0

(W01M01) Base Knowledge - Free access

This is a brief article with the goal of introducing the reader to the awesome world of Kali Linux. This is not an exhaustive introduction to this Operating System (OS), but its purpose is just to give an idea of the many possibilities provided by this Linux OS which is born as Pen Testing distro but can be used in several others ways.
Back to Course

Introduction

Hacking has always been an interesting topic for new comers to the field of information technology and information security. It is difficult to imagine the total number of graduates from the computer science who starts their careers in the field of information technology; however, it is possible to count the individuals who have reached a real success. The question is why there is so few survivors? The answer is simple! If you want to be successful in information security, you need to have something that no other individual can present at the same time and with the same level of competence. The tutorials of “Hakin9 – how to become certified ethical hacker” will give you theoretical and practical knowledge on how to become a real White Hat security professional, as well as how to prepare yourself for the ethical hacking certification.

What we will cover

If you have a look on current version of requirements for the ethical hacking certification, you will see that it is very wide and covers hundreds of topic; however, it is clear that: “This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure”. The course will not teach you how to work with computer, or how TCP/IP protocols operates. It will teach you how to hack systems and will help to understand the mechanism around it. You should already have the basic knowledge of computer systems, networking, servers and web applications.

Be Ethical

We expect from our trainees to be ethical and not to use the training tutorials and lab access for any illegal activities. According to the law of different countries, any damage or illegal act can lead to financial penalties or imprisonment.

Certification

Our ethical hacker tutorials will prepare your for the EC Council CEH Certification theoretically and give you a solid foundation.  

What’s not included?

These tutorials will not strictly cover the topic-by-topic learning as it is written in the official slide. Nonetheless, you will receive the most required expertises and security concepts that will help you to for become a certified ethical hacker!

 

Who is a hacker?

Any individual who illegally breaks or attempts to break any security measures in order to get an access or authorization to the system, to which he or she doesn’t have any connection.

Nowadays,  information security industry has categorized these types of individuals according to their their goals.

Types of Hackers

Generally, information security industry devide hackers into three types:

    • Black Hats

The experts in computer security with wide range of extra ordinary computer hacking and cracking skills. Their goals are  always destructive or malicious. They are also called 'crackers' and usually, offensive by nature.

    • Gray Hats

The security experts with wide range of information security experience and computer hacking skills. Their goal in not always destructive. They may work both, offensively and defensively. They may be placed between white hats and black hats. Sometimes, they find bugs & vulnerabilities in various applications and systems, and directly report to the vendors to help them to improve their security.

    • White Hats

Information security professional’s who have gained experience, skills and industry recognitions through the cooperation with different vendors. They are usually hired by different organizations. They are certified ethical hackers and always defensive by nature. In the information security industry there are also other  types of hackers:

    • Script kiddies (unskilled hackers who only used scripts and tools)

    • Spy hackers (insiders hired by organizations for penetrating)

    • Suicide hackers (aim to bring down the critical systems and not worried of facing 30 years in jail)

    • Cyber terrorists (group formed by terrorists organizations)

    • State sponsored hackers (formed by governments to gain access to sensitive information of other governments)

Hacktivism

Hacktivism in defined as anything in hacking, which has a political agenda. It can be performed by any type of hackers with the exception of white hats. An individual who performs such act is termed as hacktivist. So far, in our tutorial we have presented the key information on different types of hackers and the main goals of hacking. At this stage its pretty much clear that you want to be a White Hat Hacker.

Lets move forward to the next level.

Nowadays, to become a certified ethical hacker is not an easy task. You should have enough experience in IT Security area of knowledge and should be up to date with the current IT Security practices. Why? Because organizations believe that YOU will protect them from malicious hackers!

Pre-requisites

Ethical hacking is the real time hacking which is legally performed by security professionals with the aim of finding bugs and vulnerabilities in organizations. Hence, ethical hacker should be an expert in computer networks, application security, networking concepts and other information security concepts. And last but not least, the hands-on experience in Windows and Linux environment, altogether with thenetworking operating systems, will help to become a good security professional.

Hackers Methodology

Many books will provide you with different methodologies and  frameworks on how to hack or, simply, how to perform penetration testing. Lets look at the hacking phases.

The five key hacking phases make the complete cycle of how hacking occurs and how hacker steals or performs destruction.

    1. Reconnaissance

    1. Scanning

    1. Gaining Access

    1. Maintaining Access

    1. Clearing Tracks

Nevertheless, these are the set phases and every hacker has his own way of hacking into systems. The main idea of presented hacking process is to show how exactly hacking is performed.

Essential terminologies in Information Security

Before we start explaining the hacking phases, lets have a look at the following key IT Security terminologies, which are widely used and important  for understanding the overall hacking cycle.

The CIA Triangle

metodology In the field of information security CIA stands for ConfidentialityIntegrity and Availability.

    • Confidentiality

It is assurance that the information that is supposed to be accessed only by specific individual is, actually, only accessible to those people.

    • Integrity

Information is accurate, unchanged and  reliable.

    • Availability

Is the assurance that  systems, applications, resources and data are available on request. In real world, hackers do targets the CIA triangle in order to either access the necessary information or create downtime and make resources unavailable. They may compromise the integrity of the resources and information, which lead to compromising the CIA triangle of the entity.

Essential terminologies in Hacking

It is very important for an ethical hacker to have a deep understanding of the following issues:

    • Vulnerabilities

    • Threats

    • Exploits

    • Payloads

    • Zero-day attack

    • What is Vulnerability?

Vulnerability is generally defined as the weakness. It could be in the design, source of the application, configuration of the IT environment, including people –processes – technologies.

    • What is Threat?

It is a combination of vulnerability and the motivation factors. Threat is also defined as a set of any circumstances or processes that lead to disastrous outcomes.

    • What is Exploit?

A malicious piece of software code that is written to gain an illegitimate access to the IT environment. Exploits are written to use the weakness of the respective environment. It is simply design in a way to break the information security controls.

    • What is a payload?

Payload is simply a part of an exploit; payload is an actual piece of code that is written to perform specific tasks.

    • What is Zero-Day attack?

An attack in which hacker exploits certain vulnerability before launching any patch from the vendor for this vulnerability.

The phases of Ethical Hacking

These are the various phases of hacking:

1) Reconnaissance – the preparatory phase

Reconnaissance is the information-gathering phase in the ethical hacking phases cycle. In this phase Hackers collect as much information about the target as possible. They learn more about the target and prepare strategy for next phases.

Types of reconnaissance

There is two types of Reconnaissance based on the information:

    • Passive Reconnaissance

    • Active Reconnaissance

Passive Reconnaissance

This type of information gathering is performed when hackers doesn’t want to interact with the targeted system or IT environment directly. In this type hackers use publicly available information about target. Example: Social Engineering, Dumpster Diving, and Whois Lookup.

Active Reconnaissance

Similarly, active reconnaissance is performed when the hacker gains more accurate information about the targeted IT environment through direct interaction. Example: Port Scanning.

2) Scanning

Sometimes scanning overlaps with active reconnaissance and  can be called logical extension of the active reconnaissance. Scanning is performed to gain more information about the live systems, informational networks, services running on these systems, and the applications, hosted within the DMZ environment.

Types of Scanning

Scanning can be further categorized into different types, based on the information you are trying to gain about target. Generally, scanning is divided into following three following types:

    • Live Systems Scanning

    • Ports Scanning

    • Vulnerability Scanning

Live System Scanning

Performing all these types of scanning in one go is sometimes quite risky and generates more alerts. Usually hackers and security professionals first, check how many systems that are out of targeted range available (up and running). This is usually performed with the help of live system scanners. ICMP Sweeps are commonly known techniques for gaining this information.

Port Scanning

Port scanning is the next step after understanding which system is live. Now, hackers try to find which ports are open and gather information about the services hosted in these systems. Port scanning is performed by the use of port scanners.

Vulnerability Scanning

This is the last step in scanning phase. It occurs at the end of scanning phase and before the beginning of exploitation. On this phase, hackers identify vulnerabilities in the discovered services from the previous phase. Vulnerability Scanning is performed by use of vulnerability scanners.

3) Gaining Access

This is the phase in which the real hacking attempts are performed.  Here, hackers gain the access to all sensitive information. Hackers reach the goal  by achieving the set motive, for instance, gaining the access to databases or operating system or defacing the public website of the targeted organization. Actual damage occurs in this phase. This is the most critical part of hacking phases.

4) Maintaining Access

In this phase hackers use the compromised system to further propagate their access and, by applying the similar methodology, use the compromised system as base system. For such purposes deployment of Trojans are useful.

5) Clearing Tracks

Once the system is compromised and hackers have played with the system and performed the tasks to maintain the access,  they clean their tracks by means of clearing log trails. At this stage you understands the basics of how hackers compromise the system by using set of methodologies and different phases.

Summary

In this module we have presented the introductory information to build the knowledge base, which will help you in other modules.

Lab Requirement

This module doesn’t require lab hands-on training separately; however, upcoming modules labs will inherently cover this module.  

SEE ALL Add a note
YOU
Add your Comment
 

Certificate Code

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
Please review your information and consent to the processing of your personal data.(Required)
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?
Please review your information and consent to the processing of your personal data.(Required)

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.