The Start: Introduction to Ethical Hacking Part 1

Introduction

What’s the first thing we think of when we hear the word “Hacker”? The best guess would think of a person with a black hoodie covered with a white Joker mask and a big question mark on their chest who often takes down the system through complex programming. But the fact is this definition -or should I say “description”- is quite misleading. According to EC Council’s ‘Ethical Hacking and Counter Measures- Module 1’,

“A Hacker is person who breaks into a system or network without authorization to destroy ,steal sensitive data ,or perform malacious activity.”

Photo by Bermix Studio on Unsplash

Thus, in this blog , I will be deep diving EC Council’s ‘Ethical Hacking and Counter Measures- Module 1’ and busting some more facts on this vague topic while explaining the basics of cyber security.

Mains

Information Security

In simple words, Information Security is protection of information and information system from unauthorized access. To achieve this state, it relies on five basic principles:

1. Confedentiality: Assurance that information is only accessible to authorized individuals.
2. Integrity: Assurance that the information is sufficiently accurate for its purpose
3. Availability: Assurance that the information can be accessed when needed by the authority.
4. Authenticity: Characteristics of communication, documents ,or any data that ensures the quality of being genuine or uncorrupted.
5. Non-Repudation: A way to ensure that neither the sender not the receiver can deny transmission of data between themselves.

Now that we know the basic component of Information Security, it is necessary to know the attacks and types of attack. An attack is typically initiated be skilled individuals to fulfill their motives using certain methods that exploits the system’s vulneribilty.

Attack= Motives + Method + Vulneribilty

Attacks can also be clasified into various types. According to IATF, attacks are mainly of five types:

1. Passive Attacks: Intercepting or monitoring network traffic and data flow without making changes to the data.
2. Active Attacks: Temper the data sent by the sender during transit.
3. Close-in-attacks: Attacks performed when the attacker is in close physical proximity to the target system.
4. Insider Attacks: Attacks performed by trusted user who have access to confidential data of the target system.
5. Distribution Attacks: Attacks caused when the softwares and hardwares are tempered prior to installation.

Hacking Methodologies and Framework

Cyber Kill Chain Methodology

Cyber Kill Chain Methodology is an intelligence driven defense for indentification and prevention of malacious activities. On the other hand, Cyber Kill Chain is a framework, adopted from the military’s kill chains that enhances intrusion detection and response.

Phases of Cyber Kill Chain methodology

cyber kill chain methodology

1. Reconnaissance: In this phase, an adversary collects as much information about the target in search of their weak points.
2. Weaponization: In this phase, the adversary analyzes the data collected to identify vulneribilites in target. Based on these, the adversary selects or creates a malacious payload using and exploit and backdoor to send it to the target.
3. Delivery: In this phase, the adversary transmitts the payload to the intended victim as an email attachment, via a malicipous link or website or by other means.
4. Exploitation: In this phase, the adversary exploits the vulnerability in the target’s system using the malacious payload transmitted in the previous phase.
5. Installation: In this step, the adversary downloads and istalls even more malacious software to mainatin control of the victim’s system.
6. Command and Control: In this phase, the adversary creates a command and control channel to establish two way communication between the victim’s system and adversary controlled server.
7. Actions on Objectives: In this phase, the adversary accomplishes it’s primary goals i.e. gaining confidential information , destroying operational capabilities etc. The adversary may also use this as a launching point for future attacks.

MITRE ATT&CK Framework

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real world observation. The ATT&CK knowledge base is used as a foundation for development of specific threat models and methodologies.

MITRE ATT&CK consists of three collection of tactics and techniques known as Enterprise, Mobile and Pre-Attack Matrices.

Diamond Model Of Intrusion Analysis

The Diamond Model of Intrusion Analysis provides a new dimention to intrusion analysis. The model offers frameworks and procedures for recognising clusters of events that are correlated on any of the system in an organization. With the Diamond Model, analysts can identify if any data are required by examining missing features. Furthermore, using the Diamond model, the analytic efficiency can also be increased massively resulting in cost saving for defender whereas the opposite for the attacker.

Features of Diamond Model

1. Adversary: The opponent/hacker that is responsible for the attack. They take advatage of the capabilities against the victim for various purposes.
2. Victim: The target whoose vulneribility has been exploited by the adversary.
3. Capability: It is the srategies, procedures or the method used in attack.
4. Infrastructure: It is the hardware or software used by the adversary to reach its target.

The best way to explain these features is through a scenario. For example, suppose a scammer is calling you through your phone regarding a bank transaction scam. Here, the adversary is the scammer; you are the victim; the scammer’s communication skill is the capability ;and phone is the infrastructure.

Ending

The first part of the blog covers the overview of how an attacker approaches its victim as well as various methodology associated with it. The second part of the blog covers the hacking overview.