The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Discover the best professional documents and content resources in AnyFlip Document Base.
Published by Enhelion, 2020-01-09 08:37:49




Concepts and Terminologies

What is penetration testing?

Penetration testing is a method used for testing a web application, network, or computer
system to identify security vulnerabilities that could be exploited. Penetration Testing aims to
do what a bad actor would do to prevent unauthorized parties from accessing, changing, or
exploiting a network or system.

Penetration tests can be performed manually or can be automated with the help of software
applications. In both, the process includes gathering information about the target before the
test (reconnaissance), identifying possible entry points, attempting to break in (either virtually
or for real) and reporting back the findings.

The main aim of penetration testing is to determine security weaknesses. A pen test can also be
used to test an organization's security policy compliance, its employees' security awareness and
the organization's ability to identify and respond to security incidents done by Pen testers aka
“Red Team”.

Reconnaissance & Planning

The first phase is planning. Here, the attacker gathers as much information about the target as
possible. The data can be IP addresses, domain details, mail servers, network topology, etc. In
this phase the scope and goals of a test, including the systems to be addressed and the testing
methods to be used are defined. An expert penetration tester will spend most of the time in
this phase as this will help with further phases of the attack.


Based on the data collected in the first step, the attacker will interact with the target with an
aim to identify the vulnerabilities. This helps a penetration tester to launch attacks
using vulnerabilities in the system. This phase involves the use of tools such as port scanners,
vulnerability scanners, ping tools, and network mappers.

While testing web applications, scanning can be either dynamic or static.

In static scanning, the objective is to identify the vulnerable functions, libraries, and
logic implementation
Dynamic analysis is the more practical way of scanning compared to static analysis.
Here, the tester will pass various inputs to the application and record the responses


At this point, they are ready to develop the strategy for the attack. Based on the information
they’ve gathered so far, they can decide which tools and techniques to use to best hit the
system. From social engineering attacks to SQL injections to malware, there is a wide range to
choose from.

System Hacking

System hacking is logging into system without credentials not only bypass the credentials but
also you can work in system as root user by privilege escalation.

The aim of system hacking is to gain access, escalate privileges, execute applications, and hide

System Hacking contains the following:

Extracting Administrator Passwords Using LCP
Hiding Files Using NTFS Streams
Find Hidden Files Using ADS Spy
Hiding Files Using the Stealth files Tool
Extracting SAM hashes using PWdump7 tool
Creating the Rainbow Tables using Winrtgen
Password Cracking using RainbowCrack
Extracting Administrator Passwords Using L0phtCrack
Password Cracking using Ophcrack
Using Snow Steganography to hide data
Using Auditpol to view, enable and clear the Audit Policies
User System Monitoring and Surveillance Needs using Spytech SpyAgent
Web Activity Monitoring and Recording using Power Spy 2013
Image Steganography using QuickStego


A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can
take control of your computer. It was made to damage, disrupt, steal, or in general inflict some
other harmful action on your data or network.

A Trojan is sometimes called a Trojan virus or a Trojan horse virus, but that’s a misnomer.
Viruses can execute and replicate themselves however a Trojan cannot. A user has to execute
Trojans. Even so, Trojan malware and Trojan virus are often used interchangeably.

A Trojan often acts as a backdoor, contacting a controller which can then have unauthorized
access to the affected computer.

Although Trojans and backdoors are not easily detectable by themselves, due to heavy
processor or network usage computers may appear to run slower.

Common types of Trojan malware.

Here are some of the most common types of Trojan malware:

1. Backdoor Trojan
2. Distributed Denial of Service (DDoS) attack Trojan
3. Downloader Trojan
4. Fake AV Trojan
5. Game-thief Trojan
6. Infostealer Trojan
7. Mailfinder Trojan
8. Ransom Trojan
9. Remote Access Trojan
10. Rootkit Trojan
11. SMS Trojan
12. Trojan banker
13. Trojan IM


A computer virus is a type of malware that propagates by inserting a copy of itself into and
becoming part of another program. It spreads from one computer to another, leaving infections
in its path. Viruses can range in severity from causing mildly annoying effects to damaging data
or software and causing denial-of-service (DoS) conditions. Most viruses are attached to
an executable file. This means the virus may exist on a system but will not be active or able to
spread until a user opens or runs the malicious host file or program. When the host code is
executed, the viral code is executed as well. Usually, the host program keeps functioning after it
is infected by the virus. But some viruses overwrite other programs with copies of themselves,
which destroys the host program altogether. When the software or document they are
attached to is transferred from one computer to another using the network, a disk, file sharing,
or infected email attachments, viruses spread

Viruses can be divided in accordance with the method used to infect a computer:

1. file viruses
2. boot sector viruses
3. macro viruses
4. script viruses


Computer worms are a lot like viruses in that they replicate functional copies of themselves and
can cause the same type of damage. However, contrasting to viruses, which require the
spreading of an infected host file, worms do not require a host program or human help to
propagate and are standalone software. Worms either exploit a vulnerability on the target
system or use some kind of social engineering to trick users into executing them to spread. A
worm enters a computer through a vulnerability in the system and takes advantage of file-
transport or information-transport features on the system, allowing it to travel unaided. More
advanced worms leverage encryption, wipers, and ransomware technologies to harm their

Sniffing Traffic

Network sniffing involves using sniffer tools that enable real-time monitoring and analysis of
data packets flowing over computer networks. It can be a hardware device or a separate
software program or a combination of both. It is also known as packet sniffing, snoop, network
probe, network analyzer, packet analyzer, or protocol analyzer. In short, it examines traffic on
the network and takes snapshot copies of the packet data.

Network sniffing is used for ethical as well as unethical purposes. Network administrators use
these as network monitoring and analyzer tools to diagnose and prevent network-related
problems such as traffic bottlenecks. However, criminals use these as hacking tools to sniff,
intercept, and steal private information such as user identities, passwords, login credentials,
card details, emails and other essential data as well as for spoofing data.

Types of Packer Sniffers

1. ARP Sniffers
2. IP Sniffers
3. MAC Sniffers
4. LAN Sniffers
5. Protocol Sniffers
6. Web Password Sniffers

Social Engineering

In this technique, ethical hacker uses various techniques to obtain personal data of users

Types of social engineering attacks

1. Baiting

Like a fish reacting to a worm on a hook, this type of social engineering depends upon a
victim taking the bait. The attacker dangling the bait wants to entice the target into
taking action according to their wishes.

2. Phishing

Phishing is a well-known way to obtain information from an unsuspecting victim.
Despite its fame, it remains quite successful. The perpetrator typically sends an email or
text to the target, seeking information that might help with a more significant crime.

3. Email hacking and contact spamming

It’s in our nature to pay attention to messages from people we know. Some criminals try
to take advantage of this by commandeering email accounts and spamming account
contact lists.

4. Pretexting

Pretexting is the use of an interesting pretext — or ploy — to capture someone’s
attention. Once the story hooks the person, the fraudster tries to trick the would-be
victim into providing something of value.

5. Quid pro quo

This scam involves an exchange “I give you this, and you give me that”. Fraudsters make
the victim believe it’s a fair exchange. However, that’s far from the case, as the cheat
always comes out on top.

6. Vishing

Vishing is the voice version of phishing. The “V” stands for voice however the scam
attempt is the same. The attacker uses the phone to trick a victim into handing over
valuable information.

DoS (Denial of Service)

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service or a
website unavailable by overloading it with huge floods of traffic generated from multiple

Unlike a Denial of Service (DoS) attack, which uses one computer and one Internet connection
is to flood a targeted resource with packets, a DDoS attack uses multiple computers and
multiple Internet connections, often distributed globally in what is referred to as a botnet.

A large-scale volumetric DDoS attack can generate a traffic measured in tens of Gigabits (and
even hundreds of Gigabits) per second. A normal network will not be able to handle such

DoS attacks typically fall in 2 categories:

1. Buffer overflow attack:

An attack type in which a memory buffer overflow can cause a machine to consume all
available hard disk space, memory, or CPU time. This form of exploit often results in
sluggish behavior, system crashes, or other deleterious server behaviors, resulting in

2. Flood attacks

By saturating a targeted server with an overwhelming amount of packets, a malicious
actor is able to oversaturate server capacity, resulting in denial-of-service. For most DoS
flood attacks to be successful, the attacker must have more available bandwidth than
the target.

What are some historically significant DoS attacks?

Historically, DoS attacks typically exploit security vulnerabilities present in the design of the
network, software or hardware. DDoS attacks have a greater disruptive capability and are
relatively easy to create given the available tools, DoS attacks have become less prevalent as. In
reality, most DoS attacks can also be turned into DDoS attacks.

A few common historic DoS attacks include:

1. Smurf attack - a previously exploited DoS attack in which a malicious actor utilizes the
broadcast address of vulnerable network by sending spoofed packets, resulting in the
flooding of a targeted IP address.

2. Ping flood - this simple denial-of-service attack is based on overwhelming a target
with ICMP (ping) packets. By inundating a target with more pings than it can respond to
efficiently, denial-of-service can occur. This attack can also be used as a DDoS attack.

3. Ping of Death - Often confused with a ping flood attack, a ping of death attack involves
sending a malformed packet to a targeted machine, resulting in deleterious behavior
such as system crashes.


Security Basics- surfingtitan

Trojan- Melinda D Thompson
Learn About Viruses, Bots, Malware and Trojans - Bruce Heldman

Click to View FlipBook Version