Similarly, we have categories of hackers about whom you might hear oftentimes. Some of them are as follows:
Script kiddie—Also known as skid, this kind of hacker is someone who lacks knowledge on how an exploit works and relies upon using exploits that someone else created. A script kiddie may be able to compromise a target but certainly cannot debug or modify an exploit in case it does not work.
Elite hacker—An elite hacker, also referred to as l33t or 1337, is someone who has deep knowledge on how an exploit works; he or she is able to create exploits, but also modify codes that someone else wrote. He or she is someone with elite skills of hacking. Hacktivist—Hacktivists are defined as group of hackers that hack into computer systems for a cause or purpose. The purpose may be political gain, freedom of speech, human rights, and so on. Ethical hacker—An ethical hacker is as a person who is hired and permitted by an organization to attack its systems for the purpose of identifying vulnerabilities, which an attacker might take advantage of. The sole difference between the terms “hacking” and “ethical hacking” is the permission.
Important Terminologies Let’s now briefly discuss some of the important terminologies that I will be using throughout this book.
Asset An asset is any data, device, or other component of the environment that supports informationrelated activities that should be protected from anyone besides the people that are allowed to view or manipulate the data/information.Vulnerability Vulnerability is defined as a flaw or a weakness inside the asset that could be used to gain unauthorized access to it. The successful compromise of a vulnerability may result in data manipulation, privilege elevation, etc.
Threat A threat represents a possible danger to the computer system. It represents something that an organization doesn’t want to happen. A successful exploitation of vulnerability is a threat. A threat may be a malicious hacker who is trying to gain unauthorized access to an asset.
Exploit An exploit is something that takes advantage of vulnerability in an asset to cause unintended or unanticipated behavior in a target system, which would allow an attacker to gain access to data or information.
Risk A risk is defined as the impact (damage) resulting from the successful compromise of an asset. For example, an organization running a vulnerable apache tomcat server poses a threat to an organization and the damage/loss that is caused to the asset is defined as a risk. Normally, a risk can be calculated by using the following equation: Risk = Threat * vulnerabilities * impact
Script kiddie—Also known as skid, this kind of hacker is someone who lacks knowledge on how an exploit works and relies upon using exploits that someone else created. A script kiddie may be able to compromise a target but certainly cannot debug or modify an exploit in case it does not work.
Elite hacker—An elite hacker, also referred to as l33t or 1337, is someone who has deep knowledge on how an exploit works; he or she is able to create exploits, but also modify codes that someone else wrote. He or she is someone with elite skills of hacking. Hacktivist—Hacktivists are defined as group of hackers that hack into computer systems for a cause or purpose. The purpose may be political gain, freedom of speech, human rights, and so on. Ethical hacker—An ethical hacker is as a person who is hired and permitted by an organization to attack its systems for the purpose of identifying vulnerabilities, which an attacker might take advantage of. The sole difference between the terms “hacking” and “ethical hacking” is the permission.
Important Terminologies Let’s now briefly discuss some of the important terminologies that I will be using throughout this book.
Asset An asset is any data, device, or other component of the environment that supports informationrelated activities that should be protected from anyone besides the people that are allowed to view or manipulate the data/information.Vulnerability Vulnerability is defined as a flaw or a weakness inside the asset that could be used to gain unauthorized access to it. The successful compromise of a vulnerability may result in data manipulation, privilege elevation, etc.
Threat A threat represents a possible danger to the computer system. It represents something that an organization doesn’t want to happen. A successful exploitation of vulnerability is a threat. A threat may be a malicious hacker who is trying to gain unauthorized access to an asset.
Exploit An exploit is something that takes advantage of vulnerability in an asset to cause unintended or unanticipated behavior in a target system, which would allow an attacker to gain access to data or information.
Risk A risk is defined as the impact (damage) resulting from the successful compromise of an asset. For example, an organization running a vulnerable apache tomcat server poses a threat to an organization and the damage/loss that is caused to the asset is defined as a risk. Normally, a risk can be calculated by using the following equation: Risk = Threat * vulnerabilities * impact
Comments
Post a Comment