Greetings,
Lately, I've been undergoing the studies of Ethical Hacking and learning the process of such works. There are 5 steps testers perform whether it's manual or with automated tools to identify vulnerabilities to improve security for organizations protecting them from cyber attacks. I won't go too in depth of the topic, but wanted to give a brief overview. Let's gooooooo!!!!
1. Planning and Reconnaissance
- defining the scope, priorities and goals to be achieved.
- gathering intelligence like passive and active information on network and domain names or mail servers, etc of the target system to understand how a target works and potential entry points.
2. Scanning:
- Static Analysis: Inspects the application source code before program is run by comparing it to a set of coding rules followed by debugging.
- Dynamic Analysis: testing and evaluating of the security system in real time. This helps with finding errors or vulnerabilities by scanning the system using automated security scanning tools. Manual verification of vulnerabilities or errors to eliminate false positives.
3. Gaining Access or Exploitation:
- vulnerabilities are identified are actively exploited to gain access. This involves escalating privileges, stealing data, intercepting traffic and injecting malicious code to understand the damage.
4. Maintaining Access:
- See how long an attacker can stay within the system due to vulnerabilities.
5. Analysis and Reporting:
- Results of test are then compiled into a detailed report of vulnerabilities that were exploited, access to important data, and time the security tester could remain in the system before getting detected.