bWAPP 🐝
Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access.
Hacking can be carried out in many ways. The most common form is the phishing scam, where hackers attempt to gain login names and passwords, or introduce malware into networked computing environments, by tricking users into opening an email attachment or forwarding private information. Some of the most serious breaches of recent years, including the Wannacry malware attack, began as phishing scams, affecting not just the target enterprise but associated partners, customers, government agencies and others.
A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security. Hackers are classified according to the intent of their actions. The following list classifies hackers according to their intent.
- White hat A hacker who gains access to systems with a view to fix the identified weaknesses. They may also perform penetration Testing and vulnerability assessments
- Black hat A hacker who gains unauthorized access to computer systems for personal gain. The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts etc.
- Grey hat A hacker who is in between ethical and black hat hackers. He/she breaks into computer systems without authority with a view to identify weaknesses and reveal them to the system owner.
Ethical Hacking sometimes called as Penetration Testing is an act of intruding/penetrating into system or networks to find out threats, vulnerabilities in those systems which a malicious attacker may find and exploit causing loss of data, financial loss or other major damages. The purpose of ethical hacking is to improve the security of the network or systems by fixing the vulnerabilities found during testing. Ethical hackers may use the same methods and tools used by the malicious hackers but with the permission of the authorized person for the purpose of improving the security and defending the systems from attacks by malicious users. Ethical hackers are expected to report all the vulnerabilities and weakness found during the process to the management.
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.
Hacking Tools are computer programs and scripts that help you find and exploit weaknesses in computer systems, web applications, servers and networks. There is a variety of such tools available on the market. Some of them are open source while others are commercial solution.
CTF (Capture The Flag) is a kind of information security competition that challenges contestants to solve a variety of tasks ranging from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data. In these challenges, the contestant is usually asked to find a specific piece of text that may be hidden on the server or behind a webpage. This goal is called the flag, hence the name! Like many competitions, the skill level for CTFs varies between the events. Some are targeted towards professionals with experience operating on cyber security teams. These typically offer a large cash reward and can be held at a specific physical location.
Cryptography is the study of secure communications techniques that allow only the sender and intended recipient of a message to view its contents.When transmitting electronic data, the most common use of cryptography is to encrypt and decrypt email and other plain-text messages.Modern cryptography uses sophisticated mathematical equations (algorithms) and secret keys to encrypt and decrypt data. Today, cryptography is used to provide secrecy and integrity to our data, and both authentication and anonymity to our communications.An example of basic cryptography is a encrypted message in which letters are replaced with other characters. To decode the encrypted contents, you would need a grid or table that defines how the letters are transposed.
There are a lot of resources out there in order to help you get started with Ethical Hacking. These range from YouTube tutorials to virtual lab environments where you can hone your skills.
- VulnHub - Through VulnHub, you can download VMs that have known vulnerabilites, your task is to break into these and find the flags that have been listed by the creator. This is a free service, you download the VM and run it in your VM program of choice
- Hack The Box - In order to even get signed up to Hack the Box, you need to hack into the site. Once in, you will find a load of pre-made vulnerable boxes. No VM programs are needed here as you access them all through a VPN. There is a free tier but in order to access the retired machines you need to pay a subscription.
- Try Hack Me - Similar to Hack the Box but with a more guided learning approach. You can enroll yourself in "classes" that will help you through what to look for when hacking a machine. Again, all machines are accessed via a VPN. Subscription is required for most of the content here
- Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
- Man-in-the-middle (MitM) attack
- Phishing and spear phishing attacks
- Drive-by attack
- Password attack
- SQL injection attack
- Cross-site scripting (XSS) attack
- Eavesdropping attack
- Birthday attack
- Malware attack
- Planning and Reconnaissance
- Scanning
- Gaining Access
- Maintaining Access
- Analysis and WAF configuration