Please enable JavaScript.
Coggle requires JavaScript to display documents.
HACKING CYCLE (Reconnaissance (Reconnaissance Types (Passive…
HACKING CYCLE
Refers to the preparatory phase where an attacker seeks to gather information about a target prior to launching an attack
Could be the future point of return, noted for ease of entry for an attack when more about the target is known on a board scale
Reconnaissance target range may include the target organization's clients, employees, operations, network and systems
Reconnaissance Types
Passive Reconnaissance
-
For example, searching public records or news releases
Active Reconnaissance
-
For example, telephone calls to the help desk or technical department
refers to the point where the attacker obtains access to the operating systems or applications on the computer or network
The attacker can escalate privileges to obtain complete control of the system. In the process, intermediate systems that are connected to it are also compromised
The attacker can gain access at the operating system level, application level or network level
Examples include password cracking, buffer overflow, denial of service, session hijacking, etc
Maintaining access refers to the phase when the attacker tries to retain his or her ownership of the system
Attackers may prevent the system from being owned by other attackers by securing their exclusive access with Backdoors, Rootkits or Trojans
-
Attacker can upload, download or manipulate data, applications and configurations on the owned system
Pre-Attack Phase
Scanning refers to the pre-attack phase when the attacker scans the network for specific information on the basis of information gathered during reconnaissance
Port Scanner
Scanning can include use of dialers, port scanners, network mapping, sweeping, vulnerabiilty scanners, etc
Extract Information
Attackers extract information such as computer names, IP address and user accounts to launch attack
-
The attacker's intentions include: Continuing access to the victim's system, remaining unnoticed and uncaught, deleting evidence that might lead to his prosecution
The attacker overwrites the server, system and application logs to avoid suspicion