Programmer by day; hacker by night - the life and times of a grey hat hacker

By Keezy | Feb 10, 2019 12:26 AM

The mere sound of the word ‘hacker’ can send most people into a panic state and in the world we’re living in today who could blame them. However, there are hackers that are beneficial to us all. Those hackers are known as White Hat or Ethical hackers. White Hat hackers are computer security experts who specialize in penetration and other types of testing to make sure an organization’s information systems are secure.

 

Different Types Of Hackers

Before we get into the nuts and bolts of what White Hat hackers do, it’s important to know the types of hackers that are out there. There are three main types – Black Hat, White Hat, and Gray Hat – and if it sounds like something out of an old western movie it’s because that’s where the references come from. In the old westerns, bad guys wore black hats and good guys wore white. It’s the same when it comes to hacking.

White Hat/Ethical Hackers

As stated in the opening paragraph, White Hat hackers are the good guys. They are information systems security experts who perform various tests on an organization’s systems to find out where the inefficiencies and weaknesses are. This is done so that an organization can take a proactive stance and correct those weaknesses in their information systems before the bad hackers get a chance to take advantage of it.

White Hat hackers use many methods of testing the systems including what is called Penetration Testing. Penetration Testing is basically when the White Hat hacker hacks into the organization’s systems using methods used by the bad guys in order to see what methods work in getting through. By doing this, they can find the flaws in the system and provide a recommendation on how to fix the weakness in order to prevent an actual attack.

It is also fair to mention here that sometimes a White Hat hacker starts out as a Black Hat hacker but due to their extensive knowledge they start working as consultants or employees of organizations in order to protect the company’s systems.

Black Hat Hackers

Black Hat hackers are the bad guys. These are the people who are doing all the nefarious activity that is in the news today. Black Hat hackers illegally violate individuals’ and organizations’ computer security for no other reason than to be malicious or for their personal gain. There is no honor in what they are doing. Everything they are doing is illegal and for the wrong reasons. They are the exact opposite of a White Hat hacker.

Black Hat hackers are also known as crackers or dark-side hackers and they have extensive knowledge of computers and how they work. They are very skilled to say the least and their purpose is to breach or bypass internet security so that they can retrieve the valuable information that they seek. Sometimes a Black Hat hacker’s only goal is to create a virus or worm and set it loose. However, most times there is a personal upside or benefit they are after as well.

Gray Hat Hackers

As you probably have already figured out, Gray Hat hackers tend to fall somewhere in between White Hat and Black Hat hackers. Although their intentions are not usually evil or geared towards the nefarious, they aren’t usually complete angels either.

Basically Gray Hat hackers are computer security experts who sometimes violate laws or ethical standards without the malicious intent of a Black Hat hacker. Many times Gray Hat hackers will illegally access a system just to see where the vulnerabilities are and figure out a fix. However, they generally don’t share this information with others for it to be exploited like Black Hat hackers do. Gray Hat hackers sometimes do this type of hacking just for the knowledge it gives them. They also may do it for purposes of getting themselves or their friends hired by the organization to fix the security issue.

There are generally less Gray Hat hackers these days due to the willingness of businesses to prosecute anyone who illegally accesses their systems, no matter whether their intentions were good or not.

Other Types Of Hackers

Now there are other types of hackers such as Blue Hat, Elite, or Script Kiddies but for the purpose of this article the main ones are Black, White, and Gray.

What White Hat Hackers Do

If your business is serious about it’s information system’s security and decide to hire a security firm to make sure everything is at its optimal state then you are going to meet a White Hat or Ethical Hacker. It is their job to do what is called penetration testing to find your system’s vulnerabilities and flaws before the bad guys do. He or she will then suggest ways to fix and lock down the system so the chances of being hacked are very minimal.

So what is penetration testing? It is a simulated hacking attack on a computer system that is authorized by the person or business who’s system is being attacked. The test will look for all the ways that a system can be hacked at its current status and then actually hack into it to prove it can be done and to see how easy it was to do it. This then gives the tester information on what the issues are and allows them to find a way to fix them.

After finding the vulnerabilities, the White Hat or Ethical hacker then compiles a report on what issues were found and what needs to be done to correct them. It is usually after this report is presented to the company that they decide to hire the firm to then shore up the systems and make them secure.

As you can see White Hat or Ethical hackers serve a very important role in the security of a company’s information systems and are an invaluable resource for all of us. They are experts in what they do and are here to help set up protections against the malicious activities that are running rampant in today’s technological world. If you have never had your company’s systems tested then it would be wise to do so right away before the Black Hats come and make life miserable.

Security breaches can be scary and frustrating, but there are experts that can help you secure your business infrastructure. If your business has fallen victim to a security breach or you would just like more information on how to secure your business from possible cyber attacks, click here to contact our team of experts at Data One Networks.

Example blog post alt

“A computer hacker is any skilled computer expert that uses their technical knowledge to overcome a problem”.

Lets apply this definition to a real use-case

You might have seen following type of errors while using computer running Windows (browsing stuff, playing videos, editing photos etc)

(Image Source: File:Windows null ptr dereference.png - Wikipedia)

How many times you have tried to read this error in detail. As a programmer you may have thought, Ah its a “memory corruption - lazy developers” and then you will just press OK and start the application again to do your work. A hacker, on the other hand has found Gold when he has seen this. Going back to our definition, the “problem set” for the programmer of this application was to build the explorer.exe, but for this hacker the “problem set” is to “crash explorer.exe, analyze the crash and use explorer.exe to do it is not supposed to do”. Lets analyze this problem set to find differences in the thinking of programmer and hacker.

  1. crash explorer.exe. A programmer, while developing an application do not crash (beyond a certain extend) its application, it just complete the application’s functionality. The programmer will only use specific set of inputsfor the development of his application. On the other hand a hacker will give all type of inputs to the application to crash it. The inputs the applications is not supposed to accept. He will use all his knowledge and technical skills (remember our definition “skilled computer expert”) to craft such input. The inputs programmers have defined are such that it will walk through almost 95% of his code, the inputs hacker have defined are such that it will crash at any single line of the code. You can see the difference here in the thinking and methods of both. Remember the WhatsApp problem that cause the application to crash if a user sends some smileys. So if you are a programmer and want to write secure applications, think about how some input can crash your application. An input which you think will never be provided to your application - but there is always a hacker sitting there with such an input.
  2. analyze the crash. Going back to our definition “skilled computer expert”. A programmer needs different set of knowledge to develop some application, on the other hand a hacker needs different set of knowledge to analyze the application. A hacker needs to know the in-depth working of the computer systems to analyze because for a hacker a “crashed application” is just a black-box with a single hole to peek inside. These days many tools and development environment abstract out lots of internal details of the working of the applications the programmer is developing. Knowing these details are not essentials to the programmer to develop the application. But for hacker these details are Hacking 101. For example, Java, C#, Python, programmers of all these languages do not see pointers - they do not need to, where as the error shown above is essentially a pointer issue. So if you are a programmer, knowledge of the internal working of the computer system will aid you to write secure applications.
  3. use the crash to do it is not supposed to do. Again we need specific skills here to use the crash. As hacker you have crashed the application and found the location where it was crashing, now you have to use it, Why ? Because you want the application to do it is not supposed to do. Why you want thisapplication to do what you want ? Because you can not run your own application on the target machine. How you will tell this application to do what you want to do ? How you, as programmer has told the application to do what it should to ? - you have programmed it so that your code is executing in the form of this application!. Similarly you need to inject some new code in the application utilizing the crash. Going back to our definition again “skilled computer expert”. Again, for application programmer, these details are not required, but for hacker these internal details are necessary to complete your task. For a taste of it you can read one famous article here.

You can see above, in the hacker vs programmer almost 35 - 40% is different thinking and rest is in-depth knowledge of computer systems internal workings and even as programmer this in-depth knowledge will allow you to write secure and hard to break applications. And this also applicable to daily life hacks as well, the more you are aware of general things and their internal working, the more you can apply that knowledge to quickly and temporarily fix your problems. Remember the TV series 

 

 

 

 

The stereotype for a hacker in the eighties was that of an evil, socially weird cyber criminal. Even though this might still be true, not all modern day hackers are criminals. On the contrary, there are many hackers who use their knowledge for a good cause.

This blog post will take a closer look at the definition of hackers and the several types. It will also go on to discuss the inception of hacking events such as the series of Black Hat Events around the globe which is quite timely with Black Hat Europe 2018 taking place in London as we speak!

As said above, not all hackers are bad. The media often uses this word in relation to cyber criminals, but a hacker can actually be any person that uses their computer knowledge to bypass and manipulate security measures on a computer. Hacking becomes illegal when the person compromising a system does that without the owner’s permission. In fact, many governments and companies around the globe hire hackers to help them secure their systems.

Now let’s take a closer look at the seven main types of hackers you should know of in more detail, some perhaps more well known than others.

Script Kiddie

A script kiddie is often the term used to describe the type of hacker who is of a non-serious nature and who may not necessarily hold the knowledge, respect for skills or principles of a professional hacker. Script kiddies try to skip most hacking methods in order to quickly gain their skills and may use hacking programs written by other hackers, as they often lack the skills to write their own.

Black Hat Hackers

These types of hackers are computer users who intentionally commit theft or manipulate other people’s computer systems for personal gain, also known as crackers. Their expertise can vary from simple malware spreading to stealing financial or personal data. The term “black hat” describes their malicious intentions, and originates from the western movies, where villains wore black hats.

White Hat Hackers

These types of hackers use their computer knowledge to do good. And while they use the same hacking methodology as their black hat opponents, there’s one crucial difference - they do this with permission from the owner of the system/data/network. White hat hackers, also known as ethical hackers, are usually employed by companies and governments to work as security analysts and find security holes by performing penetration testing or perform vulnerability assessments. Nowadays, ethical hacking is on the rise as a pre-emptive measure to stop malicious hackers in their attempt to access and violate systems.

Grey Hat Hackers

There’s a grey area in hacking too, nothing is just simply black or white. This category of hackers is a blend of both black and white hat hacking activities. Grey hat hackers are often the middle ground between black and white hat hackers. They may engage in malicious activities and violate ethical standards but without the malicious intent common for black hat hackers. They might also enter a system and explore vulnerabilities without the owner’s permission or knowledge and report some issues to the owner at the same time requesting some financial compensation to fix the problem. This type of hacking is still considered illegal, even though it differs from black hat hacking, because of the lack of consent from the owner.

Green Hat Hackers

Green Hats are junior and less experienced amateur hackers, similar to Script Kiddies, but are those who are trying to become fully-blown hackers. They are renowned for asking basic questions within hacker communities to gain knowledge quickly and are keen to learn and improve their skills.

Red Hat Hackers

This type of hacker is similar to the White Hats. Red Hat Hackers want to prevent the acts of the Black Hat hackers, but they have a different means of operation and are more ruthless in their methods. For example, instead of reporting a malicious attack like White Hat Hackers, they will take actions into their own hands and want to take down the Black Hacker directly by launching a series of their own attacks.

Blue Hat Hackers

Blue Hat Hackers are again similar to Script Kiddies in that they are novices but they also have an agenda for revenge. They are not keen to learn advanced hacking skills and techniques and usually use simple attack methods.

Black Hat Events Around the Globe

The Black Hat series of events are conferences held around the globe, which provide training, briefings and consulting to hackers (hopefully to those of the White Hat variety), organizations and government agencies. These events gather people from various industries interested in information security. Founded in 1997 by Jeff Moss, Black Hat has become a spectacle over the years both in the formal and informal aspects of the conferences. What started as a single annual conference in Las Vegas, Nevada, has spread around the globe to multiple locations, such as London, Las Vegas, Abu Dhabi and Barcelona.

Even though it has become largely commercialized over the years, this conference still gathers some of the greatest minds in the information security ecosystem. Events such as Black Hat, after all, are a great way to learn and feel the pace of the industry. Stakeholders attending these events have unique insights about emerging threats, vulnerabilities, new research and the overall current state of affairs in the industry.

The Black Hat conferences consist of two sections - Black Hat Briefings and Black Hat Trainings. Various security vendors and experts offer training and host a variety of different courses., such as the one by the National Security Agency. The briefings cover various topics, such as identity and privacy, hacking, reverse engineering, and more. Often they also include keynote speeches from leading information security experts.

DFLabs at Black Hat Europe 2018

Keen to keep up to speed with the latest trends in the cybersecurity community and of course to share our knowledge and expertise surrounding Security Orchestration, Automation and Response (SOAR) technology, DFLabs is a proud sponsor of Black Hat Europe 2018. Meet with our experts at booth #1008 to learn how a SOAR solution, such as IncMan SOAR, can improve the efficiency and effectiveness of your security operations and overall security program and see IncMan SOAR live in action. On December 6, join our speaking session in Business Hall Theater B from 11:35 to 12:00 where we will be discussing “The Truth About SOC Automation: Use Cases and Success Stories”.


Alternatively, if you can’t make the event live, contact us to schedule a date and time in your diary to organize a demo and to discuss your upcoming projects.

0 comments

Leave comment

Submit Articles

Are you passionate about writingand have a knack for emerging technologies? If so, become a contributing author of our blog articles. The higher the impact of your articles the the higher your chances of earning from them. Impact of articles is measured by the number of read times. Click here to submit articles.

Search

Categories

Tags

Wanna Contribute to our blog articles?
Send Us Your Article