Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
White hat (computer security)
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Tactics== While [[penetration testing]] concentrates on attacking software and computer systems from the start β scanning ports, examining known defects in protocols and applications running on the system, and patch installations, for example β ethical hacking may include other things. A full-scale ethical hack might include emailing staff to ask for password details, rummaging through executive dustbins, usually without the knowledge and consent of the targets. Only the owners, CEOs, and Board Members (stakeholders) who asked for such a security review of this magnitude are aware. To try and replicate some of the destructive techniques a real attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late at night while systems are less critical.<ref>{{cite book|title=Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters|author=Justin Seitz, Tim Arnold|url=https://python.engineering/black-hat-python/|date=April 14, 2021|publisher=No Starch Press|isbn=978-1-7185-0112-6|access-date=August 30, 2021|archive-date=August 26, 2021|archive-url=https://web.archive.org/web/20210826111249/https://python.engineering/black-hat-python/|url-status=live}}</ref> In most recent cases these hacks perpetuate for the long-term con (days, if not weeks, of long-term human infiltration into an organization). Some examples include leaving [[USB]]/flash key drives with hidden auto-start software in a public area as if someone lost the small drive and an unsuspecting employee found it and took it. Some other methods of carrying out these include: <!---β¦β¦β¦ Please keep the list in alphabetical order β¦β¦β¦---> * [[Memory forensics|Disk and memory forensics]] * [[Denial-of-service attack|DoS attack]]s * Frameworks such as: ** [[Metasploit]] * [[Network Security]] * [[Reverse engineering]] * Security scanners such as: ** [[Burp Suite]] ** [[Nessus (software)|Nessus]] ** [[W3af]] * [[Social engineering (security)|Social engineering]] tactics such as: ** Phishing ** Pretexting * Training Platforms * [[Vulnerability research]] The methods identified [[Exploit (computer security)|exploit]] known security [[Vulnerability (computing)|vulnerabilities]] and attempt to evade security to gain entry into secured areas. They can do this by hiding software and system 'back-doors' that can be used as a link to information or access that a non-ethical hacker, also known as 'black hat' or 'grey hat', may want to reach.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)