Contents

CEH-Module1 - Introduction to Ethical Hacking

Website Visitors:

CIA Triad

The CIA Triad is a foundational model in information security used to guide policies for protecting sensitive information. It stands for:

  1. Confidentiality: Ensuring that information is only accessible to those who are authorized to access it. It involves preventing unauthorized access or disclosure of information.

  2. Integrity: Guarantees that information is accurate, reliable, and has not been altered by unauthorized individuals or malicious software. Integrity ensures that data remains unchanged and trustworthy.

  3. Availability: Ensuring that information and resources are available and accessible to authorized users whenever needed. This involves maintaining systems, networks, and data to be operational and usable when required.

The CIA Triad forms the basis for designing and implementing security controls and measures to protect information assets. By focusing on these three core principles, organizations can develop strategies, policies, and technologies to safeguard their data and systems from various threats and risks.

Different types of attacks in cybersecurity

  1. Passive Attacks:

    • Passive attacks attempt to intercept and monitor data transmissions without altering the data itself. The primary goal is to gain unauthorized access to sensitive information. Examples include eavesdropping, sniffing network traffic, and monitoring.
  2. Active Attacks:

    • Active attacks involve modifying or destroying data, disrupting services, or gaining unauthorized access to systems. These attacks directly affect the integrity and availability of data. Examples include malware infections, denial-of-service (DoS) attacks, and man-in-the-middle attacks.
  3. Close-in Attacks:

    • Close-in attacks refer to threats or attacks that occur within close proximity to the target system or physical infrastructure. These attacks might involve physical access to devices, exploiting vulnerabilities, or using techniques like signal interception in close vicinity to the target.
  4. Insider Attacks:

    • Insider attacks occur when a threat actor, typically an individual with authorized access or privileges within an organization, deliberately exploits their access rights to cause harm. These attacks can involve data theft, sabotage, or unauthorized access to sensitive information.
  5. Distributed Attacks:

    • Distributed attacks involve multiple sources or nodes coordinating to launch an attack on a target. Distributed Denial-of-Service (DDoS) attacks are a common example, where numerous compromised devices work together to flood a target system with traffic, causing it to become unavailable.

Offensive and Defensive

In cybersecurity, “offensive” and “defensive” are terms used to describe different approaches and strategies employed to protect systems, networks, and data or, conversely, to exploit vulnerabilities for various purposes.

Offensive Security (Red Teaming / Penetration Testing):

  • Penetration Testing: Involves simulating cyber attacks to identify vulnerabilities within a system or network.
  • Ethical Hacking: Ethical hackers, also known as penetration testers, mimic the techniques used by malicious hackers to uncover weaknesses that could be exploited.
  • Exploit Development: Involves creating or using tools and techniques to take advantage of vulnerabilities for testing or educational purposes.

Defensive Security (Blue Teaming):

  • Cyber Defense: Focuses on safeguarding systems, networks, and data against cyber attacks and unauthorized access.
  • Security Monitoring: Involves continuous monitoring of systems to detect and respond to security threats in real-time.
  • Incident Response: Involves procedures and protocols to address and mitigate the effects of a cyber attack when it occurs.

While offensive security involves testing and exploiting vulnerabilities to strengthen defenses, defensive security concentrates on preventing, detecting, and responding to potential threats to protect systems and data from attacks. Both approaches are crucial in creating robust cybersecurity measures.

Methodology

  • Footprint and reconnisance

  • Scanning

  • System hacking

  • Maintaining access

  • Clear logs

Cyber Kill Chain Methodology

It is a process of defense for identification and prevention of attacks. Using this methodology we can identify the steeps used by our adversary in an attack.

These are the stages of a cyber attack known as the Cyber Kill Chain:

  1. Reconnaissance: Gathering information about the target.
  2. Weaponization: Developing or obtaining the tools needed for the attack.
  3. Delivery: Sending the malicious payload to the target.
  4. Exploitation: Taking advantage of vulnerabilities to execute the attack.
  5. Installation: Install malware in the target’s system.
  6. Command and Control: Maintaining control over the compromised system.
  7. Actions/Attacks: Carrying out the intended malicious activities.

Tactics, Techniques and Procedures

Tactics– The overall goals behind the attack and the general strategies followed by the threat actor to implement the attack. For example, the threat actor’s goal may be to infiltrate a website to steal customer credit card information.

Techniques– The technical method used by the threat actor to engage in the attack, such as e-skimming, magecart, javascript injection attacks, or cross-site scripting (XSS).

Procedures– The step-by-step description of the attack, including the tools and methods used to orchestrate it. Cybersecurity analysts most often use an attack’s procedures to help create a profile or fingerprint for a threat actor or threat group.

Mitre Attack Framework

The MITRE ATT&CK framework is a detailed knowledge base that outlines the tactics, techniques, and procedures used by cyber attackers. It helps cybersecurity professionals understand, detect, and defend against various types of cyber threats by categorizing how adversaries behave and operate during attacks. This framework is a valuable resource for threat detection, risk assessment, red teaming, tool evaluation, and overall cybersecurity strategy development.

Diamond Model for Intrusion Analysis

The diamond model of intrusion analysis is an approach employed by several information security professionals to authenticate and track cyber threats. According to this approach, every incident can be depicted as a diamond. This methodology underlines the relationships and characteristics of four components of the diamond—adversary, capability, infrastructure, and victim. These four core elements are connected to delineate the relationship between each other which can be analytically examined to further uncover insights and gain knowledge of malicious activities.

Image
  • Adversary: An opponent who was behind the attack
  • Victim: Target who was exploited or where the attack was performed.
  • Capability: Attack strategy or how the attack happened
  • Infrastructure: What the adversary used to reach the victim
  • Image Source

    What is Hacking

    Hacking is exploiting system vulnerabilities and compromising security controls to gain unauthorized and inappropriate access to system’s resources.There are generally 10-types of Hackers, they are:

    • White Hat Hackers: White hat hackers are the one who is authorized or the certified hackers who work for the government and organizations by performing penetration testing and identifying loopholes in their cybersecurity. They also ensure the protection from the malicious cyber crimes. They work under the rules and regulations provided by the government, that’s why they are called Ethical hackers or Cybersecurity experts.

    • Black Hat Hackers: They are often called Crackers. Black Hat Hackers can gain the unauthorized access of your system and destroy your vital data. The method of attacking they use common hacking practices they have learned earlier. They are considered to be as criminals and can be easily identified because of their malicious actions.

    • Gray Hat Hackers: Gray hat hackers fall somewhere in the category between white hat and black hat hackers. They are not legally authorized hackers. They work with both good and bad intentions; they can use their skills for personal gain. It all depends upon the hacker. If a gray hat hacker uses his skill for his personal gains, he/she is considered as black hat hackers.

    • Script Kiddies: They are the most dangerous people in terms of hackers. A Script kiddie is an unskilled person who uses scripts or downloads tools available for hacking provided by other hackers. They attempt to attack computer systems and networks and deface websites. Their main purpose is to impress their friends and society. Generally, Script Kiddies are juveniles who are unskilled about hacking.

    • Green Hat Hackers: They are also amateurs in the world of hacking but they are bit different from script kiddies. They care about hacking and strive to become full-blown hackers. They are inspired by the hackers and ask them few questions about. While hackers are answering their question they will listen to its novelty.

    • Blue Hat Hackers: They are much like the white hat hackers; they work for companies for security testing of their software right before the product launch. Blue hat hackers are outsourced by the company unlike white hat hackers which are employed by the (part of the) company.

    • Red Hat Hackers: They are also known as the eagle-eyed hackers. Like white hat hackers, red hat hackers also aims to halt the black hat hackers. There is a major difference in the way they operate. They become ruthless while dealing with malware actions of the black hat hackers. Red hat hacker will keep on attacking the hacker aggressively that the hacker may know it as well have to replace the whole system.

    • State/Nation Sponsored Hackers: State or Nation sponsored hackers are those who are appointed by the government to provide them cybersecurity and to gain confidential information from other countries to stay at the top or to avoid any kind of danger to the country. They are highly paid government workers.

    • Hacktivist: These are also called the online versions of the activists. Hacktivist is a hacker or a group of anonymous hackers who gain unauthorized access to government’s computer files and networks for further social or political ends.

    • Malicious Insider or Whistleblower: A malicious insider or a whistleblower could be an employee of a company or a government agency with a grudge or a strategic employee who becomes aware of any illegal activities happening within the organization and can blackmail the organization for his/her personal gain.

    • Suicide Hackers: individuals who bring down infrastructure for a cause and don’t care about going to jail.

    What is Ethical Hacking

    Ethical hacking is the practice of performing security assessments using the same techniques that hackers use, but with proper approvals and authorization from the organization you’re hacking into. The goal is to use cybercriminals’ tactics, techniques, and strategies to locate potential weaknesses and reinforce an organization’s protection from data and security breaches.

    Your inbox needs more DevOps articles.

    Subscribe to get our latest content by email.