White Hat vs. Grey Hat vs. Black Hat Hacking

Hello everybody and welcome to this tutorial. Today I will be talking about some of the basic terms which you will need order to follow this course through. So first off, you have three main categories of people. There are White Hat Hackers, Grey Hat Hackers and Black Hat Hackers. Everything that we will be doing falls into this category here So, White Hats -- Those are people whose activities are within the confines of the law. There are people such pen testers, ethical hackers, people like you and me and so on. Then you have Grey Hat Hackers whose activities are bordering between legal and illegal. It's a bit of a shady area there. In addition to that, you have the most known category which is Black Hat Hackers. and usually, and unfortunately, every time someone hears the term hacking it is associated with people from Black Hat world. There are people who conduct all sorts of illegal activities or conduct activities without any regard for the law and, I don't know, extract new information from certain servers credentials, your card information, take services down usually to extract some sort of financial gain. In any case, down below you have footprinting. Now the act of footprinting is basically information gathering. You are conducting some sort of reconnaissance work You are figuring out the IP of the server Figuring out which ports are open and with that, you can conclude which services are running there but it doesn't necessarily need to be confined to the digital world. The act of footprinting can also be when you go to the company itself. You just walk in. It doesn't necessarily need to be a company. It can be pretty much any building with servers in it and you have a look around. You try to gather some information there on-site where you go and you through their trash cans. You go behind the building, jump into those trash containers and get some information from there. Also, people have been known to go into parking lots to see who the employees are and who works there. All sorts of things. So this is just general information gathering, in regards to your chosen target. It doesn't need to be confined to the digital world. Anyway, down below you certain types of attacks -- You have DoS and DDoS. Very simple. Basically the same thing implemented in a different way. DoS stands for "Denial of Service" Usually called "Childish Attacks" because they're relatively easy to implement and they still are, provided of course if you have enough machines but that's the domain of DDoS. In general, what happens here is that you perform a certain amount of requests more requests than a server can handle and then the server begins dropping connections. For example, Apache web server -- I believe by default it can handle up to 10,000 connections or so and if you can make more than 10,000 requests basically everybody else making any sort of requests will not be able to access the website because their connections will be dropped simply because Apache will say "Okay, I have too many users. I have more users than I can handle" all the other collections will be dropped by default. Thereby making the site inaccessible, even though you haven't really broken any codes. You haven't really broken through any firewalls or stole any passwords or anything of a kind but when you're DoS in something, it's just you. All the connections, all the requests everything is coming just from your own computer and that it is not always the most efficient way In fact, it generally it can only work if there is a flaw in the way which requests are processed. However, that is why you have DDoS attacks when you have multiple computers, multiple connections and they are all making simultaneous requests to a certain server and this is really difficult fight off I mean, you really need to have a clever configuration of your firewall and need to have quite a good firewall as well. Usually you would need a physical one to prevent these sort of DDoS attacks and by physical, I mean a router firewall or something a kind. This is quite difficult to it's not difficult to actually do the attack itself as it is difficult to make the necessary preparations. First of all, you need to go about infecting other devices, which you will use which you will enslave and use in order to perform this sort of attack This is the hard part. The DDoS part is quite easy compared to that. For that, in order for you infect other computers, you need two things -- You need RATS (Remote administration tools) and you need to make them FUD. You need to make them fully undetectable. That is what the term FUD stands for. So it just means that they cannot be detected by antiviruses or they are, more precise term would be that they are not labeled as something malicious by antivirus programs. By the way, sometimes actually most the times you don't actually need to make your own applications fully undetectable. There are plenty of pen testing companies out there and not just pen testing companies, but other companies as well will pay very good sums of money if you can make their programs fully undetectable by antivirus programs Down below, the RATS (Remote Administration Tools) Now, they themselves are not some sort of hacks or anything of a kind. They just basically put them on a USB stick or something of a kind. Send them in the mail Shared them in a zip file and in such a way that's just one of the ways to infect other computers other devices enslave them convert them into your sleeves into the slaves of the main server where every death might be wherever you might set it up and then you can use all of those computers to conduct all sorts of activities. This is very good because it anonymizes you to a very large extent. It's very difficult to track somebody down, whoever is doing this primarily because the users, who are infected they have no idea that somebody else is controlling their devices because nothing is really happening on your desktop you can't really see. All the processes running are being run in the background and your processor is executing them using up the only way to see it would be basically to start up a task manager or something of a kind. and then see the running processes and perhaps you could spot it there but not even there if somebody has implemented a rootkit. So a rootkit is a tool basically which you install onto an operating system and it is able to hide running processes from the system itself So when you, for example, start a task manager in windows or something of a kind the purpose of a rootkit would be hide the processes from the task manager. Basically how it works is the task manager from the system from the kernel and then the kernel of the system responds which is the core of the system where all the drivers and the key functionalities are. The kernel of the system then responds "Hey, I have this this this and this process running. Here you go" What rootkit would do is redirect those requests from task manager to itself and would basically say "I don't have such processes running" So very very dangerous and potent combinations here that we will use later on as we progress through this tutorial but for the time being I just wanted to give a bit of an introduction to it and give you an idea of what we shall be doing through some these basic terms and concepts. Next up, we have phishing attacks. Now phishing attacks are basically when you apply some sort of bait somebody bites it, then you pull on it. Simple as that, right? The same way you would do fishing. Well not quite Phishing attacks would be when you get, I don't know, an email from someone and there's a link it you click on it and it throws you somewhere, I don't know, on some website Perhaps it looks like something legit. Perhaps it looks like a website that you are using or something of a kind but it is not and you pass on your credentials and that can be a problem but this is generally avoided today. This is not something that happens in such a way. Rather instead what happens these days is the that DNS servers gets changed on your routers and once that happens older requests that you made on your web browser gets redirected. So for example, if you type in facebook.com you're gonna get a domain with facebook.com from some private DNS server god knows where who's MX records are altered and they have been configured. For example, to make redirections to interpret Facebook.com sorry, not redirections but rather instead to interpret Facebook.com to certain IP address that does not belong Facebook or anything like that. So you open up your Facebook it looks exactly the same There is no way to tell because in the upper left corner of the screen you have the domain name written -- It's www.facebook.com and basically provided login credentials once you do that, they're gone. Somebody has them. One of the ways to detect this even though it's very, I mean it's not hard but nobody really pays any attention to it. In the upper left corner you might check with the protocol is HTTPS instead of HTTP because usually if these kind of attacks are conducted it's not gonna be HTTPS a status a lot harder to implement but if it is HTTPS, there really won't be any legit way of figuring it out other then actually checking the keys checking the certificates and and nobody actually does that. Well maybe not nobody but ninety-nine percent of users out there are not going to bother to go about conducting such checks. Anyway, I know it sounds a bit complex but believe me, I will explain this in great details. I will give you several demonstrations and by the end of this course you will understand and know how to do this with great ease. It will not present a significant obstacle in your line of work. Excellent. Now that we have approximately half these terms out of our way I will continue to deal with them in the follow up tutorial and I sincerely hope to see you all there