SlideShare a Scribd company logo

Attackers process

Download as PPTX, PDF
begmohsin
begmohsin

The document outlines the typical steps in an attacker's process and an ethical hacker's process. For an attacker, the steps are: 1) reconnaissance and footprinting, 2) scanning and enumeration, 3) gaining access, 4) escalation of privilege, 5) maintaining access, and 6) covering tracks. For an ethical hacker, the steps involve obtaining permission, mirroring the attacker's steps through reconnaissance, scanning, and gaining access, maintaining access through escalation and covering tracks, and reporting findings. The document also discusses common security testing methodologies like NIST, OCTAVE, and OSSTMM.

Education
1 of 17
The Attackers Process by Mohsin Baig
The Attackers Process Attackers methodology comprise of the following steps: 1. Performing reconnaissance and footprinting 2. Scanning and enumeration 3. Gaining access 4. Escalation of privilege 5. Maintaining access 6. Covering tracks
1.Performing Reconnaissance and Foot- printing • Reconnaissance viewed as the initial pre-attack phase- passive information gathering. • Reconnaissance comprises of the attempt to elicit, collate, document information about the target • Hacker malicious intent is to collate as much information as possible about the target • Targets usually have no idea that hackers are collating information about them • Hackers pursue attack based on the information that is collated • Hackers also leverage on Social engineering techniques, typically calling helpdesk to reset the passwords and eliciting sensitive information by manipulative talking
2.Scanning and Enumeration • Depicted as the second pre-attack phase • Scope of scanning entails performing hacking activities in view of connecting with the systems in order to generate system responses • Scope of Enumeration entails eliciting in depth information with regards to the target for example collating user account information • Hacker is in the mode of being active with regards to collecting information • Hackers utilising tools such as Nmap, start engaging in boosting a wide range of packets into the identified vulnerable networks.
3.Scanning and Enumeration • Mapping of ports and applications that are open is the prime objective of the Hacker. • Hackers implement techniques that enable slower rate of packets being injected in order to minimize the probability of being detected by Intrusion Detection Systems (IDS) • Older applications are vulnerable and Hackers will undoubtedly use websites such as http://www.exploit- db.com in order to identify vulnerabilities. • Programs such as OpenVAS are also designed to identify application vulnerabilities
4.Gaining Access • Critical step of the methodology when attack is launched by Hacker • In this phase the attacker has executed the attack • Hackers spreads the attack from system to system • Hackers can capitalize on several methods to gain entry into systems ie open wireless access points, vulnerability in web applications. • Watering hole is a technique used by hackers where web application vulnerability is exploited by infecting the web application with malware
5.Escalation of Privilege • Scope of Privilege escalation typically encompasses hacker gaining access to internal resources due to bug, misconfiguration or vulnerability that has been exposed in the application.
6.Maintaining Access • Rootkits are largely utilised by Hackers for malicious intent to maintain constant access to the system. • Rootkits have the functional capability to cover up hacker presence during system entry when accessing system resources. • Sniffers can also be leveraged by hackers to pursue the monitoring of all legitimiate users of the system.
6.Maintaining Access • Rootkits are largely utilised by Hackers for malicious intent to maintain constant access to the system. • Rootkits have the functional capability to cover up hacker presence during system entry when accessing system resources. • Sniffers can also be leveraged by hackers to pursue the monitoring of all legitimiate users of the system.
Ethical Hackers Process 1 Ethical Hackers must mirror similar steps in the way a hacker performs, their process typically would encompass the following based on company consent • Permission: Pursue and obtain the required levels of authorisation • Reconnaissance: this can be either passive for active • Scanning: incorporates the usage of port scanning tools and network mappers • Gaining Access: initial entry point into the network, application and system • Maintaining Access: Comprises of technique which are implemented to maintain control, for example escalation of privilege • Covering Tracks: this step encompasses of covering tracks and deleting logs • Reporting: Consists of producing reports and recommendations
Ethical Hackers Process 2 The following process can be adopted by organisations to evaluate their strengths and weaknesses with regards to ethical hacking: Step 1 Assessment: The scope of this step entails Ethical hacking, Penetration Testing and practical security tests. Step 2 Policy Development: The Scope of this step entails policy development in alignment to organizational goals and missions
Ethical Hackers Process 2 Step 3 Implementation This step entails the establishment of technical, operational and managerial controls in order to pursue the security and maintenance of key organizational assets and data Step 4 Training This step comprises of empowering employees by giving training on areas of IDS, Firewall etc Step 5 Audit This step comprises of implementing audit controls and measures in order to provision stronger levels of security
Security Methodologies Different organizations implement different types of methodologies in how they address security testing etc. The following are the most prominent type of methodologies: 1. National Institute of Standards and Technology (NIST) Special Publication 800-115, Technical Guide to Information Security Testing and Assessment 2. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) 3. Open Source Security Testing Methodology Manual (OSSTMM)
National Institute of Standards and Technology (NIST) Special Publication 800-115, Methodology comprises of the following stages: 1. Planning 2. Discovery 3. Attack 4. Reporting
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) • Core emphasis is on organizational risk and strategic practice • Largely impacted by operational risk and security practices • Remit of IT Security team is to define security , identify risks and establish a comprehensive robust security strategy • Three versions: OCTAVE Original, OCTAVE-S, and OCTAVE Allegro • www.cert.org/octave
Open Source Security Testing Methodology Manual Open source methodology http://www.isecom.org/osstmm categorises security assessment into the following sections: 1. Defining a security test 2. Data networks security testing 3. Human security testing 4. Physical security testing 5. Telecommunications security testing 6. Wireless security testing
UK - Cyber Defence Academy • Specialist provider in bespoke classroom, online and self learning cyber security and cyber defence training. • Visit us on : www.tech-strategygroup.com • Empower your employees to become aware about cyber security • Implement bespoke cyber security training programmes for your employees in alignment to your cyber security strategy, transformation programmes and projects. • For more information e-mail us on : info@tech-strategygroup.com

Recommended

HACKERS ATTACK PROCESS
HACKERS ATTACK PROCESSHACKERS ATTACK PROCESS
HACKERS ATTACK PROCESSUK Defence Cyber School
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless networkHadi Fadlallah
 
Chapter 1
Chapter 1Chapter 1
Chapter 1Hadi Aoun
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01G Prachi
 

Recommended

HACKERS ATTACK PROCESS
HACKERS ATTACK PROCESSHACKERS ATTACK PROCESS
HACKERS ATTACK PROCESSUK Defence Cyber School
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless networkHadi Fadlallah
 
Chapter 1
Chapter 1Chapter 1
Chapter 1Hadi Aoun
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01G Prachi
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system securityG Prachi
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Info and telecom_network_security
Info and telecom_network_securityInfo and telecom_network_security
Info and telecom_network_securityBrijesh Kumar
 
Access control attacks
Access control attacksAccess control attacks
Access control attacksYaakub Idris
 
Hacking and Ethical Hacking
Hacking and Ethical HackingHacking and Ethical Hacking
Hacking and Ethical HackingMasih Karimi
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Intruders detection
Intruders detectionIntruders detection
Intruders detectionEhtisham Ali
 
Ethical hacking11601031 (1)
Ethical hacking11601031 (1)Ethical hacking11601031 (1)
Ethical hacking11601031 (1)Mohammad Affan
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingWon Ju Jub
 
Virus and hacker (2)mmm
Virus and hacker (2)mmmVirus and hacker (2)mmm
Virus and hacker (2)mmmandynova
 
Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Gopal Rathod
 
Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8Kabul Education University
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy codeG Prachi
 
Introduction to Application Security Testing
Introduction to Application Security TestingIntroduction to Application Security Testing
Introduction to Application Security TestingMohamed Ridha CHEBBI, CISSP
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksSam Bowne
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testingecmee
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 

More Related Content

What's hot

Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system securityG Prachi
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Info and telecom_network_security
Info and telecom_network_securityInfo and telecom_network_security
Info and telecom_network_securityBrijesh Kumar
 
Access control attacks
Access control attacksAccess control attacks
Access control attacksYaakub Idris
 
Hacking and Ethical Hacking
Hacking and Ethical HackingHacking and Ethical Hacking
Hacking and Ethical HackingMasih Karimi
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Intruders detection
Intruders detectionIntruders detection
Intruders detectionEhtisham Ali
 
Ethical hacking11601031 (1)
Ethical hacking11601031 (1)Ethical hacking11601031 (1)
Ethical hacking11601031 (1)Mohammad Affan
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingWon Ju Jub
 
Virus and hacker (2)mmm
Virus and hacker (2)mmmVirus and hacker (2)mmm
Virus and hacker (2)mmmandynova
 
Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Gopal Rathod
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy codeG Prachi
 
Security testing
Security testingSecurity testing
Security testingbaskar p
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksSam Bowne
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testingecmee
 

What's hot (20)

Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
Info and telecom_network_security
Info and telecom_network_securityInfo and telecom_network_security
Info and telecom_network_security
 
Access control attacks
Access control attacksAccess control attacks
Access control attacks
 
Hacking and Ethical Hacking
Hacking and Ethical HackingHacking and Ethical Hacking
Hacking and Ethical Hacking
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Intruders detection
Intruders detectionIntruders detection
Intruders detection
 
Ethical hacking11601031 (1)
Ethical hacking11601031 (1)Ethical hacking11601031 (1)
Ethical hacking11601031 (1)
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
Virus and hacker (2)mmm
Virus and hacker (2)mmmVirus and hacker (2)mmm
Virus and hacker (2)mmm
 
Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575
 
Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
 
Introduction to Application Security Testing
Introduction to Application Security TestingIntroduction to Application Security Testing
Introduction to Application Security Testing
 
Security testing
Security testingSecurity testing
Security testing
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer Attacks
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 

Similar to Attackers process

NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.Expeed Software
 
What is penetration testing
What is penetration testingWhat is penetration testing
What is penetration testingsakshisoni076
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptxVivek Chauhan
 
Penentration testing
Penentration testingPenentration testing
Penentration testingtahreemsaleem
 
Vulnerability assessment on cyber security
Vulnerability assessment on cyber securityVulnerability assessment on cyber security
Vulnerability assessment on cyber securityrb5ylf93do
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancementcyberprosocial
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSaqib Raza
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingMissStevenson1
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingmissstevenson01
 
Penetration Testing.pptx
Penetration Testing.pptxPenetration Testing.pptx
Penetration Testing.pptxAnanta Khare
 

Similar to Attackers process (20)

NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.
 
What is penetration testing
What is penetration testingWhat is penetration testing
What is penetration testing
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
 
What are the 3 Phases of Penetration Testing
What are the 3 Phases of Penetration TestingWhat are the 3 Phases of Penetration Testing
What are the 3 Phases of Penetration Testing
 
What are the 3 Phases of Penetration Testing.pdf
What are the 3 Phases of Penetration Testing.pdfWhat are the 3 Phases of Penetration Testing.pdf
What are the 3 Phases of Penetration Testing.pdf
 
Penentration testing
Penentration testingPenentration testing
Penentration testing
 
Vulnerability assessment on cyber security
Vulnerability assessment on cyber securityVulnerability assessment on cyber security
Vulnerability assessment on cyber security
 
Intruders
IntrudersIntruders
Intruders
 
ch08.ppt
ch08.pptch08.ppt
ch08.ppt
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hacking
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hacking
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
Cyber Security # Lec 5
Cyber Security # Lec 5Cyber Security # Lec 5
Cyber Security # Lec 5
 
Penetration Testing.pptx
Penetration Testing.pptxPenetration Testing.pptx
Penetration Testing.pptx
 

More from begmohsin

Skills you need to become a ethical hacker
Skills you need to become a ethical hackerSkills you need to become a ethical hacker
Skills you need to become a ethical hackerbegmohsin
 
Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hackingbegmohsin
 
How hackers collate information about employees
How hackers collate information about employees How hackers collate information about employees
How hackers collate information about employees begmohsin
 
Types of hackers
Types of hackersTypes of hackers
Types of hackersbegmohsin
 
Ethical System Hacking- Cyber Training Diploma
Ethical System Hacking- Cyber Training Diploma Ethical System Hacking- Cyber Training Diploma
Ethical System Hacking- Cyber Training Diploma begmohsin
 
Ethical Hacking Tools & Techniques
Ethical Hacking Tools & Techniques Ethical Hacking Tools & Techniques
Ethical Hacking Tools & Techniques begmohsin
 
Defend your organisation from Cyber Attacks
Defend your organisation from Cyber AttacksDefend your organisation from Cyber Attacks
Defend your organisation from Cyber Attacksbegmohsin
 

More from begmohsin (7)

Skills you need to become a ethical hacker
Skills you need to become a ethical hackerSkills you need to become a ethical hacker
Skills you need to become a ethical hacker
 
Enumeration and system hacking
Enumeration and system hackingEnumeration and system hacking
Enumeration and system hacking
 
How hackers collate information about employees
How hackers collate information about employees How hackers collate information about employees
How hackers collate information about employees
 
Types of hackers
Types of hackersTypes of hackers
Types of hackers
 
Ethical System Hacking- Cyber Training Diploma
Ethical System Hacking- Cyber Training Diploma Ethical System Hacking- Cyber Training Diploma
Ethical System Hacking- Cyber Training Diploma
 
Ethical Hacking Tools & Techniques
Ethical Hacking Tools & Techniques Ethical Hacking Tools & Techniques
Ethical Hacking Tools & Techniques
 
Defend your organisation from Cyber Attacks
Defend your organisation from Cyber AttacksDefend your organisation from Cyber Attacks
Defend your organisation from Cyber Attacks
 

Recently uploaded

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 

Recently uploaded (20)

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 

Attackers process

  • 1. The Attackers Process by Mohsin Baig
  • 2. The Attackers Process Attackers methodology comprise of the following steps: 1. Performing reconnaissance and footprinting 2. Scanning and enumeration 3. Gaining access 4. Escalation of privilege 5. Maintaining access 6. Covering tracks
  • 3. 1.Performing Reconnaissance and Foot- printing • Reconnaissance viewed as the initial pre-attack phase- passive information gathering. • Reconnaissance comprises of the attempt to elicit, collate, document information about the target • Hacker malicious intent is to collate as much information as possible about the target • Targets usually have no idea that hackers are collating information about them • Hackers pursue attack based on the information that is collated • Hackers also leverage on Social engineering techniques, typically calling helpdesk to reset the passwords and eliciting sensitive information by manipulative talking
  • 4. 2.Scanning and Enumeration • Depicted as the second pre-attack phase • Scope of scanning entails performing hacking activities in view of connecting with the systems in order to generate system responses • Scope of Enumeration entails eliciting in depth information with regards to the target for example collating user account information • Hacker is in the mode of being active with regards to collecting information • Hackers utilising tools such as Nmap, start engaging in boosting a wide range of packets into the identified vulnerable networks.
  • 5. 3.Scanning and Enumeration • Mapping of ports and applications that are open is the prime objective of the Hacker. • Hackers implement techniques that enable slower rate of packets being injected in order to minimize the probability of being detected by Intrusion Detection Systems (IDS) • Older applications are vulnerable and Hackers will undoubtedly use websites such as http://www.exploit- db.com in order to identify vulnerabilities. • Programs such as OpenVAS are also designed to identify application vulnerabilities
  • 6. 4.Gaining Access • Critical step of the methodology when attack is launched by Hacker • In this phase the attacker has executed the attack • Hackers spreads the attack from system to system • Hackers can capitalize on several methods to gain entry into systems ie open wireless access points, vulnerability in web applications. • Watering hole is a technique used by hackers where web application vulnerability is exploited by infecting the web application with malware
  • 7. 5.Escalation of Privilege • Scope of Privilege escalation typically encompasses hacker gaining access to internal resources due to bug, misconfiguration or vulnerability that has been exposed in the application.
  • 8. 6.Maintaining Access • Rootkits are largely utilised by Hackers for malicious intent to maintain constant access to the system. • Rootkits have the functional capability to cover up hacker presence during system entry when accessing system resources. • Sniffers can also be leveraged by hackers to pursue the monitoring of all legitimiate users of the system.
  • 9. 6.Maintaining Access • Rootkits are largely utilised by Hackers for malicious intent to maintain constant access to the system. • Rootkits have the functional capability to cover up hacker presence during system entry when accessing system resources. • Sniffers can also be leveraged by hackers to pursue the monitoring of all legitimiate users of the system.
  • 10. Ethical Hackers Process 1 Ethical Hackers must mirror similar steps in the way a hacker performs, their process typically would encompass the following based on company consent • Permission: Pursue and obtain the required levels of authorisation • Reconnaissance: this can be either passive for active • Scanning: incorporates the usage of port scanning tools and network mappers • Gaining Access: initial entry point into the network, application and system • Maintaining Access: Comprises of technique which are implemented to maintain control, for example escalation of privilege • Covering Tracks: this step encompasses of covering tracks and deleting logs • Reporting: Consists of producing reports and recommendations
  • 11. Ethical Hackers Process 2 The following process can be adopted by organisations to evaluate their strengths and weaknesses with regards to ethical hacking: Step 1 Assessment: The scope of this step entails Ethical hacking, Penetration Testing and practical security tests. Step 2 Policy Development: The Scope of this step entails policy development in alignment to organizational goals and missions
  • 12. Ethical Hackers Process 2 Step 3 Implementation This step entails the establishment of technical, operational and managerial controls in order to pursue the security and maintenance of key organizational assets and data Step 4 Training This step comprises of empowering employees by giving training on areas of IDS, Firewall etc Step 5 Audit This step comprises of implementing audit controls and measures in order to provision stronger levels of security
  • 13. Security Methodologies Different organizations implement different types of methodologies in how they address security testing etc. The following are the most prominent type of methodologies: 1. National Institute of Standards and Technology (NIST) Special Publication 800-115, Technical Guide to Information Security Testing and Assessment 2. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) 3. Open Source Security Testing Methodology Manual (OSSTMM)
  • 14. National Institute of Standards and Technology (NIST) Special Publication 800-115, Methodology comprises of the following stages: 1. Planning 2. Discovery 3. Attack 4. Reporting
  • 15. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) • Core emphasis is on organizational risk and strategic practice • Largely impacted by operational risk and security practices • Remit of IT Security team is to define security , identify risks and establish a comprehensive robust security strategy • Three versions: OCTAVE Original, OCTAVE-S, and OCTAVE Allegro • www.cert.org/octave
  • 16. Open Source Security Testing Methodology Manual Open source methodology http://www.isecom.org/osstmm categorises security assessment into the following sections: 1. Defining a security test 2. Data networks security testing 3. Human security testing 4. Physical security testing 5. Telecommunications security testing 6. Wireless security testing
  • 17. UK - Cyber Defence Academy • Specialist provider in bespoke classroom, online and self learning cyber security and cyber defence training. • Visit us on : www.tech-strategygroup.com • Empower your employees to become aware about cyber security • Implement bespoke cyber security training programmes for your employees in alignment to your cyber security strategy, transformation programmes and projects. • For more information e-mail us on : info@tech-strategygroup.com