[Content:Vocabulary] Different kinds of Infosec

This commit is contained in:
Raphael Cerveaux 2018-08-09 11:58:50 +02:00 committed by GitHub
parent ed8ce5b25e
commit ee5bac7763
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -31,7 +31,6 @@ This repository is a guide for amateurs pen testers and a summary of hacking too
* [Exploitation Tools](#wrench-exploitation-tools) * [Exploitation Tools](#wrench-exploitation-tools)
* [Sniffing & Spoofing](#busts_in_silhouette-sniffing--spoofing) * [Sniffing & Spoofing](#busts_in_silhouette-sniffing--spoofing)
* [Web Hacking](#rocket-web-hacking) * [Web Hacking](#rocket-web-hacking)
* [Private Web Hacking](#zap-private-web-hacking)
* [Post Exploitation](#tada-post-exploitation) * [Post Exploitation](#tada-post-exploitation)
* [Frameworks](#package-frameworks) * [Frameworks](#package-frameworks)
* [Additional resources](#additional-resources) * [Additional resources](#additional-resources)
@ -55,12 +54,26 @@ This repository aim first to establish a reflection method on penetration testin
## Some vocabulary ## Some vocabulary
**Infosec** : ...
**Opsec** : ...
**Black/grey/white hat hacker** : Someone who uses bugs or exploits to break into systems or applications. The goal and the method differs depending if he's a black, grey or white hat hacker. A black hat is just someone malicious that does not wait permission to break into a system or application. A white hat is *usually* a security researcher who practice ethical hacking. A grey hat is just in the middle of these two kind of hackers, he might want to be malicious if it can be benefit (data breach, money, whistleblowing ...). **Black/grey/white hat hacker** : Someone who uses bugs or exploits to break into systems or applications. The goal and the method differs depending if he's a black, grey or white hat hacker. A black hat is just someone malicious that does not wait permission to break into a system or application. A white hat is *usually* a security researcher who practice ethical hacking. A grey hat is just in the middle of these two kind of hackers, he might want to be malicious if it can be benefit (data breach, money, whistleblowing ...).
**Penetration tester** : Most likely a white hacker who test applications and systems to secure them or find vulnerabilities. **Penetration tester** : Most likely a white hacker who test applications and systems to secure them or find vulnerabilities.
**Security researcher** : Someone who practice pen testing and browse the web everyday to find phishing/fake websites, infected servers, bugs or vulnerabilities. He can work for a company so he's responsible for the security of systems. **Security researcher** : Someone who practice pen testing and browse the web everyday to find phishing/fake websites, infected servers, bugs or vulnerabilities. He can work for a company so he's responsible for the security of systems.
**Red teamer** : ...
**Blue teamer** : ...
**Reverse engineer** : ...
**Social engineer** : ...
**Threat analyst** : ...
### Difference between hacking and ethical hacking ### Difference between hacking and ethical hacking
A black hat is practicing penetration testing, but unlike a white hat, this is not ethical hacking. Ethical hacking is about find vulnerabilities and improve the security of a system. An ethical hacker is the ultimate security professional. Ethical hackers know how to find and exploit vulnerabilities and weaknesses in various systems, just like a malicious hacker (a black hat hacker). In fact, they both use the same skills; however, an ethical hacker uses those skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get there and try to break in. An ethical hacker is basically a white hat hacker. A black hat is practicing penetration testing, but unlike a white hat, this is not ethical hacking. Ethical hacking is about find vulnerabilities and improve the security of a system. An ethical hacker is the ultimate security professional. Ethical hackers know how to find and exploit vulnerabilities and weaknesses in various systems, just like a malicious hacker (a black hat hacker). In fact, they both use the same skills; however, an ethical hacker uses those skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get there and try to break in. An ethical hacker is basically a white hat hacker.