CYBER SECURITY

CYS 3151

By

Mr. Donald NJILA N.

CHAPTER 1. INTRODUCTION TO CYBERSECURITY

1. The world of Cybersecurity

1.1. What is Cybersecurity?
1.2. Personal data
1.3. Organizational data
1.4. CIA Triad
1. THE WORLD OF CYBERSECURITY
1.1. What is Cybersecurity?

✓ Cybersecurity is the ongoing effort to protect individuals,

organizations and governments from digital attacks by
protecting networked systems and data from unauthorized
use or harm.

✓ There are three levels of protection:

• Personal : On a personal level, you need to safeguard your identity, your data, and
your computing devices.

• Organizational : At an organizational level, it is everyone’s responsibility to protect

the organization’s reputation, data and customers.

• Government : As more digital information is being gathered and shared, its

protection becomes even more vital at the government level, where national security,
economic stability and the safety and wellbeing of citizens are at stake.

Source: Cisco Networking Academy

1. THE WORLD OF CYBERSECURITY
1.2. Protecting your personal data
✓ Personal data is any information that can be used to identify you.

✓ Personal data describes any information about you, including your name, social
security number, driver license number, date and place of birth, your mother’s
maiden name, and even pictures or messages that you exchange with family and
friends.

✓ Cybercriminals can use this sensitive information to identify and impersonate

you, infringing on your privacy and potentially causing serious damage to your
reputation.

Source: Cisco Networking Academy

1. THE WORLD OF CYBERSECURITY
1.2. Protecting your personal data

✓ It can exist both offline and online.

• Offline identity : This refers to your real-life persona that you present on a daily
basis at home, at schools or at work. As a result, family and friends know details about
your personal life including your full name, age and address.

• Online identity : This is not just a name. It is who you are and how you present
yourself to others online. It includes your name, alias you use for your online
accounts, as well as the social identity you establish and portray on online
communities and websites. Take care to limit the amount of personal information you
reveal through your online identity.

Source: Cisco Networking Academy

 1. THE WORLD OF CYBERSECURITY
1.3. Organizational data

✓ There are two types of organizational data :

A. Traditional data is typically generated and maintained by all organizations, big and small. It
includes the following:

• Transactional data such as details relating to buying and selling, production activities and
basic organizational operations such as any information used to make employment
decisions.

• Intellectual property such as patents, trademarks and new product plans, which allows
an organization to gain economic advantage over its competitors. This information is often
considered a trade secret and losing it could prove disastrous for the future of a company.

• Financial data such as income statements, balance sheets and cash flow statements,
which provide insight into the health of a company.

Source: Cisco Networking Academy

 1. THE WORLD OF CYBERSECURITY
1.3. Organizational data

✓ There are two types of organizational data :

B. Internet of Things (IoT) and Big Data : IoT is a large network of physical
objects, such as sensors, software and other equipment. All of these ‘things’ are
connected to the Internet, with the ability to collect and share data. And given that
storage options are expanding through the cloud and virtualization, it’s no surprise that
the emergence of IoT has led to an exponential growth in data, creating a new area of
interest in technology and business called 'Big Data.'

Source: Cisco Networking Academy

 1. THE WORLD OF CYBERSECURITY
1.4. CIA Triad

➢ Confidentiality – is a set of rules that prevents sensitive

information from being disclosed to unauthorized people,
resources and processes. Methods to ensure confidentiality
include data encryption, identity proofing and multi factor
authentication.

➢ Integrity – ensures that system information or processes are

protected from intentional or accidental modification. One way
to ensure integrity is to use a hash function or checksum.

➢ Availability – means that authorized users are able to access

systems and data when and where needed and those that do not
meet established conditions, are not. This can be achieved by
maintaining equipment, performing hardware repairs,
keeping operating systems and software up to date, and
creating backups.
Source: Cisco Networking Academy
1. THE WORLD OF CYBERSECURITY
4. CIA Triad (3 or 5 pillars?)

➢ Authentication - A method that enables the identification of an authorized person.

Authentication verifies the identity and legitimacy of the individual to access the
system and its resources.

➢ Non–repudiation - A system that ensures no one can deny their actions.

Source : National Institute of Standards and Technology

U.S. Department of Commerce
CHAPTER 2. CYBERSECURITY ROLES

CASE STUDY I : PENETRATION TESTER

CASE STUDY II : ETHICAL HACKER
CASE STUDY III : CYBERSECURITY ARCHITECT
 I. PENETRATION TESTING

1. Definition of important concepts and terms

1.1. Vulnerability
1.2. Threat
1.3. Risk
1.4. Vulnerability assessment
1.5. Penetration testing
 1. DEFINITION OF IMPORTANT CONCEPTS AND TERMS

1.1. Vulnerability
✓ flaw or weakness that may allow harm to occur to an IT system or
activity. Source: National institute of Standards and Technology (NIST SP 800-16)

✓ errors or weaknesses within a system’s security protocols,

structure, execution, or internal management that could
potentially breach the system’s security policies (INDUSFACE).
 1. DEFINITION OF IMPORTANT CONCEPTS AND TERMS

1.2. Threat
✓ Any circumstance or event with the potential to adversely impact an IS
through unauthorized access, destruction, disclosure, modification of
data, and/or denial of service.

Sources: National Information Assurance Glossary

 1. DEFINITION OF IMPORTANT CONCEPTS AND TERMS

1.3. Risk
✓ relates to the loss of confidentiality, integrity, or availability of information, data,
or information (or control) systems and reflect the potential adverse impacts to
organizational operations (i.e., mission, functions, image, or reputation) and
assets, individuals, other organizations, and the nation.
✓ It is most often evaluated in financial value.

Definition based on ISO Guide 73 [6] and NIST SP 800-60 Vol. 1 Rev. 1 [7])
 1. DEFINITION OF IMPORTANT CONCEPTS AND TERMS

1.4. Vulnerability Assessment

✓ Process of identifying and classifying based on severity

levels the threats or weaknesses in computer systems,
networks and software, along with the inherent risks they
introduce with recommendations for remediation.
 1. DEFINITION OF IMPORTANT CONCEPTS AND TERMS

1.4. Vulnerability Assessment

✓ Two kinds : Grey box (aided) Vs Black box (unaided)

Scanning
Identifying weaknesses
No Exploitation!
Remediation recommendations
 1. DEFINITION OF IMPORTANT CONCEPTS AND TERMS
1.5. Penetration testing
✓ A penetration test, or "pen test," is a security test that launches a mock cyberattack to
find vulnerabilities in a computer system (IBM).

✓ Pen testing involves ethical hackers scaling planned attacks against a company's
security infrastructure to hunt down security vulnerabilities that need to be patched
up (Cloudflare).

✓ Penetration testing often involves issuing real attacks on real systems and data, using
the same tools and techniques used by actual attackers (NIST).
Active exploitation
Realistic scenarios
Manual and Automated testing
Defined scope
Actionable insights
 2. LEGAL AND ETHICAL CONSIDERATIONS FOR
VULNERABILITY ASSESSMENT AND PENETRATION TESTING

Legal Considerations Ethical Considerations

Compliance with laws (must comply with national laws Respect for privacy (avoid unnecessary access to personal
and regulations of the country). information and ensure they do not disrupt business operations.)

Obtaining consent (Before conducting a VAPT, obtaining Professional integrity (accurately reporting findings,
explicit [documented and singed] consent from the organization's avoiding conflicts of interest, and not exploiting discovered
management is essential. This consent should outline the scope, vulnerabilities for personal gain).
methods, and potential impact of the test. Testing without consent can
lead to legal consequences, including charges of unauthorized access).

Data protection (Pen testers often access sensitive data Responsible disclosure (informing the affected
during their assessments. They must ensure this data remains organization in a manner that allows them to address the issue without
confidential and is not disclosed or misused. Organizations should exposing the vulnerability to the public prematurely).
have clear agreements detailing how data will be handled, stored, and
destroyed post-testing).
 CHAPTER 1. INTRODUCTION TO VULNERABILITY
ASSESSMENT AND PENETRATION TESTING

3. Types of vulnerability assessment

3.1. Network-based VA
3.2. Application-based VA
3.3. API-based VA
3.4. Host-based VA
3.5. Wireless network VA
3.6. Physical VA
3.7. Social Engineering VA
3.8. Cloud-Based VA
3.9. AI based VA
3. TYPES OF VULNERABILITY ASSESSMENT

✓ A network-based vulnerability assessment identifies vulnerabilities in

network devices such as routers, switches, firewalls, and other network
infrastructure components.
✓ The primary goal of a network-based vulnerability assessment is to

Network-Based identify weaknesses in the network that attackers could exploit to gain
unauthorized access, steal data, or launch attacks.
Vulnerability ✓ Network-based vulnerability assessments typically involve specialized
Assessment software tools and techniques that scan the network for
vulnerabilities.
✓ These tools may use various methods to identify vulnerabilities, such
as port scanning, vulnerability scanning, password cracking, and network
mapping.
3. TYPES OF VULNERABILITY ASSESSMENT

✓ An application vulnerability assessment is a process of reviewing

security weaknesses in software applications(Layer 7) including
websites, mobile apps and APIs.
✓ It examines if the apps are susceptible to known vulnerabilities
and assigns severity/criticality levels to those vulnerabilities,
Application-Based recommending remediation or mitigation if and whenever needed.
Vulnerability ✓ These assessments typically involve testing the application for
Assessment common vulnerabilities, such as SQL injection, cross-site scripting
(XSS), and other OWASP Top 10 vulnerabilities.
✓ Application vulnerability assessments can be performed using both
automated and manual methods.

OWASP stands for Open Web Application Security Project, a non-profit

organization that aims to improve software security
3. TYPES OF VULNERABILITY ASSESSMENT

Application-based Vulnerability Assessment

OWASP consistently compiles a list of the most critical application vulnerabilities, updated
periodically. In its OWASP Top 10 risks 2021 ranking, the following vulnerabilities demand
attention:
3. TYPES OF VULNERABILITY ASSESSMENT

Application-based Vulnerability Assessment

(OWASP Classification)

Vulnerability Some Examples

• Violation of the principle of least privilege or deny by
Broken Access default,
Control
• Elevation of privilege
• Sensitive data is transmitted (via HTTP, FTP, SMTP, etc) or
stored in clear-text (database, files, etc).
Cryptographic
• Use of old or weak cryptographic algorithms.,
Failures
• Use of weak or default encryption keys or re-use of
compromised keys.

Source : INDUSFACE -> OWASP API Top 10 » What’s New in OWASP API Top 10 2021
3. TYPES OF VULNERABILITY ASSESSMENT

Application-based Vulnerability Assessment

(OWASP Classification)

Vulnerability Some Examples

• User-supplied data is not validated, filtered, or sanitized by
the application.
Injection
• Hostile data is used within object-relational mapping (ORM)
search parameters to extract additional, sensitive records.
• Question and answers for credential recovery.
Insecure Design
• Security professionals absent from software design
• Unnecessary features are enabled or installed (e.g.,
Security unnecessary ports, services, pages, accounts, or privileges).
Misconfiguration • Default accounts and their passwords are still enabled and
unchanged.

Source : INDUSFACE -> OWASP API Top 10 » What’s New in OWASP API Top 10 2021
 Source : INDUSFACE -> OWASP API Top 10 » What’s New in OWASP API Top 10 2021

3. TYPES OF VULNERABILITY ASSESSMENT

Application-based Vulnerability Assessment

(OWASP Classification)

Vulnerability Some Examples

• If you do not know the versions of all components you use (both client-side and
server-side). This includes components you directly use as well as nested
dependencies.
Vulnerable and
• If the software is vulnerable, unsupported, or out of date. This includes the OS,
Outdated web/application server, database management system (DBMS), applications,
Components APIs and all components, runtime environments, and libraries.
• If software developers do not test the compatibility of updated, upgraded, or
patched libraries.
• Permits automated attacks such as credential stuffing, where the attacker has a
list of valid usernames and passwords.
Identification and • Permits brute force or other automated attacks.
Authentication
• Permits default, weak, or well-known passwords, such as "Password1" or
Failures "admin/admin".
• Has missing or ineffective multi-factor authentication.
 Source : INDUSFACE -> OWASP API Top 10 » What’s New in OWASP API Top 10 2021

3. TYPES OF VULNERABILITY ASSESSMENT

Application-based Vulnerability Assessment

(OWASP Classification)
Vulnerability Examples
• Many home routers, set-top boxes, device firmware, and others do not verify
Software and Data updates via signed firmware.
Integrity Failures
• Absence of a review process for code and configuration changes
• Auditable events, such as logins, failed logins, and high-value transactions, are not
logged.
• Warnings and errors generate no, inadequate, or unclear log messages.
• Logs of applications and APIs are not monitored for suspicious activity.
Security Logging • Logs are only stored locally.
and Monitoring • Appropriate alerting thresholds and response escalation processes are not in place
Failure or effective.
• Penetration testing and scans by dynamic application security testing (DAST) tools
(such as OWASP ZAP) do not trigger alerts.
• The application cannot detect, escalate, or alert for active attacks in real-time or
near real-time.
3. TYPES OF VULNERABILITY ASSESSMENT

Application-based Vulnerability Assessment

(OWASP Classification)

Vulnerability Examples

Server-Side
• When a web application is fetching a remote
Request Forgery resource without validating the user-supplied URL
(SSRF)

Source : INDUSFACE -> OWASP API Top 10 » What’s New in OWASP API Top 10 2021
3. TYPES OF VULNERABILITY ASSESSMENT

✓ API vulnerability assessment is conducted to identify and

mitigate potential security risks in APIs.

API-Based (Application Programming Interface is used to allow different software systems to

communicate and share data or features).

Vulnerability ✓ This process identifies vulnerabilities and weaknesses in the

Assessment API’s design, implementation, and deployment.

✓ The goal is to ensure that the API is secure, reliable, and
resilient to attacks.
3. TYPES OF VULNERABILITY ASSESSMENT

API-based Vulnerability Assessment

The following OWASP API Top 10 vulnerabilities require specific attention in

vulnerability assessment process to ensure the security and integrity of API
interactions:
3. TYPES OF VULNERABILITY ASSESSMENT

API-based Vulnerability Assessment

(OWASP Classification)

Vulnerability Description
• enable attackers to access data objects (access to which should have
• Broken Object been restricted) using unauthorized requests.
Level
Authorization • This leads to the exposure of data objects, and eventually leakage,
modification, and destruction of data and other resources.
• a vulnerability that occurs when the API does not properly authenticate
its users, and the application is unable to detect whether the user is
• Broken legitimate or not.
Authentication
• As a result, the attacker can gain partial or full control over the API, app,
and its resources.
• all users need not have access to all object properties. For accessing
certain object properties, the user must verify themselves and validate
• Broken Object their access permissions.
Property Level
Authorization • The Broken Object Property Level Authorization vulnerability extends
unrestricted access to object properties»that
Source : INDUSFACE -> OWASP API Top 10
should have been
What’s New in OWASP API Top 10 2023: The Latest
[Link] and Enhancements
3. TYPES OF VULNERABILITY ASSESSMENT

API-based Vulnerability Assessment

(OWASP Classification)
Vulnerability Description
• Unrestricted • Resources are at the core of APIs; APIs cannot function without resources. However,
the existence of resources also brings a whole range of API security risks since it
Resource programmatically exposes resources. Without proper limitations, attackers can
Consumption overwhelm APIs by sending multiple requests
• APIs use function-level authorization to control access to specific user functions and
• Broken Function actions based on their privilege level.
Level Authorization
• It ensures that authorizations, verifications, and permission checks secure each
(BFLA) function and action.
• Insufficient access restrictions on an API endpoint can lead to a vulnerability where
• Unrestricted Access sensitive business flows are exposed.
to Sensitive Business • It is crucial to carefully consider the business flows that an API endpoint exposes, as
Flows some flows hold more sensitive information that could potentially cause significant
harm if accessed without proper restrictions.

Source : INDUSFACE -> OWASP API Top 10 » What’s New in OWASP API Top 10 2023: The Latest
Changes and Enhancements
 3. TYPES OF VULNERABILITY ASSESSMENT

API-based Vulnerability Assessment

(OWASP Classification)

Vulnerability Description
• Server-Side Request Forgery occurs when APIs process requests from user-controlled
URLs and fetch internal/ remote server resources without validating the user request
• Server-Side Request
first. So, attackers can access backend servers, including those protected by firewalls, by
Forgery (SSRF)
simply manipulating the URL. They can access sensitive information and engage in other
malicious activities.
• Occurs when security best practices aren’t properly followed. Some examples of this
• Security
vulnerability include unapplied latest patches, unwanted exposure of debug logs,
Misconfiguration
unpatched legacy options, unnecessary features/ services,
• Improper Inventory Management security risk occurs because organizations have
multitudes of internal and third-party APIs that are improperly inventoried,
• Improper Inventory documented, and managed. Some examples of these vulnerabilities include multiple
Management versions of APIs being used, exposure of development APIs, improper access control
policies, etc. The lack of visibility also creates more vulnerabilities, such as security
misconfigurations, poor authorization, authentication, etc.
Source : INDUSFACE -> OWASP API Top 10 » What’s New in OWASP API Top 10 2023: The Latest
Changes and Enhancements
3. TYPES OF VULNERABILITY ASSESSMENT

API-based Vulnerability Assessment

(OWASP Classification)

Vulnerability Description

• Developers often trust data received, especially while working with

reputed third-party providers and suppliers and deploy less stringent
• Unsafe
security policies and standards.
Consumption of
APIs • For instance, they may not restrict permissions, adequately validate
data/ inputs, and have lax authentication and authorization policies.
Developers leave their APIs and resources vulnerable to breaches and
attacks if attackers can hack third-party providers and suppliers.

Source : INDUSFACE -> OWASP API Top 10 » What’s New in OWASP API Top 10 2023: The Latest
Changes and Enhancements
3. TYPES OF VULNERABILITY ASSESSMENT

✓ A host-based vulnerability assessment identifies vulnerabilities in

individual host systems, including servers, workstations, and laptops.

Host-Based ✓ These assessments typically involve scanning the host system for
known vulnerabilities, such as missing security patches or outdated
Vulnerability software.
Assessment ✓ Host-based vulnerability assessments can be performed using both
automated and manual methods.
3. TYPES OF VULNERABILITY ASSESSMENT

✓ A wireless network vulnerability assessment focuses on

identifying vulnerabilities in wireless networks,

Wireless including Wi-Fi networks.

Network
✓ These assessments typically involve testing the wireless
network for common vulnerabilities, such as weak
Vulnerability encryption, default passwords, and rogue access points.

Assessment ✓ Wireless network vulnerability assessments can be

performed using specialized software tools and
techniques.
3. TYPES OF VULNERABILITY ASSESSMENT

✓ A physical vulnerability assessment identifies vulnerabilities in

Physical physical security measures, such as locks, surveillance

Vulnerability cameras, and access control systems.

Assessment ✓ These assessments typically involve physical inspections of

the facility and its security measures.
3. TYPES OF VULNERABILITY ASSESSMENT

Social
✓ A social engineering vulnerability assessment identifies
vulnerabilities in human behaviour, such as phishing attacks

Engineering and other social engineering techniques.

✓ This vulnerability assessment type typically involves simulated
Vulnerability
attacks against employees to test their awareness of security
Assessment threats and their ability to identify and respond to them.
3. TYPES OF VULNERABILITY ASSESSMENT

✓ A cloud-based vulnerability assessment identifies vulnerabilities in

Cloud-Based cloud infrastructure and services, such as Amazon Web Services

(AWS) and Microsoft Azure.
Vulnerability ✓ These assessments scan the cloud infrastructure for known
Assessment vulnerabilities and test the security of cloud applications and
services.
3. TYPES OF VULNERABILITY ASSESSMENT

AI-Based
Vulnerability If Yes, Tell us why?
Assessment?
4. STAGES OF A VULNERABILITY ASSESSMENT AND
PENETRATION TESTING
4.1. Stages of a vulnerability assessment
4.2. Stages of a penetration test
 4. STAGES OF A VULNERABILITY ASSESSMENT AND PENTEST
4.1. Stages of a vulnerability assessment
No Stage Description Steps

- Initial discovery phase where you Identify

assets and determine baseline for their individual
First determine the scope of your
Define security capabilities, risk tolerance, user
assessment and the exact components
permissions, configuration etc.
parameters of your network that need to be
1 and plan the assessed, such as hardware, user
- Who will be involved in the assessment
devices, applications, and network
Assessment process, what tools will be used, the timeline for
infrastructure.
the assessment and remediation, how frequently
the assessment will be conducted.
 4. STAGES OF A VULNERABILITY ASSESSMENT AND
PENTEST
4.1. Stages of a vulnerability assessment
No Stage Description Steps

- Alongside the actual scan, you’ll use threat

intelligence and vulnerability databases to
Scan Network Scan network for security identify security flaws and weaknesses and
2 for vulnerabilities, either manually or via filter out false positives. Don’t be too
Vulnerabilities automated vulnerability scanner tools. concerned if your scan’s results show
numerous network vulnerabilities; that’s to be
expected.

Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor's
motives, targets, and attack behaviors. CrowdStrike
 4. STAGES OF A VULNERABILITY ASSESSMENT AND
PENTEST
4.1. Stages of a vulnerability assessment
No Stage Description Steps

- Consider not only the criticality of a vulnerability and the

likelihood of it being exploited but also what network
resources will be impacted if an attack targets that
vulnerability.
The network vulnerability
- This data will be especially important when
scan has likely returned
3 Analyze results massive amounts of
communicating with business stakeholders about the
steps you want to take to remediate specific
vulnerability data, much of
vulnerabilities.
which is unstructured.
- As an additional note, it’s a good idea to look beyond
vulnerability scan results. Ideally, you’ll also have data
from firewall logs, penetration tests, and network scans to
review as well.
 4. STAGES OF A VULNERABILITY ASSESSMENT AND
PENTEST
4.1. Stages of a vulnerability assessment
No Stage Description Steps

The most severe vulnerabilities in the

- Critical vulnerabilities are security issues that
vulnerability scans will need to be
are already causing damage and/or
identified and addressed first. While all
unwarranted access to the network and should
Prioritize
4 vulnerabilities
vulnerabilities will need to be addressed
at some point, your initial vulnerability
be at the top of your risk prioritization list.
Right below these vulnerabilities are the ones
scan will return overwhelming numbers
that have possible exploits malicious actors
of vulnerabilities that you cannot
could take advantage of in the future.
correct all at once.
 4. STAGES OF A VULNERABILITY ASSESSMENT AND
PENTEST
4.1. Stages of a vulnerability assessment
No Stage Description Steps

- Portions of this report can use technical jargon

and instructions directed at the cybersecurity
Document findings in a vulnerability or vulnerability specialists who will be
Create the assessment report. This report will remediating and mitigating vulnerabilities.
vulnerability
5 Assessment
detail all vulnerabilities that were
discovered, along with their severity, - However, the report still needs to include
potential attack vectors within the visualizations and explanations that help less-
Report
network, and possible solutions. technical business leaders — like the CEO —
understand the work that’s being done and
why.
 4. STAGES OF A VULNERABILITY ASSESSMENT AND
PENTEST
4.1. Stages of a vulnerability assessment
No Stage Description Steps

- You may be able to remediate some of your

most critical vulnerabilities with actual patches,
Use Results to You’ve identified and prioritized security
but others will require lesser mitigation
vulnerabilities on and in your network,
Inform
6 Remediation
and now that you’ve reported on these
techniques. Regardless of the solutions you
pursue, regularly refer back to your
problems and your plans to resolve
vulnerability assessment to ensure you’re
and Mitigation them, it’s time to act.
focusing on the right vulnerabilities in the right
order.
 4. STAGES OF A VULNERABILITY ASSESSMENT AND
PENTEST
4.1. Stages of a vulnerability assessment
No Stage Description Steps

Vulnerability assessments provide great

snapshots of your network security
Regularly landscape when they’re first conducted; - It’s necessary to continue cycling through the
but almost as soon as the assessment is vulnerability assessment process because new
Repeat
7 Vulnerability
complete, new applications, users, vulnerabilities will emerge and existing
permissions, datasets, and other vulnerabilities may grow more severe over
Assessments features change the landscape of your time.
network and open it up to additional
threats.
 4. STAGES OF A VULNERABILITY ASSESSMENT AND
PENTEST

4.1. Stages of a penetration test

(Notes are to be completed subsequently)

 CHAPTER 2. SETTING UP THE WORK ENVIRONMENT

1. Setting up the attacker and target machines

1.1. Installation and configuration of a virtual machine
1.2. Installation of kali Linux Operating system (Attacker)
1.3. Installation of vulnerable Operating System (Target)

In class work
sessions!!
 CHAPTER 3. KALI LINUX ESSENTIALS

1. Understanding Linux
1.1. Brief overview of Linux distributions
1.2. Why Kali for VAPT

In class work
sessions!!
 CHAPTER 3. KALI LINUX ESSENTIALS

2. Fundamentals of using the Linux terminal

2.1. Basic Linux file system navigation commands

In class work
sessions!!
CASE STUDY II : ETHICAL HACKER

1. Historical Background
1.1. Context
1.2. What is a hacker?
1.3. Origin of hacker culture
1.4. What does hacking involve?
1.5. The Internet : Definition
1.6. The Internet : Origin and Development
1. HISTORICAL BACKGROUND

1.1. Context

The meaning of the term “hacking” has in fact changed substantially over time,
morphing from describing essentially benign (or at worst mildly disruptive)
activities into its modern attribution to largely criminal and illegal activities.

What’s more, in its original usage, “hacking” doesn’t necessarily even need to
involve computer systems at all.

JC Cyber Security : The Evolution of Hacking, Sep 25, 2024

1. HISTORICAL BACKGROUD

1.2. So, what is a hacker?

However, “hacker” as a term predates the internet, was not originally restricted
to activities involving computers, and did not signal any criminal intent.
A “hacker” was simply an enthusiast of technology, with sufficient motivation to
not simply use or operate the technology, but to understand its function in
detail and apply a playful cleverness to subvert the technology to achieve a goal
other than that which it was designed for.

JC Cyber Security : The Evolution of Hacking, Sep 25, 2024

1. HISTORICAL BACKGROUD

1.2. So, what is a hacker?

The defining characteristic of a hacker was not applied to any specific activity,
but this approach that combined deep technological knowledge with lateral
thinking, and an often playful or exciting activity.

Quite aside from any criminal intent, the earliest hacks (as described by that
word) were performed either just to test the hacker’s mastery of a technology for
their own satisfaction, or else to demonstrate their technical aptitude and
cleverness to others within their community.

JC Cyber Security : The Evolution of Hacking, Sep 25, 2024

1. HISTORICAL BACKGROUD

1.3. Origin of hacker culture

The first modern community or communities of like-minded individuals that

adopted these ideas as a community and subculture is generally accepted
as being the so-called “hacker culture” that emerged in distributed
academic environments (though particularly in North America) in the 1960s.

JC Cyber Security : The Evolution of Hacking, Sep 25, 2024

1. HISTORICAL BACKGROUD

1.3. Origin of hacker culture

Foremost among these is generally held to be the Massachusetts Institute

of Technology (MIT) and in particular the members of its Tech Model
Railroad Club (TMRC).
Despite the fact that MIT at this time was already making use of computers,
these self-described “hackers” were using lateral thinking not to attack
computer systems but to perform pranks such as placing of a campus
police cruiser on the roof of the university’s “Great Dome.”

JC Cyber Security : The Evolution of Hacking, Sep 25, 2024

1. HISTORICAL BACKGROUD

1.4. What does hacking involve?

A hacker in this broader sense is a person who is technically skilled and

who uses their technical knowledge to achieve a goal or overcome an
obstacle, by a non-standard and often unexpected and unanticipated
means.

JC Cyber Security : The Evolution of Hacking, Sep 25, 2024

1. HISTORICAL BACKGROUD

1.4. What does hacking involve?

There are therefore three elements to hacking:

1. The first is a deep technical knowledge and often the love of

knowledge for its own sake. Not content with simply using an available
technical system, a hacker is someone who digs deeper and determines
how the technology works, often by breaking it down into smaller and
smaller subcomponents and establishing the operation of each.

JC Cyber Security : The Evolution of Hacking, Sep 25, 2024

1. HISTORICAL BACKGROUD

1.4. What does hacking involve?

2. The second factor is that of edge cases and unexpected operation:

that is, using a device or system or technology for a purpose other than
was intended or in a way other than was anticipated by its creator.
Within computing, this often involves exploiting so-called edge cases –
actions that are possible within a system but at or beyond the expected
boundaries of normal usage – in opposition to the expected “happy path”
that users of a system are expected to follow.

JC Cyber Security : The Evolution of Hacking, Sep 25, 2024

1. HISTORICAL BACKGROUD

1.4. What does hacking involve?

3. The third element usually seen is elegance or cleverness in that the

alternative usage cannot simply rely on brute force over cleverness so
achieve its goals; that ability to cause the greatest perturbation or
disturbance for the smallest input.

JC Cyber Security : The Evolution of Hacking, Sep 25, 2024

1. HISTORICAL BACKGROUD

1.5. The Internet : Definition

Internet, a system architecture that has revolutionized mass communication,
mass media, and commerce by allowing various computer networks around the
world to interconnect.
Sometimes referred to as a “network of networks,” the Internet emerged in the
United States in the 1970s but did not become visible to the general public until
the early 1990s.

Britannica : Internet Computer Network

1. HISTORICAL BACKGROUD

1.5. The Internet : Definition

By 2020, approximately 4.5 billion people, or more than half of the world’s
population, were estimated to have access to the Internet.
And that number is growing, largely due to the prevalence of “smart” technology
and the "Internet of Things," where computer-like devices connect with the Internet
or interact via wireless networks.
These “things” include smartphones, appliances, thermostats, lighting systems,
irrigation systems, security cameras. vehicles, even cities.

Britannica : Internet Computer Network

1. HISTORICAL BACKGROUD

1.6. The Internet : Origin and Development

The first computer networks were dedicated special-purpose systems such

as SABRE (an airline reservation system) and AUTODIN I (a defense
command-and-control system), both designed and implemented in the late
1950s and early 1960s.

Britannica : Internet Computer Network

1. HISTORICAL BACKGROUD

1.6. The Internet : Origin and Development

By the early 1960s computer manufacturers had begun to use

semiconductor technology in commercial products, and both conventional
batch-processing (high-volume, repetitive data jobs) and time-sharing
(multiple user access simultaneously) systems were in place in many large,
technologically advanced companies.

Britannica : Internet Computer Network

1. HISTORICAL BACKGROUD

1.6. The Internet : Origin and Development

Time-sharing systems allowed a computer’s resources to be shared in rapid

succession with multiple users, cycling through the queue of users so
quickly that the computer appeared dedicated to each user’s tasks despite
the existence of many others accessing the system “simultaneously.”

Britannica : Internet Computer Network

1. HISTORICAL BACKGROUD

1.6. The Internet : Origin and Development

This led to the notion of sharing computer resources (called host

computers or simply hosts) over an entire network. Host-to-host
interactions were envisioned, along with access to specialized resources
(such as supercomputers and mass storage systems) and interactive access
by remote users to the computational powers of time-sharing systems
located elsewhere.

Britannica : Internet Computer Network

1. HISTORICAL BACKGROUD

1.6. The Internet : Origin and Development

These ideas were first realized in ARPANET, which established the first host-to-
host network connection on October 29, 1969. It was created by the Advanced
Research Projects Agency (ARPA) of the U.S. Department of Defense.
ARPANET was one of the first general-purpose computer networks. It connected
time-sharing computers at government-supported research sites, principally
universities in the United States, and it soon became a critical piece of
infrastructure for the computer science research community in the United
States.

Britannica : Internet Computer Network

 1. HISTORICAL BACKGROUD

1.6. The Internet : Origin and Development

Tools and applications—such as the simple mail transfer protocol (SMTP,

commonly referred to as e-mail), for sending short messages, and the file
transfer protocol (FTP), for longer transmissions—quickly emerged.
In order to achieve cost-effective interactive communications between
computers, which typically communicate in short bursts of data, ARPANET
employed the new technology of packet switching.
Packet switching takes large messages (or chunks of computer data) and breaks them into smaller, manageable pieces (known as
packets) that can travel independently over any available circuit to the target destination, where the pieces are reassembled. Thus,
unlike traditional voice communications, packet switching does not require a single dedicated circuit between each pair of users.

Britannica : Internet Computer Network

1. HISTORICAL BACKGROUD

1.6. The Internet : Origin and Development

DARPA (Defense Advanced Research Projects Agency; formerly ARPA)

supported initiatives for ground-based and satellite-based packet networks.
The ground-based packet radio system provided mobile access to
computing resources, while the packet satellite network connected the
United States with several European countries and enabled connections
with widely dispersed and remote regions.

Britannica : Internet Computer Network

1. HISTORICAL BACKGROUD

1.6. The Internet : Origin and Development

With the introduction of packet radio, connecting a mobile terminal to a

computer network became feasible.
A strong motivation thus existed to connect the packet radio network to
ARPANET in order to allow mobile users with simple terminals to access the
time-sharing systems for which they had authorization.

Britannica : Internet Computer Network

1. HISTORICAL BACKGROUD

1.6. The Internet : Origin and Development

Similarly, the packet satellite network was used by DARPA to link the United
States with satellite terminals serving the United Kingdom, Norway,
Germany, and Italy.
These terminals, however, had to be connected to other networks in
European countries in order to reach the end users.
Thus arose the need to connect the packet satellite net, as well as the
packet radio net, with other networks.

Britannica : Internet Computer Network

2. TYPES OF HACKERS

2.1. Black hat

2.2. White hat
2.3. Grey hat
2. TYPES OF HACKERS

The terms derive from the old Western movies of American popular culture,
where the protagonists wore white or light-colored hats, and the
antagonists wore black hats.

Essentially, what determines the type of hacker is their motivation and

whether they are breaking the law.

Source : Kaspersky Resource Center , Hacker types

2. TYPES OF HACKERS

Hackers come under 03 main categories

2. TYPES OF HACKERS

2.1. Black Hat

Black hat hackers are criminals who break into computer networks with
malicious intent. They may also release malware that destroys files, holds
computers hostage, or steals passwords, credit card numbers, and other
personal information.

Black hats are motivated by self-serving reasons, such as financial gain,

revenge, or simply to spread havoc. Sometimes their motivation might be
ideological, by targeting people they strongly disagree with.

Source : Kaspersky Resource Center , Hacker types

2. TYPES OF HACKERS

2.1. Black hat

Where do you find Black Hat hackers?

Many get their "jobs" through forums and other connections on the dark web. Some develop
and sell malicious software themselves, but others prefer to work through franchises or
leasing arrangements – again, similar to the legitimate business world.

Hacking has become an integral intelligence-gathering tool for governments, but it is more
common for black hat hackers to work alone or with organized crime organizations for easy
money.

Source : Kaspersky Resource Center , Hacker types

2. TYPES OF HACKERS

2.1. Black hat

How Black hat hackers work

Hacking can operate like big business, the scale of which makes it
easy to distribute malicious software.
Hacking organizations can boast of partners, resellers, vendors, and
associates, and they buy and sell licenses for malware to other
criminal organizations for use in new regions or markets.

Source : Kaspersky Resource Center , Hacker types

2. TYPES OF HACKERS

2.1. Black hat

How Black hat hackers work

Some black hat organizations even have call centers, which they use to
make outbound calls, pretending to work for a well-known technology
organization such as Microsoft. In this scam, the hacker tries to convince
potential victims to allow remote access to their computers or download
software.
By granting access or downloading the recommended software, the victim
inadvertently enables criminals to harvest passwords and banking information
or take over the computer and use it to launch attacks on others. To add further
insult, the victim is typically charged an exorbitant fee for this "help."
Source : Kaspersky Resource Center , Hacker types
2. TYPES OF HACKERS

2.1. Black hat

How Black hat hackers work

Some black hat organizations even have call centers, which they use to make
outbound calls, pretending to work for a well-known technology organization such
as Microsoft. In this scam, the hacker tries to convince potential victims to allow
remote access to their computers or download software.
By granting access or downloading the recommended software, the victim
inadvertently enables criminals to harvest passwords and banking information
or take over the computer and use it to launch attacks on others. To add further
insult, the victim is typically charged an exorbitant fee for this "help."

Source : Kaspersky Resource Center , Hacker types

2. TYPES OF HACKERS

2.1. Black hat

Examples

Kevin Mitnick
A notorious black hat hacker who hacked into over 40 major corporations, including IBM and Motorola, as
well as the US National Defense warning system. Mitnick was arrested and served time in prison, but later
became a cybersecurity consultant.

Hector Xavier Monsegur

Also known as Sabu, Monsegur was a prominent member of Anonymous, an online hacktivist community,
and LulzSec, a splinter group.

Paige Thompson
A former systems engineer at Amazon Web Services who used a self-made tool to hack into the systems of
more than 30 organizations, including Capital One.
2. TYPES OF HACKERS

2.2. White Hat

White hat hackers – sometimes also called “ethical hackers” or “good
hackers” – are the antithesis of black hats. They exploit computer
systems or networks to identify their security flaws so they can make
recommendations for improvement.
They can sometimes be paid employees or contractors working for
companies as security specialists who attempt to find gaps in
security.

Source : Kaspersky Resource Center , Hacker types

2. TYPES OF HACKERS

2.2. White hat

How White hat hackers work?

White hat hackers use the same hacking methods as black hats, but the key
difference is they have the permission of the system owner first, which
makes the process completely legal. Instead of exploiting vulnerabilities to
spread code, white hat hackers work with network operators to help fix the
issue before others discover it.

Source : Kaspersky Resource Center , Hacker types

2. TYPES OF HACKERS

[Link] hat
Examples of White Hat hackers
Charlie Miller

Famous for finding Apple vulnerabilities and winning the well-known Pwn2Own computer hacking contest in
2008, Charlie Miller has also worked as an ethical hacker for the US National Security Agency.

Dan Kaminsky

Dan Kaminsky is the chief scientist of White Ops, a firm that detects malware activity via JavaScript. He is
best known for discovering a fundamental flaw in the Domain Name System (DNS) protocol that would allow
hackers to perform widespread cache poisoning attacks.
Source : Kaspersky Resource Center , Hacker types
2. TYPES OF HACKERS

2.3. Gray Hat

Somewhere between white and black are gray hat hackers. Gray hat hackers enact a blend
of both black hat and white hat activities. Gray hat hackers often look for vulnerabilities in a
system without the owner's permission or knowledge. If issues are found, they report them to
the owner, sometimes requesting a small fee to fix the problem.

Source : Kaspersky Resource Center , Hacker types

2. TYPES OF HACKERS

2.3. Gray Hat

Some gray hat hackers like to believe they are doing something good for
companies by hacking their websites and invading their networks without
permission. Still, company owners rarely appreciate unauthorized forays into
their business information infrastructure.

They may sometimes violate laws or usual ethical standards, but they do not
have the malicious intent typical of a black hat hacker.

Source : Kaspersky Resource Center , Hacker types

2. TYPES OF HACKERS

2.3. Gray hat

How Gray Hat hackers work
When a gray hat hacker successfully gains illegal access to a system or network, they
may suggest to the system administrator that they or one of their friends be hired
to fix the problem for a fee. However, this practice has been declining due to the
increasing willingness of businesses to prosecute.

Some companies use bug bounty programs to encourage gray hat hackers to report
their findings. In these cases, organizations provide a bounty to avoid the broader
risk of having the hacker exploit the vulnerability for their own gain.

Source : Kaspersky Resource Center , Hacker types

3. COMMON TYPES OF CYBER ATTACKS
3.1. Malware
3.2. Denial of Service (DoS)
3.3. Social Engineering attacks
3.4. IP spoofing
3.5. Identity-based attacks
3.6. Code-injection attacks
3.7. Supply chain attacks
3.8. Insider attacks
3.9. DNS tunneling
3.10. IOT based attacks
3.11. AI-powered attacks
3. COMMON TYPES OF CYBER ATTACKS
3.1. Malware

➢ Malware is a catch-all term for any type of malicious software designed to

harm or exploit any programmable device or network. (McAfee).

➢ Malware, or malicious software, is any program or file that's intentionally

harmful to a computer, network or server (TechTarget).

➢ Malware, short for malicious software, refers to any intrusive software

developed by cybercriminals (often called hackers) to steal data and
damage or destroy computers and computer systems (Cisco).
3. COMMON TYPES OF CYBER ATTACKS
3.1. Malware (Types) Source : Panda Security

Type of Malware What It Does

Ransomware Encrypts files and demands payment for their release

Fileless malware Operates in memory to avoid detection and persist on the system

Adware Displays unwanted advertisements, often leading to other malware

Trojans Disguises as legitimate software to gain access and control

Spyware Secretly monitors and collects user information and activities

Viruses Attaches to files/programs and spreads to other systems, causing damage

Worms Self-replicates and spreads across networks, often causing disruptions

Rootkits Hides deep in the system to gain and maintain privileged access

Botnets Steals data, sends spam, and allows the attacker to access the device and its connection

Mobile malware Targets mobile devices to steal data, spy or damage the device

Wiper malware Destroys data on infected systems, often irreversibly

Keyloggers Records keystrokes to capture sensitive information like passwords

Cryptojacking Uses system resources to mine cryptocurrency without the user’s consent

Hybrid malware Combines features of multiple malware types for more complex attacks
3. COMMON TYPES OF CYBER ATTACKS

Exercise

Choose any malware of your choice from the examples above

and study in detail its attack sequence based on known real
life cases. Be prepared to share your findings.
3. COMMON TYPES OF CYBER ATTACKS
3.2. Denial of Service attack (DoS)
Definition

A denial-of-service (DoS) attack is a type of cyber attack in which a malicious actor aims
to render a computer or other device unavailable to its intended users by
interrupting the device's normal functioning.
DoS attacks typically function by overwhelming or flooding a targeted machine with
requests until normal traffic is unable to be processed, resulting in denial-of-service to
addition users.
A DoS attack is characterized by using a single computer to launch the attack.
A distributed denial-of-service (DDoS) attack is a type of DoS attack that comes from
many distributed sources, such as a botnet DDoS attack.

Source : Cloudflare
3. COMMON TYPES OF CYBER ATTACKS
3.2. Denial of Service attack (DoS)
Definition

The primary focus of a DoS attack is to oversaturate the capacity of a targeted

machine, resulting in denial-of-service to additional requests.

Source : Cloudflare
3. COMMON TYPES OF CYBER ATTACKS
3.2. Denial of Service attack (DoS)
How does it work?

Buffer overflow attacks

An attack type in which a memory buffer overflow can cause a machine to consume
all available hard disk space, memory, or CPU time. This form of exploit often results
in sluggish behavior, system crashes, or other deleterious server behaviors,
resulting in denial-of-service.

Source : Cloudflare
3. COMMON TYPES OF CYBER ATTACKS
3.2. Denial of Service attack (DoS)
How does it work?

Flood attacks
By saturating a targeted server with an overwhelming amount of packets, a
malicious actor is able to oversaturate server capacity, resulting in denial-of-service.
In order for most DoS flood attacks to be successful, the malicious actor must have
more available bandwidth than the target.

Source : Cloudflare
3. COMMON TYPES OF CYBER ATTACKS
3.2. Denial of Service attack (DoS)
Some historically significant DoS attacks

Smurf attack - a previously exploited DoS attack in which a malicious actor utilizes the
broadcast address of vulnerable network by sending spoofed packets, resulting in the
flooding of a targeted IP address.

Ping flood - this simple denial-of-service attack is based on overwhelming a target with
ICMP (ping) packets. By inundating a target with more pings than it is able to respond to
efficiently, denial-of-service can occur. This attack can also be used as a DDoS attack.
Internet Control Message Protocol (ICMP) packets are messages that network devices and hosts exchange to monitor networks, detect errors, and
troubleshoot

Ping of Death - often conflated with a ping flood attack, a ping of death attack involves
sending a malformed packet to a targeted machine, resulting in deleterious behavior
such as system crashes.
Source : Cloudflare
3. COMMON TYPES OF CYBER ATTACKS

3.3. Social Engineering attacks

Definition

In the context of information security, social engineering is a broad term used to

describe the practice of a person or group attempting to deceive or manipulate
individuals into supplying personal information or performing certain actions,
such as downloading malware.

Source : SoSafe
3. COMMON TYPES OF CYBER ATTACKS
3.3. Social Engineering attacks
The Social Engineering Life-Cycle

Source : SoSafe
3. COMMON TYPES OF CYBER ATTACKS
3.3. Social Engineering attacks
The Social Engineering attack types

Source : SoSafe
3. COMMON TYPES OF CYBER ATTACKS
3.3. Social Engineering attacks (Attack types)

Source : SoSafe
3. COMMON TYPES OF CYBER ATTACKS
3.3. Social Engineering attacks (Attack types continues…)

Source : SoSafe
3. COMMON TYPES OF CYBER ATTACKS
3.4. IP spoofing
Understanding IP packets
Sending and receiving IP packets is a primary way in which networked computers and other
devices communicate, and constitutes the basis of the modern internet. In networking, a
packet is a small segment of a larger message. Data sent over computer networks, such as the
Internet, is divided into packets. These packets are then recombined by the computer or device
that receives them.

All IP packets contain a header which precedes the body of the packet and contains important
routing information, including the source address. In a normal packet, the source IP address is
the address of the sender of the packet. If the packet has been spoofed, the source address
will be forged.

Source : Cloudflare
3. COMMON TYPES OF CYBER ATTACKS
3.4. IP spoofing
Definition
IP spoofing is the creation of Internet Protocol (IP) packets which have a modified
source address in order to either hide the identity of the sender, to impersonate
another computer system, or both.

Source : Cloudflare
4. STAGES OF ETHICAL HACKING
5.1. Definition

1. Ethical hacking is the use of hacking techniques by friendly parties in an attempt to

uncover, understand and fix security vulnerabilities in a network or computer system
(Source : IBM).

2. Ethical hacking is the process of authorized hacking into an organization's systems,

networks, or applications to identify vulnerabilities and improve overall security (Source
: Mad Devs).

❑ Roles and Responsibilities

✓ Discovering the operating system and network weaknesses in an organization's technology

infrastructure.
✓ Demonstrating how easy it is to launch cyberattacks on their company using penetration-
testing methods.
✓ Executing security assessment simulations to show how easily they could be hacked by
someone else.
✓ Reporting any security breaches and vulnerabilities discovered within the system or network
directly to the owner or manager of that system.
✓ Keeping the discoveries confidential between them and the client or company.
✓ Wiping traces of the hack to ensure that malicious hackers cannot enter the system through
the identified loopholes (Source : CompTia).
4. STAGES OF ETHICAL HACKING
4. STAGES OF ETHICAL HACKING

4.1. Stages of ethical hacking (Introduction to reconnaissance)

Reconnaissance in the context of cyber security is the systematic process of gathering information
about a target system, network or organization for the purpose of identifying vulnerabilities,
potential entry points and valuable assets. This information is often used by attackers to plan and
execute cyber attacks.

Reconnaissance can be conducted both through passive and active means, such as scanning and
probing target systems for vulnerability and weakness.

The primary goal of reconnaissance is to gather intelligence.

Source : Boston Institute of Analytics, Cybersecurity and Ethical

hacking course, April 14th 2024
4. STAGES OF ETHICAL HACKING

4.1. Stages of ethical hacking (Importance of Recon phase)

1. Identification of vulnerabilities :
- helps identify weaknesses in target systems or networks.
- identify potential entry points by knowing software versions,
configurations, target infrastructure

2. Understanding target environment :

- insight into security measures and defenses in order to tailor
strategies to bypass controls.

3. Planning and preparation :

- develop detailed attack strategies, select appropriate tools
and techniques and anticipate potential obstacles.

4. Reducing detection risks :

- using stealthy scanning techniques.

5. Improving defence posture :

- reveal and mitigate loopholes.
Source : Boston Institute of Analytics, Cybersecurity and Ethical
hacking course, April 14th 2024
 4. STAGES OF ETHICAL HACKING
4.1. Stages of ethical hacking (Types of recon)
4. STAGES OF ETHICAL HACKING
5.1. Stages of ethical hacking (Passive Reconnaissance)

Passive reconnaissance involves gathering information about a target

system, network or organization without directly interacting with it.

It relies directly on collecting publicly available data from sources

without alerting the target to the information gathering activities.

Source : Boston Institute of Analytics, Cybersecurity and Ethical

hacking course, April 14th 2024
4. STAGES OF ETHICAL HACKING
4.1. Stages of ethical hacking (Passive Reconnaissance)
A. Overview of passive reconnaissance e

1. Open Source Intelligence (OSINT): Collecting and analysing publicly available

information from sources such as social media platforms, websites, blogs,
forums, public record and other online resources.

2. Network Traffic Analysis: Monitoring network traffic passively to gather

information about the target’s network architecture, communication patterns
and potential security weaknesses. This can include analysing traffic logs, DNS
queries and other network metadata.

Source : Boston Institute of Analytics, Cybersecurity and Ethical

hacking course, April 14th 2024
4. STAGES OF ETHICAL HACKING
4.1. Stages of ethical hacking (Passive Reconnaissance)
A. Overview of passive reconnaissance

3. Passive DNS Analysis : Monitoring network traffic passively to gather

information about domain names; IP addresses and other DNS related data
associated with the target. This can help identify potential infrastructure assets and
relationships between different domains.

4. Web scraping : Using automated tools to extract information from websites and
online platforms like google dorks. This can include collecting data such as email
addresses, employee names, contact information, organizational details etc.

Source : Boston Institute of Analytics, Cybersecurity and Ethical

hacking course, April 14th 2024
4. STAGES OF ETHICAL HACKING
4.1. Stages of ethical hacking (Passive Reconnaissance)
A. Tools for passive recon
Tool Description
Shodan Shodan is a search engine that lets users search for various types of servers connected to the internet using a variety of filters.
Censys is a search engine for Internet-connected hosts and certificates. It is a powerful search engine that can return the visible ports and
Censys
services of an organization's public infrastructure.
Google Google can provide a vast amount of information on a variety of different topics.
Dnsdumpster DNSdumpster is an online tool that helps us gather DNS records, IP addresses, and other pertinent information for a target domain

We can use netcraft for gathering information about infrastructure and technologies used by any website. It provides a comprehensive web
Netcraft
server survey, and its Site Report tool offers insights into the hosting history, technology stack, and other details
Dig Command-line tool for querying DNS database records
WHOIS Used to consult the WHOIS database
Nslookup Command-line tool for querying the Domain Name System to obtain name or IP address mapping and other DNS records
The Wayback Machine is a digital archive of the World Wide Web founded by the Internet Archive. Allows you to view previous versions of
Wayback machine
websites
It uses several sources of information to gather results and help us determine the company’s perimeter. The Harvester gathers emails,
TheHarvester
subdomains, IP e URL.
Recon-ng A framework that automates the process of gathering OSINT data from multiple sources
Spider foot Tool for automating OSINT collection from a wide range of sources, Including social media, DNS and public databases

Google dorks Advanced search techniques using Google’s search operators to find specific information on websites
5. ZERO-DAY EXPLOIT

5.1. Definition of terms (Zero-day or ‘O’ day and exploit)

5.2. Understanding a Zero-day exploit