CTCH 127

 One of my primary interests within computers is penetration testing. A majority of individuals who hear about penetration testing often think of something dark and brooding, and with the rash of recent Anonymous and LulzSec cyber attacks, it strikes fear in many that hacking is one-sided and there is no real benevolence associated with the term. Well, that isn't always the case. The actual term hacker is meant to describe someone who can orchestrate changes or modifications to something in order to make it achieve an effect not originally intended, the first use of the word 'hacker' came from MIT when programming was in its infancy and the system administrators would 'hack' together pieces of code to achieve a certain effect, sending e-mails when the system was available to be used by certain individuals, etc.

Now the term is associated with an internet underground of criminals and spies waiting to steal your personal information. Within the internet culture these people are termed 'crackers' as in cracking safes, or cracking protections on software/servers to retrieve information. These people use vulnerabilities in programs to gain access to systems that will let them do as they please. More often than not these are simple security loopholes, or exploits, that can either be well known and in databases such as Exploit-DB.com or what is known as a 'zero-day' exploit in which no one, not even the software developer, is aware of it. These zero-day exploits are very rare but also the most dangerous, as if one system with certain software is affected, all systems with that specific version of software can be vulnerable.

Penetration testing is the art of using both known exploits and zero-day exploits against systems but for the purpose of finding security holes. The major difference between this and hacking criminally is that penetration testers set up a schedule with a business to attack and find these security holes, usually during off-business hours. This provides no immediate loss of production and gain for the business, while securing their systems. Unfortunately, things can happen while deploying exploits and commandeering the systems, and systems may go down. However, it is much better to have this happen in a controlled environment with all the logs available than a random person doing it for malevolent purposes. Due to the recent surge in cyberattacks penetration testing is becoming a very hot field to work in, and I am excited to pursue it!


Valid XHTML 1.0 Transitional