SlideShare a Scribd company logo

HACKERS ATTACK PROCESS

Download as PPTX, PDF
UK Defence Cyber School
UK Defence Cyber School

Learn about the structure and approach hackers implement to hack into networks, applications, systems and cloud technologies.

Education
1 of 16
HACKERS ATTACK PROCESS BY MOHSIN BAIG
The Attackers Process Attackers methodology comprise of the following steps: 1. Performing reconnaissance and footprinting 2. Scanning and enumeration 3. Gaining access 4. Escalation of privilege 5. Maintaining access 6. Covering tracks
1.Performing Reconnaissance and Foot- printing • Reconnaissance viewed as the initial pre-attack phase- passive information gathering. • Reconnaissance comprises of the attempt to elicit, collate, document information about the target • Hacker malicious intent is to collate as much information as possible about the target • Targets usually have no idea that hackers are collating information about them • Hackers pursue attack based on the information that is collated • Hackers also leverage on Social engineering techniques, typically calling helpdesk to reset the passwords and eliciting sensitive information by manipulative talking
2.Scanning and Enumeration • Depicted as the second pre-attack phase • Scope of scanning entails performing hacking activities in view of connecting with the systems in order to generate system responses • Scope of Enumeration entails eliciting in depth information with regards to the target for example collating user account information • Hacker is in the mode of being active with regards to collecting information • Hackers utilising tools such as Nmap, start engaging in boosting a wide range of packets into the identified vulnerable networks.
Scanning and Enumeration • Mapping of ports and applications that are open is the prime objective of the Hacker. • Hackers implement techniques that enable slower rate of packets being injected in order to minimize the probability of being detected by Intrusion Detection Systems (IDS) • Older applications are vulnerable and Hackers will undoubtedly use websites such as http://www.exploit-db.com in order to identify vulnerabilities. • Programs such as OpenVAS are also designed to identify application vulnerabilities
4.Gaining Access • Critical step of the methodology when attack is launched by Hacker • In this phase the attacker has executed the attack • Hackers spreads the attack from system to system • Hackers can capitalize on several methods to gain entry into systems ie open wireless access points, vulnerability in web applications. • Watering hole is a technique used by hackers where web application vulnerability is exploited by infecting the web application with malware
5.Escalation of Privilege • Scope of Privilege escalation typically encompasses hacker gaining access to internal resources due to bug, misconfiguration or vulnerability that has been exposed in the application.
6.Maintaining Access • Rootkits are largely utilised by Hackers for malicious intent to maintain constant access to the system. • Rootkits have the functional capability to cover up hacker presence during system entry when accessing system resources. • Sniffers can also be leveraged by hackers to pursue the monitoring of all legitimiate users of the system. This Photo by Unknown Author is licensed under CC BY-SA-N
7.Covering Tracks and Planting Backdoors • Hackers maintain full intent to erasing and hiding their tracks • Hackers will delete logs to erase all tracks and will implement file hiding techniques encompassing hidden directories, hidden attributes and incorporate alternate data streams. • Ethical Hackers must have comprehensive knowledge of all file hiding techniques to identify the activities of the hackers.
Ethical Hackers Process 2 The following process can be adopted by organisations to evaluate their strengths and weaknesses with regards to ethical hacking: Step 1 Assessment: The scope of this step entails Ethical hacking, Penetration Testing and practical security tests. Step 2 Policy Development: The Scope of this step entails policy development in alignment to organizational goals and missions
Ethical Hackers Process 2 Step 3 Implementation This step entails the establishment of technical, operational and managerial controls in order to pursue the security and maintenance of key organizational assets and data Step 4 Training This step comprises of empowering employees by giving training on areas of IDS, Firewall etc Step 5 Audit This step comprises of implementing audit controls and measures in order to provision stronger levels of security This Photo by Unknown Author is licensed under CC BY-NC
Security Methodologies Different organizations implement different types of methodologies in how they address security testing etc. The following are the most prominent type of methodologies: 1. National Institute of Standards and Technology (NIST) Special Publication 800-115, Technical Guide to Information Security Testing and Assessment 2. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) 3. Open Source Security Testing Methodology Manual (OSSTMM) This Photo by Unknown Author is licensed under CC BY-NC-ND
National Institute of Standards and Technology (NIST) Special Publication 800-115, Methodology comprises of the following stages: 1. Planning 2. Discovery 3. Attack 4. Reporting This Photo by Unknown Author is licensed under CC BY-NC-ND
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) • Core emphasis is on organizational risk and strategic practice • Largely impacted by operational risk and security practices • Remit of IT Security team is to define security , identify risks and establish a comprehensive robust security strategy • Three versions: OCTAVE Original, OCTAVE-S, and OCTAVE Allegro • www.cert.org/octave
Open Source Security Testing Methodology Manual Open source methodology http://www.isecom.org/osstmm categorises security assessment into the following sections: 1. Defining a security test 2. Data networks security testing 3. Human security testing 4. Physical security testing 5. Telecommunications security testing 6. Wireless security testing
Fundamentals of Networking Protocols and Networking Devices

Recommended

Attackers process
Attackers processAttackers process
Attackers processbegmohsin
 
Chapter 1
Chapter 1Chapter 1
Chapter 1Hadi Aoun
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Security
Security Security
Security chian417
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Kabul Education University
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 
Module 1 Introduction
Module 1 IntroductionModule 1 Introduction
Module 1 Introductionleminhvuong
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 introKhawar Nehal khawar.nehal@atrc.net.pk
 

Recommended

Attackers process
Attackers processAttackers process
Attackers processbegmohsin
 
Chapter 1
Chapter 1Chapter 1
Chapter 1Hadi Aoun
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Security
Security Security
Security chian417
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Kabul Education University
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 
Module 1 Introduction
Module 1 IntroductionModule 1 Introduction
Module 1 Introductionleminhvuong
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 introKhawar Nehal khawar.nehal@atrc.net.pk
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2Kabul Education University
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityGeevarghese Titus
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)Zara Nawaz
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Јаѓќеѕн Јажѕшаф
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksInformation Technology
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...Zara Nawaz
 
Info and telecom_network_security
Info and telecom_network_securityInfo and telecom_network_security
Info and telecom_network_securityBrijesh Kumar
 
Intruders detection
Intruders detectionIntruders detection
Intruders detectionEhtisham Ali
 
Lect13 security
Lect13 securityLect13 security
Lect13 securityUmang Gupta
 
Intruders
IntrudersIntruders
IntrudersDr.Florence Dayana
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Intruders
IntrudersIntruders
Intruderstechn
 
Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3MLG College of Learning, Inc
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRohan Raj
 
Access control attacks
Access control attacksAccess control attacks
Access control attacksYaakub Idris
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingMissStevenson1
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingmissstevenson01
 

More Related Content

What's hot

BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityGeevarghese Titus
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)Zara Nawaz
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksInformation Technology
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...Zara Nawaz
 
Info and telecom_network_security
Info and telecom_network_securityInfo and telecom_network_security
Info and telecom_network_securityBrijesh Kumar
 
Intruders detection
Intruders detectionIntruders detection
Intruders detectionEhtisham Ali
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedFalgun Rathod
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Intruders
IntrudersIntruders
Intruderstechn
 
Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3MLG College of Learning, Inc
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRohan Raj
 
Access control attacks
Access control attacksAccess control attacks
Access control attacksYaakub Idris
 

What's hot (20)

Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
 
Info and telecom_network_security
Info and telecom_network_securityInfo and telecom_network_security
Info and telecom_network_security
 
Intruders detection
Intruders detectionIntruders detection
Intruders detection
 
Lect13 security
Lect13 securityLect13 security
Lect13 security
 
Intruders
IntrudersIntruders
Intruders
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private LimitedThreat Hunting by Falgun Rathod - Cyber Octet Private Limited
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
Intruders
IntrudersIntruders
Intruders
 
Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Access control attacks
Access control attacksAccess control attacks
Access control attacks
 

Similar to HACKERS ATTACK PROCESS

Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingMissStevenson1
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingmissstevenson01
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Untitled document.pdf
Untitled document.pdfUntitled document.pdf
Untitled document.pdfgoogle
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxEthical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxGovandJamalSaeed
 
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Rishabh Gupta
 
Vulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfVulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfMithunJV
 
Vulnerability assessment on cyber security
Vulnerability assessment on cyber securityVulnerability assessment on cyber security
Vulnerability assessment on cyber securityrb5ylf93do
 
Web security chapter#2
Web security chapter#2Web security chapter#2
Web security chapter#2Ishaq Shinwari
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptxBinod Rimal
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSaqib Raza
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxyoufanlimboo
 
Cyber Security vs.pdf
Cyber Security vs.pdfCyber Security vs.pdf
Cyber Security vs.pdfMing Man Chan
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptxVivek Chauhan
 

Similar to HACKERS ATTACK PROCESS (20)

Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hacking
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hacking
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Untitled document.pdf
Untitled document.pdfUntitled document.pdf
Untitled document.pdf
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxEthical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
 
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.
 
Vulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfVulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdf
 
Vulnerability assessment on cyber security
Vulnerability assessment on cyber securityVulnerability assessment on cyber security
Vulnerability assessment on cyber security
 
What are the 3 Phases of Penetration Testing
What are the 3 Phases of Penetration TestingWhat are the 3 Phases of Penetration Testing
What are the 3 Phases of Penetration Testing
 
What are the 3 Phases of Penetration Testing.pdf
What are the 3 Phases of Penetration Testing.pdfWhat are the 3 Phases of Penetration Testing.pdf
What are the 3 Phases of Penetration Testing.pdf
 
Web security chapter#2
Web security chapter#2Web security chapter#2
Web security chapter#2
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 
Cyber Security # Lec 5
Cyber Security # Lec 5Cyber Security # Lec 5
Cyber Security # Lec 5
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptx
 
Cyber Security vs.pdf
Cyber Security vs.pdfCyber Security vs.pdf
Cyber Security vs.pdf
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
 

Recently uploaded

Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Association for Project Management
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxPooja Bhuva
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Pooja Bhuva
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 

Recently uploaded (20)

Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 

HACKERS ATTACK PROCESS

  • 2. The Attackers Process Attackers methodology comprise of the following steps: 1. Performing reconnaissance and footprinting 2. Scanning and enumeration 3. Gaining access 4. Escalation of privilege 5. Maintaining access 6. Covering tracks
  • 3. 1.Performing Reconnaissance and Foot- printing • Reconnaissance viewed as the initial pre-attack phase- passive information gathering. • Reconnaissance comprises of the attempt to elicit, collate, document information about the target • Hacker malicious intent is to collate as much information as possible about the target • Targets usually have no idea that hackers are collating information about them • Hackers pursue attack based on the information that is collated • Hackers also leverage on Social engineering techniques, typically calling helpdesk to reset the passwords and eliciting sensitive information by manipulative talking
  • 4. 2.Scanning and Enumeration • Depicted as the second pre-attack phase • Scope of scanning entails performing hacking activities in view of connecting with the systems in order to generate system responses • Scope of Enumeration entails eliciting in depth information with regards to the target for example collating user account information • Hacker is in the mode of being active with regards to collecting information • Hackers utilising tools such as Nmap, start engaging in boosting a wide range of packets into the identified vulnerable networks.
  • 5. Scanning and Enumeration • Mapping of ports and applications that are open is the prime objective of the Hacker. • Hackers implement techniques that enable slower rate of packets being injected in order to minimize the probability of being detected by Intrusion Detection Systems (IDS) • Older applications are vulnerable and Hackers will undoubtedly use websites such as http://www.exploit-db.com in order to identify vulnerabilities. • Programs such as OpenVAS are also designed to identify application vulnerabilities
  • 6. 4.Gaining Access • Critical step of the methodology when attack is launched by Hacker • In this phase the attacker has executed the attack • Hackers spreads the attack from system to system • Hackers can capitalize on several methods to gain entry into systems ie open wireless access points, vulnerability in web applications. • Watering hole is a technique used by hackers where web application vulnerability is exploited by infecting the web application with malware
  • 7. 5.Escalation of Privilege • Scope of Privilege escalation typically encompasses hacker gaining access to internal resources due to bug, misconfiguration or vulnerability that has been exposed in the application.
  • 8. 6.Maintaining Access • Rootkits are largely utilised by Hackers for malicious intent to maintain constant access to the system. • Rootkits have the functional capability to cover up hacker presence during system entry when accessing system resources. • Sniffers can also be leveraged by hackers to pursue the monitoring of all legitimiate users of the system. This Photo by Unknown Author is licensed under CC BY-SA-N
  • 9. 7.Covering Tracks and Planting Backdoors • Hackers maintain full intent to erasing and hiding their tracks • Hackers will delete logs to erase all tracks and will implement file hiding techniques encompassing hidden directories, hidden attributes and incorporate alternate data streams. • Ethical Hackers must have comprehensive knowledge of all file hiding techniques to identify the activities of the hackers.
  • 10. Ethical Hackers Process 2 The following process can be adopted by organisations to evaluate their strengths and weaknesses with regards to ethical hacking: Step 1 Assessment: The scope of this step entails Ethical hacking, Penetration Testing and practical security tests. Step 2 Policy Development: The Scope of this step entails policy development in alignment to organizational goals and missions
  • 11. Ethical Hackers Process 2 Step 3 Implementation This step entails the establishment of technical, operational and managerial controls in order to pursue the security and maintenance of key organizational assets and data Step 4 Training This step comprises of empowering employees by giving training on areas of IDS, Firewall etc Step 5 Audit This step comprises of implementing audit controls and measures in order to provision stronger levels of security This Photo by Unknown Author is licensed under CC BY-NC
  • 12. Security Methodologies Different organizations implement different types of methodologies in how they address security testing etc. The following are the most prominent type of methodologies: 1. National Institute of Standards and Technology (NIST) Special Publication 800-115, Technical Guide to Information Security Testing and Assessment 2. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) 3. Open Source Security Testing Methodology Manual (OSSTMM) This Photo by Unknown Author is licensed under CC BY-NC-ND
  • 13. National Institute of Standards and Technology (NIST) Special Publication 800-115, Methodology comprises of the following stages: 1. Planning 2. Discovery 3. Attack 4. Reporting This Photo by Unknown Author is licensed under CC BY-NC-ND
  • 14. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) • Core emphasis is on organizational risk and strategic practice • Largely impacted by operational risk and security practices • Remit of IT Security team is to define security , identify risks and establish a comprehensive robust security strategy • Three versions: OCTAVE Original, OCTAVE-S, and OCTAVE Allegro • www.cert.org/octave
  • 15. Open Source Security Testing Methodology Manual Open source methodology http://www.isecom.org/osstmm categorises security assessment into the following sections: 1. Defining a security test 2. Data networks security testing 3. Human security testing 4. Physical security testing 5. Telecommunications security testing 6. Wireless security testing