One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 785898 |
| Date de publication | 2018-08-30 13:00:00 (vue: 2018-08-30 15:34:09) |
| Titre | Ethical Hacking: An Update |
| Texte |
How has the world of hacking changed over the past decade? More and more companies are hiring ethical hackers to hack systems and show vulnerabilities. Penetration testers try to access systems by any means possible, including through social engineering. Let’s look at what ethical hacking is, how it’s done, and how it will change in the future.
Source
Ethical Hacking
Commonly known as “white hat” hackers, as opposed to black hat, ethical hackers are generally employed by a company to hack into the company’s systems and show them vulnerabilities. Some will help patch up the holes, while others simply expose what’s wrong and leave it to the company’s IT team.
The word “hacker” carries a certain connotation and is usually negative. However, it’s best to think of them in “Old West” terms. The sheriff in the old west always wore a white hat and was the good guy. The outlaw wore a black hat. Hence, the terms white hat and black hat hacker; one aims to help while the other is malicious.
In order to combat black hat hackers, white hat hackers have to think like black hat hackers. Some may have even started as black hat hackers, gained skills, and decided to use those skills for good.
Unlike in previous years, where dealing with ethical hackers could be a grey area, white hat hackers are often certified as an ethical hacker. They can prove they are using their skills to benefit a company rather than trying to break into the company’s system and actually steal information.
Penetration Testers
Coincidentally, penetration testers do steal information. They can also steal physical computers, hard copies of information, and more. Pen testers are sometimes not limited to just computer systems. Instead, much like the mindset of a hacker mentioned above, they do whatever they can to access a system, such as using social engineering or email spoofing. They are often part of the “red team,” hired to find holes in security.
Imagine, for instance, someone calling IT and claiming they forgot their password. The password is reset, and the employee leaves happy. The problem is that it wasn’t actually the employee but someone posing as them who now has access to the system.
A member of the red team might be able to swipe a pass card, enabling them access to a server room. From there, they can directly connect to the server, accessing information. The sticky note Jan from accounting keeps on her computer monitor to remind her of her logins? Gone the next morning. Everyone from |
| Envoyé | Oui |
| Condensat | “honey “old “red “white able above access accessible accessing accountant accounting actually advanced aims all already also always answer any are area army back become begin being benefit best black breach break but calling can card carries certain certified change changed claim claiming coincidentally combat commonly companies company company’s compromise computer computers connect connected connotation copies corporate could creating current cybersecurity data dealing decade decided defense defenses directly doing done dummy easily email employed employee employees employs enabling engineering enough essential ethical even everyone expose fear financial find first forgot from future gained gaps gatekeepers generally get gone good grey guy hack hacker hacker; hackers hacking hacking: happening happy hard has hat hat” have having help hence her hired hiring holes how however identify imagine important including increase incredibly infiltrate information instance instead isn’t it’s jan just keeps know known laptop lead learning leave leaves let let’s like likely limited line link logins look machine make malicious many may means member mentioned microsoft might mindset mongering monitor more morning much need negative network never next not note now observant observe observing off office often old one open opposed order other others otherwise outlaw over part pass password past patch pen penetration physical posing possible pot powerful practices prepare previous probably problem prove rather reality red rely remind reset room secure security sent server sheriff show simple simply skills social society some someone sometimes soon source spoofing starbucks starbucks’ started steal step sticky stolen such sure swipe system systems tail take team teams terms tester testers than them think those through tight today’s trained training try trying understand unlike update use used using usually virtual vulnerabilities wasn’t ways weak well west west” what what’s whatever where whether white who will without word wore work world wrong years yet your |
| Tags | Hack Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.