6 - Ethical Hacking Flashcards
Threat modelling
Thinking how an adversary would attack a system
White box Testing
Full info shared with testers. Confirms efficacy of internal assessment
BlackBox texting
No info shared with testers about internals.
Identifies ways to access internal IT assets
Attack steps
- Reconaissance
- Scanning
- Gaining Access
- Maintaining Access
- Covering Tracks
Passive Recon
GAther info without any engagement with victim
Active Recon
- Engage with target to gather info
Maltego
Open source intel and graphical link analysis tool
Protection against reconaissance
- Training, Polices, config
- Firewall
- IDS and Net monitoring
- Disable ‘banner display’
- Limit information made public
Scanning
Find entry points and obtain a network map w/ vulnerabilities etc
Scanning example info
- If alive
- Open ports
- protocols
- services
- OS ver
…
Scanning techniques
- ping/ping sweep
- banner grabbing
- web based dir enumeration
- firewall enumeration & fingerprinting
- DNS enumeration
Ping/ping sweep
FInd out if a machine is alive (sweep = scanning several)
Sweeps can be blocked
Banner Grabbing
Provides details of OS and running apps on a server on a log in message
Firewall enumeration
Used to find what is allowed and what is denied
Firewalk
A network auditing tool that detects misconfigurations
NIDS
Network Intrusion Detection System
Detect scans for particular firewall ports
DNS Enumeration
Locating all DNS servers and records.
For admins this helps maintain control of location of physical servers within a network
Hackers can try to “poison” DNS records to go to them
Port scanning mechanic using TCP/UDP
Send TCP or UDP to all ports and see responses
Port scan uses
- Hackers use to determine existance of hosts
- Security Pros: Determine rogue servers and close uneccessary ports
Gaining Access
Exploiting one or more vulnerabilities
Main vulnerabilities
- Bad config
- Assets used incorrectly
- Software/Hardware/Network
- Humans
- Physical environment
- Organisation
Attack Surface
A network might include: services and apps, auth, management sys, remote access
Web app: inputs, queries HTTP components, functions
Access Vector
How the hacker uses a attack surface to access.
Local: physical access
Remote: Remote Procedure Call for example
Privilege Escalation
Taking advantage of flaws to grant elevated access to system/network
Vertical Privilege Escalation
Lower privilege user/app gains ability to access higher priv users or apps
Horizontal Privilege Escalation
Notmal user gains abilities reserved for other normal users
Preventing privilege escalation
- Updates
- Run apps without admin when possible
- Run host based IDS on key servers
Maintaining access
Installing a backdoor to get back in
Rootkit
Installed at kernel level and conceals its existence from users and the system
Pentest Challenges
- Time, cost resources
- Scope
- Authorisation/Legal
- Protection/confidentiality of results
- Methodology choice
- Communication
- Reporting
