CO1

Ethical Hacking Terminologies

Terminologies
Session Agenda

Vulnerability
Attack
Threat
Exploit/ Exploit kit
Backdoor
Brute force Attack
Phases/Steps of Hacking
Terminologies

Vulnerability : A vulnerability is a weakness which

allows a hacker to compromise the security of a
computer or network system.
https://www.cvedetails.com/
https://nvd.nist.gov/
Terminologies
Vulnerability definition
National Institute of Standards and Technology
(NIST): Weakness in an information system,
system security procedures, internal controls, or
implementation that could be exploited or triggered
by a threat source.
ISO 27005: A weakness of an asset or group of
assets that can be exploited by one or more cyber
threats where an asset is anything that has value
to the organization, its business operations and
their continuity, including information resources
that support the organization's mission.
Terminologies
IETF RFC 4949: A flaw or weakness in a
system's design, implementation, or operation and
management that could be exploited to violate the
system's security policy.
ENISA: The existence of a weakness, design, or
implementation error that can lead to an
unexpected, undesirable event compromising the
security of the computer system, network,
application, or protocol involved.
The Open Group: The probability that threat
capability exceeds the ability to resist the threat.
Terminologies

Factor Analysis of Information Risk: The

probability that an asset will be unable to resist the
actions of a threat agent.
ISACA:A weakness in design, implementation,
operation or internal control.
Should known vulnerabilities be publicly
disclosed?
Whether to publicly disclose known vulnerabilities
remains a contentious issue:
Immediate full disclosure: Supporters of
immediate disclosure believe it leads to secure
software and faster patching improving software
security, application security, computer security,
operating system security and information security.
•Limited to no disclosure: While others are
against vulnerability disclosure because they
believe the vulnerability will be exploited.
When does a vulnerability become an
exploitable?
A vulnerability with at least one known, working
attack vector is classified as an exploitable
vulnerability. The window of vulnerability is the time
from when the vulnerability was introduced to when
it is patched.
If you have strong security practices, then many
vulnerabilities are not exploitable for your
organization.
For example, if you have properly configuredS3
security then the probability of leaking data is
lowered.
What is a zero-day exploit?
A zero-day exploit (or zero-day) exploits a zero-
day vulnerability.
A zero-day (or 0-day) vulnerability is a
vulnerability that is unknown to, or unaddressed
by, those who want to patch the vulnerability.
Until the vulnerability is patched, attackers can
exploit it to adversely affect a computer program,
data warehouse, computer or network.
The key thing to understand is the fewer days
since Day Zero, the higher likelihood that no patch
or mitigation has been developed and the higher
the risk of a successful attack.
What causes vulnerabilities?
There are many causes of vulnerabilities including:
1.Complexity: Complex systems increase the
probability of a flaw, misconfiguration or unintended
access.
2.Familiarity: Common code, software, OS &
hardware increase the probability that an attacker can
find or has information about known vulnerabilities.
3.Connectivity: The more connected a device is the
higher the chance of a vulnerability.
4.Poor password management: Weak passwords
can be broken with brute force and force and reusing
passwords can result in one data breach becoming
many.
What causes vulnerabilities?
5.Operating system flaws: Like any software,
operating systems can have flaws. Operating systems
that are insecure by default and give all users full
access can allow viruses and malware to execute
commands.
6.Internet usage: The Internet is full of spyware and
adware that can be installed automatically on
computers.
7.Software bugs: Programmers can accidentally or
deliberately leave an exploitable bug in software.
8.Unchecked user input: If your website or software
assume all input is safe it may execute unintended
SQL commands.
What causes vulnerabilities?

9.People: Biggest vulnerability in a organization is the

human at the end of the system. Social engineering is
biggest threat to the majority of organizations.
 What is vulnerability management?
 Vulnerability management is a cyclical (redundant)
practice of identifying, classifying, remediating and
mitigating security vulnerabilities. The essential
elements of vulnerability management include
vulnerability detection, vulnerability assessment and
remediation.
 Methods of vulnerability detection include:
 Vulnerability scanning
 Penetration testing
 Google hacking
Prevent from Vulnerabilities
If you do not run antivirus and antimalware software,
your laptop or mobile device is vulnerable to
infections.

If you fail to routinely update your operating systems

or application software, these will remain vulnerable to
software problems.
 Top 10 security Web vulnerabilities as per OWASP
 SQL Injection
 Cross Site Scripting(XSS) - malicious scripts are
injected into otherwise benign and trusted websites
 Broken Authentication and Session Management
Insecure Direct Object References - application
provides direct access to objects
 Cross Site Request Forgery - forces an end user to
execute unwanted actions
 Security Misconfiguration
 Insecure Cryptographic Storage
 Failure to restrict URL Access
 Insufficient Transport Layer Protection Un validated
Redirects and Forwards
Attack

Attack : An attack is an action that is done on a

system to get its access and extract sensitive data.
It is an assault on system security and any action
that violates security.
When a threat turns into an actual event, it may
cause an unwanted incident.
Threat
Threat : A threat is a possible danger that
can exploit an existing bug or vulnerability to
compromise the security of a computer or
network system.
harm an asset or cause it to become
unavailable
human error or negligence
Web service or email interruptions, loss or
unintentional disclosure of sensitive
information, and in the emerging Internet of
Things
Threat Actor
a threat actor, also called a malicious actor,
is an entity that is partially or wholly
responsible for a security incident that
impacts –or has the potential to impact –an
organization's security.
Someone or something must express or
pose a threat is called Threat Actor.
Threat actors are individual attackers or
state actors
Disgruntled, under-skilled, or overworked
employees can also pose threats
Target of Evaluation
Target of Evaluation: The system which is
under pen test or attack.
Ethical hackers are usually concerned with
high-value TOEs, systems that contain sensitive
information such as account numbers,
passwords, Social Security numbers, or other
confidential data.
It is the goal of the ethical hacker to test
hacking tools against the high-value TOEs to
determine the vulnerabilities and patch them to
protect against exploits and exposure of
sensitive data.
Exploit
Exploit : Exploit is a piece of software, a
chunk of data, or a sequence of commands
that takes advantage of a bug or vulnerability to
compromise the security of a computer or
network system.
Malicious hackers are looking for exploits in
computer systems to open the door to an initial
attack.
Most exploits are small strings of computer
code that, when executed on a system, expose
vulnerability.
Exploit

Experienced hackers create their own exploits,

but it is not necessary to have any programming
skills to be an ethical hacker as many hacking
software programs have ready-made exploits
that can be launched against a computer
system or network.
Exploit Kit
Exploit Kit : An exploit kit is software system
designed to run on web servers, with the
purpose of identifying software vulnerabilities in
client machines communicating with it and
exploiting discovered vulnerabilities to upload
and execute malicious code on the client.
Backdoor

Back door : A back door, or trap door, is a

hidden entry to a computing device or software
that bypasses security measures, such as
logins and password protections.
Brute Force Attack

Brute force attack : A brute force attack is an

automated and the simplest kind of method to
gain access to a system or website. It tries
different combination of usernames and
passwords, over and over again, until it gets in.
 Remote: The exploit is sent over a network
and exploits security vulnerabilities without
any prior access to the vulnerable system.
 Hacking attacks against corporate computer
systems or networks initiated from the outside
world are considered remote.
 Local: The exploit is delivered directly to the
computer system or network, which requires
prior access to the vulnerable system to
increase privileges.
Phases/Steps of Hacking
Reconnaissance / Information gathering
Scanning and Enumeration
Gaining Access
Maintaining Access and Placing Backdoors
Covering Tracks.
Reconnaissance/Information gathering
Reconnaissance is the phase where the
attacker gathers information about a target.
Example Tools: NMAP, Hping, Maltego, and
Google Dorks.
It is also called as Foot printing and
information gathering Phase. Theft of
information may be:
Network
Host
People involved
Hacking Phase: Reconnaissance
The reconnaissance target range may
include the target organization’s clients,
employees, operations, network, and systems.
This phase allows attackers to plan the
attack.
It may take some time as the attacker
gathers as much information as possible.
Part of this reconnaissance may involve
social engineering.
There are two types of Foot printing
Active: Directly interacting with the target to
gather information about the target. Eg Using
Nmap tool to scan the target.

Passive: Trying to collect the information

about the target without directly accessing the
target. This involves collecting information
from social media, public websites etc.
Scanning and Enumeration
The attacker begins to actively probe a target
machine or network for vulnerabilities that can
be exploited.
Example Tools: Nessus, Nexpose, and NMAP.
Methods:
War Dialing (to find out modem access)
Port Scanning ,
Network Mapping
Largely obsolete due to better firewall rules
Vulnerability Scanning
Scanning: War Dialing
Purpose: Find a modem connection.
Many users in a company install remote PC
software such as PC Anywhere without setting
the software up correctly.
War Dialer finds these numbers by going
through a range of phone numbers listening for
a modem.
Demon Dialer tries a brute force password
attack on a found connection.
Typically: war dialing will find an unsecured
connection.
 Scanning: Network Mapping
 Ping:
 ping is implemented using the Internet
Control Message Protocol(ICMP) Echo
Request.
 A receiving station answers back to the
sender.
 Used by system administrators to check
status of machines and connections.
 Scanning: Network Mapping
 Trace route:
 •Pings a system with ICMP echo requests
with varying life spans (= # of hops allowed).
 •A system that receives a package with
expired numbers of hops sends an error
message back to sender.
 •Trace route uses this to find the route to a
given system.
 •Useful for System Administration
 Port Scanning
 Applications on a system use ports to listen
for network traffic or send it out.
 216 ports available, some for known services
such as http (80), ftp.
 Port scans send various type of IP packages
to target on different ports.
 Reaction tells them whether the port is open
(an application listens).
 Port Scanning: Nmap
 Uses different types of packets to check for
open ports.
 Can tell from the reaction what OS is running,
including patch levels.
 Can run in stealth mode, in which it is not
detected by many firewalls.
The six port states recognized by Nmap
Open
Closed
Filtered
Unfiltered
Open | filtered
Closed | filtered
NMAP scan type
TCP Scan
UDP Scan
SYN Scan
ACK Scan
FIN Scan
NULL Scan
XMAS Scan
IPC Scan
Ideal Scan
 Gaining Access
 The vulnerability is located and you attempt
to exploit it in order to enter into the system.
 Example tool: Metasploit.
 Fault in Policy
 Weak or no authentication, unwarranted trust
relationships.
 Fault in Implementation
 Typical triggered by intentionally malformed
input Extension of a security breach
 Sniffing malware.
Hacking Phase: Gaining Access
This is the phase in which real hacking occurs.
The attacker can gain access to OS,
application, or network level.
Ending processes can stop a service, using a
logic bomb or time bomb, or even reconfigure
and crash the system.
Examples include password cracking, stack-
based buffer overflows, denial-of-service, and
session hijacking.
 Packet flooding also breaks the availability of
essential services.
Maintaining Access and Placing Backdoors
After gaining access, the hacker installs some
back doors in order to enter into the system
when he needs access in this owned system in
future.
Example tool: Metasploit.
Hacker may just hack the system to show it
was vulnerable Software Defects.
•background without the knowledge of the
user.
•Trojans, Rootkits or other malicious files.
•maintain the access to the target.
Maintaining Access and Placing Backdoors
Covering / Clearing Tracks
This process is actually an unethical
activity.
It has to do with the deletion of logs of all
the activities that take place during the
hacking process.

No thief wants to get caught.

clears all evidence
modifying/corrupting/deleting
Reporting
Reporting is the last step of finishing the
ethical hacking process. Here the Ethical
Hacker compiles a report with his findings
and the job that was done such as the tools
used, the success rate, vulnerabilities
found, and the exploit processes.
Thank You All