Introduction to Ethical Hacking:
As it is start of the module named as “Ethical Hacking” in the Diploma of advance cyber security for preparations of CEH certification. So let’s deep dive into the world of Ethical Hacking. At start we need to understand what exactly ethical hacking means and for what purpose we do it? Let me try to clear your all basic concepts. So if you are a complete beginner in the world of cyber security in Ethical Hacking you will understand everything very clearly after reading my this blog.
What is Hacking?
To start into Hacking world we need to understand, what exactly hacking mean? Hacking is the process of finding weaknesses in systems and then gain access of it through that weak point of system. Now there are further two parts of Hacking:
- Ethical Hacking
- Unethical Hacking
Like both types do the same work but with few limitations, and by set of rules and regulations. Let’s discuss both types of hacking separately.
What is Ethical Hacking?
The person who did Ethical Hacking is known as “Ethical Hacker”. Word ethical means legal. So the ethical hacker does hacking through legal ways, like with proper permission. The ultimate goal of Ethical Hacker is to test the security, networks of systems to protect them from attackers. You can say that they act as security guard for the company/ organization’s systems. They check everything and fix it before attackers reached to it. Ethical Hackers also known as “White hat Hackers”. Companies pay Ethical Hackers to find problems and to fix them before criminals find it.
What is Unethical Hacking?
The person who did Unethical Hacking is known as “Unethical Hacker” or Hacker. Word Unethical means illegal. So the unethical hacker does hacking through illegal ways, like without permission gets into systems and gain access. The ultimate goal of Unethical Hacker is to steal data, cause harm and make illegal money. You can say that they are like a thief for the company/ organization’s systems. They check everything and fix weaknesses of system which would be ignored by the eye of ethical hacker and get into it. Unethical Hackers also known as “Black hat Hackers”.
Why is Ethical Hacking Important Today?
As we are growing so fast in the digital world. The world of Ai is evolving everywhere so with increase of Ai cyber-attacks and threats also increased day by day. Our phone is like a complete bank now days for us; we can access so easily to make transactions to other city or even to other country. On the other hand hackers can also gain access of it and make our bank balance zero in seconds. Cyber threats are rising now days so to protect from those threats we need ethical hackers. Who can help us and protect us as Individual, our businesses, and Governments.
Types of Hackers:
When we talk about Hacking, there are so many types of hackers exists other than white and black hat. It’s necessary for you to know about all types as well so you can pick your category according to yourself. My suggestion is stay layaway from any illegal activities.
Types of hackers are following;
- White Hat: Do everything legally with permission.
- Black Hat: Do everything illegally without any permission.
- Gray Hat: Do both legal and illegal but with good intensions.
- Script kiddie: Use tools without know how they works, Inexperienced.
- Hacktivist: Works and hacks for political & social cause.
- State Sponsored: Works for Government sectors to spy on other countries.
Now everything is in your hands, what you want to choose choice is yours.
How Ethical Hacking Works: The Basic Process
Hacking is not just typing code on black screen as like shown in the movies. Hacking is complete process, a method used to follow when we are doing hacking. There is mainly five steps process which we always have to follow.
1. Reconnaissance:
Means gather all kind of information about the target. Like we collect the information’s available online either publically or stealthy (hidden, without notice on target). It is like a foot printing. We get all details related to our target before performing attack, and this phase is called as Reconnaissance. Tools we use during reconnaissance are Google dorking, whois, Maltego, & Shodan. Using following tools and techniques we will find IP Address, subdomains, emails, & server locations of target.
2. Scanning:
Mean we scan for all open ports, active hosts and services in system of target, or scan for any vulnerability to exploit it and get into system. Only Searching and scanning for the open path of system, this phase is called as Scanning. Tools we use during scanning are Nmap, Netdiscover, and Angry IP scanner, Nessus essential extension in kali. Using these tools and techniques we will find which ports (like 22, 202, and 555) are open.
3. Gain Access:
Mean we discover open ports, active hosts & services to enter into the system. Tools we use, metasploit, SQL map, Hydra. This works when target use old and outdated software or didn’t change the passwords for long time.
4. Maintain Access:
Mean after finding the exploit and enter into system, it’s very important to maintain the access without knowledge of target. Tools used in this phase are Netcat, backdoors, reverse shell. By Installing a hidden access points in the system to maintain persistent access for long time.
5. Covering Tracks:
Mean remove all the logs and tracks to hide the presence so that target will never know about us. We do manual deletion of logs, or clearing bash history. Remove your traces and disappear like nothing happens.
Common Google Dorking ways:
By google dorking method you can see hidden and specific information.
| Dork | Purpose |
| site:yourtargetdomain.com | Show only pages from that particular domain |
| filetype:docs or pdf, jpg | Find specific files |
| intitle:index.of , | Find open directories (folders) |
| inurl:adminname | Find admin login page panel |
| ext:SQL | Find exposed files of sql database of target. |
Whois command can be used in Kali linux, like “Whois (domainname of target)” and press enter you will see results.
Maltego tool is also available in Kali linux.
| Port | Service | Description |
| 21 | FTP | File Transfer Protocol |
| 22 | SSH | Secure Shell |
| 23 | Telnet | Remote Login (insecure) |
| 25 | SMTP | Email Sending |
| 53 | DNS | Domain Lookup |
| 80 | HTTP | Web Traffic |
| 443 | HTTPS | Secure Web Traffic |
Like If port 22 is open, SSH might be running. A hacker could try brute-forcing login.
Common Tools Used in Ethical Hacking:
Most commonly tools hackers used during attack is, Nmap, Metaspoit, Wireshark, Brupsuit etc. You can check out and practice all the tools one by one either by installing every tool in your windows operating system or Install only Kali Linux into Virtual Machine and then setup kali Linux in it. All necessary tools used in hacking is already built in kali. For installing kali you can check out my previous blog as well.
https://munazajameel.site/install-kali-linux-on-virtualbox/
Legal and Ethical Boundaries in Hacking
Without permissions hacking is illegal, so permission is everything. You must follow the PECA Act (prevention of electronic crime act) for legal boundaries awareness. If you caught doing any unethical activity you will be fined and jail for that so stay safe and legal.
Skills Needed to Become an Ethical Hacker.
You need to learn Skills to get into Cyber security world of Ethical Hacking.
. Understanding of Networking
. Cyber security Concepts
. Understanding of Operating Systems
. Knowledge of Tools
. Any one Programming Language (Start with Python)
Ethical Hacking Certifications You Should Know
After gaining good Knowledge you can go for International & professional Certifications as well; Like
. CEH (Certified Ethical Hacker)
. CompTIA Security+
. OSCP
Many more are also available.
Real-Life Examples of Ethical Hackers in Action:
You can follow real ethical hackers of your country like in Pakistan “Rafay Baloch” & Shahmeer Amir is doing great work.
In past Rafay Baloch find a bug in google and report it to them and get Prize for 5000$ and one other he did for Paypal and won a highest prize of that time of 10k$. Also Shahmeer Amir is also one of the top hacker in the world. He reported bugs in Google, Microsoft, and so many more. So read about them on Google and also you can check out Books written by Rafay Baloch.
- How to Start Your Journey in Ethical Hacking
So if you want to start learning ethical hacking start with free resources available on YouTube and read books. You can go short term diploma or you can also enroll in full time degree as well. Just start Learning and share you journey with me. If you found this guide useful. keep an eye out for additional cybersecurity tutorials for beginners! Stay tuned with my blog for additional real life cyber security walkthroughs.
Just check out the cyber security roadmap for beginners. https://munazajameel.site/cybersecurity-roadmap-2025-beginners/. OR you can check out my youtube channal for better content. https://www.youtube.com/@itzmunazah
See you next time!
