Lisa explores the third phase in ethical hacking, system hacking. Understand why malicious parties are interested in system hacking, and how hacking your own system can give you valuable insight into the mind of a black hat hacker. Learn how reconnaissance and scanning, the first two steps in ethical hacking, set the stage for system hacking.
- [Voiceover] System hacking is an important phase, and for many reasons. Today, cyberattacks are sophisticated, and coordinated. They're developed by expertly trained teams of programmers. Data breach examples include Stuxnet, industry, and government and law enforcement agencies. The attackers have ample resources to continue to attack their target, using advanced tools and methods to target specific systems, and continue drilling into an organization until they gain access.
This type of attack is called an advanced persistent threat, meaning, staying in the network undetected until they obtain their target. In most cases, no damage is done, but rather the goal of obtaining high value information, such as trade secrets, defense information, and personally identifiable information. The ethical hacker has to emulate this level of hacking, and must possess the skill of a surgeon in order to gain access and try to change the integrity of the system.
Let's set the stage. By the time we get to the system hacking phase, we've obtained a great deal of information about the systems on our target. Reconnaissance is complete. We know our target, where it's located, and have a good idea as to when would be a good time to attack. Enough information is available to understand how the organization operates, and what data or services might be of value. Scanning and mapping the network is done, and have gained knowledge as to the make and model of the devices, listening services, and evidence of data being sent in the clear.
We know which systems are live, and have determined the operating systems. Enumeration phase has obtained data, such as forms of users that exist in Windows and Linux, understand Windows groups, network devices, and have identified weaknesses that can be exploited. We now begin system hacking, which will have the following activities: obtaining the password, escalating privilege, executing applications, hiding files and tools, and covering tracks.
These tutorials, along with the other courses featured in the Ethical Hacking series, will prepare students to pass the Certified Ethical Hacker exam and start a career in this in-demand field. Find out more about the exam at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Acquiring passwords
- Generating rainbow tables
- Understanding where passwords are stored
- Defending against privilege escalation
- Understanding spyware
- Protecting against keylogging
- Detecting steganography
- How hackers cover their tracks