Isun Technova - IT Consulting and Outsourcing

Cyber Security & Ethical Hacking

What is Cyber Security?

Cybersecurity refers to the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks typically aim to access, change, or destroy sensitive information; extort money from users; or interrupt normal business processes.

Goals of Cybersecurity: The CIA Triad

The CIA Triad is a widely used model that guides policies for information security within an organization:

1. Confidentiality
Ensures that sensitive data is accessed only by authorized individuals.
Example: Encryption, access controls, authentication.
2. Integrity
Maintains the accuracy and consistency of data over its lifecycle.
Example: Checksums, hashing, version control.
3. Availability
Ensures that data and services are accessible to authorized users when needed.
Example: Redundancy, failover systems, DDoS protection.

What is Ethical Hacking?

Ethical hacking is the authorized practice of bypassing system security to identify potential data breaches and threats in a network. The main goal is to improve the system’s security by finding and fixing vulnerabilities before malicious hackers can exploit them.

Ethical Hacking vs Malicious Hacking

Legal & Ethical Considerations

Key Laws & Regulations:

Computer Fraud and Abuse Act (CFAA) – U.S. law prohibiting unauthorized access to computers.
GDPR (General Data Protection Regulation) – European law on data protection and privacy.
Cybercrime Acts – Vary by country; define legal boundaries for ethical hacking.

Responsible Disclosure

The practice of reporting vulnerabilities to the organization or vendor in a secure, ethical manner.
Often involves a coordinated disclosure timeline and non-disclosure agreements.

Types of Hackers

Tools & Platforms

Operating Systems for Ethical Hacking

1. Kali Linux
A Debian-based Linux distro specifically designed for penetration testing.
Comes preloaded with 600+ security tools.
2. Parrot OS
Another security-focused OS, lighter than Kali, with strong anonymity features.
Includes tools for forensics, cryptography, and penetration testing.
3. Windows
Often used for target testing and for running certain analysis tools.
Important for understanding how Windows-specific exploits work.

Essential Tools for Ethical Hacking

Each of these tools plays a key role in the phases of ethical hacking—from reconnaissance to exploitation and reporting.

Networking Fundamentals

TCP/IP and OSI Model

• TCP/IP Model : A 4-layer model used to describe how data moves across networks.
Layers: Application, Transport, Internet, Network Access.
• OSI Model : A more detailed 7-layer model.
Layers: Physical, Data Link, Network, Transport, Session, Presentation, Application

Ports & Protocols

Firewalls, VPNs, and Proxies

• Firewall : Filters incoming/outgoing traffic based on security rules.
• VPN (Virtual Private Network) : Encrypts traffic and hides your IP.
• Proxy Server : Acts as a gateway between user and internet; used for anonymity and control.

DNS & DHCP Basics

• DNS (Domain Name System) : Translates domain names into IP addresses
• DHCP (Dynamic Host Configuration Protocol) : Automatically assigns IP addresses to devices on a network.

Reconnaissance & Information Gathering

Passive vs Active Reconnaissance

• Passive Reconnaissance
Collecting information without interacting with the target directly.
Example: Google searches, social media monitoring, WHOIS lookups.
Goal: Avoid detection.
• Active Reconnaissance
Directly engaging with the target system to gather data.
Example: Port scanning, ping sweeps, banner grabbing.
Risk: Can trigger alarms and detection systems.

OSINT (Open-Source Intelligence) Tools

1. Shodan
Search engine for Internet-connected devices (IoT, webcams, servers).
2. Maltego
Data mining and link analysis tool for mapping relationships.
3. Google Dorking
Using advanced search operators to find exposed data on websites..

Footprinting a Target

Techniques used to gather data on a specific target:

• WHOIS Lookup
Reveals domain registration details like owner, registrar, contact info.
• DNS Enumeration
Extracts DNS records (A, MX, NS, TXT) to understand domain setup.
• Subdomain Discovery
Identifies hidden or less protected subdomains (e.g., admin.example.com).

Scanning & Enumeration

Port Scanning with Nmap

• Nmap (Network Mapper): A powerful open-source tool used to discover hosts and services on a network.

• Common Scan Types:
-sS: SYN Scan (stealthy)
-sT: TCP Connect Scan
-sU: UDP Scan
-p: Specify port ranges

• Purpose: Identify open ports and services running on a target system.

Service & Version Detection

• Use Nmap’s -sV option to detect:
Service name (e.g., Apache, SSH)
Version number
OS fingerprinting with -O option
-p: Specify port ranges

• Helps identify outdated or vulnerable software.

Vulnerability Scanning

• Automated process to detect known vulnerabilities in systems or software.

Popular Tools:

• Nessus: Commercial-grade vulnerability scanner with a rich plugin ecosystem.
• OpenVAS: Open-source alternative that scans for CVEs and misconfigurations.

Banner Grabbing

• Technique to gather information from network services by sending requests and reading responses.
• Helps identify outdated or vulnerable software.
Software type and version
OS details
Misconfigurations

Example Tools: Telnet, Netcat, Nmap (-sV), Curl

Exploitation Techniques

Exploiting Web Applications

Common vulnerabilities in web apps :

• SQL Injection (SQLi) : Exploiting unsanitized input fields to run SQL queries on a database.
• Cross-Site Scripting (XSS):Injecting malicious JavaScript into web pages viewed by other users.
• Cross-Site Request Forgery (CSRF): Forcing a user to execute unwanted actions while authenticated.
• Local/Remote File Inclusion (LFI/RFI): Exploiting file paths to include or execute arbitrary files on the server.

Tools: Burp Suite, OWASP ZAP, SQLMap

Network Exploitation

Attacks on protocols and communication pathways:

• Man-in-the-Middle (MitM) : Intercepts traffic between two parties without their knowledge
• ARP Spoofing: Sends false ARP messages to associate attacker’s MAC with a legitimate IP.

Tools: Ettercap, Cain & Abel, Wireshark

System Exploitation

Targeting underlying operating systems:

• Buffer Overflows: Overwriting memory to execute arbitrary code.
• Privilege Escalation: Exploiting flaws to move from a lower privilege to higher (e.g., from user to root/admin).

Tools:Metasploit, Linux Exploit Suggester, Windows Exploit Suggester

Password Cracking & Bypassing

Hashing Algorithms

• MD5: An older hashing algorithm, fast but vulnerable to collisions and attacks.
• SHA 1: More secure than MD5 but still considered weak against modern attacks.

• bcrypt: A strong hashing algorithm designed to be slow and resistant to brute-force.

Cracking Techniques

Hashing Algorithms

• Dictionary Attack: Attempts passwords from a precompiled list of common words.
• Brute Force Attack: Tries every possible combination until the correct password is found.

• Rainbow Tables: Uses precomputed tables of hash-to-password mappings for faster cracking

Popular Tools

Wireless & Mobile Hacking

WiFi Cracking

• WEP Attacks: Exploiting weak encryption protocols like WEP using packet capture and replay attacks ;

• WPA/WPA2 Attacks: Cracking WPA handshakes using dictionary or brute-force attacks.

Tools: Aircrack-ng suite (airmon-ng, airodump-ng, aireplay-ng, aircrack-ng)

Bluetooth Exploits

• Target vulnerabilities like BlueBorne, pairing weaknesses, and unauthorized device access.
• Attacks include device impersonation and data interception

Mobile OS Vulnerabilities

• Android : Issues with outdated apps, root exploits, privilege escalation, and malware. .

• iOS : Jailbreak exploits, sandbox escape vulnerabilities, and app store malware.

Social Engineering

Types of Social Engineering Attacks

• Phishing: Fraudulent emails or messages designed to steal credentials or install malware. ;
• Pretexting: Creating a fabricated scenario to trick someone into revealing information.

• Baiting: Offering something enticing (like free software) to get victims to download malwar
• Tailgating: Physically following someone into a secure area without authorization.

Email Spoofing & Fake Websites

• Email Spoofing : Faking the sender’s address to appear legitimate .

• Fake Websites : Clone sites designed to capture user credentials or data.

Defense Mechanisms

• Email Spoofing : Security Awareness Training: Educating users to recognize and avoid social engineering tactics. .

• Phishing Simulations: Controlled tests to help employees identify phishing attempts.

Penetration Testing Methodology

Phases of Penetration Testing

1. Planning
Define scope, rules of engagement, and objectives
Obtain necessary permissions and legal agreements..
2. Reconnaissance
Gather information about the target using passive and active techniques.
3. Scanning
Identify live hosts, open ports, and services.
4. Exploitation
Attempt to gain unauthorized access using identified vulnerabilities
5. Post-Exploitation
Maintain access, escalate privileges, and gather sensitive data.
6. Reporting
Document findings, impact, and remediation steps..

Reporting Structure Methodology

• Executive Summary: High-level overview for management highlighting risks and impact. .

• Technical Details: In-depth explanation of vulnerabilities, methods used, and evidence.
• Recommendations: Practical advice on how to fix issues and improve security posture.

Reporting Structure Methodology

The OWASP Top 10 lists the most critical web app security risks:

Capture The Flag (CTF) & Practice

CTF Platforms

• TryHackMe : Interactive cybersecurity training with beginner-friendly labs. ;

• Hack The Box : Hands-on penetration testing challenges and real-world scenarios.

• OverTheWire :Wargames focusing on Linux, networking, and security basics.

Practice Labs

• DVWA (Damn Vulnerable Web Application) : Intentionally insecure web app to practice common vulnerabilities.

• Metasploitable : Vulnerable Linux virtual machine for exploitation practice.

• WebGoat :OWASP’s deliberately insecure application for learning web security.