Thursday, June 21, 2012

Hacking 101 - Lesson 1


So this is the first of a sub series about security and hacking. By understanding what the hacker does one can better understand how to address and mitigate for said actions. Now this is general overview and I must qualify it with this site provides information for the intent of allowing security individuals to grow. How you use this information is in your hands and this site and it’s author are not responsible for any outcome your actions may cause so please THINK before you act.

Any “Attack” will be comprised of five stages. They are:
1.       Reconnaissance (what options do I have)
2.       Scanning (looking through the looking glass)
3.       Gaining Access (Chink in amour)
4.       Maintaining Access (think back door)
5.       Cleaning Tracks (Clean up in aisle one please)

Now I will cover all these in more detail later on but for now here is a brief on each one.

Reconnaissance
OK think who and why; In technical terms this is your: target, Target of Evaluation (TOE) or victim take your pick it is really all Symantec’s in this stage. You need to know who (person or organization) you want to collect data about. Now notice how I am not going into your motivation. This is your issue, legal or illegal. Hopefully if you are reading this blog you are in the first camp.

IMPORTANT SIDE NOTE: even if you think you are doing something legal in that you were paid by someone in the company to do what you are doing. Verify that they really work for the company (and no a business card does not count). Also get EVERYTHING in writing on company letter head and signed by verifiable company employees WHO HAVE THE AUTHORITY TO APPROVE ABOVE SAID ACTIONS. The guy in the mail room can NOT approve penetration testing of a fortune 500 corporation or any corporation for that matter. I have known colleagues to get burned for not doing their due diligence.

Scanning
OK you have chosen or been hired by Company X. The key to any successful hacking endeavor is really simple: DATA. You want to acquire as much data as you can about the technology infrastructure. Unlike Hollywood you need: time, patience and resolve. This is the MOST time consuming phase and NO you do not just run NMAP and say all done. To do this right you had better get you journal ready and be prepared to spend a minimum of one week and more realistically weeks or even months. In this stage preparation separates the amateurs from the professionals.

Let me put it this way the best hackers and even security people are the ones who stay in the shadows and are never seen or heard. They come in get what they need and leave, they do not post about exploits they committed. They may or may not like to teach others. But one thing is for sure they will NEVER seek the spot light.

SO TAKE YOUR TIME AND THNK “QUIET AS A FIELD MOUSE WEARING REALLY QUIET SHOES”.

Seriously guys scanning to so often rushed, botched or over looked. Go slow, think methodical,  look at relationships Company X has with other organizations for example.  

Gaining Access
Right so you have been a good little scanning person and have reams of data. The goal of the scanning it so find the logical door, crack or other such entrance which nobody thought of and use it. Again think QUIET. Noise bad silence good. Every situation will be different so do not assume what worked for X will work for Y. Remember information security is dynamic (this is what makes it so fun J

Maintaining Access
Got in? Great now it is time to leave that piece of paper in the door lock or maybe that window latch oiled for easy re-entry. You worked hard to make your hole now you want to hide it and be able to use it again. Be extra careful though does the word Honey Pot mean anything to you? If not look it up.

Clearing Tracks
All done? OK time to clean the sand box. Logs, records, bread crumbs etc. Think fine paint brush and not 500 HP lead blower. Cleaning to much or too fast can be the same as putting up a neon sign saying “Eat at Joes!”. Daisy Chaining and misdirection will be discussed later. It should be noted that the reconnaissance phase it active here again in that perhaps things have changed since got in and now you may need to clean using brush size 0 instead of 1. So DO YOUR HOMEWORK, and eat all your vegetables J

Well that is it for this postings, for further reading and more coming soon….(promise)

Check out these site to help you in phase 2
http://cve.mitre.org/
http://www.us-cert.gov/cas/techalerts/
http://www.osvdb.org/
http://www.darkreading.com/ (Cute)
http://www.astalavista.com/ (Lifetime Member, good site) 


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)