Scribd
Upload
73 views14 pages

Hacking Phases Slides

The document outlines the phases of hacking, which include reconnaissance, scanning, gaining access, maintaining access, and clearing tracks. It emphasizes that attackers only need to find one vulnerability, while defenders must secure all potential entry points. Various techniques and tools for each phase are discussed, highlighting the importance of both passive and active reconnaissance methods.

Uploaded by

coderknowbody
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
73 views14 pages

Hacking Phases Slides

The document outlines the phases of hacking, which include reconnaissance, scanning, gaining access, maintaining access, and clearing tracks. It emphasizes that attackers only need to find one vulnerability, while defenders must secure all potential entry points. Various techniques and tools for each phase are discussed, highlighting the importance of both passive and active reconnaissance methods.

Uploaded by

coderknowbody
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Hacking Phases

Dale Meredith
@dalemeredith | www.dalemeredith.com
What is the MOST secure
system?
The one that is never built
You Can’t Stop “Them”

Your job is to discourage, misdirect and


slow them down
You Can’t Stop “Them”

Time is NOT on your side


You Can’t Stop “Them”

Attacker only has to find 1 opening


You have to cover all of them
The Phases

Reconnaissance Scanning Gaining access

Maintaining
Clearing tracks
access
Phase 1) Reconnaissance

Passive

§ No direct interaction with the target

Active

§ Direct interaction with the target


Which Type of Reconnaissance
§ Port Scanning § Dumpster Diving

§ Checking Public Records § Doing a “Whois” Lookup

§ View Facebook/LinkedIn Page § Checking a Registrar for DNS

§ Ping § Using the “WayBackMachine”

§ Calling the Office and Asking § Calling the HelpDesk as an


Questions Employee
§ Help Wanted Ads §Social Engineering
Phase 2) Scanning

Gather Info
§ ID systems
§ Vulnerabilities

Tools Used
§ Port Scanners
§ Vulnerability Scanners
Phase 3) Gaining Access

Path

q Via network
q Via OS
q Via application
q Our goal?
v To escalate privileges
Phase 4) Maintaining Access
q PWNing the system
q Use system as a launch pad
q Inject Backdoor/Trojans
q Used to revisit
q Used to sniff/monitor network
q Use resources
q Harden up
Phase 5) Clearing Tracks
“These are not the drones that you
were looking for…”
q Destroy proof
q Hide my stuff
q Cyber blind
Summary

Reconnaissance Scanning
• Reconnaissance
• Scanning
Maintaining
Gaining access
access
• Gaining access
• Maintaining access
Clear tracks

• Clear tracks

You might also like