Advanced Ethical Hacking amp Penetration Testing Alex Loffler

Advanced Ethical Hacking Amp Penetration Testing Alex Loffler-Free PDF

  • Date:13 Sep 2020
  • Views:1
  • Downloads:0
  • Pages:28
  • Size:946.90 KB

Share Pdf : Advanced Ethical Hacking Amp Penetration Testing Alex Loffler

Download and Preview : Advanced Ethical Hacking Amp Penetration Testing Alex Loffler


Report CopyRight/DMCA Form For : Advanced Ethical Hacking Amp Penetration Testing Alex Loffler


Transcription:

What is a Hacker, Originally a hacker was anybody who tinkered with any kind of. system mechanical or electrical in order to better understand how. it worked Today hackers are persons who create or modify computer. software typically with the goal of using software in a manner not. intended by the original computer programmer Wikipedia. A person who enjoys exploring the details of programmable. systems and stretching their capabilities as opposed to most. users who prefer to learn only the minimum necessary Wikipedia. Hacker Ethics,The Hacker Manifesto, An essay written by The Mentor born Loyd Blankenship after his arrest in Jan 1986. Considered a cornerstone of hacker culture by hackers across the globe. Hacking is an alternative way to learn, Often out of frustration boredom created by the limitations of current society. Expresses the satori of a hacker realizing his potential. Hacking supersedes the selfish desire to exploit or harm other people. Technology should be used to expand our horizons and to keep the world free. Hacker ethics are concerned primarily with sharing openness. collaboration and engaging in the Hands On Imperative. The Reality in 2012,Malicious activity is increasing in. Sophistication TTP,Intensity and focus APT,0 1 2 3 4 5 6 1 2 3.
Penetration 91 of breaches led to data 79 of breaches took weeks. compromise within days or less or more to discover. Source Verizon 2012 Data Breach Investigations Report. The Reality in 2012, Response after compromise creates an undesirable foot race. The damage has already been done, Accept that we will never keep 100 of the attackers out. The fortress mentality is becoming obsolete, Move backwards in the Kill Chain to move the defensive wall. Requires rapid analysis of huge real time data sets. Recon Weaponize Deliver Exploit Install C2 Action,Detection Response. The art of war teaches us to rely not on the likelihood of the enemy s not coming. but on our own readiness to receive him Sun Tzu The Art of War. Hacking Methodology,Phase 1 Passive Reconnaissance.
Phase 2 Active Reconnaissance 80,Phase 3 Vulnerability Research. Phase 4 Penetration,Phase 5 Going Deeper 20,Phase 6 Covering Your Tracks. Phase 1 2 Reconnaissance,Phase 1 Passive Recon,Policies processes attitudes. Press releases public sentiment,Technology preferences standards. Financial information,Phase 2 Active Recon Scanning.
Social engineering,Network perimeter scans,Topology mapping. DNS Zone transfers,Fire walking,Port Scanning,Dumpster Diving. Gather anything and everything about the target,Phase 3 Vulnerability Research. Use Well Known Vulnerabilities,Useful to an extent. Typically already patched,Buy 0 days from white or black market sources.
No Guarantees,Can backfire,Roll your own 0 day,Time consuming. Requires Highly Skilled Resources,Creates a Dilemma. Responsible Disclosure aka Now What,Discover a new Vulnerability. Accidental discovery,Directed Research,Develop an exploit. Usually build a proof of concept to verify and classify the vulnerability. 1 Sell the exploit to the highest bidder,2 Use the exploit.
3 Full Disclosure,4 Inform CERT CC,5 Sell the exploit to a white market vendor. Disclosure Debate, Security through Transparency Full public disclosure enables informed choice and keeps vendors on their toes. wrt admitting to flaws and patching them, Security through Obscurity Full public disclosure does not give anyone time to react to a security flaw who s. details are now available to even the least sophisticated of attackers. Responsible Disclosure attempts to find a middle ground. Phase 4 Phase 5 Penetration,Phase 4 Penetration,Initial targets are typically low value assets. Web servers,VPN end points,DMZ Networks,Phase 5 Going Deeper.
Pivot and move up the food chain, Start attacking peers and higher value internal targets. Admin credentials,Password hash cracking,Network devices routers switches AP s. Peripheral devices Printers etc,Phase 6 Covering Your Tracks. Entrench and consolidate position,Hidden accounts,Back doors. Robust C2 side channels,Stenography,The ARP protocol.
Address Resolution Protocol ARP is a telecommunications protocol used for resolution of. network layer addresses into link layer addresses a critical function in multiple access. networks ARP was defined by RFC 826 in 1982 It is Internet Standard STD 37. When computers communicate across a network the sender sends an ARP packet. asking who has or knows a particular IP address, This request is broadcast to everyone on the LAN and assumes the only response will. be coming from the true owner of the IP address, The protocol has no ability to validate the authenticity of the response. Additionally there is nothing in the ARP protocol that says one has to wait for a. request before sending a response,MITM Before,MITM After. Attacker floods the network with RA packets Cisco ASA Windows Vista 7 2008 Cisco ASAs Cisco IOS Recently Fixed CSCti24526 CSCti33534 Linux pre 2 6 37 are vulnerable Little to no IPv6 monitoring on LANs Detected 17 IPv6 devices at my local coffee shop not bad given the company does not officially support IPv6

Related Books