Session 1 handout

What does cybersecurity mean?

Cybersecurity is the protection of internet-connected systems such as hardware,
software and data from cyberthreats. The practice is used by individuals and
enterprises to protect against unauthorized access to data centers and other
computerized systems.

Types of Cybersecurity:
● Network Security
● Application Security
● Information or Data Security
● Cloud Security
● Mobile Security
● Endpoint Security
● Critical Infrastructure Security
● Internet of Things (IoT) Security

Importance of Cybersecurity:

● Prevention of Cyber Attacks:

● Protecting Sensitive Data
● Protecting National Security

Types of hackers:
1. White Hat Hackers
The goals of these types of hackers are helping businesses and an appetite for detecting gaps in
networks’ security. They aim to protect and assist companies in the ongoing battle against cyber
threats. A White Hat hacker is any individual who will help protect the company from raising cyber
crimes. They help enterprises create defences, detect vulnerabilities, and solve them before
other cybercriminals can find them.

2. Black Hat Hackers

To hack into organizations’ networks and steal bank data, funds or sensitive information. Normally,
they use the stolen resources to profit themselves, sell them on the black market or harass their
target company.

3. Gray Hat Hackers

 The difference is, they don’t want to rob people nor want to help people in particular. Rather,
they enjoy experimenting with systems to find loopholes, crack defenses, and generally find a fun
hacking experience.

4. Script Kiddies
One standard Kiddie Script attack is a DoS (Denial of Service) or DDoS attack (Distributed Denial of
Service). This simply means that an IP address is flooded with too much excessive traffic that it
collapses. Consider several Black Friday shopping websites, for instance. It creates confusion and
prevents someone else uses the service.
5. Green Hat Hackers
Green hat hackers are types of hackers who learn the ropes of hacking. They are slightly different
from the Script Kiddies due to their intention. The intent is to strive and learn to become
full-fledged hackers. They are looking for opportunities to learn from experienced hackers.

6. Blue Hat Hackers

Blue Hat Hackers are types of hackers who’re similar to Script Kiddies. The intent to learn is
missing. They use hacking as a weapon to gain popularity among their fellow beings. They use
hacking to settle scores with their adversaries. Blue Hat Hackers are dangerous due to the intent
behind the hacking rather than their knowledge.

7. Red Hat Hackers

Red Hat Hackers are synonymous with Eagle-Eyed Hackers. They are the types of hackers who’re
similar to white hackers. The red hat hackers intend to stop the attack of black hat hackers. The
difference between red hat hackers and white hat hackers is that the process of hacking through
intention remains the same. Red hat hackers are quite ruthless when dealing with black hat
hackers or counteracting malware. The red hat hackers continue to attack and may end up having
to replace the entire system setup.

8. State/Nation Sponsored Hackers

The government appoints hackers to gain information about other countries. These types of
hackers are known as State/Nation sponsored hackers. They use their knowledge to gain
confidential information from other countries to be well prepared for any upcoming danger to
their country. The sensitive information aids in being on top of every situation but also in avoiding
upcoming danger. They report only to their governments.

9. Hacktivist
These types of hackers intend to hack government websites. They pose themselves as activists, so
known as hacktivists. Hacktivists can be an individual or a bunch of nameless hackers whose intent
is to gain access to government websites and networks. The data gained from government files
accessed are used for personal political or social gain.

10. Malicious insider or Whistleblower

These types of hackers include individuals working in an organization who can expose confidential
information. The intent behind the exposure might be a personal grudge against the organization,
or the individual might have come across illegal activities within the organization. The reason for
exposure defines the intent behind the exposure. These individuals are known as whistleblowers.
Hacking Vocabulary:
1. Hack Value:
The output of the effort and time returning value from the attack (Hack)
2. Vulnerability:
Weakness in an information system, system security procedures, internal controls, or
implementation that could be exploited or triggered by a threat source.
3. Exploit:
In cyber security has 2 meanings >> 1: Take advantage of the Vulnerability , 2: malicious code/
software.
4. Payload:
Part of the Exploit code, few commands
5. Zero-Day Attack:
refers to the fact that the vendor or developer has only just learned of the flaw – which means
they have “zero days” to fix it.

6. Daisy Chaining / pivoting:

Using Network device/ system to gain access to other on network
7. Doxing:
Personal information Collected via database /social media
8. BOT / Zombie/ Botnet:
Botnets are infected computer networks, often known as zombies or bots. These
machines have been infected with malware, allowing a bot-master to remotely control
them.
9. C2C:
A command-and-control [C&C] server is a computer controlled by an attacker or cybercriminal
which is used to send commands to systems compromised by malware and receive stolen data
from a target network.

Elements of Information security (CIA):

● Confidentiality
Prevent sensitive information from unauthorized access attempts. It is common for data to be
categorized according to the amount and type of damage that could be done if it fell into the wrong
hands.
● Integrity
involves maintaining the accuracy and trustworthiness of data over its entire lifecycle. Data must not
be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized.
● Availability
Information should be consistently and readily accessible for authorized parties. This involves properly
maintaining hardware and technical infrastructure and systems that hold and display the information.
Malwares:

Types of Malware:
1. Viruses

A Virus is a malicious executable code attached to another executable file.

The virus spreads when an infected file is passed from system to system. Viruses can

be harmless or they can modify or delete data. Opening a file can trigger a virus.

Once a program virus is active, it will infect other programs on the computer.

2. Worms

Worms replicate themselves on the system, attaching themselves to different

files and looking for pathways between computers, such as computer networks that

share common file storage areas. Worms usually slow down networks. A virus needs

a host program to run but worms can run by themselves. After a worm affects a host,

it is able to spread very quickly over the network.

3. Trojan horse

A Trojan horse is malware that carries out malicious operations under the

appearance of a desired operation such as playing an online game. A Trojan horse

varies from a virus because the Trojan binds itself to non-executable files, such as

image files, and audio files.

4. Ransomware

Ransomware grasps a computer system or the data it contains until the

victim makes a payment. ransomware encrypts data in the computer with a key that

is unknown to the user. The user has to pay a ransom (price) to the criminals to

retrieve data. Once the amount is paid the victim can resume using his/her system

5. Adware

It displays unwanted ads and pop-ups on the computer. It comes along with

software downloads and packages. It generates revenue for the software distributor

by displaying ads.

6. Spyware

Its purpose is to steal private information from a computer system for a third

party. Spyware collects information and sends it to the hacker.

What is Ransomware?

Ransomware is a form of malicious software that prevents computer users from accessing
their data by encrypting it. Cybercriminals use it to extort money from individuals or
organizations whose data they have hacked, and they hold the data hostage until the
ransom is paid.

How does a computer get infected with ransomware?

● Email phishing

● Website pop-ups

● Remote control desktop

● Drive-by download
Five phases of attack (Methodology):

1. Reconnaissance: This is the first phase where the Hacker tries to collect information about the target.
It may include Identifying the Target, finding out the target’s IP Address Range, Network, DNS records, etc.
Let’s assume that an attacker is about to hack a websites’ contacts.
He may do so by using a search engine like maltego, researching the target say a website (checking links,
jobs, job titles, email, news, etc.), or a tool like HTTPTrack to download the entire website for later
enumeration, the hacker is able to determine the following: Staff names, positions, and email addresses.
2. Scanning: This phase includes the usage of tools like dialers, port scanners, network mappers,
sweepers, and vulnerability scanners to scan data. Hackers are now probably seeking any information that
can help them perpetrate attacks such as computer names, IP addresses, and user accounts. Now that the
hacker has some basic information, the hacker now moves to the next phase and begins to test the
network for other avenues of attacks. The hacker decides to use a couple of methods for this end to help
map the network (i.e. Kali Linux, Maltego and find an email to contact to see what email server is being
used). The hacker looks for an automated email if possible or based on the information gathered he may
decide to email HR with an inquiry about a job posting.
3. Gaining Access: In this phase, the hacker designs the blueprint of the network of the target with the
help of data collected during Phase 1 and Phase 2. The hacker has finished enumerating and scanning the
network and now decides that they have some options to gain access to the network.
For example, say a hacker chooses a Phishing Attack. The hacker decides to play it safe and use a simple
phishing attack to gain access. The hacker decides to infiltrate the IT department. They see that there
have been some recent hires and they are likely not up to speed on the procedures yet. A phishing email
will be sent using the CTO’s actual email address using a program and sent out to the techs. The email
contains a phishing website that will collect their login and passwords. Using any number of options
(phone app, website email spoofing, Zmail, etc) the hacker sends an email asking the users to log in to a
new Google portal with their credentials. They already have the Social Engineering Toolkit running and
have sent an email with the server address to the users masking it with a bitly or tinyurl.
Other options include creating a reverse TCP/IP shell in a PDF using Metasploit ( may be caught by spam
filter). Looking at the event calendar they can set up an Evil Twin router and try to Man in the Middle
attack users to gain access. A variant of Denial of Service attack, stack-based buffer overflows,
and session hijacking may also prove to be great.
4. Maintaining Access: Once a hacker has gained access, they want to keep that access for future
exploitation and attacks. Once the hacker owns the system, they can use it as a base to launch additional
attacks.
In this case, the owned system is sometimes referred to as a zombie system. Now that the hacker has
multiple e-mail accounts, the hacker begins to test the accounts on the domain. The hacker from this
point creates a new administrator account for themselves based on the naming structure and tries and
blends in. As a precaution, the hacker begins to look for and identify accounts that have not been used for
a long time. The hacker assumes that these accounts are likely either forgotten or not used so they
change the password and elevate privileges to an administrator as a secondary account in order to
maintain access to the network. The hacker may also send out emails to other users with an exploited file
such as a PDF with a reverse shell in order to extend their possible access. No overt exploitation or
attacks will occur at this time. If there is no evidence of detection, a waiting game is played letting the
victim think that nothing was disturbed. With access to an IT account, the hacker begins to make copies
of all emails, appointments, contacts, instant messages and files to be sorted through and used later.
5. Clearing Tracks (so no one can reach them): Prior to the attack, the attacker would change their MAC
address and run the attacking machine through at least one VPN to help cover their identity. They will not
deliver a direct attack or any scanning technique that would be deemed “noisy”.
Once access is gained and privileges have been escalated, the hacker seeks to cover their tracks. This
includes clearing out Sent emails, clearing server logs, temp files, etc. The hacker will also look for
indications of the email provider alerting the user or possible unauthorized logins under their account.

“Most of the time is spent on the Reconnaissance process.

Time spent gets reduced in upcoming phases. The inverted
triangle in the diagram represents a time to spend in
subsequent phases that get reduced.”
Setting Up the Lab Environment

Virtual Machine
● https://www.vmware.com/products/workstation-player.html
Attacker Machine
● how to install kali
o Kali Linux (Pre-built Virtual Machines)
https://www.youtube.com/watch?v=pwYH0NNWWzU
o Kali Linux (Installer Images)
https://www.youtube.com/watch?v=Ty9bIEW6uqo
● install kali

Kali
Victim Machine
● Metasploit
https://docs.rapid7.com/metasploit/metasploitable-2/