Cyber Security

Ms. Nabeela Bibi

What is Ethical Hacking?
Ethical hacking involves an authorized attempt to gain unauthorized access to a
computer system, application, or data. Carrying out an ethical hack involves
duplicating strategies and actions of malicious attackers. This practice helps to
identify security vulnerabilities which can then be resolved before a malicious
attacker has the opportunity to exploit them.
What are the key concepts of ethical hacking?
Hacking experts follow four key protocol concepts:
1. Stay legal. Obtain proper approval before accessing and performing a security
assessment.
2. Define the scope. Determine the scope of the assessment so that the ethical
hacker’s work remains legal and within the organization’s approved boundaries.
3. Report vulnerabilities. Notify the organization of all vulnerabilities discovered during
the assessment. Provide remediation advice for resolving these vulnerabilities.
4. Respect data sensitivity. Depending on the data sensitivity, ethical hackers may
have to agree to a non-disclosure agreement, in addition to other terms and
conditions required by the assessed organization.
Ethical hacking in practice
Ethical hackers offer a range of services.
Penetration testing
● Penetration tests, or "pen tests," are simulated security breaches. Pen testers imitate malicious hackers that gain
unauthorized access to company systems. Of course, pen testers don't cause any actual harm. They use the
results of their tests to help defend the company against real cybercriminals.
Malware analysis
● Some ethical hackers specialize in analyzing ransomware and malware strains. They study new malware
releases to understand how they work and share their conclusions with companies and the broader information
security community.
Vulnerability assessments
● Vulnerability assessment is like pen testing, but it doesn't go as far as exploiting the vulnerabilities. Instead,
ethical hackers use manual and automated methods to find, categorize and prioritize vulnerabilities in a
system. Then they share their findings with the company.
Risk management
● Ethical hackers may also assist with high-level strategic risk management. They can identify new and
emerging threats, analyze how these threats impact the company’s security posture and help the company
develop countermeasures.
Types of Hackers
• Black Hat: These are cybercriminals. Black hat hackers attack
vulnerabilities with malicious intent.
• White Hat: Also known as security specialists, white hat
hackers look for the same vulnerabilities as black hats but
determine how to fix the issues and prevent future attacks.
Sometimes, black hats become white hats.
• Gray Hat: Gray hats have mixed motivations. They enjoy
hacking and often do so without authorization, but they don’t
act maliciously. Grey hats often view hacking as sport.
• Blue Hat: Tech companies hire blue hat hackers to test
products and find security issues. Microsoft hosts an
annual BlueHat convention.
• Red Hat: Also known as vigilante hackers, red hats act
aggressively to stop the black hats and employ some of their
strategies. Government agencies hire red hats for their mission
focus.
• Green Hat: These are the hacking beginners who want to
become white, blue, or red hats (but hopefully not black hats).
Ethical Hacking Stages
The five phases of ethical hacking are:
● Reconnaissance / Information Gathering
● Scanning
● Gaining Access
● Maintaining Access
● Covering Tracks
Reconnaissance
Gather as much information about the target as possible from public and private
sources to inform the attack strategy. Sources include internet searches, domain
registration information retrieval, social engineering, nonintrusive network
scanning, and sometimes even dumpster diving. This information helps pen
testers map out the target’s attack surface and possible vulnerabilities.
Reconnaissance can vary with the scope and objectives of the pen test; it can be
as simple as making a phone call to walk through the functionality of a system.
Scanning
Hacker use tools to examine the target website or system for weaknesses,
including open services, application security issues, and open source
vulnerabilities. Pen testers use a variety of tools based on what they find during
reconnaissance and during the test.
Gaining Access
Attacker motivations can include stealing, changing, or deleting data; moving
funds; or simply damaging a company’s reputation. To perform each test case,
pen testers determine the best tools and techniques to gain access to the
system, whether through a weakness such as SQL injection or through malware,
social engineering, or something else.
Maintaining Access
Once pen testers gain access to the target, their simulated attack must stay
connected long enough to accomplish their goals of exfiltrating data, modifying
it, or abusing functionality. It’s about demonstrating the potential impact.
Covering Tracks
Once an attacker finishes his work, he wants to erase all tracks leading the investigators
tracing back to him. This can be done using
1. Disable auditing.
2. Clearing logs.
3. Modifying logs, registry files.
4. Removing all files, folders created.
Where to Practice Ethical Hacking
● Hack The Box
● PentesterLab
● TryHackMe
● VulnHub
● Google Gruyere
● PortSwigger Web Security Academy
Ethical Hacking Vs Pen Testing
● Both penetration testing and ethical hacking are used to test the security of a system.
● Ethical hacking is a more general term that can refer to any type of security testing,
while penetration testing specifically refers to attempts to gain unauthorised access to
a system.
● Both types of testing can be used to find vulnerabilities and assess the effectiveness of
security measures.
Penetration Testing
● A penetration test (pen test) is an authorized simulated attack performed on a computer system
to evaluate its security. Penetration testers use the same tools, techniques, and processes as
attackers to find and demonstrate the business impacts of weaknesses in a system. Penetration
tests usually simulate a variety of attacks that could threaten a business. They can examine
whether a system is robust enough to withstand attacks from authenticated and unauthenticated
positions, as well as a range of system roles. With the right scope, a pen test can dive into any
aspect of a system.
Approaches to Pen Testing
There are three main pen testing strategies, each offering pen testers a certain level of information they
need to carry out their attack.
1. White box testing provides testers with all the details about an organization's system or target
network and checks the code and internal structure of the product being tested. White box testing is
also known as open glass, clear box, transparent or code-based testing.
2. Black box testing is a type of behavioral and functional testing where testers aren't given any
knowledge of the system. Organizations typically hire ethical hackers for black box testing where a
real-world attack is carried out to get an idea of the system's vulnerabilities.
3. Gray box testing is a combination of white box and black box testing techniques. It provides testers
with partial knowledge of the system, such as low-level credentials, logical flow charts and network
maps. The main idea behind gray box testing is to find potential code and functionality issues.
Who Are Pentesters?
● Penetration testers are trained in many technical and non-technical skills that allow them to
professionally and ethically test client networks. Unlike bug bounty hunters, most
penetration testers work full-time rather than as freelancers.
● Many testers have a deep understanding of programming and know multiple languages that
can be used to craft exploits and payloads. In addition to coding, ethical hackers must have a
strong knowledge of networking and network protocols.
● They must understand how real attackers use protocols like DNS, TCP/IP, and DHCP to gain
unauthorized access.
Types of Pen Testing
● Web Application Pen Testing
● Wireless Pen Testing
● Physical Pen Testing
● Social engineering Pen Testing
● IoT Pen Testing
● Cloud Pen Testing
● Mobile Pen Testing
Web Application Pen Testing
● Organizations use web application penetration testing to prevent bad actors from
exploiting vulnerabilities on client-facing apps. These tests can vary in complexity due
to the vast amount of different browsers, plugins, and extensions that all come into
play when running a pen test on a web application.

Wireless Pen Testing

● The goal of wireless penetration testing is to identify and exploit security weaknesses
in Wi-Fi to gain unauthorized access to the company’s network and evaluate whether
there’s adequate segregation from the wireless network to the corporate network,
enabling pivoting to sensitive servers.
Physical Pen Testing
● In a physical penetration test, doors, locks, and other physical controls are put to the
test to see how easily bad actors can bypass them. They can be bypassed. Cheap
locks and wireless motion detectors are often easily picked or bypassed, while cheap
wireless motion detectors can be or fooled with a bit of ingenuity.

Social Engineering Pen Testing

● Attackers use social engineering to trick staff members into giving privileged
information or access to an organization. This access may be in the form of a
phishing email, phone call, or someone physically pretending to be someone they're
not on site.
IoT Pen Testing
● IoT (Internet of Things) penetration testing focuses on testing the security of IoT
devices and systems. This can include testing the security of the communication
protocols used by IoT devices, as well as the security of the software and firmware on
which they operate.

Cloud Pen Testing

● The goal of cloud penetration testing is to identify and exploit security weaknesses in
infrastructure and applications, especially SaaS apps, hosted on public cloud
providers, such as AWS, Azure, and GCP, to gain unauthorized access to sensitive
information. The process typically involves using a variety of tools and techniques to
scan for cloud-based assets and identify vulnerabilities and misconfiguration.
Mobile Pen Testing
● Using both automated and extended manual testing, testers look for vulnerabilities in
application binaries running on the mobile device and the corresponding server-side
functionality. Server-side vulnerabilities include session management, cryptographic
issues, authentication and authorization issues, and other common web service
vulnerabilities.
Thank you!