📘 Ethical Hacking 101 — Part 3 | Understanding Hacker Types, Attack Categories & The Reconnaissance Phase

Ethical Hacking 101: Part 3 brings together three essential pillars of cybersecurity for beginners:

• Who are hackers
• How cyberattacks are classified
• How ethical hackers begin their work through reconnaissance

This part sets the foundation for the hands-on phases that will come next.

1. Types of Hackers (Clear, Beginner-Friendly Overview)

People often imagine “a hacker” as a single stereotype. In reality, hackers differ in skills, intentions, and motivations. Understanding these differences helps newcomers see that ethical hacking is a legitimate, structured, and responsible domain.

1. White Hat Hackers (Ethical Hackers)

These are cybersecurity professionals who legally test systems to identify vulnerabilities.
They work with permission and help organisations strengthen security.

2. Black Hat Hackers

These are attackers who exploit systems illegally for personal gain—stealing data, money, or causing harm.

3. Grey Hat Hackers

A mix of both:
They may test systems without permission but typically report issues rather than exploiting them.

4. Script Kiddies

Beginners who use pre-made hacking tools without understanding how they work.
They lack deep skills but can still cause damage.

5. Hacktivists

Hackers driven by ideology or activism.
They attack systems to support political or social causes.

6. State-Sponsored Hackers

Highly skilled cyber professionals working for governments.
Their targets often include critical infrastructure, defense, or global corporations.

Understanding these categories helps you distinguish intent, capability, and ethical boundaries — crucial in cybersecurity.

2. Common Types of Cyberattacks (Explained Simply)

Ethical hacking requires knowing what attackers typically do.
Here are the major attack categories explained in clear, simple language.

1. Phishing

Tricking users into sharing sensitive information (passwords, bank details) through fake emails or websites.

2. Malware Attacks

Malicious software like viruses, ransomware, spyware, or worms that damage or steal data.

3. Man-in-the-Middle (MITM)

An attacker secretly intercepts communication between two parties — like reading messages on public Wi-Fi.

4. Denial of Service (DoS/DDoS)

Flooding a server with traffic until it crashes or becomes unavailable.

5. SQL Injection

Injecting malicious commands into a website’s input fields to access or manipulate databases.

6. Zero-Day Attacks

Exploiting software vulnerabilities before the vendor discovers or fixes them.

These examples show the range of threats ethical hackers must understand before they can defend or test systems.

3. The Ethical Hacking Process Begins: Footprinting & Reconnaissance

Every ethical hacking project begins with reconnaissance — gathering information legally and quietly about a target.

This step is crucial because the more you know about a system, the better you can test it.

A. What Is Footprinting?

Footprinting means collecting details about:

• the organisation

• its network

• its systems

publicly available information

Ethical hackers map out the “digital footprint” of the organisation to understand potential vulnerabilities.

B. Passive vs Active Reconnaissance

Passive Reconnaissance

Gathering information without interacting with the target.
Examples:

• Reading the company website

• Checking public documents

• Social media profiling

• Finding subdomains

• Searching past data breaches

This method is quiet and difficult to detect.

Active Reconnaissance

Directly interacting with the target system.
Examples:

• Ping sweeps

• Port scanning

• DNS interrogation

• Traceroute

This method gives more accurate results but carries a higher risk of detection.

C. OSINT (Open-Source Intelligence)

OSINT is the practice of gathering intelligence from publicly accessible sources.
Ethical hackers use it to build a strong initial profile.

Common OSINT sources include:

• Google & advanced search operators (“Google Dorking”)

• Social media

• WHOIS databases

• Shodan (search engine for internet-connected devices)

• GitHub repositories

• Company reports

OSINT helps ethical hackers understand:

• what technologies the company uses

• what systems are exposed to the internet

• where potential vulnerabilities may lie

D. Basic Recon Tools (Beginner Friendly)

Here are tools ethical hackers use during reconnaissance:

1. WHOIS Lookup

Shows domain ownership details, admin emails, IP ranges.

2. nslookup

Retrieves DNS records of a website.

3. Google Dorking

Using advanced search queries to find hidden or exposed information.

4. Shodan Basics

Finds exposed devices like webcams, servers, IoT systems, with their vulnerabilities.

5. Traceroute

Shows the path data takes to reach a server, revealing network infrastructure.

These tools provide the initial data an ethical hacker needs before performing deeper assessments.

⭐ Why This Phase Matters

Reconnaissance helps ethical hackers:

• understand the system

• identify weak points

• plan structured testing

• avoid unnecessary risk

• work within ethical and legal boundaries

It is the first and one of the most important phases of ethical hacking.