Hi folks, Welcome to my new blog. I’m an InfoSec enthusiast and would like to continue my learning process by sharing some thoughts and discuss security stuff through this blog.
First, let’s talk more about information security.
Information security is a state of well-being of information and infrastructure in which the possibility of theft, tampering, and disruption of information and services is kept low.
Information Security TRIAD
- Confidentiality: the information is only accessible by persons authorized to.
- Integrity: the trustworthiness of data.
- Availability: systems must remain available to whom requires them.
Now let’s move to hacking and hackers,
- Black hats: are hackers with malicious intentions.
- White hats: are ethical hackers.
- Grey hats: are black and white hackers.
- Suicide hackers: are hackers that are not afraid of going jail or facing any sort of punishment.
- Script kiddies: Unskilled hackers who use real hackers’ tools and programs.
- Cyber terrorists: hackers having religious or political beliefs with motive of creating a large-scale fear.
- State sponsored hackers: hackers hired by governments.
- Hacktivists: hackers promoting a political agenda or a social change.
Reconnaissance is the preparation phase. It seeks to gather information about the target. There’s two kind of reconnaissance; active and passive.
- Active reconnaissance permits direct interaction by any mean with the target.
- Passive reconnaissance does not permit any direct interaction with the target.
Scanning is the pre-attack phase, it’s done on the basis of information gathered during recon phase. This phase includes the usage of port scanners, net mappers, and many other tools.
Information extracted by the attacker during this phase are live machine, OS details…
3. Gaining access
Gaining access is when the attacker obtains access to the system or the application. The attacker can then, escalate privileges to gain a complete control of the system.
4. Maintaining access
Maintaining access is the retention to the system’s owner.
5. Cleaning tracks
Clearing tracks is hiding its malicious acts to prevent being uncovered.