From the course: Ethical Hacking: System Hacking

Setting the stage

From the course: Ethical Hacking: System Hacking

Start my 1-month free trial

Setting the stage

- [Voiceover] System hacking is an important phase, and for many reasons. Today, cyberattacks are sophisticated, and coordinated. They're developed by expertly trained teams of programmers. Data breach examples include Stuxnet, industry, and government and law enforcement agencies. The attackers have ample resources to continue to attack their target, using advanced tools and methods to target specific systems, and continue drilling into an organization until they gain access. This type of attack is called an advanced persistent threat, meaning, staying in the network undetected until they obtain their target. In most cases, no damage is done, but rather the goal of obtaining high value information, such as trade secrets, defense information, and personally identifiable information. The ethical hacker has to emulate this level of hacking, and must possess the skill of a surgeon in order to gain access and try to change the integrity of the system. Let's set the stage. By the time we get to the system hacking phase, we've obtained a great deal of information about the systems on our target. Reconnaissance is complete. We know our target, where it's located, and have a good idea as to when would be a good time to attack. Enough information is available to understand how the organization operates, and what data or services might be of value. Scanning and mapping the network is done, and have gained knowledge as to the make and model of the devices, listening services, and evidence of data being sent in the clear. We know which systems are live, and have determined the operating systems. Enumeration phase has obtained data, such as forms of users that exist in Windows and Linux, understand Windows groups, network devices, and have identified weaknesses that can be exploited. We now begin system hacking, which will have the following activities: obtaining the password, escalating privilege, executing applications, hiding files and tools, and covering tracks.

Contents