Skip to main content

Models and Methodologies

Source: https://draft.blogger.com/blog/post/edit/4645394287292363993/7218885967669883525#

Today would be on the ethical methodologies used in carrying out an ethical hack/attack. In every sector, there are models, ethics and procedures from law to medicine and so is the case in cybersecurity and particularly ethical hacking. There are steps an ethical hacker needs to follow because we are ethical people backed by the law to do what we do so. The processes are a six-step industry standard process which is: 

1. Reconnaissance

Upon receiving explicit and contractual consent from the organization, the reconnaissance portion of the hacking process can begin. This involves collecting as much information as possible about the “target” using the various tools at the hacker’s disposal, including the company website, internet research, and even social engineering. These are all similar to the types of behaviours that a malicious hacker would engage in when attempting to breach an organization.

2. Environmental Scanning

During this second scanning phase, the hacker moves from passive to active information gathering by looking for ways to infiltrate the network and bypass any intrusion detection systems in place.

3. Gaining System Access

When the hacker is successful in step two, they shift to step three: attacking the network. During this phase, the hacker gains access to the target, determines where the various vulnerabilities lie, and assesses just how much damage could conceivably be dealt with now that they have access.

4. Maintaining System Access

Given that it takes an average of 228 days to identify a breach (Sobers, 2021), it is safe to assume that the average cybercriminal isn’t in and out. They stick around as long as possible once they have successfully breached a network. In this fourth stage, the hacker explores ways to maintain their access.

5. Clearing Evidence of the Breach

Just as a breaking-and-entering criminal might take the time to clear any evidence of their crime, cybercriminals are likely to do the same in a digital context. In this stage, the hacker will look for any traces of their activity and remove them.

6. Provision of a Final Report

For their final deliverable, the ethical hacker compiles all the lessons learned from their mission and reports them back to the organization, including recommendations for avoiding future security incidents.

REFERENCE

Praveen (2023) Ethical hacking: Understanding the basics, Cybersecurity Exchange. Available at: https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/ethical-hacking-understanding-basics/ (Accessed: 04 June 2023).


Comments

Popular posts from this blog

MAJOR PROJECT THEME - ETHICAL HACKING

Source: https://www.softwaretestinghelp.com/wp-content/qa/uploads/2020/06/Ethical-Hacking.png Ethical hacking is a practice in which cybersecurity professionals use their skills to identify vulnerabilities in computer systems and networks. This approach helps organizations proactively detect and fix potential security issues before malicious hackers exploit them. Ethical hacking is a vital tool in today's world where cyber threats constantly evolve and become more sophisticated. The concept of ethical hacking is based on the idea that the best defence against cyber attacks is a good offence. Organizations can identify and fix vulnerabilities before malicious actors can exploit them by conducting controlled and authorised attacks on their own systems. Ethical hacking also helps to improve the overall security posture of an organization, making it more resilient against future cyber attacks. However, ethical hacking is not a license to conduct attacks indiscriminately. Ethical hacker...

Case Study - Method

Source: https://www.google.co.uk/url?sa=i&url=https%3A%2F%2Fwww.facebook.com%2Fmethoduk%2F&psig=AOvVaw1TjPOsSrMz-Vs9czJ_mxRc&ust=1685998095949000&source=images&cd=vfe&ved=0CBAQjRxqFwoTCJCq48K-qv8CFQAAAAAdAAAAABAj Method The methodology employed in the case study described in the book "Cyber Security: Case Study" reflects a systematic and meticulous approach to ethical hacking. This section outlines the key steps and processes undertaken by the ethical hacking team to assess the organization's cybersecurity measures. The first step in the methodology involved the selection of a qualified and experienced ethical hacking team. The team's expertise in various aspects of cybersecurity, such as network security, web application security, and social engineering, ensured a comprehensive assessment across different attack vectors. Careful consideration was given to the team's certifications, qualifications, and track record of successful engagements...