Hacking Phases and Techniques

Questions and Answers

What is the primary goal of the reconnaissance phase in an attack?

• To gather information about the target (correct)
• To maintain access to the system
• To exploit the system
• To scan the network for open ports

What type of attack involves modifying the source address of packets to bypass firewall rules?

• Buffer overflow attack
• Spoof attack (correct)
• HiJack attack
• Phishing attack

What is the term for the ability to influence the behavior of a group of people?

• Social engineering (correct)
• Spoofing
• HiJacking
• Phishing

What type of attack involves sending more data to an application than is expected?

Buffer overflow attack (A)

Which type of attack involves creating a fake web page to persuade users to enter sensitive information?

Phishing attack (A)

What type of attack involves taking over a session between two individuals?

HiJack attack (A)

Who is typically involved in an insider attack?

A disgruntled employee (B)

What is the goal of the maintaining access phase in an attack?

To retain ownership of the system (A)

What is the goal of a password attack?

To gain administrative access to the system (D)

What is a Trojan Horse?

A program with hidden side-effects, allowing indirect access (A)

What is the primary goal of a ransomware attack?

To lock or encrypt data, demanding a ransom in return (D)

What is a zombie in the context of cyber security?

A program that secretly takes over another networked computer (C)

What is the primary difference between a virus and a worm?

A virus requires user interaction, while a worm does not (D)

What is the goal of a denial of service (DoS) attack?

To crash the system and consume resources (A)

What is a common use of zombie computers?

To launch a distributed denial of service attack (A)

What is a major issue with permanently connected systems?

Lack of security against denial of service attacks (B)

Study Notes

Reconnaissance and Scanning

• Attacker gathers information about a target to launch an attack
• Scan for open ports, operating systems, applications, and services

Gaining Access

• Hacker exploits the system to gain unauthorized access
• Hacker may use social engineering tactics to trick users

Maintaining Access and Covering Tracks

• Hacker tries to retain access to the system
• May harden the system against other hackers
• Hacker covers tracks to remain undetected for a long time

Social Engineering Attacks

• Phishing: fake web page to steal sensitive information (username, password, credit cards)
• Hijack attack: hacker takes over a session and disconnects the other individual
• Insider attack: involves a disgruntled employee attacking the network
• Spoof attack: hacker modifies source address to bypass firewall rules

Types of Attacks

• Buffer overflow attack: sends more data than expected, gaining administrative access
• Password attack: tries to crack passwords stored in a network account database
• Dictionary attack: uses a list of words to crack passwords
• Brute-force attack: tries all possible combinations to crack passwords
• Hybrid attack: combination of dictionary and brute-force attacks

Malware and Viruses

• Backdoor or trapdoor: secret entry point into a program, often used by developers
• Trojan horse: program with hidden side-effects, allows attackers to indirectly gain access
• Virus: malicious software attached to another program, propagates itself and carries a payload
• Worms: replicating malware that spreads over a network, often used to create zombie PCs
• Zombie: program that secretly takes over another networked computer, used to launch distributed denial of service (DDoS) attacks

Ransomware and Denial of Service Attacks

• Ransomware: malware that locks a computer or encrypts data, demands a ransom to restore access
• DoS attack: denies service to users by consuming host resources (memory, processor cycles) and network resources (bandwidth)

Description

Learn about the different phases of hacking, including reconnaissance, scanning, gaining access, maintaining access, and covering tracks. Understand the tactics and techniques used by hackers to compromise a system.