, helping to improve incident response.
• Staff Training: Ethical hacking results can be used to educate employees on social engineering tactics and other hacking methods, increasing cyber awareness.
• Regulation Compliance: Many regulations require regular vulnerability assessments and penetration testing. Ethical hackers help organizations meet these requirements.
• Softwares that should undergo security testing: Web applications, VPSs, Operating Systems, Mobile Applications, Cloud based applications. Basically every piece of software that can use internet.

Things to Note:

• It’s Not Foolproof: Ethical hacking is an ongoing process. Even with the best ethical hackers, vulnerabilities can emerge as technology and attack methods evolve.
• Ethics Matter: Ethical hackers must stay within strict legal and contractual boundaries, and their findings are always confidential. Organizations seeking ethical hacking need to find reputable practitioners or companies.

The first attack I learned about is Phishing, here are my learnings:

• Phishing is a form of cybercrime where attackers trick victims into doing something harmful, usually through emails, text messages, or fake websites.
• Goal: The main objectives are:
• Stealing Sensitive Information: Login credentials (usernames/passwords), credit card numbers, Social Security numbers, etc.
• Installing Malware: Trick you into downloading a virus, ransomware, or other malicious software.
• Impersonation: Use your information to take over accounts or commit further fraud in your name.

Stay Protected!