As anyone with passing interest in security (or even just common sense) will know – hacking is not like in the movies where our action hero types at 100 WPM and hacks into the ‘main frame’ of the network and takes it over.
Movies represent hacking in this way because security experts staring at screens of code or typing commands in terminals is not anywhere near exciting.
But alas, the reality is that ‘hacking’ as a broad term, tends to involve quite a bit of genuine hard work and knowledge. Which is why it commands such a high price. Unless of course you are just running ready made exploits, which requires much less skill.
Hacking in it’s purest form is not just constricted to computing, any type of technical tinkering and tweaking of hardware/software or engineering is hacking. But most only know hacking of the nefarious kind.
However for the purpose of this post we will be specifically focusing on hacking of the technology kind, and especially infiltration and attacking foundations.
We will take a common example of an attacker infiltrating a companies network.
First the attacker will want to set up a strategy for the attack, the most efficient attackers will have the entire play planned out, some however will adjust as they go.
A good way for the attacker to do this is to test for vulnerabilities on the network.
One of the main ways an assess this is to sniff the traffic between the company’s internal network and the outside network. By inspecting the data a knowledgeable attacker can inspect the packets and gain more knowledge of the target.
It is important to do this so as build up an idea of the network and then choose the right tool for the job. It is also important to remain hidden during this stage, It is definitely recommended that you use a tool like TOR to route your traffic somewhere else and ideally not use a connection linked to your home name and address.
You can read more about that Here at leak source
Once the network has been assessed it is then time to choose what attack method to deploy, as well as the attack vectors available to you based on the information gathered during the reconnaissance.
One common method would be to continue the reconnaissance from behind the firewall which will illuminate a much deeper breadth of services, additionally we may wish to simply use distributed denial of service. It is here that you might want to run scripts and often hear the term ‘script kiddies’. The more experienced attackers will develop their own scripts for use, where as the novices are best to use tried and tested exploits.
Whilst this guide has shown the general gist of how an attack is deployed, There’s no use rehashing the valuable and bountiful information available on the net.
For example –
Hack Back! A DIY Guide for Those Without the Patience to Wait for Whistleblowers
So now we have seen what hacking is, we have a general idea of what we might do if we wanted to attack a local company for example.
But we also have an idea of what attackers do, and can begin to think about how we might go about securing a network or organization.
For example we know that attackers really desire poorly-configured services or old/ unpatched software/hardware. Even the best firewall will struggle to stop an attacker once they are client side of it. So we know that one step is to remove the discoverable services, and those that can be discovered by whois attempts are secure, and not open with no authentication.
You can also set up fake services or servers that alert you if any suspicious activity is discovered on them.. as well as this you obviously want to ensure all the staff in the clients organization are following secure practices and that inside network escalation is limited, as often attacks are carried out from the inside.
As we go forward in this fascinating journey we can begin to map out the process of both attacking and defending. Next we will focus on something more practical.