1) Reconnaissance
2) Scanning
3) Gaining Access
4) Maintaining Access
5) Clearing Tracks
OR
• Performing Reconnaissance
• Scanning and Enumeration
• Gaining access
• Maintaining access and Placing Backdoors
• Covering tracks or Clearing Logs
Phase I:
Reconnaissance
Reconnaissance can be described as the pre-attack phase and is a
systematic attempt to locate, gather, identify, and record information about
the target. The Hacker seeks to find out as much information as possible about
the target.
Phase II:
Scanning and Enumeration
Scanning and enumeration is considered the second pre-attack
phase. This phase involves taking the information discovered during
reconnaissance and using it to examine the network. Scanning involves steps such
as intelligent system port scanning which is used to determine open ports and
vulnerable services. In this stage the attacker can use different automated
tools to discover system vulnerabilities.
Phase III: Gaining Access
This is the phase where the real hacking takes place.
Vulnerabilities discovered during the reconnaissance and scanning phase are now
exploited to gain access. The method of connection the Hacker uses for an
exploit can be a local area network, local access to a PC, the Internet, or
offline. Gaining access is known in the Hacker world as owning the system.
During a real security breach it would be this stage where the Hacker can
utilize simple techniques to cause irreparable damage to the target system.
Phase IV:
Maintaining Access and Placing Backdoors
Once a Hacker has gained access, they want to keep that access for
future exploitation and attacks. Sometimes, Hackers harden the system from
other Hackers or security personnel by securing their exclusive access with
Backdoors, Root kits, and Trojans.
The attacker can use automated scripts and automated tools for
hiding attack evidence and also to create backdoors for further attack.
Phase V:
Clearing Tracks
In this phase, once Hackers have been able to gain and maintain
access, they cover their tracks to avoid detection by security personnel, to
continue to use the owned system, to remove evidence of hacking, or to avoid
legal action. At present, many successful security breaches are made but never
detected. This includes cases where firewalls and vigilant log checking were in
place.
0 comments:
Post a Comment