Sunday , April 28 2019
Home / Ethical Hacking / Introduction to Ethical Hacking and Penetration Testing
Ethical Hacking and penetration testing

Introduction to Ethical Hacking and Penetration Testing

In this blog, I’m going to share a lot of modules that are obviously used in ethical hacking and penetration testing. Following are the modules I will be talking about in detail.

  • Hacking
  • Hackers and Types
  • Vulnerabilities
  • Exploits
  • Programming
  • Malwares
  • Zero-day Vulnerability
  • Zero-day Attack
  • Defense in depth Strategy
  • Penetration Testing
  • Pentest Types and Methodologies
  • Vulnerability Management
  • Incident Management
  • Security Policy Development

Now let’s start with hacking.

Hacking

Hacking is an art of exploitation or hacking is an art of exploring various security breaches. Hackers uses their deep IT knowledge to find the loopholes or flaws in a software or web application. They find the ways to breach the application by any means with the help of their skills by the consent of related owner.

Different hackers uses various motives and techniques. Many security modules (software) are also available which let the hackers to make the attempt possible.

Hacking and Ethical Hacking both are same but integrity is the only thing that plays role in between them. Hacking can be used for betterment of network or it can be used for damaging the network.

Hackers

All hackers are not identified as the same, all have different means to hacking. It is not appreciated what they do, but the integrity part what they play while hacking. There are various kinds of hackers, we should discuss them first before moving forward.

1. White Hat Hackers

White hat hackers are also known as ethical hackers. Ethical hackers test the resources for good means with permission from the owner of particular web resource/s. They find the flaws for the betterment of particular resource. They seek for the weakness and make a defensive strategy against the vulnerability.

2. Black Hat Hackers

Black hat hackers are usually termed as cyber criminals who use to steal data over the internet. They use their skills and techniques in the wrong way finding some weakness to breach the web resources. They are the malicious hackers who have the intent to break into something.

3. Grey Hat Hackers

Grey hat hackers fall in between white and black hat hackers. They are curious to find and learn about new technological skills. They usually search for a vulnerability and inform about it to the respective company. In return they get some bounty for discovering the weaknesses according to their bug bounty program.

Hacking concentrates on vulnerabilities and exploits.

Vulnerabilities

Vulnerability is a weakness (weak line/code) in software settings. Hackers can get access to any software if the weakness is not patched/removed in the earliest of times. Hackers can gain access very easily if the software or web application contains vulnerabilities. Vulnerability is the intersection of three elements that includes a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. Vulnerability pose risk to the existence of an organization. The serious steps should be taken to mitigate the risks at all.

Exploits

Exploits can be a code, data or software that are used to attack on any particular web application. The exploit contains malicious data which are used to harm any web resources, depending upon the content of hacker. Exploits scan a computer or any resource to gain access by the instructions written by programmer. Any vulnerability or weakness in a web resource or software can be exploited to gain access. If a vulnerability can be exploited it should be known as exploitable vulnerability. Hackers uses specific tools/software to exploit a vulnerability.

  • Attack Surface

Any vulnerability that leads to exploitation by the attacker is known as attack surface.

  • Script Kiddies

Newbies that are unaware of hacking skills and techniques uses scripts/exploits that are written by someone                 else are known as script kiddies.

Programming

Programming plays an important role and is really necessary for hacking whether its for good or bad purpose. To talk about exploits, we learned that these are written in any programming language whether its python, C++, C# or any other no matter. Programming helps the hacker a lot in discovering new ideas to achieve something new. After all hundreds or even thousands of exploits are written for different purposes. Programming is a piece of mind storming where a person can provide any kind of instructions to computer and eventually computer will response depending upon the instructions given by the programmer. For making a master blaster exploit you must have very good programming skills. You don’t need to learn every thing but you need to make yourself expertise in just even one or more things.

I want to share a brief story about one of the great hacker of all times i.e Kevin David Mitnick (born August 6, 1963) is an American computer security consultant, author and hacker, best known for his high-profile 1995 arrest and later five years in prison for various computer and communications-related crimes. He wrote mind blowing exploit and gained access to one of the secure computers of that time, yes its pentagon’s computer.

Malwares

Any types of program that is created with the intent to harm any computer, software or any resources. Well, I’ve a detailed topic written over malwares, how it can affect your computer and their types so on and so forth, please visit here on my blog post to learn more.

Zero-day Vulnerability

Zero day vulnerability refers to a security weakness or loophole in a software that are unknown of vendor. The vulnerability that is not identified before the the attack happens, is known as zero day vulnerability.

Zero-day Attack

The security hole is then exploited by the attacker in order to gain unauthorized access. Exploits that are not published or not identified are known as zero-day exploits.

What causes zero-day attack?

  1. The developers are unaware of security hole in their software.
  2. The developers don’t have time to fix it and release a patch.
  3. The developers ignored the weaknesses in the start of development.

Once the patch is available it is no longer zero day attack. Grey hat hackers usually inform the company and organizations about the vulnerability to get some bounty in return. In this way the organizations take serious requisite steps to avoid the cyber warfare.

Defense in depth Strategy

The principle of defense in depth is layered security mechanism. It enhances the the security of network giving a tough time to an attacker to break into the network. If by chance one layered is attacked by the attacker and he got access to that particular layer the other layers could hold on the attacker from further breach. Layered security mechanism is much more complex than anyone can think of, it increase the complexity of network binding such that it becomes very difficult for the attacker to get further access. Multiple layers are associated with multiple security levels to ensure the tightness of security walls. Every layer has different policy and procedure depending what it is going to defend and what it is used to provide to the network architecture.

Following are the parts of layered security mechanism.

1. Data Link Layer

ACL and encryption

2. Application Level

Antivirus and application hardening software

3. Host Level

OS hardening, patch implementation authorization, HIDS, etc

4. Internal Network Level

Network segments, IPsec, NIDS, etc

5. Perimeter Level

Firewalls and VPN quarantining

Penetration Testing

Penetration testing includes same methods that a hacker uses while hacking the system to get unauthorized access. But ethical hackers uses penetration testing for finding the weaknesses, flaws and loopholes to acknowledge the organization about their system sensitivity. The purpose of penetration testing is to check the security policy and to check whether the security measures are fulfilled or left some flaws behind according to their security policy. The hacker who wants to penetrate into the network has an opposite intent of 180 degree from a professional ethical hacker who the a positive intent to make the network secure. He doesn’t have a malicious intent. The difference between both penetration testing is only the permission from vendor.

Pentest Types

Well you should be aware of penetration testing so let’s jump forward to the types of penetration testing.

1. External Testing

External testing is the conventional approach to the penetration testing. This kind of testing is focused on sever’s infrastructure and no prior knowledge of site is required. External testing is done by the professional ethical hackers before the disclosure of what typology and what environment should be used.

2. Internal Testing

Internal testing also uses the same methods and techniques as the external testing. But this testing describes a more versatile view of the network. Internal testing is done in a separate and unique way where the vendor gives full permission to the ethical hacker to go into and see what weaknesses a malicious hacker can break through. Internal testing can be performed from various access points including logical and physical points. Infect penetration testing gives a snapshot of network’s security at any point and at any time.

3. Black-box Testing

In black box testing an ethical hacker doesn’t have any prior knowledge to the target resource. He works as black hat hacker and tries his best to get an authorized access to the target without vendor’s consent. He breaks into the system and checks every single point that should be considered as vulnerable depending on the project scope and validity.

4. Grey-box Testing

Grey box testing is conducted with a limited knowledge of the target infrastructure, defense mechanism and communication channel on which the test is conducted. In this kind of testing an organization gives a very small amount of information to the ethical hacker to reveal the rest of information. The security researcher is given initial information to save some profitable time.

5. White-box Testing

White box testing is conducted with a full knowledge of the target infrastructure, defense mechanism and communication channel on which the test is conducted. In this kind of testing an organization gives maximum information to the ethical hacker to reveal if any person within the organization has full privileges to the system can do harm the organization’s infrastructure or security related sensitive stuff.

Pentest Methodologies

The methodologies has the following 4 points:

1. Footprinting

Footprinting is a process of creating a blue print of organization’s network. Footprinting includes determining the target system, application or software and the physical location of the target. Some specific information about the network is gathered in the footprinting phase by the help of non intrusive methods.

2. Scanning

Scanning is used to locate systems that are live and are responding. We can use scanning tool to find the IP addresses and the server information and OS information. Ports are also scanned by this methodology which are open.

There are two kinds of scanning:

  • Port Scanning

Port scanning is used to check which ports are open on a particular network.

  • Network Scanning

Network scanning identifies IP addresses on a network or on subnet.

3. Enumeration

Enumeration contains detail information about the target system. Process of gathering usernames, passwords, network resources services, etc.

4. Penetration

Penetration is the fourth methodology where the ethical hacker penetrates into the target system to find the flaws and weaknesses and report them back to the administrator. Here the ethical hackers are given privileges to penetrate into the system and make the system secure more than before by finding the flaws and eliminating the weaknesses.

Vulnerability Management

Vulnerability management is the discovery of the vulnerability that involves the identification,  classification and mitigation of vulnerability. The mitigating tools used for vulnerability management are known as vulnerability scanner.

Vulnerability Management uses the 6 steps:

  1. Discover and inventory assets
  2. Categorize and prioritize assets
  3. Scan for vulnerabilities
  4. Report and classify
  5. Apply fixes, patches
  6. Reconfirm and fix again

Incident Management

Any incident or flaw in any organization’s network may cause a serious threat to its business therefore, every organization has an IT incident management team that look up for the particular incident and make the things resolve as early as possible giving a very small loss the business of organization.

Let’s learn about the incident management plan. Following are the points to be noted:

  1. Identify
  2. Analyze
  3. Gather
  4. Contain
  5. Mitigate
  6. Eradicate
  7. Update (policy)

Security Policy Development

Every IT or non IT organization has security policy which are designed in order to defend the infrastructure of one organization against the intruders.

Security policy contains the following points:

  1. Identify the stakeholders
  2. Define implementation
  3. Identify development method
  4. Develop policy list
  5. Describe each policy
  6. Identify updated triggers
  7. Review policy and procedures

This was all from Introduction to Ethical Hacking, if you further like to read hacking techniques please do visit our hacking category.

About Kamran Mohsin

Kamran Mohsin
Kamran Mohsin is a Certified Ethical Hacker. Currently working as a Penetration Tester within a private company in Pakistan. He is also doing Masters in information Security. He worked in web development (front-back-end) from recent back years. With the passage of time he took interest in Hacking and started to write blogs on IS from late 2015.

Check Also

Pakistan First OSCE Certified

Pakistan First OSCE Certified

Etizaz Mohsin is Pakistan first OSCE Certified who successfully achieved Offensive Security Certified Expert Certification …

5 comments

  1. Avatar

    An impressive share! I’ve just forwarded this onto a coworker who was conducting a little
    homework on this. And he in fact bought me dinner because
    I discovered it for him… lol. So allow me to reword this….
    Thanks for the meal!! But yeah, thanks for spending time
    to discuss this issue here on your site.

  2. Avatar

    Valuable and critical information. Thanks for sharing so rooted clue which is highly appreciated

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: