Ethical Hacking: What It Is and How To Do It

Ethical Hacking: What It Is and How To Do It
Aviva Zacks
Posted: December 12, 2018

The word “hacking” has a seriously negative connotation, but there is a kind of hacking that benefits us all. “Ethical hacking,” also known as “white hat” hacking, happens with the explicit consent of the organization or website they are targeting to test out the security of their defenses. The process is known as “penetration testing,” or simply “pentesting.”

Imagine being paid by a retailer to go into the store, attempt to shoplift some merchandise, and report back to the team about it. Ethical hacking is similar. By testing their targets’ systems for vulnerabilities, ethical hackers help improve the companies’ cybersecurity.

Ethical hacking is big business and an extremely in-demand field with enormous opportunity for well-paid employment. Major corporations employ entire teams of ethical hackers to ensure the security of their online systems.

Taking a formal course in the subject is a sensible choice for those serious about pursuing it, but why not give yourself a head start and pick up some of the basics right now? Here’s how you can get started.

Download and Install Kali Linux (Or Another Pentesting Distro)

As an open-source operating system, Linux gives its users room to modify and tinker with their systems. That can also mean developing tools that other programs don’t make available.

There are now specialized ethical hacking distributions, the most well-known of which is Kali Linux. Kali comes with an enormous selection of penetration testing programs pre-installed, including the Wireshark packet sniffing tool and utilities to conduct basic hacking methods like brute-forcing passwords.

NOTE:  as an ethical hacker, you’ll need to use these programs on your own network or obtain the explicit permission of a friend or business owner.

In addition to Wireshark, Kali Linux includes:

  • Metasploit, a framework for developing offensive exploits
  • Nmap, for scanning and mapping networks and identifying open ports
  • Jhon the Ripper (JTR) for conducting dictionary-based brute-force password-cracking attempts
  • Burp Suite tools for automatically identifying website vulnerabilities, inspecting browser proxies, and checking the randomness of authenticity tokens
  • Social Engineering Toolkit (SET) for creating social engineering exploits

Some of these tools are only available as Command Line Interfaces (CLIs) and many have a steep learning curve.

However, using Kali’s set of tools on your own network should provide a perfect hands-on learning experience that will teach you plenty of the basics of ethical hacking. You don’t even to give up your Windows or MacOS desktop to use it. Simply download the Kali image from their website and install it as a virtual machine using a popular virtualization platform like VMWare or Oracle Virtualbox.

If you’re not completely comfortable with Kali, consider one of the other free penetration testing distributions on the market, including Parrot Security OS, BackBox, or the Samurai Web Testing Framework.

Learn Some Programming Languages

Depending on what kind of ethical hacking you’re going to be doing, some programming languages are almost certainly going to be essential.

Those who are going to be working on securing web-based applications would be well-advised to pick up PHP, HTML, JSL, and the ASP framework. If you’d be more interested in working for mobile app developers, consider learning Java (for Android), Swift (for iOS), and   C# (for Windows Phone).

Once you’ve learned your target programming language, you’ll be able to suggest or implement fixes to the vulnerabilities that your ethical hacking has identified.

Round Up Some Guinea Pigs

Now that you have the tools and knowledge to identify and patch vulnerabilities, you’ll want to put your skills to use. While it’s not quite time to print yourself a batch of “ethical hacker” business cards, you can continue to develop your ethical hacking experience.

  • Ask your neighbor to let you attempt to brute-force their WiFi password. As “payment,” offer to improve their password security.
  • Participate in hacking competitions, such as the Global Cyberlympics. These are ideal opportunities to improve your skills and meet like-minded cybersecurity enthusiasts.
  • Become a “gray hat” hacker. Once you’ve learned white-hat hacking, you can “graduate” to become a “gray hat”—attempting to hack organizations without their permission, but then anonymously share your findings to help them improve their security. NOTE: BE CAREFUL not to actually violate any laws in the process.

Get Certified

Download a pentesting Linux distribution and use it to learn the basics. It can get you started towards becoming an ethical hacker. If you’re serious about the field, however, and want to work in it full-time, you’ll need a professional certification.

The Certified Ethical Hacker (CEH) credential will look great on your resume. Easier and more advanced alternatives also exist, so we recommend doing your own research.

Bottom Line

Ethical hacking involves targeting individuals’ or companies’ computer systems with their explicit permission. It’s an in-demand employment field with enormous potential. You can get started by downloading a Linux-based pentesting distribution and trying things out on your own system or those of trusted friends. To take things further and build experience, learn a programming language on the type of system you’re interested in working with. To become a professional ethical hacker, pursue a certification.