Ethical Hacking & Cyber Security
What is Ethical Hacking?
Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers. This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them.
Also known as “white hats,” ethical hackers are security experts that perform these assessments. The proactive work they do helps to improve an organization’s security posture. With prior approval from the organization or owner of the IT asset, the mission of ethical hacking is opposite from malicious hacking.
Five phases of hacking
There are 5 phases of hacking
Reconnaissance :- This is the first phase in which the hacker tries to gather information about the target. It can include identifying the target, determining a range of IP addresses, network, DNS records, etc. Suppose an attacker is about to hack website contacts.
It can do this through: using a search engine like maltego, researching a target like a website (checking links, vacancies, job titles, emails, news, etc.), or a tool like HTTPTrack. to download an entire website for listing later, a hacker can determine the following: employee names, job titles, and email addresses.
Scanning :- This phase involves using tools such as dialers, port scanners, network mappers, cleaners, and vulnerability scanners to scan data. Now, hackers are probably looking for any information that could help them in an attack, such as computer names, IP addresses, and user accounts. Now that the hacker has some basic information, the hacker moves on to the next stage and starts checking the network for other attack paths. The hacker decides to use several methods for this to help map the network (e.g. Kali Linux, Maltego and find an email address that can be contacted to find out which email server is being used). The hacker is looking for an automated email if possible, or based on the information gathered, he might decide to send HR with a job posting request.
Gaining Access :- At this stage, the hacker develops a plan for the target’s network using the data collected in stages 1 and 2. The hacker has completed counting and scanning the network and now decides that they have several options to gain access to the network.
Let s take Phishing Attack as a example.
The hacker decides to play it safe and use a simple phishing attack to gain access. The hacker decides to infiltrate the IT department. They see that several people have been hired recently and are probably not up to date with all the procedures yet. The phishing email will be sent using the CTO’s actual email address using the program and sent to the technicians. The letter contains a phishing site that will collect their logins and passwords. Using any number of options (phone app, website email etc.), the Hacker sends an email asking users to log into the new Google portal with their credentials. They already have a set of social engineering tools running, and they sent an email with the server address to users, disguised with bitly or tinyurl.
Maintaining Access :- Once a hacker has gained access, he wants to maintain that access for future attacks and attacks. Once a hacker becomes the owner of the system, he can use it as a base for additional attacks.
In this case, the native system is sometimes referred to as a zombie system. Now that the hacker has multiple email accounts, the hacker starts testing the accounts on the domain. From this point on, the hacker creates a new administrator account for himself based on the naming structure and tries to merge with it. As a precautionary measure, the hacker starts looking for and identifying accounts that have not been used for a long time. The hacker assumes that these accounts are probably either forgotten or not used, so they change the password and elevate the administrator privileges as an additional account in order to maintain access to the network. A hacker can also send emails to other users with a used file, such as a reverse-shell PDF, to increase their possible access. There will be no overt exploitation or attacks at this time. If there is no evidence of detection, a wait-and-see game is played, allowing the victim to think that nothing has been disturbed. With access to the IT account, the hacker starts making copies of all emails, appointments, contacts, instant messages and files for sorting and later use.
Clearing Tracks :- Before the attack, the attacker changed his MAC address and launched the attacking computer through at least one VPN to hide his identity. They will not make a direct attack or any scanning method that would be considered “noisy”.
After gaining access and elevating privileges, the hacker tries to cover his tracks. This includes clearing sent emails, clearing server logs, temporary files, etc. The hacker will also look for signs that the email provider is warning the user, or possible unauthorized logins under his account.
Cyber Security
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, altering, or destroying confidential information, extortion of money from users, or interruption of normal business processes.
Types of cybersecurity threats
Phishing :- Phishing is the practice of sending fraudulent emails that resemble emails from reputable sources. The goal is to steal sensitive data such as credit card numbers and login details. This is the most common type of cyberattack. You can protect yourself with an education or technology solution that filters malicious emails.
Ransomware:- Ransomware is a type of malware. It is designed to extort money by blocking access to files or the computer system until the ransom is paid. Paying the ransom does not guarantee that the files will be restored or the system will be restored.
Malware :- Malware is a type of software designed to gain unauthorized access to or damage your computer.
Social engineering:-Social engineering is a tactic that attackers use to trick you into revealing sensitive information. They may ask for a payment or access your sensitive information. Social engineering can be combined with any of the above threats to increase the likelihood of clicking links, downloading malware, or trusting a malicious source.
Machine Learning in Cyber Security
Machine learning has become a vital technology for cybersecurity. Machine learning proactively eliminates cyber threats and hardens security infrastructure through pattern detection, real-time cybercrime mapping, and rigorous penetration testing. A subset of artificial intelligence, machine learning uses algorithms born from previous datasets and statistical analysis to make assumptions about the behavior of a computer. The computer can then adjust its actions and even perform functions for which it was not explicitly programmed. With the ability to sort millions of files and identify potentially harmful files, machine learning is increasingly being used to detect threats and automatically remediate them before they can cause damage.
Differences between Cyber Security and Ethical Hacking
Cybersecurity personnel are often hired by the company they protect and spend their days trying to cover up all the crimes, flaws, viruses, and weaknesses. Ethical hackers are often freelance professionals who are hired by companies to bring threats to their company so they can see where they might be most vulnerable.
