Chapter 1 - Ethical Hacking PDF

CHAPTER 1 ETHICAL HACKING WHAT IS HACKING ? Hacking refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to a system’s resources such as digital devices, such as computers, smartphones, tablets, and even entire networks It involves modifying system or application features to achieve a goal outside of the creator’s original purpose. The motive behind hacking could be to steal critical information or services, for thrill, intellectual challenge, curiosity, experiment, knowledge, financial gain, prestige, power, peer recognition, vengeance and vindictiveness, among other reasons. TYPE OF HACKERS Black hat hackers - intentionally break into systems and steal information or money. White hat hackers - hack devices and systems in order to find potential vulnerabilities legally and then figure out ways of preventing those weaknesses being exploited by releasing updates to the public to patch up system vulnerabilities. Grey hat hackers - using both legal and illegal means to exploit a system by gaining access to a person's system, inform them of the vulnerability they have found, and then provide suggestions on how to improve their security. TYPES OF HACKER ATTACKS Operating OS vulnerabilities and exploit them System attacks Application-level Developers tend to overlook the security element due to attacks datelines OS/application comes with tons of libraries and sample scripts Shrink Wrap code to make things easier for administrator to work around them attacks – mostly are not secure. Misconfiguration Systems are not configured correctly by unskilled administrator. attacks WHAT IS ETHICAL HACKING ? Ethical hacking is the practice of employing computer and network skills in order to assist organizations in testing their network security for possible loopholes and vulnerabilities. It focuses on simulating the techniques used by attackers to verify the existence of exploitable vulnerabilities in a system’s security. Ethical hackers perform security assessments for an organization with the permission of concerned authorities. BENEFIT CONDUCTING ETHICAL HACKING Gaining the Discovering Implementing Defending trust of vulnerabilities Helping a secure national customers from an protect network that security by and investors attacker’s networks with prevents protecting by ensuring POV so that real-world security data from the security of weak points assessments. breaches. terrorists. their products can be fixed. and data. REASONS WHY ORGANIZATIONS RECRUIT ETHICAL HACKERS To prevent hackers from gaining access to the organization’s information systems To uncover vulnerabilities in systems and explore their potential as a risk To analyze and strengthen an organization’s security posture, including policies, network protection infrastructure, and end-user practices To provide adequate preventive measures in order to avoid security breaches To help safeguard the customer data To enhance security awareness at all levels in a business SCOPE & LIMITATION ETHICAL HACKING SCOPE LIMITATION Ethical hacking is a crucial An ethical hacker, thus, can only help component of risk assessment, the organization to better understand auditing, counter fraud, and its security system. information systems security best It is up to the organization to place practice. the right safeguards on the network. It is used to identify risks and highlight remedial actions. It also reduces ICT costs by resolving vulnerabilities COMMON TYPES OF PENETRATION TESTING Network Testing Web Social Application Engineering Testing Testing Mobile Application Cloud Testing Testing PENETRATION TESTING STAGES Phase 1: Footprinting & Reconnaissa nce Phase 5: Phase 2: Analysis and Threat Reporting Modelling Phase 3: Phase 4: Vulnerability Exploitation Analysis PHASE 1: FOOTPRINTING & RECONNAISSANCE What is FOOTPRINTING ? Footprinting is the first step of any attack on information systems in which an attacker collects information about a target network to identify various ways to intrude into the system Types of Footprinting ; PASSIVE ATTACKS ATTIVE ATTACKS Gathering information about Gathering information about the target without direct the target with direct interaction interaction PHASE 1: FOOTPRINTING & RECONNAISSANCE Getting to know the target using passive methods like researching publicly available information and network scanning: Application or URL to be tested Credentials of the application Network hosts to be tested Scoping the pentest: Identify the assets (Hosts, sensitive data, application logic) for the environment. Identify the threats for the environment to be tested. Identify the vulnerabilities to be tested Identify the tools that can be used for testing. INFORMATION GATHERING Information gathering is one of the most time-consuming tasks during the intel-recon process, and that is why time management is so important. Open-Source Intelligence (OSINT) framework focused on gathering information from free tools or resources. Data collection goals: Collecting network data: Such as public, private and associated domain names, network hosts, public and private IP blocks, routing tables, TCP and UDP running services, SSL certificates, open ports and more. Collecting system-related information: This includes user enumeration, system groups, OS hostnames, OS system type (probably by fingerprinting), system banners (as seen in the banner grabbing blog post), etc. INFORMATION GATHERING TOOLS Recon-ng Shodan Maltego Google dorks Social Mapper theHarvester Dmitry Cree.py RECON-NG MALTEGO FOOTPRINTING Footprinting is the process of accumulating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment. An attacker spends 90% of the time in profiling an organization and another 10% in launching the attack (CEHv6, EC-Council) Footprinting is necessary to systematically and methodically ensure that all pieces of information related to the target network are identified. FOOTPRINTING: TOOLS Such as: eMailTrackerPro Whois Website watcher Nslookup Google Earth Neo Trace E-mail Spider SmartWhois Recon-ng Netcraft Photon SecurityTrails SOCIAL ENGINEERING INTRODUCTION: is the art of convincing people to reveal confidential information is the tactic or trick of gaining sensitive information by exploiting the basic human nature such as trust, etc. TYPES (2 CATEGORIES): Human-based: Gathers sensitive information by interaction Attacks of this category exploit trust, fear, and helping nature of humans Computer-Based: Social engineering is carried out with the help of computers SOCIAL ENGINEERING: HUMAN-BASED - EXAMPLES Posing as legitimate end user Shoulder surfing Posing as important user Dumpster diving Posing as technical support Tailgating Eavesdropping or unauthorized Piggybacking listening of conversations or etc reading of messages TAILGATING VISHING SOCIAL ENGINEERING: COMPUTER BASED - EXAMPLES Mail / IM attachments Social Media Pop-up Windows Phishing Websites Etc. Spam email PHISHING SOCIAL MEDIA PHASE 2: THREAT MODELLING A description or model of all the security concerns and why they should be resolved. Assess the Risk caused by the vulnerability and recommend remediation measures to fix the vulnerability. Risk assessment helps to set priority for remediating each security issue. To prevent threats from taking advantage of system flaws, administrators can use threat-modeling methods to inform defensive measures STEPS FOR THREAT MODELLING Decompose the application or infrastructure Determine the threats Determine countermeasures and mitigations Rank the threats THREAT MODELLING STRIDE Hybrid Threat Modeling Method PASTA (hTMM) LINDDUN Quantitative Threat Modeling Method CVSS Trike Attack Trees VAST Modeling NIST threat modeling OCTAVE DREAD Source: 1. https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html 2. https://www.csoonline.com/article/3537370/threat-modeling-explained-a-process-for-anticipating- cyber-attacks.html PHASE 3: VULNERABILITY ANALYSIS Identifying vulnerabilities and determining their severity. Use the techniques for identifying the vulnerabilities and test the environment for these vulnerabilities. VULNERABILITY ANALYSIS TOOLS Netsparker Aircrack Acunetix Nessus Professional OpenVAS OWASP Zed Attack Proxy Nikto Nessus Tripwire IP360 NMap Wireshark NESSUS PHASE 4: EXPLOITATION Gaining access by breaching security of a system or finding a bug to exploit in the software. The main focus is to identify the main entry point into the organization and to identify high value target assets. If the vulnerability analysis phase was properly completed, a high value target list should have been complied. The attack vector should take into consideration the success probability and highest impact on the organization. TYPES OF EXPLOITATION Evasion Tailored Exploits Precision Strike Exploit Customization Customized Exploitation Zero-Day Angle Avenue ZERO-DAY EXPLOITS PHASE 5: ANALYSIS & REPORTING Document the methods used to gain access to the organization’s valuable information. Able to determine the value of the compromised systems and any value associated with the sensitive data captured. Give penetration testing recommendations and clean up the environment. Cleanup activites: Removing any executables, scripts, and temporary files from compromised systems Reconfiguring settings back to the original parameters prior to the pentest Eliminating any rootkits installed in the environment Removing any user accounts created to connect to the compromised system IMPORTANCE OF REPORTING Reporting is often regarded as the most critical aspect of a pentest. Pentester will write recommendations and the opportunity to review the findings. The findings and detailed explanations from the report will offer company insights and opportunities to significantly improve their security posture. The report should show exactly how entry points were discovered from the OSINT and Threat Modeling phase as well as how the company can remediate the security issues found during the Exploitation phase.

Chapter 1 - Ethical Hacking PDF

Document Details

Tags

Related

Summary

Full Transcript