Welcome to the World of Hacking
Take your first step…
…to become a professional penetration tester.
But what does that even mean?
In the first unit you will get to know what a pen tester does and how you can make a living out of hacking in a legal and ethical way.
We want to show you a typical procedure of a pen test, as well as its results and its consequences. You will not only learn what career opportunities open up as an ethical hacker, but also what requirements you should bring along. Regarding this, we talk about certificates and why these are important.
At the end of this chapter you will also understand why the path of a pen tester is not as straight forward as many other careers.
What is hacking?
Who is a hacker?
What are the motives of hackers in IT security?
This leads to the fact that hackers are often divided into different types, which will be discussed in moredetail here:
- White hat hackers, also known as ethical hackers, operate within the boundaries of the law andadhere to ethical principles. Found vulnerabilities and vulnerable networks are reported to theaffected companies or individuals, which can generally raise the security level. In the professionalfield, this type of hacker corresponds to the penetration tester, who uses hacking on behalf of othercompanies and explores the client’s security systems.
- BlackHat hackers use their knowledge in an illegal way and are driven by criminal energy. The goalis to infiltrate systems without permission and impair their function, cause damage, steal data orgain a financial advantage. BlackHats move underground because of their destructive actions.
- GreyHat hackers often operate in the legal gray area. Hacker ethics are frequently interpreted intheir own favor and alternately act in the areas of WhiteHat, but also BlackHat.Other categories such as hacktivists, suicide hackers, etc. are often listed, although this is merely a mo-re fine-grained classification of motivation. This includes, for example, gaining technical understanding,crossing technical boundaries, stealing data, earning money, expanding one’s own rights, and much more.
Characteristics of an ethical hacker?
Ethical Hacking
In the following, the term ethical hacking will be elaborated in more detail. The credo of an ethicalhacker is to uncover potential vulnerabilities without causing any damage. Based on the findings of theethical hacker, the discovered vulnerabilities can be eliminated and thus IT security can be increased.Likewise, findings in general software (e.g. Windows) improve the security of millions of users worldwide.For hacking to be considered ethical, the following points should be met:
- Explicit permission to search for security vulnerabilities in the network or product
- Respecting the privacy of the company or individual
- No backdoors or other persistent security vulnerabilities left behind that can be exploited againlater on
- Affected party immediately informed if security vulnerabilities are found
- Hacking used responsibly and with consideration of the consequences
Penetration Testing
A penetration test (or Pentest for short) is an approved attack on the IT infrastructure and application of a company. The penetration test proactively identifies gaps in the IT security of the enterprise to secure them before they can be exploited.
Hackers are clever and quickly find out the attack vectors for your network – get ahead of the hackers with the knowledge of a penetration test.
Attention
Depending on your resources, a different type of penetration test may make sense. Please do not hesitate to contact us.
Process of a Pentest
A penetration test (or Pentest for short) is an approved attack on the IT infrastructure and application of a company. The penetration test proactively identifies gaps in the IT security of the enterprise to secure them before they can be exploited.
Penetration testing and Red Teaming of the BreakinLabs will give you a thorough understanding of the security risks that exist and how they can be used against you and how you can protect the systems accordingly.
Hackers are clever and quickly find out the attack vectors for your network – get ahead of the hackers with the knowledge of a penetration test.
Phases of a penetration test
After the different types of hackers have been discussed, a brief overview of the phases of a penetrationtest or hack will be given here. The points on this list will be discussed in more detail later. For now, it isnot so important that each point is understood, as this will be elaborated on later in this writing. Often,a 5-step abbreviated approach is described, although attacks have become more complex in recent years,making further abstraction necessary. At this point the more detailed 7-step Cyber Kill Chain of Lockheed Martin is introduced.
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- Installation
- Command and Control
- Actions on Objectives
Reconnaissance
During reconnaissance, the hacker obtains information about the target to be attacked, i.e., the infra-structure and the people or employees. Different types of passive and active discovery are used and IPaddresses and e-mail addresses are collected on the Web that can be used for the attack or for socialengineering. Also of interest is the software of the systems hosted on the web, which can be found outusing special tools. If necessary, one can also try disguised as a cleaner or janitor to get information onsite. Port scans are performed and attempts are made to find out the version of the software is on the webserver or firewall. Vulnerability scans are used to look for exploit possibilities in the systems. Malicious hackers often do not use automatic scanners, because in a real attack scenario they are detected andblocked by the defense mechanisms of the attacked network.
Weaponization
Weaponization uses the information found during reconnaissance and checks which attack paths areavailable. Occasionally, custom exploits are developed in this phase that are precisely tuned and adaptedto the target system. In the event of a malicious attack, special encryption Trojans and other malwareare prepared for the target system.
Delivery
The actual attack on the system begins in this phase. Depending on what information was found in thefirst phase, a USB drop attack, an e-mail as phishing, or even an attack on the infrastructure of theattacked party can take place here. Social media is becoming increasingly important in this phase, asemployees are often somewhat more unhibited there than on the job. This has been increasingly reinforcedby the recent Corona pandemic, as people often have a VPN connection to the attacked network on theirprivate computers.
Exploitation
In this step, the final access to the systems is generated. This is done using a wide variety of attacktechniques such as session hijacking, SQL injections, cross-site scripting, code injection, exploits and soon. Hardly any attack is the same here, which means that the attacker’s complete knowledge is requiredin this step. This is where the wheat is separated from the chaff, so to speak. We have used all thelevers at our disposal to give you the ultimate experience in this area and to push you to the limit in allconceivable situations.
Installation
After penetrating the system, this is all about keeping access. Backdoors and rootkits are used for thispurpose. Also, this phase is used to extend privileges and penetrate administrator or root accounts, aswell as infiltrate other systems.
Command and Control
In this phase, the attack is extended to further systems and further subnets or additional locations areattacked using further security vulnerabilities. For example, passwords found on other systems or specialSSH key files are also suitable for this purpose.
Action on Objectives
In the last step, there are different scenarios depending on the target of the attack:•Espionage or theft of information: The attacker must cover his tracks and clean up the system.Ideally, after the hack, the attacked party does not even notice that he has been hacked at all.•Gain access: This step also covers the tracks, because what good is a backdoor that is closed andremoved after a few minutes or hours? After the attack, the attacker has a persistent backdoor athis disposal in this step, by means of which access to the system is possible again and again.
Differnet types of Penetrationtests
In an IT security scan, there are different types of testing methodology, which can vary depending on thepurpose and depth of the scan.
Blackbox:
In the blackbox pentest, no prior knowledge of the target system is available, with theexception of a domain or IP address. Here, the penetration tester tries to penetrate as deeply aspossible into the target’s infra-structure and systems and must start from the outside. The firstattempt is to gain a foothold in the target systems by bypassing the firewall, social engineering orbreaking into a public system. There is either the blind test, in which the blue team (defense unit ofthe attack target) knows about the attack and is supposed to defend against it, or the double-blind test, in which the attacker has no knowledge about the systems and the defense unit no knowledgeabout the attack and its timing.
Whitebox:
With the whitebox pentest, one has complete knowledge of the system to be tested; itis usually limited to individual targets (e.g. a new system in the entire network)
Greybox:
The Greybox pentest has very limited knowledge about the target system. For example,the pentester is given a single account in the target system that has no special rights.
Causes Of Vulnerabilities
Design and development errors
There can be flaws in the design of hardware and software. These bugs can put your business-critical data at risk of exposure.
Poor system configuration
This is another cause of vulnerability. If the system is poorly configured, then it can introduce loopholes through which attackers can enter into the system & steal the information.
Human errors
Human factors like improper disposal of documents, leaving the documents unattended, coding errors, insider threats, sharing passwords over phishing sites, etc. can lead to security breaches.
Opportunities
Skills and Certificates
As you could see, many skills can be self-taught. On the other hand, not everyone can call themselves a professional penetration tester.
Above all, you should not forget that this profession is not easy to master. You already should bring along a wide knowledge about technology and IT security, not to mention you need to show real interest in hacking.
It is advisable to collect practical experience as a programmer or system administrator if you want to build up a pen tester career. You need to gather knowledge about common systems and technologies. Most importantly, you need to be in the know of the latest security threats.
Even though practical experience is the most important thing in this field, many companies also look for certifications. If you want to provide a professional impression, you should have corresponding certification and recommendations.
On BreakinLabs Academy you will not only acquire knowledge and collect practical exercise; we also offer three different certificates.
Why a certificate is important
Certificates help you to stand out from the crowd and demonstrate your skills to your future clients.
Our Certificates
Basic
- Hack 20 beginner and medium hosts
- Document in writing each step of your journey through these boxes
- Include a screenshot of the local.txt and proof.txt from the boxes
Advanced
- Hack 20 medium and hard hosts with a minimum of 5 hard hosts
- You have to own 10 of these hosts without automatic tools like metasploit and so on
- Document in writing each step of your journey through these boxes
- include a screenshot of the local.txt and proof.txt from the boxes
You will receive a digital certificate for the bronze and silver certificate and a high quality hard copy for the gold certificate. For this reason, the gold certificate costs extra while the others are included in the lab price.
You can find a template for the Lab Report here. When you have met all requirements for a certificate, please send the report to certificate@breakinlabs.com/academy
To check a certificate for its validity, please click here.
You need CPE credits to renew your certificates?
You get 40 CPE credits for each certificate to renew your proof of eligibility from ISC² or EC-Council.
Renew your certificates
Since technology is constantly changing and hackers find new vulnerabilities every day, a year-old credential does not provide sufficient information about one’s skills. This is why renowned certificates insist on being renewed every three years. Perhaps you already have the CEH certification or an ISC² certificate and want to renew it. With every single BreakinLabs Academy certificate, you will earn 40 CPE credits by default.