Certified Ethical Hacker (CEH) : Introduction to Ethical Hacking

Hackers are smart enough to steal information from different organizations using different types of tools and techniques. There are many types of Hackers, we’re discussing some of the most widely known types of hackers, they are:

• White Hat Hackers: white hat hackers or ethical hackers are good hackers. They are the one who is authorized or the certified hackers who work for the government and organizations by performing penetration testing.
• Black Hat Hackers: these are the bad guys. A black-hat hacker is an individual who attempts to gain unauthorized entry into a system.
• Gray Hat Hackers: A grey hat hacker usually has mixed intentions. Gray hat hackers stay in the category between white hat and black hat hackers. They are not legally hackers.
• Script Kiddies: Script Kiddies are the newbies. They are an unskilled person who uses scripts or downloads tools available for hacking provided by other hackers.
• Hacktivists: Hacktivists are the protesters of the online – internet. They would break into systems and infrastructures to ask for attention towards social causes.
• State-Sponsored Hackers: State-sponsored hackers are appointed by the government to provide them cybersecurity and to gain confidential information from other countries.

Terminology

• Vulnerability: A weak point which hackers can exploit to gain access to a machine.
• Exploit: This describes a program, piece of code or even some data written by a hacker or malware writer that is designed to take advantage of a bug or vulnerability in an application or operating system.
• Payload: this refers to the part of the virus that performs malicious actions, such as opening backdoors, hijacking the computer system, compromising data or destroy information.
• Zero-Day attack: this type of threat refers to a threat that is undocumented and hidden from any antivirus scanner installed on the system. Get attacked before releasing any patch for that vulnerability.
• Daisy Chaining: This is a sequential process of attacking to gain access to systems, one after another using the same information obtained from the previous attempt.
• Doxing: This is discovering and collecting information from public accounts, email or other different sources.
• Bot: A bot is a software robot that runs automated tasks/scripts. These are used to control the target remotely and to execute predefined tasks.
• Pishing: this is a technique that tricks users into revealing sensitive information like usernames, passwords or credit card details.
• Malware: this is a software program used to hack computer systems or steal sensitive information. Here include different names like viruses, adware, spyware, keyloggers and etc.
• Ransomware: This is a malware that takes out a user own system and denies access to their files. And instructs them how much and where to send payment, for example: requested in bitcoin, in order to get your files back.
• Spoofing: There an email and IP spoofing. Email spoofing is altering the email header so that it appears to come from your customer, company or bank. IP spoofing is sent altered IP to a computer with appearing to be a trusted host and to allow the sender access to the target machine.
• Brute force attack: This is an automated search for every possible password to a system. This method is widely used to crack passwords to admin accounts.
• Rootkit: Hackers can easily get administrator-level access to the system with these types of programs and set up malware, while simultaneously camouflaging the takeover.
• RAT Remote Access Tool or Remote Access Trojan (RAT) is a type of malware that is installed on your system and the attacker gains complete control of the system.
• Worm: This is standalone malware and not reporting back to a sender. It often using damages computers with self-replicating. But it’s sometimes used to installs back doors on the infected machine.
• Buffer overflow: Buffer overflow attacks are simple exploits that can give an attacker control over a program or process.
• Man-in-the-Middle: A man-in-the-middle attack requires three players. There’s the victim, the entity with which the victim is trying to communicate, and the “man in the middle,” who’s intercepting the victim’s communications. Critical to the scenario is that the victim isn’t aware of the man in the middle.

Elements of Information Security

• Confidentiality: It describes We should make sure that our sensitive data used by only our authorized persons. For security, our sensitive data must be encrypted when using a separate network.
• Integrity: Only authorized users can access and modify data. To manage this process we need always audit our systems.
• Availability: Here describes, always systems and data must be available otherwise it can affect business continuity.
• Authenticity: This is a process that identifies the user or device to grant privileges, access, and certain rules and policies.
• Non-Repudiation: Non-reputation is guaranteed the information send and receiving between the sender and receiver with different techniques such as digital signatures and encryption. This type of communication nor sender neither receiver can not deny what they sent or received.

Top Attack Vectors

• Advanced Persistent Threats – APT: APT is the process of stealing information through a continuous process. APTs are compound attacks involving multiple stages and a variety of attack techniques by a group of skilled hackers.
• Cloud Computing: Cloud computing technology provides organizations with a shared pool of computing resources over the internet, with low costs and guaranteed availability. Cloud Computing has the following Models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). Unfortunately, vulnerabilities have been found in the Cloud environment which leads to attacks. The well-known attacks in the cloud environment is these: Denial of Service Attacks (DoS Attacks), Malware Injection Attack, Brute forcing Attack, Insecure APIs, Poor Security and etc.
• Insider Attack: This is the type of attack that is performed on a system, within corporates network and by a trusted person. That trusted user has privileges and authorized to access network resources.
• Viruses, worms: These are types of malware that propagate by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels. Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program. When the host code is executed, the viral code is executed as well. Worms are standalone malware and not reporting back to a sender. It often using damages computers with self-replicating. But it’s sometimes used to installs back doors on the infected machine.
• Mobile threats: Nowadays mobile phones especially Smartphones can be inflected by the attackers. They can steal personal and business information through mobile devices. The most known threat to mobile devices is these: Spyware, Unsecured Wi-Fi, Data Leakage and etc.
• Botnets: A bot is a software robot that runs automated tasks/scripts. These are used to control the target remotely and to execute predefined tasks.

Top Attack types

• Misconfigurations/Defaults on different systems: During the installation of new devices sometimes the administrator keeps the default configuration, default credentials. So any hackers easily can use this misconfiguration and attack the system.
• Application Threats: Before the release, an application developer must make sure the product tested and verified by the developer. Otherwise, there may a vulnerability in which hackers easily attack the application. In this level, hackers can use these methods to attack: Buffer overflow, phishing, SQL injection, Denial of service and etc.
• Networks Threats: Router, firewall, switch and other network devices always must have strong passwords, updated and patched. Otherwise, hackers can use these methods to attack the network device: Password-based attack, Spoofing, Sniffing, Information gathering, Man-in-the-Middle Attack, DNS attack, DOS attack and etc.
• Operation Systems: In this type of attack, attackers always search for OS vulnerabilities and exploit to attack against the operating system. Some vulnerability of an operating system are: Buffer overflow, Bugs in Operating Systems, Unpatched Operating system

There are five phases of hacking:

• Footprinting and Reconnaissance: this is the first step of the phase in which the attacker preparing the attack by gathering the information about the target. They can use different tools and techniques for that. There are two types of reconnaissance: Passive and Active. In passive methods, hacker collects information from public or social media searching the internet. Inactive methods is gaining information from the target directly. For example emails, calls and etc.
• Scanning: After collecting the required information attacker start scans the network. The scanning phase is a pre-attack phase. They use tools for scan ports, ping the networks and also use vulnerabilities scanner. After all these scans hacker gets information about port status, operation system weakness, live hosts and devices.
• Gaining Access: In this phase, the hacker gets control over the systems: network, application or operating system. They can use different techniques for that like buffer overflow, password cracking, DOS attack and etc. Once accessing the system attacker escalated the privileges to obtain control overall services.
• Maintaining Access: In this phase, the hacker uses different tools for maintaining access and control over the compromised systems. They use backdoors, Rootkits to keep their ownership. They also can use Remote admin tools to steal information and data.
• Clearing Tracks: When all done attacker hides his identity. By hiding malicious activity attacker can maintain access over the system when they want. To avoid that administrator always must audit the logs and use well-known audit software.