In this post I'm going to try to explain some different hacker terms and the mindset surrounding them. As I'm looking into the security field there are some common terms that float around and might as well define* them in one place. We will talk black hats, white hats, and grey hats. After defining things I'll tell you what I'm focused on learning and my plan to get there.
Black Hat Hacking
Black Hat Hacker: a person finds security flaws and exploits them for their own gain. Black hatters don't really care rather the target is a person or an organization. I guess if you wanted a non-technical definition then you can say the black hatters are the "bad guys"
White Hat Hacking
White Hat Hacker: a person who finds security vulnerabilities for others to fix. White hatters tend to have permission to be in someone's system to break things. White hatters are also called "ethical hackers" or in non-tech terms we can call them the "good guys".
Grey Hat Hacking
Grey Hat Hacker: a person that finds vulnerabilities but without the personal gain. Grey hatters are said to be like white hatters except they publically announce vulnerabilities. I like to think of grey hatters as the limit pushers, because they could easily fall into the category of black or white hatter depend on how they use their knowledge of a discovered exploit.
Which do I want to be?
Ah so we are back to me and my choices. I have been studying black hat tools and given my background I think I want to be in the grey hat bucket. In undergrad I was doing cybersecurity research for mobile devices and I kept thinking "why isn't this public?!?". The project/app I first worked on (Droidsheep) was public (it is Andreas Koch's master thesis) but some of the other stuff we casually talked about seemed so hush hush unless you were actively studying it.
I don't really see me ever being malicious when it comes to security, and I also know how important it is to alert companies of weak points (plus you can get paid for it). I want to make sure that security topic and exploits are easily understood by anyone at any level and thus gray hats seems like a lovely group to be a part of.
I plan on obtaining the knowledge needed by reading and practicing from different well recommended security books, security courses, and competing in CTFs (Capture the Flags) as my budget allows. I currently work in IT and I'm study on Rangeforce as well as Cybrary in order to obtain a Network+ cert and eventually my CISSP cert.
Let me also take the time out to thank the people at RangeForce for giving me access to their matierial free of charge.
I've been meaning to write more about them and the skills I learn so let this be a start. Now as I end this I recognise that you don't get to just put yourself in these groups but hopefully as time goes on I can justify my place among the greats.
- Definitions come from technopedia.com