Ethical hacking noted, Lecture notes of Biotechnology

Download Ethical hacking noted and more Lecture notes Biotechnology in PDF only on Docsity!

Chapter 2: How to Think like a Hacker In order to get into the mindset of a hacker, you first need to know how you are to think like a hacker. A hacker is someone who finds the security flaws within a system and exploits them either for good in order to show someone where the holes are, or will use those holes in order to get all your sensitive data and essentially destroy your entire life. 1. First, you need to be able to identify their exploits as well as any other information that will help you to create a footprint analvsis. This is basically you getting as much information on your client as you possibly can. You need to be able to consider the size of your target and any potential entry ways that you can use in order to get into their network as well as any security measures that are in place. As a hacker, you need to think about the company names as well as their subsidiaries, phone numbers, domain names, and even IP addresses. 2. Pay attention to back door entry points: this would be you looking for things like startup companies that are most likely going to have a weak security system since they are just starting out. This will be prevalent in companies that have recently been bought out by a larger company as well. When you hack into these smaller companies, they may be able to provide you information for private networks that will lead you into a larger company’s network as your next target. 3. Connect to the listening UDP and TCP ports: when you do this, you are able to send out random data in order to determine what type of version of File Transfer protocol, mail server, or even web server that the company is using. There are many TCP and UDP servers that will send data in order to identify any running applications as a response to random data that has been sent. By doing this, you will be able to find the exploits by cross-referencing any data that you have found in a vulnerable database such as SecurityFocus. 4. Think about how you are going to gain access to your target: are you going to need a password and a user account in order to gain access to the network? Make sure that you are prepared. In having a username and password, you will be able to make a sneak attack into the network. Once you have gotten into the network you will be able to take information from their website as well as be able to directly contact employees via phone. When doing this, you are able to pretend to be the help desk or even a tech from the IT department. Most times, the employee will be completely unsuspecting and will give you any information that you are seeking because they honestly believe that you are from that department. Just make sure that it sounds authentic.