The document outlines the typical steps in an attacker's process and an ethical hacker's process. For an attacker, the steps are: 1) reconnaissance and footprinting, 2) scanning and enumeration, 3) gaining access, 4) escalation of privilege, 5) maintaining access, and 6) covering tracks. For an ethical hacker, the steps involve obtaining permission, mirroring the attacker's steps through reconnaissance, scanning, and gaining access, maintaining access through escalation and covering tracks, and reporting findings. The document also discusses common security testing methodologies like NIST, OCTAVE, and OSSTMM.
2. The Attackers Process
Attackers methodology comprise of the
following steps:
1. Performing reconnaissance and
footprinting
2. Scanning and enumeration
3. Gaining access
4. Escalation of privilege
5. Maintaining access
6. Covering tracks
3. 1.Performing
Reconnaissance
and Foot-
printing
• Reconnaissance viewed as the initial pre-attack phase-
passive information gathering.
• Reconnaissance comprises of the attempt to elicit,
collate, document information about the target
• Hacker malicious intent is to collate as much information
as possible about the target
• Targets usually have no idea that hackers are collating
information about them
• Hackers pursue attack based on the information that is
collated
• Hackers also leverage on Social engineering techniques,
typically calling helpdesk to reset the passwords and
eliciting sensitive information by manipulative talking
4. 2.Scanning
and
Enumeration
• Depicted as the second pre-attack phase
• Scope of scanning entails performing hacking activities in
view of connecting with the systems in order to generate
system responses
• Scope of Enumeration entails eliciting in depth
information with regards to the target for example
collating user account information
• Hacker is in the mode of being active with regards to
collecting information
• Hackers utilising tools such as Nmap, start engaging in
boosting a wide range of packets into the identified
vulnerable networks.
5. 3.Scanning
and
Enumeration
• Mapping of ports and applications that are open is the
prime objective of the Hacker.
• Hackers implement techniques that enable slower rate of
packets being injected in order to minimize the
probability of being detected by Intrusion Detection
Systems (IDS)
• Older applications are vulnerable and Hackers will
undoubtedly use websites such as http://www.exploit-
db.com in order to identify vulnerabilities.
• Programs such as OpenVAS are also designed to identify
application vulnerabilities
6. 4.Gaining
Access
• Critical step of the methodology when attack is launched
by Hacker
• In this phase the attacker has executed the attack
• Hackers spreads the attack from system to system
• Hackers can capitalize on several methods to gain entry
into systems ie open wireless access points, vulnerability
in web applications.
• Watering hole is a technique used by hackers where web
application vulnerability is exploited by infecting the web
application with malware
7. 5.Escalation of
Privilege
• Scope of Privilege escalation typically encompasses
hacker gaining access to internal resources due to bug,
misconfiguration or vulnerability that has been exposed
in the application.
8. 6.Maintaining
Access
• Rootkits are largely utilised by Hackers for malicious
intent to maintain constant access to the system.
• Rootkits have the functional capability to cover up hacker
presence during system entry when accessing system
resources.
• Sniffers can also be leveraged by hackers to pursue the
monitoring of all legitimiate users of the system.
9. 6.Maintaining
Access
• Rootkits are largely utilised by Hackers for malicious
intent to maintain constant access to the system.
• Rootkits have the functional capability to cover up hacker
presence during system entry when accessing system
resources.
• Sniffers can also be leveraged by hackers to pursue the
monitoring of all legitimiate users of the system.
10. Ethical Hackers
Process 1
Ethical Hackers must mirror similar steps in the way a hacker
performs, their process typically would encompass the following
based on company consent
• Permission: Pursue and obtain the required levels of
authorisation
• Reconnaissance: this can be either passive for active
• Scanning: incorporates the usage of port scanning tools and
network mappers
• Gaining Access: initial entry point into the network, application
and system
• Maintaining Access: Comprises of technique which are
implemented to maintain control, for example escalation of
privilege
• Covering Tracks: this step encompasses of covering tracks and
deleting logs
• Reporting: Consists of producing reports and recommendations
11. Ethical Hackers
Process 2
The following process can be adopted by organisations to
evaluate their strengths and weaknesses with regards to
ethical hacking:
Step 1 Assessment:
The scope of this step entails Ethical hacking, Penetration
Testing and practical security tests.
Step 2 Policy Development:
The Scope of this step entails policy development in
alignment to organizational goals and missions
12. Ethical Hackers
Process 2
Step 3 Implementation
This step entails the establishment of technical, operational
and managerial controls in order to pursue the security and
maintenance of key organizational assets and data
Step 4 Training
This step comprises of empowering employees by giving
training on areas of IDS, Firewall etc
Step 5 Audit
This step comprises of implementing audit controls and
measures in order to provision stronger levels of security
13. Security
Methodologies
Different organizations implement different types of
methodologies in how they address security testing etc.
The following are the most prominent type of
methodologies:
1. National Institute of Standards and Technology
(NIST) Special Publication 800-115, Technical
Guide to Information Security Testing and
Assessment
2. Operationally Critical Threat, Asset, and
Vulnerability Evaluation (OCTAVE)
3. Open Source Security Testing Methodology
Manual (OSSTMM)
15. Operationally
Critical Threat,
Asset, and
Vulnerability
Evaluation
(OCTAVE)
• Core emphasis is on organizational risk and strategic
practice
• Largely impacted by operational risk and security
practices
• Remit of IT Security team is to define security , identify
risks and establish a comprehensive robust security
strategy
• Three versions: OCTAVE Original, OCTAVE-S, and OCTAVE
Allegro
• www.cert.org/octave
16. Open Source
Security
Testing
Methodology
Manual
Open source methodology http://www.isecom.org/osstmm
categorises security assessment into the following sections:
1. Defining a security test
2. Data networks security testing
3. Human security testing
4. Physical security testing
5. Telecommunications security testing
6. Wireless security testing
17. UK - Cyber Defence Academy
• Specialist provider in bespoke classroom, online and self learning
cyber security and cyber defence training.
• Visit us on : www.tech-strategygroup.com
• Empower your employees to become aware about cyber security
• Implement bespoke cyber security training programmes for your
employees in alignment to your cyber security strategy,
transformation programmes and projects.
• For more information e-mail us on : info@tech-strategygroup.com