Ethical hacking introduction to ethical hacking

1. Introduction to Hacking
Ethical Hacking

2. Today we are going to learn:
Learning intentions
What are the five stages of hacking?
What is hacking?
What makes Ethical Hacking Different to normal hacking?

3. What is hacking?
Hacking is the process of identifying and exploiting weakness in a system or a network
to gain unauthorized access to data and system resources.
It can also be defined as an unauthorised intrusion into the information
systems/networks by an attacker by compromising the security.
Example of Hacking: Exploiting the weakness of default password to gain access to the
data stored inside the system.

5. What is Ethical hacking?
Ethical Hacking sometimes called as Penetration Testing is an act of
intruding/penetrating into system or networks to find out threats,
vulnerabilities in systems where attackers may be interested in.
The purpose of ethical hacking is to improve the security of the network or
systems by fixing the vulnerabilities found during testing.
Ethical hackers may use the same methods and tools used by the malicious
hackers but with the permission from the company or person, for the
purpose of improving the security and defending the systems from attacks.

7. Stages of Hacking
Stage 1
Reconnaissance
Stage 2
Scanning
Stage 3
Gaining Access
Stage 4
Maintaining Access
Stage 5
Clearing Track

8. Stage 1 - Reconnaissance
This is the first step of Hacking. It is also called information gathering Phase.
This is the phase where we collect as much information as possible about the target.
We usually collect information about three groups,
• Network
• Host
• People involved
There are two types of information gathering:
• Active: Directly interacting with the target to gather information about the target.
Eg Using Nmap tool to scan the target
• Passive: Trying to collect the information about the target without directly
accessing the target. This involves collecting information from social media, public
websites etc.

9. Stage 2 - Scanning
Three types of scanning are involved:
• Port scanning: This phase involves scanning the target for the information like open
ports, Live systems, various services running on the host.
• Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which
can be exploited. Usually done with help of automated tools
• Network Mapping: Finding out which computer is linked to what part of the
network and where it is physically located is a very important piece of information.

10. Stage 3 – Gaining
Access
This phase is where an attacker breaks into the system/network using various tools or
methods.
After entering a system, they must increase their privilege to administrator level so
they can install an application they needs or modify data or hide data.

11. Stage 4 – Maintaining Access
Hacker may just hack the system to show it was vulnerable or he can be so
mischievous that he wants to maintain or persist the connection in the background
without the knowledge of the user.
This can be done using Trojans, Rootkits or other malicious files.
The aim is to maintain the access to the target until he finishes the tasks he planned to
accomplish in that target.

12. Stage 5 – Clearing Tracks
No thief wants to get caught. An intelligent hacker always clears all evidence so that in
the later point of time, no one will find any traces leading to them.
This involves modifying/corrupting/deleting the values of Logs, modifying registry
values and uninstalling all applications they used and deleting all folders they created.