I have always been interested in hacking, because it seemed cool. Unfortunately when I was learning to program it didn’t pay, or at least I didn’t know how to get paid. Fast forward to today and now I am giving it another shot. I have started studying for the Certified Ethical Hacker test.
As an architect I think it is time that I also learn those skills so that I can help design quality software that can protect my company and our customers. Writing about certain topics have always helped me to commit it to memory,so I am going to go over the topics that are laid out in the book Certified Ethical Hacker (CEH) Cert Guide. I am 3 chapters in and I can say it is a pretty good book, there isn’t a lot of fluff from what I can tell.
One of the themes that he Michael Gregg drives home is the need to get written permission before starting any type of hacking. Seems like common sense, but it is probably pretty easy trivialize that fact. One of the first things that he spells out is the difference between the hacker process and the ethical process. They are only different by 2 steps, below he defines the hack process:
- Performing Reconnaissance and Footprinting
- Scanning and Enumeration
- Gaining Access
- Escalation of Privilege
- Maintaining Access
- Covering Tracks and Planting Backdoors
The ethical process starts with Permission and ends with Reporting. It doesn’t seem so bizarre that to be an ethical hacker would have to have the same skills and processes the discover the vulnerabilities. It starts to dig into the OSI layer and what type of attacks are possible there, but I will get into that in the next post in this series.