What is Ethical hacking?
Welcome to the complete ethical hacking course, in this course, we will be covering everything you
need to know as an ethical hacker.
From theory to practical examples, we'll start with basics first.
And the further we go in the course, the more intermediate and advanced stuff we will cover.
Knowing theory and practicing different attack methods that we will learn will eventually make you a
master in ethical hacking.
But wait, wait a second.
We just started the course and I'm already talking about being a master in ethical hacking, let's slow
down a little bit.
What even is ethical hacking and what does an ethical hacker do?
Or you might also wonder, can I get in trouble by doing this?
Don't worry.
Remember, we are ethical hackers.
This means we're hard to hack into a network or a device or in general, we want to find as many vulnerabilities
inside the target system, but not to do bad things.
Quite the opposite.
We want to secure them.
An ethical hacker who is hard to find as many vulnerabilities in a certain system is also known as a
white hat hacker.
Now, I mentioned the upward system quite a few times by now.
What do I mean by finding vulnerabilities in a system?
Well, the system can be anything.
It can be a network of multiple computers or it could be just one single computer.
It could also be some company server that they keep their important data on.
We could also be targeting a Web page or a website.
Availability, on the other hand, is anything that could allow someone to have an unauthorized access
to that system.
We are there to discover them and secure them.
But why are we doing this?
Well, as you know, there are the bad guys or also known as black hat hackers.
Their goal is also to find vulnerabilities in the system, but not to secure them.
Instead, they want to perform malicious activity once they gain access to that system.
That is the difference between a white-hat hacker and a black hat hacker.
A white-hat hacker is there to find vulnerability, notify the person that hired him and let him know
of a possible unauthorized access, you can think of us as a cyber police.
We are there to protect our black hat.
Hacker, on the other hand, is there to perform malicious activity, such as stealing your data.
They could also try to steal your online money.
They could install a virus or a key logger on your PC and track everything that you do.
They can go as far as doing something like stealing your identity.
However, the methods of white hat and black hat hackers use can be quite similar.
The differences we as white had.
Hackers must make sure that we have our permission to target a certain system and an example would go like
this.
We get hired by a certain company.
That company could have a website, different networks with computers inside the building where, for
example, employees work.
It could also have large servers and databases holding important company data.
And as we already know, our goal is to make sure that data is secured from cyber-attacks that also
employees and their machines are also in a secure network.
And that website doesn't have any bugs that could present a threat to that company.
How do we do all of this?
Well, we do it by attacking the company, we act as a black hat hacker with but with a different goal.
OK, but he would come to another problem.
You might be wondering, well, how am I going to learn this or how am I going to practice this?
I just said that we need permission to attack any system.
Right.
Well, don't worry, we will simulate all of these targets with the help of our home devices and also
with the help of virtual machines, it will be exactly the same.
Just this way, you won't be breaking any law while you practice, since the targets that you will attack
will be yours.
OK, more about virtual machines later.
Right now, I want to give you a small challenge.
One of the biggest online cyber attacks is something called phishing.
In most cases, phishing is an act of black hat hackers tricking you into entering some of your private
data, such as usernames and passwords, into a webpage that isn't to be trusted.
This is one of the ways how they steal online accounts.
Let me show you.
Here I have two Twitter login pages, one of these two that you can see right here is a fake login page
and the other one is real.
Let's take a quick look at them.
So let's take a look at the first one.
Here it is.
And if we take a look at the second one.
They appear to be exactly the same, right?
Have you figured out which one is real and which one is fake?
The first one that we saw is the fake login page, while the second one right here is real.
Let's mention some of the obvious reasons why this page right here that you're looking at is a fake
login page that can be used to steal your account, even though they're identical at first glance.
If we take a closer look, we can see it doesn't really have Twitter dot com as the website name.
Instead, we have some random IP addresses in our search tab.
And this is the biggest indication that this page is indeed fake and that you shouldn't enter
any private information here.
The original page should be Twitter dot com.
Another thing we can notice is that next week, the website name on the real page, we have this green
lock right here and this green lock indicates that this is an HTTP page, or in other words, it is
secured, as it says right here, secure connection, usually phishing websites, one being HTTPS.
And they won't have this green lock right here.
However, these two can be forged in a more advanced phishing attack.
And just to compare, our fake login page doesn't have the screen lock.
If we click right here, it says, connection is not secure.
And even though many of you probably knew these things already, if you were in a hurry and you got
redirected to this fake login page, you could potentially enter your password here.
And little, you know, in just a few seconds, your account has been compromised and stolen by the
bad guys since the information that you enter right here on this page gets sent to them and not to Twitter
dot com.
But don't worry, if you aren't familiar with these type of attacks throughout the course, we will
learn not only how to secure ourselves from these attacks and how these attacks work, but also we will
learn how to perform the attacks themselves.
And by the way, we also have a discourse channel where we answer your questions.
So if you haven't already, feel free to come and join us in this court, since that is where we notify
everyone about any new course updates that will come out.
And that is also where you can reach out to us in case you run into any problem during the course.
Nonetheless, I welcome you once again.
And let's get straight into the course.
