Types of Hacking: A Simple Guide

TL;DR

Hacking isn’t just one thing! It covers lots of different areas, each with its own skills and goals. This guide breaks down the main types so you understand what people mean when they talk about ‘hacking’.

Understanding Different Hacking Sub-fields

1. Ethical Hacking (Penetration Testing)
   • What it is: Legally testing systems to find weaknesses *before* bad guys do. You have permission from the owner.
   • Tools often used: Nmap, Metasploit, Wireshark, Burp Suite.
   • Example task: A company hires you to check their website for security holes.
2. Web Application Hacking
   • What it is: Finding flaws in websites and web apps (like online banking or social media). Common attacks include SQL injection, cross-site scripting (XSS), and broken authentication.
   • Example task: Trying to access another user’s account by exploiting a vulnerability in the login form.
   • Basic example of checking for XSS: Try entering into a website search box. If it pops up an alert, there’s likely an issue.
3. Network Hacking
   • What it is: Targeting computer networks to gain access or disrupt services. This can involve sniffing network traffic, cracking passwords, and exploiting network protocols.
   • Tools often used: Nmap (for scanning), Wireshark (for packet analysis).
   • Example task: Using a tool like Nmap to find open ports on a server:

     nmap -sV target_ip_address

4. System Hacking
   • What it is: Gaining control of individual computers or servers. This often involves exploiting operating system vulnerabilities or using malware.
   • Example task: Finding a way to run commands on a server without proper authorisation.
5. Wireless Hacking
   • What it is: Targeting Wi-Fi networks and devices. This can involve cracking WEP/WPA passwords, intercepting wireless traffic, or creating rogue access points.
   • Tools often used: Aircrack-ng suite.
   • Example task: Attempting to crack a weak Wi-Fi password using a dictionary attack.
6. Mobile Hacking
   • What it is: Targeting smartphones and tablets (Android, iOS). This can involve exploiting vulnerabilities in the operating system or apps, intercepting communications, or installing malware.
   • Example task: Analysing an Android app for malicious code.
7. Social Engineering
   • What it is: Manipulating people into giving up confidential information (passwords, access codes). This doesn’t involve technical hacking directly but relies on human psychology.
   • Example task: Phishing emails designed to trick users into revealing their login details.
8. Reverse Engineering
   • What it is: Disassembling software to understand how it works, often to find vulnerabilities or bypass security measures.
   • Tools often used: IDA Pro, Ghidra.
   • Example task: Analysing a piece of malware to determine its functionality.

It’s important to remember that many cyber security professionals work in multiple areas. Also, the lines between these fields can sometimes blur.