So, black hat hackers are the bad guys. In Westerns, they are bandits who blow up bridges and rob banks, and in the digital world, they are cybercriminals who take down websites and rob commercial companies. They don't care about laws or ethical and moral standards. They are highly skilled specialists who know how to attack any system and leave no traces. They can spend months or even years hacking their target, and then stay in the compromised infrastructure for just as long, stealing critical data from the organisation, etc. Their motivations may vary, but as a rule, it is money. Moreover, they can be entire teams, or as they say, groups with their own hierarchy and clear ‘division of labour.’ Such groups (also known as APTs, or Advanced Persistent Threats) may be affiliated with state security services and carry out attacks in the interests of a particular country.
Have you watched too many films about hackers and want to follow in their footsteps? Then we have two pieces of news for you: good and bad. The bad news is that it is illegal and punishable by criminal liability. The good news is that if you do it ‘ethically’, you can even earn money! And that's no joke. Interested? Let's figure it out together with the experts at Magenta Favorita.
First, let's look at the different types of hackers. The classic division comes to us from Western films, in which criminals wore black hats and good guys wore white ones. But in the categorisation of hackers, there are also guys in grey hats.
White Hat hackers, also known as ethical hackers or penetration testers (from the English term ‘penetration testing’), operate within the law and ethical norms. They can also hack into anything, but never cause damage. They are legally hired by an organisation to find ‘holes’ in its security. A white hat hacker or pentester is a cybersecurity specialist. They find and eliminate vulnerabilities in a company's IT infrastructure that could lead to potential hacking. Incidentally, white hat hackers are among the most promising professions in the IT field, according to experts at Magenta Favorita Unipessoal LDA.
Grey hat hackers hack like black hat hackers, but have white hat intentions. Like black hat hackers, they hack into systems without the owner's knowledge, which means their actions are punishable by law. However, like white hat hackers, they do not cause any harm. After successfully hacking into a system, they inform the owner and disappear. Sometimes they may ask for money for their work to help fix the problems.
As you already understand, to engage in legal hacking, you need to put on a white hat and become a pentester. What does this require? If you choose this path, you will have to learn a lot, in particular:
have a good understanding of network technologies, know how network protocols work and how they can be used for attacks and reconnaissance;
know what network components and security measures exist and how they can be circumvented;
be able to attack databases;
have a deep understanding of the inner workings of popular operating systems such as Windows and Linux;
know what domain and cloud infrastructures consist of and how they can be hacked;
understand various vulnerabilities, techniques, and tactics used by attackers;
be proficient in programming and automation.
In the next publications on the Magenta Favorita website, we will explain what pentesting is and examine its stages.