Ethical Hacking Fundamentals PDF

Summary

This document discusses ethical hacking fundamentals, including the cyber kill chain methodology, adversary behavior identification, and different types of hackers. It also covers the reasons for ethical hacking, scope and limitations, and tools used in reconnaissance.

Full Transcript

Understand Cyber Kill Chain Methodology
=======================================

Cyber Kill Chain Methodology
----------------------------

The **cyber kill chain** is a method used to [identify and prevent
cyber-attacks].

- **Reconnaissance**: [Gather data] on the target

- **Weaponization**: Create a [deliverable malicious
payload] (полезная нагрузка)

- **Delivery**: [Send] weaponized bundle (пакет) to the
victim

- **Exploitation**: [Exploit a vulnerability] by executing
code on the victim's system

- **Installation**: [Install malware] on the target system

- **Command and Control**: [Create a command-and-control
channel] to communicate

- **Actions on Objectives**: [Perform actions] to achieve
objectives/goals

Tactics, Techniques, and Procedures (TTPs)
------------------------------------------

**Tactics** -- guidelines for [how an attacker performs the
attack] from beginning to the end.

**Techniques** -- [technical methods] used by an attacker

**Procedures** - [organizational approaches] followed by
attackers to launch an attack

Adversary Behavioral Identification
-----------------------------------

**Adversary** (враг) **behavioral identification** involves the
[identification of the common methods or techniques]
followed by an adversary to launch attacks on or to penetrate an
organization's network

It gives the security professionals [insight] (понимание)
into upcoming [ ] (предстоящих) threats and exploits

*Adversary Behaviors*:

- - Internal Reconnaissance

- Use of PowerShell

- Unspecified Proxy Activities

- Use of Command-Line Interface

- HTTP User Agent

- Command and Control Server

- Use of DNS Tunneling

- Use of Web Shell

- Data Staging (инсценировка)

Indicators of Compromise (IoCs)
-------------------------------

**Indicators of Compromise (IoCs)** are the [clues],
[artifacts], and [pieces of forensic data] that
indicate a potential intrusion or malicious activity in the
organization's infrastructure.

Security professionals need to perform [continuous
monitoring] of IoCs.

Categories of Indicators of Compromise
--------------------------------------

**Email Indicators**:

- Used to send malicious data to the target organization or individual

- Examples: sender's email address, email subject, and attachments or
links

**Network Indicators**:

- Useful for command and control, malware delivery, identifying the
operating system, and other tasks

- Examples: URLs, domain names, and IP addresses

**Host-Based Indicators**:

- Found by performing an analysis of the infected system within the
organizational network

- Examples: filenames, file hashes, registry keys, DLLs, and mutex

**Behavioral Indicators**:

- Used to identify specific behavior related to malicious activities

- Examples: document executing PowerShell script, and remote command
execution

Discuss Hacking Concepts and Hacker Classes
===========================================

What is Hacking?
----------------

- [Exploiting system vulnerabilities] and [compromising
security controls] to gain unauthorized or inappropriate
access

- [Modifying system or application features] to achieve a
goal outside of the creator's original purpose

- [Steal and redistribute] (перераспределять)
[intellectual property], leading to business loss

Who is a Hacker?
----------------

- An intelligent individual with [excellent computer
skills] who can create and explore computer software and
hardware

- Person with [hobby] to see how many computers or
networks they can compromise

- Some to gain knowledge or to probe (исследовать) and do [illegal
things]

- Some hack with [malicious intent] (намерение)

Hacker Classes/Threat Actors
----------------------------

**Black Hats** have excellent computing skills; they resort (прибегать)
to [malicious or destructive activities] and are also known
as *crackers*

**White Hats** use their professed hacking skills for [defensive
purposes] and are also known as *security analysts*

**Gray Hats** work both [offensively] (наступательно) and
[defensively] at various times

**Suicide Hackers** are [not worried] about facing jail
(тюрьма) terms or any other kind of punishment

**Script Kiddies** -- [unskilled] hacker, use tools that
were developed by real hackers

**Cyber Terrorists** are motivated by [religious or political
beliefs] to create the fear through the large-scale
disruption (сбой) of computer networks

**State-Sponsored Hackers** -- [employed by the government]
to penetrate and gain information from, and damage the information
systems of other governments

**Hacktivist** promote a [political agenda] by hacking

**Hacker Teams** -- [consortium of skilled hackers] having
their own resources and funding (финансирование)

**Industrial Spies** perform [corporate espionage] and focus
on stealing information

**Insider** has privileged access to critical assets of an organization

**Criminal Syndicates** -- groups of individuals that are involved in
organized, planned, and [prolonged] (длительный) [criminal
activities]

**Organized Hackers** -- miscreants or hardened criminals who use rented
devices or botnets to perform various cyber-attacks to steal money from
victims

Understand Different Phases of Hacking Cycle
============================================

Hacking Phase: Reconnaissance
-----------------------------

**Reconnaissance** -- preparatory phase where an attacker [gathers
information about a target] prior to (до) launching an
attack.

*Reconnaissance Types*:

- **Passive** Reconnaissance -- [without directly
interacting] with the target. For example, searching
public records or news releases.

- **Active** Reconnaissance -- [directly interacting] with
the target by any means. For example, telephone calls to the
target's help desk or technical department.

Hacking Phase: Scanning
-----------------------

**Scanning** -- pre-attack phase when the attacker [scans the
network] for specific information based on information
gathered during reconnaissance.

Use of dialers (номеронабиратели), [port scanners], network
mappers, ping tools, and vulnerability scanners.

Attackers extract information such as [live machines],
[port], [port status], [OS details],
[device type], and [system uptime] (время
безотказной работы).

Hacking Phase: Gaining Access
-----------------------------

**Gaining Access** is the phase in hacking where the attacker [breaks
into the target\'s] operating system or applications.

This can happen at the [operating system],
[application], or [network levels].

The attacker can [escalate] (повысить)
[privileges] to obtain complete control of the system.

Examples include [password cracking], buffer overflows,
denial of service, and [session hijacking].

Hacking Phase: Maintaining Access
---------------------------------

**Maintaining access** -- phase when the attacker tries to
[retain] (удерживать) [their] [ownership of the
system].

Tools like [backdoors], [rootkits], or
[Trojans] to secure exclusive access.

Attackers can upload, download, or [manipulate data] and use
the system to launch further (дальнейший) attacks.

Hacking Phase: Clearing Tracks
------------------------------

**Clearing tracks** -- activities performed by an attacker to [hide
malicious acts]

Their goal is to [continue access], stay unnoticed, and
delete evidence (доказательства) that could lead to their prosecution
(судебное преследование).

The attacker overwrites the server, system, and application logs to
avoid suspicion (подозрение).

Discuss Ethical Hacking Concepts, Scope, and Limitations
========================================================

What is Ethical Hacking?
------------------------

**Ethical hacking** [identifies vulnerabilities] and ensure
system security.

They simulate attacks to [verify the existence of
vulnerabilities] with the [permission].

Why Ethical Hacking is Necessary
--------------------------------

Ethical hacking is essential because it helps organizations think like
malicious hackers to defend against potential attacks.

*Reasons for recruiting ethical hackers include:*

- [Preventing unauthorized access] to information systems

- Identifying and addressing system [vulnerabilities]

- [Strengthening] (укрепление) the organization's overall
[security]

- Implementing preventive measures to [avoid breaches]
(нарушения)

- Protecting customer [data]

- Enhancing security [awareness] across the organization

*Ethical Hackers Try to Answer the Following Questions:*

1. What can an intruder [see on the target system]?
(Reconnaissance and Scanning phases)

2. What can an intruder [do with that information]?
(Gaining Access and Maintaining Access phases)

3. Does anyone at the target organization [notice the intruders'
attempts or successes]? (Reconnaissance and Covering
Tracks phases)

4. Are all components of the information system adequately [protected,
updated, and patched]?

5. How much [time, effort, and money] are required to
obtain adequate protection?

6. Are the information security measures in compliance with [legal and
industry standards]?

Scope and Limitations of Ethical Hacking
----------------------------------------

**Scope**:

- Ethical hacking is vital (жизненно важный) for [risk
assessment], [auditing],
[counter-fraud] (борьба с мошенничеством), and
information systems security.

- It [identifies risks], suggests [remedial
actions], and reduces ICT costs by fixing
vulnerabilities.

**Limitations**:

- [If the organization doesn\'t know its goals] for hiring
an ethical hacker, the benefits may be limited.

- Ethical hackers provide insights, but it\'s up to the [organization
to implement the necessary safeguards].

Skills of an Ethical Hacker
---------------------------

**Technical Skills:**

- Knowledge of major [operating systems]

- Knowledge of [networking], technology, hardware and
software

- [Computer expert]

- Knowledge in [security areas]

- Knowledge for launching sophisticated (утонченный)
[attacks]

**Non-Technical Skills:**

- Quick [learner]

- Strong [ethics], problem-solving, and
[communication]

- Committed (привержен) to [security policies]

- Aware of local [laws]

Ethical Hacking Tools
=====================

Reconnaissance Using Advanced Google Hacking Techniques
-------------------------------------------------------

Google Hacking involves using **advanced search operators** to create
[complex queries] that extract sensitive or hidden
information, helping attackers identify vulnerable targets.

Reconnaissance Tools
--------------------

- **Web Data Extractor**: targeted contact data, URL and meta tags, so
on.

- IMCP Traceroute

- TCP Traceroute

- UDP Traceroute

Scanning Tools
--------------

- **Nmap**: live host, open ports, services (apps and version), types
of packet filters/firewalls, OS and version.

- **MegaPing**: Comprehensive Security Scanner, Port scanner (TCP and
UDP ports), IP scanner, NetBIOS scanner, and Share Scanner

- **Unicornscan**: OS by observing the TTL values in scan result.

Enumeration Tools
-----------------

- **Nbtstat Utility**: displays NetBIOS over [TCP/IP protocol
statistics], local and remote [NetBIOS name
tables], and the [name cache].

- **NetBIOS Enumerator**: enumerate details, such as [NetBIOS
names], [usernames], [domain
names], [MAC address] for given range of IP
addresses.

- Global Network Inventory

- Advanced IP Scanner

- Hyena

- Nsauditor Network Security Auditor