1

00:00:00,299 --> 00:00:01,257

<v ->Hackers.</v>



2

00:00:01,257 --> 00:00:03,543

There are five types of hackers that you have to



3

00:00:03,543 --> 00:00:06,070

recognize for the Security+ exam.



4

00:00:06,070 --> 00:00:06,903

They are white hats, black hats,



5

00:00:06,903 --> 00:00:09,570

gray hats, blue hats, and elite.



6

00:00:10,718 --> 00:00:14,042

A White Hat hacker is someone who is non-malicious.



7

00:00:14,042 --> 00:00:16,474

This is somebody who is going to attempt to break into



8

00:00:16,474 --> 00:00:18,304

a company at their request.



9

00:00:18,304 --> 00:00:20,692

In fact, the white hats are either on the payroll of



10

00:00:20,692 --> 00:00:24,943

the company or they're contracted to do this as a service.



11

00:00:24,943 --> 00:00:26,191

We also refer to these as



12

00:00:26,191 --> 00:00:29,031

ethical hackers or penetration testers.



13

00:00:29,031 --> 00:00:31,991

They are highly professional and they use open source tools



14

00:00:31,991 --> 00:00:33,871

and their own tool kits to try and break



15

00:00:33,871 --> 00:00:36,812

into a company and test their defenses.



16

00:00:36,812 --> 00:00:39,306

Black hats on the other hand are malicious.



17

00:00:39,306 --> 00:00:41,269

These are the bad guys.



18

00:00:41,269 --> 00:00:43,741

These are malicious hackers who try to break into



19

00:00:43,741 --> 00:00:45,549

computer systems and networks without



20

00:00:45,549 --> 00:00:48,319

anybody's authorization or permission.



21

00:00:48,319 --> 00:00:50,877

This is the person that Hollywood likes to portray.



22

00:00:50,877 --> 00:00:52,754

They always portray them as somebody in a



23

00:00:52,754 --> 00:00:54,313

black hoodie in a darkly lit room



24

00:00:54,313 --> 00:00:56,786

hacking away at three in the morning.



25

00:00:56,786 --> 00:00:58,523

This may or may not be the case but



26

00:00:58,523 --> 00:01:00,554

the concept remains the same.



27

00:01:00,554 --> 00:01:03,415

These are the bad guys, these are the people



28

00:01:03,415 --> 00:01:04,719

trying to break into our networks and



29

00:01:04,719 --> 00:01:06,282

trying to steal our information.



30

00:01:06,282 --> 00:01:08,031

Or they're trying to get money out of us



31

00:01:08,031 --> 00:01:10,970

as a ransom to get our information back.



32

00:01:10,970 --> 00:01:13,226

Now between a white hat and black hat,



33

00:01:13,226 --> 00:01:15,519

we have something known as a gray hat.



34

00:01:15,519 --> 00:01:18,719

A gray hat is a hacker without any affiliation to a company.



35

00:01:18,719 --> 00:01:21,116

They attempt to break into a network and they risk



36

00:01:21,116 --> 00:01:23,250

breaking the law by doing it.



37

00:01:23,250 --> 00:01:25,941

Now the difference between a gray hat and a black hat



38

00:01:25,941 --> 00:01:28,352

is that a black hat has malicious intent.



39

00:01:28,352 --> 00:01:31,010

A gray hat doesn't necessarily have that.



40

00:01:31,010 --> 00:01:33,412

They may just want to be trying to hack into a company



41

00:01:33,412 --> 00:01:34,823

to see if they can do it.



42

00:01:34,823 --> 00:01:37,079

They don't want to cause any harm to the company,



43

00:01:37,079 --> 00:01:39,336

but instead a black hat, if he was doing it,



44

00:01:39,336 --> 00:01:41,348

would be trying to do it to steal their data,



45

00:01:41,348 --> 00:01:44,297

delete their data and hold it for ransom or other things.



46

00:01:44,297 --> 00:01:46,268

Now, when we look at gray hats,



47

00:01:46,268 --> 00:01:48,967

gray hats are still breaking the law because they are not



48

00:01:48,967 --> 00:01:50,465

the ones who are asked to come in



49

00:01:50,465 --> 00:01:52,228

and break into those networks and so



50

00:01:52,228 --> 00:01:54,399

they are on the bad side of things.



51

00:01:54,399 --> 00:01:56,929

But they're also a lot of times kind of a good guy,



52

00:01:56,929 --> 00:01:59,348

because a lot of times they'll break into a company



53

00:01:59,348 --> 00:02:02,188

and then turn around and say, "hey Facebook, I broke into



54

00:02:02,188 --> 00:02:04,628

your network and here is how I did it.



55

00:02:04,628 --> 00:02:06,809

Go patch that vulnerability."



56

00:02:06,809 --> 00:02:09,065

That's why they're kind of white and kind of black,



57

00:02:09,065 --> 00:02:11,193

they are in the middle, that's why they're gray.



58

00:02:11,193 --> 00:02:13,919

But again they are on the breaking the law side



59

00:02:13,919 --> 00:02:16,348

because nobody has asked them to come in.



60

00:02:16,348 --> 00:02:18,599

The fourth type of hacker we have is known



61

00:02:18,599 --> 00:02:19,998

as a blue hat hacker.



62

00:02:19,998 --> 00:02:22,479

A blue hat hacker is that person who is attempting



63

00:02:22,479 --> 00:02:25,479

to hack into a company's network with their permission



64

00:02:25,479 --> 00:02:28,214

but they're not employed by the company.



65

00:02:28,214 --> 00:02:30,529

So this might be somebody who is essentially a



66

00:02:30,529 --> 00:02:33,889

freelance ethical hacker or a freelance penetration tester.



67

00:02:33,889 --> 00:02:36,679

Where as a white hat was actually hired and paid for and



68

00:02:36,679 --> 00:02:39,276

contracted by the company, a blue hat



69

00:02:39,276 --> 00:02:41,089

on the other hand isn't.



70

00:02:41,089 --> 00:02:43,534

They may be doing this as part of something like a



71

00:02:43,534 --> 00:02:45,430

bug bounty program where they allow anybody



72

00:02:45,430 --> 00:02:46,721

to participate and find the



73

00:02:46,721 --> 00:02:48,538

vulnerabilities in their systems.



74

00:02:48,538 --> 00:02:50,732

In fact, a lot of companies now are registering



75

00:02:50,732 --> 00:02:53,220

with a company called Hacker One which is a central



76

00:02:53,220 --> 00:02:55,875

repository for bug bounty programs.



77

00:02:55,875 --> 00:02:57,961

Blue hat hackers can go to Hacker One and



78

00:02:57,961 --> 00:03:00,710

register themselves and then they select the companies



79

00:03:00,710 --> 00:03:02,490

that they want to target.



80

00:03:02,490 --> 00:03:04,852

By doing this, they now have permission to target



81

00:03:04,852 --> 00:03:08,092

those companies within a guided set of rules of engagement



82

00:03:08,092 --> 00:03:09,550

that Hacker One provides.



83

00:03:09,550 --> 00:03:12,132

And if they are able to find a vulnerability or a way in,



84

00:03:12,132 --> 00:03:14,612

they can report it back to the company and the company



85

00:03:14,612 --> 00:03:16,458

has agreed to pay them a bounty



86

00:03:16,458 --> 00:03:18,950

<v ->some amount of money based on what they found.</v>



87

00:03:18,950 --> 00:03:21,611

This is basically allowing companies to get a large pool



88

00:03:21,611 --> 00:03:24,297

of ethical hackers constantly going after their websites



89

00:03:24,297 --> 00:03:27,012

for a very low cost. Instead of having to hire these



90

00:03:27,012 --> 00:03:28,601

people directly, they only have to



91

00:03:28,601 --> 00:03:30,599

pay them if they find an error.



92

00:03:30,599 --> 00:03:33,006

The final category is what we call Elite.



93

00:03:33,006 --> 00:03:36,332

Elite hackers are those who find and exploit vulnerabilities



94

00:03:36,332 --> 00:03:38,302

before anyone else does.



95

00:03:38,302 --> 00:03:41,081

These people are the ones who create their own tools.



96

00:03:41,081 --> 00:03:43,692

They do their own programming and they're the ones who are



97

00:03:43,692 --> 00:03:46,371

going to develop the tools that pretty much everyone else,



98

00:03:46,371 --> 00:03:49,406

white hats and black hats, are going to end up using.



99

00:03:49,406 --> 00:03:52,910

Now is an elite hacker a good guy or bad guy?



100

00:03:52,910 --> 00:03:55,652

Is he a white hat or a black hat?



101

00:03:55,652 --> 00:03:58,617

Well, they can be both depending on who they are.



102

00:03:58,617 --> 00:04:01,121

What has been found is that elite hackers represent



103

00:04:01,121 --> 00:04:03,307

a very small minority of hackers.



104

00:04:03,307 --> 00:04:07,332

One out of 10,000 are considered to be an elite hacker.



105

00:04:07,332 --> 00:04:10,001

And so these people, if they have evil intentions



106

00:04:10,001 --> 00:04:11,462

and they are malicious in nature



107

00:04:11,462 --> 00:04:14,030

we would categorize them as a black hat, elite hacker.



108

00:04:14,030 --> 00:04:16,452

But if they are a penetration tester and



109

00:04:16,452 --> 00:04:18,332

they are working on the side of good,



110

00:04:18,332 --> 00:04:21,245

they might be a white hat elite hacker.



111

00:04:21,245 --> 00:04:23,702

And so elite doesn't reference whether they are good



112

00:04:23,702 --> 00:04:26,201

or bad, instead it references the skill level



113

00:04:26,201 --> 00:04:27,550

of the attacker.



114

00:04:27,550 --> 00:04:30,175

Now, all the way on the other side



115

00:04:30,175 --> 00:04:32,212

we have what's called a Script kiddie.



116

00:04:32,212 --> 00:04:33,999

A Script kiddie is as far away as you can



117

00:04:33,999 --> 00:04:35,270

get from a lead.



118

00:04:35,270 --> 00:04:37,710

This is somebody who uses everybody else's tools



119

00:04:37,710 --> 00:04:40,422

and they might not even know what they are doing with them.



120

00:04:40,422 --> 00:04:42,201

They're just running programs to see if they



121

00:04:42,201 --> 00:04:43,641

can hack something.



122

00:04:43,641 --> 00:04:45,401

That's what a script kiddie does.



123

00:04:45,401 --> 00:04:47,302

Elite is all the way on the other side.



124

00:04:47,302 --> 00:04:49,950

These are the best of the best and highly professional.



125

00:04:49,950 --> 00:04:53,533

Script kiddies are the babies of the bunch.