3. Objective
Objective of this session is to give a starting point to people like me who want
to explore the world of Offensive Security.
This session is not for people who just want to learn hacking (aka Black Hat
hacking)
4. Topics
● Different types of hacking
● Concepts of Ethical Hacking
● Why we should not skip the basic
○ phased approach to hacking
● Prerequisites to be an effective
hacker
○ not just script kiddie
9. Script Kiddie
Script Kiddies normally don’t care about hacking. They copy code and
use it for. Script Kiddies will never hack for themselves; they’ll just
download overused software (ex: Metasploit) and watch a YouTube
video on how to use it. A common Script Kiddie attack is DoSing or
DDoSing (Denial of Service and Distributed Denial of Service), in which
they flood an IP with so much information it collapses under the strain.
10. White Hat
Also known as ethical hackers, White Hat hackers are the good guys of
the hacker world. They’ll help you remove a virus or PenTest a
company. Find vulnerable spots in your infrastructure and help fix them.
The most popular certification white hat hackers obtain is the OSCP
(Offensive Security Certified Professional).
11. Black Hat
Also known as crackers, these are the men and women you hear about
in the news. They find banks or other companies with weak security
and steal money or credit card information. The surprising truth about
their methods of attack is that they often use common hacking
practices they learned early on.
12. Gray Hat
Nothing is ever just black or white; the same is true in the world of
hacking. Gray Hat hackers don’t steal money or information (although,
sometimes they deface a website or two), yet they don’t help people for
good (but, they could if they wanted to). These hackers comprise most
of the hacking world, even though Black Hat hackers garner most (if not
all) of the media’s attention.
13. Green Hat
These are the hacker “n00bz,” but unlike Script Kiddies, they care
about hacking and strive to become full-blown hackers. They’re often
flamed by the hacker community for asking many basic questions.
When their questions are answered, they’ll listen with the intent and
curiosity of a child listening to family stories.
14. Red Hat
These are the vigilantes of the hacker world. They’re like White Hats in
that they halt Black Hats, but these folks are downright SCARY to those
who have ever tried so much as PenTest. Instead of reporting the
malicious hacker, they shut him/her down by uploading viruses, DoSing
and accessing his/her computer to destroy it from the inside out. They
leverage multiple aggressive methods that might force a cracker to
need a new computer.
15. Blue Hat
If a Script Kiddie took revenge, he/she might become a Blue Hat. Blue
Hat hackers will seek vengeance on those who’ve them angry. Most
Blue Hats are n00bz, but like the Script Kiddies, they have no desire to
learn.
17. Concepts of Ethical Hacking
● Phase of Pentesting
● Footprinting
● Scanning
● Enumeration
● System Hacking
● Trojans
● Viruses and Worms
● Sniffing Traffic
● Social engineering
● Denial of service
18. Phase of Pentesting
PenTest, like forensics, is almost as much an art as it is a science –
you can only be taught so far, technical techniques and tools are all
very well, but you really need a mind that can think sideways and
approach a task from as many angles as possible.
19. Footprinting
Tools and tricks to get the information about the computer, IP and mac
address, related user and system.
20. Scanning
Before starting the pentesting, pentester must have some information
about network and system. So pentester scans the entire network with
some tool like Nmap, Zenmap, ping and hping etc.
21. Enumeration
During the enumeration phase, possible entry points into the tested
systems are identified. The information collected during the
reconnaissance phase is put to use.
22. System Hacking
System hacking is getting into system without credentials and not only
bypass the credentials but also you can work in system as root user by
privilege escalation.
23. Trojans
It is a generally non-self-replicating type of malware program containing
malicious code. A Trojan often acts as a backdoor, contacting a
controller which can then have unauthorized access to the affected
computer. While Trojans and backdoors are not easily detectable by
themselves, computers may appear to run slower due to heavy
processor or network usage.
24. Viruses and Worms
A computer virus attaches itself to a program or file enabling it to
spread from one computer to another, leaving infections. A worm is its
capability to replicate itself on your system, so rather than your
computer sending out a single worm, it could send out hundreds or
thousands of copies of itself, creating a huge devastating effect.
25. Sniffing Traffic
It is a program that monitors and analyzes network traffic, detecting and
finding problems. Various technique and tool is used for sniffing like kali
linux MITM attack, tshark, ZAP, urlsnarf etc.
26. Social engineering
In this technique, ethical hacker create the phishing page of website to
obtain credential of users.
27. Denial of service
A DoS attack generally consists of efforts to temporarily interrupt or
suspend or down the services of a host connected to the Internet.
30. Phase 1 | Reconnaissance
Reconnaissance is the act of gathering preliminary data or intelligence
on your target. The data is gathered in order to better plan for your
attack. Reconnaissance can be performed actively (meaning that you
are directly touching the target) or passively (meaning that your recon
is being performed through an intermediary).
31. Phase 2 | Scanning
The phase of scanning requires the application of technical tools to
gather further intelligence on your target, but in this case, the intel
being sought is more commonly about the systems that they have in
place. A good example would be the use of a vulnerability scanner on a
target network (ex: nessus, nmap, etc).
32. Phase 3 | Gaining Access
Phase 3 gaining access requires taking control of one or more network
devices in order to either extract data from the target, or to use that
device to then launch attacks on other targets. This can be done using
tools or manually by exploiting vulnerabilities of tools discovered in
scanning phase.
33. Phase 4 | Maintaining Access
Maintaining access requires taking the steps involved in being able to
be persistently within the target environment in order to gather as much
data as possible. The attacker must remain stealthy in this phase, so as
to not get caught while using the host environment.
34. Phase 5 | Covering Tracks / Reporting
The final phase is different for different type of hackers. For white hat
hackers reporting is crucial, as that will help in defencive security later.
For black hat hackers covering tracks is required and simply means
that the attacker must take the steps necessary to remove all
semblance of detection.
35. Phase Important | Documentation
One important aspect of information gathering is documentation. Most
people don't like paperwork, but it's a requirement that can't be ignored.
The best way to get off to a good start is to develop a systematic
method to profile a target and record the results. Create a matrix with
fields to record domain name, IP address, DNS servers, employee
information, email addresses, IP address range, open ports, and
banner details. These details will help you in every phase of hacking.