What Does An Ethical Hacker Do ?

Ethical hacker will follow the same technique as a malicious hacker however in the end , They fixed flaws or errors . This is also called as PENTEST .

There are Three types of PENTEST

1} Black Box testing :-  No previous knowledge about the target.
2} White box testing :- Full knowledge about target & protect                                           system from insider Attacks.
3} Grey box Testing  :- Partial knowledge is available in this way.

{INFORMATION GATHERING ------------SCANNING---------------GAINING ACCESS-----------

--------REPORTING VULNERABILITY OR FIXED IT } 

INFORMATION GATHERING

Gather as much information as possible about system. This mostly done in passive state 

++Passive network monitoring

++Whois

++Locating &  Identify hosts and network equipment

++Google

SCANNING

Pre attack phase this is an active state of gathering information.Software for scanning [War Dialers , Port Scanners , Vulnerability Scanners]etc. Target Information [Operating System, Open Ports And Services, Vulnerable Application]

GAINING ACCESS (ATTACK STEP)

On the basis of information gathering and scanning An attack target the following layers

1) Network (session hijacking)

2) Desktop, System apps on OS (buffer overflow)

3) Web Application (CSRF- cross site request forgery, XSS - cross site scripting, One click Attack)

MAINTAINING ACCESS

Maintaining access refers to stage which is Post-Exploitation or Post-Attack.

This is done once the hacker owns the system

RATs , Trojans . Backdoor , Rootkits etc.

COVERING TRACKS

This is Post Exploitation Stage, It help increasing Time for which the system compromises goes undetected Slly the attacker not getting trace back refered for increasing shell life.

 Skill Profile Of An Ethical Hacker

Depth Knowledge of Windows , Unix , Linux , Mac Operating System.

Networking (Hardware and Software)

Programming , Computer & Security .