白帽黑客

Before starting to talk about White, Grey and Black Hat Hackers we should learn the real meaning of the Hacker . Actually hacker is not a bad person or hacking is not a malicious action. Hacking simply means working with a specific electrical or digital device, service or system in an unusual way. Hackers are generally obsessed with what they are doing and mainly interested in computers, networks, digital systems, software, etc. Hacking is not a crime too. For example, we can call Bill Gates as hacker because of the high level of expertise for the Windows operating system with programming. But on the other side, Steve Jobs is not a hacker because he does not have any deep level of technical knowledge about the systems he works.

开始谈论白色，灰色和黑帽黑客之前，我们应该学习的真正意义上的Hacker 。 实际上，黑客不是一个坏人，或者黑客行为不是恶意行为。 黑客只是意味着以一种不寻常的方式使用特定的电气或数字设备，服务或系统。 黑客通常沉迷于自己的工作，并且主要对计算机，网络，数字系统，软件等感兴趣。黑客也不是犯罪。 例如，由于具有编程功能的Windows操作系统的高级专业知识，我们可以称呼Bill Gates为黑客。 但另一方面，史蒂夫·乔布斯(Steve Jobs)并不是黑客，因为他对所使用的系统没有任何深入的技术知识。

白帽黑客 (White Hat Hacking)

We have learned what is a hacker in the previous part and now we can define the White Hat Hacker. Hackers can have some good or bad behaviors. White Hat Hackers have good behaviors like protecting the given system, software, service against the Black Hat Hackers. As white hat hackers can provide protection against black hat hackers this can be accomplished in different ways.

在上一部分中，我们已经了解了什么是黑客，现在我们可以定义White Hat Hacker。 黑客的行为有好有坏。 白帽黑客具有良好的行为，如针对黑帽黑客保护给定的系统，软件和服务。 由于白帽黑客可以提供针对黑帽黑客的保护，因此可以通过不同的方式来实现。

• Pentest made by white hat hackers in order to find vulnerabilities in a safe way and provide remediations.

  白帽黑客制作的Pentest ，旨在以安全的方式发现漏洞并提供补救措施。

• System, Network, Application Hardening done by white hat hackers which will fortify the given system, network, application against the black hat hackers.

  System, Network, Application Hardening由白帽黑客完成，将针对黑帽黑客加强给定的系统，网络，应用程序。

• Consultation is another service provided by white hackers that will provide insights about the hacking methods and prevention actions.

  Consultation是白人黑客提供的另一项服务，它将提供有关黑客方法和预防措施的见解。

白帽黑客证书 (Certificates for White Hat Hackers)

White Hat Hackers possess different skills for different purposes which are explained above. White Hat Hackers generally works for companies, governments or individuals as being good hackers. While requiring the White Hat Hackers to show their talent, experience in different ways. But the most feasible, easy and practical way is certifying their talent and experience. Security-related certifications are the best certification type for White Hat Hackers. There are a ton of security certifications to be certified but some of them are more reliable and well-known around the world. CEH, CISSP, CCN Security, OSCP are some of the popular and reliable certifications.

白帽黑客针对上述不同目的具有不同的技能。 白帽黑客通常是公司，政府或个人的好黑客。 在要求白帽黑客展示自己的才能时，需要以不同的方式进行体验。 但是，最可行，最简便，最实用的方法是证明其才能和经验。 与安全相关的认证是White Hat Hackers的最佳认证类型。 有大量的安全认证需要认证，但是其中一些更可靠，在世界范围内广为人知。 CEH，CISSP，CCN安全性，OCP是一些流行且可靠的认证。

• CISSP is one of the most known and sacrificed certifications. CISSP has the broadest context for security certifications but generally do not dive into deep. But CISSP requires a lot of experience to tackle and solve the certification questions during the exam. CISSP generally required by security managers, security team leaders or security consultants.

  CISSP是最著名的认证之一。 CISSP具有最广泛的安全认证背景，但通常不会深入探讨。 但是CISSP需要大量经验来解决和解决考试中的认证问题。 CISSP通常由安全经理，安全团队负责人或安全顾问要求。

• CEH is the entry-level security certification that will be used to newcomer White Hat Hackers. CEH is not a deep level like CISSP too and has less context and requires little or no experience to tackle with. Generally, junior, entry-level security professionals require CEH.CEH是入门级安全认证，将用于新来的White Hat Hackers。 CEH也不像CISSP那样深层次，并且上下文较少，需要或几乎没有经验来应对。 通常，初级，入门级安全专业人员需要CEH。
• CCNP Security is the security certification for the Cisco products. But as a big certification authority, CCNP Security certification gained a lot popularity. CCNP安全性是Cisco产品的安全性认证。 但是，作为大型认证机构，CCNP安全认证获得了很大的普及。
• OSCP is one of the most technical security certification. OSCP is a completely hands-on certification where real-world examples are solved and reported as a pentest report to gain certification. Pentesters, Vulnerability Researchers generally requires OCSP certification.OSCP是最技术性的安全认证之一。 OSCP是一个完全动手的认证，其中解决了实际示例，并以渗透测试报告的形式报告以获取认证。 渗透测试者，漏洞研究人员通常需要OCSP认证。

黑帽黑客(Black Hat Hacker)

Black Hat Hackers the opposite position of the White Hat Hackers. Black Hat Hackers mainly attack, exploit, demolish their targets for different reasons. Black Hat Hackers generally require more experience and talent than White Hat Hackers. Here we will list some common motivation for Black Hat Hackers.

黑帽黑客与白帽黑客的立场相反。 黑帽黑客主要出于各种原因攻击，利用，破坏目标。 与白帽黑客相比，黑帽黑客通常需要更多的经验和才能。 在这里，我们将列出黑帽黑客的一些常见动机。

• Personal Financial Gain to make money from the targets or third party supporters.

  通过目标或第三方支持者赚钱的Personal Financial Gain 。

• Cyber Espionage is an attack-type that is sponsored by the states and governments for enemy states.

  Cyber Espionage是由州和政府为敌国赞助的一种攻击类型。

• Fame is another reason a Black Hat Hacker can be famous arround the community, country or world.

  Fame是Black Hat Hacker可以在社区，国家或世界闻名的另一个原因。

灰色帽子黑客 (Grey Hat Hacker)

We have talked about the White Hat Hackers and Gray Hat Hackers but there is also an intermediate type Hacker. We call them Gray Hat Hacker where they are not so reliable where they provide some services to fight against the Black Hat Hackers. Gray Hat Hackers generally historical Black Hat Hackers where they do not be part of the crime but do not work in a regular or enterprise job. Gray Hat Hackers generally examine different vulnerabilities without an permission about the target. They can find some vulnerabilities where they do not exploit these vulnerabilities.

我们讨论过白帽黑客和灰帽黑客，但也有一个中间类型的黑客。 我们称它们为Gray Hat Hacker ，因为它们在提供一些服务来对抗Black Hat Gray Hat Hacker不太可靠。 Gray Hat Hacker通常是具有历史意义的Black Hat Hacker，它们不属于犯罪活动，但不能从事常规工作或企业工作。 Gray Hat Hacker通常在未经目标许可的情况下检查不同的漏洞。 他们可以找到一些漏洞，而无需利用这些漏洞。

5名著名的白帽黑客 (5 Famous White Hat Hackers)

Even Black Hat Hackers are famous in the IT world there are some White Hat Hackers which are famous with their war against the Back Hat Hackers.

甚至黑帽黑客在IT世界中也很出名，也有一些白帽黑客以与后帽黑客的对抗而闻名。

• Tsutomu Shimomura is one of the most popular hackers who has a very impressive academic background. Shimomura worked in National Security Agency. He is very famous with the capturing of the one of the best Black Hat Hacker Kevin Mitnick.

  Tsutomu Shimomura是一位拥有令人印象深刻的学术背景的最受欢迎的黑客之一。 下村曾在国家安全局工作。 他以捕获最佳黑帽黑客之一Kevin Mitnick闻名。

• Charlie Miller is another well known White Hack Hacker which has a Ph.D. in Mathematics and worked for National Security Agency. Miller is mainly worked on Apple systems like Macintosh, iPhone.

  Charlie Miller ( Charlie Miller是另一位著名的White Hack Hacker，拥有博士学位。 在数学领域工作，并在国家安全局工作。 Miller主要在Macintosh，iPhone等Apple系统上工作。

• Greg Hoglund is not so much well known as Shimomura and Miller. He is experienced with software security and exposed a large vulnerability in World of Warcraft.

  Greg Hoglund ( Greg Hoglund )并不像下村(Shimomura)和米勒(Miller)那样知名。 他在软件安全方面经验丰富，并且在《魔兽世界》中暴露出一个很大的漏洞。

• HD Moore is worked in classified projects for the U.S. Department of Defence. He is well known for the Metasploit Framework which is a penetration testing platform.

  HD Moore在美国国防部的机密项目中工作。 他以Metasploit框架(一个渗透测试平台)而闻名。

• Dan Kaminsky is mainly worked for DNS security to prevent DNS and SSL based hacks He found critical security vulnerabilities about the DNS and SSL.

  Dan Kaminsky主要从事DNS安全方面的工作，以防止基于DNS和SSL的黑客入侵。他发现了有关DNS和SSL的严重安全漏洞。

翻译自: https://www.poftut.com/what-is-white-hat-hacker/

白帽黑客