ABSTRACT

One of the most commonly used terms in the IT

sector is ethical hacking. The rising frequency of
cyber-attacks has forced businesses and government
agencies to tighten their defences against malicious
hackers.

In the current digital era, ethical hacking has become

extremely important. Ethical hacking is an ideal career
choice for folks who wish to break into the IT industry
by being a Certified Ethical Hacker (CEH).
You've probably figured out that ethical hacking is
gaining popularity, and the breadth of this career will
expand in the future.

Ethical hackers appear to be a corporate superhero

who defends the corporation with a weapon called
ethical hacking. An ethical hacker should be aware of
the risk of attacks and be accountable for finding
solutions to those issues. Ethical hacking is a necessary
component of the online business world, and an
ineffective hacker can land a company in hot water.
This emerging career involves many new technologies
and techniques and requires additional abilities. Not
to mention, ethical hackers draw hefty salaries in
the industry. What matters most in this field is
experience; the more experienced you are, the higher
your chances of getting promoted. Adopting ethical
hacking as a career will pay off in terms of knowledge,
skills, experience, job security, job happiness, career
advancement, and lucrative pay. If an individual enjoys
such a field of work, then he has to start with CEH
exam preparation.

Studies show a major shortage of skills in the larger

field of information security. Companies are willing to
pay a premium to fill growing openings in their cyber
security departments, but they're having trouble finding
qualified candidates. It implies that if you are trained as
an ethical hacker, you need not worry about money or a
job again.

1.HACKING AND CATEGORIES OF HACKERS

Hacking is the activity of identifying weaknesses in a

computer system or a network to exploit the security to
gain access to personal data or business data.
Hobby/profession of working with computers. In other
words hacking is nothing but breaking into computers,
gaining access to one’s computer or network, some
people do it for fun so for them it is just fun with
computers. An example of computer hacking can be:
using a password cracking algorithm to gain access to a
computer system.

Computers have become mandatory to run a successful

businesses. It is not enough to have isolated
computers systems; they need to be networked to
facilitate communication with external businesses. This
exposes them to the outside world and hacking. System
hacking means using computers to commit
fraudulent acts such as fraud, privacy invasion,
stealing corporate/personal data, etc. Cyber crimes cost
many organizations millions of dollars every year.
Businesses need to protect themselves against such
attacks.

The people who do this unauthorized work is referred to

as hacker.

A hacker is a person who breaks into a computer

system. The reasons for hacking can be many: installing
malware, stealing or destroying data, disrupting service,
and more. Hacking can also be done for ethical reasons,
such as trying to find software vulnerabilities so they
can be fixed.

Based on these work, hackers are classified into three

categories as-
Black hat hacker

Black hat hackers are criminals who break into

computer networks with malicious intent. They may
also release malware that destroys files, holds
computers hostage, or steals passwords, credit card
numbers, and other personal information.
Black hats are motivated by self-serving reasons, such
as financial gain, revenge, or simply to spread havoc.
Sometimes their motivation might be ideological,
by targeting people they strongly disagree with.

Gray hat hacker

Somewhere between white and black are gray hat

hackers. Gray hat hackers enact a blend of both black
hat and white hat activities. Gray hat hackers often
look for vulnerabilities in a system without the
owner's permission or knowledge. If issues are found,
they report them to the owner, sometimes requesting a
small fee to fix the problem.
Some gray hat hackers like to believe they are
doing something good for companies by hacking
their websites and invading their networks without
permission. Still, company owners rarely appreciate
unauthorized forays into their business information
infrastructure.
Often, a gray hat's real intention is to show off their
skills and gain publicity — maybe even appreciation —
for what they consider a contribution to cybersecurity.

White hat hacker

White hat hackers – sometimes also called “ethical

hackers” or “good hackers” – are the antithesis of
black hats. They exploit computer systems or networks
to identify their security flaws so they can make
recommendations for improvement.

2.TYPES OF HACKING

Website hacking
Centralised to vulnerable loopholes in websites,
collapsing the information or making changes in it.

Email hacking

Gaining access to one’s email id or emails and

tempering with it, and misusing the information

Computer Hacking

Stealing information from one’s PC, connecting and

accessing to remote PC or desktops and accessing their
files and many more.
Online banking hacking

Hackers create fake or clone websites and steal your

login credentials can also be done by other means such
as sniffing through common network.

Password hacking

It is simply stealing passwords over any network or by

using social engineering.
. TYPES OF HACKERS

Cybercriminals

Cybercriminals are hackers who often use tools such as

malware, phishing, and ransomware to launch attacks
for financial gain or other nefarious purposes. They
steal information ranging from email addresses and
passwords to social security numbers and credit card
details in order to sell it for profit.

Hacktivists

Hacktivists use hacking techniques as a tool for

social activism. They often break into organizations
they oppose in order to send a message, for instance by
defacing their website, launching DDoS attacks,
stealing and posting personal or confidential
information, and so on. Anonymous is one example of a
well-known hacktivist group.
Ethical hackers
Ethical hackers are legally permitted to break into
certain computer systems to find flaws. Businesses
and government organizations often hire ethical
hackers to uncover software vulnerabilities or other
security weaknesses so they can be fixed before they
are exploited by malicious hackers.

Script kiddies

Script kiddies are part of the newer wave of hackers

who do not rely on high levels of skill for their attacks.
Instead they purchase and use ready-made scripts and
hacking tools.

4. ETHICAL HACKING

Any electronic equipment or digital system is

vulnerable to intrusion and exploitation. Some may
have a more advanced security system, while others
may not. Here is where ethical hacking comes into
play.

Ethical hacking is all about preventing unwanted

access, thefts, and attacks. It is a legitimate attempt to
get access to a company's network and systems to detect
potential threats before hackers may exploit them.
Ethical hacking plays an extremely important role in
the larger firms' banking sector, where company
and customer data need to be safeguarded. As a
result, most businesses turn to ethical hacking to
keep their customers safe.

Ethical Hacker An ethical hacker is a specialist in

charge of detecting any illegal access, identifying
potential hazards, and developing new procedures to
protect firm data.

In simple terms, an ethical hacker defends the

company against hostile attacks.

An ethical hacker's job is a significant

responsibility on which an entire company relies. To
execute their job effectively, they must think like illegal
hackers and stay one step ahead of them.

5. SOME POPULAR TECHNOLOGIES AND

LATEST TOOLS
Tools:-

Nessus

Nessus is the globe's most recognized vulnerability

scanner developed by Tenable. This application
helps professionals detect unpatched services,
vulnerable passwords, misconfiguration, and other
liable systems. A free tool Nessus is suggested for non-
enterprise leverage. An ethical hacker can see critical
bugs in any target system.
Netsparker

The benefit of Netsparker is that it offers us the

potential to mimic a hacker's specific actions. You can
leverage this tool to find web API threats like SQL
injection or cross-site scripting. Without manual
verification, this tool can determine genuine
vulnerabilities one after the other; hence your headache
of disguising the vulnerabilities as a false positive is
gone. Netsparker is also easy to access and is available
as both an online service and Windows software.

Aircrack-Ng
The benefit that Aircrack-Ng brings to the table is that it
provides ethical hackers with a range of tools leveraged
for monitoring and evaluating a network. If they find a
vulnerable network, they check, monitor, attack, and
crack it. This Wi-Fi hacking tool spares no
platform and supports 2Free BSD, Solaris, Windows,
OpenBSD, Linux, NetBSD, and OS X.

Nmap

Network Mapper (Nmap) is a hacking software

leveraged for port scanning. No ethical hacker can work
without this tool due to its robust scanning and
searching potential. The data collected using Nmap is
essential for ethical hackers in determining how to
strike the target system. This tool enables the
professionals to identify services and hosts on the
network, developing a network map. Leveraging
Nmap can probe computer networks and detect OS.
First, the tool was only available for Linux; however,
now it's a cross-platform tool and operates on Windows
and Mac.

Burp Suite
It is a Java-based system that deals with Web
Penetration Testing. Burp Suite is an industry-standard
suite of tools that information security (InfoSec)
leverage. For ethical hackers, this tool enables them to
identify vulnerabilities in their target system and
confirm if any attack vectors impact web applications.
In addition, Burp Suite has the best web application
crawler that maps functionality and content efficiently.
It also tackles shifts in state, app logins, and volatile
content.

Acunetix

Between cross-site scripting (XSS attack) and SQL

Injection (SQLi), which according to you, is more
threatening? The latter sends damaging SQL statements
back to the victim user and trade-offs the database
server safety behind the app. On the other hand, the
former attacks interaction between app and users if it's
vulnerable. Acunetix is a protector in both situations - a
fully automated software with the potential of
identifying and reporting over 5,000 security threats,
including variants of XSS and SQLi. Moreover, it
supports JavaScript and HTML5 and sequences
vulnerabilities according to risk level.
Metasploit

It is an open-source penetration testing system written

in Ruby. Metasploit confirms security vulnerabilities
and develops codes. This code lets any ethical hacker
break into their plan to determine security issues and
choose which to address first. Individuals who are new
to ethical hacking leverage Metasploit to sharpen their
skills.

Latest Technologies:-

Containers

Docker and LXC/LXD for host machines.

Kali NetHunter

Android based application for hacking and penetration

testing.
WSL Windows Subsystem for Linux (WSL) is a
software package on modern Windows installs that
allow you to run Linux alongside your Windows system
in an optimized container.

Kali Cloud

Kali Cloud images can quickly be deployed in

multiple different cloud provider’s infrastructures.
This allows easy access to a Kali install in a modern
environment with strong hardware resources. Example:
AWS.

6. PROSPECTS FOR EH AS A PROFESSION IN THE

FUTURE

Ethical hacking has an infinite future. Many areas,

including government, corporate enterprises, health
care, entertainment, banking, and others, are quickly
expanding in this arena.
Even though only 32% of people work in the ethical
hacking industry. As a result, the demand for new staff
is on the rise. Compared to last year, the number of
ethical hackers is predicted to rise by 20% by the end of
2022. As a result, this number will continue to grow in
the future.

Ethical hacking is a great way to keep your job safe

Job stability is one of the most critical factors

determining employment decisions. Like trends,
cybersecurity is a job that is never out of demand. Like
doctors, ethical hackers are required 24 hours a day,
seven days a week, regardless of the economy. Ethical
hacking has a 0% unemployment rate, indicating that if
you pursue this field, you are sure to end up with a job
in hand.

Studies show a major shortage of skills in the

larger field of information security. Companies are
willing to pay a premium to fill growing openings in
their cyber security departments, but they're having
trouble finding qualified candidates. It implies that if
you are trained as an ethical hacker, you need not worry
about money or a job again.

As a result of ethical hacking on a global scale, new

opportunities will emerge
Another big benefit of an ethical hacking job is the
opportunity to work from any location on the planet.
Like any other technology profession, ethical hacking is
recognized around the world and is not limited to a
single country. Furthermore, the credentials required for
admittance into this area are approved and recognized
globally.
The EC-Council, for example, certifies people in this
field so that they can work in 127 countries across the
world.

. APPLICATIONS AND SCOPE OF WORK

Applications

Finally, ethical hacking is one of those careers that

offer many opportunities. Traditional cybersecurity
solutions are no longer adequate for almost every firm.
As a result, ethical hacking is now an integral aspect of
every industry's security strategy.

Even if many businesses and organizations deny the

need for ethical hackers, they will eventually see the
light. In a few years, ethical hacking will be established
as a vital stage in guarding against digital threats. It
is why we get to notice how many institutions have
started cyber security courses. The ethical hacking
course covers ethical hacking, information collecting,
google hacking databases, penetration testing,
software technologies, countermeasures, and other
topics. Candidates interested in cybersecurity,
computer systems, and networks are most likely to
enroll in this course.

Scope Of Work

Let's look at what ethical hackers do to get a

better idea of their possibilities and work options.

Detect security flaws and potential hazards in computer

systems
Ethical hackers use their expertise to help people,
businesses, and governments uncover current and
potential cyber-security problems. They hack into
systems with permission to find gaps, flaws, and
susceptible places in the system that unethical hackers
could exploit with evil purposes.

Provide anti-hacking countermeasures

Ethical hackers not only detect weak points in a
system's security but also create countermeasures to
prevent harmful attacks. The hacker thinks like an
attacker and works on a solution while keeping the
attack line in mind to uncover system weaknesses.

Large-scale data protection

In contrast to unethical hackers, ethical hackers work

for the greater benefit, and they labor for their
employer's security rather than personal use. Large
corporations, such as financial institutions and even
government offices, seek the help of ethical hackers to
protect their data.

In digital globalization, nations, companies, industries,

and individuals need to ensure the safety and security
of their online data. These are where ethical
hackers are required to protect the data and prevent
cyberattacks. Being certified by the best institute in the
field carries a lot of weightage when one starts hunting
for a job. Based on research, an interested student can
opt for CEH exam preparation, as they are very
structured and organized in preparing students for
exams.

The main recruiters are IT companies. Every company

nowadays is extending its operations and is getting
online. They hire ethical hackers or cyber
professionals to protect businesses from various
cyber threats. Cyber professionals or ethical hackers
are also sought by government defense groups, law
enforcement, forensic laboratories, detective agencies,
the CBI, and national security agencies.

Some of the top ethical hacker recruiters include

Accenture, HCL, Wipro, Infosys, Genpact, IBM, TCS,
Tech Mahindra, and Airtel.

8. CONSEQUENCE OF FALSE USE

• If anyone will engage in false use of ethical

hacking or hacking then a fine will be imposed
against him/her.

• He/she will have to face imprisonment. • You will face

seizure of your computer.
• And you might as well get restricted to use any device
that has computer in it.

• And other punishments can done unto you according

to scale of the crime committed by him/her.

Instances

The 17-year-old reportedly arrested on suspicion of

hacking Rockstar Games. City of London Police
arrested a teenager in Oxfordshire last week and
charged him with two counts of breach of bail
conditions and two counts of computer misuse. (on
September 27th 2022)

According to the investigation headed by CBI, Mikhail

Shargin, who is a Russian hacker, had allegedly
tampered with the iLeon software, the platform on
which the JEE (Main)-2021 examination was
conducted, officials said. (on October 4th 2022)

9. CONCLUSION
With an increasing number of people using the
internet for banking, communication, shopping, and
business, cyberspace is becoming a money-making
arena for hackers. Hackers use digital means to gain
access to computer systems to purloin data, conduct
fraud, or put a system at risk by destroying documents
and files.
Criminals can access WiFi networks and social
media accounts, such as Instagram, Twitter, and
Facebook. Personal information of users, such as
images, videos, and bank passwords, are all at risk. It
brings to light the fact that the more internet visible a
person is, the more vulnerable he is to criminals or
black hat hackers.
Ethical hacking is the antidote to this problem. In
ethical hacking, a hacker gains access to a system
after seeking permission to discover security flaws.
The rise in online activities worldwide has increased
the demand for certified ethical hackers along with
courses on hacking.

It is anticipated that the demand for cyber security

specialists will rise to a billion in the coming years.
The outbreak of the epidemic COVID19 drove a
greater percentage of the population to resort to the
online world for business, human connectivity,
education, and e-commerce, and the demand for
cyber-security expertise is expected to skyrocket!

10. REFERENCES

Literature

l . Hacking: The Art of Exploitation by Jon Erickson.

2. The Basics of Hacking and Penetration Testing by

Patrick Engebretson

3. The Hacker Playbook 2 by Peter Kim

4. Penetration Testing by Georgia Weidman

Websites

• https://www.quora.com/What-is-ethical-hacking-2

• https://en. wikipedia.org/wiki/Brain fingerprinting

• https://www.icertglobal.com/top-7-ethical-hacking-
application-for-2022/detail