Lecture 1. Introduction to Ethical Hacking

Ethical hacking

Why ethical hacking is necessary at all ?

• Checking the system from the attacker’s perspective can reveal serious security deficiencies (=shortage)

• The attacker thinks like a real hacker

  → Do we use the same methodology as the real hacker or do we need to hide ourselves?

  → We have to use the same technique and hide ourselves, it would be realistic

  → It should be as realistic as possible

• The system security cannot be guaranteed without deep and regular penetration testing*

** Penetration testing is a systematic process of evaluating the security of a computer system or network by simulating an attack to identify vulnerabilities and weaknesses. It's a crucial practice in cybersecurity to ensure robust protection against potential threats.*

Difference aspects of security

• Security
• Complexity / Functionality
• Usability / Convenience

→ If something is more complex, then the chance of having a vulnerability is much higher

→ if something is more convenient, and again, the chance of having a vulnerability is much higher.

Goal

• Break the information security triple (confidentiality, integrity, availability)
  • confidentiality: steal confidential information
  • integrity: modify data
  • availability: make services unavailable (Denial of Service**)
• To promote security → focus to the system secure or not

*** Denial of Service (DoS) s a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network.*

Type of hackers

• Black hat hackers: Hacking with malicious intent