What is the initial phase?
Reconnaissance is the initial phase. This step involves gathering information to learn as much as possible about the target.
There are two types of information gathering -
Active and Passive
- Active information gathering requires some level of interaction w/ the target
- Passive information gathering does not require interaction w/ the target
Passive Ex.
- If you’re sitting down at a bar and eavesdropping on a business-related conversation that your target is having w/ another individual, this would be qualified as -passive- information gathering, as it requires no direct interaction w/ the target
- Intercepting communications your target is having w/ another person on a channel (Network attack) is also a form of passive information gathering (generally. There are ways of doing this in which you would interact w/ the target)
Active Ex.
- Say you’re at the same bar as before, except this time, you buy both your target and the individual they’re speaking with a few drinks and get them drunk in order to more easily extract the information; this would qualify as active information gathering because it requires that you interact w/ the target
- Another example of active information gathering would be if you were to implement a phishing scheme. You send a link to your target via email or otherwise, they click the link and give up their IP address and possibly reveal some substantial information.
What is the second phase?
Scanning:
During this stage, hackers use the information they gathered in the reconnaissance phase to scan the target network for more specific information.
Ex. for understanding the difference between the reconnaissance phase and scanning phase:
- Say you are conducting a penetration test on a company; what are the first pieces of information that you would need to know in order to begin scanning the entry point into their network? For instance, if you wanted to test the configuration of a firewall (what can pass through and what cannot), the very least you would need to know is an IP address (or more likely, multiple IP addresses) relevant to that firewall.
Or maybe you’d need something along the lines of an address of which the servers are physically located.
These two particular pieces of information are ones that you would acquire during the reconnaissance phase, and are what you will now act upon in the scanning phase to acquire more specific and applicable data.
In easier terms:
Reconnaissance phase (first stage): - acquire as much relative information and data as possible
Scanning phase (second stage): - using the information you've acquired in the reconnaissance phase, gather even more specific information
What is the third phase?
Gaining access:
This phase involves finding an entry point to the target’s operating system or an application on the system and using it to perform the attack.
- this is the stage in which the actual attack takes place (you exploit the vulnerabilities you’ve discovered in the previous stages)
What is the fourth phase?
Maintaining access:
This is the phase in which hackers attempt to maintain their admin/root privileges so they can continue to utilize the system.
- once you’ve broken into a system, your next step will likely be to elevate your own privileges so you can do even more within the system.
- you’ll need to ensure that you have persistent access to the system/device you’ve compromise because if your connection is broken for any reason and you have no way of easily reentering the system, then that is a considerable amount of time lost
- you can install tools onto a compromised device that will give you persistent access and will continuously gather data from the machine which can then be used later on to possibly compromise other devices within the network, internet accounts, etc.
- Ex: a key logger can be installed which will harvest what the user of the compromised device types into the keyboard, so you can learn more about what that particular user is doing on that particular device
- you can use the machine you’ve compromised as a proxy within the company. This way, you can use the machine to perform actions elsewhere and if those actions are every traced, the will only be traced back to the machine you’ve used as a proxy and the owner of that machine (if you cover your tracks very well and leave absolutely no evidence to any outside involvement, then there’ll more than likely be a heavy amount of suspicion placed on that machine’s owner, as well as legal repercussions)
v v v v
As an ethical hacker, make sure to document these things so that you don’t get anyone into legal trouble and after a penetration test is concluded, do not forget to include these things in your reports, as to clear all personnel of any liability.
What is the fifth phase?
Clearing tracks:
This is the final phase. During this step, hackers attempt to hide their activities on the system. They do everything they can to cover their tracks and avoid being caught.
- does not refer only to when your work is done. You should clear your tracks throughout all prior stages. It’s especially important that once you’ve breached a system and created some sort of permanent access that you remain undetected. If you are detected, the target company will likely conduct an investigation, discover your entry point, and close it. Any machines that you’ve infected up to the point of your detecting will probably be purged and just like that, you’ve lost all access.
- erase all tracks as fast as possible, and if possible, generate no tracks at all
Actions that can be taken to clear your tracks are as follows (but not limited to):
- clearing log files. Just note that you shouldn’t purge everything within a log file, just entries that serve to prove your presence in a system
- you could masquerade your activities behind legitimate programs. By mimicking the activities and behavior of legitimate programs and incorporating your own actions, you could hide yourself.
Ex. Erman’s key logger masquerades itself behind legitimate programs by using the same set of hooks that practically any legitimate program that uses keyboard shortcuts would use. SO, if the antivirus were to detect it as a key logger, it would also have to detect basically all the programs on the system that use keyboard shortcuts
-
Common Terms76
-
Zero Day Attack6
-
Miscellaneous Computer Processes (stuff I find and look up along the way)1
-
Daisy Chaining1
-
1st Quiz6
-
The Motivations of a Hacker - (Overview ?)7
-
Cloud Computing Threats in depth5
-
Advanced Persistent Threats in depth2
-
Viruses and Worms in depth2
-
Ransomware in depth1
-
Mobile Threats in depth1
-
Modern Age Information Warfare in depth4
-
Insider Attacks in depth2
-
Phishing1
-
Web Application Threats in depth1
-
Classification of Threats: Network Threats2
-
Host Threats2
-
Application Threats2
-
Classification of Attacks8
-
Botnets1
-
Laws, Standards, and Regulations7
-
2nd Quiz10
-
Types of Hackers2
-
What is Ethical Hacking and what is it's Purpose ?3
-
Scope of Ethical Hacking1
-
Hacking Stages5
-
3rd Quiz11
-
Information Assurance8
-
Security Controls2
-
Network Zoning4
-
Defense in Depth12
-
What Sort of Things Do Policies Regulate ?14
-
Workplace Security Policies and Examples12
-
Physical Security Controls and Risk7
-
Risk Management3
-
Threat Modeling and Incident Management4
-
UBA - User Behavior Analytics and Network Security Controls3
-
Access controls2
-
Identification Authentication Authorization Accounting and IAM5
-
Data Leakage2
-
Data Backup12
-
Data Recovery2
-
What is penetration testing ?2
-
What does a good penetration test consist of ?1
-
Why do a penetration test ?2
-
Pre-Attack Phase: Contracts2
-
Audit vs Vulnerability Assessment vs Penetration Test3
-
Red vs Blue Team !3
-
Types of Penetration Testing5
-
Pre-Attack Phase: Rules of Engagement2
-
Pre-Attack Phase: Understanding your Client's requirements2
-
Pre-Attack Phase: Scope of a Penetration Test4
-
Pre-Attack Phase: Information Gathering1
-
Pre-Attack Phase: Two Types of Information Gathering3
-
Attack Phase2
-
Attack Phase: Penetrating the Perimeter3
-
Attack Phase: Target Acquisition2
-
Attack Phase: Privilege Escalation2
-
Attack Phase: Execute, Implant, Retract.1
-
Post-Attack Phase1
-
Security Testing Methodologies11
-
Quiz solutions: Penetration testing0
-
About Footprinting2
-
Hacker State of Mind1
-
Search Engine and Online Resources2
-
Search Engine and Online Resources1
