What is Ethical Hacking? Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers. This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them. What are the key concepts of ethical hacking? Hacking experts follow four key protocol concepts: 1. Stay legal. Obtain proper approval before accessing and performing a security assessment. 2. Define the scope. Determine the scope of the assessment so that the ethical hacker’s work remains legal and within the organization’s approved boundaries. 3. Report vulnerabilities. Notify the organization of all vulnerabilities discovered during the assessment. Provide remediation advice for resolving these vulnerabilities. 4. Respect data sensitivity. Depending on the data sensitivity, ethical hackers may have to agree to a non-disclosure agreement, in addition to other terms and conditions required by the assessed organization. Ethical hacking in practice Ethical hackers offer a range of services. Penetration testing ● Penetration tests, or "pen tests," are simulated security breaches. Pen testers imitate malicious hackers that gain unauthorized access to company systems. Of course, pen testers don't cause any actual harm. They use the results of their tests to help defend the company against real cybercriminals. Malware analysis ● Some ethical hackers specialize in analyzing ransomware and malware strains. They study new malware releases to understand how they work and share their conclusions with companies and the broader information security community. Vulnerability assessments ● Vulnerability assessment is like pen testing, but it doesn't go as far as exploiting the vulnerabilities. Instead, ethical hackers use manual and automated methods to find, categorize and prioritize vulnerabilities in a system. Then they share their findings with the company. Risk management ● Ethical hackers may also assist with high-level strategic risk management. They can identify new and emerging threats, analyze how these threats impact the company’s security posture and help the company develop countermeasures. Types of Hackers • Black Hat: These are cybercriminals. Black hat hackers attack vulnerabilities with malicious intent. • White Hat: Also known as security specialists, white hat hackers look for the same vulnerabilities as black hats but determine how to fix the issues and prevent future attacks. Sometimes, black hats become white hats. • Gray Hat: Gray hats have mixed motivations. They enjoy hacking and often do so without authorization, but they don’t act maliciously. Grey hats often view hacking as sport. • Blue Hat: Tech companies hire blue hat hackers to test products and find security issues. Microsoft hosts an annual BlueHat convention. • Red Hat: Also known as vigilante hackers, red hats act aggressively to stop the black hats and employ some of their strategies. Government agencies hire red hats for their mission focus. • Green Hat: These are the hacking beginners who want to become white, blue, or red hats (but hopefully not black hats). Ethical Hacking Stages The five phases of ethical hacking are: ● Reconnaissance / Information Gathering ● Scanning ● Gaining Access ● Maintaining Access ● Covering Tracks Reconnaissance Gather as much information about the target as possible from public and private sources to inform the attack strategy. Sources include internet searches, domain registration information retrieval, social engineering, nonintrusive network scanning, and sometimes even dumpster diving. This information helps pen testers map out the target’s attack surface and possible vulnerabilities. Reconnaissance can vary with the scope and objectives of the pen test; it can be as simple as making a phone call to walk through the functionality of a system. Scanning Hacker use tools to examine the target website or system for weaknesses, including open services, application security issues, and open source vulnerabilities. Pen testers use a variety of tools based on what they find during reconnaissance and during the test. Gaining Access Attacker motivations can include stealing, changing, or deleting data; moving funds; or simply damaging a company’s reputation. To perform each test case, pen testers determine the best tools and techniques to gain access to the system, whether through a weakness such as SQL injection or through malware, social engineering, or something else. Maintaining Access Once pen testers gain access to the target, their simulated attack must stay connected long enough to accomplish their goals of exfiltrating data, modifying it, or abusing functionality. It’s about demonstrating the potential impact. Covering Tracks Once an attacker finishes his work, he wants to erase all tracks leading the investigators tracing back to him. This can be done using 1. Disable auditing. 2. Clearing logs. 3. Modifying logs, registry files. 4. Removing all files, folders created. Where to Practice Ethical Hacking ● Hack The Box ● PentesterLab ● TryHackMe ● VulnHub ● Google Gruyere ● PortSwigger Web Security Academy Ethical Hacking Vs Pen Testing ● Both penetration testing and ethical hacking are used to test the security of a system. ● Ethical hacking is a more general term that can refer to any type of security testing, while penetration testing specifically refers to attempts to gain unauthorised access to a system. ● Both types of testing can be used to find vulnerabilities and assess the effectiveness of security measures. Penetration Testing ● A penetration test (pen test) is an authorized simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system. Penetration tests usually simulate a variety of attacks that could threaten a business. They can examine whether a system is robust enough to withstand attacks from authenticated and unauthenticated positions, as well as a range of system roles. With the right scope, a pen test can dive into any aspect of a system. Approaches to Pen Testing There are three main pen testing strategies, each offering pen testers a certain level of information they need to carry out their attack. 1. White box testing provides testers with all the details about an organization's system or target network and checks the code and internal structure of the product being tested. White box testing is also known as open glass, clear box, transparent or code-based testing. 2. Black box testing is a type of behavioral and functional testing where testers aren't given any knowledge of the system. Organizations typically hire ethical hackers for black box testing where a real-world attack is carried out to get an idea of the system's vulnerabilities. 3. Gray box testing is a combination of white box and black box testing techniques. It provides testers with partial knowledge of the system, such as low-level credentials, logical flow charts and network maps. The main idea behind gray box testing is to find potential code and functionality issues. Who Are Pentesters? ● Penetration testers are trained in many technical and non-technical skills that allow them to professionally and ethically test client networks. Unlike bug bounty hunters, most penetration testers work full-time rather than as freelancers. ● Many testers have a deep understanding of programming and know multiple languages that can be used to craft exploits and payloads. In addition to coding, ethical hackers must have a strong knowledge of networking and network protocols. ● They must understand how real attackers use protocols like DNS, TCP/IP, and DHCP to gain unauthorized access. Types of Pen Testing ● Web Application Pen Testing ● Wireless Pen Testing ● Physical Pen Testing ● Social engineering Pen Testing ● IoT Pen Testing ● Cloud Pen Testing ● Mobile Pen Testing Web Application Pen Testing ● Organizations use web application penetration testing to prevent bad actors from exploiting vulnerabilities on client-facing apps. These tests can vary in complexity due to the vast amount of different browsers, plugins, and extensions that all come into play when running a pen test on a web application.
Wireless Pen Testing
● The goal of wireless penetration testing is to identify and exploit security weaknesses in Wi-Fi to gain unauthorized access to the company’s network and evaluate whether there’s adequate segregation from the wireless network to the corporate network, enabling pivoting to sensitive servers. Physical Pen Testing ● In a physical penetration test, doors, locks, and other physical controls are put to the test to see how easily bad actors can bypass them. They can be bypassed. Cheap locks and wireless motion detectors are often easily picked or bypassed, while cheap wireless motion detectors can be or fooled with a bit of ingenuity.
Social Engineering Pen Testing
● Attackers use social engineering to trick staff members into giving privileged information or access to an organization. This access may be in the form of a phishing email, phone call, or someone physically pretending to be someone they're not on site. IoT Pen Testing ● IoT (Internet of Things) penetration testing focuses on testing the security of IoT devices and systems. This can include testing the security of the communication protocols used by IoT devices, as well as the security of the software and firmware on which they operate.
Cloud Pen Testing
● The goal of cloud penetration testing is to identify and exploit security weaknesses in infrastructure and applications, especially SaaS apps, hosted on public cloud providers, such as AWS, Azure, and GCP, to gain unauthorized access to sensitive information. The process typically involves using a variety of tools and techniques to scan for cloud-based assets and identify vulnerabilities and misconfiguration. Mobile Pen Testing ● Using both automated and extended manual testing, testers look for vulnerabilities in application binaries running on the mobile device and the corresponding server-side functionality. Server-side vulnerabilities include session management, cryptographic issues, authentication and authorization issues, and other common web service vulnerabilities. Thank you!