Ethical Hacking and Penetration Testing.

Introduction and general information about

the course.

INSTRUCTOR: ALIBEK AIGE

 Types of Hackers
•Black Hat: Hackers who engage in illegal activities for personal gain or malicious intent.
Example: A black hat hacker who steals credit card information.

•White Hat (Ethical Hackers): Hackers who are authorized to test systems and help
organizations improve security.
Example: A security consultant hired to perform a vulnerability assessment.

•Gray Hat: Hackers who may sometimes violate laws or ethical standards but do not have
malicious intent.
Example: A hacker who discovers a vulnerability and informs the company without prior
permission but does not exploit it.
 What is Ethical Hacking?
Definition: Ethical hacking involves the authorized and legitimate practice of
probing systems and networks to identify vulnerabilities before malicious hackers
can exploit them.

Key Concepts:
•Authorization: Ethical hackers must have explicit permission from the system
owner.
•Intent: The purpose is to improve security, not to cause harm or steal information.
•Methodology: Ethical hacking follows a structured approach, similar to how a
malicious hacker would operate, but within legal and ethical boundaries.
Introduction to Penetration
Testing
•Definition: Penetration testing, or pen testing, is a simulated cyberattack against
your system to check for exploitable vulnerabilities.
•Purpose: To assess the security of a system and ensure that the controls in place are
effective.

Real-World Applications:
•Assessing Security Posture: Regular pen testing helps organizations understand
their security weaknesses.
•Training Security Teams: Pen testing can be used as a training tool for internal
security teams.
 Why Ethical Hacking is
Important?
•Proactive Security: Ethical hacking helps organizations identify and mitigate potential
security threats before they can be exploited.
•Case Study: Example of a company that prevented a major breach due to regular ethical
hacking exercises.
•Regulatory Compliance: Many industries require regular security assessments to comply
with laws and regulations (e.g., GDPR, HIPAA, PCI-DSS).
•Examples: Discuss specific regulations and their requirements for security testing.
•Reputation Management: Preventing breaches helps maintain customer trust and protects
the organization’s reputation.
•Impact: Data breaches can lead to significant financial losses, legal penalties, and loss of
customer trust.
The Penetration Testing
Process
1. Planning and Reconnaissance:
Define Scope: Determine what systems, applications, and networks will be tested.
Goals: Establish what the penetration test aims to achieve (e.g., access sensitive data,
test response capabilities).
Reconnaissance: Gather information about the target through public sources, such as
websites, social media, and publicly available documents.
Scanning:

•Passive Scanning: Gathers information without interacting directly with the target.
•Active Scanning: Direct interaction with the target to discover open ports, services, and
potential vulnerabilities.
•Tools Used: Nmap, OpenVAS, etc.
 Gaining Access:

•Techniques: Exploiting known vulnerabilities, brute-force attacks, phishing, social engineering.

•Examples: Demonstrate how an attacker might use a SQL injection to gain access to a database.
 Maintaining Access:
•Purpose: Determine if the vulnerability can be used to achieve a persistent presence in
the exploited system.
•Methods: Installing backdoors, creating new user accounts with elevated privileges.
•Real-World Scenario: Explain how an attacker might maintain access to a compromised
server over a long period without detection.
Analysis and Reporting:
•Document Findings: Clearly explain the vulnerabilities found, how they were
exploited, and what data was accessed.
•Remediation Advice: Provide actionable recommendations to fix the vulnerabilities.
•Report Structure: Executive summary, technical details, risk assessment, and
mitigation strategies.
Types of Penetration Testing

Black Box Testing:

Description: The tester is given no information about the system prior to the test.
Purpose: Simulates an attack from an external hacker with no prior knowledge.
Challenges: Limited information can make it harder to find deep-rooted vulnerabilities.
Types of Penetration Testing
White Box Testing:
Description: The tester is given full access to the system's information (e.g., source
code, network architecture).
Purpose: Allows for a comprehensive examination of the system's security.
Advantages: Can identify vulnerabilities that are not apparent in black-box testing.
Types of Penetration Testing
Gray Box Testing:
◦ Description: The tester has partial knowledge about the system being tested.
◦ Purpose: Represents an insider threat, such as a disgruntled employee with some
access.
◦ Balanced Approach: Offers a middle ground between black and white box testing.
Common Tools Used in
Penetration Testing
•Nmap: For network discovery and security auditing.
Use Case: Scanning a network to discover live hosts and open ports.

•Metasploit: A framework for developing, testing, and executing exploits.

Use Case: Automating the exploitation of vulnerabilities to assess security.

•Wireshark: A network protocol analyzer used to capture and interactively browse traffic on a network.
Use Case: Analyzing network traffic to detect anomalies or malicious activity.

•Burp Suite: A set of tools used for performing security testing of web applications.
Use Case: Finding and exploiting vulnerabilities in web applications, such as XSS or SQL injection.
Legal and Ethical Considerations
•Authorization: Always obtain proper authorization before conducting any hacking
activities.
•Legal Documents: Discuss the importance of NDAs (Non-Disclosure Agreements) and
written consent.
•Confidentiality: Protect sensitive information obtained during testing.
•Data Handling: How to securely store and transmit sensitive data collected during testing.
•Reporting: Ensure that findings are reported responsibly to prevent misuse.
•Responsible Disclosure: The process of reporting vulnerabilities to the affected
organization without making the details public until a fix is available.
•Potential Consequences: Unauthorized hacking can lead to legal action, fines, and
imprisonment.
Guidelines for Assignment 1
Objective: Explore wireless attacks and defenses.
•Required Tools:
•Kali Linux (Penetration Testing Distribution)
•Wireshark (Network Protocol Analyzer)
•Aircrack-ng (WiFi Network Security Assessment)
•Environment Setup:
•Download and install the required software.
•Set up an Access Point with the provided router.
•Ensure proper configuration of SSID and security settings.
Wireless Packet Capture
Capturing Packets:
•Use Wireshark to monitor wireless traffic.
•Select the correct wireless interface (e.g., wlan0).
•Enable Monitor Mode or Promiscuous Mode to capture all traffic.

Four-way Handshake:
•Capture the WPA/WPA2 handshake for further analysis.
Cracking WPA2 WiFi Passphrase
Using Aircrack-ng:
•Load the captured packet file (e.g., test.pcap).
•Use a wordlist to brute-force the WPA2 passphrase.

Step-by-Step Process:
•Copy the pcap file to Kali Linux.
•Run Aircrack-ng to crack the passphrase.
•Document the process and results.
Conclusion
Summary:
Ethical hacking and penetration testing are crucial components of modern cybersecurity.
They help organizations stay ahead of potential threats and comply with industry
regulations.
Understanding and adhering to ethical principles is essential for a successful career in
cybersecurity.