EN | PL | ES | IT | RO

Course


Ethical hacking - in times of cybernetic attacks and digital threats
Feedback form    |       Play Audio    |   Download:
Introduction to Ethical Hacking

Information security overviewClick to read  

Today’s numbers

• Worldwide, there are 4.72 billion internet users
 
•  92.8% of the people are browsing through a mobile device
 
• The average person spends 6 hours and 56 minutes per day on the Internet
 
• There are more than 1.86 billion websites online.

Data is the world's most valuable resource today

• Hackers attack every 39 seconds
 
• 70 million phones are lost or stolen every year
 
• Cybercrime costs $3.5 billion for US businesses in 2021
 
• 26 smart objects are located near every human on earth
 
   

Today’s context

More and more businesses incline to rely on IT
 
The complexity of IT systems increases
 
The number of cybernetic attacks rises
 

 

Threats and consequences are present into the same context!

 
• Data leakage
• Vulnerable websites
• Malware attacks (ransomware)
• Unauthorized access
• Social engineering attacks (phishing)
• Advanced Persistent Threats
• Monetary loss
• Wasted resources/reduced productivity
• Company image damaged and litigation

 

 

What does IT Security mean?

• Confidentiality
Access to information in order to know the basis
• Integrity
Data not altered by accident or in an unauthorized way
• Availability
Uninterrupted access to information
• Authenticity
The quality of data, communication or document being genuine
• Non-Repudiation
Guarantee that the sender of a message cannot later deny having sent the message and
the recipient cannot deny having received the message
 
 

 

Hacking conceptsClick to read  

RISK = Vulnerability * Probability * Impact

Terms

• Hack Value

something worth doing/hacking
 

• Vulnerability

a weakness, design or implementation error that can lead to an unexpected event compromising the security of the system
 

• Exploit

a breach of the  IT system security through vulnerabilities
 

• Payload

part of the exploit code that performs intended malicious action
 

• Zero-Day Attack

an attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability
 

• Bot

a software application that can be controlled remotely to execute or automate predefined tasks

 

Hacker types

• White hats – security analysts or ethical hackers
 
• Grey hats – individuals who work both as black and white, depending on their interest
 
• Black hats – they perform malicious or destructive activities, also known as crackers
 
• Suicide Hackers – individuals who not worried about facing jail but who are rather interested in accomplishing their goal
 
• Script Kiddies – unskilled hackers who run scripts and tools developed by others, without understanding how they work
 
• Cyber Terrorists and Organised Crime - motivated by financial gains or political beliefs, they can create a large scals attacks
 
• State Sponsored Hackers – individuals employed by the government
 
• Hacktivists – individuals who promote their political agenda or beliefs

 

Elements of Information securityClick to read  

Attacks = Motive (Goal) + Method (Vector) + Vulnerability

Attacks are comprised of the motive, method and vulnerability. Here are some examples:
 

Motives (Goal)

•Disrupting business continuity
 
•Information theft and manipulating data
 
•Financial loss of the target
 
•Personal or Financial Gain
 
•Revenge
 
•Propagating religious or political beliefs
 
•State or military objectives
   

Method (Vector)

•Cloud computing
 
•Viruses and Worms,Botnets
 
•Ransomware
 
•Mobile Threats
 
•Phishing
 
•Web Application Threats
 
•IoT Threats

Vulnerabilities

There are many types of vulnerabilities that hackers can exploit:

Network Vulnerabilitie
These are issues with a network’s hardware or software that expose it to possible intrusion by an outside party
 
Operating System Vulnerabilities
These are vulnerabilities within a particular operating system that hackers may exploit to gain access to an asset the OS is installed on—or to cause damage
 
Human Vulnerabilitie
The weakest link in many cybersecurity architectures is the human element
 
Process Vulnerabilities
Some vulnerabilities can be created by specific process controls (or a lack thereof)

 

Information Gathering

Perspectives of the targetClick to read  

Which are the targets that an attack can point to?
 

• System view
Technologies, devices, operating systems
 
• Logical/Functional view
Devices/system purposes (presentation website, ERP,
etc.)
 
• Physical view
Headquarters, equipment locations
 
• Temporal view
Working days and hours
   
• Social View
Data about the employees
 
• Lifecycle view
The steps of a business process
 
• Consequence view
If an event triggers another event (what happens if you enter in their
building without authorization – do they call the police?)


 

Information about the TargetClick to read  

Where can information about the target be found?

   
•Company’s name
 
•Company’s website
 
•Geographical location
 
•The name of some employees
 
•IP addresses
 
•Internet Search using search engines
 
•Public database interrogation: Whois, DNS
 
•Social Networks: Facebook/Meta, Linkedin,
Twitter, etc.
 
•Social engineering

 

Other sourcesClick to read  

• Google, Yahoo, and Bing are targeted at US and EU users, locations and data, just as Baidu targets the Chinese audience
 
• Operators should learn to leverage all search engines and their regional varieties.
 
• Focused data: most non-US search tools collect and store data primarily or exclusively from their region or country. You may find data on Yandex, but not on google.com (or even google.ru)
 
• Language selectivity: international search engines must offer the ability to search in the native language(s). Furthermore, queries conducted in non-Latin character sets may yield more results.
 

Scanning, Enumeration

Network scanning, enumeration conceptsClick to read  

Network Scanning
  • Active system identification, open ports, services, firewall rules, etc. 
  • Network Layer analyze (network scanning)/ system (port scanning)

Enumeration 
  • Determine user accounts, shared folders, etc.
  • Direct interrogation: active connections 
   
  Activities that implies target interaction
  • Many request in order to obtain different types of information 
  • Live hosts, Open ports, Running service’s version 
  • Operating system, Network shares, Local users 
  • Depends on where you are scanning from (outside vs inside the network) 

 

Scanning toolsClick to read  

• ARP Ping - Determines only targets in local network (LAN)
 
• TCP Connect - Simple and fast method that creates complete TCP connections
 
• OS Fingerprinting

Passive fingerprinting: Analyses the packets that are captured by a machine - Low precision
Active fingerprinting: Send packets to the target to see how it react - High precision

 

• Banner Grabbing - Many services “present themselves” when we connect

Spidering conceptsClick to read  

• The first step in the process of attacking an application is gathering and examining some key information about it to
gain better understanding of what you are up against
 

• The mapping exercise begins by enumerating the application’s content and functionality in order to understand what the application does and how it behaves
 

• Much of this functionality is easy to identify, but some of it may be hidden, requiring a degree of guesswork and luck to discover

• Types of spidering:

Automated: using tools (Burp, Paros Proxy, etc.)

User directed: both manual and automated

 

System Hacking

ConceptsClick to read  

Exploitation is a piece of programmed software or script which can allow hackers to take control over a system, exploiting its vulnerabilities.

Exploit = Payload + Vulnerability
 

• Payload - the code to be executed after the vulnerability is activated, written as Assembly Language (ASM)
 
• Is platform dependent - special exploits for Windows, others for Linux, Android, Mac OS, etc
 
• Different types of payloads
• executes a command or program on remote system
• download/Upload a file from a URL and execute
• add user to system accounts
• shell – provide an interactive shell (Bind shell vs Reverse shell)
Cracking passwordsClick to read  

•The passwords are the most used in the authentication mechanism
 
•The passwords are vulnerable to some types of attacks
 
•Identity theft represents momentary the “computer crime” with the highest rate of growth
 
•When a user inserts a password, its hash is computed and compared with the one stored in the database
 
•If those two values are the same, the user is then authenticated
 

 

Salting – the insertion of a random value in hashes’ computing process - increased level of security
 
•The salt value is stored together with the hash value in the database
 
•If two users have the same passwords, those will be represented as different encrypted values in the database (due to the different salt)
Types of Password attacksClick to read  

What’s the difference between online and offline password attacks?

The difference between offline and online password attacks could be the thing that prevents your account from being hacked and your organization from being breached

• Online

Brute force
Easy to be detected

• Offline

Implies gaining the hash values stored locally or transmitted through the network

Requires system access

Network sniffing - Using tools that identify the network packages received and transmitted and can be copied offline and inspected

to be easily identified by hackers

   

 

Malware Threats

Malware conceptsClick to read  

• Malware typically consists of code developed by cyberattackers, designed to cause extensive damage to data and systems or to gain unauthorized access to a network.

• Malware is typically delivered in the form of a link or file over email and requires the user to click on the link or open the file to execute the malware

• Malware has actually been a threat to individuals and organizations since the early 1970s when the Creeper virus first appeared. Since then, the world has been under attack from hundreds of thousands of different malware variants, all with the intent of causing the most disruption and damage as possible.

 
   

 

Malicious programs conceptsClick to read  

Malicious programs

• There are three categories: Trojans and rootkits, Viruses, Worms
• A computer virus can contaminate other files
• However, viruses can infect outside machines only with assistance of computer users

Malware testing

http://www.virustotal.com

 

• A service that analyses suspicious files and facilities the quick detection of viruses, worms, Trojans and all kinds of malware detected

• Free and independent service

• Uses multiple antivirus engines (57 at this moment, but the number is continually increasing)

Potentially malicious actions may include:

• Attempts to open, view, delete, modify files
• Attempts to format disk drives, etc.
• Modification of system settings (start-up, etc.)
• Initiation of network communication, etc.

Monitoring and Detection of Internet Worms

• Speed is a crucial aspect here:
SQL Slammer worm, appeared in January 2003 and infected more than 90% of vulnerable computers in the internet within 10 minutes;
Successful worm attack typically lasts several days infecting hundreds of thousands of computers (Code Red, Nimda, Blaster, etc.);
• Aim: early detection

 

CountermeasuresClick to read  

• Install antivirus software that detects and remove infections as they appear.

• Pay attention to the instructions while downloading files or any programs from the Internet.

• Update the antivirus software as often as possible.

• Schedule regular scans for all drives.

• Integrates with the operating system of the host computer and monitors program behaviour in real-time for malicious actions.

• Blocks potentially malicious actions before they affect the system

 

Sniffing and Session Hijacking

Sniffing conceptClick to read  

•A packet sniffer represents a system with a network interface card that operates in promiscuous/monitor mode and capture network packets in real time
 

•Used for:

Troubleshooting problems (including the security ones) and network analysis

Network logging for future analysis (forensics)

Hacking tool for username and password interception

 

Sniffing toolsClick to read  

These are the well known tools that can be used for sniffing and also you can see the operating systems where can be used:

tcpdump (http://www.tcpdump.org)

• Unix platform
• Command line utility
 

WinDump (http://www.winpcap.org/windump/)

• tcpdump Windows version
 

Ethereal / Wireshark (http://www.wireshark.org/)

• Has a graphical interface

 

Session hijackingClick to read  

Concept

• Exploitation of a valid computer session to gain unauthorized access to information or services in a computer system over TCP/UDP protocols

Methods

• Session fixation
where the attacker sets a user's session id to one known to him, for example by sending the user an email with a link
that contains a particular session id. The attacker now only has to wait until the user logs in
• Session sidejacking
where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie
• Cross-site scripting
where the attacker tricks the user's computer into running code which is treated as trustworthy because it appears to
belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations
• Malware and unwanted programs
can use browser hijacking to steal a browser's cookie files without a user's knowledge, and then perform actions (like
installing Android apps) without the user's knowledge
• Brute-forcing session information (Ex. Telnet, or cookie values over HTTP(S))
 
   
 


Keywords

Ethical hacking, security, vulnerability scanning, system hacking, malicious programs, sniffing

Objectives/goals:

At the end of this module, the trainee will be able to:
● Understand the importance of security in general
● Understand the concept of Vulnerability Scanning
● Know what a System Hacking is
● Understand Malicious programs
● Grasp the concept of Sniffing

Description:

The course introduces the basic technical concepts behind the various stages of a hacking attack, as well as some common tools used by hackers and security professionals.

Bibliography
Related training material

CONSORTIUM


team img
team img
team img



team img
team img
team img
The European Commission's support for the production of this publication does not constitute an endorsement of the contents, which reflect the views only of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein.
Legal description – Creative Commons licensing:
The materials published on the CyberMSME project website are classified as Open Educational Resources' (OER) and can be freely (without permission of their creators): downloaded, used, reused, copied, adapted, and shared by users, with information about the source of their origin.