Career Field In Ethical Hacking|Shadow Cyber Security


Ethical hacking involves an authorised attempt to gain unauthorized access to a computer system, data or application. Carrying out an ethical hack involves duplicating strategies and the actions of malicious attackers.



 Types of ethical hacking?


- Web application hacking

-System hacking

-Social engineering

-Hacking wireless networks

-Web server hacking.


Types of hackers?

There are three types of hackers in the world of information security, black hats, white hats and grey hats. These colored hat descriptions were born a s hackers tried to differentiate themselves and separate the good hackers from the bad.


Ethical hacking is easy?

Ethical hacking is also known as penetration testing, red teaming and intrusion  testing, becoming an ethical hacker isn't an easy task to accomplish, it requires lots of  knowledge, when it comes to computer system security and ;experience to have a short at an ethical hacking job.


First step of hacking?

It is also called as footprint and information gathering phase. This is the preparatory phase where we collect as much information as possible about the target.


What are legal hackers called?

Legal hacker called a white hat hacker is an information security expert who penetrates a computer system, application, network or other computing resource on behalf of its owners, with their authorization.


Google hire ethical hackers?

In CBS article mentioned other major companies including, square and Google that also enlist professional hacker's help. Even Apple, whose products are famous for their resistance to viruses, that because of hire hackers.


Ethical Hacking Career:-

- Security Analyst.

- Information Security Analyst.

- Certified ethical hacker.

- Ethical hacker.

- Information Security Manager.

- Penetration Tester.

- Security consultant.


Ethical hacking a good career?

This is a great career option if looking for a ever changing work environment and rewarding. Want a job that has a positive impact.


Ethical hacking a good career in future?

Yes, ethical hacking is in demand. Even though only 31% of people work in the ethical hacking industry. The need for new staff in on the rise. As compared to last year, the number of ethical hackers is predicted to rise by 19% by the end of 2022.


Which stream is best for hackers?

Become hacker best stream after 10th standard would be Science Stream with mathematics. Because to become hacker some companies require bachelor's degree in cyber security, IT field, computer science, etc. It is better to go for hacking after 12th or under graduation.  


Google hire hackers?

In CBS article mentioned other major companies including square and Google that also enlist professional hackers help.Even Apple. products are famous for their resistance to viruses has hired hackers.


What code hackers use?

Hackers use code is Python. This is often regarded as the de facto language for hacking. In the year 2020, Python is considered the finest programming language for hacking. This is how ethical hackers code their on demand hacking programmes on the fly.



HERE IS LIST BLOW

CAREER FIELD IN ETHICAL HACKING:-


1. WEB APPLICATION PEN TESTING

Web application penetration testing involves a methodological series of step aimed at gathering information about the target system , finding vulnerabilities or faults in them ,researching for exploits that will succeed against those faults,vulnerabilities and compromise the web application.




Tutorial of Penetration Testing:-

1.Standard methodology available for pentest,

2.The need for pentest for web application testing,

3.Approach for web application pentest,

4.Steps to be taken to perform a penetration test,

5.What are the types of testing we can perform,

6.Tools that can be used for testing,

7.Some of the certifications for web penetration testing and

8.Some of the penetration testing service providers

-Web penetration helps end users find out the possibility for a hacker to access data from the internet find out the security of their email servers, its get to know secure the web hosting site and server are.Pen test is the most commonly used security testing technique for web applications and internet server. 



2. NETWORK PEN TESTING


A network penetration test is the process of identifying security vulnerability in application and system by intentionally using various malicious techniques to evaluate the network's security or lack of responses.




However,unlike a vulnerability assessment, a penetration test is an exact simulation of a potential attack to identify vulnerability that are harder to find in a network.


Most of the time, the network's baseline is identified through the use

 of scanning tools like port scanners, network scanners, and

 vulnerability scanners. Understanding a network's baseline allows

 the business owner to understand what security control are working ,

 identify existing vulnerability , and provide them additional

 information about their network.


What are the BENEFIT of performing a network Penetration Test-


There are numerous benefits to performing network penetration tests on your systems including:-

-Testing your security posture and controls.

-Understanding the network baseline.

-Ensuring network and system security.

-Preventing network and data breaches.



3. MOBILE APP PEN TESTING

Mobile  application  penetration  testing  methodology  as a  security  testing  measure.  Analyses security  perimeters  within  a  mobile  environment.  Derived  from  the  traditional  concept  of  application  security  methodology.



By  conducting  penetration  testing,  companies  can  gain  insights  into  the  source  code's  vulnerabilities,  bottlenecks  and  the  attack  vectors  beforehand.


Stages of Mobile Application Penetration Testing -

1. Discovery

2. Assessment and analysis

3. Exploitation

4. Reporting

The Mobile Application Penetration Testing Methodology is vendor neutral since it helps drive transparency and facilitates repeatability.

All the steps within the mobile application penetration testing methodology use intelligence gathering, assessment, exploitation and clear reporting to enhance the process of the penetration testing.



4. CLOUD SECURITY

Most of the third party applications or plugins you are using may
also be operating off of the cloud, Building a cloud based business
information assets of the cloud makes a lot of the sense in terms of
operational efficiency as well as cost effectiveness.Cloud providers
are bound by certain security regulations and have some place to
protect your data privacy but it isn't enough by any stretch of the
imagination.




-What is cloud penetration Testing 

Cloud pentest is performed under strict guidelines from the cloud

 service providers like AWS and GCP. Cloud penetration testing is

 the process of exploiting security vulnerability in your infrastructure

by simulating a controlled for cyber attack.


Penetration Testing Differ from Penetration Testing

It is just performing a simulated attack on your cloud services to test their security,In layman's terms,PENETRATION TESTING is the process of performing offensive security tests on a system .service,and network to find security weaknesses in it.


Purpose of cloud Penetration Testing

Infrastructure/software/platform as an entity but rather as an service,

 there are several technical and legal challenges to performing cloud

 penetration tests .The prime purpose of this is to find security issues

 in tour cloud service before the hackers do.


The most common cloud vulnerabilities 

There are quite a few vulnerabilities that can lead to a compromised cloud account ,the most prominent ones are mentioned below:


1.Sever misconfigurations 

The most common cloud server Misconfigurations are improper permissions not encrypting the data, differentiation between public and private data.
Cloud service misconfigurations are the most common cloud vulnerability today (misconfigured S3 Buckets ,in particular).
The most famous case was that of the Capital One data leak which of the compromises of the data of roughly 100 million americans and 6 million canadians.


2.Insecure APLs


something using HTTP methods like PUT,POST,DELETE in APls improperly can allow hackers to upload malware on your server or delete data .Improper access control and lack of input sanitation are also the main causes of APls getting compromised which can be uncovered during penetration testing.


3.outdated software


This makes the cloud services outdated which hacker identify using automated scanners As a result cloud services using outdated software are compromised by a large number.
Outdated software contains critical security vulnerability that can be compromise your cloud services.


4.Weak credentials


The attacker can use automated tools to make guesses thereby making way into your account using those credentials.Since people tend to reuse password and use easily rememberable  password,these attacks are fairly common.Using common or weak password can make your cloud accounts vulnerable to brute force attacks.This fact can be verified during cloud penetration testing.


-Testing is done in cloud


One approach to cloud testing includes the use of specific tools for a individual tests,such as a performance testing,load testing,stress testing and security.
Cloud testing can be valuable to organisations in a number of ways.For organisations testing cloud resources ,this can ensure optimal availability ,performance and security of data , minimize downtime of the associated infrastructure or platform.
Organisations test cloud based saas products to ensure applications are functioning properly.


5. SOCIAL MEDIA SECURITY 

Risk you need to be aware of are:-


-cyber bullying (bullying using digital technology )

-identity theft 

-invasion of a privacy 

-child seeing offensive messages and images

-the presence of strangers who may be there to groom others members





What is media abuse

The social media and technology abuse(also referred to as digital abuse) is defined by the National domestic violence hotline as the use of technology such as texting ,harass,stalk ,social networking to bully and intimidate a partner.

In a healthy relationship, respectful communication includes any online activity.It is never ok for someone to do or say anything that makes you feel  bad,lowers your self esteem and manipulates you.
Social media and technology abuse(Also referred to as digital abuse)
is defined by the national domestic violence hotline as the use of technologies such as  texting and social networking to bully.


-How Safe is social media security
 

It is highly unlikely that anyone in the world is actively managing  or
at least worrying about,their social media security minute by minute,If you are like most people ,you use the same password for all accounts.



6. MALWARE PROTECTION

Types of malware include Trojan horses, ransomware,worms and

 computer viruses. These malicious program steal,alter,encrypt and

 delete sensitive data or monitor end user's computer activity and

 hijack core computing functions.

Depending on the type of malware and its goal this harm may present itself differently to the users and the endpoint.In some cases the effective malware has is relatively mind and in others.

Malware can effect network ,It designed to harm those devices and networks/or their users in some way.No matter the method,all types are malware designed to exploit devices at the expense of the users or the benefit of the hacker, the person who has deployed and design the malware.

-Types of malware 

Different type of malware have unique characteristics. Types or malware including follows:-

1.Spyware collects the information ,data on device and users, as well as observers the users activity without their knowledge.

2.A Trojan horse is designed to appear as a legitimate the software program to gain access to a system.Once activated following installation trojans can execute their malicious activity.

3.A worm that can self replicate without the host program and typically spreads without any interaction from the malware authors.

4.A rootkit obtains administration level access to victim's system.

5.keyloggers,also called system monitors track nearly everything a uses does on their computer,includes emails ,opened webpages ,keystrokes and programs.

6.Adware tracks a user's browser and download history with the intent to display pop up and banner advertisement that lure the user into making purchase.

7.A virus is the most common type of malware that can execute itself,spread by infecting other programs and files.


Users may be able to detect malware if they observe usual activity
such as a sudden loss of disk space,repeated crashed,unusually slow speeds or freezes , an increase in unwanted internet activity.

7. IOT DEVICE PEN TESTING

An IOT penetration test is the assessment and exploitation of various

 components present in an IOT device solution to make the device

 more secure.These how typical the penetration testing engagement

 looks.




Four types of penetration testing 


1.Internal

, Eternal infrastructure penetration testing .

An assessment of on premise and cloud network infrastructure ,system hosts,including firewalls and device such as routers and switches.To scope a test, you will need to know the number of internal and external IPs to be tested ,number of sites, network subnet size.


2.Web Application Testing 


An assessment of websites and custom applications delivered over the web ,design,development flows,looking to uncover coding that could be maliciously exploited . Before approaching a testing provider, It's mean important to ascertain number of apps that need testing,as well as the number of static pages,inputs fields to be assessed and dynamic pages.

 

3. Wireless penetration testing


To scope engagement,testers will need to known to number of wireless,guest networks ,locations and unique SSIDs to be assessed.

A test are specifically targets on organisation WLAN that is wireless local area network ,as well as wireless protocol including bluetooth ,Z wave and ZigBee.

 

4.Mobile penetration testing 


To scope a test, providers will need to know the operating system type and vision they'd like an app to be tested on, number of API calls and requirement for jailbreaking and root detection.The test of mobile application on operating system including Android an IOS to identify authorisation and authentication ,data leakage and session handling issues.

 

Then penetration testing process can be broken down into fives stages 



-Planning and reconnaissance.The first stage involves..

-Gaining Access..

-Maintaining Access..

-Scanning. The next step is to understand how the target application will respond to various intrusion attempts..

-Analysis.


Three phases of penetration testing


The penetration testing process involves three phases .

1. pre-engagement, 


A successful penetration testing process involves lots of preparations

 before the actual testing process begins. It is important for a every

 partly involved in the testing to be informed about every new steps

 taken. 


2.engagement and


Penetration testing must be performed where location are no

 restriction on parts or services by the internet provider.There are

 many tools available these days to perform penetration testing

 ,However, the judgement regarding the approach ,tools etc.


3. post engagement.


There may be some vulnerability that is left undetected even after performing testing.They occur mainly due to weak development practices and ineffective security controls  



I hope you enjoy reading my blog? You can give any idea from your side and on which topic you can tell to write the next blog, thank you sincerely for reading our blog. Associated :- 

Shadow Cyber ​​Security


 

 

  our company name - shadow cyber security
   
  our service is :-
   
    1.  web-application-penetration testing
    2.  network penetration testing
    3.  mobile app penetration testing
    4.  latest security patches
    5.  customer cyber solutions
    6.  iot penetration testing
    7.  cloud testing security
    8.  system penetration testing
    9.  malware family threads protraction
   10.  social media security provide
   11.  social engineering security
   12.  website/app design and development
   
    these time cyber attack increase every year all company regular basis
    for any cyber security advise ya question plz contact
       
    phone no 8700320447
       
    website- http://shadowcybersecurity.com/
       
   -----------Thanks for watching--------------