Introduction:
1、What is white hat hacking? Here’s how ethical hacking works
2、How to Become a Hacker for the Military?
What is white hat hacking? Here’s how ethical hacking works ♂
When most people hear the word “hacker,” they often think of the usual stereotype: an evil cybercriminal in a hoodie, hunched over a computer in a dark room. In a way, we have the media to thank for that depiction. However, this caricature is very unfair to a certain category of hacker whose intentions are not evil in the slightest. Quite the opposite, in fact.
There are several types of hackers, including the black hat hacker and the white hat hacker. The terms “black hat” and “white hat” indicate whether or not the hacker is using their hacking skills for good or bad. There are also hackers with other colors of “hats,” such as the red hat hacker, but that’s outside the scope of this article.
A black hat hacker is one who does hacking for illegal gain or to intentionally create havoc. This is the variety vilified in movies and TV shows as enemies of society. The ones who will empty out bank accounts and remotely hack into the electricity grid and shut it off.
On the flip side, a white hat hacker is more noble and principled (white being the color of purity and all). These hackers use their hacking skills to do good. They look for security vulnerabilities and report them to the affected entity. They also go after black hat hackers who are causing harm. Some even work for law enforcement.
White hat hackers use the same skills cybercriminals use. But a white hat hacker will intentionally breach a system or scan through it with the aim of revealing bugs, misconfiguration, and vulnerabilities so they can be fixed. This often involves trying to get into the minds of cybercriminals, fighting fire with fire in the global cybersecurity crisis that affects all industries and sectors of the world.
Ethical hackers are gaining traction and solidifying their reputation for staying one step ahead of attackers. Today, white hat hackers are employed by organizations to put their systems to the test. Their job is to find the weak points before cybercriminals do. Organizations like HackerOne — the largest community of ethical hackers in the world, with more than one million registered hackers — offer their services to companies like Twitter, Facebook, Nintendo, GM, PayPal, and many others.
Because companies hire top ethical hackers to lead their security teams or as external contractors to test their systems, the work of white hat hackers is 100 percent legal. White hat hackers are respected and valued by the cybersecurity community.
New trends in white hat hacking include bounty programs. Several famous companies like Microsoft, Apple, Google, and others have offered thousands and even millions of dollars to white hat hackers who can hack newly released products and systems. Entire communities of white hat hackers search for vulnerabilities, malware, or other issues.
By contrast, black hat hackers are individuals who illegally hack systems or devices. Meanwhile, gray hat hackers are those who have good intentions but are willing to cross legal and ethical boundaries. Gray hat hackers operate without the permission of companies but do not have malicious intent. They are motivated by the challenge of hacking strong systems or exposing moral values.
In the late 1950s, when there were no computers for personal use, a small group called the Phone Phreaks began hacking into the networks of public phone companies. They hacked into the phone network using a device known only as the Blue Box. This device imitated a specific set of audio tones. Although they could access a phone company’s system and make free calls, among other things, the motive for the hack was purely the thrill and the challenge.
This group inspired the first generation of hackers when Esquire ran a story about them titled “Secrets of the Little Blue Box” in October 1971, thus immortalizing the movement. The article made a big impression on Steve Wozniak, cofounder of Apple, and on Steve Jobs himself.
By the 1970s, in the region known today as Silicon Valley, computer clubs began to form. These small groups of young people built their own computers and devices. Only governments and big industries used computers back then, but this movement of early white hat hackers led to the creation of companies like Apple and the evolution of IBM.
In the 80s and 90s, hacking entered a new phase. Personal computers were now a reality, and businesses had more at stake. This was the time when black hat and gray hat hackers began to flourish.
While some hackers still only hacked for moral principles or technical challenges, by the late 1980s, the United States federal government stepped in to send a message to all hackers. Kevin Mitnick, known for hacking the computer giant Digital Equipment Corporation (DEC), was placed in the number-one spot on the FBI’s Most Wanted list. Today, Mitnick is one of the industry’s most-respected security consultants. However, his case and similar cases stigmatized hacking through new digital laws and robust prosecutions.
Today, the intense threat of a landscape driven by cybercriminal gangs, transnational criminal organizations, and global digitalization has reinvigorated the importance of the original hackers.
Despite the stereotypical image of hackers lurking in dark rooms, there are some famous white hat hackers.
Kevin Mitnick might be the most well-known hacker of all time. Mitnick was once a black hat hacker who eventually ended up in prison in 1998 for 2 years. Once he was released, he used his knowledge to make amends and became a white hat hacker. Mitnick died in 2023 from cancer.
There are few people in the Western world today who haven’t heard of Steve Wozniak. Along with Steve Jobs, Wozniak helped build Apple. But before he had a hand in bringing us iPhones and MacBooks, Wozniak was a white hat hacker.
Wozniak was fascinated with how technology worked and wanted to understand it. One of the things he did was create “blue boxes,” which manipulated phone lines to give him free calls.
Dan Kaminsky is known for a discovery that, had he not uncovered it, could have adversely affected the entire internet.
Kaminsky discovered a serious flaw in the Domain Name System (DNS), a major component of the internet’s infrastructure. This flaw would have enabled cybercriminals to redirect people from a legitimate website to a malware-infested one. Thanks to Kaminsky, the flaw was patched, and disaster was averted. Kaminsky died in 2001.
So, what are the techniques and tools used by white hat hackers?
Many hackers work using their own custom-made tools (which they don’t reveal to anyone else). But they may also use some of the following resources:
The difference between a black and a white hat hacker is like night and day. Here are some of the main differences you can use to differentiate between them.
In the end, intention and motivation make up the main difference between white and black hat hackers. Black hat hackers are criminals. Therefore, their motivations will be similar to the motivations of any criminal: financial gain, data theft, extortion, revenge, and more. Take the infamous Locky ransomware attack, for example, where black hat hackers extorted organizations for money by keeping their data hostage.
White hat hackers want to improve an organization’s or system’s security. Both types of hackers are highly competitive, and some white hat hackers may seek recognition. But the moral values of a white hat hacker are ethical and transparent. White hat hackers hack for global good or for a good cause, while black hat hackers have criminal and often personal motivations.
As mentioned, white hat hackers operate within the laws, while black hat hackers have malicious intent and knowingly breach these laws without any concern. The black hat hackers’ intentions are to steal, damage, harm, or conduct other activities that are illegal.
Cybercriminal organizations thrive in the shadows. To operate, they need anonymity. However, white hat hackers do not need to be anonymous. They can work while fully disclosing who they are, including the position, role, or job they’re doing.
All hackers are sophisticated coders. However, white hat hackers do work that cybercriminals don’t do. This includes developing security software, tools, and techniques to detect and remove malware, pentesting (penetration testing), and building security patches.
On the other hand, black hat hackers are dedicated to coding malware and creating new social engineering techniques to trick users and breach systems. It could be said that while black hat hackers create problems, white hat hackers are creating the solutions. However, ethical hackers have lately taken on more offensive security approaches instead of preventive ones.
If white hat hacking sounds like something you want to get involved in, here’s how you can go about it.
Hackers of any variety usually don’t ply their trade on Windows and Mac. Instead, most use Linux. So, the first step is to make yourself an expert in the Linux operating system.
Once you’ve got Linux down, it’s time to master programming languages. Python and Ruby are 2 good ones to know. You can get plenty of free online classes at places like Codecademy and Free Code Camp.
You can’t get involved in white hat hacking without a solid foundation in cybersecurity. Cryptography and risk assessment are a couple of good areas to start with.
If you’re going to be poking through networks, you need to know how they work. Start with network protocols — DNS, FTP, HTTP, and SMTP, among others. Then, move on to routers, switches, and firewalls.
If you’re going to be marketing yourself to potential clients, you should earn some certifications and training in the field. It shows that you know what you’re talking about. Some certifications and trainings to look into include:
While training to become a hacker, you obviously can’t mess about with actual networks. So, where can you practice without causing the world’s stock markets to crash or unintentionally wreaking other types of havoc?
Luckily, there are 3 good online sources where you can tinker about to your heart’s content. Think of them as the Duolingo of ethical hacking:
White hat hackers contribute to innovation and security. The thrill of hacking and the challenge of building a better, more efficient, more inclusive digital world continues to feed the white hat culture just like it did in the early days.
How to Become a Hacker for the Military? ♂
Do you want to work with a hacker? While the answer is usually a resounding “no” for many organizations, the Defense Department’s Cyber Crime Center Vulnerability Disclosure Program welcomes hackers and has been partnering with them for nearly four years. Of course, I’m talking about ethical hackers, also referred to as “white hat” hackers. Ethical hackers contribute to security as well as society in many ways. They tirelessly look for system vulnerabilities. Once identified, the required patch will be released before a black hat can abuse them. By eliminating potential flaws, ethical hackers not only save organizations from monetary losses but ensure that the customers and stakeholders won’t suffer the exploitation of data privacy.
Install any operating system based on *nix family. (Delete windows, either it is genuine or not, it doesn’t matter)
First, it's not easy to be a hacker or security expert.
It's a long process and hard work of lots of years, it won’t come in just one night or one day or one month or even one year.
One must be a very passionate, curious and hard worker.
Learn to use Linux or Unix using Command-line Interface only (no GUI as there is no learning in GUI, if need GUI then use windows) and then after doing a lots of practice, learn Linux system administration.
Learn shell and python scripting language (useful in developing security tools and automating tasks)
Learn computer networking, Linux Networking Concepts which includes Wireless networking, protocols, OS/TCP-IP stack, IPTABLES, IDS/IPS, etc.
Learn NMAP Scripting Engine & Pentesting Tools (NMAP, Wireshark, aircrack suite etc.) and security framework 'Metasploit' and do lots of practice.
Try to get your hands dirty in Kali Linux but please, don’t limit yourself to only Kali Linux (because you can also do that with every distro of Linux family)
Learn server security hardening or learn to protect your servers, in other words, *nix security administration.
Must learn Programming languages like C/C++, ARM/x86/x64 assembly language, which helps in development (code and memory optimization), shellcode development, reversing malware, software and also in software exploitation).
Learn about socket programming in Python and C, both. It would be helpful in the development of backdoors and shellcodes.
Learn about operating system concepts, about Linux and BSDs and their security implementation on OS to make them secure.
Learn kernel programming which includes driver development from both, theoretical and practical point of view.
It would be little difficult to learn kernel programming as it requires one to be proficient in C, *nix system engineering (user-space development), some assembly language and all other operating system concepts.
In kernel programming one will learn more about the internals of os and kernel like how everything inside the kernel works.
Note:
Whatever stuff I have written here is more focussed on System and Network Security.
Please don't take it so easy,it requires a lot of hard work to be an independent security expert.
Do lots of research (or re-search on google) and learn by own. Don’t depend or wait for someone to teach or spoon-feed. Everyone is busy and struggling with their own problems in life.
Do a lot of practice on each and every point that mentioned above by setting up the virtual labs or in dockers or some sort of hardware, whatever suits.
Learn and read a lot of security technical books and also practice them a lot because technical books are not novels.
This post doesn’t cover mobile pentesting (user-space) and web pentesting. I am not the right person for web or on mobile pentesting yet but still mentioning some; like learning web development languages, learn about OWASP and also web-based attacks and try HackerOne or Bugcrowd to practice etc.)
For mobile pentesting like app reversing etc. one can proceed after learning the points mentioned above.
Requirements:
Google.
Curious Mind.
Patience.
Eagerness to Learn.
Constant and continous learning.
Never Stop Learning!
While the first use of the term appears to date from a 1995 Computerworld interview with an IBM technologist, ethical hacking has been around since the early days of computing, according to an IBM Systems Journal article by Charles C. Palmer.
"Just as in sports or warfare, knowledge of the skills and techniques of your opponent is vital to your success," writes Palmer, who worked with IBM Global Services to start IBM's ethical hacking practice. "Ethical hackers have to know the techniques of the criminal hackers, how their activities might be detected and how to stop them.
Far from being reformed hackers with criminal histories, ethical hackers, in fact, pledge not to break the law or steal information. "The Certified Ethical Hacker certification is designed to help people to determine who is trustworthy and who is not," says Craig Bogdon, senior network engineer at Sage InfoSec, who earned the CEH credential.
The military does not require you to have a degree in computer science to enter a military job related to hacking. Let’s return to our Army example and review the training a new recruit can expect to get if they are approved to become an Army Cyber Operations Specialist.
The first expectation is that all troops must pass the initial training phase as an officer or an enlisted recruit. New recruits without college degrees entering the U.S. Army as enlisted soldiers who want to become Cyber Operations Specialists will attend 10 weeks of Basic Combat Training and two Advanced Individual Training phases.
Systems and certifications that may be offered via training programs in the Army can result in the recruit being qualified on the following:
CompTIA A+
CompTIA Network+
CompTIA Security+
Certified Ethical Hacker (CEH)
Certified Information Systems Security Professional (CISSP)
CISCO Certified Networking Associate (CCNA)
As you can see, there is an industry-standard Certified Ethical Hacker credential possible, as well as training/certifications for routers, network issues, and much more.
Each branch of military service has its own requirements for cyber security jobs like the one we’ve been reviewing above. For the particular Army job seen here, there is a minimum ASVAB score requirement in the following areas:
General Technical (GT): 110
Skilled Technical (ST): 112
Again, each branch of military service has its own unique requirements. For example, the Air Force’s Cyber Systems Operations job (which may or may not be similar to the Army equivalent mentioned above) for enlisted troops has only a general ASVAB requirement compared to the Army job above. The minimum qualifications for this Air Force hacker-type military career includes:
High school diploma, GED with 15 college credits, or GED
“Knowledge of cyber system elements”
Completion of an “Initial Skills” course
Completion of a current Single Scope Background Investigation (SSBI)
Completion of 8.5 weeks of Basic Military Training
Must be between the ages of 17 and 39
The recruiting office is the place to get the most up-to-date information about job openings in military cyber operations, white hat military hacking, etc. However, if you are looking for general information (as opposed to what the current vacancies might be) you can search the official sites for all branches of military service.
Be sure to use key phrases like “Enlisted White Hat Hacker” or “U.S. Military ethical hacker job” as search terms and don’t forget that the Department of Defense uses the term “cyber” a lot when describing hacker jobs, missions, organizations, etc. You can also look up the organizations responsible for military computer operations and related missions such as:
S. Fleet Cyber Command
Marine Forces Cyberspace Command
Air Force Cyber Command
U.S. Space Force
U.S. Army Cyber Command
The first thing to remember is that if you have skills that meet the job description, you should mention them to the recruiter–you will want to have a conversation with a recruiter from more than one branch of the military so you can compare job descriptions (most military branches use the term “cyber” as a keyword for military hacker jobs), education and training requirements, etc.
Hacking is a tricky skill since many of the options you have to learn aren’t always “white hat” choices. Remember that a recruiter is obligated to ask you about past run-ins with the law no matter how minor they may seem.
If you have a past that is not troubled by legal run-ins (especially those based around your hacking skills) you will have an easier time with the recruiting process but don’t assume that you do NOT qualify–let a recruiter determine if a past legal issue is a true barrier to enlistment or if it simply requires the request for a waiver (which IS possible depending on circumstances).
Getting a military job that requires or trains troops to use hacking skills requires you to speak to a recruiter, consider your basic training options, and much more. It’s good to research your career interests first before talking to a recruiter.
评论已关闭