HOW TO THINK LIKE A HACKER

Like most cultures without a monetary economy, hackerdom runs on reputation. You're trying to solve interesting problems, but how interesting they are, and whether your solutions are really good, is something that only your technical peers or superiors are normally equipped to judge. This is why you aren't really a hacker until other hackers consistently call you one. Specifically, hackerdom is what anthropologists call a "gift culture." You gain status and reputation in it not by dominating other people, nor by being beautiful, nor by having things other people want, but rather by giving things away: your time, your creativity, and the results of your skill.

 Thinking like a hacker is not just for criminals, but also for companies or individuals who want to know how to protect themselves against hackers. If you know how a hacker uses their imagination to enter a company's computer security system, you will have a better chance of safeguarding your own system. Read on to learn more. 

TIPS:

1.          Identify possible exploits and their domain names, gathering as much information as you can to create a footprint analysis. Consider the size of the target, the number of potential entry points and the security mechanisms that may be in place. A hacker should think about company names and subsidiaries, phone numbers, domain names and their IP networks.

 2         Pay attention to "back door" entry points. For example, identify startup companies that most likely have weak security, especially those recently acquired by large companies. Hacking into these smaller companies may provide information about the unrestricted virtual private networks of the larger target companies.

3          Connect to the listening UDP and TCP ports of your possible targets and send random data, attempting to determine what versions of File Transfer Protocol, Web, or mail servers that they may be using. Many TCP and UDP services send data that will identify the running application as a response to random data. You can find exploits by cross-referencing the data you find in vulnerability databases, like SecurityFocus.

4          Think about how you will gain access to the target once you have learned the basic information. You will need a password and user account, which is usually acquired through a sneak attack. That is, many hackers will take information from a company website and directly contact an employee by phone, pretending to be the help desk or a web technician. Many unsuspecting employees will give valuable information to a person who sounds authoritative.

5          Take the username and password obtained and "Trojan" the system. For example, you can enter with the user's name and password and replace an everyday piece of software like Notepad.exe with a piece of Trojan code. This code can allow a hacker to become an administrator in the system, so that the next time that the hacker logs on, they will automatically be added to the administrators' group and will have instant access to "admin only" information.

Attitude is no substitute for competence. Hackers won't let posers waste their time, but they recognize competence — especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.