The document discusses the key concepts of confidentiality, integrity, and availability (CIA triad), which form the basis for information security. It then explains the five stages of ethical hacking: reconnaissance, scanning, gaining access, maintaining access, and clearing tracks. Finally, it provides brief introductions to cyber attacks, malware, and cyber defense techniques.
Ethical hacking introduction to ethical hackingMissStevenson1
Ethical hacking involves intentionally hacking into a system with the owner's permission to find vulnerabilities. It has five stages: reconnaissance to gather target information; scanning for open ports and vulnerabilities; gaining access by exploiting vulnerabilities; maintaining access covertly using tools; and clearing tracks to remove evidence. The purpose is to improve security by identifying and fixing flaws before criminals can exploit them.
Ethical hacking introduction to ethical hackingmissstevenson01
Ethical hacking is the process of authorized penetration testing of systems and networks to identify security vulnerabilities. It involves five stages: reconnaissance to gather target information; scanning open ports and services; gaining access using tools or exploits; maintaining persistent access covertly; and clearing logs and traces to cover tracks. The goal of ethical hacking is to improve security by finding and fixing vulnerabilities before criminals can exploit them.
This document discusses ethical hacking and the hacking process. It describes white hat, black hat, and grey hat hackers and explains the typical steps hackers use: footprinting to gather information, scanning networks and systems, gaining access, and maintaining access. Footprinting involves techniques like DNS queries and WHOIS searches. Scanning identifies live systems, services, and vulnerabilities. Gaining access can be done by spoofing or exploiting vulnerabilities. Maintaining access may involve installing backdoors or rootkits to enable repeated unauthorized access.
This document outlines a seminar on ethical hacking presented by Devendra Kumar Yadav. It defines hacking and ethical hacking, describes different types of hackers (white hat, black hat, grey hat). It also explains the typical phases of a hack (reconnaissance, scanning, gaining access, maintaining access, clearing tracks) and provides examples for each phase. The document concludes with some countermeasures against hacking and discusses recent hacking cases involving Yahoo and SBI Bank.
Understand what Ethical Hacking is, what are it's phases, and how it is different from Hacking.
Followed by screenshots of two common ethical hacking attacks.
The document discusses ethical hacking and penetration testing. It defines hacking and different types of hackers such as black hat, white hat, grey hat, and script kiddies. It then explains the differences between ethical hackers and crackers. The document outlines the phases of hacking including information gathering, gaining access, maintaining access, and covering tracks. It also discusses the importance of ethical hackers for performing security testing and penetration testing to evaluate systems for vulnerabilities.
Ethical hacking introduction to ethical hackingMissStevenson1
Ethical hacking involves intentionally hacking into a system with the owner's permission to find vulnerabilities. It has five stages: reconnaissance to gather target information; scanning for open ports and vulnerabilities; gaining access by exploiting vulnerabilities; maintaining access covertly using tools; and clearing tracks to remove evidence. The purpose is to improve security by identifying and fixing flaws before criminals can exploit them.
Ethical hacking introduction to ethical hackingmissstevenson01
Ethical hacking is the process of authorized penetration testing of systems and networks to identify security vulnerabilities. It involves five stages: reconnaissance to gather target information; scanning open ports and services; gaining access using tools or exploits; maintaining persistent access covertly; and clearing logs and traces to cover tracks. The goal of ethical hacking is to improve security by finding and fixing vulnerabilities before criminals can exploit them.
This document discusses ethical hacking and the hacking process. It describes white hat, black hat, and grey hat hackers and explains the typical steps hackers use: footprinting to gather information, scanning networks and systems, gaining access, and maintaining access. Footprinting involves techniques like DNS queries and WHOIS searches. Scanning identifies live systems, services, and vulnerabilities. Gaining access can be done by spoofing or exploiting vulnerabilities. Maintaining access may involve installing backdoors or rootkits to enable repeated unauthorized access.
This document outlines a seminar on ethical hacking presented by Devendra Kumar Yadav. It defines hacking and ethical hacking, describes different types of hackers (white hat, black hat, grey hat). It also explains the typical phases of a hack (reconnaissance, scanning, gaining access, maintaining access, clearing tracks) and provides examples for each phase. The document concludes with some countermeasures against hacking and discusses recent hacking cases involving Yahoo and SBI Bank.
Understand what Ethical Hacking is, what are it's phases, and how it is different from Hacking.
Followed by screenshots of two common ethical hacking attacks.
The document discusses ethical hacking and penetration testing. It defines hacking and different types of hackers such as black hat, white hat, grey hat, and script kiddies. It then explains the differences between ethical hackers and crackers. The document outlines the phases of hacking including information gathering, gaining access, maintaining access, and covering tracks. It also discusses the importance of ethical hackers for performing security testing and penetration testing to evaluate systems for vulnerabilities.
its contains all the topics which are related to the ethical hacking
its also be cover the penetration testing and describe the difference between ethical hacker and non ethical hackers
Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s viewpoint so systems can be better secured. Its part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
This document provides a review of ethical hacking. It discusses that ethical hackers, known as white hat hackers, hack security systems on behalf of their owners with permission to test vulnerabilities. The document outlines the main steps of ethical hacking as reconnaissance, scanning and enumeration, gaining access, maintaining access, and clearing tracks. It also discusses different types of hackers such as white hat, black hat, and grey hat hackers. Finally, it provides examples of common tools used at each step of ethical hacking.
This document discusses ethical hacking and penetration testing. It begins by defining ethical hacking as using the same tools and techniques as hackers, but legally in order to test an organization's security. It then covers the history of ethical hacking. The rest of the document outlines the methodology of hacking including reconnaissance, scanning, gaining access, maintaining access, and clearing tracks. It discusses the types of hackers and tools used in ethical hacking. The document concludes by discussing the advantages and disadvantages of ethical hacking.
Vulnerability Prevention Using Ethical Hacking.pdfMithunJV
Hello Everyone,
I am MITHUN.J.V currently pursuing my graduate at BSC in the field of INFORMATION TECHNOLOGY at DR.SNS RAJALAKSHMI COLLEGE OF ARTS AND SCIENCE and this is my reseach paper based on ethical hacking,advantages and disadvantages OF HACKING,types of hacking etc...
This document provides an overview of different types of hacking including black hat, white hat, grey hat, and ethical hacking. It discusses the motives and techniques used for each type. Black hat hacking involves unauthorized access for malicious purposes, while white hat or ethical hacking uses similar skills but is authorized for security testing. Grey hat hackers notify owners of vulnerabilities but may initially access without permission. The document also covers specific hacking techniques like password cracking, network scanning, exploiting software vulnerabilities, backdoors, man-in-the-middle attacks, DDoS attacks, DNS spoofing, phishing, hacktivism, SQL injection, social engineering, ransomware, and cross-site scripting.
GETTING STARTED WITH THE ETHICAL HACKING.pptxBishalRay8
The document provides an introduction to ethical hacking and penetration testing. It discusses how ethical hackers use the same techniques as malicious hackers but for legitimate purposes like testing systems for vulnerabilities. The document covers topics like types of hackers, penetration testing methods, and different testing approaches (black box, grey box, white box). The overall purpose is to explain ethical hacking and how it is used to improve security.
The document provides an overview of ethical hacking, including definitions, goals, and the typical 5 phases of hacking: reconnaissance, scanning, gaining access, maintaining access, and covering tracks. It describes the importance of reconnaissance in gathering target information through passive and active means. Scanning involves using tools to discover technical details about a network like open ports and services. Gaining access focuses on exploiting vulnerabilities to infiltrate systems, while maintaining access ensures continued infiltration even after reboots. Covering tracks aims to remove evidence and logs of the intrusion. The document provides examples of techniques for each phase.
This document provides an overview of computer security concepts. It discusses threats like viruses, worms, bots and rootkits that can compromise security. It defines key terms like assets, attacks, intruders and vulnerabilities. The CIA triad of confidentiality, integrity and availability is explained as the standard for information security. Common attacks are also outlined, such as password cracking, man-in-the-middle, spoofing and social engineering. Malware is defined and the characteristics of viruses, worms and trojans are described.
The document is a guide to ethical hacking that defines it as helping organizations strengthen security by simulating attacks while staying within legal limits. It outlines the typical phases of hacking: reconnaissance through passive and active information gathering; scanning networks to identify vulnerabilities; gaining access, often by exploiting vulnerabilities; maintaining access over time; and covering tracks to avoid detection. The guide provides examples of tools and techniques used for each phase to help administrators understand hacker mindsets and better protect their networks.
This document provides an overview of ethical hacking and penetration testing. It defines ethical hacking as attacking a system with permission to help an organization find vulnerabilities before malicious attackers do. The document outlines the typical phases of a hack: reconnaissance, scanning, gaining access, maintaining access, and covering tracks. It provides an example lab using Kali Linux and the Social Engineering Toolkit to clone a website and host a malicious Java applet to demonstrate how ethical hackers can penetrate a system.
The document discusses ethical hacking and provides information on:
- What ethical hacking is and the difference between ethical and non-ethical hacking
- The need for security and what an ethical hacker does such as testing vulnerabilities with permission
- Types of ethical hacks including remote network hacking, social engineering, and wireless network testing
- Applications that can benefit from ethical hacking like web applications and resources used like routers and firewalls
- Ways to conduct an ethical hack including IP hacking and port scanning to identify vulnerabilities
The document discusses various topics related to computer security including threats, attacks, and security mechanisms. It defines key terms like intruder, threat, attack, and different types of security breaches. It describes common attack methods like masquerading, replay attacks, and man-in-the-middle attacks. It also discusses security mechanisms at the physical, human, operating system, and network levels and techniques for user authentication.
The document provides an overview of ethical hacking. It defines ethical hacking as testing network security by using the same tools as hackers but for legitimate purposes with the organization's authorization. It discusses the types of hackers (white hats, black hats, gray hats), the phases of an ethical hacking test (reconnaissance, scanning, gaining access, maintaining access, clearing tracks), common attack types, and how to perform a penetration test which involves preparation, conducting the test, and reporting conclusions.
1. The document introduces some essential terminology related to ethical hacking such as hack value, exploits, vulnerabilities, and different types of attacks.
2. It discusses the key elements of information security - confidentiality, integrity, availability, authenticity, and repudiation.
3. The document also covers types of hackers, hacking phases, skills required for an ethical hacker, and penetration testing.
The document discusses ethical hacking. It defines ethical hackers as those who test systems and networks for vulnerabilities with authorization from the client. Ethical hackers follow guidelines such as maintaining confidentiality and not damaging systems. The document outlines the phases of hacking including reconnaissance, scanning, gaining access, and covering tracks. It emphasizes that ethical hacking is important for improving security when done properly.
Hacking involves gaining unauthorized access to computer systems and networks. It is usually done through reconnaissance, scanning for vulnerabilities, gaining access, maintaining access by installing backdoors, covering tracks to avoid detection. While some see hackers as experts, hacking can enable credit card fraud and piracy which affects society by reducing public trust in online transactions and software.
The document discusses ethical hacking, which involves using the same tools and techniques as malicious hackers but with the target's permission in order to improve security. It defines ethical hacking and explains that ethical hackers follow certain commandments such as working ethically, respecting privacy, and not crashing systems. The document also outlines the methodology of hacking, which involves reconnaissance, scanning and enumeration, gaining access, maintaining access, and clearing tracks. It provides details on each step and explains the skills required of an ethical hacker.
This document provides an overview of IT security and internet safety. It discusses key concepts in IT security like the CIA triad of confidentiality, integrity and availability. It also covers common security threats like intrusion, blocking/denial of service attacks, and malware. The document recommends security measures to mitigate these threats, such as strong authentication, firewalls, antivirus software and user training. It concludes with guidelines for staying safe online, including creating strong passwords, avoiding scams, and knowing when to get help from a parent or guardian.
IT Career Hacks Navigate the Tech Jungle with a RoadmapBase Camp
Feeling overwhelmed by IT options? This presentation unlocks your personalized roadmap! Learn key skills, explore career paths & build your IT dream job strategy. Visit now & navigate the tech world with confidence! Visit https://www.basecamp.com.sg for more details.
its contains all the topics which are related to the ethical hacking
its also be cover the penetration testing and describe the difference between ethical hacker and non ethical hackers
Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s viewpoint so systems can be better secured. Its part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
This document provides a review of ethical hacking. It discusses that ethical hackers, known as white hat hackers, hack security systems on behalf of their owners with permission to test vulnerabilities. The document outlines the main steps of ethical hacking as reconnaissance, scanning and enumeration, gaining access, maintaining access, and clearing tracks. It also discusses different types of hackers such as white hat, black hat, and grey hat hackers. Finally, it provides examples of common tools used at each step of ethical hacking.
This document discusses ethical hacking and penetration testing. It begins by defining ethical hacking as using the same tools and techniques as hackers, but legally in order to test an organization's security. It then covers the history of ethical hacking. The rest of the document outlines the methodology of hacking including reconnaissance, scanning, gaining access, maintaining access, and clearing tracks. It discusses the types of hackers and tools used in ethical hacking. The document concludes by discussing the advantages and disadvantages of ethical hacking.
Vulnerability Prevention Using Ethical Hacking.pdfMithunJV
Hello Everyone,
I am MITHUN.J.V currently pursuing my graduate at BSC in the field of INFORMATION TECHNOLOGY at DR.SNS RAJALAKSHMI COLLEGE OF ARTS AND SCIENCE and this is my reseach paper based on ethical hacking,advantages and disadvantages OF HACKING,types of hacking etc...
This document provides an overview of different types of hacking including black hat, white hat, grey hat, and ethical hacking. It discusses the motives and techniques used for each type. Black hat hacking involves unauthorized access for malicious purposes, while white hat or ethical hacking uses similar skills but is authorized for security testing. Grey hat hackers notify owners of vulnerabilities but may initially access without permission. The document also covers specific hacking techniques like password cracking, network scanning, exploiting software vulnerabilities, backdoors, man-in-the-middle attacks, DDoS attacks, DNS spoofing, phishing, hacktivism, SQL injection, social engineering, ransomware, and cross-site scripting.
GETTING STARTED WITH THE ETHICAL HACKING.pptxBishalRay8
The document provides an introduction to ethical hacking and penetration testing. It discusses how ethical hackers use the same techniques as malicious hackers but for legitimate purposes like testing systems for vulnerabilities. The document covers topics like types of hackers, penetration testing methods, and different testing approaches (black box, grey box, white box). The overall purpose is to explain ethical hacking and how it is used to improve security.
The document provides an overview of ethical hacking, including definitions, goals, and the typical 5 phases of hacking: reconnaissance, scanning, gaining access, maintaining access, and covering tracks. It describes the importance of reconnaissance in gathering target information through passive and active means. Scanning involves using tools to discover technical details about a network like open ports and services. Gaining access focuses on exploiting vulnerabilities to infiltrate systems, while maintaining access ensures continued infiltration even after reboots. Covering tracks aims to remove evidence and logs of the intrusion. The document provides examples of techniques for each phase.
This document provides an overview of computer security concepts. It discusses threats like viruses, worms, bots and rootkits that can compromise security. It defines key terms like assets, attacks, intruders and vulnerabilities. The CIA triad of confidentiality, integrity and availability is explained as the standard for information security. Common attacks are also outlined, such as password cracking, man-in-the-middle, spoofing and social engineering. Malware is defined and the characteristics of viruses, worms and trojans are described.
The document is a guide to ethical hacking that defines it as helping organizations strengthen security by simulating attacks while staying within legal limits. It outlines the typical phases of hacking: reconnaissance through passive and active information gathering; scanning networks to identify vulnerabilities; gaining access, often by exploiting vulnerabilities; maintaining access over time; and covering tracks to avoid detection. The guide provides examples of tools and techniques used for each phase to help administrators understand hacker mindsets and better protect their networks.
This document provides an overview of ethical hacking and penetration testing. It defines ethical hacking as attacking a system with permission to help an organization find vulnerabilities before malicious attackers do. The document outlines the typical phases of a hack: reconnaissance, scanning, gaining access, maintaining access, and covering tracks. It provides an example lab using Kali Linux and the Social Engineering Toolkit to clone a website and host a malicious Java applet to demonstrate how ethical hackers can penetrate a system.
The document discusses ethical hacking and provides information on:
- What ethical hacking is and the difference between ethical and non-ethical hacking
- The need for security and what an ethical hacker does such as testing vulnerabilities with permission
- Types of ethical hacks including remote network hacking, social engineering, and wireless network testing
- Applications that can benefit from ethical hacking like web applications and resources used like routers and firewalls
- Ways to conduct an ethical hack including IP hacking and port scanning to identify vulnerabilities
The document discusses various topics related to computer security including threats, attacks, and security mechanisms. It defines key terms like intruder, threat, attack, and different types of security breaches. It describes common attack methods like masquerading, replay attacks, and man-in-the-middle attacks. It also discusses security mechanisms at the physical, human, operating system, and network levels and techniques for user authentication.
The document provides an overview of ethical hacking. It defines ethical hacking as testing network security by using the same tools as hackers but for legitimate purposes with the organization's authorization. It discusses the types of hackers (white hats, black hats, gray hats), the phases of an ethical hacking test (reconnaissance, scanning, gaining access, maintaining access, clearing tracks), common attack types, and how to perform a penetration test which involves preparation, conducting the test, and reporting conclusions.
1. The document introduces some essential terminology related to ethical hacking such as hack value, exploits, vulnerabilities, and different types of attacks.
2. It discusses the key elements of information security - confidentiality, integrity, availability, authenticity, and repudiation.
3. The document also covers types of hackers, hacking phases, skills required for an ethical hacker, and penetration testing.
The document discusses ethical hacking. It defines ethical hackers as those who test systems and networks for vulnerabilities with authorization from the client. Ethical hackers follow guidelines such as maintaining confidentiality and not damaging systems. The document outlines the phases of hacking including reconnaissance, scanning, gaining access, and covering tracks. It emphasizes that ethical hacking is important for improving security when done properly.
Hacking involves gaining unauthorized access to computer systems and networks. It is usually done through reconnaissance, scanning for vulnerabilities, gaining access, maintaining access by installing backdoors, covering tracks to avoid detection. While some see hackers as experts, hacking can enable credit card fraud and piracy which affects society by reducing public trust in online transactions and software.
The document discusses ethical hacking, which involves using the same tools and techniques as malicious hackers but with the target's permission in order to improve security. It defines ethical hacking and explains that ethical hackers follow certain commandments such as working ethically, respecting privacy, and not crashing systems. The document also outlines the methodology of hacking, which involves reconnaissance, scanning and enumeration, gaining access, maintaining access, and clearing tracks. It provides details on each step and explains the skills required of an ethical hacker.
This document provides an overview of IT security and internet safety. It discusses key concepts in IT security like the CIA triad of confidentiality, integrity and availability. It also covers common security threats like intrusion, blocking/denial of service attacks, and malware. The document recommends security measures to mitigate these threats, such as strong authentication, firewalls, antivirus software and user training. It concludes with guidelines for staying safe online, including creating strong passwords, avoiding scams, and knowing when to get help from a parent or guardian.
Similar to Introduction to Pre-Cybersecurity.pptx (20)
IT Career Hacks Navigate the Tech Jungle with a RoadmapBase Camp
Feeling overwhelmed by IT options? This presentation unlocks your personalized roadmap! Learn key skills, explore career paths & build your IT dream job strategy. Visit now & navigate the tech world with confidence! Visit https://www.basecamp.com.sg for more details.
5 Common Mistakes to Avoid During the Job Application Process.pdfAlliance Jobs
The journey toward landing your dream job can be both exhilarating and nerve-wracking. As you navigate through the intricate web of job applications, interviews, and follow-ups, it’s crucial to steer clear of common pitfalls that could hinder your chances. Let’s delve into some of the most frequent mistakes applicants make during the job application process and explore how you can sidestep them. Plus, we’ll highlight how Alliance Job Search can enhance your local job hunt.
Resumes, Cover Letters, and Applying OnlineBruce Bennett
This webinar showcases resume styles and the elements that go into building your resume. Every job application requires unique skills, and this session will show you how to improve your resume to match the jobs to which you are applying. Additionally, we will discuss cover letters and learn about ideas to include. Every job application requires unique skills so learn ways to give you the best chance of success when applying for a new position. Learn how to take advantage of all the features when uploading a job application to a company’s applicant tracking system.
How to Prepare for Fortinet FCP_FAC_AD-6.5 Certification?NWEXAM
Begin Your Preparation Here: https://bit.ly/3VfYStG — Access comprehensive details on the FCP_FAC_AD-6.5 exam guide and excel in the Fortinet Certified Professional - Network Security certification. Gather all essential information including tutorials, practice tests, books, study materials, exam questions, and the syllabus. Solidify your knowledge of Fortinet FCP_FAC_AD-6.5 certification. Discover everything about the FCP_FAC_AD-6.5 exam, including the number of questions, passing percentage, and the time allotted to complete the test.
Leadership Ambassador club Adventist modulekakomaeric00
Aims to equip people who aspire to become leaders with good qualities,and with Christian values and morals as per Biblical teachings.The you who aspire to be leaders should first read and understand what the ambassador module for leadership says about leadership and marry that to what the bible says.Christians sh
Joyce M Sullivan, Founder & CEO of SocMediaFin, Inc. shares her "Five Questions - The Story of You", "Reflections - What Matters to You?" and "The Three Circle Exercise" to guide those evaluating what their next move may be in their careers.
A Guide to a Winning Interview June 2024Bruce Bennett
This webinar is an in-depth review of the interview process. Preparation is a key element to acing an interview. Learn the best approaches from the initial phone screen to the face-to-face meeting with the hiring manager. You will hear great answers to several standard questions, including the dreaded “Tell Me About Yourself”.
Job Finding Apps Everything You Need to Know in 2024SnapJob
SnapJob is revolutionizing the way people connect with work opportunities and find talented professionals for their projects. Find your dream job with ease using the best job finding apps. Discover top-rated apps that connect you with employers, provide personalized job recommendations, and streamline the application process. Explore features, ratings, and reviews to find the app that suits your needs and helps you land your next opportunity.
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...dsnow9802
Jill Pizzola's tenure as Senior Talent Acquisition Partner at THOMSON REUTERS in Marlton, New Jersey, from 2018 to 2023, was marked by innovation and excellence.
2. Information Security Triad
The three letters in "CIA triad" stand for Confidentiality, Integrity, and
Availability. The CIA triad is a common model that forms the basis for the
development of security systems. They are used for finding vulnerabilities
and methods for creating solutions.
Confidentiality
Integrity
Availability
3. CONFIDENTIALITY
Confidentiality involves the efforts of an organization to make sure data is
kept secret or private. To accomplish this, access to information must be
controlled to prevent the unauthorized sharing of data.
This may involve direct attacks aimed at gaining access to systems the
attacker does not have the rights to see. It can also involve an attacker
making a direct attempt to infiltrate an application or database so they can
take data or alter it.
These direct attacks may use techniques such as man-in-the-middle
(MITM) attacks, where an attacker positions themselves in the stream of
information to intercept data and then either steal or alter it.
4. INTEGRITY
Data must not be changed in transit, and steps must be taken to ensure
data cannot be altered by unauthorized people (for example, in a breach of
confidentiality).
Integrity involves making sure your data is trustworthy and free from
tampering. The integrity of your data is maintained only if the data is
authentic, accurate, and reliable.
Compromising integrity is often done intentionally. An attacker may
bypass an intrusion detection system (IDS), change file configurations to
allow unauthorized access, or alter the logs kept by the system to hide the
attack. Integrity may also be violated by accident. Someone may
accidentally enter the wrong code or make another kind of careless
mistake.
5. Availability
Availability means information should be consistently and readily
accessible for authorized parties. This involves properly maintaining
hardware and technical infrastructure and systems that hold and display
the information.
his means that systems, networks, and applications must be functioning as
they should and when they should.
Also, individuals with access to specific information must be able to
consume it when they need to, and getting to the data should not take an
inordinate amount of time.
To ensure availability, organizations can use redundant networks, servers,
and applications. These can be programmed to become available when the
primary system has been disrupted or broken.
6. FIVE STAGE OF ETHICAL HACKING
The aim of ethical hacking is to mimic the actions of hackers and identify both
existing and potential vulnerabilities that may arise in the future. To
accomplish this, an ethical hacker undertakes multiple stages of assessment to
gain as much in-depth knowledge of the system as possible.
While the phases discussed in the webinar are from the perspective of a
hacker, King explains that these are the same phases used by a white hat
hacker to test an organization’s network. To put it simply, an attacker uses this
approach to breach the network, while the ethical hacker uses it to protect it.
The following Phases of hacking are as follows:
1. Reconnaissance
2. Scanning
3. Gaining Access
4. Maintaining Access
5. Clearing tracks
7. Reconnaissance
The first phase of ethical hacking is called Reconnaissance. This phase
hacker gathers information about a target before launching an attack.
It is during this phase that the hacker finds valuable information such as
old passwords, names of important employees.
There are two types of reconnaissance methods that has been used by
hackers are as follows:
Active: Directly interacting with the target to gather information about the
target.
Passive: Trying to collect the information about the target without directly
accessing the target. To this purpose, hacker can use social media, public
websites etc.
8. Scanning
hackers are probably seeking any information that can help them perpetrate attack such as
computer names, IP addresses, and user accounts. In fact, hacker identifies a quick way to
gain access to the network and look for information.
This phase includes usage of tools like dialers, port scanners, network mappers, sweepers,
and vulnerability scanners to scan data.
Basically, at this stage, four types of scans are used:
Pre-attack: Hacker scans the network for specific information based on the information
gathered during reconnaissance.
Port scanning/sniffing: This method includes the use of dialers, port scanners, and other
data-gathering equipment.
Vulnerability Scanning: Scanning the target for weaknesses/vulnerabilities.
Information extraction: In this step, hacker collects information about ports, live machines
and OS details, topology of network, routers, firewalls, and servers.
9. Gaining Access
Once ethical hackers expose vulnerabilities through the process’s first and
second hacking phases, they now attempt to exploit them for administrative
access. The third phase involves attempting to send a malicious payload to the
application through the network, an adjacent sub network, or physically using
a connected computer.
An attacker can gain access various attack such as:
Phishing attacks
Brute force attack
Spoofing attack
Man in the middle attack
Dos attack
Session hijacking
Buffer overflow attacks
10. Maintaining Access
Hacker may just hack the system to show it was vulnerable or he can be so
mischievous that he wants to maintain or persist the connection in the
background without the knowledge of the user.
This can be done using Trojans, Rootkits or other malicious files. The aim is
to maintain the access to the target until he finishes the tasks he planned
to accomplish in that target.
A white-hat hacker continuously exploits the system for further
vulnerabilities and escalates privileges to understand how much control
attackers can gain once they pass security clearance.
11. Covering Tracks
Once a hacker has obtained access, they leave no trace to prevent detection by the security
team.
They execute this by deleting cache and cookies, interfering with log files, and closing all
open ports.
This incorporates some of the steps an ethical hacker uses to cover and eliminate their
footprint.
Deleting/corrupting all logs
Changing the values of logs or registries
Removing all of the folders established by the ethical hacker
Uninstalling all the applications
12. Introduction to Cyber Attacks
Brute force attack
Phishing
Phishing 2
DOS
DDOS
Man in the Middle attacks
SQL Injection
Password attack
Insider Threats