Gray Hat Hacking Hacker’s Handbook Second Edition

INTRODUCTION

The goal of this book is to help produce more highly skilled security professionals who are dedicated to protecting against malicious hacking activity. It has been proven over and over again that it is important to understand one’s enemies, including their tactics, skills, tools, and motivations. Corporations and nations have enemies that are very dedicated and talented. We must work together to understand the enemies’ processes and procedures to ensure that we can properly thwart their destructive and malicious behavior.

The authors of this book want to provide the readers with something we believe the industry needs: a holistic review of ethical hacking that is responsible and truly ethical in its intentions and material. This is why we are starting this book with a clear definition of what ethical hacking is and is not—something society is very confused about.

We have updated the material from the first edition and have attempted to deliver the most comprehensive and up-to-date assembly of techniques and procedures. Six new chapters are presented and the other chapters have been updated.

In Part I of this book we lay down the groundwork of the necessary ethics and expectations of a gray hat hacker. This section:

• Clears up the confusion about white, black, and gray hat definitions and characteristics
• Reviews the slippery ethical issues that should be understood before carrying out any type of ethical

hacking activities
• Surveys legal issues surrounding hacking and many other types of malicious activities
• Walks through proper vulnerability discovery processes and current models that provide direction