Ethical Hacking Fundamentals PDF
Document Details
Uploaded by LyricalDwarf
Tags
Summary
This document discusses ethical hacking fundamentals, including the cyber kill chain methodology, adversary behavior identification, and different types of hackers. It also covers the reasons for ethical hacking, scope and limitations, and tools used in reconnaissance.
Full Transcript
Understand Cyber Kill Chain Methodology ======================================= Cyber Kill Chain Methodology ---------------------------- The **cyber kill chain** is a method used to [identify and prevent cyber-attacks]. - **Reconnaissance**: [Gather data] on the target - **Weaponization**:...
Understand Cyber Kill Chain Methodology ======================================= Cyber Kill Chain Methodology ---------------------------- The **cyber kill chain** is a method used to [identify and prevent cyber-attacks]. - **Reconnaissance**: [Gather data] on the target - **Weaponization**: Create a [deliverable malicious payload] (полезная нагрузка) - **Delivery**: [Send] weaponized bundle (пакет) to the victim - **Exploitation**: [Exploit a vulnerability] by executing code on the victim's system - **Installation**: [Install malware] on the target system - **Command and Control**: [Create a command-and-control channel] to communicate - **Actions on Objectives**: [Perform actions] to achieve objectives/goals Tactics, Techniques, and Procedures (TTPs) ------------------------------------------ **Tactics** -- guidelines for [how an attacker performs the attack] from beginning to the end. **Techniques** -- [technical methods] used by an attacker **Procedures** - [organizational approaches] followed by attackers to launch an attack Adversary Behavioral Identification ----------------------------------- **Adversary** (враг) **behavioral identification** involves the [identification of the common methods or techniques] followed by an adversary to launch attacks on or to penetrate an organization's network It gives the security professionals [insight] (понимание) into upcoming [ ] (предстоящих) threats and exploits *Adversary Behaviors*: - - Internal Reconnaissance - Use of PowerShell - Unspecified Proxy Activities - Use of Command-Line Interface - HTTP User Agent - Command and Control Server - Use of DNS Tunneling - Use of Web Shell - Data Staging (инсценировка) Indicators of Compromise (IoCs) ------------------------------- **Indicators of Compromise (IoCs)** are the [clues], [artifacts], and [pieces of forensic data] that indicate a potential intrusion or malicious activity in the organization's infrastructure. Security professionals need to perform [continuous monitoring] of IoCs. Categories of Indicators of Compromise -------------------------------------- **Email Indicators**: - Used to send malicious data to the target organization or individual - Examples: sender's email address, email subject, and attachments or links **Network Indicators**: - Useful for command and control, malware delivery, identifying the operating system, and other tasks - Examples: URLs, domain names, and IP addresses **Host-Based Indicators**: - Found by performing an analysis of the infected system within the organizational network - Examples: filenames, file hashes, registry keys, DLLs, and mutex **Behavioral Indicators**: - Used to identify specific behavior related to malicious activities - Examples: document executing PowerShell script, and remote command execution Discuss Hacking Concepts and Hacker Classes =========================================== What is Hacking? ---------------- - [Exploiting system vulnerabilities] and [compromising security controls] to gain unauthorized or inappropriate access - [Modifying system or application features] to achieve a goal outside of the creator's original purpose - [Steal and redistribute] (перераспределять) [intellectual property], leading to business loss Who is a Hacker? ---------------- - An intelligent individual with [excellent computer skills] who can create and explore computer software and hardware - Person with [hobby] to see how many computers or networks they can compromise - Some to gain knowledge or to probe (исследовать) and do [illegal things] - Some hack with [malicious intent] (намерение) Hacker Classes/Threat Actors ---------------------------- **Black Hats** have excellent computing skills; they resort (прибегать) to [malicious or destructive activities] and are also known as *crackers* **White Hats** use their professed hacking skills for [defensive purposes] and are also known as *security analysts* **Gray Hats** work both [offensively] (наступательно) and [defensively] at various times **Suicide Hackers** are [not worried] about facing jail (тюрьма) terms or any other kind of punishment **Script Kiddies** -- [unskilled] hacker, use tools that were developed by real hackers **Cyber Terrorists** are motivated by [religious or political beliefs] to create the fear through the large-scale disruption (сбой) of computer networks **State-Sponsored Hackers** -- [employed by the government] to penetrate and gain information from, and damage the information systems of other governments **Hacktivist** promote a [political agenda] by hacking **Hacker Teams** -- [consortium of skilled hackers] having their own resources and funding (финансирование) **Industrial Spies** perform [corporate espionage] and focus on stealing information **Insider** has privileged access to critical assets of an organization **Criminal Syndicates** -- groups of individuals that are involved in organized, planned, and [prolonged] (длительный) [criminal activities] **Organized Hackers** -- miscreants or hardened criminals who use rented devices or botnets to perform various cyber-attacks to steal money from victims Understand Different Phases of Hacking Cycle ============================================ Hacking Phase: Reconnaissance ----------------------------- **Reconnaissance** -- preparatory phase where an attacker [gathers information about a target] prior to (до) launching an attack. *Reconnaissance Types*: - **Passive** Reconnaissance -- [without directly interacting] with the target. For example, searching public records or news releases. - **Active** Reconnaissance -- [directly interacting] with the target by any means. For example, telephone calls to the target's help desk or technical department. Hacking Phase: Scanning ----------------------- **Scanning** -- pre-attack phase when the attacker [scans the network] for specific information based on information gathered during reconnaissance. Use of dialers (номеронабиратели), [port scanners], network mappers, ping tools, and vulnerability scanners. Attackers extract information such as [live machines], [port], [port status], [OS details], [device type], and [system uptime] (время безотказной работы). Hacking Phase: Gaining Access ----------------------------- **Gaining Access** is the phase in hacking where the attacker [breaks into the target\'s] operating system or applications. This can happen at the [operating system], [application], or [network levels]. The attacker can [escalate] (повысить) [privileges] to obtain complete control of the system. Examples include [password cracking], buffer overflows, denial of service, and [session hijacking]. Hacking Phase: Maintaining Access --------------------------------- **Maintaining access** -- phase when the attacker tries to [retain] (удерживать) [their] [ownership of the system]. Tools like [backdoors], [rootkits], or [Trojans] to secure exclusive access. Attackers can upload, download, or [manipulate data] and use the system to launch further (дальнейший) attacks. Hacking Phase: Clearing Tracks ------------------------------ **Clearing tracks** -- activities performed by an attacker to [hide malicious acts] Their goal is to [continue access], stay unnoticed, and delete evidence (доказательства) that could lead to their prosecution (судебное преследование). The attacker overwrites the server, system, and application logs to avoid suspicion (подозрение). Discuss Ethical Hacking Concepts, Scope, and Limitations ======================================================== What is Ethical Hacking? ------------------------ **Ethical hacking** [identifies vulnerabilities] and ensure system security. They simulate attacks to [verify the existence of vulnerabilities] with the [permission]. Why Ethical Hacking is Necessary -------------------------------- Ethical hacking is essential because it helps organizations think like malicious hackers to defend against potential attacks. *Reasons for recruiting ethical hackers include:* - [Preventing unauthorized access] to information systems - Identifying and addressing system [vulnerabilities] - [Strengthening] (укрепление) the organization's overall [security] - Implementing preventive measures to [avoid breaches] (нарушения) - Protecting customer [data] - Enhancing security [awareness] across the organization *Ethical Hackers Try to Answer the Following Questions:* 1. What can an intruder [see on the target system]? (Reconnaissance and Scanning phases) 2. What can an intruder [do with that information]? (Gaining Access and Maintaining Access phases) 3. Does anyone at the target organization [notice the intruders' attempts or successes]? (Reconnaissance and Covering Tracks phases) 4. Are all components of the information system adequately [protected, updated, and patched]? 5. How much [time, effort, and money] are required to obtain adequate protection? 6. Are the information security measures in compliance with [legal and industry standards]? Scope and Limitations of Ethical Hacking ---------------------------------------- **Scope**: - Ethical hacking is vital (жизненно важный) for [risk assessment], [auditing], [counter-fraud] (борьба с мошенничеством), and information systems security. - It [identifies risks], suggests [remedial actions], and reduces ICT costs by fixing vulnerabilities. **Limitations**: - [If the organization doesn\'t know its goals] for hiring an ethical hacker, the benefits may be limited. - Ethical hackers provide insights, but it\'s up to the [organization to implement the necessary safeguards]. Skills of an Ethical Hacker --------------------------- **Technical Skills:** - Knowledge of major [operating systems] - Knowledge of [networking], technology, hardware and software - [Computer expert] - Knowledge in [security areas] - Knowledge for launching sophisticated (утонченный) [attacks] **Non-Technical Skills:** - Quick [learner] - Strong [ethics], problem-solving, and [communication] - Committed (привержен) to [security policies] - Aware of local [laws] Ethical Hacking Tools ===================== Reconnaissance Using Advanced Google Hacking Techniques ------------------------------------------------------- Google Hacking involves using **advanced search operators** to create [complex queries] that extract sensitive or hidden information, helping attackers identify vulnerable targets. Reconnaissance Tools -------------------- - **Web Data Extractor**: targeted contact data, URL and meta tags, so on. - IMCP Traceroute - TCP Traceroute - UDP Traceroute Scanning Tools -------------- - **Nmap**: live host, open ports, services (apps and version), types of packet filters/firewalls, OS and version. - **MegaPing**: Comprehensive Security Scanner, Port scanner (TCP and UDP ports), IP scanner, NetBIOS scanner, and Share Scanner - **Unicornscan**: OS by observing the TTL values in scan result. Enumeration Tools ----------------- - **Nbtstat Utility**: displays NetBIOS over [TCP/IP protocol statistics], local and remote [NetBIOS name tables], and the [name cache]. - **NetBIOS Enumerator**: enumerate details, such as [NetBIOS names], [usernames], [domain names], [MAC address] for given range of IP addresses. - Global Network Inventory - Advanced IP Scanner - Hyena - Nsauditor Network Security Auditor