C.S. Projects

Hello

Posts Tagged ‘Ethical Hacking’

Ethical Hacking — Week 3

Comments Off on Ethical Hacking — Week 3

March 6th, 2020 Posted 4:42 pm

Utilizing Search Engines

I learned about how to utilise search engines in today’s session.I used kali Linux tools to search in the internet to gather necessary information about the target.

The first tool I learned is theharvester.It collects information from Google, Bing, PGP and LinkedIn. The command is ./theHarvester.py -d target domain -l 100 -b google.

The next tool I learned is maltego.It is an open source intelligence and forensics application which shows how information is connected to each other. The main benefit of this is that relationships between various types of information can give a better picture on how they are interlinked and it helps in identifying unknown relationships.

I also learned about Google Hacking.Google hacking is the act of searching using google.com to find anything that is left behind by sys-admin or web developer that is not meant for public.It can be used to find out sensitive information or web configuration or sensitive documents.

I also learned about enumeration tools such as Goohost, Gooscan and Metagoofil.

Ethical Hacking — Week 2

Comments Off on Ethical Hacking — Week 2

February 28th, 2020 Posted 4:23 pm

Target Scoping & Information

Gathering

In today’s session I learned about target scoping and information gathering.I used web tools for footprinting, learned more about competitive intelligence and described DNS zone transfers.

There are several steps in target scoping, first is gathering client requirements then preparing the test plan then profiling test boundaries then defining business objectives then finally project management & scheduling.

I also learned about analysis a company’s website. One of the tools to do this is called Burp Suite. Burp Suite is a powerful tool.

I also learned about setting up Burp Suite Proxy. In order to redirect traffic to Burp Suite,

  1. 1.Click proxy-> intercept is on
  2. 2.Click options -> proxy listeners set as default
  3. 3.Open browser
  4. 4.Click options in browser
  5. 5.Set proxy as Burp Suite setting
  6. 6.Enable Proxy for all protocols in browser

I also learned about other Footprinting tools. For example, Whois, which is a commonly used tool and Host command and SamSpade and Greenwich.

Ethical Hacking — Week 1

Comments Off on Ethical Hacking — Week 1

February 21st, 2020 Posted 4:09 pm

Course Introduction, Preparation

and Testing Procedures

In today’s session, I learned about definitions of terms used in ethical hacking as well as the laws of ethical hacking.

Ethical Hackers are employed by companies in order to perform penetration tests. Penetration tests are legal attempt to break into a company’s network in order to find their weakest link.

I also learned the difference between hackers, crackers and ethical hackers. Hackers access computer systems or network without proper authorisation. This is breaking the law. Crackers breaks into the system in order to steal or destroy data. Hackers and crackers are considered the same. Ethical hackers performs the same activities, however, they have the permission of the owner.

I also learned about the different penetration testing methodologies.One of them is White box model, which is where the tester is told everything about the network topology and technology and they are authorised to interview IT personnel and company employees. Another method is the Black box model, which is where the staff do not know about the test and the tester is not given the details about the network.Another method is the Gray box model which is a hybrid of the white and black box models.

I also learned about the common techniques of penetration testing which is Passive Research, Open Source Monitoring, Network mapping and OS fingerprinting, Spoofing, Network Sniffing, Trojan attacks, Brute force attack, Vulnerability scanning and Scenario analysis.