Ethical hacking (also known as Penetration Testing or Intrusion Testing) is where someone with certified expert knowledge of computer systems and networks (such as ourselves), uses this knowledge to assess and improve the security of a target system.
To do this, the ethical hacker attempts to infiltrate the network themselves and find vulnerabilities - these are anything that may make it easier for an an attacker to gain access to a system.
These could be design flaws, configuration errors or software bugs. The information they learn here is then reported back to the client.
Hackers may also try to gain access by using social engineering - manipulating people into performing actions or divulging confidential information.
7 Steps of Hacking
The routine (more commonly known as 7 Steps of Hacking) of an infiltration can generally be broken down as follows:
Information discovery- Attackers find as much information as possible on their target.
Target scanning- Different points of attack are identified.
Vulnerability assessment- The easiest point of attack is selected.
Exploiting the weakness- The attacker gains access to the network.
Privilege escalation- The intruder gains greater access by escalates their privileges.
Retaining access- This allows the attacker to gain access at any time in the future.
Covering tracks- Finally, any sign the system has been exploited must be concealed.