- Network reconnaissance :
This is the first phase involved in penetrating a system. This is the stage during which information is gathered about the target in order to facilitate the attack. It can feature “Active” methods, such as actual social engineering in person, or “Passive” methods using searches of public records and even material from “Shodan”.
- Host port scanning and banner grabbing
This phase involves using port scanners to look for all open and closed ports. This is carried out using port scanners such as “Nmap”, “Superscan”, and “Angry IP Scanner”. Packet Sniffers like Ethercap and Wireshark can help capture information traversing a site or network.
- Vulnerability identification and Exploitation
Using tools like Metasploit or Sqlmap, this phase looks for any vulnerabilities which can be exploited to establish access to a system or network. Control can be gained at the level of the OS, system or network. This can proceed into privilege escalation via the cracking of passwords and Dos or DDos attacks. Vulnerability scanners such as Nessus and Nipper help determine how vulnerable a system is.
- Rootkit installation
If possible, the installation of a rootkit is an excellent way to maintain control over a system or network while also avoiding detection. Rootkits can disguise themselves and are difficult to detect. The installation of the Rootkit generally occurs after an attacker has successfully exploited a vulnerability in a system or network. The term “Root” refers to what the administrator or privileged account on Unix-like systems was/is called. Rootkits are able to modify at the level of the “kernel”, and removal of firmware Rootkits is often difficult to impossible.
- Hiding tracks
One of the final phases, “Daisy Chaining” or “Exfiltration” aims to leave as little evidence as possible that the attacker penetrated a system. The more skilled the hacker, the less evidence he will leave. This is a critical phase to avoid being caught and to ensure that any modifications or malware installed stay in place as long as possible. Hiding tracks well closes out the attack and ultimately determines the overall success of the attack.
Contact us at firstname.lastname@example.org
or call 24/7 (210)-446-4863