ETHICAL HACKING SCRIPT

We are living in a digital era. From ordering food, booking flight or hotel to purchasing grocery items
or household products and consultation with doctor everything is present in digital platform. Day by
day uses of digital platforms is increasing and as well as these platforms are generating numerous
data. These data are stored in a cloud server which is easily accessible in online.

So, our data isn’t protected. It’s golden age for hackers because there are so many access points,
public IP addresses and tons of data to exploit. Black hat hackers are creating malicious softwires
and applications for exploiting vulnerabilities. As a result, cyber-attacks are evolving.

There are many types of cyber attack like MTM attack, DDoS attack, Password attack, malware
attack, phishing and many more.

So, lets we entre into the ethical hacking course. Here we will know everything about ethical
hacking.

First, we will know about what is hacking and then we will see the difference between a hacker and
ethical hacker.

Hacking is exploiting security controls either in a technical, physical or a human-based element. The
most fundamental meaning of hacking is gaining unauthorized access to data in a system or
computer. It is an art of exploiting computers to get access to otherwise unauthorized information.

Describe

Now, Ethical hacking involves an authorized attempt to gain unauthorized access to a computer
system, application, or data. Ethical hackers identify security vulnerabilities which can then be
resolved before a malicious attacker has the opportunity to exploit them. The proactive work they
do helps to improve an organization’s security posture.

Describe

In simple term Vulnerable means weakness. For e.g., older people are especially vulnerable to cold
temperatures even inside their homes. In cybersecurity also vulnerability means weakness that can
be exploited by cybercriminals to gain unauthorized access to a computer system. After exploiting a
vulnerability, a cyberattack can run malicious code, install malware and even steal sensitive data.

Describe

Exploitation is the next step in an attacker's playbook after finding a vulnerability. Exploits are the
means through which a vulnerability can be leveraged for malicious activity by hackers.
Vulnerabilities can be exploited by a variety of methods including SQL injection, buffer overflows,
cross-site scripting (XSS) and open-source exploit kits that look for known vulnerabilities and security
weaknesses in web applications.

Describe

There are 4 types of vulnerability exploitation – Unauthorised data access, Arbitrary code execution,
Dos attack and Web exploitation.

Unauthorized Access is when someone gains access to a website, program, server, service, or other
system using someone else's account or other methods. Weak password is very common cause to
access unauthorized data.
 Describe

Arbitrary code execution is most often aimed at giving a remote user administrative access on a
vulnerable system. The attack is usually prefaced by an information gathering attack, in which the
attacker uses some means such as an automated scanning tool to identify the vulnerable version of
software.

When a particular vulnerability allows an attacker to execute "arbitrary code", it typically means
that the bad guy can run any command on the target system the attacker chooses.

Describe

Denial-of-service attack (DoS attack) is a cyber-attack in which the attacker seeks to make a machine
or network resource unavailable to its intended users by temporarily or indefinitely disrupting
services of a host connected to the Internet. Denial of service is typically accomplished by flooding
the targeted machine superfluous requests in an attempt to overload systems and prevent some or
all legitimate requests from being fulfilled.

Describe

Web exploitation is a common way of attacking websites. Websites are significantly more complex
today than in the early days. As web applications are very complex it’s not easy to deploy and
maintain web applications in a secure way. Hackers are always on the lookout to discover loopholes
and exploit vulnerabilities.

Describe

Daisy chaining is a term that describes the ability to connect a series of devices together using a
single connection between each two devices. It is used for an illegal activity whereby a hacker gains
access to one computer system and its networks and then uses it to 'piggyback' on to other systems
in the organisation causing further damage.

Describe

A network of infected computers remotely controlled by cybercriminals is termed as Botnet. The

Describe

CIA triad, is a model designed to guide policies for information security within an organization. It is a
security model that highlights core data security objectives and serves as a guide for organizations to
keep their sensitive data protected from unauthorized access and data exfiltration.

Confidentiality refers to an organization’s efforts to keep their data private or secret. In practice, it’s
about controlling access to data to prevent unauthorized disclosure.

Integrity is to protect data from deletion or modification from any unauthorized party. It involves
maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle.

Availability ensures only authorized users should be able to access data whenever they need to do
so. It means authorized users have timely, reliable access to resources when they are needed.
Cyber security threat is a malicious and deliberate attack by an individual or organization to gain
unauthorized access to another individual’s or organization’s network to damage, disrupt, or steal IT
assets, computer networks, intellectual property, or any other form of sensitive data.

Most common cyber threats are Malware, phishing, MITM attack, Dos attack, SQL injection, Zero day
exploit, Ransomware etc.

Describe

In cyber security, an attack vector is a method or pathway used by a hacker to access or penetrate
the target system. Hackers use numerous attack vectors to launch attacks that take advantage of
system weaknesses, cause a data breach, or steal login credentials.

Unpatched software refers to computer code with known security weaknesses. Cyber criminals use
old unpatched software vulnerabilities to target organizations.

Weak passwords and password reuse make credential exposure a gateway for initial attacker to
access information.

Internal users

Malware refers to various forms of harmful software, such as viruses and ransomware. Once
malware is injected by hacker in your device It’s easy to take control of your device and to monitor
your actions.

Ransomware is a form of cyber-extortion in which users are unable to access their data until a
ransom is paid. Users are shown instructions for how to pay a fee to get the decryption key.

Mobile devices

Describe

Black-hat Hackers are also known as an Unethical Hacker or a Security Cracker. These people hack
the system illegally to steal information or to achieve their own illegal goals. They find banks or other
companies with weak security and steal money or credit card information. They can also modify or
destroy the data as well. Black hat hacking is illegal.

White hat Hackers are also known as Ethical Hackers or a Penetration Tester. White hat hackers are
the good guys of the hacker world. These people use the same technique used by the black hat
hackers. They also hack the system, but they can only hack the system that they have permission to
hack in order to test the security of the system.

Gray hat Hackers are Hybrid between Black hat Hackers and White hat hackers. They penetrate
systems without permission but typically don’t cause harm. Draw attention to vulnerabilities and
often offer a solution to patch them by charging fees.