1. Understand ethical hacking
1.1. Ethical hacking
1.1.1. Ethical hacking and ethical hacker are terms used to describe hacking performed by a company or individual to help identify potential threats on a computer or network
1.2. Ethical hacker
1.2.1. An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers. This information is then used by the organization to improve the system security, in an effort to minimize or eliminate any potential attacks.
1.3. Ethical hacker job
1.3.1. they break into systems legally and ethically
1.3.2. scanning ports and seeking vulnerabilities
1.3.3. examine patch installations and make sure that they cannot be exploited.
1.3.4. engage in social engineering concepts like dumpster diving
1.3.5. will attempt to evade IDS (Intrusion Detection systems). IPS (Intrusion Prevention systems). honeypots and firewalls
1.3.6. sniffing networks, bypassing and cracking wireless encryption and hijacking web servers and web applications.
1.4. ethical hacking terminologies
1.4.1. Threat
1.4.1.1. A threat is a possible danger that can exploit an existing bug or vulnerability to compromise the security of a computer or network system.
1.4.2. Expoit
1.4.2.1. Exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to compromise the security of a computer or network system.
1.4.3. vulnerability
1.4.3.1. A vulnerability is a weakness which allows a hacker to compromise the security of a computer or network system.
1.4.4. target of evaluation (toe)
1.4.4.1. A system, program, or network that is the subject of a security analysis or attack.
1.4.4.2. Ethical hackers are usually concerned with high-value TOEs, systems that contain sensitive information such as account numbers, passwords, Social Security numbers, or other confidential data.
1.4.5. Attack
1.4.5.1. An attack is an action that is done on a system to get its access and extract sensitive data.
1.4.6. Remote
1.4.6.1. The exploit is sent over a network and exploits security vulnerabilities without any prior access to the vulnerable system
1.4.6.2. Hacking attacks against corporate computer systems or networks initiated from the outside world are considered remote.
1.4.6.3. Most people think of this type of attack when they hear the term hacker, but in reality most attacks are in the next category.
1.5. system hacking cycle
1.5.1. Reconnaissance
1.5.1.1. This is the primary phase where the Hacker tries to collect as much information as possible about the target. It includes Identifying the Target, finding out the target's IP Address Range, Network, DNS records, etc.
1.5.2. Scanning
1.5.2.1. It involves taking the information discovered during reconnaissance and using it to examine the network.
1.5.2.2. Tools that a hacker may employ during the scanning phase can include dialers, port scanners, network mappers, sweepers, and vulnerability scanners.
1.5.2.3. Hackers are seeking any information that can help them perpetrate attack such as computer names, IP addresses, and user accounts.
1.5.3. Gaining access
1.5.3.1. After scanning, the hacker designs the blueprint of the network of the target with the help of data collected during Phase and Phase 2.
1.5.3.2. This is the phase where the real hacking takes place. Vulnerabilities discovered during the reconnaissance and scanning phase are now exploited to gain access.
1.5.3.3. The method of connection the hacker uses for an exploit can be a local area network (LAN, either wired or wireless), local access to a PC, the Internet, or offline. Examples include stack based buffer overflows, denial of service (DoS), and session hijacking.
1.5.4. Maintaining access
1.5.4.1. Once a hacker has gained access, they want to keep that access for future exploitation and attacks.
1.5.4.2. Sometimes, hackers harden the system from other hackers or security personnel by securing their exclusive access with back doors, rootkits, and Trojans.
1.5.4.3. Once the hacker owns the system, they can use it as a base to launch additional attacks.
1.5.4.4. In this case, the owned system is sometimes referred to as a zombie system.
1.5.5. Clearing tracks
1.5.5.1. Once hackers have been able to gain and maintain access, they cover their tracks to avoid detection by security personnel, to continue to use the owned system, to remove evidence of hacking, or to avoid legal action.
1.5.5.2. Hackers try to remove all traces of the attack, such as log files or intrusion detection system (IDS) alarms. Examples of activities during this phase of the attack include steganography, the use of tunneling protocols, and altering log files.
2. Explain type of hackers
2.1. crackers and hackers
2.1.1. while hackers build things, crackers break things. Cracker is the name given to hackers who break into computers for criminal gain; whereas, hackers can also be internet security experts hired to find vulnerabilities in systems.
2.2. testing types
2.2.1. White box
2.2.1.1. Full knowledge test : the team has as much knowledge – network and computing resources to be evaluate
2.2.2. Black box
2.2.2.1. Zero knowledge test : no information
2.2.3. Gray box
2.2.3.1. Partial knowledge test: has knowledge that might be relevant to a specific type of attack by a person internal to the organization
2.3. skills required to be an ethical hacker
2.3.1. Infosec
2.3.2. Routers
2.3.3. Communication and report writting
2.3.4. Project manager
2.3.5. Problem management
2.3.6. Network protocols
2.3.7. Firewall
2.4. Ways to conduct ethical hacking
2.4.1. Step 1: Formulating Your Plan
2.4.2. Step 2: Do Some Recon
2.4.3. Step 3: Launch the Attack
2.4.4. Step 4: Evaluate the Results
2.5. legal implications of hacking
2.5.1. Digital Signature Act 1997
2.5.2. Computer Crimes Act 1997
2.5.3. Telemedicine Act 1997
2.5.4. Communications and Multimedia Act 1998
2.6. Steps of security audit in an organization
2.6.1. Define the scope of an audit
2.6.2. Define the threats your data faces
2.6.3. Calculate the risks
2.6.4. Device the necessary controls
2.7. rules of ethical hacking
2.7.1. Set your goals straight
2.7.2. Plan your testing process
2.7.3. Ask for permission
2.7.4. Work ethically, work professionally
2.7.5. Always keep records
2.7.6. Respect the privacy of others
2.7.7. Respect others' rights
2.7.8. Use a scientific process
2.7.9. Pick one tool and stick with it
2.7.10. Provide timely progress updates
2.8. steps to perform security audit
2.8.1. Define the scope of an audit
2.8.2. Define the threats your data faces
2.8.3. Calculate the risks
2.8.4. Device the necessary controls