Topic 1 : Introduction To Etichal Hacking
by Che Zatty
1. 1 ) What is ethical hacking ? Hacking performed by a company or individual to help identify potential threats on a computer or network.
2. 2 ) Who is Ethical hacker ? someone or known as white hat who have a skilss to find a weakness to hack something by using legitimate way by the law
3. 6 ) Type of hackers
3.1. crackers
3.2. script kiddis (basic knowledge only)
3.3. white hat( good hackers )
3.4. grey hat ( in between good and bad hackers )
3.5. black hat ( bad hat )
3.6. suicide ( willing to die )
4. 7 ) Testing type
4.1. a. white box - have full knowledge about how to hack
4.2. b . grey box - half knowled . they know but sometimes dont know how to do
4.3. c. blackbox - no knowledge at all
5. 8 ) Way how to conduct rules of ethical hacking :
5.1. i . set goals
5.2. b . pan testing process
5.3. iii . ask permission
5.4. iv . work ethically
5.5. v . always keep record
6. 3 ) What is ethical hacker job? *break into systems legally and ethically *.Scanning ports and seeking vulnerabilities *examine patch installations and make sure that they cannot be exploited. *attempt to evade IDS (Intrusion Detection systems), IPS (Intrusion Prevention systems), honeypots, and firewalls *Sniffing networks, bypassing and cracking wireless encryption, and hijacking web servers and web applications.
7. 4 ) ethical hacking terminologies: a. Threat (potential to cause serious harm to a computer system , networks and more ) b. Exploit ( unauthorized access to computers ) c. Vulnerability ( any vulnerability about software flow,logic design, that can be attack by hacker ) d. Target of Evaluation (toe) (system, program, or network that is the subject of a security analysis or attack) e. Attack (when system weak , hackers use tools to find systems that may be vulnerable to an exploit because of the operating system, network configuration, or applications installed on the systems, and to prevent an attack f. Remote ( hacker want to attack anywhere but must have the internet )
8. 5 )system hacking cycle
8.1. 1 ) Reconnaissance - Target of collect information such as ip address , network , DNS , record
8.2. 2 Scanning - Tools that a hacker may employ during the scanning phase can include dialers, port scanners, network mappers, sweepers, and vulnerability scanners
8.3. 3 ) Gaining access - designs the blueprint of the network of the target with the help of data collected.
8.4. 4 ) Gaining access - keep access for future exploitation and attacks
8.5. 5 ) Covering tracks - to remove all traces of the attack . Example of activity : Steganography (use picture),tunneling protoco;ls and log files
9. Reconnaissance
10. Clearing tracks
11. Maintaining access
12. Gaining access
13. Scanning