Models and Methodologies

Source: https://draft.blogger.com/blog/post/edit/4645394287292363993/7218885967669883525#

Today would be on the ethical methodologies used in carrying out an ethical hack/attack. In every sector, there are models, ethics and procedures from law to medicine and so is the case in cybersecurity and particularly ethical hacking. There are steps an ethical hacker needs to follow because we are ethical people backed by the law to do what we do so. The processes are a six-step industry standard process which is: 

1. Reconnaissance

Upon receiving explicit and contractual consent from the organization, the reconnaissance portion of the hacking process can begin. This involves collecting as much information as possible about the “target” using the various tools at the hacker’s disposal, including the company website, internet research, and even social engineering. These are all similar to the types of behaviours that a malicious hacker would engage in when attempting to breach an organization.

2. Environmental Scanning

During this second scanning phase, the hacker moves from passive to active information gathering by looking for ways to infiltrate the network and bypass any intrusion detection systems in place.

3. Gaining System Access

When the hacker is successful in step two, they shift to step three: attacking the network. During this phase, the hacker gains access to the target, determines where the various vulnerabilities lie, and assesses just how much damage could conceivably be dealt with now that they have access.

4. Maintaining System Access

Given that it takes an average of 228 days to identify a breach (Sobers, 2021), it is safe to assume that the average cybercriminal isn’t in and out. They stick around as long as possible once they have successfully breached a network. In this fourth stage, the hacker explores ways to maintain their access.

5. Clearing Evidence of the Breach

Just as a breaking-and-entering criminal might take the time to clear any evidence of their crime, cybercriminals are likely to do the same in a digital context. In this stage, the hacker will look for any traces of their activity and remove them.

6. Provision of a Final Report

For their final deliverable, the ethical hacker compiles all the lessons learned from their mission and reports them back to the organization, including recommendations for avoiding future security incidents.

REFERENCE

Praveen (2023) Ethical hacking: Understanding the basics, Cybersecurity Exchange. Available at: https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/ethical-hacking-understanding-basics/ (Accessed: 04 June 2023).