Movies have accustomed us to envision unethical hackers as highly antisocial individuals, often with some type of complex, either due to lack of ego or an excess of it, who live lives filled with thrills, type 100 words per minute, never use a mouse, only have a black wallpaper, and with five commands manage to attack a nuclear installation or an autonomous vehicle with the same ease; today we will see the reality of the lifestyle of an ethical hacker.
Real life is very different; first of all, we sometimes use the mouse, our wallpapers are different from black in some cases, and we type a little slower than in the movies, but we make a lot of typos sometimes. In reality, as an ethical hacker, your life goes from challenge to challenge and the truth is it is very exciting to try to detect a vulnerability that can be exploited and manage to do it before a malicious actor does; in our life there is no way to get bored because each test we perform is different, either because of the nature of the infrastructure we are auditing, the type of the company, or the kind of technique we are using; remember that in ethical hacking our perspective and actions are exactly the same as an adversary would use, so the rule is that there are no rules.
You can use many types of tools and techniques such as a controlled Trojan malware, pass through social engineering to deceive a user, and obtain a password to the exploitation of a vulnerability in a corporate server that allows us access to the entire target network.
As an ethical hacker it is very exciting to be able to step into the shoes of a cybercriminal and step by step analyze every possibility of compromising a target that has invested hundreds of thousands of dollars in technologies, resources, and personnel, find their weak points, design an attack strategy, execute the attack and do it in an authorized way knowing that the ultimate motive is to protect companies’ critical infrastructures against cyber-attacks; the designed strategies do not always work; many times we must go back to square one and start again with a different perspective and mindset, and the challenge becomes more exciting every time, the stakes rise, and so does the adrenaline.
I talk about adrenaline because in many of our activities we must plan for the worst and hope for the best; let me illustrate it with an example: I want you to transport yourself with me to the following scenario: we are ethical hackers who know the email addresses of 10 high-level employees of a financial firm, we must compromise one of them to achieve the access we need, to do this we must convince them to type their credentials into a server that is impersonating their real authentication server and for this we must send a convincing email to each of them in a personalized way, hoping they do not notice any difference in the style, prose, writing rhythm of their immediate supervisor, so that they visit a disguised link that goes in that email; keep in mind that in some cases you cannot send all the emails at the same time because suspicions may rise, therefore, you start with the first group of three emails and you must wait for them to fall into the trap.
That wait is exciting, it is like a hunt where you have already set the trap with the bait and you are waiting for your prey, and it is possible that nothing happens.
The worst part is you do not know if the malicious email was detected and removed automatically or if any of the employees realized the deception, etc., as you see many things can go wrong and you are not going to know why, so you pick up your pieces of the strategy and create a different one and try again, setting a different ruse and waiting again, tell me if this is not exciting!
In our day-to-day we almost always have to follow up on several projects at once and work as a team, however, there are many ethical hackers who prefer to work alone, the synergy that is achieved together is greatly appreciated, and one of the most pleasant areas of this world is that almost all of us are willing to share knowledge and teach those who come behind us walking the same path. I have had the opportunity to meet wonderful people full of wisdom and techniques always willing to share and learn from all equally, because we know that our field is so huge that it is impossible to cover all areas of knowledge, and that is why it is recommended to settle for a specific area to generate expertise in it, whether it is social engineering or the exploit development, intrusion into data networks, etc.
A lot is said about the kind of computer we use and the truth is there is no specific rule, because the type of device you use and the Operating System you choose is something very personal; many people think that the preferred Operating System is Linux or the Apple systems with their MacOS, but the reality is very different and varied; the majority of people I know in the world of ethical hacking use more than one Operating System and they do it through virtual machines, myself included.
I have equipment with both operating systems (MacOS and Windows), and on them, I run virtual machines with many other Operating Systems and Linux distributions, such as Kali Linux, Ubuntu, Debian, Windows Server, etc., and this is done since depending on the exercise we need to replicate or emulate scenarios or connect a workstation to the compromised environment and simulate a specific activity among many other possibilities. At the hardware level, we cannot always have access to the highest capacity machines; many of my machines have been second-hand, and others I have configured to my liking, the important thing is that they have a processor with good capacity, all the RAM (random-access memory) you need to be able to run your virtual machines, and hopefully a graphics acceleration card, when you need to crack a password.
Apart from traditional operations, in our work we use many gadgets and tools that allow us to develop tasks, such as falsifying a wireless network, disconnecting users, creating a fake Access Point, violating the security of a biometric mechanism, or proximity control, being able to connect directly to a device’s hardware and alter its signals, intervene in the transmission of a CCTV camera, forge a cell phone charger cable to have remote access, duplicate an access card, USB sticks that allow us remote access to workstations and servers, physical key loggers to capture the user keyboard inputs. Among many other things that do come out in the movies and that we do in real life; hacking hardware tools are a fascinating sub-world within the world of ethical hacking.
As for the keyboard and mouse, anything you like and is comfortable for you; I love the sound of mechanical keys, so I have an RGB mechanical keyboard that allows me to change the color of the lighting depending on the activity I am doing, whether it is testing an objective, making a report, or socializing with a client, the steps through which we managed to breach their infrastructure protected by technologies that cost hundreds of thousands of dollars, all thanks to finding an old server that they placed to test a tool they were being offered and forgot to deactivate.
The truth about the mouse is that is not used so much if you are working most of the time in Linux because you try to learn the shortcuts for efficiency, however, it is used a lot when you have to dedicate yourself to making reports or if you are giving classes or trainings, the recommendation here will also be that you use the one that is most comfortable for you and that fits your budget. Many ethical hackers are also gamers, therefore, they probably use a mouse for gamers, just like the keyboard.
The screens are another focal point of discussion. I like to use five screens, yes, I know they are too many but let me explain the functionality of each one: the first one has my browsers open with each tab of what I have searched, the central one is my main work screen where I do scripts, texts, and review information, the next one contains the terminal of one of the virtual machines, the other one contains mail and messaging tools, and the last and larger one of the others is my main virtual machine from where I run the tests in production environments.
The software tools we use are some of the ones we will find in any company, such as email tools, collaboration, mind maps, and video conferencing, but let us talk about the ones that are not so common. As we said before, we use virtualization tools, such as VMware, VirtualBox, or UTM to be able to implement attack environments with different operating systems and make the virtual machines interact with each other. Within our arsenal, we have a large number of OSINT research tools, in the Open Source Intelligence, we gather all the possible intelligence about the objective, this is one of the most crucial stages in ethical hacking, because it allows us to have an initial idea of the cybersecurity posture of the objective, gather data from their employees, emails, physical addresses, phone numbers, allied companies, service providers, cloud environments, and much more data that we will be able to use in the following phases to generate effective exploitation. In short, detect attack surface and design an initial strategy.
On the other hand, we use many types of analysis and vulnerability detection tools, both proprietary and Open Source, which help us to have an initial view of the type of target we are facing and helps to detect where we can find the “lowest hanging fruit of the tree”, that is to achieve easy exploitations, such as an old operating system, an outdated web server, etc.
Remember that ethical hacking attacks are done manually, but in the initial stages, after recognition and fingerprinting, we use these automated tools to save time and profile the target.
The exercise gets more interesting after this, because we already know in more detail the target’s service providers, the infrastructure, the operating systems, the applications they use, their users, their emails, etc., and the time comes to carry out the different attack scenarios, for example the creation of a phishing email to achieve some credentials or the compromise of a web server to capture the information written by the users, etc.
This scenario design is very exciting and requires a lot of creativity as each exercise is unique, and there is no infallible formula or silver bullet that serves in all cases, that is why the analytical capacity of the ethical hacker is one of the best tools, and one must cultivate it permanently.
So far, I have tried to summarize in this article some of the most interesting areas within the lifestyle of an ethical hacker, but of course, we have not been able to cover the whole spectrum, because we would have to talk about all the cybersecurity measures that we must take within OPSEC (Operational Security) in order to protect our infrastructure and the information that we are gathering from our clients, which must be protected at all costs to prevent it from falling into the wrong hands with disastrous consequences.
Hopefully learning further about the exciting world of ethical hacking will create more security awareness, for both individuals and organizations alike.