Published on 06 April 2026
Mention the word “hacker” and most people would think of a cybercriminal who’s adept at gaining unauthorised access to networks and computer systems.
But like many things in life, there are in fact two sides to the coin – not all hackers bat for the “dark side”.
Case in point? White hat hackers (skip to DEF CON SG to find out where they converge).
Yes, this group of people hack as well, but for a different reason – to identify and rectify vulnerabilities in computer systems. They do so in a legitimate fashion too – they only hack when given permission by system owners.
In other words, they hack to bolster cybersecurity.
Types of hackers
Generally speaking, there are three types of hackers out there.
(Infographic: HTX/Nicole Lim)
A brief history of ethical hacking
René Carmille. (Credit: FactRepublic)
A Frenchman named René Carmille is widely credited as one of the first people in history to perform ethical hacking. The hacking that he performed, however, had nothing to do with writing code. After all, this incident took place in 1940 during World War II, a time when only rudimentary punch card computers existed.
According to historical records, Carmille’s form of hacking involved deliberately mishandling punch cards, thus delaying the Nazis’ attempts to track Jews using the information stored in punch card computers.
In the 1960s, when computers became more advanced, the term “ethical hacking” was used to describe the act of optimising systems. Fast forward two decades, when personal computers – treasure troves of confidential records and personal information – became commonplace, the ethical hacking movement started gaining pace in tandem with the rise in numbers of black hat hackers looking to steal data.
As the world became increasingly digitalised, the fight between the white and black hat hackers naturally intensified. Today, ethical hacking is widely considered a cornerstone of modern cybersecurity.
(Infographic: HTX/Nicole Lim)
Tools of the trade
So, how do hackers hack? Well, there is an extensive selection of tools for them to choose from.
Here are some of the many applications hackers use.
Purpose: Reconnaissance and information gathering
Nmap is used for network scanning and port discovery, Shodan is popular for finding internet-connected devices, while OSINT (Open Source Intelligence) frameworks such as Maltego help attackers map out target environments and gather preliminary information about potential victims.
Purpose: Vulnerability assessment
Scanners like Nessus, OpenVAS, and Nikto identify security weaknesses in systems, web applications, and network infrastructure. These tools automate the process of finding known vulnerabilities that could serve as entry points.
Purpose: Web application testing tools
Burp Suite and OWASP ZAP are commonly used for intercepting and manipulating web traffic, whilst tools like SQLmap automate SQL injection attacks.
Password attack tools
Hashcat and John the Ripper are commonly used for password cracking, while Hydra is used for brute force attacks against network services.
Ethical and malicious hackers essentially use the same tools – but for different purposes. (Image: Freepik)
According to Jerry Tan, Acting Head of the Red Team, Tech Ops at HTX’s xCybersecurity, the tools employed by ethical and malicious hackers are essentially the same – the fundamental difference lies not in the tools but in their application.
“Ethical hackers operate with explicit permission, clearly defined scope, and professional accountability, while malicious actors face no such constraints. This is comparable to the distinction between a locksmith and a burglar,” he mused.
The growing spectre of hacking
In 2023, the World Economic Forum stated that ransomware activity alone spiked 50% year-on-year during the first half of 2023.
(Source: Check Point Software Technologies)
In 2024, the International Monetary Fund shared that cyberattacks around the world have more than doubled since the Covid-19 pandemic. The South China Morning Post also reported that the number of cybersecurity cases in Hong Kong hit a five-year high that same year.
(Source: Statista)
Singapore has not been immune to cyberattacks. In July 2025, Coordinating Minister for National Security and Minister for Home Affairs K Shanmugam revealed that the nation’s critical information infrastructure was attacked by the UNC3886 cyber espionage
group.
These statistics show that the need for ethical hacking has become more important than ever.
DEF CON
One of the biggest champions of white hat hacking is none other than DEF CON. Considered the largest hacking and cybersecurity conference in the world, this major event is held annually in Las Vegas and is attended by not just hackers but also researchers,
students, cybersecurity professionals and government officials from around the world.
One major highlight of DEF CON is its Capture the Flag (CTF) contests, during which competitors attempt to solve a series of IT security challenges. At DEF CON 2024, HTX fielded two teams which returned home with impressive results.
And now those CTFs are coming here. HTX has partnered DEF CON to bring the event to our shores for the first time. DEF CON SG will be held at Marina Bay Sands Singapore from 28-30 April, co-located with MTX 2026.
Jerry is confident this event will be a boon for cybersecurity enthusiasts in Southeast Asia. He noted that DEF CON SG will significantly lower barriers for the Southeast Asian cybersecurity community to experience DEF CON as they no longer have to fly
all the way to Las Vegas.
One of the HTX teams that participated in DEF CON 33 at Las Vegas. (Photo: HTX)
“DEF CON is not just about learning new techniques. It is about joining a global community that shapes the future of cybersecurity, and having this calibre of conference in Singapore will unlock greater cybersecurity innovation across Southeast Asia,” he said.
“This kind of event acts as a binding force that brings communities together, shaping the future of cybersecurity and unlocking greater cybersecurity innovation.”
Got your ticket to DEF CON SG? Delay no more. Find out more about the event here.
Click Here For The Original Source.
