Ethical Hacking
Let’s start Ethical hacking first, white hat hackers design, test, and implement defenses for the company’s contracting them. In the cybersecurity industry, jobs are divided into teams named after a color. I will be focusing red team and blue team in this blog post.
Red team
Red team’s (Offensive security), main goal is to test the strength and resilience against a simulated attack as if they were the attackers. Red team is a very critical part in cybersecurity as they test the company’s defenses in a real-world scenario. Typically, the contracting company owner will contact a group of Penetration Testers, and ask them if they could conduct a test against specific concerns.
The Pen-testers will then work with the contracting company to identify areas of concern. Once identified the Pen-tester’s will conduct the tests and report back to the contracting company with their strengths and weaknesses. The idea of a pen-test is to identify weaknesses in both physical and network security implementation.An example of a Pen-test would be a contracting company wants to have locks, RFID sensors, internal network, and company computers tested for security vulnerabilities. The Red team works with the company to establish boundaries for what they should test and what they can’t test. Once the test is done the red team tells the company what they did well and were they can improve.
Blue Team
The blue team is responsible for defending a system and also sometimes does incident response. The blue team’s main goal is to prevent and put mechanisms in place to slow down intruders. While it sounds simple, it’s much harder in practice. For example, a specialist may work with a network engineer on segmenting the network. In practice, this could be having employees’ personal devices on a separate network than work provided devices, in theory this slows down a intruder or stops them.
Another example of the blue team would be a company gets hacked and they need guidance on what to do. This is the incidence response side of the blue team. The contracting company tells the responders what happened and what they had already done. Based off of that information, the responders will work on clearing the threat, taking a backup of the malware if it has never been seen before and sending it to reverse engineers. After the threat has been cleared, they than work with the contracting company to develop new policies and procedures.
Both Teams
Both teams work together to improve their client’s security and resilience against hacking. For example, the red team finds a new vulnerability and relays it to the blue. Once the blue team is educated about this new vulnerability, they begin to work on implementing defenses against it.
Black Hat Hackers
The black hat hackers are the ones trying to exploit something for whether its personal gain or because they are nation state hackers (Hackers that work for enemy government). There is a wide verity of black hat hackers and I will explain some of the most common.
Script kiddie
The Script kiddie is the most basic type of black hat hacker, they use scripts that other hackers made without learning how the script works. Typically, these black hat hackers make a lot of noise when they hack and get arrested easily. The best way to defend against one is to update your software and don’t click links in emails.
Skid mark
The skid mark is basically the intelligent version of a script kiddie. While the skid mark does use scripts others made, they also take time to learn how it works. The skid mark is harder to find as they likely are careful with technology and understand the basics of covering their tracks. Easiest way to defend against one is update your software and actively check to see if any accounts have been found in a data breach.
The malware writer
This is were defending starts to get hard, the malware writer writes their own code and uses it in the wild (out and about). The malware writer is typically going to be hard to find as they have likely have a decent understanding of how to cover their tracks. Most malware writers use ads to spread malware, over a billion dollars a month is lost due to hackers advertising their malware. The best defense against this is to use a wide spectrum contact blocker like uBlock Origin.
In order to best protect yourself from malware make sure you have a reliable ad blocker like uBlock Origin, also consider educating others about the dangers of clicking links. If on windows, windows defender works fine, and on Linux consider using Firejail to sandbox running applications.
The Exploiter & leaker
This is one of the most dangerous types of hackers, these hackers try to get into things for sport or profit. Typically this hacker may is very cautious and very hard to find and silent about what they do, making them really hard to catch.
On the other hand defending against them is really hard and requires lots of time to properly set up defenses. Closing ports that are not in use can be good first step, and making sure your firewall is up date. Personally, I would avoid using windows server or OSX for server use. For Linux, If the configuration of the server allows for it, try and enable SELinux (Security-enhanced Linux).
Network segmentation is a very good one since it reduces the attack surface. For example, a hacker gains access to the employee network that allows personal devices but not work devices. In result the hacker has to do much more work in order to compromise the work machines. Hiring someone to conduct a Penetration test on the networks is a very good idea.
Most people who are uneducated might think an anti-virus is good, but in 70% of use cases they only cause more problems. Besides most exploiters use zero days (attacks that are not known).
That’s pretty much all I can say without making this simple blog post a textbook, and also update your software.
If you want to read about how browsers work, check out what is browser cache