Week 4 of Ethical Hacking

On the 4rd week I learn about dnstrails.com a website that holds the record of DNS from all website and also you might get info about the website real ip behind cloudflare.

Below is the DNS record of x company

Below is the historical data of x company from dnstrails.com

Below is the the whois data of x company from dnstrails.com

Week 3 of Ethical Hacking

On the 3rd week I learn about information gathering and utilizing search engine using kali linux terminal.

Below is the result of dig pentest.id

Below is the result of host pentest.id

Below is the result of whois pentest.id

Introduction of Ethical Hacking and Penetration Testing

On the first week the class discussed about all of the definition in ethical hacking such as:

  • Ethical Hackers: Employed by a company to do penetration testing on the company’s system.
  • Penetration test: a legal attempt to get access into a company’s network to find its weakest link. Tester only report findings.
  • Security test: similar with penetration testing in term of attempting to get access but with more details such as analyzing company’s security policy and procedures. Tester not only report finding but also offers solution to secure or protect the network.
  • Hackers: getting access into computer system or network without authorization. Because there is no authorization this breaks the law and can get the person in action go to prison.
  • Crackers: breaking into systems to steal or destroy data.
  • Ethical Hacker: doing hacking activity with the owner’s permission.
  • Script Kiddies/Packet Monkeys: inexperienced hackers that copy codes and techniques from knowledgeable hackers.
  • Script: set of instruction that runs in sequence.
  • Tiger box: Collection of OSs and hacking tools. It helps penetration testers and security testers conduct vulnerabilities assessments and attack.

Programming language that are used by experienced penetration testers:

  • Practical Extraction and Report Language (Perl)
  • C
  • Python

Other than that the class also discussed about Penetration-Testing Methodologies such as:

  • White box model:
    • The tester is told about everything in the network from the topology to the technology
    • Tester is authorized to interview IT personnel and company employees
    • By knowing all the information on the network it makes tester job easier
  • Black box model:
    • Company staff doesn’t know about the test
    • Tester is not given any information regarding the network
    • Test to know if the security personnel are able to detect an attack
  • Gray box model:
    • Hybrid of the white and black box models
    • The company gives tester partial information regarding the network

After that the class discussed about Penetration-Testing Process that consist of:

  • Defining the scope of the test:
    • Extend of the testing
    • What will be tested
    • From where it will be tested
    • By whom it will be tested
  • Performing the penetration-test:
    • Detail process (The 10 Hacking Cycle)
  • Reporting and delivering results

Then the class discussed about common techniques in penetration testing which consist of:

  • Passive Research:
    • Gathering information about system configuration of the institution
  • Open Source Monitoring:
    • To ensure confidentiality and integrity
  • Network mapping and OS fingerprinting
  • Spoofing
  • Network Sniffing
  • Trojan attacks:
    • Malicious code
  • A brute-force attack:
    • Password cracking
  • Vulnerability scanning
  • Scenario analysis
    • Final phase of testing

The Blue Team and Red Team

  • Red Team:
    • Performing penetration testing without the knowledge and consent of IT staff of the organization
    • May conducted with or without warning
    • Goal: To detect network and system vulnerabilities (revealing system defense capability )
  • Blue Team:
    • The “internal” team that defend the system, they commonly have knowledge of internal system
    • They are the opposing site of the red team

If they perform penetration testing they do the least expensive and most commonly used way of testing. The goal is to think how to surprise attacks might occur.