This article explores the benefits of teaching hacking techniques. Why on earth would I want to do that you may ask? Isn’t that the same as telling someone how to rob a bank? Well, it is, but teaching hacking techniques does have a lot of benefits. For a start, it is essential if you want to be able to defend a network from an attack by a skilled black hat. You must be able to think like a hacker in order to protect a network from one, but you need a real hacker to tell you if your network has been properly secured.

Teaching hacking techniques is like training a new army of hackers!

Let’s take a look at the three “types of hacker”. First there is the black hat hacker (boo, hiss). This rather nasty individual is intent on causing havoc with their malicious ways. They want to destroy, disrupt, and rob.

According to Robert Moore (2005), a black hat hacker is someone who “violates computer security for little reason beyond maliciousness or for personal gain.”

Then there is the white hat hacker. A white hat hacker uses his or her skills for good (hooray!) They are computer security experts who want to protect computer systems from attack.

Then there is the gray hat hacker. This individual is somewhere between the black and white. They are often called ethical hackers, and these are the individuals that perform penetration testing (pentesting). These individuals behave exactly like a black hat would, minus the maliciousness. Their goal is to find vulnerabilities and exploit them to show whether it can be done. They must gain access and be able to cause havoc. To do that they must be as good as a black hat hacker.

There is not much difference between an ethical hacker and a black hat hacker. In fact, on black hat forums you will not only find articles aimed at improving the skills of black hat hackers, but also articles aimed at gray hats and white hats. For example, two articles below have recently been posted on a black hat hacking website:

  1. “Harnessing GP²Us – Building Better Browser Based Botnets”
  2. “Hybrid Defense: How to Protect Yourself From Polymorphic 0-days”

The benefits of teaching hacking techniques

You can’t become a hacker from reading a few articles on the internet. Sure you can learn a thing or two, but before you can call yourself a hacker you must be able to demonstrate that you can actually put your knowledge into practice. The best hackers, of all colors, are those who have spent countless hours poking around inside computer systems and studying networks and network devices first hand.

In fact, if you want to be an ethical hacker you must have the skills of a black hat hacker. You will need to be taught, you will need to study, and you will need to practice. Teaching hacking techniques will actually help to build up an army of hackers that can use their skills for good.

If you want to get into pentesting you will need to work hard. Typically, you will need to have passed A+ certification, Network+, Security+, and obtained CCNA, CISSP or TICSA certification. You will need to have worked in tech support and information security. You will need hands on experience. Then, and only then, will you be able to become a Certified Ethical Hacker (CEH).

Of course, it is important that you then only every use your skills for good, even though you would be capable of using those skills for nefarious financial gain or to cause malicious harm.

The danger of teaching hacking techniques

Teaching hacking techniques has potential to create a whole army of hackers that could cause considerable harm, yet without people who have the same abilities as black hat hackers, how would it be possible to properly conduct penetration testing?

According to a recent Bloomberg article, gray hats “break into computer networks and digital devices to find holes before the bad guys do”. They are heroes. Take Barnaby Jack for example. He showed how it is possible to hack ATM machines and get them to churn out cash. His insights resulted in banks enhancing their security measures to make sure that criminals could not take advantage of the same security flaws.

Sure it is important to learn defensive strategies to protect systems from attack, but if you really want to beat bad guys at their game, teaching the hacking techniques used by the bad guys is essential. It is vital that gray hats are taught hacking from an offensive perspective as well as a defensive one!