Ethical Hacking 101
Removing the mystery of how attacks are carried out
Explore the hacker mentality, how they identify and target vulnerabilities in organisations and how they carry out the attack.
– Jan Carroll, Lecturer Cyber Security, UCD
– James Mullen, Edgescan, Ethical Hacker of the Year 2020.
Intoduction & Overview: Removing the mystery
- What methodology is used?
- How can a hacker target an organization?
- How can they find vulnerabilities?
- What can be done with vulnerabilities?
– Reconnoitering and reconnaissance
– Vulnerability Assesment
– Post Exploitation
– Highest Bidder
Old become new
Recent Health Breaches
How it is happening?
– Drive-by attacks
Certificates are always information we are lacking in. Firstly, James recommend almost all certificates especially any that you feel you would enjoy. Secondly, he noted that a lot of these certificates including the CEH are very expensive so he would only ever recommend doing these once employed and having the employer pay for this. This does not mean you should avoid certificates but there are also cheaper options available if you were wanting to have this pre-employment but he would recommend practical experience, if you were aiming for penetration testing then he would of course recommend vulnerable images such as HackTheBox, Offensive Security Proving Grounds as these are usually under 15 euro a month subscription. HackTheBox also provide a free membership. He also recommend Pentest+ and if you do decide in going towards penetration testing its worth checking out eJPT as these provide an expensive membership however the certificates are affordable and would easily be approved by a company if you have placement.
James highly recommend HTB but if you have the spare income for about 12 euro a month, he also recommend the paid version of HTB as this gives access to all machines and writeups. I also strongly recommend offensive securities new platform “Proving Grounds” which contains some retired OSCP machines as well as specially chosen from vulnhub. This also comes in around 14 euro per month.
If really looking to get into these platforms, he would strongly suggest using YouTube to view writeups as this will explain what tools are used as well as how to use them where if we attack this without any experience we may be lost without knowing what to do and waste a lot of days/weeks causing us to lose interest in the topic.
TryHackMe is an alternative to HTB, and James highly recommend it too. It offers free teaching rooms as well as a very affordable plan.
James highlight the importance o understanding a VPN in its most simple form.
We are securely connecting to a VPNserver who connects to the server we want and returns this information, at first glance you can see there is no additional security here except for the server we are accessing received the question from the VPNserver and not us. However, if the answer we receive was a malicious file in which case the VPN returns this to us, there is no protection here and the reason we become misinformed here is due to VPNs provide an additional bonus security which may be IP/DNS filtering security or even have a database of malicious file signatures that keeps a HASH of the file and if the retrieved file matches this it will block it. This may prevent some drive-by attacks but as it would not be their speciality of course an AV would be recommended as an additional measure.
James said that he has not used Firefox containers and was always one of those “one day ill design…” and it seems Mozilla provide this themselves. He’d highly recommend them and from looking over the extension now. He assures that containers like this can have other uses which are important such as if he is doing any kind of web application testing, he is usually using an extension he made for testing user permissions flaws as well as using an administrator account to reset any changes he made without the need to log in and out constantly.
He will continue to use this extension over the next few weeks and do a review into it.