Saturday, December 21, 2019
as the global world continues to advance and make rapid progress, cyber crime also occurs. Criminals, especially cybercriminals do not need to leave their comfort zones to commit crimes. they achieve the desired results with just a few clicks of their mouse and a strong internet connection. To overcome this bad trend, there is a need for ethical hackers and ethical hacker understanding.
Various types of hacking:
Various types of hacking:
- Use the results of stealing other people's IDs to login.
- Misuse of confidential channels or control channels.
- SQL injection
- Brute force and dictionary attacks
- Operating System Mastery
- Misuse of identification marks as the result of guessing or original identification
- Manipulate fingerprints and takeovers
- Cross-site Scripting
- Inadequate exploitation of the authentication system
- Inadequate exploitation of the authorization system
In the world of hacking, there are several terms:
- Hack Value: The footprint between hackers is something valuable or interesting, in this case the hack
- Target of Evaluation: IT systems, products, or components that are indicated to be subject to security evaluation needs.
- Attack: Attacks that violate the security system, originating from intelligent threats.
- Exploit: A defined way to break through the security of an IT System through its weaknesses.
- Zero-Day: A computer threat that attempts to exploit weaknesses in computer applications that are unknown to other people or kept by software developers.
- Security: Situations where information and infrastructure are adequate where the possibility of theft, interference, and entry of gaps in the information and services of a server is very low or tolerable.
- Threat: Actions or events that can weaken security. The threat has the potential to violate security.
- Vulnerability: The existence of weaknesses, design or implementation errors that can cause unexpected events weaken security.
- Daisy Chaining: Hackers who escape by stealing databases by removing traces by deleting logs and so on.
Information Security Element
Confidentiality: A guarantee where information can be accessed by those who are only authorized.
Integrity: Trust in data or resources in preventing unauthorized and unauthorized changes.
Availability: Guarantees where the system is responsible for delivering, storing and processing information that can be accessed when needed by authorized users.
Authenticity and Non-Repudiation
Authenticity refers to the characteristics of communication, any document or data that guarantees the quality is authentic and not corrupt, the situation is still original.
Non Repudiation refers to a group conducting communications or agreements that cannot deny identification in a document or message where it came from.
Security, Functionality and Usability Triangle : Conditions where the emphasis on one of the 3 aspects of security, functionality or use will result in weakening of the other 2 aspects.
Hacking Phase
Reconnaissance -> Scanning -> Gaining Access -> Maintaining Access -> Removing Traces
Reconnaissance: Refers to the preparation of an attacker preparing who is there to gather target information. Consists of 2, passive: not involved with the target, active: involved with the target.
Scanning: Includes network scanning activities such as port scanners, network mapping, sweeping, vulnerability scans and others. This aims to get information such as computer name, IP address, and user account.
Gaining Access: Refers to situations where an attacker gets access to an operating system or application over a network.
Maintaining Access: This method attempts to prevent other attackers from entering the system when performing operations.
Covering Tracks: Maintain confidentiality during attacks by deleting logs.
Vulnerability Research
The process by which we find weaknesses and defects in the path that can open the operating system and its application to attack or abuse.
Vulnerability Research website :
Penetration Testing
Is a method of actively evaluating the security of information systems or networks by simulating attacks through sources that are 'malicious' to security. The results are submitted as a report to management, executives or technical parties. The benefits of Pentest are reducing the security costs of an IT organization and providing a better Return Of Security Investment (ROSI) by identifying and solving weaknesses and vulnerabilities.
Pentest Methodology
Information Gathering -> Vulnerability Analysis -> External Penetration Testing -> Internal Network Penetration Testing -> Router and Switches Penetration Testing -> Firewall Penetration Testing -> IDS Penetration Testing -> Wireless Network Penetration Testing -> Denial Of Service Penetration Testing -> Password Cracking Penetration Testing -> Social Engineering Pentest -> Stolen Laptop Pentest -> Application Penetration Testing -> Physical Security Testing -> Databaase Pentest -> VoIP Pentest -> VPN Pentest -> Virus and Trojan Pentest -> Log Management Pentest -> File Integrity Pentest -> Communication System Pentest -> Email Security Pentest -> Security Patches Pentest-> Data Leakage Pentest.
