Ethical Hacking

Question 1

What are Types of Hackers

Answer 1

Black Hats
Malicious hackers who break into systems without authorization

Script Kiddie
Inexperienced individual who uses pre-made scripts, without the knowledge behind it.

Suicide Hackers
Destructive attackers without concern with consequences or getting caught

Hacktivists
Hacking for Political and or Social activism

Question 2

What are Types of attacks

Answer 2

Malware
Malicious code and or software which compromise a computer or network performance without destroying information

Virus
Malicious code / Software that spreads across computers and networks

Worm
Malware that spreads a copy of itself from computer to computer.
Copies itself without human interaction and doesn’t need to attach itself to software to cause damage

Ransomware
3rd party delivers software to a host in order to take control of the system to demand compensation.

Spyware
Modify device configuration, collects sensitive data
Requires user interaction to spread

Trojan
Malicious software disguises itself as legitimate software.
Creates backdoors to allow hackers to gain access

Botnets
Several infected computers (Zombies) controlled by the hacker to carry out remote attacks

Question 3

What are some Social Engineering Tactics

Answer 3

Shoulder Surfing
Standing behind victims, to see everything they are doing
Gathering sensitive information just by looking over them

Dumpster Diving
Gathering files / documents by looking through their waste (bins) for sensitive information

Tailgating
Following someone into a building or if a user leaves PC signed in.

Impersonation
Attacker pretends to be someone they are not

Phishing
Fake email with the goal to trick them into believing their message to either give them information and or click / download link or attachment

Vishing
Phishing but voice over IP (VoIP)
Fake calls to get you to give them information

Spear Phishing
Fake emails to a specific person pretending to be trusted sender

Whaling
Attackers ID’s a specific High-level user, like head of IT or CEO

Question 4

Why companies do Pentest

Answer 4

Complient’s

Identify strengths and weaknesses

Uncover vulnerabilities

Question 5

What are some Company Risk

Answer 5

Private data (customers)

Access to system / networks

Account data (passwords / usernames)

Financial damage

Question 6

What are some UK Law & Legislation

Answer 6

Computer Misuse Act 1990 (CMA)

Section 1
Unauthorized access to computer material

Section 2
Unauthorized access with intent to commit or facilitate commission of further offences

Section 3
Unauthorized access with intent to impair operations of a computer

Regulation of Investigatory Power Act 2000 (RIPA)

Section 1
Person without authority to intercept telecommunication of its transmission by Public telecommunication system

Section 2
Person without authority to intercept telecommunication of its transmission by Private telecommunication system

Question 7

What is done before a ethical hack takes place

Answer 7

Pentest Agreement
Any signed agreement required must be completed and signed before the test can be conducted.

Scope of Work
- Outlines what must be completed / tested
- Shows what is to be tested and what is not

Liability Release
- Shows that you have been given permission to identify vulnerabilities
- Any damages or disruption to information is protected by this document

Non-Disclosure Agreement
- Any information regarding Pentest is only communicated between the Pentest and the client / company

Question 8

What is in the Report

Answer 8

Executive Summary
- Outlines any action taken and findings (non-technical)

Objectifies / Scope
- Objective within Pentest agreement and what is to be done

Vulnerabilities / Findings
- Any vulnerabilities / data that were discovered.
- In order of Highest risk to Lowest Risk

Corrective Measures
- Recommended correction that can be implemented based on findings

Supporting Evidence
- Outlines tools / techniques used
- Any logs generated from tools

Positive Findings
- Strengths found in the test

Question 9

What are the Stages of Ethical Hacking

Answer 9

Reconnaissance

Passive
- Public information gathering. (Google, WHOIS, NetCraft)
- Doesn’t directly interact with the target.

Active
- Directly interacting with target.
- Social engineering, ping, f-ping

Scanning

Scanning
- Attempt to connect to system / network by identifying live hosts

Enumeration
- Specific info about target like Ports, OS, Usernames

Vulnerability Scan
- Any vulnerability that can be exploited

Gaining Access

• Exploit Vulnerability to gain access to the system

Maintaining Access

Escalating Privileges
- Trying to get admin rights

Back door
- Registry modification or root kit

Key logger
- Get passwords / sensitive information

Covering Tracks

• Disabling logging / tools
• Modifying Registry value
• Clearing error / Security events
• Removing Scripts / application