Talking like a hacker: Ethical hacking terminology
Starting into ethical hacking can be difficult, and maybe you will read or hear many words for which you do not know the meaning or their context. Today you will learn the basic vocabulary to start with your hacking journey. After reading this guide of concepts, you will be able to understand the introductory speech used in cybersecurity.
I will try to expose to you terms that are associated with hacking. There are some that are more general concepts used in IT (information technology), but the core terms used in infosec (information security) are explained here:
1. Host: When we refer to a host in IT, but especially in infosec, we mean a device, which can also be a computer (the abbreviation for personal computer is PC). However, being more strict and as a standard in computer networking, we will call a host a device that is connected to a network. For those who have more networking knowledge, a host can be a switch or a router, even a telephone, a laptop, a PC, or a server. It’s important to take into account that we will identify a host by its IP address.
2. LocalHost: When we refer to a localhost, we refer to the local computer that is being referenced. To understand it better, let’s see an example: If you are using a PC and want to make reference to the own IP address of the device, then you will refer to the localhost IP add (IP add can be used to make reference to IP address). This concept is very useful when working with networks because you don’t need to work with the IP add of the device; you can make reference to the local machine itself, using:
localhost
127.0.0.1 #loopback address The loopback address is another way to refer to the local machine itself, and just like localhost, it’s used in many programs and utilities in networking, ethical hacking, or even programming.
3. Terminal: In very simple words, when we talk about a terminal, we mean software that allows you to write commands from your keyboards to your operating system, using software that understands the input commands and makes the translation to the OS, a shell. (This is a very short explanation; however, if you want to learn more in depth about shells, terminals, consoles, and more, click the link below to read another article.) https://medium.com/@thomassorza/whats-a-shell-c3735f216dde
4. Server: A server is a specialized computer that provides a service or a source to other connected devices on the network. Servers usually store data. They can include web servers, email servers, file servers, database servers, and more. Even servers could be built to run games or play media. (The main idea about a server is that it is like a host, a host that has massive resources and makes the operations of the requests of the clients “the devices that make the requests”).
5. Malware: Malware is very common in the infosec field, but commonly you may know malware like pc viruses. Software installed in a device to gain unautorized acces to many functuonalities, information storage in the device or a network. (I will do other post dedicaded for explaining malware). Here are some types of malware: Viruses, Trojans, Ransomware, Spyware, Adware, Worms, Botnets and Rootkits.
6. Enumeration: The enumeration is the phase is the phase when is developed the recognizion to gather the greater amount of information about a target, a network, a service or a program to vulnerate. This info can be, resorces, services or components that can work as a first step to start the explotation of an attack vector. Applications like Nmap are very popular for enumeration.
7. Hacker: When we are talking about hackers, we are talking about a person who has expertise in technology usage, telecommunications, networks, or informatics in general. But in daily life, we found another conception about hackers, because in the newspapers, social media, news, TV shows, and movies, has been transmitted the popular idea that the hacker is a bad person who searches for ways to break into systems without any permission to commit criminal acts. But in reality, a hacker is a person who has a lot of experience and a large knowledge of technology. That’s why we talk about ethical hacking, because this “ethical” term is used to refer to hackers that make penetration tests in enterprises. (You con find an article about the types of hackers, soon).
8. Cracking: Cracking refers to the act of bypassing security measures in one system to gain information or gather software or data without consent. This is done illegally. It’s important to take into account that the word “crack” also makes reference to the act of cyber piracy by getting free licenses or software in an illegal way, in some cases to sell it. When you find free software on the internet, just like a game, it could be a crack and can contain malware.
9. Exploit: In order to obtain illegal access or elevate privileges, a method known as an exploit is used to take advantage of flaws in a system, network, or device. Exploits are tools that take advantage of flaws or security gaps in hardware or software to undermine security. They might result in data leaks, unauthorized entry, or command over a particular system.
On the other hand, the use of exploits by ethical hackers or security researchers can help find and repair flaws and boost overall security. In some circumstances, malicious software, also referred to as malware, can supply exploits. It’s essential to note that using exploits for malicious purposes is illegal and unethical, but there are websites like Exploit Database, where you can find exploits for almost any specific task or vulnerability. Use them with caution and only in controlled environments; it can always be risky to use code from another person.
10. Zero-day : A zero-day is a vulnerability that hasn’t been discovered before. This kind of vulnerability is extremely dangerous because it can represent a giant risk to enterprises and even governments. If someone creates or discovers a new technique to get into a system or gain sensitive information, it is difficult for security professionals to patch or correct the problem quickly. That’s why, as an infosec professional, it’s crucial to be up-to-date with the most modern techniques and technologies to protect organizations.
The penalty for selling exploits for zero-day vulnerabilities is pretty high; it’s a serious crime. It would always be better to report these vulnerabilities.
11. ScriptKidde : Don’t allow anyone to refer to you as a scriptkiddie. Considering the root of the words “Script” (an automated file to execute a task) and “Kiddie” (from kid), you can understand a scriptkiddie as a non-very-experienced person that needs scripts and tools to achieve an objective (most of the time, the scripts and the tools are gained from the internet). You need to work hard to build a strong kit of hacking abilities because a real hacker has the ability and experience to play around with the options available and complete the challenge, but on the other hand, a scriptkiddie is a person who does not understand very well how things work.
Well I hope you have understood the basiscs terms used in hacking and infosec, now continue expanding your knowledge and hacking skills. Don’t forget to always increse your technical vocabulary to improve your speech and knowledge.
Don’t stop learning. Keep hacking!
