Hacking
a. Hacker types
Hacker
- An individual who uses their computer and technical skills to gain access to systems and networks.
- 🤗 A common theory is that a hacker meant initially anyone who possessed skills and knowledge and determination to solve problems in a creative way.
- There are arguments against it never was a benign term and the malicious connotations of the word were a later perversion is untrue.
Black hat hackers
- 📝 Uses knowledge and skills to discover and exploit security vulnerabilities for financial gain or other malicious reasons
- Bad guys
- No regard of law & regulations etc.
- Activities include stealing personal and financial information or shutting down websites and networks
- E.g. bank robbing
White hat hackers
- Also known as ethical hackers
- 📝 Uses knowledge and skills to improve a system’s security by discovering vulnerabilities before black hats do.
- Will not break laws and regulations
- Scope is determined by the client
- E.g.
- Publish vulnerabilities
- Do penetration tests
- ❗Participate in bounty programs to claim rewards.
- Benefiting financially from hack is not illegal
Ethical hacking
- Also known as white hat hacking
- Performed by security specialists to help companies identify vulnerabilities in their networks and systems.
- Helps them analyzing and strengthening their system and network security
- Allows for creating preventive measures that should prevent any future security breaches as well as protect data and information stored in the system.
- Difference from black-hat hacking:
- Hacking with permission of system owner
- They remain compliant to the law
- Purpose is to prevent hackers from breaking into systems and networks.
- Flow
- Find vulnerabilities
- Assess problems & threats about them
- Offer solutions e.g. you can do to fix this
- Inform within the company
- Ethical hackers should ask themselves when evaluating a system: (also companies asks often “why would we fix it?” in three questions)
- What is it that an attacker can see on this network/system?
- What could the attacker do with that knowledge?
- Are there any traces of attempted attacks on the system/network?
Ethical hacking scope
- No test should be performed without appropriate permissions and authorization.
- Test results should be kept confidential
- Only those tests that the client requested should be performed
Grey hat hackers
- Also known as grayhat, gray hat, gray-hat, grey hat, greyhat or grey-hat hackers.
- 📝 Might break laws, regulations and ethical standards but do not have explicitly malicious indent.
- Middleground; Not as bad as black, not as ethical as white hackers.
Suicide hackers
- 📝 Perform attacks for a cause despite the risk of being caught and prosecuted.
- E.g. they’ll know for sure that they’ll get caught but they still attempt the hack for a “cause”.
Script kiddies
- 📝 Inexperienced hackers who don’t have enough knowledge or skills to perform hacks on their own
- Instead, they use tools and scripts developed by more experienced hackers.
- Dangerous because running the closed-sourced tools on one’s own system is a big risk.
Cyber terrorists
- Money is not the priority, but to destroy stuff.
- Influenced by religious or political beliefs.
- 📝 Goal is to promote fear, unrest and disruption.
State sponsored hackers
- 📝 Recruited by governments
- Gain access to classified information of other governments
- Information source can be governments, individuals or corporations.
Hacktivists
- 📝 Break into government and corporate systems out of protest.
- Promotes political or social agenda.
- E.g. steal and leak data on public domain
CEH-in-bullet-points/chapters/01-introduction/hacker-types.md at master ·
- Also known as footprinting, fingerprinting or information gathering
- 📝 Reconnaissance, noun, preliminary surveying or research about the target.
- 📝 Necessary first step as an attack would not be successful without it.
- Hacker utilizes information from previous stage to conduct more technical scan.
- Often maps the routers and firewalls
- Use tools such as port scanners, network mappers, vulnerability scanners, etc.
- In scanning you’re acting on gathered information to gather information
- Examples
| Reconnaissance | Scanning |
|---|---|
| Scan the perimeter network you need the IP addresses | Use e.g. nmap to figure out what the configuration is. |
| Get e-mails. | Use phishing to gather personal data |
| Learn where service physically are | Do dumpster diving |
- Attack stage
- Steps:
- Find an entry point to the target OS or application on the system
- Use it to perform the attack
- Hackers may escalate privileges to gain complete control over the system/network.
- Examples:
- Password crack with brute-force or dictionary attack
- Exploit buffer overflow
- Session hijack
- DoS attacks
- Keeping admin/root privileges so hacker can continue using the system.
- After breaking into a system, you attempt to elevate privileges to do more.
- Maintain persistent access, because your connection might break, then you start again
- Can prevent other hackers from accessing the system by installing backdoors, rootkits, or trojans.
- 💡 You can install tools to give you persistance access and gathers data to use compromise more such as keylogger.
- 💡 You can use the machine as proxy so all traces are lead back to the proxy.
- You can minimize the risks being discovered this way.
- ❗ As pen-tester document those as you’ll get other people in trouble
- Hackers do everything they can do to hide their activities
- Goal is to maintain the access to the system but remain unnoticed in the process.
- If you’re detected: the vulnerability will be patched and you’ll lose access.
- Vital to clear all tracks as fast as possible, or if it’s possible generate none.
- Activities:
- Clear certain entries in log files: Not all, or it’ll be suspicious
- Masquerade your activities: Make them as similar as possible as legitimate activities
- E.g. a good keylogger masquerade itself behind legitimate activities
- Mimics other programs behavior by adding more behavior.
- E.g. a good keylogger masquerade itself behind legitimate activities
CEH-in-bullet-points/chapters/01-introduction/hacking-stages.md at master · undergroundwires/CEH-in-bullet-points · GitHub
