Futaba _ Webs πΈπΈππΈπΈ
Types Of Hackers πΈπΈππΈπΈ
Today's article will be centralized on HOW to build your personal brand! This is crucial for today's job market since it's more along the lines of "It's not WHAT you know, but WHO you know". Todayβs article is going to focus on the various βtypesβ of hacking that exist, where Iβll elaborate on the many archetypes you can become proficient in should you want to pursue ethical Hacking/Offensive Security. Iβve mentioned before in my previous article that every hacker has a certain βnicheβ, specifically a βtypeβ of hacking theyβre proficient in, along with the overall basics of hacking. Iβm going to list a few, using the ones I specialize in as an example.
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Todayβs article is going to focus on the various βtypesβ of hacking that exist, where Iβll elaborate on the many archetypes you can become proficient in should you want to pursue ethical Hacking/Offensive Security. Iβve mentioned before in my previous article that every hacker has a certain βnicheβ, specifically a βtypeβ of hacking theyβre proficient in, along with the overall basics of hacking. Iβm going to list a few, using the ones I specialize in as an example. Oftentimes when people are trying to learn the basics of Hacking and Offensive Security it can be a bit intimidating as it can be a bit βbroadβ, which is WHY itβs one of the hardest areas to get into, often requiring people to start with Blue teaming before they truly dive into it. Iβm going to narrow it down so itβs not as intimidating as it appears to be.
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π Network Penetration Testing/Network Security π Web Application Pentesting π API Penetration Testing π Mobile Penetration Testing You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version
π Types Of Hackers
Network Penetration Testing/Network Security πΈπΈππΈπΈ
This is a form of Penetration Testing Iβm VERY proficient in as I stem from a background focused on networking.
Network Penetration Testing involves breaching various network infrastructures, whether it be physically via the main access point itself: Tapping into physical ports, Evil Twining/Jamming, etc, OR, digitally, where youβre coming from an external standpoint such as web application penetration testing, to RCE your way in.
The goal is to infect an internal network in order to uncover various nodes(systems) that exist on the network, formulating a daisy chain known as a botnet, where you, the botmaster, control all the bots on the network in order to monitor all activity on the network, as well as cipher and excavate any important data. You can even control the bots like βzombiesβ where you can command them, as trusted systems, to execute various tasks or tools on your behalf, allowing you to go undetected from various security systems either on the system or the network itself.
Creating a botnet is your bread and butter as a Network Penetration Tester and is your END goal in the long run.
Network Penetration testing is also a skill set that goes hand in hand with the next Hacking variation Iβm going to discuss next, rather, youβll become more proficient in it if you pick that one up first.
Web Application Penetration Testing/Application Security πΈπΈππΈπΈ
This is one of the more beginner friendly areas for Ethical Hacking and Offensive Security. Itβs where I started, and is usually where the most essential skill sets for Hacking are picked up.
Web Application Penetration revolves around you hacking Web Applications which are basically websites in simpler terms.
In order to become proficient in it you need to have proper Networking fundamentals in order to understand how the internet works, which in the long run, should you master it, will carry over to internal network penetration testing which is where you can deal the most damage.
Youβll learn stuff like:
π Proper information gathering techniques
π Enumeration
π Injection Techniques which are HIGHLY common
π Client/Server Side Exploits
π Fuzzing/Filter Bypassing
And one other thing Iβll talk about next, which is a GOOD skill set to have. If youβve been following my articles then this next topic will make a lot of sense to you straight away.
API Penetration Testing πΈπΈππΈπΈ
Iβm exceptionally good at this, as I often dissect various core APIβs on a daily basis to craft unique exploits.
API hacking involves you exploiting the automotive capabilities of automation programs.
For example, a classic one, Windows32 API hacking, which involves you exploiting all the various core function calls of the Windows Operating System on a kernel level. The core API for it allows you to write programs that can communicate with the system in various ways.
For example, I can exploit functions that manipulate memory pages in order to formulate DLL injection exploits, allowing me to deliver malicious code alongside a particular program that loads on the system when the end user clicks on it.
Most Web Applications have core APIβs that constantly have to be tested, otherwise you can exploit them and pivot into advanced RCE exploits that can deal some serious damage.
Mobile Penetration Testing πΈπΈππΈπΈ
This involves exploiting various mobile end devices in order to infect them, leading into stuff like SSH tunneling which can allow you to connect the device back to a remote private server you control in order to do as you please.
The best place to start to get a handle on it would be the Metasploit Framework. I have material on it video wise that teaches you how to do stuff like: extract contacts, tap into video camera feeds, enable a recorder to capture audio for the device, and a lot more.
Mobile Device Penetration Testing, should you get good at it, will further expand your overall understanding of IoT and networking fundamentals, as well as core OS skills, as itβll push you a bit further in order to get crafty with pulling them off.
Youβll also become more proficient at botnetting as you have to do clever stuff like setting up apache HTTP servers that can deliver the payload to the end device accordingly.
For example, you can host an apache server, combining it with Network Penetration Testing techniques such as DNS poisoning in order to trick end users into downloading and executing the payload needed to infect the mobile device. You can then further combine obfuscation techniques in order to go undetected from the devices security systems.
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
