Tech News

Red Team: What Is Ethical Hacking?

When most people imagine a hacker, they think of someone hunched over a computer in a black hoodie whose actions are as shadowy as their appearance. While they don’t often dress the way they are portrayed in the movies, many illegal hackers (also known as attackers) often share the same or similar motivations as their on-screen representations. Frequently money, information collection for intelligence use, corporate espionage, ideology or a belief system (also known as hacktivism), or other personal reasons can be a driving force behind many of today’s cyber attacks. However, you may not realize that there are many Ethical Hackers who attack computer systems to help proactively protect businesses and the information they store. While this may sound contradictory, it’s a common cyber security career path that is essential to the effective defense of computer systems.

Ethical Hacking

-The 2 key distinctions of Ethical Hacking (motivation + legal, discussion on legal/illegal and motivation)

Ethical hacking is a standardized method of systems evaluation, where an individual or group acts as a malicious entity to either validate current security controls or to discover previously unknown attack paths. This is a complicated way of saying an Ethical Hacker acts exactly like a regular cyber attacker, but with the system owners permission to conduct the attack; which usually includes a follow-on report of the ways they were able to get in. 

-Describe where and when Ethical Hacking is used and the clear difference

The idea of ethical hacking is closely associated with security evaluations and penetration tests. Ethical hackers may help with the cyber security of organizations of all types and sizes, including multinational corporations, governments, and more. Other forms of ethical hacking can include accessing a system with legal authorization but not the knowledge of the owner (i.e. for law enforcement purposes) and researching vulnerabilities without weaponizing them.

Penetration Testing and Red Teaming 

Penetration testing and Red Teaming are often viewed by organizations as the same thing. While they are both designed to help bolster an organization’s security utilizing the tactics threat actors employ, there are key differences between the two types of evaluations. 

A penetration test is a simulated attack on a computer system. The test is typically focused on finding as many vulnerabilities as possible. The penetration tester looks to assess potential targets for threat actors, how to exploit an organization’s current security vulnerabilities, and the potential business impacts to the organization. 

Red teaming is also a simulated attack on a computer system. However, red teams take a more holistic approach. The red team will have specific objectives and seek to gain access to sensitive information within the organization. During a red team assessment, the members of the team use tactics similar to a penetration tester while also trying to remain stealthy. The members of the team try not only to find, assess, and exploit vulnerabilities but also zero in on errors across people, places, and technologies. More often than not, during a red team assessment the organization’s defenders or blue team are unaware that the assessment is taking place. This type of assessment can give a more true-to-life overview of the organization’s security posture from the perspective of an attacker.

Depending on the parameters of the assessment, the team (penetration testers or red team) may have prior knowledge of the environment. This is known as a crystal or white box test. If the team has no prior knowledge and is starting from scratch, this is known as a black or grey box test. Furthermore, the defensive security professionals (sometimes referred to as a blue team) may or may not know when the assessment is happening. Regardless of the parameters of the test, it is important for the ethical hackers to have prior authorization.   

A penetration test is a simulated attack on a computer system. The purpose of pentesting is to identify vulnerabilities in a system which could potentially be exploited by malicious hackers. This covers the full IT stack as well as physical security, business processes, and everything else that touches computer systems.

In a penetration test, the offensive hackers are called the red team. They act as the “enemy” in the simulation, trying to break their way into the system. Depending on the parameters of the test, the red team may have prior knowledge of the system or may be starting from scratch. Furthermore, the defensive cyber security professionals (the blue team) may or may not know when the attack is happening. Regardless of the parameters of the test, it’s important for the red team’s ethical hackers to have prior authorization.

Common Techniques Used in Ethical Hacking

Ethical hackers often use the same techniques as malicious hackers. It’s important for their tactics to match closely with the latest and most effective hacking techniques because malicious hackers will have no qualms about using every tool at their disposal to gain access to a computer system. These are some examples of the types of techniques used by hackers:

  • Social Engineering & Phishing: These tactics involve deceiving people into sharing sensitive information, installing malware or otherwise providing system access. 75% of organizations around the world have experienced a phishing attack and social engineering continues to be the top tactic used in data breaches.
  • Exploiting Unpatched Vulnerabilities: There are known vulnerabilities in many software products. These are often eliminated through patches. However, not all organizations keep up with updates. This means that attackers may be able to exploit known vulnerabilities that have not yet been patched.
  • Malware: Malicious software can be used to gain access to systems to otherwise gather sensitive information (such as keylogging). It can be deployed through phishing, malware-injecting devices or a variety of other strategies.
  • Password Cracking: If hackers have been able to access password hashes or otherwise can make unlimited credential guesses, they may be able to crack user passwords. Often, hackers sell passwords that they have cracked. This can be a major vulnerability if passwords are shared between systems.

Authorization: The Most Important Penetration Testing Step

The most important part of ethical hacking is having the right authorization to access the system. In many circumstances, this is granted by the system owner. This is the case for pentesting or other security evaluations. Other times, it may be granted by an outside body such as the justice system. In either case, it’s important to have the right authorization before beginning the hack.

Learn More About Ethical Hacking

Whether you want to pursue a career in ethical hacking or just want to learn more about cyber security, check out INE’s cyber security courses today.