Password Attacks are the classic way to gain access to a computer system is to find out the password and log in. The growth of the Internet has created unlimited opportunity for these intruders to steal secrets, tinker with Web sites, abscond with credit card information, or just generally make mischief.
After successfully compromising a host, if the rules of engagement permit it, it is frequently a good idea to ensure that you will be able to maintain your access for further examination or penetration of the target network. This also ensures that you will be able to reconnect to your victim if you are using a one-off exploit or crash a service on the target. In situations like these, you may not be able to regain access again until a reboot of the target is performed.
Once you have gained access to one system, you can ultimately gain access to the systems that share the same subnet. Pivoting from one system to another, gaining information about the user’s activities by monitoring their keystrokes, and impersonating users with captured tokens are just a few of the techniques we will describe further in this module.
Sniffing and Snooping should be synonyms. They refer to listening to a conversation. For example, if you login to a website that uses no encryption, your username and password can be sniffed off the network by someone who can capture the network traffic between you and the web site.
Spoofing refers to actively introducing network traffic pretending to be someone else. For example, spoofing is sending a command to computer A pretending to be computer B. It is typically used in a scenario where you generate network packets that say they originated by computer B while they really originated by computer C. Spoofing in an email context means sending an email pretending to be someone else.
The concept behind reverse-engineering—breaking something down in order to understand it, build a copy or improve it.
A process that was originally applied only to hardware, reverse-engineering is now applied to software, databases and even human DNA. Reverse-engineering is especially important with computer hardware and software. Programs are written in a language, say C++ or Java, that’s understandable by other programmers. But to run on a computer, they have to be translated by another program, called a compiler, into the ones and zeros of machine language. Compiled code is incomprehensible to most programmers, but there are ways to convert machine code back to a more human-friendly format, including a software tool called a decompiler.
Exploitation Tools are software tools that enable computers to infiltrate target computers’ networks to extract and gather intelligence data. It enables the exploitation of the individual computers and computer networks of an external organization or country in order to collect any sensitive or confidential data, which is typically kept hidden and protected from the general public.
Computer Forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.
Reporting Tools are software applications that make data extracted in a query accessible to the user. For example, a “dashboard” is a common reporting tool that makes a variety of information available on a single screen, in the form of charts, graphs, ordered lists. There are reporting tools used by hackers to determine the relationships and real world links between hundreds of different types of information.
Stress Testing refers to the testing of software or hardware to determine whether its performance is satisfactory under any extreme and unfavorable conditions, which may occur as a result of heavy network traffic, process loading, underclocking, overclocking and maximum requests for resource utilization.
As organizations harden their networks, Web applications have become primary targets for cyber-attack.
“Hackers have realized that because networks are secure, the application is the weakest link,” said Mandeep Khera, chief marketing officer for Cenzic, a security firm which release the report Aug. 25. “That’s where they want to get in and attack because most applications are not secure there.”