Ultimate beginners handbook of computer hacking essentials learn ethical hackingm penetration testing, and basic security

Differences: Black, White, Grey, and Red Hacker?Black Hat Hacker : Bad Guy White Hat Hacker: Good Guy Grey Hat Hacker: The I “do it for fun” guy Red Hat Hacker: The “I do it for legal mo

[ULTIM ATE B EGINNER HANDB OOK TO COM PUTER HACKING ESSENTIALS: LEARN ETHICAL HACKING, PENETRATION TESTING AND B ASIC SECURITY: 5 0 + FREE RESOURCES TO HELP YOU M ASTER THE ART OF HACKING]

BY [NEIL W CARSON]

What is a Hacker?

Originally Hackers Were Not Computer Based

So What Is a Hacker Now

Why are hackers important?

Differences: Black, White, Grey, and Red Hacker?Black Hat Hacker : Bad Guy

White Hat Hacker: Good Guy

Grey Hat Hacker: The I “do it for fun” guy

Red Hat Hacker: The “I do it for legal money” guyNeophyte: The Noob

Definition and Importance: Ethical Hacker

Guidelines of an Ethical Hacker

Importance of an Ethical Hacker

The Tools: Ethical Hacker

Why Un-Ethical Hackers?

What’s the Difference?

Some People Just like to watch it Burn

Another Get-Rich Quick Scheme

The Tools: Un-Ethical Hacker

Beware the DEEP WEB (and ironically made by the Navy)

Developed by the Navy

How it works

Browser Beware

They are Watching

Preventive Security and Reactive Security

Preventive Security

What do we Detect? A lot When do we Detect it? All the time

Reactive Security

SSH, HTTPS, HTTP, SSL and FTP: Web Safety

SSH and FTP are Server Side Transfer, While HTTP and HTTPS are Web SideTransfer

How Blindingly Simple: Hack Your Windows Password

How to Hack Someone Else on Your Group Network

A Blunt Guide: Become an Ethical Hacker

WHAT IS A HACKER?

ORIGINALLY HACKERS WERE NOT COMP UTER BASED

Hacker literally means to break to your benefit, which means that when you used

something in manner that it was originally not intended to be used; you have become ahacker Originally, when you decided to optimize or make something better by taking it

a part and then putting it back together in a more efficient way, sometimes even addingsomething to make it better, this in it of itself was what it meant to be a hacker If youtook a toaster and changed the quality of the heating coils so that it would take less

power but cook faster, you were a hardware hacker If you chose to wake up early everymorning and brushed your teeth while you took a shower, you were a life hacker If youdecided to make a method that allowed you to do work faster, you were a efficiencyhacker You could have literally been a hacker for anything you decided to improve

SO WHAT IS A HACKER NOW

Hackers are now often associated with computers and while terms like Life Hacker arestill popular terminology, a term that directly describes an action, the general meaning

of a hacker is within a computer A hacker is a person who programs, navigates, ordevelops a method that allows them access into an area that they are not normally

allowed to have access inside of This means that a person who can “view source” andthen read the language the website is developed in so that they can manually remove thecode that pops up those annoying advertisements is a hacker

WHY ARE HACKERS IMP ORTANT?

Hackers make the world go around in the cyber world and the main cause for

improvements in technology in general Whenever a person is able to gain access theyare not supposed to gain access to, the person who runs security must now come up with

a new and improved way to protect the company The same goes for the advertisementand media industry, because people are blocking advertisements and downloading

media all of the time It is so simplistic to download a YouTube video that the musicindustry focuses heavily on live events for money instead of the actual music albumitself Artists have to put intricate watermarks on their photos in order to ensure thathackers do not just simply download the pictures from the source and sell them If itwere not for hackers, the development of technology would be a lot slower and theworld would not benefit

After all, it’s not just security hackers improve, but technology itself We will discusshow they do it later, but hackers can download information in mid-process if it is notfast enough and unsecure This has lead to developing methods that let web browserprovide a fast connection to their users and a direct line to not only make it difficult forhackers, but also makes it faster for the consumers of the internet Not all of the

technology improvements are accredited to these hackers, but a good portion of goodpractices can be and that’s why, as much of a problem hackers are, hackers are actuallybeneficial to the internet

DIFFERENCES: B LACK, WHITE, GREY, AND RED HACKER?

There are several types of hackers in the world and they all have reasons of why theychose to do it like they do We will put these in a chronological order from when theywere first coined to the final color of the Hat Hacker family The reason why they aregiven a color is to help people identify which hackers are good and which hackers arebad, and, just like in the world, not everyone is strictly good or bad The “Hat Hacker”part refers to an old style of changing identity in theatres, which was simply to put on adifferent hat and this let the audience know that you were in a different character

BLACK HAT HACKER : BAD GUY

A black hat hacker is a literal cyber bad person that only wants to make as much trouble

as possible just because they can These hackers normally do this for egotistical reasonsand are usually only show themselves where a new security system has come out, andthese individuals feel challenged While they are the “classical bad guy,” they do havetheir benefits for existing Without Black Hat Hackers, there would be no need for all ofthe other hackers to exist, or security for that reason, and they are actually the reasonwhy jobs are generated for Ethical Hackers

WHITE HAT HACKER: GOOD GUY

Just because they are a White Hat Hacker, does not mean they are an Ethical Hacker AWhite Hat Hacker only hacks when they feel like they need to, but strictly go out of theirway to make sure that they do not hurt anyone in the process This type of hacker isgenerally associated with the individuals who provide personalized bug fixers for

software and generally try to improve upon software issues that the company seems to

be ignoring You can usually find them on forums, helping people solve issues with theircode and just being the good guy for the general public They don’t do anything for

profit, they do it because they feel that it is need, and they are almost always happy tohelp out someone they don’t even know to help improve that person’s life

GREY HAT HACKER: THE I “DO IT FOR FUN” GUY

The Grey Hat Hacker is usually the person who hacks video games and tests their skillsagainst varying levels of security because they find it fun These hackers are

problematic because they don’t often care whether they harm someone, but they alsodon’t really even think about whether they are hurting someone or not This is similar to

a person who wants to hack into a credit card company because they feel like it would

be an interesting adventure

RED HAT HACKER: THE “I DO IT FOR LEGAL MONEY” GUY

Red Hat Hackers are usually a mix on Ethical and Un-Ethical Hackers The reason whythey are called Red Hat Hackers is for the terminology of “Red Tape.” That is right,Red Hat Hackers are usually on the level of hacking government institutions,

information hubs, and generally anything that falls underneath the category of sensitiveinformation The FBI and CIA hold a list of the world’s Red Hat Hackers to keep track

of what they do, where they go, and what jobs they are working on as a preventativemeasure against being hacked themselves A really big example of this is when thegroup Anonymous and LulzSec managed to Hack the CIA and cause them a lot of issuesfor, not only their employees, but also the security companies that place their trust in theCIA

NEOP HYTE: THE NOOB

A Neophyte is literally a “New Convert,” which is to say that this is a person who isnew to the hacking world and the term came about for hackers to represent the fact thatbeing hacker is similar to a religious practice

DEFINITION AND IM PORTANCE: ETHICAL HACKER

An Ethical Hacker only hacks to prevent others from being able to do things that aremorally improper to users of the technology That is essentially their purpose, but theyhave to follow specific guidelines that normal hackers do not have to follow

GUIDELINES OF AN ETHICAL HACKER

An Ethical Hacker has to do a couple of things that a normal hacker does not have to do

in order to fulfill their purpose

THEY MUST RECORD EVERYTHING

Ethical Hackers must record their screen, their keyboard, their mouse, their emotions,and even their heart rate and sometimes their brain waves All of this information isused to determine the strength of the security and what it will be like for the person onthe other end of the screen that is doing the hacking

HACK VS HACK

Often times, Ethical Hackers must go against each other to determine what a real-timescenario would be like in the case that a hacker is cable of getting far enough to thepoint where the security person must be able to protect the information by hand This isdone so that the programmers can develop scripts to specifically protect against thesetypes of attacks so that the protection is faster than the hands of a hacker

HACK FROM MORE THAN ONE DEVICE

Today, hackers can get in from multiple directions You can hack into the mobile

network and jump from the mobile network to go into the main network You can hackinto a person’s email and gain access from the email service You can hack a person’sphone SIM card and place a key logger for access from a remote location There aremultiple ways to hack into a network and an Ethical Hacker must be aware of all thedifferent ways a network can be hacked into

HACK PEOPLE

Another part of the process of an Ethical Hacker is to determine the social weaknesses

of an industry and how easy it can be for a person to be the source of the problem Thismay involve having lunch with a person and pickpocketing their phone while they’re nolooking, or determining whether that individual spends a lot of time surfing the internetwhile they are on break Additionally, they determine how is it is for an individual tobreak the NDA that nearly everyone signs in the beginning and whether a person couldget enough information from an individual to do actual damage to the business Thereare specific key parts an Ethical Hacker must look out for in the social network that isbehind the physical network

IMP ORTANCE OF AN ETHICAL HACKER

The importance of an Ethical Hacker cannot be stressed enough, as they serve as both asecurity analyst and a technological analyst They prevent security risks from people,networks, and other third-party players to ensure that there is a very small chance that ahacker is capable of getting into the network

THE TOOLS: ETHICAL HACKER

The tools of the Ethical Hacker often reflect the capabilities of the Ethical Hacker Asmentioned before, an Ethical Hacker must be able to have a lot of data in order to

ensure that they have a round-about understanding of what security issues they must bedealing with

TRACKING DATA PROGRAMS

There are several programs that track data submission and methods, and these allowEthical Hackers to determine the origin of a hacker, where they came in, and even howthey got in Such programs will track IP addresses, Data Packages, Mac Address

Orgins, and even determine the speed at which the information was passed to collectdata on the speed of the internet that is being used This allows the Ethical Hacker tocover up those areas with additional security and also allows them to ensure that scriptsthat they make to prevent entry are faster than the most likely speed of internet the otherhacker will be using

in that same language so that their preventative protections can be put into place A part

of this issue are the actual holes within a language If a hacker knows what language isbeing used, not only can the program be at risk, but the actual code of the program can

be altered An example of this is a PHP based website, which is vulnerable to the

classic GET, DELETE, and POST methods, which are a part of the language Unlessthere are specific measures put into place, the hacker on the other end will have a veryeasy time simple going into a comment box and pulling all of the data from a website on

to their hard drive

HIDDEN CAMERAS

As mentioned before, an Ethical Hacker also has to look at the people behind the

physical network to determine whether they will be a problem or not The hidden

cameras are for when the Ethical Hacker needs to do a Risk Assessment on the personwithin the video and determine which factors led to a specific success, or which

questions, when asked in the right order, would pull out the most information

Additionally, video recordings can be used by the Human Resources Department todetermine if the employee is in a stressed state and needs to be taken care of in terms oftheir working conditions Ethical Hackers are often mindful that a person’s weaknessesare not their own fault and that an average employee is not expected to be one hundredpercent fool proof Even the janitor may look up something on his phone while beingconnected to the internet at work and has no idea that someone took his phone, and

modified it, while he was on his lunch break This process is done often to ensure thatpeople are mindful of what they do and how their actions can affect the business

FORENSIC ANALYST PROGRAMS

There is a fine line between a Forensic Analyst and an Ethical Hacker because most ofwhat they do are extremely similar Therefore, what will usually benefit a ForensicAnalyst will often benefit an Ethical Hacker, and vice versa These programs will keeplog files of occurrences throughout the day on a network, track unauthorized uses,

pinpoint origin points for viruses, and are generally helpful in every step of the process.The only problem is that not everything a Forensic Analyst can use, can also be used by

an Ethical Hacker A Forensic Analyst can go into personal emails and sensitive

material that Ethical Hackers are told not to touch, and, in some areas, Ethical Hackersare even told not to touch specific areas of the network because the information on thatside is too sensitive for an individual to have their hands on However, the benefit tothis is that that section of the network is usually closed off from the rest of the network

as much as possible and often requires little to no effort when it comes to providing asolution Since the network remains untouched, Ethical Hackers only have to track

incoming and outgoing data from that network

SCRIPTING EFFICIENCY

Another part that has been mentioned are scripts Scripts are simple sets of code thatautomatically preform preventative security actions faster than a normal human to ensurethey shut down the attack as fast as possible These are written in a similar language tothe actual program that naturally protects the computer and some Ethical Hackers end upwith so many scripts that they make an entirely different security program to handle themall This allows them to keep track of all the different scripts, determine if the scriptsneed to be faster, and to find out when the scripts are conflicting with each other These

scripts are a vital part of the protection program as a script will always be faster thanthe human hand, so anything that can be written in the form of the script will be ten timesbetter than if the Ethical Hacker would have to do it by hand.

DRIVER DOCUMENTATION

One of the pet peeves of the entire industry is Driver Documentation and there’s a verygood reason Your computer has hundreds, if not thousands of drivers, that are needed inorder to make the computer work effectively A driver is a binary-level software thatallows the computer to communicate with either the hardware or the software

Documentation of those drivers tells security specialists and Ethical Hackers what

needs to be done to protect the end user from the security holes that those drivers have

If there isn’t enough or a proper form of documentation, that means the security

specialist or Ethical Hacker has to run close to a thousand tests to see all the potentialholes that the driver allows for the hackers of the world to get in through

WHY UN-ETHICAL HACKERS?

An Un-Ethical Hacker is very similar to a Black Hat Hacker and are often associatedwith them, but there are specific parts that make them different Not all Un-Ethical

Hackers are bad, which may seem strange at first, but these hackers are equally as

important as Ethical Hackers

WHAT’S THE DIFFERENCE?

Un-Ethical Hackers are like the Hulk version of Ethical Hackers and will relentlesslyattack a network to find problems They will often use tactics that are against the law,such as kidnapping and blackmail, to accomplish their goals The only problem is thatUn-Ethical Hackers sell the information to the highest bidder and only do it because it isprofitable These hackers will often mutli-hack systems as well, just to get the network

to the point where they can move pasts the preventative steps that an Ethical Hacker putinto place

SOME P EOP LE JUST LIKE TO WATCH IT BURN

It’s plain and simple, for the most part Un-Ethical Hackers often see a big business like

a giant juicy steak that needs to be cooked If a company claims it has the best security

in the world, you can be sure that an Un-Ethical Hacker has already started to break thatsecurity People have a tendency to go after the things that will provide them the mostchallenge and thrill, and this is the biggest way any hacker can truly determine what theyare capable of Not only do these hackers have to get past the system, but also they willoften have to cyber fight with another hacker or a team of hackers in a cyber-gladiatortype match It requires an intense amount of skill to do this and Un-Ethical hackers aresought out by security businesses like trophies for hunters

ANOTHER GET-RICH QUICK SCHEME

These Red Hat Hackers will often sell the information they steal or the tactics they used

to break a network to the highest bidder The prices go extremely high, with some

hackers being millionaires after preforming just one hack To put into some basic math,let’s say that each Facebook user’s information is worth just $0.50 each More than abillion people use Facebook, so that’s half a billion dollars for that one hack However,Facebook is extremely large and has a dedicated security team to ensure that hacking

Facebook is near impossible However, as the Tunisians proved, hacking giant

powerful companies like Facebook is not an impossibility and poses a serious threat tothe online world

However, the process is often illegal and once the hacker manages to sell the

information, they will be put on the list and watched until the day they die Often times,any type of money they got from the deal will go to just making sure the company can’tget their hands on them and that they live in a place that shields them from the

government that they ran away from

THE TOOLS: UN-ETHICAL HACKER

The Un-Ethical Hacker has quite a bit more on their plate than the Ethical Hacker andit’s important to know what they have, in order to protect the businesses that they goagainst These hackers are often either employed by a competitor or just out there to getinformation on businesses their local government is interested in

MORE THAN ONE COMPUTER

They often have an entire room built with computers all interconnecting in order to

ensure that they can handle even the biggest jobs This is why having efficient scripting

is important and why creating scripts to defeat your own scripts will improve your

scripts even further, and why you need to do this Often times, the reason why a place ishacked is that the Ethical Hacker did not get far enough to detect a specific type of scriptthat would protect against the scripts the Un-Ethical Hacker created

Another dynamic tool that Un-Ethical Hackers have under their belts is the ability forsheer processing power, which can run over tens of thousands of scripts at once AnEthical Hacker is limited to the processing power they are given to work with while theUn-Ethical Hacker is only limited by how much money they have to purchase

processors, and how much power they can afford to have This is why some

governments employ Un-Ethical Hackers and give them all the resources they need toattack foreign companies for their information

On top of this, the most important part of the entire process is to not get caught and this

is where the importance of more than one computer comes in Each computer has itsown Mac Address, which identifies the hardware similar to the driver’s license that youuse Having more than one Mac Address along with every one of those Mac Addressescoming from a different IP address scrambles the origin of where the hack is comingfrom This is the standard step most Un-Ethical Hackers use to hide their location

PRE-RENDERED ADAPTABLE SCRIPTS

Another huge part of being an Un-Ethical Hacker is to develop adaptable scripts thatwill continue to attack the network in a different way even if the initial script fails This

is huge and rare, as only some of the best Red Hat Hackers in the world produce theseand these scripts are extremely difficult to beat since the code often adapts faster than

the person who is trying to keep the website secure However, an important part to note

is that these scripts are not artificially intelligent and will continue to brute attack unlessthey are stopped, and they may be flawed and backfire

How you develop an adaptable script is through knowing the Append functions of alanguage and making a ton of if/else statements that have already been thought of to

ensure that the next append will take the most likely path that the Ethical Hacker used inorder to block the script In other words, one script may have over 1,000 if/else

statements and only one append function for failures so that it takes note of what fails,and what looks like it worked Then, behind that, if one of the scripts looks like it

worked, another adaptable script begins at that point to start targeting if/else parameters

to see if it can go any further These scripts can take weeks to build, but it essentiallymakes short handle of almost any network and will break through a network within afew hours Additionally, these scripts could run over a million if/else statements

previously scripted by those within the same line of work and were downloaded off ofthe Deep Web

SWEAT SHOPS

If you have heard anything bad about a foreign country, nine times out of ten the bad wassomething involving the use of a sweat shop These also exist for Un-Ethical Hackersand the ones that use them, use them at their full extent In a slight twist of irony, though,almost any work at an Un-Ethical Hacker Sweat Shop will have enough knowledgeabout computer by the time the shop is shut down, that the person who work in the sweatshop will have something they can work with in foreign countries for money But, why?Sweat Shops like these are often used in government funded operations to make theadaptable scripts we were talking about, but in droves Essentially, the sweat shops aretaught how to write the scripts and then told they need to write a certain amount of

scripts to beat a specific algorithm What occurs is a lot of common scripts, but, whencompiled, you also have tens, hundreds, and even thousands of if/else statements that arenot common This also for a better versed script and, to go even further, so scripters arethen required to beat that list of scripts with another drove of scripts The entire processtakes close to three months or even half a year depending on how much manpower theyput into The result is an extremely large compiled list of if/else statements that willabsolutely destroy the network they are going against

However, as mentioned before, these are rare and require a lot of dedication to make ithappen This has only occurred a few times and they have left their mark on history,

with notable historical moments of NSA hacks, Pharmaceutical Company hacks, andvery similar world-surprising moments.

BUGS 101

The last part that Un-Ethical hackers use against Ethical Hackers is the list of bugs thatthey know will work against certain securities and languages Most people are unawarethat there are thousands, and even millions, of exploitable bugs in software and peoplespend their free time to figure out where they are The help button on software is

expectant of the average consumer and problematic for software designers, and veryexploitable Knowing how to replace that help button on an employee’s computer from

an email, may give you access to the entire network This would only be possible ifthere was an exploitable bug in the software that allowed you to alter the help buttonremotely