This document discusses various terminology related to ethical hacking. It defines terms like vulnerability, attack, threat, exploit, backdoor, brute force attack, and phases of hacking. It also covers topics like vulnerability management, common web vulnerabilities, different types of attacks, and the typical steps in a hacking process including reconnaissance, scanning, gaining access, and maintaining access.
This document discusses various terminology related to ethical hacking. It defines terms like vulnerability, attack, threat, exploit, backdoor, brute force attack, and phases of hacking. It also covers topics like vulnerability management, common web vulnerabilities, different types of attacks, and the typical steps in a hacking process including reconnaissance, scanning, gaining access, and maintaining access.
This document discusses various terminology related to ethical hacking. It defines terms like vulnerability, attack, threat, exploit, backdoor, brute force attack, and phases of hacking. It also covers topics like vulnerability management, common web vulnerabilities, different types of attacks, and the typical steps in a hacking process including reconnaissance, scanning, gaining access, and maintaining access.
Vulnerability Attack Threat Exploit/ Exploit kit Backdoor Brute force Attack Phases/Steps of Hacking Terminologies
Vulnerability : A vulnerability is a weakness which
allows a hacker to compromise the security of a computer or network system. https://www.cvedetails.com/ https://nvd.nist.gov/ Terminologies Vulnerability definition National Institute of Standards and Technology (NIST): Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. ISO 27005: A weakness of an asset or group of assets that can be exploited by one or more cyber threats where an asset is anything that has value to the organization, its business operations and their continuity, including information resources that support the organization's mission. Terminologies IETF RFC 4949: A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. ENISA: The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the computer system, network, application, or protocol involved. The Open Group: The probability that threat capability exceeds the ability to resist the threat. Terminologies
Factor Analysis of Information Risk: The
probability that an asset will be unable to resist the actions of a threat agent. ISACA:A weakness in design, implementation, operation or internal control. Should known vulnerabilities be publicly disclosed? Whether to publicly disclose known vulnerabilities remains a contentious issue: Immediate full disclosure: Supporters of immediate disclosure believe it leads to secure software and faster patching improving software security, application security, computer security, operating system security and information security. •Limited to no disclosure: While others are against vulnerability disclosure because they believe the vulnerability will be exploited. When does a vulnerability become an exploitable? A vulnerability with at least one known, working attack vector is classified as an exploitable vulnerability. The window of vulnerability is the time from when the vulnerability was introduced to when it is patched. If you have strong security practices, then many vulnerabilities are not exploitable for your organization. For example, if you have properly configuredS3 security then the probability of leaking data is lowered. What is a zero-day exploit? A zero-day exploit (or zero-day) exploits a zero- day vulnerability. A zero-day (or 0-day) vulnerability is a vulnerability that is unknown to, or unaddressed by, those who want to patch the vulnerability. Until the vulnerability is patched, attackers can exploit it to adversely affect a computer program, data warehouse, computer or network. The key thing to understand is the fewer days since Day Zero, the higher likelihood that no patch or mitigation has been developed and the higher the risk of a successful attack. What causes vulnerabilities? There are many causes of vulnerabilities including: 1.Complexity: Complex systems increase the probability of a flaw, misconfiguration or unintended access. 2.Familiarity: Common code, software, OS & hardware increase the probability that an attacker can find or has information about known vulnerabilities. 3.Connectivity: The more connected a device is the higher the chance of a vulnerability. 4.Poor password management: Weak passwords can be broken with brute force and force and reusing passwords can result in one data breach becoming many. What causes vulnerabilities? 5.Operating system flaws: Like any software, operating systems can have flaws. Operating systems that are insecure by default and give all users full access can allow viruses and malware to execute commands. 6.Internet usage: The Internet is full of spyware and adware that can be installed automatically on computers. 7.Software bugs: Programmers can accidentally or deliberately leave an exploitable bug in software. 8.Unchecked user input: If your website or software assume all input is safe it may execute unintended SQL commands. What causes vulnerabilities?
9.People: Biggest vulnerability in a organization is the
human at the end of the system. Social engineering is biggest threat to the majority of organizations. What is vulnerability management? Vulnerability management is a cyclical (redundant) practice of identifying, classifying, remediating and mitigating security vulnerabilities. The essential elements of vulnerability management include vulnerability detection, vulnerability assessment and remediation. Methods of vulnerability detection include: Vulnerability scanning Penetration testing Google hacking Prevent from Vulnerabilities If you do not run antivirus and antimalware software, your laptop or mobile device is vulnerable to infections.
If you fail to routinely update your operating systems
or application software, these will remain vulnerable to software problems. Top 10 security Web vulnerabilities as per OWASP SQL Injection Cross Site Scripting(XSS) - malicious scripts are injected into otherwise benign and trusted websites Broken Authentication and Session Management Insecure Direct Object References - application provides direct access to objects Cross Site Request Forgery - forces an end user to execute unwanted actions Security Misconfiguration Insecure Cryptographic Storage Failure to restrict URL Access Insufficient Transport Layer Protection Un validated Redirects and Forwards Attack
Attack : An attack is an action that is done on a
system to get its access and extract sensitive data. It is an assault on system security and any action that violates security. When a threat turns into an actual event, it may cause an unwanted incident. Threat Threat : A threat is a possible danger that can exploit an existing bug or vulnerability to compromise the security of a computer or network system. harm an asset or cause it to become unavailable human error or negligence Web service or email interruptions, loss or unintentional disclosure of sensitive information, and in the emerging Internet of Things Threat Actor a threat actor, also called a malicious actor, is an entity that is partially or wholly responsible for a security incident that impacts –or has the potential to impact –an organization's security. Someone or something must express or pose a threat is called Threat Actor. Threat actors are individual attackers or state actors Disgruntled, under-skilled, or overworked employees can also pose threats Target of Evaluation Target of Evaluation: The system which is under pen test or attack. Ethical hackers are usually concerned with high-value TOEs, systems that contain sensitive information such as account numbers, passwords, Social Security numbers, or other confidential data. It is the goal of the ethical hacker to test hacking tools against the high-value TOEs to determine the vulnerabilities and patch them to protect against exploits and exposure of sensitive data. Exploit Exploit : Exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to compromise the security of a computer or network system. Malicious hackers are looking for exploits in computer systems to open the door to an initial attack. Most exploits are small strings of computer code that, when executed on a system, expose vulnerability. Exploit
Experienced hackers create their own exploits,
but it is not necessary to have any programming skills to be an ethical hacker as many hacking software programs have ready-made exploits that can be launched against a computer system or network. Exploit Kit Exploit Kit : An exploit kit is software system designed to run on web servers, with the purpose of identifying software vulnerabilities in client machines communicating with it and exploiting discovered vulnerabilities to upload and execute malicious code on the client. Backdoor
Back door : A back door, or trap door, is a
hidden entry to a computing device or software that bypasses security measures, such as logins and password protections. Brute Force Attack
Brute force attack : A brute force attack is an
automated and the simplest kind of method to gain access to a system or website. It tries different combination of usernames and passwords, over and over again, until it gets in. Remote: The exploit is sent over a network and exploits security vulnerabilities without any prior access to the vulnerable system. Hacking attacks against corporate computer systems or networks initiated from the outside world are considered remote. Local: The exploit is delivered directly to the computer system or network, which requires prior access to the vulnerable system to increase privileges. Phases/Steps of Hacking Reconnaissance / Information gathering Scanning and Enumeration Gaining Access Maintaining Access and Placing Backdoors Covering Tracks. Reconnaissance/Information gathering Reconnaissance is the phase where the attacker gathers information about a target. Example Tools: NMAP, Hping, Maltego, and Google Dorks. It is also called as Foot printing and information gathering Phase. Theft of information may be: Network Host People involved Hacking Phase: Reconnaissance The reconnaissance target range may include the target organization’s clients, employees, operations, network, and systems. This phase allows attackers to plan the attack. It may take some time as the attacker gathers as much information as possible. Part of this reconnaissance may involve social engineering. There are two types of Foot printing Active: Directly interacting with the target to gather information about the target. Eg Using Nmap tool to scan the target.
Passive: Trying to collect the information
about the target without directly accessing the target. This involves collecting information from social media, public websites etc. Scanning and Enumeration The attacker begins to actively probe a target machine or network for vulnerabilities that can be exploited. Example Tools: Nessus, Nexpose, and NMAP. Methods: War Dialing (to find out modem access) Port Scanning , Network Mapping Largely obsolete due to better firewall rules Vulnerability Scanning Scanning: War Dialing Purpose: Find a modem connection. Many users in a company install remote PC software such as PC Anywhere without setting the software up correctly. War Dialer finds these numbers by going through a range of phone numbers listening for a modem. Demon Dialer tries a brute force password attack on a found connection. Typically: war dialing will find an unsecured connection. Scanning: Network Mapping Ping: ping is implemented using the Internet Control Message Protocol(ICMP) Echo Request. A receiving station answers back to the sender. Used by system administrators to check status of machines and connections. Scanning: Network Mapping Trace route: •Pings a system with ICMP echo requests with varying life spans (= # of hops allowed). •A system that receives a package with expired numbers of hops sends an error message back to sender. •Trace route uses this to find the route to a given system. •Useful for System Administration Port Scanning Applications on a system use ports to listen for network traffic or send it out. 216 ports available, some for known services such as http (80), ftp. Port scans send various type of IP packages to target on different ports. Reaction tells them whether the port is open (an application listens). Port Scanning: Nmap Uses different types of packets to check for open ports. Can tell from the reaction what OS is running, including patch levels. Can run in stealth mode, in which it is not detected by many firewalls. The six port states recognized by Nmap Open Closed Filtered Unfiltered Open | filtered Closed | filtered NMAP scan type TCP Scan UDP Scan SYN Scan ACK Scan FIN Scan NULL Scan XMAS Scan IPC Scan Ideal Scan Gaining Access The vulnerability is located and you attempt to exploit it in order to enter into the system. Example tool: Metasploit. Fault in Policy Weak or no authentication, unwarranted trust relationships. Fault in Implementation Typical triggered by intentionally malformed input Extension of a security breach Sniffing malware. Hacking Phase: Gaining Access This is the phase in which real hacking occurs. The attacker can gain access to OS, application, or network level. Ending processes can stop a service, using a logic bomb or time bomb, or even reconfigure and crash the system. Examples include password cracking, stack- based buffer overflows, denial-of-service, and session hijacking. Packet flooding also breaks the availability of essential services. Maintaining Access and Placing Backdoors After gaining access, the hacker installs some back doors in order to enter into the system when he needs access in this owned system in future. Example tool: Metasploit. Hacker may just hack the system to show it was vulnerable Software Defects. •background without the knowledge of the user. •Trojans, Rootkits or other malicious files. •maintain the access to the target. Maintaining Access and Placing Backdoors Covering / Clearing Tracks This process is actually an unethical activity. It has to do with the deletion of logs of all the activities that take place during the hacking process.
No thief wants to get caught.
clears all evidence modifying/corrupting/deleting Reporting Reporting is the last step of finishing the ethical hacking process. Here the Ethical Hacker compiles a report with his findings and the job that was done such as the tools used, the success rate, vulnerabilities found, and the exploit processes. Thank You All