Ethical Hacking 101

Cyber security is one of the fastest growing and most important functions within businesses today, the act of protecting our assets whether they be intellectual property, customer data, inventory or even people from a variety of threats. However while most organisations have at least a vague idea of the importance of implementing firewalls, scanning files for viruses and educating their staff not to click on links in suspicious emails, there is still a widespread lack of awareness around the more sophisticated attack methods that various threat actors will employ. 

This is where the Ethical Hacker comes in, an individual or team of highly skilled professionals that understand how to use a wide variety of tools and techniques to exploit vulnerabilities in your security posture. These individuals however have chosen to use these powers not for personal gain, but instead to expose those vulnerabilities before the bad guys do. 

Some ethical hackers will use their skills for different organisations that encourage attempts to breach their systems, commonly referred to as bug bounty programs. Others offer their services more formally, acting as penetration testers for different organisations. Whichever path these white hat hackers choose their methods are to utilise the exact same tools, techniques and processes as the true threat actors. 

Depending on exact requirements ethical hackers can impersonate external threats such as organised criminals, nation states or script kiddies, or even insider threats such as disgruntled employees. This enables businesses to get a practical view of their security posture, aiding processes such as risk assessment and vulnerability management, by building upon theoretical vulnerabilities with actual vulnerabilities. While passive vulnerability assessment using scanners like Nessus, OpenVAS and MBSA will find the most obvious vulnerabilities and misconfigurations they do not take into account an organisations security controls or blue team capability. Ethical Hackers do. 

So who can become an Ethical Hacker? One of the key requirements is a detailed knowledge of a wide range of IT technologies and networking. You simply cannot exploit something you don’t understand, so experience of implementing and controlling IT networks and applications is absolutely essential. Ideally this would be several years of IT Admin experience, but holding qualifications like CompTIA Network+, CCNA or MCSA is also acceptable. Beyond knowledge and experience, prospective Ethical Hackers should also be able to think on their feet and use their initiative, following a set of technical instructions is fine but the true value that Ethical Hackers add is through human intuition combined with computing skills. 

How do people become Ethical Hackers? In order to ensure that individuals have the required knowledge, skills and capability to competently carry out the role of an Ethical Hacker, organisations will look for certain qualifications. There are a wide variety of these, all similar in terms of the methodology used but to varying degrees of detail and difficulty It is vitally important Ethical Hackers hold a qualification as allowing an unqualified individual to test an organisation increases the risk of false positives and negatives being found through their testing. 

Here at Quanta we offer two different options for prospective Ethical Hackers, CompTIA PenTest+ and Certified Ethical Hacker v11. The main difference between these two is that PenTest+ focuses on penetration testing process and reporting, as well as common tools, techniques and methodologies used, while the CEH v11 is a detailed deep dive into hundreds of different hacking methods with less focus on reporting and working as a penetration tester. Both options are delivered through experiential training giving delegates hands on experience as well as explaining concepts and theory needed to pass the exams. 

If you’re still unsure which course is right for you, just give us a call on 0800 018 5597.