It is a practice of protecting programs, networks, computer systems, and their components from unauthorized digital access and attacks.

CIA Triad

Confidentiality It ensures that information is only accessible to those who are authorized to view it. It prevents unauthorized individuals or systems from accessing sensitive or private information.

Integrity It ensures that information remains accurate, consistent, and unaltered during storage, transmission, and processing

Availability It ensures that information and resources are accessible to authorized users when needed

Ethical hacking It is a process in which a system's vulnerability is discovered and exploited

Binary Executables These are files containing machine code that a CPU can execute directly

C source code It is written in the C programming language, which is a high-level language. This code is human-readable and needs to be compiled into machine code for execution.

Processor architectures/ Instruction set architectures (ISAs)

It defines the set of instructions that a CPU can execute

Types: x86 Architecture A family of instruction set architectures initially developed by Intel

ARM Architecture A RISC (Reduced Instruction Set Computing) architecture known for its power efficiency and simplicity. It has various versions including ARMv7 (32-bit) and ARMv8 (64-bit).

SPARC Architecture A RISC architecture developed by Sun Microsystems. It is used primarily in high-performance workstations and servers.

Hacking

It is the act of gaining unauthorized access to computer systems, networks, or data. It often involves exploiting vulnerabilities to manipulate or extract information.

Types of Hacking

White Hat Hacking:

It is performed by security professionals to find and fix security vulnerabilities. White hat hackers work to improve security. Ex. Penetration tester

Black Hat Hacking:

It is aimed at stealing, damaging, or disrupting systems and data. Black hat hackers operate without permission and with harmful intent.

Gray Hat Hacking

It involves finding vulnerabilities without malicious intent, but without permission. Gray hat hackers might inform the organization of the issue without causing harm. Ex. Security Researcher

Script Kiddies

Inexperienced hackers who use pre-written tools and scripts to exploit vulnerabilities without a deep understanding of how they work

Phishing

A deceptive technique where attackers impersonate legitimate entities to trick individuals into revealing sensitive information, such as login credentials. Ex. Fraudulent Email

Tools required

Tcpdump It is a command-line tool for capturing and analyzing network packets

Wireshark It is a graphical network protocol analyzer that provides a more detailed and visual representation of network traffic

What hackers search for?

1. Organizations that publicly disclose detailed information about their software, hardware, and devices.

2. It is easiest to steal information when you have physical access to a device such as a smartphone or a personal computer.

3. If a hacker cannot find any vulnerability yet in a system that he wants to hack, the next thing that he will try to find is where a computer system is. This will allow him to further study vulnerabilities through social engineering, dumpster diving, or even gaining physical access to a targeted device

Terms

Sweep

It involves scanning or searching through a network, system, or database to identify vulnerabilities, open ports, or other weaknesses.

Snoop

It is secretly watching or monitoring network traffic or communications to gather information without permission.

Phish

It is a scam where attackers pretend to be a trustworthy entity to trick people into revealing sensitive information, such as passwords or credit card numbers.

Spoof

It is a deception technique where a hacker imitates or pretends to be another person, organization, software, or a website.

IP Spoofing: How IP spoofing works?

1. The attacker first identifies an IP address that is trusted by the target network

2. The attacker crafts packets with the forged source IP address, which is the address of the trusted system.

Where it is used? Distributed Denial of Service (DDoS) Attacks Man-in-the-Middle Attacks Session Hijacking

DNS Spoofing/DNS Cache Poisoning: It is a technique used to manipulate DNS responses to redirect users from legitimate websites to malicious ones. In a DNS spoofing attack, the attacker injects false DNS responses into the DNS cache of a DNS server or client. This is done by sending malicious DNS responses to the target DNS server or client, which contain incorrect IP addresses for the domain names being queried.

Email Spoofing It is a technique used by attackers to disguise the sender of an email, making it appear as if the email is coming from a legitimate or trusted source.

How to prevent this?

1. Check for these credentials:

SPF (Sender Policy Framework): Define which IP addresses are allowed to send emails on behalf of your domain. DKIM (DomainKeys Identified Mail): Use cryptographic signatures to verify the authenticity of the email’s content and sender. DMARC (Domain-based Message Authentication, Reporting & Conformance): Combine SPF and DKIM to provide a unified policy for email authentication and reporting.

How to see this in a mail?

1. Open the Email

2. Click on the three vertical dots (more options) in the top-right corner of the email.

3. Select "Show original" from the dropdown menu.

Phone Number Spoofing It involves manipulating the caller ID information that appears on a recipient's phone to make it look like the call is coming from a different number than it actually is.

ARP Spoofing/ARP Poisoning It is an attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local network.

Important websites

Whois

Website

Search for a specific keyword in a website site:example.com keyword

Search for a specific filetype site:example.com filetype:swf company_name Ex. site:microsoft.com filetype:pdf "annual report"

Reconnaissance

It refers to the process of gathering information about a target system or network to understand its structure, vulnerabilities, and other details before launching an attack

Active Reconnaissance

It involves direct interaction with the target system. The attacker modifies, disrupts, or interferes with the normal functioning of the system to achieve their goals

Example Man-in-the-Middle (MitM) (Ex. An attacker intercepts data sent between a user and a website, potentially altering the content or stealing credentials) Denial of Service (DoS) (Ex. An attacker sends a massive amount of traffic to a web server, causing it to crash or become unresponsive) SQL Injection (Ex. An attacker inputs SQL commands into a web form to retrieve unauthorized data from a database.) Phishing (Ex. A phishing email pretending to be from a bank asks users to click on a link and enter their login credentials.) Brute Force Attack (Ex. An attacker uses automated tools to guess a user’s password through repeated attempts.)

War Driving: This involves driving around with a laptop or smartphone that scans for Wi-Fi networks. The aim is to find unsecured (or poorly secured) Wi-Fi networks. Ex. Imagine you’re driving around a city with a Wi-Fi scanner app. The app picks up signals from various networks, and you find one that doesn’t have a password. This network could be an easy target for someone wanting to gain unauthorized access.

Dumpster Diving This involves searching through discarded documents or devices to find valuable information. The goal is to recover sensitive or useful data that’s been thrown away. Ex. You find a discarded hard drive in the trash and discover it contains sensitive company files that could be used for malicious purposes.

Masquerading The goal is to gain access to information or systems that you’re not supposed to access by mimicking an authorized user. Ex. You call a company’s IT support and pose as an employee who has forgotten their password, tricking the support staff into giving you access to the company's internal network. (**Note: **Spoofing involves falsifying data to appear as a trusted source, while masquerading involves impersonating a specific individual or entity to gain unauthorized access or deceive)

Passive Reconnaissance

It involves monitoring or eavesdropping on communication without directly interacting with the target. The goal is to gather information without altering or disrupting the system or data.

Characteristics:

Non-Intrusive: The attacker does not alter the data or interfere with the system. Stealth: Passive attacks are more difficult to detect because they don’t leave noticeable traces. Information Gathering: The attacker focuses on collecting data or observing patterns.

Examples: Eavesdropping (Ex. An attacker captures and reads unencrypted email communications or network packets) Traffic Analysis (Ex. An attacker examines packet sizes, timings, and frequencies to infer the nature of the communication) Sniffing (The attacker uses network sniffers to capture data packets transmitted over a network) Shoulder Surfing (An attacker watches someone enter their PIN at an ATM or login credentials on a computer) Session Hijacking (Ex. An attacker steals a session cookie from a web application to impersonate the user.)

Intrusion Prevention System (IPS)

It is a security tool designed to monitor network traffic and block malicious activities in real-time.

It analyzes network traffic and identifies suspicious behavior or potential threats, such as port scans, which are attempts to map out your network’s open ports.

Firewall

It is a software that controls the flow of network traffic between your computer or network and the outside world.

The firewall inspects incoming and outgoing traffic based on predefined security rules. It decides whether to allow or block specific traffic based on criteria such as IP addresses, ports, and protocols.

Antivirus

It is designed to detect, prevent, and remove malicious software (malware) such as viruses, worms, trojans, and ransomware.

Signature-Based Detection: Scans files and programs for known malware signatures (unique patterns or characteristics of malicious code).

Tools

Cain & Abel It is a password recovery tool for Windows. It offers various features for recovering passwords, analyzing network traffic, and more.

Burp Suite password recovery tool for Windows. It offers various features for recovering passwords, analyzing network traffic, and more.

Ettercap Description: Ettercap is a network security tool used for man-in-the-middle (MitM) attacks. It allows attackers to intercept and manipulate network traffic.

John the Ripper Description: John the Ripper is a powerful password-cracking tool that uses various methods to crack encrypted passwords. Brute Force and Dictionary Attacks: Supports multiple attack modes, including dictionary and brute force attacks.

Metasploit It is a widely used penetration testing framework that helps identify and exploit security vulnerabilities.

6. Wireshark Description: Wireshark is a network protocol analyzer that captures and inspects network traffic in real-time.

7. Aircrack-ng Description: Aircrack-ng is a suite of tools used for analyzing and cracking wireless network security.

Networking Modes

1. NAT (Network Address Translation) It allows the VM to access external networks by sharing the host’s network connection.

How it works? The VM gets a private IP address within a private network range. The host system translates the private IP address of the VM into its public IP address for outbound traffic. Responses from the external network are routed back to the VM via the host.

2. Bridged Networking It connects the VM directly to the physical network through the host’s network adapter. The VM appears as a separate device on the same network as the host. The VM gets an IP address from the same network as the host

3. Host-only Networking It creates a network that is isolated from the external network but allows communication between the host and the VM(s). The VM is assigned an IP address within a private network range that is only accessible to the host and other VMs on the same host-only network.

Man-in-the-Middle (MitM) Attack:

It occurs when a hacker intercepts and potentially alters the communication between two parties without their knowledge.

1. ARP Spoofing (Done using Backtrack)

2. Intercepting Data, Data Manipulation happens

Password Cracking

Password Hashing This is a process that transforms a password into a fixed-length string of characters, called a hash. This transformation is done using a mathematical function known as a hash algorithm. Examples include MD5, SHA-1, and SHA-256. Hash functions are designed to be one-way, meaning you can generate a hash from a password, but you cannot reverse the hash back into the original password.

Salt is a random value added to a password before hashing it. The purpose of the salt is to ensure that even if two users have the same password, their hashed values will be different. It prevents duplicate hashes and mitigate rainbow attacks

Attacks to recover password:

Dictionary Attacks This method uses a list of commonly used words and phrases (like a dictionary) to guess passwords. It tries passwords from this list to see if any match the target’s password. This identifies weak passwords like password, welcome, 12345 etc

Brute-Force Attacks This method tries every possible combination of characters until it finds the correct password Strong passwords with many characters and a mix of different types are very slow to crack

Rainbow Table Attacks This method uses precomputed tables of hashes to crack hashed passwords quickly. Rainbow tables are essentially large lists of hashes corresponding to common passwords

Keystroke Logging This technique involves capturing every keystroke a user types on their keyboard, which can include passwords and other sensitive information. It can be detected by antivirus software

Weak BIOS Passwords A password set to protect the BIOS settings of a computer, which controls hardware configurations. You can reset a BIOS password by changing a jumper on the motherboard or removing the CMOS battery, which clears the BIOS settings

Tools: John the Ripper Ophcrack

Mobile Hacking

Social engineering

It is one of the most important hacks that can be performed in order to breach through security protocols. However, it is not a hack that is performed against a computer system itself; instead, it is a hack that is performed against people, which can be the weakest link in a chain of security measures.

Web-related Cyber attacks:

Cross-Site Scripting (XSS)

Types: Stored XSS: Malicious script is stored on the server and executed when a user accesses the affected page. Reflected XSS: Malicious script is reflected off a web server, usually through a URL, and executed immediately. DOM-Based XSS: Malicious script is executed as a result of modifying the DOM environment in the user's browser.

Example Scenario: XSS Attack Imagine you have a web application where users can submit comments on a blog post. The application displays these comments on the blog post page. If the application does not properly sanitize user inputs, an attacker can submit a comment with malicious JavaScript code.

<script>alert('You have been hacked!');</script>

The attacker’s script could do more than just show an alert; it could steal cookies, capture form data, or perform actions on behalf of User A

Mitigation: Input Validation and Sanitization (For example, escape special characters in user inputs to prevent them from being executed as code) Content Security Policy (CSP): (Implement CSP to restrict the types of content that can be executed on your web pages, which can help prevent XSS attacks) HTTP-only is a flag that can be set on cookies to prevent them from being accessed through JavaScript)

SQL Injection: It allows attackers to interfere with the queries an application makes to its database.

Example Scenario:

Imagine you have a web application with a login form. The user enters their username and password to log in. Behind the scenes, the application checks the credentials against a database to authenticate the user

Let’s say the attacker knows that the application is vulnerable to SQL Injection. They can input the following into the login form:

Username: admin' -- Password: (Leave empty) The -- sequence is used in SQL to comment out the rest of the query.

Mitigation: Use ORM Libraries Sanitize Inputs

Cross-Site Request Forgery It is type of attack where an attacker tricks a user into making unwanted requests to a web application where they are authenticated

Scenario Imagine you have a web application with a feature that allows users to update their email address. The user must be logged in to perform this action. A user is logged into a banking website that allows them to change their email address. The application has an endpoint for changing the email address. The attacker wants to change the user’s email address to their own The attacker creates a malicious web page with a hidden form that submits a request to the banking website to change the email address

<html>
<body>
    <form id="csrf-form" action="https://banking-site.com/change-email" method="POST">
        <input type="hidden" name="email" value="attacker@example.com" />
    </form>
    <script>
        document.getElementById('csrf-form').submit();
    </script>
</body>
</html>

Mitigation:

Use CSRF Tokens: Include a unique token in each request that requires authentication Use the SameSite attribute on cookies to restrict how cookies are sent with cross-site requests User Interaction: For sensitive actions, require additional user interaction (e.g., re-entering a password or confirming an action) to ensure that the request is intentional.

Denial of Service (DoS) Attack

This attack aims to make a web service or application unavailable by overwhelming it with excessive traffic or exploiting vulnerabilities.

Distributed Denial of Service (DDoS) Attack

It is a powerful version of a DoS attack. Instead of a single attacker, it involves multiple systems working together to flood a target with traffic.

Mitigation:

Rate Limiting: (Limit the number of requests a user or IP address can make within a certain timeframe) Load Balancing: Distribute incoming traffic across multiple servers to prevent any single server from becoming overwhelmed IP Blacklisting: Block requests from known malicious IP addresses or IP ranges

Session Hijacking

It occurs when an attacker steals a valid session token to gain unauthorized access to a user’s session on a web application.

MITRE ATT&CK

It stands for Adversarial Tactics, Techniques, and Common Knowledge. It is a knowledge base that provides a structured way to analyze and describe how adversaries operate during different stages of a cyber attack

Tactics: goals that an adversary aims to achieve during an attack. Techniques: Specific methods or actions that adversaries use to achieve their tactical goals Procedures: Real-world implementations of techniques by specific adversaries

Penetration testing (Pentesting): It is a simulated cyberattack on a computer system, network, or web application to find vulnerabilities that an attacker could exploit.

The Social Engineer Toolkit (SET) is an open-source framework designed to perform advanced social engineering attacks. It enables security professionals to simulate phishing attacks, create fake websites, and carry out other social engineering tactics to test the resilience of an organization’s human element against manipulation techniques.

A Zero-Day vulnerability is a software flaw that is unknown to the software vendor and has not been patched. The term “zero-day” refers to the fact that the vendor has "zero days" to fix the issue before it can be exploited by attackers.

Internal Penetration Testing: Involves simulating attacks within the organization’s network, often conducted to identify vulnerabilities that could be exploited by insiders, such as employees or compromised devices.

External Penetration Testing: Simulates attacks from outside the organization. The goal is to identify vulnerabilities in the organization’s external-facing systems, such as web applications, firewalls, and servers. This type of testing mimics how an external attacker would try to breach the network from the internet.

Cyber Espionage

It is the practice of using digital means to gain unauthorized access to confidential or sensitive information

Moles

Moles are individuals who are strategically placed within an organization to gather confidential information. They acquire positions within a target organization that provide access to sensitive information or systems.

Acknowledgement

Hacking (Beginner to Expert Guide) - James Patterson

Stay Connected! If you enjoyed this post, don’t forget to follow me on social media for more updates and insights:

Twitter: madhavganesan

Instagram: madhavganesan

LinkedIn: madhavganesan