Cyber Security

Hacker's Mindset

Lecture 06: Hacker's Mindset

01- Hackers Mindset and softs kills

A hacker is someone who uses their technical knowledge and skills to solve problems, often by exploring and manipulating computer systems, networks, or software. The term can have both positive and negative meanings depending on the context.

Attacker attacks the victim through vulnerabilities to cause threats.

Strong curiosity: Deeply understanding how systems and applications work, which make them stronger than white hackers mostly
Reverse thinking: What if?
Problem-solving and challenge seeking: Finding vulnerabilities or unconventional ways to achieve goals
Creativity and innovation: Using non-traditional methods to hack or protect systems
Analysis and deconstruction: Breaking down software or networks to find weaknesses
Persistence: Trying repeatedly until success
Challenge: Never forgive, and repeat trials
Self-starter: No one should onboard or help him

02- Hackers Technical skills

Networking & Protocols – TCP/IP, DNS, HTTP(S), VPN, NAT
Operating Systems – Deep understanding of Linux, Windows internals
Programming – Python, Bash, JavaScript, C/C++
Web Technologies – HTML, JS, cookies, sessions, REST APIs
Exploitation Techniques – XSS, SQLi, buffer overflow, privilege escalation
Tools Mastery – Nmap, Wireshark, Metasploit, Burp Suite, Aircrack-ng
Cryptography Basics – Hashing, symmetric/asymmetric encryption
Reverse Engineering – Decompiling, debugging, malware analysis
Cloud & Container Security – AWS, Azure, Docker, Kubernetes
Security Frameworks – OWASP, MITRE ATT&CK, NIST, ISO 27001
Business understanding: Can understand business and lifecycle

03- Hacking objectives:

Destruction (Data/Infrastructure)
Disturb service availability
Data exploits
Money stealing
Wars
Revenge

04- Hackers Types

Hacker, we call him also MITM: Man-in-the-Middle attack — intercepting communications, you should have End-to-end encryption, HTTPS, and VPN.

We have different types of hackers as follows:

White Hat
1. 1. Ethical hackers who test security
  2. Help improve security
  3. Penetration testers, security researchers
Black Hat
1. 1. Malicious hackers who exploit systems
  2. Financial gain, disruption
  3. Cybercriminals, ransomware attackers
Red Hat:
1. 1. Anti Black-Hat Hackers
Gray Hat
1. 1. Between white and black — may hack without permission, but not for harm
  2. Often curiosity or “hacktivism”
  3. Hackers who disclose vulnerabilities publicly
Green Hat:
1. 1. New to hacking
  2. Willing to learn
Blue Hat:
1. 1. Looking for revenge
Script Kiddies
1. 1. Inexperienced hackers using tools made by others
  2. Thrill, notoriety
  3. Novice attackers using public exploits
Hacktivists
1. 1. Hackers driven by political/social causes
  2. Protest, activism
  3. Anonymous group
State-Sponsored
1. 1. Hackers working for governments
  2. Espionage, sabotage
  3. APT groups (e.g., Fancy Bear)
Insiders
1. 1. Employees or contractors abusing access
  2. Revenge, financial gain
  3. Disgruntled employees
Cyber Terrorists
1. 1. Use hacking to cause terror or fear
  2. Political or ideological
  3. Attacks on critical infrastructure

05- Cybersecurity roles in organization

Red team
1. 1. Ethical hackers who test security
  2. Help improve security
  3. Penetration testers, security researchers
Blue team
1. 1. Malicious hackers who exploit systems
  2. Financial gain, disruption
  3. Cybercriminals, ransomware attackers
Purple team
1. 1. Anti Black-Hat Hackers
  2. Thrill, notoriety
  3. Novice attackers using public exploits
Hacktivists
1. 1. Hackers driven by political/social causes
  2. Protest, activism
  3. Anonymous group
State-Sponsored
1. 1. Hackers working for governments
  2. Espionage, sabotage
  3. APT groups (e.g., Fancy Bear)
Insiders
1. 1. Employees or contractors abusing access
  2. Revenge, financial gain
  3. Disgruntled employees
Cyber Terrorists
1. 1. Use hacking to cause terror or fear
  2. Political or ideological
  3. Attacks on critical infrastructure

06- Attacks Types

Virus
1. 1. Created by Developed by Scripts kiddies(هاكرز هواة) or black hat hackers or governments
  2. Attaches to files and activates when the user runs the file
  3. Auto-Spread
  4. Does not steal data (sometimes)
  5. Cause Damage
  6. Downloading/executing infected files or macros
Worm
1. 1. Created by Professional hackers, Black Hat Hackers
  2. Self-replicating, spreads via networks
  3. Auto-Spread
  4. Steal data
  5. Cause Damage
  6. Exploiting network/system vulnerabilities
Storm
1. 1. Famous worm that created a botnet (Storm Worm, 2007)
  2. Auto-Spread
  3. Steal data
  4. Cause Damage
  5. Email attachments (“Storm alert” subject lines)
Trojan
1. 1. Created by Black Hat Hackers, Cybercriminal groups
  2. Masquerades as legitimate software
  3. Not Auto Spread
  4. Steal data
  5. Cause Damage
  6. User installs fake or malicious app
Ransomware
1. 1. Created by Organized cybercrime groups, Black Hat Hackers
  2. Encrypts data and demands ransom
  3. Auto-spread(often via Trojan)
  4. Steal data
  5. Cause Damage (critical)
  6. Phishing emails, malicious links, file downloads
Spyware
1. 1. Created by Black Hat Hackers, Government-backed teams
  2. Secretly monitors and collects user data
  3. Not auto-spread
  4. Steal data
  5. Does not Cause Damage
  6. Bundled with software, phishing, and browser exploits
Rootkit:
1. 1. Created by Advanced hackers, Nation-state actors
  2. Definition: A rootkit is a malicious software or a set of tools designed to hide itself or other malware on a system, allowing an attacker to maintain control without being detected by the user or standard security software.
  3. Name comes from “root” (highest privilege in UNIX/Linux) + “kit” (collection of tools).
APT
1. 1. Created by Nation-state or government
  2. Long-term stealthy attack by an organized group
  3. Not auto-spread
  4. Steal data(targeted)
  5. Cause Damage (strategic)
  6. Spear-phishing, zero-day exploits, social engineering

Potential Harmful apps

Mobile Apps, Games, Battery repair, Space utilization, fake whatsapp,...

07- Hacker Persona

Persona Development:

Values
- - Steal sensitive data:
    - - Target: Personally Identifiable Information (PII), financial records, intellectual property.
      - Motivation: Sell on dark web, leverage for blackmail, or use for competitive advantage.
  - Steal assets
    - - Target: Digital transactions, proprietary code, operational technology.
      - Motivation: Direct monetary gain or disruption of competitor operations.
  - Impact reputation
    - - Target: Public trust, brand credibility, shareholder confidence.
      - Motivation: Cause market damage, incite public backlash, or force compliance with demands.
Characteristics
- - Tech expert: Deep knowledge in exploit development, reverse engineering, and security bypass techniques.
  - Patient: Willing to remain undetected for weeks or months to maximize exploitation opportunities.
  - Multi-Vector capabilities:
    - - OS: Privilege escalation, kernel exploits, persistence mechanisms.
      - Infra: Network pivoting, VPN compromise, lateral movement
      - DB: SQL injection, privilege abuse, backup theft
      - Dev: Supply chain attacks, code repository poisoning, build process compromise.

How to use this persona:

Requirement Development Process

Translate each value into mandatory security requirements.
Example: “Steal Sensitive Data” → encryption-at-rest, data classification, access reviews.
Integrate security acceptance criteria for every functional requirement.

Architecture

Design layered defenses mapped to each characteristic.
OS: Harden builds, enable least privilege, enforce patch management.
Infra: Network segmentation, zero-trust authentication.
DB: Dedicated DB firewalls, query whitelisting.
Dev: Signed commits, secure CI/CD pipelines, dependency scanning.

Testing

Simulate persona’s multi-vector methods in red team exercises.
OS layer: Privilege escalation tests.
Infra layer: Lateral movement detection.
DB layer: Injection testing.
Dev layer: Supply chain penetration testing.

08- Insider Hacker

Persona Development:

Who?
- Definition: Harmful activity by someone with legitimate or formerly legitimate access (employee, contractor, partner). Includes malicious, negligent, and compromised insiders.
Values
Financial Gain:

Selling customer data or intellectual property.
Direct theft of money or facilitating fraud.

Espionage:

Stealing trade secrets or government information.
Providing intelligence to competitors or foreign entities.

Sabotage:

Disrupting critical systems (infrastructure, production).
Destroying or altering data to harm the organization.

Data Theft:

Accessing sensitive data: PII, financial data, research, source code.
Using stolen data for blackmail or resale.

Revenge:

Damaging the organization due to personal grievances or job terminatio
Tarnishing the company’s reputation.

Facilitating External Attacks:

Creating backdoors for external attackers.
Sharing credentials or network secrets with hacker groups.

Ideological / Hacktivism: Promoting a political or social agenda.
- - Leaking information to embarrass or pressure the organization.

Characteristics
- - Environment expert
  - Business knowledge expert
  - Solution expert

9- Common insider hacker TTPs

TTPs means Tactics, Techniques, and Procedures used by attackers, especially in cybersecurity frameworks like MITRE ATT&CK

1. Credential Abuse & Privilege Escalation

Tactic: Gain higher access rights than intended.
Techniques:
- Password spraying, brute force, keylogging.
- Exploiting weak permissions or misconfigurations.
- Pass-the-Hash / Pass-the-Ticket attacks.
Impact: Lateral movement, access to sensitive data, data staging.

2. Lateral Movement

Tactic: Move across the network after initial access.
Techniques:
- Remote Desktop Protocol (RDP), SMB exploitation, WMI, PsExec.
- Using stolen credentials or session tokens.
Impact: Expands attack surface, reaches high-value targets.

3. Data Staging & Exfiltration

Tactic: Prepare and transfer sensitive data out of the network.
Techniques:
- Compressing/encrypting files for transfer.
- Using cloud storage, email, removable media, or FTP.
- Tunneling via DNS or HTTP.
Impact: Data theft, intellectual property loss, regulatory exposure.

4. Shadow IT & Cloud Misuse

Tactic: Exploit unsanctioned services or personal SaaS accounts.
Techniques:
- Upload sensitive files to personal cloud storage.
- Using unauthorized apps or services to bypass security controls.
Impact: Data leaks, policy violations, compliance issues.

5. Social Engineering & Phishing

Tactic: Manipulate humans to reveal credentials or sensitive info.
Techniques:
- Spear phishing, baiting, pretexting.
- Business Email Compromise (BEC).
Impact: Initial access, spreading malware, insider recruitment.

6. Malware & Remote Access Trojans (RATs)

Tactic: Install software to maintain persistent access.
Techniques:
- Keyloggers, ransomware, spyware, custom Trojans.
- Backdoors in legitimate software.
Impact: Persistent control, spying, data theft, encryption attacks.

7. Exploiting Misconfigurations & Weaknesses

Tactic: Leverage system flaws or misconfigurations.
Techniques:
- Open ports, default credentials, unpatched software.
- Weak firewall rules, excessive privileges.
Impact: Easy compromise, escalation, persistence.

8. Covering Tracks & Anti-Detection

Tactic: Avoid detection and forensic analysis.
Techniques:
- Log tampering, timestamp modification.
- Using encryption, packing, or obfuscation.
Impact: Prolonged undetected presence, stealthy exfiltration.

Dr. Ghoniem Lawaty

Tech Evangelist @TechHuB Egypt

Page updated

Google Sites

Report abuse