Hackers and Cyber Crimes: Types of Hackers, Hackers and Crackers

Introduction
Computers and the Internet have changed the work environment of the
world beyond imagination. Computers on taking over a major part of our
lives, all our data has got transferred from records and ledgers to
computers. Though this kind of shift in working has reduced the physical
burden on workers it has also increased the chances of data theft. People
involved in stealing data or harming the systems are knowledgeable
people with wrong intentions known as Hackers. There are different types
of hackers. Let’s take a look at how many types of hackers are there and
the types of hacker attacks and techniques.
Who is a Hacker?
A hacker is ideally a person who is skilled in information technology. He
uses his technical knowledge to overcome an obstacle or sometimes even
achieve a goal within a computerized system. However, in recent times,
the term hacker is always associated with a security hacker – someone
who is always on the lookout for ways to acquire and exploit sensitive
personal, financial and organizational information, which is otherwise not
accessible to them. Legitimate figures often use hacking for legal
purposes.
How does Hacking Work?
Hackers are highly skilled in breaching securities to gain unauthorized
access to phones, tablets, computers, IoT devices, networks, or the
networking system of an entire organization. They are generally very
proficient in exploiting weaknesses in network security, taking advantage
of the same. These weaknesses can be technical or social in nature.
 Technical weaknesses: Hackers are extremely talented in
exploiting software vulnerabilities or weak security practices. They
do this to gain unauthorized access or even sometimes to inject
malware that would crumple the entire system.
 Social weaknesses: This kind of social engineering is done to
convince those with privileged access to click on malicious links,
open infected files, or reveal personal information. This allows them
access to otherwise hardened infrastructures.
Types Of Hackers
Computers and the Internet have changed the work environment of the
world beyond imagination. Computers on taking over a major part of our
lives, all our data has got transferred from records and ledgers to
computers. Though this kind of shift in working has reduced the physical
burden on workers it has also increased the chances of data theft. People
involved in stealing data or harming the systems are knowledgeable
people with wrong intentions known as Hackers. There are different types
of hackers. Let’s take a look at how many types of hackers are there and
the types of hacker attacks and techniques.

1. White Hat / Ethical Hackers

2. Black Hat Hackers
3. Gray Hat Hackers
4. Script Kiddies
5. Green Hat Hackers
6. Blue Hat Hackers
7. Red Hat Hackers
8. State/Nation Sponsored Hackers
9. Hacktivist
10. Malicious insider or Whistleblower
1) White Hat Hackers
White hat hackers are types of hackers who’re professionals with
expertise in cybersecurity. They are authorized or certified to hack the
systems. These White Hat Hackers work for governments or organizations
by getting into the system. They hack the system from the loopholes in
the cybersecurity of the organization. This hacking is done to test the
level of cybersecurity in the organization. By doing so, they identify the
weak points and fix them to avoid attacks from external sources. White
hat hackers work per the rules and regulations the government sets.
White hat hackers are also known as ethical hackers.

Motives & Aims: The goals of these types of hackers are helping
businesses and an appetite for detecting gaps in networks’ security. They
aim to protect and assist companies in the ongoing battle against cyber
threats. A White Hat hacker is any individual who will help protect the
company from raising cyber crimes. They help enterprises create
defences, detect vulnerabilities, and solve them before other
cybercriminals can find them.

2) Black Hat Hackers

Black hat hackers are also knowledgeable computer experts but with the
wrong intention. They attack other systems to get access to systems
where they do not have authorized entry. On gaining entry they might
steal the data or destroy the system. The hacking practices these types of
hackers use depend on the individual’s hacking capacity and knowledge.
As the intentions of the hacker make the hacker a criminal. The malicious
action intent of the individual cannot be gauged either can the extent of
the breach while hacking

Motives & Aims: To hack into organizations’ networks and steal bank
data, funds or sensitive information. Normally, they use the stolen
resources to profit themselves, sell them on the black market or harass
their target company.
3) Gray Hat Hackers
The intention behind the hacking is considered while categorizing the
hacker. The Gray hat hacker falls between the black and white hat
hackers. They are not certified, hackers. These types of hackers work with
either good or bad intentions. The hacking might be for their gain. The
intention behind hacking decides the type of hacker. If the intention is for
personal gain, the hacker is considered a gray hat hacker.

Motives & Aims: The difference is, they don’t want to rob people nor
want to help people in particular. Rather, they enjoy experimenting with
systems to find loopholes, crack defenses, and generally find a fun
hacking experience.

4) Script Kiddies
It is a known fact that half knowledge is always dangerous. The Script
Kiddies are amateurs types of hackers in the field of hacking. They try to
hack the system with scripts from other fellow hackers. They try to hack
the systems, networks, or websites. The intention behind the hacking is
just to get the attention of their peers. Script Kiddies are juveniles who do
not have complete knowledge of the hacking process.
Motives & Aims: One standard Kiddie Script attack is a DoS (Denial of
Service) or DDoS attack (Distributed Denial of Service). This simply means
that an IP address is flooded with too much excessive traffic that it
collapses. Consider several Black Friday shopping websites, for instance. It
creates confusion and prevents someone else uses the service.
5) Green Hat Hackers
Green hat hackers are types of hackers who learn the ropes of hacking.
They are slightly different from the Script Kiddies due to their intention.
The intent is to strive and learn to become full-fledged hackers. They are
looking for opportunities to learn from experienced hackers.

6) Blue Hat Hackers

Blue Hat Hackers are types of hackers who’re similar to Script Kiddies. The
intent to learn is missing. They use hacking as a weapon to gain
popularity among their fellow beings. They use hacking to settle scores
with their adversaries. Blue Hat Hackers are dangerous due to the intent
behind the hacking rather than their knowledge.

7) Red Hat Hackers

Red Hat Hackers are synonymous with Eagle-Eyed Hackers. They are the
types of hackers who’re similar to white hackers. The red hat hackers
intend to stop the attack of black hat hackers. The difference between red
hat hackers and white hat hackers is that the process of hacking through
intention remains the same. Red hat hackers are quite ruthless when
dealing with black hat hackers or counteracting malware. The red hat
hackers continue to attack and may end up having to replace the entire
system setup.

Above are 7 types of hackers broadly referred to in the cybersecurity

world.

The three types of hackers listed below work in different capacities.

8) State/Nation Sponsored Hackers

Government appoints hackers to gain information about other countries.
These types of hackers are known as State/Nation sponsored hackers.
They use their knowledge to gain confidential information from other
countries to be well prepared for any upcoming danger to their country.
The sensitive information aids in being on top of every situation but also in
avoiding upcoming danger. They report only to their governments.

9) Hacktivist
These types of hackers intend to hack government websites. They pose
themselves as activists, so known as a hacktivist. Hacktivists can be an
individual or a bunch of nameless hackers whose intent is to gain access
to government websites and networks. The data gained from government
files accessed are used for personal political or social gain.

10) Malicious insider or Whistleblower

These types of hackers include individuals working in an organization who
can expose confidential information. The intent behind the exposure
might be a personal grudge against the organization, or the individual
might have come across illegal activities within the organization. The
reason for exposure defines the intent behind the exposure. These
individuals are known as whistleblowers.

Conclusion
Information is widely available over the internet. Keen individuals can
learn and adapt to them immediately. The intent behind hacking is what
sets the hackers apart. The knowledge is used for harming individuals or
governments or for personal gain, which makes hackers dangerous. The
types of hacker attacks vary from organization to organization. The
intensity and type of attack are dependent on the hackers’ ability to find
the loophole and penetrate the security system. This has therefore put a
lot of pressure on all organizations to always be up to date with their
Cybersecurity precautions.
Difference between Hackers and Crackers
For so many years, there is a debate between hackers and crackers. Both terms are
linked with one subject which is Hacking. Hacking may be defined as the technique
or planning which is done to get access to unauthorized systems. Simply we can say
gaining access to a network or a computer for illegal purposes. The person who does
that is very intelligent and skilled in computers. The person who is skilled in Hacking
are divided into 2 categories:
1. Hackers: Hackers are kind of good people who do hacking for a good
purpose and to obtain more knowledge from it. They generally find
loopholes in the system and help them to cover the loopholes. Hackers are
generally programmers who obtain advanced knowledge about operating
systems and programming languages. These people never damage or harm
any kind of data.
2. Crackers: Crackers are kind of bad people who break or violate the system
or a computer remotely with bad intentions to harm the data and steal it.
Crackers destroy data by gaining unauthorized access to the network. Their
works are always hidden as they are doing illegal stuff. Bypasses passwords
of computers and social media websites, can steal your bank details and
transfer money from the bank.
 The Difference between Hackers and Crackers:

Hacker Cracker

The good people who hack for knowledge The evil person who breaks into a system for
purposes. benefits.

They are skilled and have advanced

knowledge of computers OS and They may or may not be skilled, some
programming languages. crackers just know a few tricks to steal data.

They work in an organization to help protect

their data and give them expertise in internet These are the person from which hackers
security. protect organizations.

Hackers share the knowledge and never If they found any loophole they just delete
damages the data. the data or damages the data.

Crackers are unethical and want to benefit

Hackers are the ethical professionals. themselves from illegal tasks.

Hackers program or hacks to check the Crackers do not make new tools but use
integrity and vulnerability strength of a someone else tools for their cause and harm
network. the network.

Hackers have legal certificates with them e.g Crackers may or may not have certificates, as
CEH certificates. their motive is to stay anonymous.

They are known as White hats or saviors. They are known as Black hats or evildoers.

Cyber Attacks and Vulnerabilities

A vulnerability in cyber security refers to any weakness in an information

system, system processes, or internal controls of an organization. These
vulnerabilities are targets for lurking cybercrimes and are open to
exploitation through the points of vulnerability.
These hackers are able to gain illegal access to the systems and cause
severe damage to data privacy. Therefore, cybersecurity vulnerabilities
are extremely important to monitor for the overall security posture as
gaps in a network can result in a full-scale breach of systems in an
organization.

Examples of Vulnerabilities
Below are some examples of vulnerability:

 A weakness in a firewall that can lead to malicious hackers getting into a

computer network
 Lack of security cameras
 Unlocked doors at businesses

All of these are weaknesses that can be used by others to hurt a business
or its assets.

How is vulnerability different from a

cyber security threat and risk?
Vulnerabilities are not introduced to a system; rather they are there from
the beginning. There are not many cases involving cybercrime activities
that lead to vulnerabilities. They are typically a result of operating system
flaws or network misconfigurations. Cyber security threats, on the other
hand, are introduced to a system like a virus download or a social
engineering attack.

Cyber security risks are generally classified as vulnerabilities, which can

lead to confusion as they are not one and the same. Risks are actually the
probability and impact of a vulnerability being exploited. If these two
factors are low, then the risk is low. It is directly proportional, in which
case, the inverse is also true; high probability and impact of vulnerabilities
lead to high risks.
The impact of cyberattacks is, generally, tied to the CIA triad of the
resource. Some common vulnerabilities pose no risk when the
vulnerability has not much value to an organization.

When does a vulnerability become

exploitable?
A vulnerability, which has at least one definite attack vector is an
exploitable vulnerability. Attackers will, for obvious reasons, want to
target weaknesses in the system or network that are exploitable. Of
course, vulnerability is not something that anyone will want to have, but
what you should be more worried about is it being exploitable.

There are cases when something that is vulnerable is not really

exploitable. The reasons could be:

1. Insufficient public information for exploitation by attackers.

2. Prior authentication or local system access that the attacker may not have
3. Existing security controls

Strong security practices can prevent many vulnerabilities from becoming

exploitable.

What causes the vulnerability?

There are many causes of Vulnerabilities like:

1. Complex Systems – ‍Complex systems increase the probability of

misconfigurations, flaws, or unintended access.
2. Familiarity – Attackers may be familiar with common code, operating
systems, hardware, and software that lead to known vulnerabilities.
3. Connectivity – ‍Connected devices are more prone to have vulnerabilities.
4. Poor Password Management – ‍Weak and reused passwords can lead
from one data breach to several.
 5. OS Flaws – ‍Operating systems can have flaws too. Unsecured operating
systems by default can give users full access and become a target for
viruses and malware.‍
6. Internet – ‍The internet is full of spyware and adware that can be installed
automatically on computers.
7. Software Bugs – Programmers can sometimes accidentally, leave an
exploitable bug in the software.
8. Unchecked user input – ‍If software or a website assumes that all input
is safe, it may run unintended SQL injection.
9. People – Social engineering is the biggest threat to the majority of
organizations. So, humans can be one of the biggest causes of
vulnerability.

Check out our Ethical Hacking training course to learn more!

Types of Vulnerabilities
Below are some of the most common types of cybersecurity
vulnerabilities:

System Misconfigurations

Network assets that have disparate security controls or vulnerable

settings can result in system misconfigurations. Cybercriminals commonly
probe networks for system misconfigurations and gaps that look
exploitable. Due to the rapid digital transformation, network
misconfigurations are on the rise. Therefore, it is important to work with
experienced security experts during the implementation of new
technologies.

Out-of-date or Unpatched Software

Similar to system misconfigurations, hackers tend to probe networks for

unpatched systems that are easy targets. These unpatched vulnerabilities
can be exploited by attackers to steal sensitive information. To minimize
these kinds of risks, it is essential to establish a patch management
schedule so that all the latest system patches are implemented as soon as
they are released.

To get to know more about the cyber security consultant career

check out this blog!

Missing or Weak Authorization Credentials

A common tactic that attackers use is to gain access to systems and

networks through brute force like guessing employee credentials. That is
why it is crucial that employees be educated on the best practices of
cybersecurity so that their login credentials are not easily exploited.

Malicious Insider Threats

Whether it’s with malicious intent or unintentionally, employees with

access to critical systems sometimes end up sharing information that
helps cyber criminals breach the network. Insider threats can be really
difficult to trace as all actions will appear legitimate. To help fight against
these types of threats, one should invest in network access control
solutions, and segment the network according to employee seniority and
expertise.

Missing or Poor Data Encryption

It’s easier for attackers to intercept communication between systems and

breach a network if it has poor or missing encryption. When there is poor
or unencrypted information, cyber adversaries can extract critical
information and inject false information onto a server. This can seriously
undermine an organization’s efforts toward cyber security compliance and
lead to fines from regulatory bodies.

Get our Cyber Security course in Hyderabad to learn more about

Cyber Security from the basics!
Zero-day Vulnerabilities

Zero-day vulnerabilities are specific software vulnerabilities that the

attackers have caught wind of but have not yet been discovered by an
organization or user.

In these cases, there are no available fixes or solutions since the

vulnerability is not yet detected or notified by the system vendor. These
are especially dangerous as there is no defense against such
vulnerabilities until after the attack has happened. Hence, it is important
to remain cautious and continuously monitor systems for vulnerabilities to
minimize zero-day attacks.

What is Vulnerability Management?

Vulnerability management is the cyclical practice consisting of
identification, classification, remediation, and mitigation of security
vulnerabilities. There are three essential elements of vulnerability
management viz. vulnerability detection, vulnerability assessment, and
remediation.

Vulnerability Detection

Vulnerability detection includes the following three methods:

 Vulnerability scanning
 Penetration testing
 Google hacking

Cyber Security Vulnerability Scan

As the name suggests, the scan is done to find vulnerabilities in

computers, applications, or networks. For this purpose, a scanner
(software) is used, which can discover and identify vulnerabilities that
arise from misconfiguration and flawed programming within a network.
Some popular vulnerability scanning tools are SolarWinds Network
Configuration Manager (NCM), ManageEngine Vulnerability Manager Plus,
Rapid7 Nexpose, Acunetix, Probely, TripWire IP 360, etc.

Penetration Testing

Penetration testing or pen testing is the practice of testing an IT asset for

security vulnerabilities that an attacker could potentially exploit.
Penetration testing can be automated or manual. It can also test security
policies, employee security awareness, the ability to identify and respond
to security incidents, and adherence to compliance requirements.

Google Hacking

Google hacking is the use of a search engine to locate security

vulnerabilities. This is achieved through advanced search operators in
queries that can locate hard-to-find information or data that has been
accidentally exposed due to the misconfiguration of cloud services. Mostly
these targeted queries are used to locate sensitive information that is not
intended for public exposure.

Cyber Security Vulnerability Assessment

Once a vulnerability is detected, it goes through the vulnerability

assessment process. What is a vulnerability assessment? It is a process of
systematically reviewing security weaknesses in an information system. It
highlights whenever a system is prone to any known vulnerabilities as well
as classifies the severity levels, and recommends appropriate remediation
or mitigation if required.

The assessment process includes:

 Identify vulnerabilities: Analyzing network scans, firewall logs, pen test

results, and vulnerability scan results to find anomalies that might
highlight vulnerabilities prone to cyber-attacks.
 Verify vulnerabilities: Decide whether an identified vulnerability could
be exploited and classify its severity to understand the level of risk
 Mitigate vulnerabilities: Come up with appropriate countermeasures
and measure their effectiveness if a patch is not available.
 Remediate vulnerabilities: Update affected software or hardware
wherever possible.

There are several types of vulnerability assessments:

 Network-based assessment: This type of assessment is used to identify

potential issues in network security and detect systems that are
vulnerable on both wired and wireless networks.
 Host-based assessment: Host-based assessment can help locate and
identify vulnerabilities in servers, workstations, and other network hosts. It
generally assesses open ports and services and makes the configuration
settings and the patch management of scanned systems more visible.
 Wireless network assessment: It involves the scanning of Wi-Fi
networks and attack vectors in the infrastructure of a wireless network. It
helps validate that a network is securely configured to avoid unauthorized
access and can also detect rogue access points.
 Application assessment: It is the identification of security vulnerabilities
in web applications and their source code. This is achieved by
implementing automated vulnerability scanning tools on the front-end or
analyzing the source code statically or dynamically.
 Database assessment: The assessment of databases or big data
systems for vulnerabilities and misconfiguration, identifying rogue
 databases or insecure dev/test environments, and classifying sensitive
data to improve data security.

Vulnerability management becomes a continuous and repetitive practice

because cyber attacks are constantly evolving.

Vulnerability Remediation

To always be one step ahead of malicious attacks, security professionals

need to have a process in place for monitoring and managing the known
vulnerabilities. Once a time-consuming and tedious manual job, now it is
possible to continuously keep track of an organization’s software
inventory with the help of automated tools, and match them against the
various security advisories, issue trackers, or databases.

If the tracking results show that the services and products are relying on
risky code, the vulnerable component needs to be located and mitigated
effectively and efficiently.

The following remediation steps may seem simple, but without them,
organizations may find themselves in a bit of difficulty when fighting
against hackers.

Step 1: Know Your Code – Knowing what you’re working with is crucial
and the first step of vulnerability remediation. Continuously monitoring
software inventory to be aware of which software components are being
used and what needs immediate attention will significantly prevent
malicious attacks.

Step 2: Prioritize Your Vulnerabilities – Organizations need to have

prioritization policies in place. The risk of the vulnerabilities needs to be
evaluated first by going through the system configuration, the likelihood
of an occurrence, its impact, and the security measures that are in place.
Step 3: Fix – Once the security vulnerabilities that require immediate
attention are known, it is time to map out a timeline and work plan for the
fix.

Malware Threats

Malware:
Malware is malicious software that enables the attacker to have full or
limited control over the target system. Malware can damage, modify,
and/or steal information from the system. There are various types of
malware such as viruses, Trojans, worms, rootkits, spyware,
and ransomware. A malware might enter the system through emails, file
transfers, installation of random third-party software, and nonusage of
quality antivirus software.

What is a Malware Attack?

A malware attack is a cyberattack where malware performs or executes
unauthorized actions on a user’s system. Even criminal organizations,
state actors, and well-known businesses have been accused of or caught
deploying malware. If the impact of a malware attack is severe, it ends up
being mainstream news just like other cyberattacks.

Types of Malware
There are several types of malware. Let us take a look at them.

Malware Virus

It is malware that requires human intervention to run and disseminate.

The following are the different types of viruses:
  File Viruses: These viruses are infected executable files that infect
other files when opened.
 Macro Viruses: These viruses are Excel files that have malware
written in VBS; when such files are opened, a macro gets executed
and infects other files.
 Master Boot Record Viruses: These viruses change or delete boot
records that can render a system useless.
 Polymorphic Viruses: These viruses are able to evade detection by
changing their form frequently.
 Stealth Viruses: These viruses hide in other legitimate files or
services.

Trojan Malware

Trojan is a malware that conceals itself in other legitimate files. When the
files and software that are bundled with malware get installed, the
malware too gets installed and executed. The following are the various
types of Trojans:

 Remote Access Trojans: These Trojans allow hackers to gain remote

access to systems through covert channels without the knowledge of
the user.
 Data Sending Trojans: These Trojans steal data from systems and
transmit it to the attacker.
 Destructive Trojans: As the name suggests, these Trojans destroy
files and services.
 Security Software Disabler Trojans: These Trojans can disable
system firewalls and antiviruses to prevent detection of other
malicious files being downloaded and executed.

Worm Malware
Worms are similar to viruses but without the need for human intervention
to run and propagate.

Rootkit Malware

Rootkits are extremely difficult to detect and just as impossible to remove

unless the system is formatted.

Malware Examples
Malware has a long history that dates back to infected floppy disks
swapped by Apple II hobbyists in the 1980s and the Morris Worm that
infected Unix machines in 1988. Some other examples of high-profile
malware attacks are:

 SQL Slammer that brought internet traffic to a halt within minutes of

release in 2003
 Zeus, a keylogger Trojan that targeted banking information
 CryptoLocker’s code kept getting repurposed for malware projects of
similar caliber and was the first example of a widespread ransomware
attack
 Stuxnet infected systems all over the world but only did real damage
to the uranium-enrichment centrifuges at Natanz, the Iranian nuclear
facility

Malware Detection
The following is how you can detect malware-infected systems or
networks. These are the signs that you need to look for:

1. Extremely slow and unresponsive system

2. Undeletable files
3. Random folders or shortcuts inside folders
4. Issues while shutting down due to certain running files or programs
 5. Change in default settings of PC
6. Unnecessary running services or programs using up the processing
power of the CPU
7. Reboot issues
8. Auto shutdown
9. Unnecessary traffic patterns or traffic to destinations you never
targeted
10.Similar malware alerts by the antivirus on the network

Malware Removal
The following steps need to be taken after the detection of malware in the
PC or network:

 Removal: Sanitisation of the infected PC or network

 Prevention: Ensure that the system and network is safe from similar
events

For the removal process, the following basic steps can be taken:

 Remove the system from the network, and disconnect all internet and
intranet connectivity
 Do not connect external drives as that might spread the malware to
other systems
 Perform a full scan on the PC with an updated antivirus program
 Reboot the PC and update all software patches

If the removal is not successful, format the system and take the
following prevention steps:

 Schedule regular full scans using a legitimate antivirus

 Keep your OS up to date
 Avoid opening emails or attachments from untrusted sources
 Scan external drives before inserting them into the system
 Avoid downloading software from illegitimate sources
  Backup critical information on an external drive
 Avoid macro in Excel, if not required

Antivirus Sensor Systems

An antivirus or anti-malware is used to identify, prevent, or remove the

malware present in the system. Antivirus can perform system checks and
update the security of the system on a regular basis. There are various
free as well as paid antivirus software available in the market.

Malware Analysis Procedure

The malware analysis procedure involves the following steps:

 Allocate the physical or virtual system: Infect the system

with malware and identify the responses of the system. You can
find ways to prevent or erase suspicious activities.
 Make use of analysis tools: Find previous malware attacks
that happened on the system and get detailed analysis.
 Static property analysis: Analyze static properties to detect
worms, viruses, Trojans, etc.
 Interactive behavior analysis: Interact with malware and
identify the reactions based on your actions.
 Manual code reversing: Decrypt data to find the algorithm
that generated the malware.
 Combining malware analysis steps: Combine any two or
more of the above-mentioned steps to find a combined solution.

Sniffing is the process of monitoring and capturing all the packets passing
through a given network using sniffing tools. It is a form of “tapping phone
wires” and get to know about the conversation. It is also
called wiretapping applied to the computer networks.
There is so much possibility that if a set of enterprise switch ports is open,
then one of their employees can sniff the whole traffic of the network.
Anyone in the same physical location can plug into the network using
Ethernet cable or connect wirelessly to that network and sniff the total
traffic.
In other words, Sniffing allows you to see all sorts of traffic, both protected
and unprotected. In the right conditions and with the right protocols in
place, an attacking party may be able to gather information that can be
used for further attacks or to cause other issues for the network or system
owner.

What can be sniffed?

One can sniff the following sensitive information from a network −

 Email traffic
 FTP passwords
 Web traffics
 Telnet passwords
 Router configuration
 Chat sessions
 DNS traffic
How it works
A sniffer normally turns the NIC of the system to the promiscuous
mode so that it listens to all the data transmitted on its segment.
Promiscuous mode refers to the unique way of Ethernet hardware, in
particular, network interface cards (NICs), that allows an NIC to receive all
traffic on the network, even if it is not addressed to this NIC. By default, a
NIC ignores all traffic that is not addressed to it, which is done by
comparing the destination address of the Ethernet packet with the
hardware address (a.k.a. MAC) of the device. While this makes perfect
sense for networking, non-promiscuous mode makes it difficult to use
network monitoring and analysis software for diagnosing connectivity
issues or traffic accounting.
A sniffer can continuously monitor all the traffic to a computer through the
NIC by decoding the information encapsulated in the data packets.

Types of Sniffing
Sniffing can be either Active or Passive in nature.

Passive Sniffing
In passive sniffing, the traffic is locked but it is not altered in any way.
Passive sniffing allows listening only. It works with Hub devices. On a hub
device, the traffic is sent to all the ports. In a network that uses hubs to
connect systems, all hosts on the network can see the traffic. Therefore,
an attacker can easily capture traffic going through.
The good news is that hubs are almost obsolete nowadays. Most modern
networks use switches. Hence, passive sniffing is no more effective.

Active Sniffing
In active sniffing, the traffic is not only locked and monitored, but it may
also be altered in some way as determined by the attack. Active sniffing is
used to sniff a switch-based network. It involves injecting address
resolution packets (ARP) into a target network to flood on the
switch content addressable memory (CAM) table. CAM keeps track of
which host is connected to which port.
Following are the Active Sniffing Techniques −

 MAC Flooding
 DHCP Attacks
  DNS Poisoning
 Spoofing Attacks
 ARP Poisoning

Protocols which are affected

Protocols such as the tried and true TCP/IP were never designed with
security in mind and therefore do not offer much resistance to potential
intruders. Several rules lend themselves to easy sniffing −
 HTTP − It is used to send information in the clear text without
any encryption and thus a real target.
 SMTP (Simple Mail Transfer Protocol) − SMTP is basically
utilized in the transfer of emails. This protocol is efficient, but
it does not include any protection against sniffing.
 NNTP (Network News Transfer Protocol)− It is used for all
types of communications, but its main drawback is that data
and even passwords are sent over the network as clear text.
 POP (Post Office Protocol) − POP is strictly used to receive
emails from the servers. This protocol does not include
protection against sniffing because it can be trapped.
 FTP (File Transfer Protocol) − FTP is used to send and receive
files, but it does not offer any security features. All the data is
sent as clear text that can be easily sniffed.
 IMAP (Internet Message Access Protocol) − IMAP is same as
SMTP in its functions, but it is highly vulnerable to sniffing.
 Telnet − Telnet sends everything (usernames, passwords,
keystrokes) over the network as clear text and hence, it can
be easily sniffed.
Sniffers are not the dumb utilities that allow you to view only live traffic. If
you really want to analyze each packet, save the capture and review it
whenever time allows.

Gaining access attack is the second part of the network penetration

testing. In this section, we will connect to the network. This will allow us to
launch more powerful attacks and get more accurate information. If a
network doesn't use encryption, we can just connect to it and sniff out
unencrypted data. If a network is wired, we can use a cable and connect
to it, perhaps through changing our MAC address. The only problem is
when the target use encryption like WEP, WPA, WPA2. If we do encounter
encrypted data, we need to know the key to decrypt it, that's the main
purpose of this chapter.

If the network uses encryption, we can't get anywhere unless we decrypt

it. In this section, we will discuss that how to break that encryption and
how to gain access to the networks whether they use WEP/WPA/WPA2.
Privilege Escalation Attacks: Types, Examples, And Prevention

Privilege escalation attacks exploit weaknesses and security vulnerabilities with the goal of

elevating access to a network, applications, and mission-critical systems. There are two types

of privilege escalation attacks including vertical and horizontal. Vertical attacks are when an

attacker gains access to an account with the intent to perform actions as that user. Horizontal

attacks gain access to account(s) with limited permissions requiring an escalation of

privileges, such as to an administor role, to perform the desired actions.

Privilege escalation is an attack vector that many businesses face due to loss of focus on

permission levels. As a result, security controls are not sufficient to prevent a privilege

escalation.

Privilege escalation attacks occur when a threat actor gains access to an employee’s account,

bypasses the proper authorization channel, and successfully grants themselves access to data

they are not supposed to have. When deploying these attacks threat actors are typically

attempting to exfiltrate data, disrupt business functions, or create backdoors.

All of these actions can have a major impact on business continuity and should be considered

when drafting a business continuity plan.

When encounter a privilege escalation attack, how you respond is critical. Here are a few

questions to consider:

 What did the attacker have permission and access to?

 How are business services currently being impacted?

 What other activities were performed on this account during the duration of the

attack?

What Are The Types Of Privilege Escalation Attacks?

Not every attack will provide threat actors with full access to the targeted system. In these

cases, a privilege escalation is required to achieve the desired outcome. There are two types

of privilege escalation attacks including vertical and horizontal.

Vertical Privilege Escalation

Vertical privilege escalation occurs when an attacker gains access directly to an account with

the intent to perform actions as that person. This type of attack is easier to pull off since there

is no desire to elevate permissions. The goal here is to access an account to further spread an

attack or access data the user has permissions to.

Day in and day out I analyze numerous phishing emails that attempt to perform this attack.

Whether it’s a “bank”, “Amazon”, or any other countless number of ecommerce sites, the

attack is the same. “Your account will be deactivated due to inactivity. Please click this link

and login to keep your account active.” This is, however, one example of many cookie-cutter

phishing templates seen in “the wild”.

Horizontal Privilege Escalation

Horizontal privilege escalation is a bit tricky to pull off as it requires the attacker to gain

access to the account credentials as well as elevating the permissions. This type of attack

tends to require a deep understanding of the vulnerabilities that affect certain operating

systems or the use of hacking tools.

Phishing campaigns have been used to perform the first part of the attack to gain access to the

account. When it comes to elevating permissions, the attacker has a few options to choose

from. One option is to exploit vulnerabilities in the operating system to gain system or root-

level access. The next option would be to use hacking tools, like Metasploit, to make the job

a bit easier.

Examples Of Privilege Escalation Attacks

Now that you have a better understanding of what a privilege escalation attack is, I’m going

to show you 5 real-world examples including:

1. Windows Sticky Keys

2. Windows Sysinternals

3. Process Injection

4. Linux Passwd User Enumeration

5. Android Metasploit

Windows Sticky Keys

When attempting a privilege escalation attack on Windows, I like to start with a “sticky key”

attack. This attack is fairly easy to perform and does not require any sort of advanced skillset

to pull it off. To perform this attack you will need physical access to the machine and ability

to boot to a repair disk.

Windows Sysinternals

Another common method of privilege escalation in windows is through the use of the

Sysinternals tool suite.

After an attacker gains a backdoor into the system using the “Sticky Keys” method, they can

further escalate their privileges to system access.

Process Injection

Working against weak processes is another method that I use for privilege escalation. One

tool that I have seen used in penetration testing is Process Injector. This tool has the

capabilities to enumerate all running processes on a system as well as the account running the

process.

Linux Passwd User Enumeration

A basic privilege escalation attack that is common in Linux is conducted through

enumerating the user accounts on the machine. This attack requires the attacker to access the

shell of the system. This is commonly done through misconfigured ftp servers.

Android and Metasploit

Metasploit is a well-known tool to most hackers and contains a library of known exploits. In

the case of Android devices, Metasploit can be used against rooted Android devices.

Unfortunately, users are the weakest link in the security chain. With just a single click, they

could compromise a system or network. To mitigate this risk, businesses implement security

awareness programs along with a methodology for validating the effectiveness of the

training. In most cases, phishing simulation software, like KnowBe4, GoPhish, or Phishme

can adequately train users to identify phishing email attempts.

Privilege escalation, like other cyber attacks, takes advantage of system and process

vulnerabilities. In order to prevent these attacks, consider implementing proper processes for

patch management, new software development/implementation, and user account

modification requests as well as an automated tool to monitor for such changes.

Implementing these process will give you the proper safeguards in place to prevent or deter

and attacker from attempting privilege escalation. Finally, an intrusion detection system

(IDS) and/or intrusion prevention system (IPS) provides an additional layer of security to

derail attempts at escalating privileges.

Executing Applications

Intruder executes malicious applications after gaining administrative privileges so they can
run malicious programs remotely, to capture all sensitive data, crack passwords, capture
screenshots or to install a backdoor.

Tool: RemoteExec, PDQ Deploy, DameWare NT Utilities

Keylogger
keystroke loggers are programs or hardware devices that monitor each keystroke a user types
on a keyboard, logs onto a file, or transmits them to a remote location.

keyloggers are placed between the keyboard hardware and the OS

A key logger can

 Record each keystroke

 capture screenshots at regular intervals of time showing user activity such as when he
or she types a character or click a mouse button
 Track the activities of users by logging window titles, names of launched applications
and other information
 monitor online activity of users by recording addresses of the websites that they are
have visited and with the keywords entered by them
 record all the login names, bank and credit card numbers and passwords including
hidden passwords or data that are in asterisk or blank spaces
 record online chat conversion

Types of Keylogger

 Hardware Keylogger
 Software Keylogger

Spyware

Spyware is stealthy computer monitoring software that allows you to secretly record all
activities of a computer user.

Ethical Hacking
Introduction to Ethical Hacking
Footprinting and Reconnaissance
Scanning
Enumeration
System Hacking
Malware Threats
Sniffing

Executing Applications

Web Applications acts as an interface between the users and servers using
web pages that consist of script code that is supposed to be dynamically
executed. One can access web applications with the help of the internet or
intranet. Web hacking in general refers to the exploitation of applications via
Hypertext Transfer Protocol (HTTP) which can be done by manipulating the
application through its graphical web interface, tampering the Uniform
Resource Identifier (URI) or exploiting HTTP elements. Some methods that
can be used for hacking the web applications are as follows: SQL Injection
attacks, Cross-Site Scripting (XSS), Cross-Site Request Forgeries (CSRF),
Insecure Communications, etc. Below mentioned are the Application Hacking
Mechanisms :

SMTP/Email-Based Attacks
The SMTP (Simple Mail Transfer Protocol) is responsible for the
transmission of electronic mail. Due to the e-mail tracking programs, if the
receiver of the e-mail reads, forwards, modifies, or deletes an e-mail, the
sender of the e-mail must know about it. Most e-mail tracking programs work
by appending a domain name to e-mail addresses, such as xyzRead.com.
The tools that allow an ethical hacker to track e-mail messages are
MailTracking.com and eMailTracking Pro. When these tools are used by the
ethical hackers, the resulting actions and the tracks of the original email are
logged. Notification of all the actions performed on the tracked e-mail by an
automatically generated e-mail is received by the sender. Web spiders are
used by spammers who are interested in collecting e-mail addresses.
Preventive Measures:
1. Disable the VRFY and EXPN
2. If you need VRFY and EXPN functionality, do check your e-mail
server or e-mail firewall documentation.
3. Make sure that the company’s e-mail addresses are not posted on
the web application.
VOIP Vulnerabilities
VOIP stands for Voice Over Internet Protocol. It’s a technology that allows us
to make voice calls using a broadband Internet connection instead of a
regular phone line. Since VOIP uses the internet to function, it is prone to all
internet vulnerabilities such as DOS attacks. Online Security Mechanisms
are not able to handle VOIP that results in the daily or poor connections for
your call. VOIP is a digital file that can be easily misused. It raises additional
security concerns. These are some kinds of VOIP vulnerabilities :
1. Insufficient Verification of Data.
2. Execution Flaws.
3. String Manipulation Flaws.
4. Low Resources.
5. Low Bandwidth.
6. File Manipulation Flaws.
 7. Password Management.
8. Permissions and Privileges.
9. Crypto and Randomness.
10. Authentication and Certificate errors.
Preventive Measures:
1. Make sure your computer’s OS and your computer’s anti-virus
software is updated.
2. Make sure that you have an Intrusion Prevention System (IPS) and
a VoIP firewall updated and intact.
3. Make use of VPNs to protect calls made through mobile/wireless
devices and networks.
4. If possible, have two separate connections. One connection for
your VoIP line, attacks or viruses, etc.
Directory Traversal
Directory Traversal attacks are also known as Unicode exploit. Windows
2000 systems running IIS are vulnerable to this type of attack. It happens
only in unpatched Windows 2000 systems and affects CGI scripts and ISAPI
extensions such as.ASP. It allows hacker’s system-level access. Unicode
converts characters of any language to a universal hexadecimal code
specification. Since it is interpreted twice and the parser only scanned the
resultant request once, hackers could sneak file requests through IIS. The
Unicode directory traversal vulnerability allows hackers to add, change,
upload or delete files and run code on the server.
Preventive Measures :
1. Avoid passing user-supplied input to file system APIs altogether.
2. Two layers of defense must be utilized together to prevent these
types of attacks.
3. The application must validate the user’s input before processing it
further.
4. Validation should verify that the input contains only permitted
content, such as purely alphanumeric characters, etc.
Input Manipulation
The input parameter manipulation is based on the manipulation of
parameters exchanged between client and server in order to modify
application data like user details and permissions, the number of products,
and price. This information is stored in the form of cookies, hidden form
fields, or URL Query Strings which is used to increase application
functionality and control. This attack can be performed by a malicious hacker
who wants to utilize the application for their own benefit or an attacker who
wishes to attack a third-person using a Man-in-the-middle attack. Web
scarab and Paros proxy are used for this purpose.
Preventive Measures :
1. Adopt SOA (Service Oriented Architecture).
2. Use modular architecture for XML firewall where each module
checks for a particular vulnerability etc.
Brute Force Attack
The hacker uses all possible combinations of letters, numbers, special
characters, capital, and small letters to break the password in a brute force
attack. The probability of success is high in brute force attacks. It requires a
big amount of time and patience to try all possible permutations and
combinations. John the Ripper aka Johnny is one of the powerful tools to set
a brute force attack and it comes with the Kali distribution of Linux.
Preventive Measure :
1. Limit failed login attempts.
2. Create the root user inaccessible via SSH by editing the
sshd_config file.
3. Edit the port line in your sshd_configfile.
4. Use a Captcha.
5. Limit login attempts to a specified IP address or range.
6. Two-factor authentication.
7. Create unique login URLs.
8. Monitor server logs etc.
Unsecured Login Mechanisms
A lot of websites don’t give permission to perform any task with the
application until the user logs in to the account of a website. This provides
great help to the hacker. These login mechanisms often don’t handle wrong
user IDs or passwords gracefully. The web application might return a generic
error message, such as ‘user ID and password combination is invalid’, and
returns different error codes at the same time in the URL for invalid user IDs
and passwords.
Preventive Measures :
1. Use a CAPTCHA (also reCAPTCHA).
2. Use web login forms to prevent password-cracking attempts.
3. Employ an intruder lockout mechanism on your webserver to lock
user accounts after 10–15 failed login attempts.
SQL Injection
An SQL injection attack, malicious code is inserted into a web form field or
the website’s code makes a system execute a command shell or arbitrary
commands. SQL servers are a high-value target since they are a common
database servers and used by many organizations to store confidential data.
Preventive Measure :
1. Don’t use dynamic SQL.
2. Update and patch.
3. Consider a web application firewall to filter out malicious data.
4. Discard any unwanted or unimportant database functionality.
5. Avoid connecting to your DB using an account with admin-level
privileges.
6. Continuously monitor SQL statements from database-connected
applications
 7. Buy better software.
XSS
XSS also knows Cross-site scripting. Cross-site scripting vulnerabilities
occur when web applications allow users to add custom code into a URL
path or onto a website that will be seen by other users. It can be exploited to
run malicious JavaScript code on a victim’s browser. Prevention strategies
for cross-site scripting include escaping untrusted HTTP requests as well as
validating user-generated content.
Preventive Measures :
1. Filter input on arrival.
2. Encode data on output.
3. Use appropriate response headers.
4. Content Security Policy.
Mobile Apps Security
Mobile apps are major channel for security threats. They are targeted by
criminal elements searching to profit from companies and employees who
use mobile devices but do not engage in proper mobile app security. The
most popular scams and schemes in play with mobile apps are :
 Ongoing financial losses
 Negative and permanent impact on a brand’s reputation
 Negative end-user experiences
 Having SMS or TXT messages copied and scanned for private info
 Device being used to spread malware to uninfected devices
 Wholesale identity theft
 Giving hackers access to their business network
 Credit Card details stolen and resold
 Financial login credentials being stolen
Preventive Measures :
 Keep Your Phone in Your Possession.
 Encrypt Your Device.
 SIM Card Locking.
 Turn Off WIFI and Bluetooth.
 Use Security Protection.
 Password secure your mobile apps.

Hidden file- A hidden file is a file which has the hidden attribute turned
on so that it is not visible to users when exploring or listing files. Hidden
files are used for storage of user preferences or for preservation of the
state of utilities. They are created frequently by various system or
application utilities. Hidden files are helpful in preventing accidental
deletion of important data.

Most operating systems provide ways to hide files and file directories.
However, in most operating systems, file management utilities allow users
to explore hidden files. Software applications are also available for hiding
and unhiding files and file directories.
In the case of Apple computers, the files are hidden with the help of the
ResEdit utility. In the case of Microsoft operating systems, hidden files
appear as faint icons or ghost icons. In most operating systems, one can
hide files by turning on the special hidden attribute.

There are few reasons for applications and operating systems supporting
the hidden file concept. One of the main reasons is to reduce the
probability of users accidentally deleting, modifying or corrupting critical
configuration or system files. It also prevents casual snoopers from
accessing files which are important for the user or the network. Another
reason is that hiding files and objects helps in reduction of visual clutter in
the file directories and helps users in easy and convenient locating of files
and directories.

Covering Tracks

The Covering Track on Networks including networks,Windows, Linux, etc. So let’s

start by seeing how track is also covered over networks.

Once an attacker finishes his work, he wants to erase all tracks leading
the investigators tracing back to him. This can be done using

1. Disable auditing.

2. Clearing logs.

3. Modifying logs, registry files.

4. Removing all files, folders created.

Covering tracks is one of the most important stage during system hacking. During
this stage, the attacker tries to cover and avoid being detected, or “traced out,” by
covering all track, or logs, generated while gaining access to the target networks or
computer. let’s examine how attacker removes traces of an attack within the target
computer.

Erasing evidence is a requirement for any attacker who would like to stay obscure.
this is often one method to evade a trace back. This starts with erasing the
contaminated logs and possible error messages generated within the attack process.
Then, attackers make changes within the system configuration so that it does not log
future activities. By manipulating and tweaking the event logs, attackers trick the
supervisor in believing that there’s no malicious activity within the system, which no
intrusion or compromise has actually taken place.
Because the first thing a supervisor does in monitoring unusual activity is to see the
system log files, it’s common for intruders to use a utility to switch these logs. In
some cases, rootkits can disable and discard all existing logs. Attackers remove only
those portions of logs which will reveal their presence if they shall use the system for
a extended period as a launch base for the longer term exploitations.
It is imperative for attackers to form the system appear because it did before access
was gained and a backdoor established. this permits them to vary any file attributes
back to their original state. Information listed, like file size and date, is simply
attribute information contained within the file.
Protecting against attackers trying to hide their tracks by changing file information
are often cfifficult. However, it’s possible to detect whether an attacker has done so
by calculating the filers cryptographic hash. this sort of hash may be a calculation of
the whole file before encryption.
Covering Tracks Tools
Track-covering tools help the attacker to scrub up all the tracks of computer and
online networks activities on the pc . They free cache space, delete cookies, clear
Internet history, shared temporary files, delete logs, and discard junk.
CCleaner
CCleaner may be a system optimization, privacy, and cleaning tool. It allows you to
get rid of unused files and cleans track of online networks browsing details from the
P. It keeps your privacy online, and makes the system faster and safer. additionally,
it frees up hard disc space for further use. With this tool, an attacker can erase
his/her track very easily. CCleaner also deans traces of your online activities like
online networks history.
To cleans the following areas of your Computer :
– Internet Explorer: Temporary files, history, cookies, Auto complete form history,
index.dat,
– Firefox: Temporary files, history, cookies, download history, form history
– Google Chrome: Temporary files, history, cookies, download history, form history
– Opera: Temporary files, history, and cookies
Safari: Temporary files, history, cookies, form history
– Windows: Recycle Bin, Recent Documents, Temporary files and Log files.
Some of the covering tracks tools are listed below :
– Privacy Eraser
– Wipe
– Bleach Bit
– CIear Prog
– AVG Tune Up
– Norton Utilities
– Glary Utilities
– Clear My History
– WinTools.net Professional
– Free Internet window washer

What is a computer worm?

A computer worm is a type of malware whose primary function is to self-replicate
and infect other computers while remaining active on infected systems.
A computer worm duplicates itself to spread to uninfected computers. It often does
this by exploiting parts of an operating system that are automatic and invisible to the
user.

Typically, a user only notices a worm when its uncontrolled replication consumes
system resources and slows or halts other tasks. A computer worm is not to be
confused with WORM, or write once, read many.

How do computer worms work?

Computer worms often rely on vulnerabilities in networking protocols, such
as File Transfer Protocol, to propagate.

After a computer worm loads and begins running on a newly infected

system, it will typically follow its prime directive: to remain active on an
infected system for as long as possible and spread to as many other
vulnerable systems as possible.

Trojan Horse

A Trojan Horse (Trojan) is a type of malware that disguises itself as legitimate

code or software. Once inside the network, attackers are able to carry out any
action that a legitimate user could perform, such as exporting files, modifying
data, deleting files or otherwise altering the contents of the device. Trojans may
be packaged in downloads for games, tools, apps or even software patches.
Many Trojan attacks also leverage social engineering tactics, as well
as spoofing and phishing, to prompt the desired action in the user.

A Trojan is sometimes called a Trojan virus or Trojan horse virus, but those
terms are technically incorrect. Unlike a virus or worm, Trojan malware cannot
replicate itself or self-execute. It requires specific and deliberate action from the
user.

Trojans are malware, and like most forms of malware, Trojans are designed to
damage files, redirect internet traffic, monitor the user’s activity, steal sensitive
data or set up backdoor access points to the system. Trojans may delete, block,
modify, leak or copy data, which can then be sold back to the user for ransom or
on the dark web.

10 Types of Trojan Malware

Trojans are a very common and versatile attack vehicle for cybercriminals. Here
we explore 10 examples of Trojans and how they work:
 1. Exploit Trojan: As the name implies, these Trojans identify and exploit
vulnerabilities within software applications in order to gain access to the system.
2. Downloader Trojan: This type of malware typically targets infected devices and
installs a new version of a malicious program onto the device.
3. Ransom Trojan: Like general ransomware, this Trojan malware extorts users in
order to restore an infected device and its contents.
4. Backdoor Trojan: The attacker uses the malware to set up access points to the
network.
5. Distributed Denial of Service (DDoS) attack Trojan: Backdoor Trojans can be
deployed to multiple devices in order to create a botnet, or zombie network, that can
then be used to carry out a DDoS attack. In this type of attack, infected devices can
access wireless routers, which can then be used to redirect traffic or flood a network.
6. Fake AV Trojan: Disguised as antivirus software, this Trojan is actually ransomware
that requires users to pay fees to detect or remove threats. Like the software itself, the
issues this program claims to have found are usually fake.
7. Rootkit Trojan: This program attempts to hide or obscure an object on the infected
computer or device in order to extend the amount of time the program can run
undetected on an infected system.
8. SMS Trojan: A mobile device attack, this Trojan malware can send and intercept text
messages. It can also be used to generate revenue by sending SMS messages to
premium-rate numbers.
9. Banking Trojan or Trojan Banker: This type of Trojan specifically targets financial
accounts. It is designed to steal data related to bank accounts, credit or debit cards or
other electronic payment platforms.
10. Trojan GameThief: This program specifically targets online gamers and attempts to
access their gaming account credentials.

Viruses

Computer Virus

Computer viruses are unwanted software programs or pieces of code that interfere with the
functioning of the computer. They spread through contaminated files, data, and insecure
networks. Once it enters your system, it can replicate to produce copies of itself to spread
from one program to another program and from one infected computer to another computer.
So, we can say that it is a self-replicating computer program that interferes with the
functioning of the computer by infecting files, data, programs, etc.

There are many antiviruses, which are programs that can help you protect your machine from
viruses. It scans your system and cleans the viruses detected during the scan. Some of the
popular antiviruses include Avast, Quickheal, McAfee, Kaspersky, etc.

Types of Computer Virus:

Overwrite Virus:

It is the simplest computer virus that overwrites the code of the host computer system's file
with its own malicious code. The content of the infected file is replaced partially or
completely without changing the size of the file. Thus, it destroys the original program code
by overwriting it with its defective code. The infected files must be deleted or replaced with a
new copy as this virus cannot be removed or disinfected.

Append Virus:

As the name suggests, this virus appends its malicious code to the end of the host program's
file. After that, it alters the file's header in a way that the file's header is redirected to the start
of the malicious code of the append virus. Thus, this code is executed each time the program
runs. However, it does not destroy the host program; rather, it modifies it in a way that it
holds the virus code and enables the code to run itself.

Macro Virus

Macro virus alters or infects the macros of a document or data file. It is embedded as a macro
in a document and adds its codes to the macros of the document. The virus spreads when
infected documents or data files are opened in other computers.

It also spreads through software programs, which execute macros such as Ms Word, Ms
Excel. Each time a document is opened using these programs, other related documents will
also get infected.

The first macro virus, which was named concept, spread through emails with attached Ms
Word documents. It infected MsWord 6.0 and Ms Word 95 documents, which were saved
using Save As option. Fortunately, it did not cause any harm, except for displaying a message
on the screen.

Boot Virus

Boot virus or boot sector virus alters the boot sector program stored in the hard disk or any
other storage device such as floppy disks. It replaces the boot sector program with its own
malicious version. It infects the computer only when it is used to boot up the computer. If it
enters after the boot-up process, it will not infect the computer. For example, if someone
forgets to remove the infected floppy disk when the pc is turned off and then turns on this pc,
it runs the infected boot sector program during the booting process.

Usually, it enters into your system through corrupt media files, infected storage devices, and
insecure computer networks. The spread of this virus is very rare these days due to the
decline in the use of floppy disk and use of boot-sector safeguards in the present-day
operating systems.

Resident Virus

The resident virus stays permanently in the primary memory (RAM) of the computer. When
you start the computer, it becomes active and corrupts the files and programs running on the
computer.

Non-resident Virus:
Unlike the resident virus, the non-resident virus does not reside in the memory of a computer.
So, it is not executed from the computer's memory. For example, executable viruses.

Multipartite Virus

Multipartite virus spreads and infects in multiple ways. It infects both the boot sector and the
executable files stored on the hard drive simultaneously. When you turn on a computer, the boot
sector virus is triggered as it latches on to the hard drive, which has the data for starting up the
computer. Once it is triggered, the program files also get infected.

File Infector Virus

It is one of the commonly found computer viruses. It mainly infects the executable files; the files with
.com or .exe extensions. The virus becomes active when the infected file is executed. The active virus
overwrites the file partially or completely. Thus it may destroy the original file partially or
completely.

In the world of cybersecurity, a backdoor refers to any method by which authorized and unauthorized
users are able to get around normal security measures and gain high level user access (aka root access)
on a computer system, network, or software application. Once they're in, cybercriminals can use a
backdoor to steal personal and financial data, install additional malware, and hijack devices.

But backdoors aren't just for bad guys. Backdoors can also be installed by software or hardware
makers as a deliberate means of gaining access to their technology after the fact. Backdoors of the
non-criminal variety are useful for helping customers who are hopelessly locked out of their devices
or for troubleshooting and resolving software issues.

Unlike other cyberthreats that make themselves known to the user (looking at you ransomware),
backdoors are known for being discreet. Backdoors exist for a select group of people in the know to
gain easy access to a system or application.

Backdoor malware is generally classified as a Trojan. A Trojan is a malicious computer program

pretending to be something it's not for the purposes of delivering malware, stealing data, or opening
up a backdoor on your system. Much like the Trojan horse of ancient Greek literature, computer
Trojans always contain a nasty surprise.

Trojans are an incredibly versatile instrument within the cybercriminal toolkit. They come under
many guises, like an email attachment or file download, and deliver any number of malware threats.

To compound the problem, Trojans sometimes exhibit a worm-like ability to replicate themselves and
spread to other systems without any additional commands from the cybercriminals that created them.

The Role of Certification in Ethical Hacking

Certifications have a significant impact on the realm of ethical hacking as they serve to
validate the skills and knowledge possessed by ethical hackers. Additionally. These
certifications often encompass instruction on the legal and ethical considerations relevant to
the profession.
Amongst the most widely recognized certifications in this field are the Certified Ethical
Hacker (CEH) from the EC Council. Offensive Security Certified Professional (OSCP). And
Certified Penetration Tester (CPT). To attain these certifications. Individuals are typically
required to abide by a code of ethics that underscores their commitment to legal and ethical
conduct. Moreover. They commonly entail a practical examination wherein candidates must
demonstrate their capacity to perform ethical hacking activities within a controlled and
ethically sound framework.
The Impact of Ethical Hacking on Society
Ethical hacking has a profound impact on society. Through the identification and resolution
of vulnerabilities. Ethical hackers contribute to safeguarding sensitive data.
Preventing cybercrime. And fortifying the security of digital systems. Such efforts not only
benefit businesses and organizations but also individuals who rely on these systems for their
daily activities. Moreover the impact of ethical hacking surpasses its technical implications.
By cultivating a culture of security and responsibility ethical hacking raises awareness about
the significance of cybersecurity among the general public. It prompts individuals and
organizations to proactively safeguard their digital assets thus fostering a safer and more
secure digital environment for everyone involved.
The Challenges and Opportunities in Ethical Hacking
Despite its importance, ethical hacking is not without its challenges. These include the
rapidly evolving nature of cyber threats, the legal and ethical complexities of the field, and
the ongoing need for skilled ethical hackers.
However these challenges also bring along opportunities. There is an expected growth in the
demand for ethical hackers in the future primarily due to the increasing dependence on digital
systems and the rising menace of cybercrime. This provides individuals who are interested in
pursuing a career in ethical hacking with an advantageous situation. Moreover. Businesses
and organizations can also reap benefits from these professionals’ expertise.
Conclusion
Enhancing cybersecurity by means of ethical hacking is paramount when it comes to
shielding systems from malevolent threats. Nonetheless. It should not go unnoticed that this
particular realm entails significant legal considerations along with certain moral obligations.
For individuals practicing as ethical hackers grasping these responsibilities becomes
imperative so as to ensure their actions are carried out in full compliance with professional
standards defined by prevailing laws whilst maintaining a strong sense of integrity throughout
the process. By diligently observing such stipulated regulations (both legalistic & moral). The
contributions made by such individuals greatly enhance secure environments on both a client
and community front. The implications of ethical hacking go far beyond merely identifying
and remediating weaknesses; it entails instilling an ethos that underscores the importance of
security and accountability in todays digital climate.

What is Ethical Hacking?

 Ethical hacking involves the use of hacking tools, tricks, and techniques to identify
vulnerabilities so as to ensure system security.
 It focuses on simulating techniques used by attackers to verify the existence of
exploitable vulnerabilities in the system security.
  Ethical hackers performs security assessment of their organization with the
permission of concerned authorities.

Why Ethical Hacking is Necessary

 To beat a hacker, you need to think like one!

o Ethical hacking is necessary as it allows to counter attacks from malicious
hackers by anticipating methods used by them to break into a system.
 Reasons why Organizations Recruit Ethical Hackers:
o To prevent hackers from gaining access to organization's information.
o To uncover vulnerabilities in systems and explore their potential as a risk.
o To analyze and strengthen an organization's security posture including
policies, network protection infrastructure, and end-user practices.

Scope and Limitations of Ethical Hacking

 Scope:
o Ethical hacking is a crucial component of risk assessment, auditing, counter
fraud, and information systems security best practices.
o It is used to identify risks and highlight the remedial actions, and also reduces
information and communications technology (ICT) costs by resolving those
vulnerabilities.
 Limitations:
o However, unless the businesses first know what it is at that they are looking
for and why they are hiring an outside vendor to hack systems in the first
place, chances are there would not be much to gain from the experience.
o An ethical hacker thus can only help the organization to better understand their
security system, but it is up to the organization to place the right guards on the
network.

Skills of an Ethical Hacker

 Technical Skills:

o Has in-depth knowledge of major operating environments, such as Windows,

Unix, Linux, and Macintosh.
o Has in-depth knowledge of networking concepts, technologies and related
hardware and software.
o Should be a computer expert adept at technical domains.
o Has knowledge of security areas and related issues.
o Has "high technical" knowledge to launch the sophisticated attacks.
 Non-Technical Skills: Some of the non-technical characteristics of an ethical hacker
include:

o Ability to learn and adapt new technologies quickly.

o Strong work ethics, and good problem solving and communication skills.
o Committed to organization's security policies.
o Awareness of local standards and laws.

Introduction
Ethical hacking, also known as penetration testing or white-hat hacking, is the practice of
legally infiltrating computer systems, networks, or applications to identify vulnerabilities that
could be exploited by malicious hackers. Ethical hackers use their skills to help organizations
enhance their security measures, ensuring that sensitive data remains protected. However,
despite its noble intent, ethical hacking exists within a complex legal landscape, where the
line between lawful and unlawful activities can sometimes blur.

The primary reason for hacking can be attributed to the pursuit of unauthorized access to
computer systems and networks for a variety of purposes, including financial gain, espionage,
and disruption. Malicious hackers, often referred to as black-hat hackers, exploit
vulnerabilities in systems to steal sensitive information such as credit card details, personal
data, or intellectual property. This stolen information can then be sold on the black market,
used for identity theft, or leveraged to gain a competitive advantage in business. Financially
motivated cybercrimes, including ransomware attacks and phishing schemes, have become
increasingly common, driven by the potential for significant monetary rewards with relatively
low risk of detection and prosecution.

Another major reason for hacking is political or ideological motives, where hackers aim to
advance a specific agenda or cause. These hackers, known as hacktivists, use their skills to
promote political messages, expose perceived injustices, or disrupt the operations of
organizations or governments they oppose. Cyber espionage, where nation-states or state-
sponsored groups infiltrate systems to gather intelligence or sabotage operations, also falls
under this category. Additionally, some hackers are motivated by the challenge and thrill of
breaking into secure systems, seeking to demonstrate their technical prowess and gain
recognition within the hacking community. Regardless of the motive, the impact of hacking
can be profound, causing significant financial losses, compromising sensitive data, and
undermining public trust in digital systems.

The Role of Ethical Hacking

Ethical hackers play a crucial role in cybersecurity. By simulating attacks, they help
organizations identify weaknesses in their systems before malicious hackers can exploit them.
These professionals use the same techniques as their malicious counterparts but do so with
permission and in compliance with established guidelines. Ethical hacking can encompass
various activities, including vulnerability assessments, security audits, and compliance
checks.

Legal Boundaries of Ethical Hacking

While ethical hacking is performed with the intent to secure systems, it must adhere to legal
and ethical standards to ensure that it does not infringe upon the rights of individuals or
organizations. The legal boundaries of ethical hacking are defined by several factors:

1. Consent: Ethical hacking must always be performed with explicit permission from
the owner of the system being tested. This permission is often formalized through a
written agreement or contract that outlines the scope and objectives of the testing.
2. Scope: The activities of an ethical hacker must be clearly defined and limited to avoid
unauthorized access or damage. The scope of testing should be agreed upon in
advance, detailing which systems, applications, and networks can be tested.
 3. Compliance with Laws: Ethical hackers must comply with local, national, and
international laws governing computer use and data protection. This includes adhering
to regulations such as the General Data Protection Regulation (GDPR) in Europe, the
Computer Fraud and Abuse Act (CFAA) in the United States, and the Information
Technology Act in India.
4. Non-Disclosure Agreements (NDAs): Ethical hackers often sign NDAs to ensure
that any sensitive information discovered during testing is kept confidential and not
disclosed to unauthorized parties.

Case Laws and Legal Precedents

Various case laws have helped define the legal boundaries of ethical hacking. Here are some
notable examples:

1. Privacy: Respecting the privacy of individuals and organizations is paramount.

Ethical hackers must avoid accessing or disclosing personal or sensitive information
without explicit authorization.
2. Integrity: Maintaining the integrity of systems and data is crucial. Ethical hackers
should avoid causing any disruption or damage to the systems they are testing.
3. Professionalism: Ethical hackers should conduct themselves with professionalism
and integrity, adhering to the highest standards of ethical behavior.

Challenges and Future Directions

The field of ethical hacking continues to face several challenges:

1. Legal Ambiguities: The rapid evolution of technology often outpaces the

development of legal frameworks, leading to ambiguities in how laws apply to new
hacking techniques and tools.
2. International Variability: Different countries have varying laws and regulations
governing hacking activities. Ethical hackers working in a global context must
navigate these differences to ensure compliance.
3. Emerging Technologies: As new technologies such as artificial intelligence, the
Internet of Things (IoT), and blockchain become more prevalent, ethical hackers must
develop new skills and techniques to address the associated security risks.

Looking ahead, the field of ethical hacking is likely to continue evolving in response to these
challenges. Greater collaboration between governments, industry, and the cybersecurity
community will be essential to develop robust legal frameworks and best practices that keep
pace with technological advancements.

Conclusion

Ethical hacking is an indispensable component of modern cybersecurity, providing valuable

insights that help organizations protect their systems and data. However, ethical hackers must
navigate a complex legal landscape, adhering to laws and regulations that define the
boundaries of their work. By obtaining proper consent, defining clear scopes of testing, and
complying with relevant laws, ethical hackers can ensure that their activities remain lawful
and ethical. Continuous education, adherence to best practices, and a commitment to ethical
behavior are essential to maintaining the trust and integrity of the ethical hacking profession.
As technology continues to advance, ongoing dialogue and collaboration will be crucial to
address emerging challenges and ensure the continued effectiveness and legality of ethical
hacking practices.

The 11-Step Pen Test Plan

In today’s interconnected world, technology has become an integral part of our lives, shaping
various aspects of society. However, this increased connectivity has also brought about
significant changes in the threat landscape. Cybercrime and cyber insecurity have emerged as
formidable adversaries, earning their place among the most severe global risks for the next
decade, as highlighted by the World Economic Forum. With cybercrime now holding the 8th
spot among the most severe global risks along with climate change and involuntary
migration, it is clear that no organization can afford to be complacent.

Penetration testing, also known as ethical hacking, is a vital tool in this battle. By simulating
real-world attacks, pen test exposes weaknesses in computer systems, networks, and
applications, empowering security teams to fortify their defenses effectively. Yet as every
security professional knows, conducting a successful penetration test is no easy feat. A well-
executed test requires complex decision-making, planning, a budget, and internal expertise.

A meticulously crafted pen test plan ensures that all requirements are clearly defined, roles
are assigned, and security and compliance goals are outlined well before the engagement
commences. Its significance lies not only in facilitating a smoother testing process but also in
safeguarding against security breaches. By leveraging a comprehensive plan, organizations
can proactively identify vulnerabilities and fortify their defenses, ensuring that their digital
fortresses remain impervious to attacks.

In this blog post, we’ll cover the essentials of the ideal pen test plan that aligns with security
compliance standards such as PCI DSS, HIPAA, etc. By defining objectives, scoping the
engagement, assembling a skilled team, conducting reconnaissance, and identifying
vulnerabilities, you can proactively identify security weaknesses. Additionally, documenting
findings, implementing remediation strategies, and scheduling regular assessments help
address these weaknesses effectively.

Why is a pen test plan needed?

Conducting a successful penetration test is no small feat. It requires intricate decision-

making, meticulous planning, allocated budgets, and internal expertise. Given the prevalent
understaffed security teams and budget constraints faced by organizations today, these
investments are even more crucial and must be thoughtfully planned. By dedicating time and
effort to building a well-designed pen test plan, organizations can navigate these challenges
and ensure a success engagement.

A carefully crafted pen test plan serves as a roadmap for conducting a thorough, compliant,
and secure assessment. It outlines the objectives, scope, and methodologies to be employed
during the testing process. The plan’s documentation includes a well-defined scope that
specifies the particular system(s) to be tested, ensuring that all relevant aspects of the IT
infrastructure are examined. Depending on the type of test being conducted, the plan
encompasses essential details such as known assets, users, and regulated data that need to be
systematically examined.

It’s worth noting that even in a black box penetration test, where a third party is not provided
with technical information beforehand, there will still be a plan in place to conduct the test
effectively. This plan includes timing details, assigned personnel, remediation assignments,
and other essential considerations.

Who will conduct the Pen Test?

One of the key challenges in managing breach risks during a pentest is identifying individuals
with the necessary specialized expertise to carry out the test. This responsibility can be
assigned to either an in-house ethical hacker or a certified external expert from a qualified
third-party provider. Regardless of who conducts the pentest, it is crucial to have a well-
defined plan with a clear scope to ensure success.

When conducting a penetration test in complex hybrid environments, traditional pen

testing methods may prove inadequate. To tackle this challenge, modern security operation
centers can benefit from AI-enabled pen test providers like BreachLock. With Pentesting as a
Service (PTaaS), CISOs can extend their in-house resources with human expertise enabled
with AI and automation capabilities. The advantages of such an approach will yield faster
turnaround time, cost optimization, and increased return on investment (ROI).

Creating Your Pen Test Plan in 11 Steps

Preparing for a penetration test can alleviate concerns about potential network outages or
disruptions to your business systems and critical operations. As time is valuable, it’s
important to minimize any inconveniences or operational bottlenecks during the testing
process.
Use the following 11 steps as a structured approach to help plan your next penetration test for
success.
1) Define Objectives and Scope

Scoping involves determining the systems, networks, or applications that will be tested, as
well as any limitations or restrictions. Before initiating a pen test engagement, it is essential
to establish clear objectives and define the scope of the assessment. Objectives will guide the
testing process and ensure that the goals align with your organization’s security needs.
Common objectives may include assessing the security of specific applications, identifying
vulnerabilities in network infrastructure, or testing the effectiveness of security controls.

It is crucial to communicate the scope to the pen test team, ensuring that they have a
comprehensive understanding of the target environment. This helps avoid any unintended
disruptions or impacts on production systems during the testing process.

2) Assemble the Testing Team

Building a skilled and experienced pen test team is crucial for the success of your assessment.
Look for professionals who hold relevant certifications such as Certified Ethical Hacker
(CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems
Security Professional (CISSP). Their expertise should cover a wide range of technologies,
including network infrastructure, web applications, mobile applications, and wireless
networks.

Additionally, ensure that the team members have a solid understanding of the latest hacking
techniques, tools, and methodologies. Consider engaging external pen test firms with proven
track records to bring in fresh perspectives and expertise.

3) Choose a Testing Methodology

Select an appropriate testing methodology based on your objectives and requirements.

Common methodologies include black box, white box, or gray box testing. Black box testing
simulates an external attacker with no prior knowledge of the system, while white box testing
involves deep knowledge of the system’s internal workings. Gray box testing falls
somewhere in between. Choose the methodology that aligns best with your security and
compliance goals.

In addition to selecting a testing methodology, it is essential to consider the specific

techniques that will be employed during the assessment. Some common pen test techniques
include social engineering, API pen test, application security testing, etc.

4) Design the Test

When designing the test plan for pen test, it is essential to create a detailed outline that
includes specific testing activities, techniques, and tools to be utilized. The design of the test
should include the steps that will be followed in the test, along with the allocated times for
each activity. In this phase, it’s crucial to consider any prerequisites that may hinder the test’s
design, such as access credentials or testing agreements, to ensure a smooth and efficient
testing process.

When selecting a security testing framework like OWASP or the NIST CSF, consider the
specific nature of the systems, applications, or networks under examination. Evaluate the
relevance and applicability of the framework’s guidelines to your environment. Taking into
account industry standards, regulatory requirements, and specific security concerns will aid in
choosing the most suitable framework.

Read more on how to select the right security framework for your next penetration test: What
Cybersecurity Framework Works Best for Pen Test?

5) Obtain Authorization

Obtaining authorization from relevant stakeholders is a critical step in the pen test process.
This involves seeking written permission to ensure legal and ethical compliance, prevent
misunderstandings, and mitigate potential disruptions during testing.

When conducting penetration tests on cloud applications or security technologies, it is

essential to consider the requirements and stipulations set by the service provider. Providers
like Amazon Web Services have clear terms and conditions regarding when conducting
an AWS pen test, and it is important to review and follow them.
In some cases, additional authorization may be necessary when working with third-party
providers or cloud services like endpoint detection or firewall testing. This involves seeking
permission from the relevant service providers and complying with their terms of service and
shared responsibility models. Following these guidelines ensures that the engagement
remains within legal boundaries and maintains a safe and compliant environment.

6) Conduct Reconnaissance

The reconnaissance phase involves gathering information about the target systems, networks,
or applications that will be tested. This phase involves the use of both passive and active
information-gathering techniques. Additionally, OSINT tools (open source intelligence) can
be utilized to aid in the reconnaissance process. Passive techniques involve searching
publicly available information, such as corporate websites, social media profiles, job
postings, and dark web intelligence to gain insights into the organization’s infrastructure.
Active techniques, on the other hand, involve network scanning and enumeration to identify
potential entry points.

The goal of reconnaissance is to build a comprehensive profile of the target environment,

including IP ranges, system architecture, software versions, and potential vulnerabilities. This
information serves as a foundation for the subsequent phases of the pen test plan.

Once the scoping, authorizations, and reconnaissance have been completed, it is time for the
pen test exercise to formally begin.

7) Perform an initial Vulnerability Assessment

Conduct a vulnerability assessment to identify potential vulnerabilities within the target

systems and applications. This can involve using automated tools, manual testing techniques,
and examining configuration settings to identify weaknesses. The vulnerability assessment is
used as a baseline to document the known vulnerabilities within the system being tested.

8) Execute the Pen Test

After defining the objectives, scope, and test plan, it is time to execute the penetration test.
During this phase, a combination of manual testing techniques, vulnerability exploitation, and
simulated attack scenarios are used to identify vulnerabilities and assess the effectiveness of
security controls.

By executing the penetration test in line with the defined objectives, scope, and test plan,
organizations can identify vulnerabilities, assess their impact, and make informed decisions
to strengthen their security posture and improve compliance readiness. Partnering with a
modern pen test provider like BreachLock can further optimize the process and deliver
enhanced results to augment the in-house team’s capabilities. With BreachLock’s proprietary
methods that provide early remediation guidance, the in-house team can focus on remediating
critical vulnerabilities in the asset inventory before the pen test is finalized to reach
compliance and security outcomes faster and more affordably than with legacy providers.

For more information on how to select a modern pen test service provider, read The CISO’s
Guide to Pen Test as a Service.
9) Document and Analyze Findings

As part of the pen test process, it is crucial to thoroughly document and analyze the findings.
This involves documenting all identified vulnerabilities, their impact, and the potential risks
associated with them. Additionally, classifying the findings based on severity and likelihood
of exploitation is important for prioritizing remediation efforts effectively and quickly.

When documenting the vulnerabilities, provide detailed information about each one,
including the affected systems, networks, or applications, as well as a clear description of the
vulnerability itself. Document the potential impact the vulnerability could have on the
organization, such as data breaches, system compromises, or service disruptions.

10) Report and Remediate

Prepare a comprehensive report that includes an executive summary, detailed findings, and
recommendations for remediation. The report should provide clear guidance on prioritizing
vulnerabilities based on their severity and offer actionable steps to mitigate the identified
risks. Collaborate closely with stakeholders, including system administrators, developers, and
management, to ensure that the identified vulnerabilities are properly understood and
addressed. Monitor the progress of remediation efforts and maintain effective communication
to ensure accountability and timely resolution.

11) Retest and Validate

After remediation, conduct a retest to verify that the identified vulnerabilities have been
successfully addressed. This step is crucial to validate the effectiveness of the remediation
actions taken and ensure that no new issues have arisen during the process. By retesting and
validating the systems, networks, or applications. Continuous monitoring and retesting are
essential to maintain a proactive and robust security posture in the face of evolving threats.

By following these steps, organizations can effectively plan and execute a penetration test,
enabling them to identify and address security vulnerabilities, enhance their security posture,
and protect their critical assets.

Plan for Success with Pen Testing as a Service

To maintain a robust security posture, pen testing should not be a one-time activity. Rather,
routine testing and regular assessments help DevSecOps teams adapt to evolving threats and
vulnerabilities in the digital landscape. One go-to to accelerate the process is working with a
trusted pen test services provider. This allows organizations to continuously conduct
pentesting as a service with third party security experts without incurring additional staffing
or technology costs.

Creating a pen test plan is an essential way to mitigate critical risks and identify security
vulnerabilities. These plans are particularly important when conducting additional risk and
vulnerability assessments after significant changes, such as system upgrades, cloud
migrations, or the release of new software, applications, or digital services. This proactive
approach helps identify any new vulnerabilities that may have been introduced during these
changes.
As a proven leader in delivering world-class, analyst-recognized Penetration testing as a
Service, BreachLock has the expertise and resources necessary to secure your organization’s
digital assets. Our certified experts provide the highest level of security validation, ensuring
your organization remains protected against evolving threats. Our customer success and in-
house security teams can start your next pen test within one business day. Our goal is to help
clients accelerate meeting their security and compliance goals on time, every time.

"The Attacker's Process" refers to the methodical steps a malicious hacker takes to
compromise a system, typically including reconnaissance, scanning, gaining access,
escalating privileges, maintaining access, and covering tracks; "The Ethical Hacker's Process"
mirrors this methodology but is done with legal authorization to identify vulnerabilities and
improve security by following the same steps, while adhering to ethical guidelines; "Security
Stack" refers to a layered set of security tools and technologies that work together to protect a
system from attacks across different levels, including network, application, and endpoint
security.

Key points about each concept:

 Attacker's Process:

 Reconnaissance: Gathering information about the target system, such as

network topology, open ports, and user details.

 Scanning: Actively probing the network to identify vulnerabilities and

potential entry points.

 Gaining Access: Exploiting a vulnerability to gain initial access to the system.

 Privilege Escalation: Elevating access levels to gain more control within the
system

 Maintaining Access: Installing backdoors or persistent mechanisms to

maintain control after the initial breach

 Covering Tracks: Deleting logs and hiding evidence of the attack

 Ethical Hacker's Process:

 Legal Authorization: Obtaining permission from the system owner to perform

penetration testing

 Scope Definition: Clearly outlining the boundaries of the testing, what systems
can be accessed, and what actions are allowed

 Reporting Vulnerabilities: Documenting discovered vulnerabilities and

providing detailed remediation advice

 Following Ethical Guidelines: Adhering to professional standards and

avoiding unnecessary disruption to operations
 Security Stack:

 Network Security: Firewalls, intrusion detection/prevention systems, network

segmentation to control network traffic

 Endpoint Security: Antivirus software, endpoint detection and response

(EDR), application whitelisting on individual devices

 Application Security: Web application firewalls, secure coding practices to

protect web applications

 Identity and Access Management (IAM): User authentication, authorization

controls, password management systems

 Incident Response: Processes for detecting, investigating, and responding to

security incidents