Skip to content

Gray-Hat-Hacking-Handbook-Sixth-Edition

Contents Page

The following is covered in this chapter:
- Gray Hat Hacking
- Vulnerability Disclosure
- Advanced Persistent Threats (APTs)
- Cyber Kill Chain
- MITRE ATT&CK Framework

Chapter 1 Gray Hat Hacking Contents

Gray Hat Hacking Overview
History of Hacking

Gray Hat Hackers stand in between white hat and black hat hackers and serve as ethical hackers, never breaking the law. However, instead using their abilities to make the world a better place through applying their skills for good.

This chapter aims to set the record straight.

Gray Hat Hacking Overview

It is believed that the definition of Gray hat hacker has been greatly and terribly misconstrued. The authors reject the notion that any form of breaking the law, or performing something "unethical to reach a [desirable] end".

History of Hacking

Hacking was once seen as a purely criminal exercise, and was not always regarded as a legal profession, regardless in the methods which were used.

Over time, as technological evolved and became more pervasive the understanding of hacking and the laws that govern its use.

The authors believe for many who read the book have lost these concepts, and believe that it is important to understand history and give credit to its original founders of the field. The people responsible for it to be possible to get a career in Cyber Security.

[[The Story of the 414s The Milwaukee Teenagers Who Became Hacking Pioneers]]

The information given is not only to inform but also to protect, the ability of professionals to apply their hacking skills ethically for the continued betterment of the world.

This section details a time before the many rules of the modern world, during a simpler time when those who were curious and bright enough to try and interfere with the systems that governments, and many of the world's software venders truly understood, were labelled as criminals. The author paints this as an injustice, seemingly posing that the hacker broke into the system, despite not intending harm were generalised to be intending to so.

In 1986 the United States passed the Computer Fraud and Abuse Act. Which expressly prohibited access to computing systems with authorisation, or in excess of authorisation, and was designed to protect critical government systems.

Shortly after, the Digital Millennium Copyright Act was released in 1988, which criminalised attacks against access control or digital rights management (DRM). In a time when computing hacking was not only misunderstood but feared, the resulting environment meant that security researchers could be quite hostile.

Legitimate security researchers in the hacking community were left to fear that finding vulnerabilities and reporting them could result in legal action or even jail time, according to one or both of these acts given the argument that code was copyrighted and reverse engineering was therefore illegal, or that unauthorised access to any system (not only government systems) must be criminal.