Hacking education

Hacking education



Contents

  • 1 Penetration
  • 2 Penetration risks
  • 3 Ethical penetration
  • 4 Learn moral penetration
  • 5 Penetration as an electronic crime
  • 6 Social engineering and phishing
  • 7 References

Penetration

Hacking in computers and networks means unauthorized access to a computer or network, which aims to change the original goal to be accomplished for the compromised system, so that the hacker (English: Hacker) makes changes to the system or security systems present in Device or network. There are many ways and methods of penetration, including the following: [1]
  • Vulnerability scanning: it detects known loopholes or vulnerabilities in the system.
  • Spoofing attack ; the hacker in this type of attack spoofs other trusted sources by creating fake websites.
  • Password cracking . In this method, the original form of passwords obtained from data stored or transmitted over network devices is retrieved .
  • Attacks by software malware , including rootkits Kate programs ( in English: Root kit), and through which the abolition of the ability of system administrators to control it, as well as programs to monitor the keyboard ( in English: Keyloggers), which is used to record every keystroke on a key of the keyboard does It contains the user of the device and retrieving it later, as viruses (English: Viruses) are considered to be malicious programs that are used in penetration, they create multiple copies of them on the victim's device, and they are usually transmitted through programs or document files, and there are malicious programs called Trojans (in English) : Trojan horse s), and it binds the victim’s device until the hacker wants to take advantage of it to enter the system.

Penetration risk

Many hackers justify their illegal activities and objectionable behaviors - by institutions and individuals alike - by saying that people have the right to obtain information free of charge, as this viewpoint does not exclude anyone from being vulnerable to their breakthroughs and attacks, and according to them it should not be There are any kinds of barriers or limits that would prevent people from knowing any information they wish to know, and access to all types of information. They do not believe in property rights, and therefore they see that there is no need to protect systems . [2]

Such an opinion has many effects and consequences, the most important of which is that it completely eliminates the idea of ​​privacy. When access to information becomes free and without barriers, this makes the privacy of individuals and organizations nonexistent, and the individual or organization loses the right to own the information (which may be a severe idea or information) Privacy). [2] In addition, allowing any person or entity to access various types of information, and the ability to change, delete, or add to it, will make this information unreliable, especially if it is information and data related to things that require accuracy, such as health records, And information related to bank accounts and employee data, the presence of a party that controls access to this information makes its accuracy preserved and not tampered with, and in the absence of this authority it becomes common, and therefore can not be trusted that information and data. [2]

Moral penetration

Moral penetration is one of the methods that companies use in an effort to identify weaknesses and gaps in their networks and computer systems, to then fill these gaps and develop their systems to avoid potential hackers ’attacks on the system, and despite the disagreement about the term moral penetration - as some believe that penetration is not Moral by definition and it can not be otherwise - except that moral penetration helped many institutions to develop their protection systems, and the results of its use proved to be a successful and effective tool. The Global Council for Ecommerce Consulting provides a certificate authorizing its owner to act as an ethical hacker. This certificate is granted after an individual has passed a moral penetration exam that is organized and supervised by the Council. [3]

Learn moral penetration

A certificate can be obtained authorizing a person to act as an ethical hacker, as he learns ways to help him capture weaknesses in computer systems and networks that may be subject to unethical hacking, and he also learns the same methods and methods that unethical hackers use, but his goal is to do so. It is exactly the opposite of their goal, and to obtain this certificate, the person who wants to obtain it must pass a test consisting of 125 questions, each of which is followed by multiple choices, and the person must choose the correct answer, and it is mentioned that this exam period extends for a period of 4 hours. [4]

Penetration as an electronic crime

Hacking is an electronic crime punishable by law; it defines the definition of cybercrime (including hacking) is the use of a computer for unlawful purposes such as fraud, sexual exploitation of children, theft of intellectual property and identities, and it also includes attacking the privacy of an individual or institution. [5] Therefore, Interpol took upon itself the task of combating these crimes and holding those responsible accountable for them by tracking and prosecuting them in cooperation with other organizations and agencies concerned with combating this type of crime, as well as by cooperating with private companies and institutions, by providing assistance to them, And enable it to follow the perpetrators and perpetrators of these crimes . [6]

Social engineering and phishing

The term social engineering includes many malicious activities and methods of penetration; however, phishing is one of the most common and widespread methods, and there are multiple channels for the use of social engineering, starting with a phone call, ending with social media and passing through many other channels.

Phishing is one of the methods that social engineering practitioners rely on to deceive the victim and obtain sensitive information from him, through the impersonation of a specific person via e-mail , or different chat media (English: IM), or otherwise, and the hacker deceives The victim to enter a fake site and enter sensitive information into it, or to have it open a malicious program on its device. [7] [8]

Post a Comment

0 Comments