Ethical Hacking (lect 1-2)

Questions and Answers

penetration tester

a penetration tester or a pentester is a white hat hacker employed to do a penetration test. It involves surveying, assessing and testing the security of a given organisation by using the same tools and techniques that a malicious hacker would use.

Penetration testing methodology

1. a pentester and a client should meet and discuss the objectives and scope of the test.
2. Choosing the type of test. Black-box testing, Grey-Box testing, White-Box Testing.
3. Gaining permission via a contract.
4. perform the penetration test.
5. create a risk mitigation plan.
6. Cleaning up all the changes made during the test.

Process of Penetration Testing

Information (Intelligence) Gathering: Gather information about a target before performing active attacks. Scanning: Based on the information gathered, target the attack much more precisely Exploitation: Following enumeration, execute the attack Covering tracks: Make all attempts to remove evidence of being in a system Maintaining Access: Plant backdoors or other means to leave something behind

Types of information to be gathered

Information to be gathered technical information: operating system, network and applications, IP addresses and or IP address ranges, and device information. Additionally, information regarding webcams, alarm systems, mobile devices and etc. Administrative information: Organisational structure, corporate policies, hiring procedures, details of employees, phone directories, vendor information, and etc. Physical details: Data about location and facility.

Information gathering methods

Passive: Methods that do not engage the target. Active: Methods that do engage the target by, for example, making phone calls to the company, help desk, employees and/or other personnel. Open Source Intelligence (OSINT) gathering: Gathering information from those sources that are typically publicly available and open. A kind of passive information gathering method. The least aggressive method.

DNS hierarchy

hierarchy is like a family tree. At the top, you have the highest level, and as you go down, you get more specific. In DNS, the hierarchy starts with the root level (like the "."), then moves down to top-level domains (like .com, .org), and then to more specific domains (like example.com), and finally to subdomains (like www.example.com).

three classes of DNS servers

root DNS servers: help in directing queries to the appropriate TLD servers. There are 13 root DNS server clusters, named with letters from A to M, which are operated by various organizations worldwide. Top-Level Domain (TLD) servers: .com, .org, .net, .edu, gov, au, uk, ca, kr, jp and etc. Authoritative DNS servers: Authoritative DNS servers are like the official record keepers for domain names (like google.com). They hold the correct information about which IP addresses correspond to which domain names.

DNS scenario

a user makes a query by entering the url or clicking a link. The browser then sends that DNS query to the DNS resolver(local DNS server). The DLS resolver queries the root servers to get a list of IP address for TLD servers responsible for .com. The DNS resolver then queries one of those TLD servers to get the IP address of the authoritative DNS server for amazon. The DNS resolver queries the authoritative DNS server to get the IP address of www.amazon.com, which is 130.130.213.213.