Hack to learn

If you don’t understand how hackers could get into your systems, you’re going to have a hard time securing them. Learning how to hack can help implement the strongest possible security practices. Plus, it's fun.

The term “ethical hacker” has received criticism at times from people who say that there is no such thing as an “ethical” hacker. Hacking is hacking, no matter how you look at it, and when one creates “ethical”, one also creates “unethical”. That said, the work that ethical hackers do for organisations can help improve system security and be quite effective and successful. Individuals interested in becoming an ethical hacker can work towards a certification to become a Certified Ethical Hacker, or CEH. This certification is provided by the International Council of E-Commerce Consultants (EC-Council).

The “More …” buttons lead to pages with the vids, notes and further explorations of interest.


Ye cannae just rush in anywhere

Reconnaissance

… ye gotta know where ye’re just gonna rush in and with what. Ye cannae just rush in anywhere. It looks bad, havin’ to rush oout again straight awa’ …

More ...

Actual actual reality: nobody cares about his secrets. (Also, I would be hard-pressed to find that wrench for $5.

System hacking

Gain elevated privileges in order to be able to take action, like install software, get user data that can possibly give access to other sites or systems, destroy or alter audit trails to hide tracks of having been there, etc.

More ...

Her daughter is named Help I'm trapped in a driver's license factory.

Application hacking

Gaining ability to execute arbitrary code, privileged access, and unauthorised data access.

More ...

Hit Turing right in the test-ees

Social engineering

Social engineering targets the weakest link in the security chain: people. It takes advantage of human weakness and trust (which can be strengths in other contexts, like being helpful) and uses several non-technical methods to gather information or circumvent security controls.

More ...

Stealth owl

Scanning

Gather information about what ports (and services) target devices offer, including OS (or firmware version) of the target devices to be able to intelligently select tools and exploitation methods for an attack.

More ...

Viruses so far have been really disappointing on the 'disable the internet' front, and time is running out. When Linux/Mac win in a decade or so the game will be over.

Malware

Gain entry into operating systems, applications, and network devices by delivering malware (trojans, viruses, worms, malicious scripts, web-based applets).

More ...

Are you still there, server? It's me, Margaret.

Web hacking

Web servers became harder to hack, not impossible to hack. Web servers suffer the same vulnerabilities as other servers do, plus then some.

More ...

Enumeration

Listing and identifying the specific services and resources that a target offers to move further and deeper into the scanning process.

More ...

100 years later, this story remains terrifying--not because it's the local network block, but because the killer is on IPv4.

Network attacks

In the beginning there was nothing, which exploded. Routers and switches route and direct packets on the network and enable communications at the lowest layer. Gaining control over these devices, one can likely gain control over the entire network.

More ...

Changing the names would be easier, but if you're not comfortable lying, try only making friends with people named Alice, Bob, Carol, etc.

Cryptography

Breaking encrypted files and data and intercepting and breaking into encrypted communication channels.

More ...