Hacking is broken up into 5 phases: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and finally Clearing tracks. As a penetration tester we must follow two additional steps, obtaining written permission and reporting. Following and understanding these phases are critical to a successful penetration test. Let's dive in a little deeper and see what each phase means to us.
Written permission: Before we can start any penetration test we need to obtain written permission from a individual that has the proper authority to authorize our penetration test (CTO, CIO, CEO, etc.). As part of this documentation we must list clearly the scope of the project, expectations, hours of operation, participants, start and end date, who authorized the penetration test. Do not start any penetration test without this! This form is our "Get out of jail free" card should something go wrong or change. This also means that we must be very strict in staying within the written scope of our project.
Reconnaissance: Is the initial phase in any hack or penetration test. In this phase the attacker attempts to collect information about the target prior to the attack. The attacker will typically employ passive methods such as Google searches, visiting the target's website, finding out more about the organization, employees, news, and any other useful information that can be used. Active methods can be probing the target with a phishing email or vishing (phone call) posing as a computer technician to gain more information.
Scanning: Is the pre-attack phase when the attacker scans the network for information. Port scanning, OS details, service types, system uptime, etc. is done at this time. The attacker will typically employ network scanners, ping tools, vulnerability scanners.
Gaining Access: Is the phase in which the hacker or penetration tester attempt to gain access to the target's operating system or application. Password cracking, buffer overflows, DDOS, credential harvesting, etc. are some methods to this goal. Once they gain access we will attempt to escalate our privileges.
Maintaining Access: Is the phase where the hacker or penetration tester will try to maintain their access on the system. This can include creating additional accounts on the network, Trojans, backdoors, and rootkits. The importance of this is they attacker can always return to the network at a later time of their choosing.
Clearing Tracks: Once the hacker or penetration tester has maintained their access they will try to cover their tracks. Clearing system logs and other traces that they were on the network in order to not raise suspicion.
Reporting: Is the phase that the penetration tester compiles all of the information that they have collected in order to help secure the company that has hired them. The reports should be clear, concise, and easy to understand for the client
Comments
Post a Comment