The Ethical Hacker

In: Computers and Technology

Submitted By kevindream1234
Words 1206
Pages 5
When you are called upon by law enforcement based on your expertise to hack into a network of a business known to be launching crimes against humanity as its primary mission for operation and capital gain thank them for givinging you the oportunity to do the job make sure you sign the necesarry documentation, protecting you from all laibility and legalities associated with the job. Now structure how you want to get you information through reconnaissance,Scanning Enumeration then Attacking and Post attacking if possible fall back attacks.
In my research from the book Network Security, Firewalls, and VPNs the process will start of by exploring discovery and information gathering phase also know as footprinting or reconnaissance. this will be your pre-attack phase to learn more about the target before the first actual attack. this can be done online and offline. Be carefull not to tip off the the target that its being investigated. through archieves.org you will find alot of information on the companies older versions of their web sites, analyse search engine contents, review current Web site, do some investigatative background of the employees, Map out the location of the company, analyse job postings. be on the look out for leaks of information online, newspaper and magazine articles, frequent blogs, newsgroups,chat and forums that are visited by the company and staff, Audit financial records or review public filings, review pubic records and other court cases. Query who personels are, domain registeration, and public IP assignments, listen in on emails and other forms of communications, find out what softwares they use and finally visit the pysical location and check out what the pysical security situation is?
Once you have created a structured and meaningful file about the target you can proceed to scanning the of the target. Scanning is a process of…...

Similar Documents

Hacker

...University of Phoenix Alejandro Granados Keeping the Hacker Out CMGT / 440 Oct/3/2011 Keeping the Hacker Out Knowledge is the best way to keep systems secure. According to an article on Security News Week Magazine, knowing what methods the hackers use to attack is the best weapon a CEO can use to protect its company data. And whether or not he can prevent an attack knowing a Hacker “know how” Is the best way to identify future potential treats to a company’s network. According to Terry Cutler in an article posted on Security Week magazine . People responsible of company network are familiar with web defacing and executive spear phishing They have become aware that hackers are waiting and gathering information and concealing themselves Also known as footprinting. When hackers attack it doesn’t just cost millions to a company but also earned reputations can be compromised or destroyed. SIEM or Security Information and Event Management software are necessary automation tools for a company network security, That determine the severity of treats . SIEM is capable of detecting suspicious employee activity which is extremely important. Let’s say a swipe card system identifies an employee entering the company office after business hours in Montreal, then it identifies the same employee entering another company facility 20 miles away. If each entrance occurs within a space of 20 minutes, something is off because it is impossible for one person to travel 20 miles...

Words: 629 - Pages: 3

Hackers

...Hackers have been around for too long, usually associated with dark themes and “the evil side” they represent the minority of IT Gurus that just have too much time on their hands, and a touch of evilness. Usually represented with a skull or “horrifically” they are iconic in a never ending battle against internet crime. Your hosting provider should have set up your server with a certain amount of security built-in. However, there’s much you can do yourself to ensure your site stays unmolested. Hackers play an “unwanted” yet a significant role on the net, it creates thousands if not millions of jobs, in the IT field but they are a menace to webmasters, such as you and me alike. Not to worry, because the following list of “Ten Tips” aims to tell you a little about the way malicious hackers work, and some ways of protecting your site-and inevitably preserving the privacy of your visitors. Ten Tips to Prevent Hackers 10) Comment Attacks Comments are one of most prized features for blogs, and helps create a great relationship between the author and the reader, and also between readers in the wider community. It would also be easy for someone to insert HTML code that causes trouble. You need to “validate” the form input before it’s accepted, to strip out all but the most basic HTML tags, for example and also if you’re using WordPress – you can utilize the “Keyword Filter” to block out any harsh words that might raise an issue or two. 9) Unsolicited Installation of Scripts It can be......

Words: 1120 - Pages: 5

Hacker Techniques

...phase is where the actual hacking takes place. Vulnerabilities that were discovered during the reconnaissance and scanning phase are now exploited to gain access. The method of how the hacker was able to exploit a connection can be a local area network (LAN, either wired or wireless), local access to a PC, the Internet, or offline. In Maintaining Access Phase a hacker has already gained access, and wants to maintain that access for future exploitation and attacks. Hackers sometimes harden a system in order to keep other hackers or security personnel out by securing their exclusive access with backdoors, rootkits, and Trojans. Once the hacker owns the system, they can use it as a base to launch additional attacks. Covering Tracks Phase is where the hackers have been able to gain and maintain access; they cover their tracks in order to avoid detection by security personnel, also to continue to use the owned system, and to remove evidence of hacking, or to avoid legal action. Hackers try to remove all traces of the attack, such as log files or intrusion detection system (IDS) alarms The first step I would take would be from the 5 steps to hacking which is the reconnaissance. I would use passive reconnaissance as this pertains to information gathering. Google is a major tool in most hackers initial first step. But you can use Nmap, AMAP, ScanRand and Paratrace. Social Engineering is one of the number one ways a network is easily infiltrated. They major forms of......

Words: 463 - Pages: 2

Hackers

...Pros and cons to hiring a hacker Nowadays, hackers are people that makes the technology's life to be more interesting. The term hacker has evolved over the years and has been growing. For years they existed a fuzzy distinction between good and bad computer hackers, or we also call them white hat and black hat hackers. Whether they are good or bad, we can't negate they don't have any influence on the development of technology. Hiring known hackers to test the security of a system is an example of this idea. Some companies have the great database which stores information about black hat hackers. It's made and developed by white hackers. These hackers break into systems and report holes that company engineers quickly seal. Companies need to have appropriate way to choose hackers to hire. Another positive aspect to hiring reformed hackers as security consultants is that staying up with the latest security exploits and countermeasures is a full time job. In most companies, the IT staff has an acceptable level of security knowledge, but they must focus most of their attention on the day to day responsibilities of keeping the network up and running. A good security consultant focuses almost solely on security and consequently has a level of security knowledge that goes far beyond that of most other IT professionals. The Cons of hiring so-called good hackers can be minimized by following several basic rules, but the use of hackers with criminal records is not common. With...

Words: 369 - Pages: 2

Hiring a Hacker

...Hiring a Hacker A hacker, as related to security consulting, is “someone who accesses a computer system by circumventing its security system”. (Wikipedia) This report will take a look at both the pro’s and con’s of hiring such a person as a security consultant for a business. Over the years there have been countless heated debates as to whether or not doing such would be considered ethical. One of the pro’s of hiring a former hacker to work as a security consultant is that they know all of the tricks of the trade. They have studied and paid great attention to many different techniques and how to apply them to reach the goals set forth to get the job done. Because they were at one time in that mindset, they know what other hackers would be doing and thinking in order to try to breech the companies’ security. (Posey, Brien) Another plus of hiring a hacker is that many of them will work for a substantially less salary than will someone who went to college and paid a pretty penny for their education. Hackers seem to truly love what they do; it can sometimes be considered an addiction. Usually money is not the key motivating factor for hardcore hackers. (Shinder, Deb) There are a couple of negatives when hiring a former hacker as a security consultant. The most obvious negative factor of course is the issue of trust. Of course this may be considered an opinion, but it is a major decision to make when owning a successful business. Many things could potentially be......

Words: 491 - Pages: 2

Hackers

...security testing and penetrating testing? NIST- 800 10. According to the NIST document, what are the four phases of penetration testing? * Planning * Discovery * Attack and * Reporting 11. Why would an organization want to conduct an internal penetration test? 12. What constitutes a situation in which a penetration tester should not compromise or access a system as part of a controlled penetration test? 13. Why would an organization hire an outside consulting firm to perform an intrusive penetration test without the IT department’s knowledge? 14. How does a web application penetration test differ from a network penetration test? 15. Explain both the information systems security practitioner and hacker perspectives for performing a penetration test....

Words: 332 - Pages: 2

Two Hacker

...Case Study 2 Closing Case Two “Two Hacker Hunters” 1. What types of technology could big retailers use to prevent identity thieves from purchasing merchandise? There are couple thing that would help big retailers from identity thieves. One thing is the authentication and authorization technologies such as biometrics. Another way is detection multiple transactions from different location. There should be a red flag if unusually large order or purchases in a short time. Last, retailers could notify the customer directly if they found unusual transaction and verify with the real customer if they truly buying something big. 2. What can organizations do to protect themselves from hackers looking to steal account data? Organizations can protect themselves from hackers by installing antivirus software for early detection and response. Have a content filtering, encryption and firewall. They must also have security people safeguarding against insiders or worker from stealing customer and clients information. 3. Authorities frequently tap online service providers to track down hackers. Do you think it is ethical for authorities to tap an online service provider and read people’s email? Why or why not? I personally don’t believe authorities have the right to go inside other people personal email to track down hackers. That mean we are losing our right of freedom. This is like spying on the very law abiding citizen’s personal space. I believe privacy......

Words: 906 - Pages: 4

Hacker

...hacking are discussed, such as the motivations that were behind guiding hackers who were at first computer professional to perform unauthorized activities, at the same time a discussion about the types of attacks can be found. The society response to hacking attacks lacks till this moment the ability to stop or completely prevent attacks from happening because as long as security tools are developed, more sophisticated hacking attacks are invented. That’s why we should start to think about hacker’s psychology as the main way to prevent and stop attacks by understanding their needs or desires. Introduction The Oxford English Dictionary defines hacking as “cut or chop roughly; mangle: cut (one’s way)”… to its present definition as “gain unauthorized access (to data in a computer)”. Banks (1997:11) defines hacking as “something that boring mainframe computer operators did to improve performance and battle boredom.” Here banks focuses on boredom as the reason of hacking. A more technical definition of hacking according to Digital Guards data base (2001) is “unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network.” Darlington (2001) believes hacking is not limited to accessing data or information but also includes an attack on the privacy of all people. Almost all different opinions agree on the illegality of hacking. On the other hand the word hacker is the agent of hack or hacking and it was defined as a......

Words: 4368 - Pages: 18

Hackers

...preform this initial reconnaissance and probinig step? Google is a major tool in most hackers initial first step. But you can use Nmap , AMAP, ScanRand and Paratrace. 4. How can social engineering be used to gather information or data about the organization’s IT infrastructure? Social Engineering is one of the number one ways a network is easily infiltrated. They major forms of this are Phishing, baiting and diversion theft. 5. What does the Enumeration step of the five (5) step hacking process entail and how is it vital to the hacker’s objective? Enumeration is the same as scanning a system for vulnerabilities that can be used to attack the system itself. This is vital to any hacker’s object since it reveals the information needed to access the target. 6. Explain how an attacker will avoid being detected following a successful penetration attack? To avoid detection a good hacker will always cover their tracks. This is done by purging any information in the system that could even minutely show the trace that someone was their. You must be careful when doing this because sometimes its not whats there that gets the hacker busted but what wasn’t. 7. What method does an attacker use to regain access to an already penetrated system? Any good hacker will always leave some sort of a backdoor into the system. This allows for easy access at will. This also gives the hacker......

Words: 347 - Pages: 2

Certified Ethical Hacker

...http://www.ipass4sure.com 312-50 ECCouncil Certified Ethical Hacker http://www.ipass4sure.com/exams.asp?examcode=312-50 The 312-50 practice exam is written and formatted by Certified Senior IT Professionals working in today's prospering companies and data centers all over the world! The 312-50 Practice Test covers all the exam topics and objectives and will prepare you for success quickly and efficiently. The 312-50 exam is very challenging, but with our 312-50 questions and answers practice exam, you can feel confident in obtaining your success on the 312-50 exam on your FIRST TRY! ECCouncil 312-50 Exam Features - Detailed questions and answers for 312-50 exam - Try a demo before buying any ECCouncil exam - 312-50 questions and answers, updated regularly - Verified 312-50 answers by Experts and bear almost 100% accuracy - 312-50 tested and verified before publishing - 312-50 exam questions with exhibits - 312-50 same questions as real exam with multiple choice options Acquiring ECCouncil certifications are becoming a huge task in the field of I.T. More over these exams like 312-50 exam are now continuously updating and accepting this challenge is itself a task. This 312-50 test is an important part of ECCouncil certifications. We have the resources to prepare you for this. The 312-50 exam is essential and core part of ECCouncil certifications and once you clear the exam you will be able to solve the real life problems yourself.Want to take advantage of the Real......

Words: 1963 - Pages: 8

Hacker Hunters

...Chapter 4, “Closing Case Two” (Hacker Hunters, Pages 165-166) 1. What types of technology could big retailers use to prevent identity thieves from purchasing merchandise? They can use cards with RFID and Pin numbers. 2. What can organizations do to protect themselves from hackers looking to steal account data? They can restrict access to only those who need it, they can enhance their security measures by making their passwords more difficult so not everyone can access their databases, and they can install better higher quality firewall and security systems. 3. Authorities frequently tap online service providers to track down hackers. Do you think it is ethical for authorities to tap an online service provider and read people’s email? Why or why not? It is ethical for authorities and very important that they access to criminal activity that is being done via email or over the internet. With this authority there must be a warrant issued by a judge. It is unethical to access just anyone’s personal information looking for a crime without prior suspicion. 4. Do you think it was ethical for authorities to use one of the high-ranking officials to trap other gang members? Why or why not? I think it depends on the crime that has been done. Using a high-ranking official to trap other gang members has basically been a tradition that happens every day across America in all police departments. This is how cases are made and solved by finding witnesses to take down a......

Words: 339 - Pages: 2

Cis 534 Week 3 Case Study the Ethical Hacker

...CIS 534 Week 3 Case Study The Ethical Hacker Click Link Below To Buy: http://hwcampus.com/shop/cis-534-week-3-case-study-the-ethical-hacker/ ase Study: The Ethical Hacker Due Week 3 and worth 70 points Imagine for a moment that you are a hacker; an ethical one. You are called upon by law enforcement based on your expertise to hack into a network of a business known to be launching crimes against humanity as its primary mission for operation and capital gain. Assume you are not to be concerned with any politics of the job and your actions are legal and ethically justified. This nefarious business takes its own security seriously and therefore has implemented several forms of network security such as firewalls, Web proxies for its Web gateways, and VPNs for remote users. You also know that this business exists much like any normal corporation, renting several floors of office space to accommodate between 100-200 employees. Also imagine that the business’s entire network topology is located in that same location. Your goal is to infiltrate the security enough to find evidence included in the local MSQL database. You need to remain anonymous and operate within the reasonable parameters of the law. Write a four to five (4-5) page paper in which you: 1. Explain your method of attack and operation within reasonable parameters of the law. 2. Discuss specific malware, social engineer, or any other type of attacks you would deploy to achieve your desired......

Words: 452 - Pages: 2

Hackers

...In the series Scorpion, the problem that has been encountered in the Pilot episode is that the entire computer system in the airports was kind of affected by bugs, or maybe taken over by hackers because of it being unusable. The communications to the flying planes are down. There was nothing they could do to reroute the planes and communicate with them while on air. This is not just a usual computer system being down, this causes the three airports in Los Angeles not being able to safely land the planes and passengers. Without these communication services working properly, fifty-six airplanes were not able to land safely. For the system to get back working, there were four geniuses who helped and restored the system back to normal as how it should be working. The problem is resolved when the rescue team was able to find a backup of the uncorrupted, bug-free copy of the system in one of the flying planes. The rescue team on the ground was having a hard time communicating with the people inside the plane with the bug-free software of the system. However, one of the team’s geniuses, Toby, was able to find a way to locate a passenger with his phone turned on. The team was able to communicate with the pilot with the help of the passenger. Commanding the pilot to fly as low as he can as the rescue team need to acquire the uncorrupted software of the system. They have retrieved the copy of the uncorrupted software of the system with the help of Paige. She was able to download the......

Words: 491 - Pages: 2

Cis 534 Week 3 Case Study the Ethical Hacker

...CIS 534 Week 3 Case Study The Ethical Hacker Click Link Below To Buy: http://hwcampus.com/shop/cis-534-week-3-case-study-the-ethical-hacker/ ase Study: The Ethical Hacker Due Week 3 and worth 70 points Imagine for a moment that you are a hacker; an ethical one. You are called upon by law enforcement based on your expertise to hack into a network of a business known to be launching crimes against humanity as its primary mission for operation and capital gain. Assume you are not to be concerned with any politics of the job and your actions are legal and ethically justified. This nefarious business takes its own security seriously and therefore has implemented several forms of network security such as firewalls, Web proxies for its Web gateways, and VPNs for remote users. You also know that this business exists much like any normal corporation, renting several floors of office space to accommodate between 100-200 employees. Also imagine that the business’s entire network topology is located in that same location. Your goal is to infiltrate the security enough to find evidence included in the local MSQL database. You need to remain anonymous and operate within the reasonable parameters of the law. Write a four to five (4-5) page paper in which you: 1. Explain your method of attack and operation within reasonable parameters of the law. 2. Discuss specific malware, social engineer, or any other type of attacks you would deploy to achieve your desired......

Words: 452 - Pages: 2

Cis 534 Week 3 Case Study the Ethical Hacker

...CIS 534 Week 3 Case Study The Ethical Hacker Click Link Below To Buy: http://hwcampus.com/shop/cis-534-week-3-case-study-the-ethical-hacker/ ase Study: The Ethical Hacker Due Week 3 and worth 70 points Imagine for a moment that you are a hacker; an ethical one. You are called upon by law enforcement based on your expertise to hack into a network of a business known to be launching crimes against humanity as its primary mission for operation and capital gain. Assume you are not to be concerned with any politics of the job and your actions are legal and ethically justified. This nefarious business takes its own security seriously and therefore has implemented several forms of network security such as firewalls, Web proxies for its Web gateways, and VPNs for remote users. You also know that this business exists much like any normal corporation, renting several floors of office space to accommodate between 100-200 employees. Also imagine that the business’s entire network topology is located in that same location. Your goal is to infiltrate the security enough to find evidence included in the local MSQL database. You need to remain anonymous and operate within the reasonable parameters of the law. Write a four to five (4-5) page paper in which you: 1. Explain your method of attack and operation within reasonable parameters of the law. 2. Discuss specific malware, social engineer, or any other type of attacks you would deploy to achieve your desired......

Words: 452 - Pages: 2