Header Ads

Who is a White Hat Hacker?

The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. Ethical hacking is a term coined by IBM meant to imply a broader category than just penetration testing. Contrasted with black hat, a malicious hacker, the name comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat respectively.
White-hat hackers may also work in teams called "sneakers", red teams, or tiger teams.

While penetration testing concentrates on attacking software and computer systems from the start – scanning ports, examining known defects and patch installations, for example – ethical hacking may include other things. A full blown ethical hack might include emailing staff to ask for password details, rummaging through executive’s dustbins and usually breaking and entering, without the knowledge and consent of the targets. Only the owners, CEOs and Board Members (stake holders) who asked for such a security review of this magnitude are aware. To try to replicate some of the destructive techniques a real attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late at night while systems are less critical. In most recent cases these hacks perpetuate for the long term con (days, if not weeks, of long term human infiltration into an organization). Some examples include leaving USB/flash key drives with hidden auto-start software in a public area, as if someone lost the small drive and an unsuspecting employee found it and took it.
Some other methods of carrying out these include:
  • DoS attacks
  • Social engineering tactics
  • Security scanners such as:
    • W3af
    • Nessus
    • Nexpose
  • Frameworks such as:
    • Metasploit
Such methods identify and exploit known vulnerabilities, and attempt to evade security to gain entry into secured areas. They are able to do this by hiding software and system 'back-doors' that could be used as a link to the information or access the non-ethical hacker, also known as 'black-hat' or 'grey-hat', may want to reach.

No comments