Adidas Wilson - Hacking Essentials--The Beginners Guide to Ethical Hacking and Penetration Testing

Copyright 2019 by Adidas Wilson

All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. For permission requests, write to the publisher, addressed Attention: Permissions Coordinator, at the address below.

Adidas Wilson

P.O. Box 2262

Antioch, Tn. 37011

siriusvisionstudios@gmail.com

www.adidaswilson.com

Disclaimer

T HE AUTHOR HAS MADE every effort to ensure the accuracy of the information within this book was correct at time of publication. The author does not assume and hereby disclaims any liability to any party for any loss, damage, or disruption caused by errors or omissions, whether such errors or omissions result from accident, negligence, or any other cause.

Table of Contents

I ntroduction

Ch. 1 - Phishing Attacks

Ch. 2 - Advanced Persistent Threat (APT)

Ch. 3 - Penetration Testing

Ch. 4 - Counter-Hacking: Savior or Vigilante?

Ch. 5 - Ethical Hacking

Ch. 6 - Steps Hackers Take to Execute a Successful Cyber Attack

Ch. 7 - Incident Response

Ch. 8 - DNSSEC

Ch. 9 - Reflected Cross Site Scripting (XSS) Attacks

Ch. 10 - Intrusion Detection and Intrusion Prevention

Ch. 11 - Ping Sweep

Ch. 12 Clickjacking

Ch. 13 - Social Engineering

Ch. 14 - PCI DSS

Ch. 15 - Backdoor Attacks

Ch. 16 - ISO/IEC 27001

Ch. 17 - Malware Types

Ch. 18 - Internet of Things Security

Ch. 19 - Domain Name Server (DNS) Hijacking

Ch. 20 - Cross Site Request Forgery (CSRF) Attack

Ch. 21 - Structured Query Language (SQL) Injection

Ch. 22 - DNS Spoofing

Ch. 23 - Ethical Hacking Tools

Ch. 24 - Web Scraping

Ch. 25 - Man in the Middle (MITM) Attack

Ch. 26 - Spear Phishing

Ch. 27 Rootkit

Ch. 28 - Remote File Inclusion (RFI)

Ch. 29 Malvertising

Ch. 30 - Vulnerability Assessment

Ch. 31 - Zero-Day Exploit

Ch. 32 - Vulnerability Management

Ch. 33 - Web Application Security

Conclusion

Introduction

O ne effective way of ensuring that your IT infrastructure, services, and applications are secure is by asking a freelance white hat hacker to hack it. Whether you like it or not, hackers will penetrate your system, so it will benefit you to be a part of the process in order to tie up loose ends. Unfortunately, many companies do not have enough resources for penetration testing. Crowdsourcing is a great option for small companies that need this service at a lower price. You can get the talent you need at the right timeand at an affordable price. When you do not personally know the players, you are at risk of having someone who is not as experienced as they claim or one who will not do the job well. The biggest risk is that they will keep the information they gather and use it later. Fortunately, there are trusted firms that act as intermediaries between you and the hackers. They connect you with a skilled, vetted hacker, and offer the framework and program, at a fee. Some of the biggest and most common crowdsourcing companies include HackerOne, Bugcrowd, and Synack. These companies, and others like them, offer three main services:

Bug bounty programs

Penetration testing

Vulnerability disclosure

Vulnerability Disclosure involves the customer creating and publishing a vulnerability disclosure program. It defines how and where hackers can contact the intermediary or customer with newly discovered bugs. Included are the expectations and responsibilities of the hacker, the intermediary, and the customer. There are hackers who have been known to irresponsibly disclose their findings to the public before they gave the vendor a chance to patch up the vulnerabilities. However, they only did that because they were frustrated by the companys unreasonable response. Penetration testing is the service that generates the most money for crowdsourcing businesses. They connect a customer with a group of highly skilled hackers at a certain price for a specific scope of work. Most hackers that work with these companies do it part-timenot many of them do it full-time. The amount of money that a crowdsourced hacker can make on a single job depends on the kind of job they get selected for, experience, and skill set. Some hackers do it voluntarily to secure the government resources of their country while others give their earnings to charity. Bug bounty firms can save you a lot of money and time. All hacker-reported bugs are not easily reproducible or a threat to security. Bug bounty program vendors tell you the reported bugs that you need to fix. Their job is to figure out which bugs are real. It does not matter how good your IT security team is, companies should require a bug bounty program. Depending on the duration of the project, amount of work experience, and level of the hackers, this may cost you anywhere from a few thousand dollars to tens of thousands of dollars. Determine your budget and the type of services you want done. If you are sure crowdsourcing is necessary, talk to a firm that will manage the process for you and remove much of the risk.

Chapter 1

Phishing Attacks

P hishing is a social engineering attack. In most cases, it is used to access and steal user data such as credit card numbers and login credentials. This kind of attack occurs when an intruder masquerades as a trusted party and deceives the victim into opening a text message, instant message, or email. Next, the victim is duped into clicking a link which allows the attacker to freeze the system or install malware. This kind of attack can be damaging and may lead to identity theft, stealing of funds, and unauthorized purchases. In governmental or corporate networks, phishing grants the intruder a foothold and opens the door for a larger attack like an APT (advanced persistent threat). In an APT, the organization can suffer substantial financial losses among many other damages. Phishing attack examples can be emails like for example myuniversity.edu which may be sent out too faculty members. The email tells the recipient that their user password is going to expire in a short time. Instructions will be included, guiding the user to go to myuniversity.edu/renewal so they can renew their password. When the recipient clicks the clink, a few things may happen: They may be redirected to a bogus page, myuniversity.edurenewal.com , which is very similar to the actual renewal page. The user is asked to enter the old and new password. The attacker monitors the page and gets the original password which will give them access to the university network. The link may redirect the user to the real password renewal page. During the redirection process, the infiltrator activates a malicious script in the background, hijacking the session cookie of the user. The result is a reflected XSS attack that gives the attacker access to privileged information. Email phishing scams are a numbers game. The fraudulent message is sent to a huge number of recipients, so even if only a small percentage of the recipients fall for this scam, the attacker will still gather a lot of information. Intruders have techniques to give them high success rates. They make sure the phishing message looks a lot like an actual email from the targeted information. They create a sense of urgency to push the recipients into action. The links included in the messages look like the legitimate links. Spear phishing is not aimed at random people; it targets a specific enterprise or person. It is an advanced version of phishing and special knowledge about the organization is required. When an attacker gets valid login credentials, they may successfully carry out a first stage APT. To protect an organization from phishing attacks, both the enterprise and users need to take precautionary measures: Users need to be vigilant. Any spoofed message has little mistakes that will expose it. Enterprises should follow several steps to reduce both spear phishing and phishing attacks: Establish a two-factor authentication (2FA). This method requires an extra step of verification from users when they are accessing sensitive information. In addition to 2FA, companies should have strict password management policies. Employees should change their passwords regularly and use different passwords for different applications. The enterprise should organize educational campaigns.