2. The Attackers Process
Attackers methodology comprise of the
following steps:
1. Performing reconnaissance and
footprinting
2. Scanning and enumeration
3. Gaining access
4. Escalation of privilege
5. Maintaining access
6. Covering tracks
3. 1.Performing
Reconnaissance and Foot-
printing
• Reconnaissance viewed as the initial pre-attack phase-
passive information gathering.
• Reconnaissance comprises of the attempt to elicit, collate,
document information about the target
• Hacker malicious intent is to collate as much information as
possible about the target
• Targets usually have no idea that hackers are collating
information about them
• Hackers pursue attack based on the information that is
collated
• Hackers also leverage on Social engineering techniques,
typically calling helpdesk to reset the passwords and eliciting
sensitive information by manipulative talking
4. 2.Scanning and
Enumeration
• Depicted as the second pre-attack phase
• Scope of scanning entails performing hacking
activities in view of connecting with the systems in
order to generate system responses
• Scope of Enumeration entails eliciting in depth
information with regards to the target for example
collating user account information
• Hacker is in the mode of being active with regards to
collecting information
• Hackers utilising tools such as Nmap, start engaging
in boosting a wide range of packets into the identified
vulnerable networks.
5. Scanning and
Enumeration
• Mapping of ports and applications that are
open is the prime objective of the Hacker.
• Hackers implement techniques that enable
slower rate of packets being injected in order
to minimize the probability of being detected
by Intrusion Detection Systems (IDS)
• Older applications are vulnerable and Hackers
will undoubtedly use websites such
as http://www.exploit-db.com in order to
identify vulnerabilities.
• Programs such as OpenVAS are also designed
to identify application vulnerabilities
6. 4.Gaining Access
• Critical step of the methodology when attack is
launched by Hacker
• In this phase the attacker has executed the
attack
• Hackers spreads the attack from system to
system
• Hackers can capitalize on several methods to
gain entry into systems ie open wireless access
points, vulnerability in web applications.
• Watering hole is a technique used by hackers
where web application vulnerability is exploited
by infecting the web application with malware
7. 5.Escalation of
Privilege
• Scope of Privilege escalation typically
encompasses hacker gaining access to
internal resources due to bug,
misconfiguration or vulnerability that has
been exposed in the application.
8. 6.Maintaining Access
• Rootkits are largely utilised by Hackers for
malicious intent to maintain constant
access to the system.
• Rootkits have the functional capability to
cover up hacker presence during system
entry when accessing system resources.
• Sniffers can also be leveraged by hackers
to pursue the monitoring of all legitimiate
users of the system.
This Photo by Unknown Author is licensed under CC BY-SA-N
9. 7.Covering Tracks and
Planting Backdoors
• Hackers maintain full intent to erasing
and hiding their tracks
• Hackers will delete logs to erase all tracks
and will implement file hiding techniques
encompassing hidden directories, hidden
attributes and incorporate alternate data
streams.
• Ethical Hackers must have
comprehensive knowledge of all file
hiding techniques to identify the
activities of the hackers.
10. Ethical Hackers Process 2
The following process can be
adopted by organisations to evaluate
their strengths and weaknesses with
regards to ethical hacking:
Step 1 Assessment:
The scope of this step entails Ethical
hacking, Penetration Testing and
practical security tests.
Step 2 Policy Development:
The Scope of this step entails policy
development in alignment to
organizational goals and missions
11. Ethical Hackers Process 2
Step 3 Implementation
This step entails the establishment of
technical, operational and managerial
controls in order to pursue the security
and maintenance of key organizational
assets and data
Step 4 Training
This step comprises of empowering
employees by giving training on areas
of IDS, Firewall etc
Step 5 Audit
This step comprises of implementing
audit controls and measures in order
to provision stronger levels of security
This Photo by Unknown Author is licensed under CC BY-NC
12. Security Methodologies
Different organizations implement
different types of methodologies in how
they address security testing etc.
The following are the most prominent type
of methodologies:
1. National Institute of Standards
and Technology (NIST) Special
Publication 800-115, Technical
Guide to Information Security
Testing and Assessment
2. Operationally Critical Threat,
Asset, and Vulnerability
Evaluation (OCTAVE)
3. Open Source Security Testing
Methodology Manual
(OSSTMM)
This Photo by Unknown Author is licensed under CC BY-NC-ND
13. National Institute of Standards and Technology (NIST)
Special Publication 800-115,
Methodology comprises of the
following stages:
1. Planning
2. Discovery
3. Attack
4. Reporting
This Photo by Unknown Author is licensed under CC BY-NC-ND
14. Operationally Critical Threat, Asset, and
Vulnerability Evaluation (OCTAVE)
• Core emphasis is on organizational risk and strategic practice
• Largely impacted by operational risk and security practices
• Remit of IT Security team is to define security , identify risks and establish a comprehensive
robust security strategy
• Three versions: OCTAVE Original, OCTAVE-S, and OCTAVE Allegro
• www.cert.org/octave
15. Open Source Security Testing Methodology
Manual
Open source methodology http://www.isecom.org/osstmm categorises security assessment into
the following sections:
1. Defining a security test
2. Data networks security testing
3. Human security testing
4. Physical security testing
5. Telecommunications security testing
6. Wireless security testing