Alongside video game testing, ethical hacking is arguably one of the coolest jobs in IT. Sure, it might not be as thrilling as “real” hacking, but you get paid to do the same thing — and the skills you develop in the realms of forensics, penetration testing, and cyber security could lead to a potentially prosperous career in IT security!
As an ethical hacker, you have to be extremely good at what you do because no client ever wants to hear, “We found no flaws or weaknesses. You’re completely protected.” That’s what antivirus programs say, and no one believes them much anymore.
To do well in this field, you need results. And by results, we’re talking about pure ownage.
Just as Gandalf the Grey fell into the dark abyss in the Mines of Moria and was reborn as Gandalf the White, so will be your journey from hacker-tinkerer to ethical hacker extraordinaire. It won’t be easy, but you may end up saving the world.
For all you aspiring or current Certified Ethical Hackers out there, here are several top ethical hacking tools and tricks of the trade that you can pull out of your wizard hat when the need arises.
Serious Hacking Software
White hat hackers use the same tools as black hats, because at the end of the day, hacking is hacking. To hack as well as, if not better than, your black hat competitors, you need to get creative. This entails having options and casting your net as wide as possible.
Good white hats have a software toolbox filled with all sorts of goodies, but you don’t need to download each hacking or cracking tool separately. Run one of these operating systems designed for penetration testing and get access to hundreds of hacking tools on first boot:
On the defensive side of the fence, you will definitely want to become acquainted with forensics-based operating systems such as:
- DEFT (Digital Evidence & Forensics Toolkit)
- CAINE (Computer Aided INvestigative Environment)
Thinking outside the box is a skill all successful hackers must master, in a literal sense. This is what separates the wheat from the chaff, as great white hats often use a mix of software tools and hardware gizmos to conquer a company’s IT systems.
The most useful hardware weapons in a hacker’s arsenal are rogue devices planted on, or near, the target’s premises with the intent to capture useful information or compromise systems via malware infection.
Of course, you can’t just drop a bulky router in the corner of an office hoping that your rogue access point will stay unnoticed. Think small, and learn the beauty of electronics using gadgets such as the Raspberry Pi or Arduino to set up fake WiFi access points for your MITM operations.
Then again, you can never go wrong with a malware-infected USB drive titled “COMPANY NAME – CLASSIFIED” left conspicuously on an employee’s desk. Nine times out of 10, they’re going to plug it in. Curiosity. Cats. You get it.
Software security is useless if someone can simply waltz in and gain direct physical access to servers or workstations. If you can’t ensure that someone is you or an accomplice, it’s game over. Just go home.
To pull off this kind of stunt, you’re going to have to step up your game. While it’s easy enough to gain access to the lobby of a big company, once you’re inside you better have a good reason to be somewhere. This is where the fun starts.
Asking the receptionist, “Where is the server room?” won’t help unless you’re dressed for the part. Take a cue from Hollywood and invest in new threads designed to make you look like a technical contractor or cleaning staff, making sure you bring along your trusty toolbox.
That toolbox you just waltzed in with? Tubular lockpicks for secured server cabinets and keyloggers, baby.
Your enemy here is CCTV. In a real-world scenario, not many hackers will take this route because it’s easy enough to analyze footage and identify the modus operandi and/or the person responsible.
The good news is, IP cameras are notoriously ill-secured. If you manage to DDoS the camera network or replace the footage with a loop from some day in the past while you’re making your move, then you my friend are a genius.
Social Engineering… Easy as pie
Cracking passwords is useful, but time consuming. One of the quickest ways to defeat IT security is through social engineering. Ethical hacking tools often focus on the technical aspects of hacking, but this is one area that can’t be overlooked.
You’d be forgiven for thinking that social engineering is the easy way out, because it is. Why spend all that time and hassle trying to gain root access to a server when you can get staff to willingly hand over their credentials?
That’s a question most criminal hackers ask themselves, too. Embrace your inner con man and look into the following social engineering tools to make your job a breeze:
- Social Engineering Toolkit by TrustedSec
- Social media
Finally, in order to become a master ethical hacker, you will need more than mere tools. Heed the poetic words of Deltron 3030 (not a hacker, but a rapper):
“Upgrade your grey matter because one day it may matter.”
Hackers are smart, but not that smart. Your job is to be smarter than them, and your wits will be one of the most effective tools in learning how to simulate or pull off a real attack.
To this end, read books on hacking, programming, psychology, magic, mentalism, hypnosis, copywriting, marketing, and any subjects related to the art of hacking and manipulation. Then, turn your personal strengths into your enemy’s weakness.
Interested in Certified Ethical Hacking training? Watch Keith Barker’s in-progress EC Council Certified Ethical Hacker v9.0 course. Not a subscriber? Start your free week today!