Techniques Used by Hackers Flashcards
White Hats
Good guy, ethical hackers, often hired by a company to test and improve security
Black Hats
Bad guys, crackers illegally using skills for malicious intent.
Gray Hats
In between white and black hats, too curious about tools and techniques
Phases of ethical hacking
Recon->Scanning and enumeration->Gaining Access->Maintaining Access->Covering Tracks
Reconnaissance
Steps taken to gather evidence and info on target
Active vs Passive Reconnaissance
Active: uses tools and techniques that may or may not be discovered, puts you at risk of discovery, E.G checking doors and gates or spear fishing.
Passive: Gathering info about your target without them knowing. Social Engineering, Dumpster diving, network sniffing, Google Hacking
Passive recon tools
netcraft, archive.org, Google Alerts
Scanning and Enumeration
Gather more in depth info using info gathered during recon. running network mapper, vulnerability scanner, NMAP
Gaining Access
Leverage attacks against the targets enumerated in phase 2
Maintaining Access
Hackers try to ensure that they have a back door into the system through the use of rootkits or trojans, the system can be used to launch further attacks or gather more information
Covering Tracks
Disable,clear,alter,or corrupt log files. Delete temp files or folders, hide files with hidden attributes or directories.
Sql Injection
When user input gets interpreted as sql code you can get yourself into real trouble, potentially allowing users to get access to your system or information about your system.
XSS
An attacker injects client-side script into web pages viewed by other users. Essentially crackers enter scripts into an area that other users interact with, when unsuspecting users go into that part of the site, the script runs rather the intended websites functionality.
