Essential InfoSec FAQ: From White‑Hat Basics to Advanced Attack Techniques

What is a white‑hat hacker?

A white‑hat hacker is someone authorized by the system owner to attack the system, discover weaknesses, and fix bugs.

Difference between IP address and MAC address

IP address is assigned to each device to locate it on a network. MAC address is a unique serial number assigned to each network interface.

Common tools used by white‑hat hackers

Kali

Metasploit

Wireshark

Nmap

John the Ripper

Maltego

Types of hackers

Grey‑hat / cyber‑warrior

Black‑hat

White‑hat

Certified white‑hat

Red‑hat

Footprinting and its techniques

Footprinting is gathering information about a target network before an attack. Techniques include open‑source footprinting, network enumeration, scanning, and stack fingerprinting.

Brute‑force attacks

Brute‑force attacks try many passwords to gain access; tools such as Hydra are commonly used.

Denial‑of‑Service (DoS) attacks

DoS floods a network with useless traffic. Common forms include buffer‑overflow attacks, SYN flood, Teardrop, Smurf, and viruses.

SQL injection

SQL injection inserts malicious SQL commands into a web application’s input to manipulate the database and steal data.

Network sniffing

Sniffing monitors data flowing through a network, useful for troubleshooting or illicit data capture.

ARP spoofing

ARP spoofing sends forged ARP replies to alter a target’s MAC‑IP mapping, enabling man‑in‑the‑middle attacks.

Preventing ARP poisoning

Packet filtering

Avoiding trust relationships

Using ARP‑spoof detection software

Encrypting traffic with TLS/SSH/HTTPS

MAC flooding

MAC flooding overwhelms a switch with many frames, causing it to broadcast all traffic and potentially expose sensitive data.

Rogue DHCP server

A rogue DHCP server operates without admin control, assigning IP configuration to clients and can sniff traffic.

Cross‑site scripting (XSS)

XSS injects malicious code into trusted web pages. Types: non‑persistent (reflected), stored, and DOM‑based.

Burp Suite overview

Burp Suite is an integrated platform for web‑application security testing, including tools such as Proxy, Spider, Scanner, Intruder, Repeater, Decoder, Comparer, Sequencer.

Pharming and defacement

Pharming redirects traffic to malicious sites by compromising DNS. Defacement replaces a website’s content with the attacker’s message.

How to protect a website from hacking

Sanitize and validate user input

Use firewalls to block malicious traffic

Encrypt cookies and bind them to client IP

Validate and clean HTTP headers

Keylogger trojan

A keylogger records keystrokes and sends them to a remote attacker, capturing credentials.

Enumeration

Enumeration extracts system information such as machine names, users, network resources, shares, and services.

Network Time Protocol (NTP)

NTP synchronizes clocks of networked computers via UDP port 123, maintaining accuracy within 10 ms.

Management Information Base (MIB)

MIB is a virtual database that defines network objects managed via SNMP, organized hierarchically with OIDs.

Password cracking methods

Brute‑force

Hybrid attacks

Syllable attacks

Rule‑based attacks

Stages of a hacking attack

Gaining access

Privilege escalation

Application hiding

Covering tracks

Cross‑Site Request Forgery (CSRF)

CSRF tricks a logged‑in user’s browser into sending unwanted requests; mitigation includes adding unpredictable tokens tied to the user session.