CritiX

Security Operations and Assurance

Alireza Esfahani, Lecturer in Cyber Security

BSc, MSc, PhD, PG Cert, FHEA, MIEEE, MECSO

University of West London

1
Week 4
Introduction to Ethical Hacking

CP70044E @2023 2
Today’s agenda

• Identify the concept and purpose of ethical hacking

• Define penetration testing
• Identify the methodology of penetration testing

CP70044E @2023 3
What is Hacking?
• Hacking involves exploiting system vulnerabilities and breaching
security controls to attain unauthorized or improper access to
system resources.
• It includes the alteration of system or application features to
pursue objectives that differ from the original intent of the
creator.
• Hacking may result in the theft, misappropriation, and
dissemination of intellectual property, causing financial harm to
businesses.

CP70044E @2023 4
Who is a Hacker?
• Proficient individuals with advanced computer skills
who can delve into both software and hardware.
• Hacking is regarded as a pastime by some hackers,
testing their capabilities (hobby) to compromise
numerous computers or networks.
• Their motivation may range from seeking knowledge
to engaging in illegal activities.
These are individuals who commit
crimes and do arguably unethical
things, but not for personal gain
These are unethical
These are ethical or to cause damage.
criminals who violate
hackers who use computer and network
their programming security for personal
skills for good, gain, or for malicious
ethical, and legal reasons, such as
purposes. attacking networks.
CP70044E @2023 5
Hacking Phases

Maintaining Clearing Tracks

Reconnaissance Scanning Gaining Access
Access

CP70044E @2023 6
Reconnaissance
• Refers to the preparatory phase where an attackers
seeks to gather information about a target prior to
launching an attack.

Passive Reconnaissance Active Reconnaissance

• Passive reconnaissance
involves acquiring information
without directly interacting with
the target
• For example, searching public
records or news releases
• Active reconnaissance involves
interacting with the target
directly by any means
• For example, telephone calls to
the help desk or technical
department

CP70044E @2023 7
Scanning
• Scanning refers to the pre-attack phase when the attacker
scans the network for specific information on the basis of
information gathered during reconnaissance.
• Scanning can include use of diallers, port scanners, network
mappers, ping tools, vulnerability scanners, etc.
• Attacks extract information such as live machines, port,
port status, OS details, device type, system uptime, etc. to
launch attack.

CP70044E @2023 8
Gaining Access
Gaining access refers to the point
where the attacker obtains access
to the operating system or
applications on the computer or
network
The attacker can escalate privileges to
obtain complete control of the system.
In the process, intermediate systems
that are connected to it are also
compromised
CP70044E @2023
The attacker can gain access at
the operating system level,
applications level, or network
level
Examples include password cracking,
buffer overflows, denial of service,
session hijacking, etc.
9
Maintaining Access

Maintaining Attackers may Attackers can Attackers use

access refers to prevent the upload, the
the phase when system from download, or compromised
the attacker tries being owned by manipulate data, system to launch
to retain his or other attackers applications, and further attacks
her ownership of by securing their configurations
the system exclusive access on the owned
with Backdoors, system
Rootkits, or
Trojans

CP70044E @2023 10
Clearing Tracks

01 02 03
The attacker’s
intentions include:
Covering tracks Continuing access
The attacker
refers to the to the victim’s
overwrites the
activities carried system, remaining
server, system, and
out by an attacker unnoticed and
application logs to
to hide malicious uncaught, deleting
avoid suspicion
acts evidence that
might lead to his
prosecution

Attackers always cover tracks to hide their identity

CP70044E @2023 11
ETHICAL HACKING
CONCEPTS AND SCOPE

CP70044E @2023 12
What is Ethical Hacking?
• Ethical hacking employs hacking tools and methods to
uncover vulnerabilities, enhancing system security.

• It focuses on simulating techniques used by attackers to

verify the existence of exploitable vulnerabilities in the
system security

• Ethical hackers perform security assessment of their

organisation with the permission of concerned authorities

CP70044E @2023 13
Why is Ethical Hacking Necessary?
• To beat a hacker, you need to think like one!

• Ethical hacking is necessary as it allows to counter attacks

from malicious hackers by anticipating methods used by
them to break into a system
Reasons why Organisations Recruit Ethical Hackers

• To prevent hackers from gaining access to organisation’s information systems

• To uncover vulnerabilities in systems and explore their potential as a risk

• To analyse and strengthen an organisation’s security posture including policies,

network protection infrastructure, and end- user practices

CP70044E @2023 14
Questions an Ethical Hacker try to Answer
• What can the intruder see on the target
system? (Reconnaissance and Scanning phases)
• What can an intruder do with that
information? (Gaining Access and Maintaining
Access phases)
• Does anyone at the target notice the
intruder’s attempts or successes?
(Reconnaissance and Covering Track phases)
• If all components of information system are
adequately protected, and updated, and
patched, how much effort, time, and money is
required to obtain adequate protection?
• Are the information security measures in
compliance to industry and legal standards?

CP70044E @2023 15
Skills of an Ethical Hacker
Technical Skills Non-Technical Skills

➢ Has in-depth knowledge of major ➢ Ability to learn and adapt new technologies
operating environments quickly
➢ Has in-depth knowledge of ➢ Strong work ethics, and good problem solving
networking concepts, technologies and and communication skills
related hardware and software ➢ Committed to organisation’s security policies
➢ Should be a computer expert at ➢ Awareness of local standards and laws
technical domains
➢ Has a knowledge of security areas
and related issues
➢ Has “high technical” knowledge to
launch the sophisticated attacks

CP70044E @2023 16
Vulnerability Research
• The process of discovering vulnerabilities and
design flaws that will open an operating system
and its applications to attack or misuse
• Vulnerabilities are classified based on severity
level (low, medium, or high) and exploit range
(local or remote)

CP70044E @2023 17
Vulnerability Research Websites

CP70044E @2023 18
PENETRATION TESTING

CP70044E @2023 19
Penetration Testing
Penetration testing is a method
of evaluating the security of an
information system or network Security measures are actively
analysed for design
by simulating an attack to find
weaknesses, technical flaws and
out vulnerabilities that an
vulnerabilities
attacker could exploit

A penetration test will not only

The results are delivered
point out vulnerabilities, but will
comprehensively in a report, to
also document how the
executive management and
weaknesses can be exploited technical audiences

CP70044E @2023 20
Why Penetration Testing?
Identify the threats
facing an organisation’s
information assets
Reduce an organisation’s
expenditure on IT security and
enhance Return on Security
Investment (ROSI) by identifying and
remediating vulnerabilities or
weaknesses
Provide assurance with
comprehensive assessment of
organisation’s security including
policy, procedure, design, and
implementation
Gain and maintain certification
to an industry regulation (BS7799,
HIPAA, etc.)
Adopt best practices in
compliance to legal and
industry regulations
CP70044E @2023
For testing and validating the
efficacy of security protections
and controls
For changing or upgrading
existing infrastructure of
software, hardware, or network
design
Focus on high-severity
vulnerabilities and emphasize
application-level security issues
to development teams and
management
Provide a comprehensive
approach of preparation steps
that can be taken to prevent
upcoming exploitation
Evaluate the efficacy of
network security devices such
as firewalls, routers, and web
servers
21
Security Audit,Vulnerability Assessment, and
Penetration Testing
A security audit just checks whether the organisation
is following a set of standard security policies and
procedures

A vulnerability assessment focuses on discovering

the vulnerabilities in the information system but
provides no indication if the vulnerabilities can be
exploited or the amount of damage that may result
from the successful exploitation of the vulnerability

Penetration testing is a methodological approach to

security assessment that encompasses the security
audit and vulnerability assessment and demonstrates
if the vulnerabilities in system can be successfully
exploited by attackers

CP70044E @2023 22
Blue Teaming/Red Teaming
Blue Teaming
• An approach where a set of
security responders performs
analysis of an information system
to assess the adequacy and
efficiency of its security controls
• Blue team has access to all the
organisational resources and
information
• Primary role is to detect and
mitigate red team (attackers)
activities, and to anticipate how
surprise attacks might occur
CP70044E @2023
Red Teaming
• An approach where a team of
ethical hackers performs
penetration test on an
information system with no or a
very limited access to the
organisation’s internal resources
• It may be conducted with or
without warning
• It is proposed to detect network
and system vulnerabilities and
check security from an attacker’s
perspective approach to network,
system, or information access
23
Types of Penetration Testing

• No prior • Complete • Limited

Black-box

Grey-box
White-box
knowledge knowledge knowledge
of the of the of the
infrastructure infrastructure infrastructure
to be tested that needs to that needs to
• Blind be tested be tested
testing
• Double
blind
testing

CP70044E @2023 24
Phases of Penetration Testing

Pre-Attack Phase Attack Phase Post-Attack

Phase

• Planning and • Penetrating • Reporting

preparation perimeter • Clean-up
• Methodology • Acquiring • Artefact
designing target destruction
• Network • Escalating
information privileges
gathering • Execution,
implantation,
retracting

CP70044E @2023 25
Penetration Testing Methodology

CP70044E @2023 26
Penetration Testing Methodology

CP70044E @2023 27
LEGAL ISSUES

CP70044E @2023 28
Warning!
• Penetration Testing should be done on a controlled environment and by
following guidelines that guarantee the protection of the system you are
testing.
• You need to have written permission of the system’s owner before doing the
penetration test.

CP70044E @2023 29
Legal concerns
• It is not illegal to hack a system ‘with permission’ and ‘full disclosure’
• Unless, it is over a public network
• Can still get in trouble even on a private network

• Remember that permission from the ‘owner’ isn’t permission from the ‘user(s)’
• Think about interception

CP70044E @2023 30
Summary
• Complexity of security requirements is increasing day by day as a result of
evolving technology, changing hacking tactics, emerging security
vulnerabilities, etc.
• Hacker or cracker is one who accesses a computer system by evading its
security system
• Ethical Hacking involves the use of hacking tools, tricks, and techniques to
identify vulnerabilities so as to ensure system security
• Ethical hackers should possess platform knowledge, network knowledge,
computer expert, security knowledge, and technical knowledge skills
• Ethical hacking is a crucial component of risk assessment, auditing,
counter fraud, best practices, and good governance

CP70044E @2023 31
Thank you very much!

CP70044E @2023 32