Learn Ethical Hacking Episode #3: Basic Terminology


If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!


Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
Certified Ethical Hacker Boot Camp for 2018!
The Complete Ethical Hacker Course: Beginner to Advanced!
Build an Advanced Keylogger for Ethical Hacking!

Hello everybody and welcome to this tutorial. Today, I will be talking about some of the basic terms which you will need in order to follow along with this course.

So, first off, you have three main categories of people. There are White Hat hackers, Gray Hat hackers, and Black Hat hackers. Everything that we will be doing throughout this course will fall into the White Hat category. Those are people whose activities are within the confines of the law. There are people such as penetration testers, ethical hackers, people like you and me, and so on. Next, you have Gray Hat hackers whose activities are bordering between legal and illegal. It’s a bit of a shady area. In addition to that, you have the most known category which is Black Hat hackers. Usually, and unfortunately, every time somebody hears the term hacking it is associated with people from the Black Hat world. There are people who conduct all sorts of illegal activities, or conduct activities without any regard for the law. These activities include extracting information from certain servers, user credentials, credit card information, and take services down for some sort of financial gain.

Moving along, you have footprinting. The act of footprinting is essentially information gathering. You are conducting some sort of reconnaissance work. This can include figuring out the IP address of a server, figuring out which ports are open, and with that you can conclude which services are running. Footprinting doesn’t necessarily need to be confined to the digital world. The act of footprinting can also consist of visiting the physical property of your target. You just walk into the building where the target’s servers are located and have a look around. You can attempt to gather some information there on site. You can dig into their trash containers to look for confidential information. Also, people have been known to go into parking lots to see who the employees are, who works there, all sorts of things. So, this is just general information gathering in regards to your chosen target. It doesn’t need to be confined to the digital world.

Anyway, down below you have certain types of attacks: you have DoS and DDoS. Both are the same thing implemented in a different way. DoS stands for denial of service. These are usually referred to as childish attacks because they are relatively easy to implement. Then you have DDoS attacks which are on a much, much larger scale. In general, what happens here is that you perform a certain amount of requests, more requests than a server can handle, and then the server begins dropping connections. For example, an Apache web server, I believe by default, can handle up to 10,000 connections or so. If you can make more than 10,000 requests, anybody else making any sort of requests will not be able to access the website, because their connection will be dropped. The Apache server will say, OK, I have too many users, I have more users than I can handle, all the other connections will be dropped by default. Thereby, making the site inaccessible even though you haven’t broken into the server. You haven’t really broken through any firewalls, or stolen any passwords, or anything of a kind. But, when you’re DoS’ing something it’s just you. So, all the requests are coming from your own computer. Generally, this will only work if there is a flaw in the way in which requests are processed. However, that is why you have DDoS attacks. When you have multiple computers, multiple connections, and they are all making simultaneous requests to a certain server. This can be extremely difficult to fight off. You need to have a clever configuration of your firewall, and you need to have quite a good firewall as well. Usually, you need a physical firewall to prevent DDoS attacks, and by physical I mean a router firewall.

DDoS attacks are difficult to perform because it is difficult to make the necessary preparations. First of all, you need to go about infecting other devices which you will use, which you will enslave and use in order to perform this sort of an attack. This is the difficult part. The DDoS part is quite easy comparatively. For that, in order for you to infect other computers, you need two things. You need RATs, remote administration tools, and you need to be FUD, fully undetectable. So, it just means that they cannot be detected by anti viruses, or the more precise term would be that they are not labeled as something malicious by an antivirus program. Most of the time you don’t actually need to make your own applications fully undetectable. There are plenty of pen-testing companies out there, and not just pen-testing companies but other companies as well, who will pay very good sums of money if you can make their programs fully undetectable by antivirus programs. Remote administration tools usually go on a USB stick, are sent via an e-mail attachment, or attached to a zip file, and in such a way that they can infect other computers, other devices. These programs then enslave them, and then you can use all of those computers to conduct different sorts of activities. This is beneficial for the attacker because it anonymizes them to a very large extent.

Next we have rootkits. A rootkit is a tool which you install onto an operating system, and it is able to hide running processes from the system itself. So, when you, for example, start task manager in Windows, the purpose of a rootkit would be to hide the processes from the task manager. Basically, how it works is that the task manager requests information from the system, from the kernel, and then the kernel of the system responds, which is the core of the system where all the drivers and the key functionalities are. The kernel of the system then responds, hey, I have this, this, this, and this process running, here you go. What a rootkit would do is redirect those requests from the task manager to itself, and would say, I don’t have such processes running. So, very, very dangerous and potent combinations here that we will use later on as we progress through this tutorial. For the time being, I just wanted to provide you with a bit of an introduction to the course and give you an idea of what we shall be doing throughout some of the demonstrations.

Finally, we have phishing attacks. Phishing attacks are basically when you apply some sort of bait, somebody bites it, then you pull on it. Simple as that, right. The same way you go fishing? Well, not quite. Phishing attacks are when you get an email from someone and there’s a link in it, you click on it, and it throws you onto some website. It may look legitimate. It perhaps looks like a website that you are using, but it is not. You might pass in your credentials, and that can be a problem. This is generally avoided today. What happens these days is that the DNS servers get changed on your routers, and once that happens all the requests that you make on your web browser would get redirected. So, for example, if you type in facebook.com, you’re gonna get the domain with facebook.com from a private DNS server, god knows where, whose MX records have been altered, and they have been configured, for example, to redirect facebook.com to a certain IP address that does not belong to Facebook. So, you open up your Facebook, it looks exactly the same, there is no way to tell because in the upper left corner of the screen you have the domain name written, it’s www.facebook.com, and basically you provide login credentials. Once you do that, they’re gone, somebody has them. One of the ways to detect this would be to check whether the protocol is HTTPS, instead of HTTP. Usually, if these kind of attacks are conducted it’s not going to be HTTPS, as that is much harder to implement. But, if it is HTTPS there really wouldn’t be any legit way of figuring it out other than actually checking the keys, checking their certificates, and no one actually does that. Maybe not anyone, but 99% of users are not going bother to go about conducting such checks. Anyway, I know it sounds a bit complex, but, believe me, I will explain this in great detail. I will give you several demonstrations, and by the end of this course you will understand and know how to do this with great ease. It will not present a significant obstacle in your line of work. Now that we have approximately half of these out of our way, I will continue covering the terms in the follow-up tutorial. I hope to see you all there!

The remainder of the tutorial videos can be found in this YouTube playlist:


You can also enroll in the course and download the videos for offline viewing:


Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato