Ethical Hacking

Ethical hacking
Ethical hacking and ethical hacker are terms that describe hacking performed to help a company or individual identify potential threats on the computer or network. An ethical hacker attempts to hack their way past the system security, finding any weak points in the security that could be exploited by other hackers. The organization uses what the ethical hacker finds to improve the system security, in an effort to minimize, if not eliminate, any potential hacker attacks.
In order for hacking to be deemed ethical, the hacker must obey the below rules.

1. You have permission to probe the network and attempt to identify potential security risks. It is recommended that if you are the person performing the tests that you get written consent.
   
2. You respect the individual's or company's privacy and only go looking for security issues.
   
3. You report all security vulnerabilities you detect to the company, not leaving anything open for you or someone else to come in at a later time.
   
4. You let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their software or hardware if not already known by the company.
   

The term "ethical hacker" has received criticism at times from people who say that there is no such thing as an "ethical" hacker. Hacking is hacking, no matter how you look at it and those who do the hacking are commonly referred to as computer criminals. However, the work that ethical hackers do for organizations has helped improve system security and can be said to be quite successful. Individuals interested in becoming an ethical hacker can work towards a certification to become a Certified Ethical Hacker or CEH. This certification is provided by the International Council of E-Commerce Consultants (EC-Council). The exam itself costs about $500 to take and consists of 125 multiple-choice questions in version 8 of the test (version 7 consisted of 150 multiple-choice questions).


http://www.computerhope.com/jargon/e/ethihack.htm

[ltr]Core Rules and Concepts of Ethical Hacking[/ltr]
[ltr]Watch these Ethical Hacking videos, and you’ll understand skills like buffer overflow, network sniffing, password cracking, and more. Know the techniques of ethical hacking and you’ll learn security tactics through the mind of an attacker.[/ltr]


[ltr]
[/ltr]
[ltr]Transcription[/ltr]
[ltr]First off, we must define the concept of ethical hacking. Ethical hacking, at its core, is using the techniques and tools, approaches and attacks that an attacker would use to identify vulnerabilities, document the vulnerabilities and plan remediation. Many times, folks that aren’t as familiar with security penetration tests or security analysis just assume that all security experts, especially IT security experts, are the same and that they use the same techniques and the same tools. They assume an auditor is the same as an analyst. They assume an ethical hacker uses the same tools as those folks as well and that’s simply not the case.[/ltr]
[ltr]The Difference Between Ethical and Unethical Hacking[/ltr]
[ltr]Ethical hacking is different in this core function in that it uses the exact same methodology and the exact same tools that a hacker would use: someone, frequently outside the company and out of control of the company, to actually understand the network, penetrate, compromise.[/ltr]
[ltr]They do it in a way that’s ethical, meaning that they document this, they record the steps, the breaches and the parameters that they’ve used. Later on, analysts and auditors can come and look at those results and determine what things may need to be done in the future to help prevent similar attacks, but from an unethical hacker down the road.[/ltr]
[ltr]This is a key difference. This key approach difference is really what separates this from anything else out there.[/ltr]
[ltr]Rules and Guidelines[/ltr]
[ltr]When we talk about ethical hacking, as well, one thing to remember is that ethical hackers follow specific rules and guidelines. These are really important.[/ltr]
[ltr]Do No Harm[/ltr]
[ltr]The core rule of ethical hacking, first and foremost, is do no harm. Do not destroy assets, wreck networks, deny service and actually affect real use of systems and do not lock people out in a way that’s not part of the plan.[/ltr]
[ltr]Doing no harm is really the big distinction between a cracker and an ethical hacker. A cracker or a true attacker, may want to do harm as part of their attack, whether it’s compromise sensitive data, deny service to legitimate users, destroy assets and so forth.Ethical hacking differs there in that, typically, there’s no destruction and no harm done.[/ltr]
[ltr]Understanding Boundaries[/ltr]
[ltr]Ethical hacking is also really rooted in boundaries, understanding what systems can and cannot be attacked. For example, an online database that’s critical to customer data, or critical to transactions. That kind of database should never be attacked by an ethical hacker unless it’s part of the ethical hacker’s boundaries and that database is specifically included.[/ltr]
[ltr]Most businesses that are being run 24 hours, seven days, will not want an ethical hacker to approach any critical business systems because it could simply impact business. Understanding what those boundaries are up front and then honoring those boundaries is absolutely critical.[/ltr]
[ltr]Counter measures are not part of the ethical hacking process. As you’re examining networks and foot printing and determining vulnerabilities and installing compromises, that process doesn’t include at every stage, well, I wonder how I would defend against this. That’s not part of ethical hacking.[/ltr]
[ltr]Documentation[/ltr]
[ltr]Ethical hacking is getting in, finding the vulnerabilities and certainly documenting as you go. Counter measures are usually considered only after an entire ethical hacking process is complete. After you’re successful, you’ve compromised vulnerabilities and actually owned the network, so to speak, you worry about, “I wonder how this company, my company, any company could protect against this.” That’s when that research happens.
Sometimes it’s a natural outcropping of the attack itself, and that’s great. Document that but do not focus on counter measures during ethical hacking.[/ltr]
[ltr]All of this should be in written agreement with whoever is the subject of this ethical hacking process. If you’re a consultant, and you’ve been brought in to determine vulnerabilities and risk exposure for our company, getting agreement on, what the critical systems, boundaries, targets and areas of concern are is really important.[/ltr]
[ltr]It has to be done in advance. It can’t be done during the process. You can’t stumble across customer database number 72 and raise your hand and ask, “Is it OK if I hack this database?” That’s not the proper approach to ethical hacking.[/ltr]
[ltr]Ethical hacking understands these systems are off limits. Those systems are inbounds, these systems are the systems that we’re most concerned about, or the data over here is the data we’re most concerned about.
Therefore, documentation is absolutely critical. I recommend that you thoroughly document every step, process and keystroke you make. Frequently use things like Camtasia to record video or get screenshots. Have a notebook where you jot down notes as you’re doing things: commands you run, data you get, and so forth.[/ltr]
[ltr]Saving all of that in a special place on your hard drive or on the network and having a nice backup of it is absolutely crucial as well, both to insure that you capture every part of the attack, all of the compromises, success and failure and so forth, and also, for personal liability reasons: to insure that you show exactly what you did do and exactly what you did not do.[/ltr]
[ltr]http://blog.pluralsight.com/videos/ethical-hacking-rules-and-guidelines
[/ltr]

Eticko hackiranje...ehmmm..mislim da to ne postoji...no,no,pec,pec... 

Pa čim se spomene hakiranje , odmah zvuči negativno...Etički hakeri  moraju razmišljati kao bad guys i predvidjeti što bi sve ovima moglo pasti na pamet. Naravno, znanjem i vještinama biti barem na istom nivou kao bad hackers, poželjno na još višem. Kod školovanja moraju potpisati ugovor da stečena znanja i vještine neće upotrijebiti u protuzakonite svrhe. Evo, u ovom videu kažu da je to zanimanje budućnosti.

mda..sjetih se tih Dobrica...poput onih koji rade Penetration testove...hajde,oke,podrzimo ih... 

da, to su baš ti koji rade Web Application Penetration  testove...

Znaš da u Zagrebu postoji školovanje za Certificiranog Etičkog Hackera ( CEH) , traje 5 dana i košta 20 000, 00 kn?! Na sreću postoje i online kursevi, isto certificirani, od 50 $ na više...

E sad,koliko je to priznato ..standardno se koristi Linux distra Blacktrack,no to su Kinezi preuzeli i razvili,ne znam kako se zove,uz Nmap standardni program..a ima i onaj Rus i onaj njegov program,ne mogu se sjetiti..

Algebra radi u suradnji i po programu EC- Councila (http://www.eccouncil.org/) koji je vodeći na tom području, valjda zato i košta toliko...

Cujem Algebra,dupe mi se najezi...  

Da idem na neki Certifikat,isao bih direktno u glavu,nikakvi lokalni grebatori love...Popljuvao love Algebri za husrani Excel,a poslije fino platio curi sa FER-a da me nauci...i to je to..

Skupi su ko vrag, pa vidiš koliko ovo naplaćuju...zato ja preferiram sve što se može odraditi  online...

What is computer hacking?
In a cyber security world, the person who is able to discover weakness in a system and managed to exploit it to accomplish his goal referred as a Hacker , and the process is referred as Hacking.

Now a days,  People started think that hacking is only hijacking Facebook accounts or defacing websites.  Yes, it is also part of hacking field but it doesn't mean that it is the main part of hacking.

So what is exactly hacking, what should i do to become a hacker?!  Don't worry, you will learn it from Break The Security. The main thing you need to become a hacker is self-interest.  You should always ready to learn something and learn to create something new. 


Now , let me explain about different kind of hackers exist in the cyber security world.

Script Kiddie
Script Kiddies are the persons who use tools , scripts, methods and programs created by real hackers.  In a simple word, the one who doesn't know how a system works but still able to exploit it with previously available tools.

White Hat Hacker:
White Hat hackers are good guys who does the hacking for defensing.  The main aim of a Whitehat hacker is to improve the security of a system by finding security flaws and fixing it.  They work for an organization or individually to make the cyber space more secure.

Break The Security only concentrates on white-hat hacking and help you to learn the Ethical Hacking world.

Black Hat Hacker:
BlackHat hackers are really bad guys , cyber criminals , who have malicious intent.  The hackers who steal money, infect systems with malware,  etc are referred as BlackHat hackers.  They use their hacking skills for illegal purposes.

GreyHat hackers:

The hackers who may work offensively or defensively, depending on the situation. Hackers who don't have malicious intentions but still like to break into third-party system for fun or just for showing the existence of vulnerability.

Hacktivists
The hackers who use their hacking skills for protesting against injustice and attack a target system and websites to bring the justice.  One of the popular hacktivists is Anonymous and RedHack.

http://www.breakthesecurity.com/2010/11/introduction-to-hacking.html

Trinity wrote:Znaš da u Zagrebu postoji školovanje za Certificiranog Etičkog Hackera ( CEH) , traje 5 dana i košta 20 000, 00 kn?! Na sreću postoje i online kursevi, isto certificirani, od 50 $ na više...

Dakle, Algebra radi po Ec-Councilovom programu i tečaj traje 5 dana i košta 20 000,00kn ! 
Ako se ide direktno na http://www.eccouncil.org/Certification/certified-ethical-hacker i odebere opcija iLearn (jer je sjedište u USA), tečaj dođe $1899 . Etoc...