"The question is not whether we will be extremists, but what kind of extremists we will be. . . The nation and the world are in dire need of creative extremists." -- Martin Luther King Jr.
Today is the first of many articles to come what were focusing on today is ethical hacking for i.e Pen Testers I just want to start off with the basic disclaimer:I'm not responsible or liable for the use or misuse of the information about to be givin.....in anyway!
OK!Now that we have that out of the way let's begin.
-------------------------------------
Essential terms used by Pen Testers.|
-------------------------------------
Threat:Any action and or event taht might compromise security.
Exploit:A defined way to breach the security of a IT system trough vulnerabilty.
Vulnerability:Existence of a weakness,desighn,or implementation error that can lead to an unexpected,undesirable event compromising the security of the system.
Target of Evaluation:An IT system,product,or component that is idetified needing security evaluation.
Attack:a assault on given system
security that comes from a itelligent threat i.e you
---------------------------------
What does a attacker do exactly?|
---------------------------------
Now what does a attacker do ecactly?When I say this I mean the proper way a pro does things to secure himself and the system as quickly as possible without legal ramifications this may not be the way evrybody does things but this is a basic out line of how it "should" be done.
1.Reconnaissance
-Active/Passive
2.Scanning
3.Gaining Access
-Operating system level/application level
-Network level
-Denial of service
4.Maintaining access
-Uploading/altering/downloading programs or data
Passive recon
-------------
Involves acquiring info without directly interacting with the target.(Fr example,searching public releases.records,or news releases.Theres more but I'll leave up to your judgement)
Active Recon
------------
Involves Interacting with the target by anymeans.(For example,Telephone calls to the help desk or technical department)
-Gaining access refers to the penetration phase.The hacker exploits the vulnerability in the system.
-The exploit can occur over LAN,the internet,or as a deception or theft.(Examples include buffer overflows,denial of service,session hijacking and password cracking)
-Ifluencing factors include architecture and conifiguration of the target system,the skill level of the hacker,and the initial level of access obtained.
-Maintaing Access refers to the phase whn the hacker tries to retain his ownership of the system.
-The hacker has compromised the system.
-Hackers may harden the system from other hackers as well(to own the system)by securing thier exclusive access with backdoors,Rootkits,or Trojans(R) j/k :)
-Hackers can upload,download,or manipulate data,applications,and configurations on the "Owned" system.
Now as much as I want to go into explanation of the techniques I think it would be better if you googled them and read up on them yourself after all I'm not here to spoon feed. :)
However In the next articles I will explain the 5 steps in depth along with some tool recomendations used by the pros!So were even ok?
So thats all for now more to come probably about evry other day Stay tuned for the next article.
Titled:Footprinting
Peace,
Static-Out
Cast your vote on this article 10 - Highest, 1 - Lowest
Comments: Published: 13 comments.
HackThisSite is the collective work of the HackThisSite staff, licensed under a CC BY-NC license.
We ask that you inform us upon sharing or distributing.
