ETHICAL HACKING

Introduction to Ethical Hacking

What is Ethical Hacking?

Ethical hacking refers to the practice of testing computer systems, networks and web apps in order to discover vulnerabilities an attacker could exploit.

As opposed to malicious hackers who seek only to breach security by exploiting vulnerabilities that they find, ethical hackers employ their skills for good by providing recommendations on how best to remedy vulnerabilities identified during such evaluation.

 

 

Why Is Ethical Hacking Crucial?

Ethical hacking can provide organisations with an invaluable service: the opportunity to identify and fix vulnerabilities before malicious attackers exploit them, which often proves far less costly than reacting after security incidents have already taken place.
Additionally, regulatory standards and laws often mandate certain organisations to perform periodic penetration testing and vulnerability analyses in order to safeguard sensitive information. By regularly testing for vulnerabilities in their environment and taking necessary measures for protection, organisations can ensure they are protecting sensitive data properly.

Who is an Ethical Hacker?

An ethical hacker is defined as any professional trained in hacking techniques and methodologies who uses that expertise to assist organisations and systems owners secure them more effectively and safely.

Ethical hackers should always secure written authorization before conducting any testing of networks and systems for vulnerabilities or potential security risks.

 

Ethical Hacking Methodology

The methodology of ethical hacking typically involves the following steps:

1. Step 1: Planning and reconnaissance: Define the scope of the test and gather information about the target system.
2. Step 2: Scanning: Use various tools to understand how the target system responds to different intrusions.
3. Step 3: Gaining Access: Attempt to exploit vulnerabilities in the system, often using the same methods that a malicious hacker would use.
4. Step 4: Maintaining Access: Test whether the vulnerability can be used to achieve persistent access to the exploited system, simulating an advanced persistent threat.
5. Step 5: Covering Tracks: Attempt to remove any evidence of the testing process, further mimicking the actions of a malicious hacker.
6. Step 6: Analysis and Reporting: Analyse the results of the test and provide a report detailing the vulnerabilities found, the successful exploits, and recommendations for mitigation.

 

Reconnaissance and Footprinting Techniques

What is Reconnaissance/Footprinting?

Reconnaissance or footprinting is the initial phase in which an ethical hacker gathers as much information on a target system to understand how it functions, what defences exist against potential vulnerabilities, and identify possible targets of attack.
Hackers gather information in the early stages of hacking in order to devise strategies for accessing systems later. However, at this point they're simply collecting intelligence; not actively working against an attempt at breaking into it.

Goals of Reconnaissance

The key goals of this phase include:

• Understanding the target system and its activity.
• Mapping out network and system infrastructure.
• Identifying potential system vulnerabilities.
• Planning the next steps based on the gathered information.

 

Techniques Used in Reconnaissance/Footprinting

1. Search Engines: Search engines provide hackers with powerful tools for gathering intelligence about a target. Utilising advanced features of these search engines, hackers may use advanced searches to target specific types of information that are important.
2. WHOIS and DNS Databases: WHOIS databases offer information regarding who owns each domain name registered under it while DNS databases offer additional details, including its server's IP addresses.
3. Network Enumeration: This involves identifying the domain names and associated networks related to an organisation.
4. Social Engineering: Social engineering involves deceiving others into revealing confidential information. An ethical hacker could call up a company's tech support line pretending to be an employee in need of password help and convincing them into disclosing personal details that will compromise security.
5. Scanning Open Services/Ports: Tools such as Nmap can help identify open ports on a network and can give a glimpse of which services may be running there. This may provide clues into their possible functionality.
6. Observing Patterns: Ethical hackers may also look for patterns in IP addresses, naming conventions, and other visible aspects of a system.

7.     Vulnerability Assessment and Penetration Testing

8.     What is Vulnerability Assessment?

9.     Vulnerability assessment (VA) refers to identifying and quantifying vulnerabilities within an environment or system.

VA may employ both manual and automated techniques in order to locate any possible exploitable holes which could be exploited by attackers; effectively cataloguing weaknesses which might be exploited in order to establish vulnerability profiles of systems or environments.

10.  What Is Penetration Testing (or Pen Testing)

11.  Penetration testing, also referred to as Pen Testing, involves ethical hackers simulating cyber attacks against a system in order to assess potential exploitable vulnerabilities that allow attackers to reduce its information assurance level. In other words, vulnerabilities allow an attacker to reduce security.
While vulnerability assessments look for weaknesses, penetration testing goes further by exploiting those vulnerabilities to assess how much harm they can do.

12.   

13.  VAPT Process and Tools

 

The VAPT process generally involves the following stages:

 

Planning and Defining Scope: As part of planning the test, its first step should be defining its scope and goals, such as which systems it covers or testing methods it employs.

 

Discovery: To identify potential vulnerabilities within target systems and gather relevant information. This step utilises various tools and techniques.

 

Attack: This is the phase where the penetration tester tries to exploit the identified vulnerabilities to understand the extent of potential damage.

 

Reporting: The final phase is reporting, which involves capturing details about the identified vulnerabilities, the successful exploits, and providing recommendations for remediation.

 

Remember, while these tools may automate certain aspects of VAPT, they cannot replace expert analysis and interpretation.

VAPT ToolsProcess and TooVAPT Process and Tools

here are several tools available for conducting VAPT, including but not limited to:

Nessus: Nessus is a popular vulnerability scanner designed to automate vulnerability assessment processes.
OpenVAS: This is an open-source tool used for vulnerability scanning and management.
Metasploit: This is a powerful tool used for developing and executing exploit code against a remote target machine.
Burp Suite: A popular web application security testing tool used for checking web application security.

 

Remember, while these tools may automate certain aspects of VAPT, they cannot replace expert analysis and interpreta

 

Exploitation Techniques/Post-Exploitation Analysis

Exploitation Techniques

Exploitation is where the ethical hacker leverages found vulnerabilities to gain unauthorised access to the target system. 
Here are a few common exploitation techniques:

Buffer Overflow

When programs attempt to store more data in a buffer than it can handle, overwriting adjacent memory and possibly leading to unpredictable program behaviour or memory access errors or the execution of malicious code can occur. This phenomenon is called buffer overflow.

 Injection Attacks

This form of cybercrime involves injecting malicious code directly into a program and processing it afterwards, typically SQL Injection where an attacker attempts to insert his or her SQL commands directly into user inputs that pass directly onto an SQL Server for execution.

 Privilege Escalation

Privilege Escalation refers to exploiting bugs, design flaws or configuration oversight in operating systems or software applications to gain elevated access to resources that would normally remain protected from usage by applications or users.

Social Engineering

Social engineering refers to non-technical attacks which exploit individuals by convincing them into divulging sensitive data such as passwords and credit card numbers through manipulation, commonly through phishing attacks.

 

 

Post-Exploitation Analysis

After exploiting the vulnerabilities, the ethical hacker enters the post-exploitation phase. The purpose of this phase is to determine the value of the machine compromised and to maintain control for later use. The steps involve:

1. Collecting Evidence: This involves collecting system information, user information, network connections, running services, and other relevant details about the exploited system. This could be used for further exploitation, documentation, or for establishing further attacks.
2. Securing Access: Ethical hackers may also establish backdoors, rootkits, or other means of securing access to the compromised systems for later use.
3. Removing Tracks: Ethical hackers usually clear logs, command histories, and other traces of their activity on the exploited system. This step is usually performed to avoid detection by system defenders, but it can also help simulate the actions of malicious attackers.
4. Reporting: The final step is reporting. This involves documenting the vulnerabilities found, the exploits used, the data accessed, and any changes made to the system.

Please note, while these activities might sound malicious, an ethical hacker always has legal permission to conduct these activities and they're performed to help secure the system, not to cause harm.