What Is Ethical Hacking
The need for ethical hacking
The basic concept of cybersecurity threat refers to a malicious act, which can lead to stealing on sensitive data or damaging it. This term is only used in terms of digital world. It is widely used in the issues regarding security of computerized data.
Cybersecurity threats can cause many damages which includes; blackouts, leakage of sensitive data of a company, exposure of national security records, breaches in personal information such as medical records, banking details etc. Such acts are usually taken by hackers, crime groups, terrorists etc. Leaders around the world are mostly concerned about cybersecurity, as the protection of everyone’s data is the basic right of every human. Cybersecurity threats can occur in different forms which can deceive every person. Sometimes it occurs in the form of updated software, at times it occurs in spam email, also it can befall in malicious websites etc.
The most common types of cybersecurity threats are; Phishing, Spear phishing, Trojans, Man in the middle (Met) attacks, Ransomware, Denial of Service Attack (DDoS), Attacks on IoT devices, Malware on mobiles, data breaches etc. All these threats can occur in any device such as personal computer, laptops, mobiles, ATMs, telephone lines etc.
What is ethical hacking?
Cyber security is a broad field which includes Hacking, both ethical and unethical. Penetration testing falls under the category of Ethical hacking in which hacking is performed deliberately in order to assess the security of a system or network. There are laws regarding Penetration testing and a whole lifecycle of this type of testing which start from Reconnaissance and ends at Covering Tracks. In this article, we cover a lot of aspects of Penetration testing and show a practical approach of exploitation using Metasploit Framework.
Recommendations on how to start ethical hacking
When we talk about Ethical hacking, it is ever more important that the Legal implications of such an act shall be kept in mind. It is necessary that the legal procedures be completed before Penetration Testing is performed for any company’s asset. There are laws for testers out there and it is necessary for White Hat Hackers to know like Computer Fraud and Abuse Act of America. To get started with Ethical hacking, you can join various communities that exist for hackers. Join one here.
There are various phases in a Penetration Testing activity and one of the basic phases is pre-engagement phase. In this phase, the main element of the whole process is assessed, which information is gathering. In Penetration testing, experts have categorized information gathering into two parts: Passive information gathering and Active Information gathering.
Passive Information Gathering
This is the pre-attack phase in which the basic information is gathered regarding the system to be targeted. From the figure it can be seen that this phase falls under the Intelligence Gathering Phase of the Penetration Testing Phases. In this phase, the pen tester is not allowed to use tools and gadgets for any sing security flaws in the system, rather, the pen tester needs to perform actions manually like Identifying IP addresses, discovering content of interest in the system and the like. These actions are performed using publicly available tools and techniques so as to analyses the vulnerabilities that are open to general public and do not require expertise to be exploited.
Active Information Gathering
In this type of Information Gathering, actual penetration is performed of the system under test and the authorities are well aware of the process. In this phase, a proper network infrastructure mapping is performed and scans for exposed vulnerabilities. Activates like Banner grabbing, OS Fingerprinting and Web server application scan come under this phase. One of the active information gathering methods also includes calling a staff member or a company employee and tricking them through email or phone call to expose private information regarding system security. Methods like DNS Enumeration, Port Scanning, SMB Enumeration, SMTP Enumeration, SNMP Enumeration are discussed further
You can also start with learning ethical hacking techniques from a Udemy course
The act of Exploitation
In order to prevent a system of attacks, countermeasures are derived against exploitation. This preventive technology hinders the ability to achieve an exploitation avenue. These can either be a Web Application Firewall, Host Based Intrusion Prevention System, a Security Guard or any other preventative methods. Hence many factors shall be considered and alternative exploit methods must be practiced if one of the attacks fails.
Hence the overall purpose is to steal information from the organization in any way. Countermeasures shall also be assessed during every exploitation avenue. One technique to escape during while a pen test is under practice is Evasion. In this technique, intrusion detection systems and intrusion prevention systems are being targeted and evaded prior to an exploit. The primary focus of a pen test is to simulate a real attacker. Exploitation avenues differ in nature. All attacks are not persistent. Hence an approach is used “Customized Exploitation Avenue”. In this approach, the attack is tailored according to the tools and technology being implemented and which is used for the attack. Hence it is very much needed that a clear understanding of the scenario is built prior to executing the attack. Apart from the tools, many a times the infrastructure is also simulated in order to ensure the success of an exploitation phase. This is called Tailored Exploits similar to Customized Exploits.
There are many types of Exploits like Buffer Overflows, SEH Overwrites, Return Oriented Programming acquiring PC Access etc.
Attacks on different OSI Layers
There are many types of DDoS attacks which include Layer 3 attacks, Layer 4 attacks and Layers 7 attack. Layer 3 attacks include ping flood DDoS attack, Smurf DDoS attack and ICMP ping of death attack. Layer 4 DDoS attacks include Volumetric DDoS attacks techniques like SYN Flood attack and black holing is a mitigation technique to avoid such layer 3 and Layer 4 attacks. Layer 7 attacks are called application Layer DDoS attacks and includes SYN floods or other reflection attacks like as NTP amplification. All of these attacks can be done by Ethical hackers in order to see where the vulnerabilities are present.
Tools for ethical hacking
Metasploit: This is one of my favorites. It has huge potential and lets you work in a variety. With Metasploit, you can conduct Pen testing activities, you can run spot checks on vulnerabilities, Discover the network of any unwanted IP address and scan the ports. It also lets the hackers exploit modules on individual hosts.
Angry IP Scanner: Port scanning is another Ethical hacking activity that requires tools. With this Tool, the white hat hacker can resolve hostname, get MAC address and gather data about scanned IPs.
Ettercap: this tool Ethernet Capture can perform built in features for host analysis. It is cross-platform and best to check for Man in the Middle attacks. It also simplifies sniffing in love connections
Network Stumbler: With a high amount of WLAN issues and threats, Network Stumbler helps to monitor non-broadcasting wireless networks. It’s very popular within hacking enthusiasts circle.
Certifications on ethical hacking
There are many Ethical Hacking certifications:
Certified Ethical Hacking Certification: Any person who takes up this certification becomes a certified professional on ethical hacking. IT is most popular certification amongst ethical hackers that teaches the skills form a vendor-neutral point of view.
GIAC Penetration Tester: This certification is offered by SANS institute and covers in-depth techniques to learn hacking methods like password attacks, target scanning, vulnerability scanning etc.
Offensive Security Certified Professional: It is designed to enable the professionals of good understanding of pen testing activities and lifecycle. It also teaches the professionals steps to take on compromised systems.
CREST: This is an exam to educate quality pen testers and polish their skills. It focuses on best practices for pen testing activities.