Skip to main content

The phases of Hacking

Hacking is broken up into 5 phases: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and finally Clearing tracks. As a penetration tester we must follow two additional steps, obtaining written permission and reporting. Following and understanding these phases are critical to a successful penetration test. Let's dive in a little deeper and see what each phase means to us.

 

Written permission: Before we can start any penetration test we need to obtain written permission from a individual that has the proper authority to authorize our penetration test (CTO, CIO, CEO, etc.). As part of this documentation we must list clearly the scope of the project, expectations, hours of operation, participants, start and end date, who authorized the penetration test. Do not start any penetration test without this! This form is our "Get out of jail free" card should something go wrong or change. This also means that we must be very strict in staying within the written scope of our project.

 

Reconnaissance: Is the initial phase in any hack or penetration test. In this phase the attacker attempts to collect information about the target prior to the attack. The attacker will typically employ passive methods such as Google searches, visiting the target's website, finding out more about the organization, employees, news, and any other useful information that can be used. Active methods can be probing the target with a phishing email or vishing (phone call) posing as a computer technician to gain more information.

 

Scanning: Is the pre-attack phase when the attacker scans the network for information. Port scanning, OS details, service types, system uptime, etc. is done at this time. The attacker will typically employ network scanners, ping tools, vulnerability scanners.

 

Gaining Access: Is the phase in which the hacker or penetration tester attempt to gain access to the target's operating system or application. Password cracking, buffer overflows, DDOS, credential harvesting, etc. are some methods to this goal. Once they gain access we will attempt to escalate our privileges.

 

Maintaining Access: Is the phase where the hacker or penetration tester will try to maintain their access on the system. This can include creating additional accounts on the network, Trojans, backdoors, and rootkits. The importance of this is they attacker can always return to the network at a later time of their choosing.

 

Clearing Tracks: Once the hacker or penetration tester has maintained their access they will try to cover their tracks. Clearing system logs and other traces that they were on the network in order to not raise suspicion.

 

Reporting: Is the phase that the penetration tester compiles all of the information that they have collected in order to help secure the company that has hired them. The reports should be clear, concise, and easy to understand for the client

Comments

Popular posts from this blog

How to hack wifi in Windows 7/8/8.1/10 without any software | using with cmd

How to Hack Wifi password using cmd Hello Friends, In this article we will share some tricks that can help you to hack wifi password using cmd. Youcan experiment these trick with your neighbors or friends. It’s not necessarily that this trick will work with every wifi because of upgraded hardware. But you can still try this crack with wifi having old modems or routers. 1: WEP: Wired Equivalent Privacy (WEP) is one of the widely used security key in wifi devices. It is also the oldest and most popular key and was added in 1999. WEP uses 128 bit and 256-bit encryption. With the help of this tutorial, you can easily get into 128-bit encryption and Hack WiFi password using CMD. 2: WAP and WAP2: Wi-Fi Protected Access is an another version of WiFi encryption and was first used in 2003. It uses the 256-bit encryption model and is tough to hack. WAP2 is an updated version of WAP and was introduced in 2006. Since then it has replaced WAP and is now been used mostly in offices and colle...

A Beginner’s Guide to Getting Started with Bitcoin

A man looks for Bitcoin Oasis If you have heard about blockchain or cryptocurrency, then the term that initially comes to mind is Bitcoin . Launched 12 years ago, it was the late 2017 bull run that created a media frenzy that propelled Bitcoin into the mainstream and our modern day lexicon. Often labeled as the “original” cryptocurrency, Bitcoin has been the catalyst (directly and/or indirectly) behind many new innovations in the blockchain and digital asset space, most notably Ethereum and Monero . Shortly after the late 2017 bull run lost its steam, interest in these new technologies started to fade ― but here we are in 2021 with Bitcoin having risen like a phoenix from the ashes. As you would assume, an appetite for the blockchain and digital asset space has returned and now it is more important than ever that we understand what exactly is behind this unique asset, Bitcoin. This article is meant to be a guide for individuals who are new to cryptocurren...

Copilot - Microsoft is gearing up to introduce its AI companion

 Microsoft is gearing up to introduce its AI companion, Copilot, this upcoming fall season. The highly-anticipated rollout is scheduled for September 26, with Copilot poised to seamlessly integrate with various Microsoft services, including Windows 11 and Microsoft 365. Additionally, enterprise customers can look forward to the availability of a new AI assistant, Microsoft 365 Chat, starting in November. Copilot, described by Yusuf Mehdi, Corporate Vice President and Consumer Chief Marketing Officer at Microsoft, as an "everyday AI companion," aims to make your daily workflow smoother and more efficient. Its primary goal is to embed an AI-powered "copilot" within Microsoft's most popular products, ensuring widespread accessibility. What distinguishes Copilot from other AI assistants is its focus on integration. Rather than operating in isolation within specific applications, Copilot promises a seamless user experience across multiple Microsoft products. This com...