Computer hacking, as well as other IT jobs, can be a structured, documented and repetable proccess to find security holes in company infraestruture. Professionals have a basic set of tools to complete the tasks in any step of the hacking proccess.
The first and most important duty to take care of is the information gathering phase, in which the case on the target is built. Address, phone numbers, email addressess, staff information, OS fingerprinting and so on. Social networking sites and search engines are put to the test to attempt to find confidential and sensitive data.
Some of the most important tasks to complete when attemping to exploit system and network flaws are keylogging and password cracking, as well as maintaing access once the attack is completed. To do this, hackers utilize tools to take over computers and zombie them up. An infected computer can be used to send email spam, steal sensitive information or participate in a botnet sending denial of service attacks.
Once this process is completed, malicious hackers have access to your corporate data, email, documents and general data. The next step here would be to maintain access and to cover tracks to prevent the attack detection.
Basically, there is an appropiate tool for every process of the hacking cycle that can give an edge to a malicious criminal over security pros, and it is the "good guys" duty to perfect and study attacks on infrastructure to be able to detect and contain, but most important to protect our money, people and company reputation.
