Recent Posts
7 Growth Hacks To Stimulate Your IT Business’s Growth
September 11, 2024 No Comments
Introduction In today’s fast-paced digital world, growing an IT business demands more than just keeping up with trends. It requires innovative strategies that can propel
Read More »
QAOps
September 10, 2024 No Comments
Introduction QAOps is a modern approach that integrates Quality Assurance (QA) practices seamlessly with development and operations teams at the heart of software delivery pipelines.
Read More »
Top Cybersecurity Threats Every Organization Should Prepare For
September 9, 2024 No Comments
Introduction In today’s digitally driven world, cybersecurity is no longer a mere consideration—it is a necessity. As organizations increasingly rely on technology to operate, the
Read More »
Tags
AI amazon Amazon EC2 Amazon Web Services Artificial Intelligence aws aws certification AWS Cloud Aws Devops Azure blockchain Blockchain technology Career CEH certifications ChatGPT cisco cloud cloud computing Cloud computing career cloud security Cyber attack cybersecurity cyber security data DevOps Ethical Hacking Fortinet future GCP Google Google cloud IoT IT Kubernetes Machine Learning microsoft Microsoft Azure Microsoft Azure Cloud Computing Networking Network Security Oracle security tech Terraform
Share this post:
Table of Contents
Introduction
The term hacking in information security refers to exploiting vulnerabilities in a system and compromising the security to gain unauthorized command and control of the system.
The following are the five phases of hacking:
- Reconnaissance
- Scanning
- Gaining Access
- Maintaining Access
- Clearing Tracks
Reconnaissance
Reconnaissance is an initial preparation phase for the attacker to prepare for an attack by gathering information about the target prior to launching an attack using different tools and techniques. Gathering information about the target makes it easier for an attacker. It helps to identify the target range for large-scale attacks.
In Passive Reconnaissance, a hacker acquires information about the target without directly interacting with the target. An example of passive reconnaissance is searching social media to obtain the target’s information.
Active Reconnaissance is gaining information by directly interacting with the target. Examples of active reconnaissance include interacting with the target via calls, emails, help desk, or technical departments.
Scanning
Scanning is a pre-attack phase. In this phase, an attacker scans the network through information acquired during the initial phase of reconnaissance. Scanning tools include dialers, scanners such as port scanners, network mappers, and client tools such as ping and vulnerability scanners. During the scanning phase, attackers finally fetch the ports’ information, including port status, Operating System information, device type, live machines, and other information depending on scanning.
Gaining Access
This phase of hacking is the point where the hacker gains control over an Operating System (OS), application, or computer network. The control gained by the attacker defines the access level, whether the Operating System level, application level, or network level. Techniques include password cracking, denial of service, session hijacking, buffer overflow, or other techniques used for gaining unauthorized access. After accessing the system, the attacker escalates the privileges to a point to obtain complete control over services and processes and compromise the connected intermediate system.
Maintaining Access / Escalation of Privileges
The maintaining access phase is the point where an attacker tries to maintain access, ownership, and control over the compromised systems. The hacker usually strengthens the system in order to secure it from being accessed by security personnel or some other hacker. They use Backdoors, Rootkits, or Trojans to retain their ownership. In this phase, an attacker may either steal information by uploading it to the remote server, download any file on the resident system, or manipulate the data and configuration settings. To compromise other systems, the attacker uses this compromised system to launch attacks.
Clearing Tracks
An attacker must hide his identity by clearing or covering tracks. Clearing tracks is an activity that is carried out to hide malicious activities. If attackers want to fulfill their intentions and gain whatever they want without being noticed, it is necessary for them to wipe all tracks and evidence that can possibly lead to their identity. In order to do so, attackers usually overwrite the system, applications, and other related logs.
Conclusion
The purpose for hacking may include alteration of a system’s resources or disruption of features and services to achieve other goals. Hacking can also be used to steal confidential information for any use, such as sending it to competitors, regulatory bodies, or publicizing it. Our new and updated CEH V11 can help you in mastering the skills of Ethical Hacking. Order today and start learning!
