Phases of Hacking

 

Hacking involves a systematic process comprising five distinct phases. While not strictly adhering to a sequential order, these steps contribute to a comprehensive and effective approach when followed in a stepwise manner.



Phases of Hacking:


1. Reconnaissance:

   - Also known as Footprinting, this initial phase involves gathering preparatory information about the target. Information is collected regarding the network, host, and individuals involved. Two methods of Footprinting include active (directly interacting with the target, e.g., using Nmap) and passive (collecting information without direct access, e.g., from social media).


2. Scanning:

   - This phase encompasses three types of scanning:

      - Port scanning: Identifying open ports, live systems, and services on the host.

      - Vulnerability scanning: Checking for exploitable weaknesses using automated tools.

      - Network mapping: Determining the network's topology, including routers, firewalls, servers, and hosts, and creating a network diagram.


3. Gaining Access:

   - In this critical phase, the attacker infiltrates the system/network using various tools or methods. After entry, the objective may include elevating privileges to administrator level for necessary installations, data modification, or data concealment.


4. Maintaining Access:

   - Post-infiltration, the hacker may choose to persist in the system, concealing the connection without the user's knowledge. Trojans, rootkits, or other malicious files might be employed to maintain access until the planned tasks are accomplished.


5. Action on Objectives

Performing the activities to achieve specific goals or objectives. This may involve manupulation or stealing data , distrupting IT operations or destructing data or systems . 


6. Clearing Tracks:

   - To avoid detection, a savvy hacker erases all evidence, modifying, corrupting, or deleting log values, altering registry values, uninstalling applications, and deleting created folders. This phase aims to eliminate any traces that could lead back to the hacker, emphasizing the importance of prompt action to address and rectify compromised sites.


Niranjan Meegammana

Cyber Security & ML Researcher

Shilpa Sayura Foundation 


Comments

Post a Comment

Popular posts from this blog

What is Cyber Security?

Image
What is Hacking? Hacking involves identifying and exploiting vulnerabilities in a system or network to gain unauthorized access to data and system resources. It is an unauthorized intrusion into information systems or networks, compromising security. For instance, exploiting default passwords to access stored data is a common hacking example. What is Ethical Hacking?  Ethical Hacking, also known as Penetration Testing, involves intruding into systems or networks to identify threats and vulnerabilities that malicious attackers could exploit, potentially leading to data loss, financial harm, or significant damages. The goal of ethical hacking is to enhance network or system security by addressing the identified vulnerabilities. Ethical hackers employ methods and tools similar to those used by malicious actors, but with explicit permission from authorized individuals to strengthen security and protect systems from potential attacks. It is crucial for ethical hackers to report all identifi
Read more

Important characteristics of Information

Image
Value of Information   The value of information lies in its ability to contribute positively to decision-making, operations, and overall effectiveness. Key aspects of the value of information include: 1. Informed Decision-Making:    - Information provides the foundation for making informed and strategic decisions, minimizing uncertainty and risk. 2. Operational Efficiency:    - Well-managed and accessible information enhances operational efficiency by facilitating smooth workflows and processes. 3. Competitive Advantage:    - Organizations can gain a competitive edge by leveraging valuable information to understand market trends, customer preferences, and industry dynamics. 4. Innovation and Growth:    - Information fuels innovation and supports organizational growth by identifying opportunities, optimizing resources, and fostering adaptability. 5. Risk Management:    - Accurate and timely information is crucial for identifying and mitigating risks, helping organizations navigate chall
Read more