What Do Ethical Hackers Do?

Ethical hackers are motivated by different reasons, but their purpose is usually the same as that of crackers: they’re trying to determine what an intruder can see on a targeted network
or system, and what the hacker can do with that information. This process of testing the security of a system or network is known as a penetration test, or pen test.
Hackers break into computer systems. Contrary to widespread myth, doing this doesn’t usually involve a mysterious leap of hackerly brilliance, but rather persistence and the dogged
repetition of a handful of fairly well-known tricks that exploit common weaknesses in the security of target systems. A pen test is no more than just performing those same steps with
the same tools used by a malicious hacker to see what data could be exposed using hacking tools and techniques.

Many ethical hackers detect malicious hacker activity as part of the security team of an organization tasked with defending against malicious hacking activity. When hired, an ethical
hacker asks the organization what is to be protected, from whom, and what resources the company is willing to expend in order to gain protection. A penetration test plan can
then be built around the data that needs to be protected and potential risks. Documenting the results of various tests is critical in producing the end product of the
pen test: the pen test report. Taking screenshots of potentially valuable information or saving log files is critical to presenting the findings to a client in a pen test report. The pen test
report is a compilation of all the potential risks in a computer or system.

Who are ethical hackers?
Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy. While testing the security of a client’s systems, the ethical hacker may discover information about the client that should remain secret. In many cases, this information, if publicized, could lead to real intruders breaking into the systems, possibly leading to financial losses. During an evaluation, the ethical hacker often holds the “keys to the company,” and therefore must be trusted to exercise tight control over any information about a target that could be misused. The sensitivity of the information gathered during an evaluation requires that strong measures be taken to ensure the security of the systems being employed by the ethical hackers themselves: limited-access labs with physical security protection and full ceiling-to-floor walls, multiple secure Internet connections, a safe to hold paper documentation from clients, strong cryptography to protect electronic results, and isolated networks for testing.

Ethical hackers typically have very strong programming and computer networking skills and have been in the computer and networking business for several years. They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., UNIX or Windows NT) used on target systems. These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors. It should be noted that an additional specialization in security is not always necessary, as strong skills in the other areas imply a very good understanding of how the security on various systems is maintained. These systems management skills are necessary for the actual vulnerability testing, but are equally important when preparing the report for the client after the test.

Top 10 Hacker Tools and Techniques 
By understanding how hackers gain access to systems, organizations can stay a step ahead and ensure information availability, integrity, and confidentiality. Listed below is Altius IT’s list of the Top 10 Hacker Tools and Techniques:

• Reconnaissance. Hackers use tools to get basic information on your systems. Tools like Netcraft and PCHels to report on your domain, IP number, and operating system.
• Network Exploration. The more information the hacker knows about your system the more wanys he can find vulnerabilities. Tools such as NMap identify your host systems and services.
• Probe Tools. Some tools were initially designed to be used by system administrators to enhance their security. Now, these same tools are used by hackers to know where to start an attack. Tools like LANguard Network Scanner identify system vulnerabilities.
• Scanners. Internally, sniffer tools analyze network performance and applications. Hacker reconnaissance tools such as AET Network Scanner 10, FPort 1.33, and Super Scan 3 scan your devices to determine ports that are open and can be exploited.
• Password Cracker. Password tools are used by security administrators to find weak passwords. These tools may also be used by hackers. Password crackers include LC5, John The Ripper, iOpus Password Recovery XP, and LastBit.
• Remote Administration Tools. Tools such as AntiLamer and NetSlayer are used by hackers to take partial or complete control of the victim’s computer.
• Backdoor. Backdoor tools and Trojan Horses exploit vulnerabilities and open your systems to a hacker. KrAIMer and Troj/Zinx-A can be used by hackers to gain access to your systems.
• Denial of Service (DoS). Denial of service attacks overload a system or device so it can’t respond or provide normal service. Hackers use tools such as Coldlife and Flooder overload a system.
• Recover deleted files. Once hackers are inside your perimeter, they can use tools like Deleted File Analysis Utility to scan your hard drive partitions for deleted files that may still be recoverable.
• Web Site Tools. Hackers use tools such as Access Diver and IntelliTamper to index your web site pages and directories. These tools can download your site to the hacker’s local hard drive. Once on his system, the hacker analyzes the web site to identify and exploit security vulnerabilities.