Hacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing
3/5
()
About this ebook
Originally, the term "hacker" referred to a programmer who was skilled in computer operating systems and machine code. Today, it refers to anyone who performs hacking activities. Hacking is the act of changing a system's features to attain a goal that is not within the original purpose of the creator. The word "hacking" is usually perceived negatively especially by people who do not understand the job of an ethical hacker. In the hacking world, ethical hackers are good guys. What is their role? They use their vast knowledge of computers for good instead of malicious reasons. They look for vulnerabilities in the computer security of organizations and businesses to prevent bad actors from taking advantage of them. For someone that loves the world of technology and computers, it would be wise to consider an ethical hacking career. You get paid (a good amount) to break into systems. Getting started will not be a walk in the park—just as with any other career. However, if you are determined, you can skyrocket yourself into a lucrative career. When you decide to get started on this journey, you will have to cultivate patience. The first step for many people is usually to get a degree in computer science. You can also get an A+ certification (CompTIA)—you must take and clear two different exams. To be able to take the qualification test, you need to have not less than 500 hours of experience in practical computing. Experience is required, and a CCNA or Network+ qualification to advance your career. This book should be your start into the world of ethical hacking.
Adidas Wilson
Adidas Wilson was born in Chicago, Illinois, surviving a near death experience driving off a bridge in an 18 wheeler and getting hit by a train. Adidas has dedicated his time and effort to educate, motivate, and inspire people around the world to make positive lifestyle changes. Adidas enrolled at the University of Phoenix graduating with a bachelor's in Healthcare Management. Also studying Health care Informatics - Master Degree program at Lipscomb University. Amazon Best Seller's List and mentioned in Entrepreneur Magazine.
Read more from Adidas Wilson
Linux Essentials - A Beginner's Guide To Linux Operating System Rating: 3 out of 5 stars3/5Bushido Code - The Way Of The Warrior In Modern Times Rating: 4 out of 5 stars4/5The Alchemy of Herbs - A Beginner's Guide: Healing Herbs to Know, Grow, and Use Rating: 5 out of 5 stars5/5How To Make Money With 3D Printing: The New Digital Revolution Rating: 3 out of 5 stars3/5Mastering Rental Properties - How to Create Wealth and Passive Income Through Real Estate Investing Rating: 5 out of 5 stars5/5Mastering Drones - A Beginner's Guide To Start Making Money With Drones Rating: 2 out of 5 stars2/5Mastering Facebook A Beginner's to Start Making Money with Facebook Rating: 4 out of 5 stars4/5Time Is Money - Financial Independence, Retire Early Rating: 0 out of 5 stars0 ratingsMastering Virtual Reality: A Beginner's Guide To Start Making Money With Virtual Reality Rating: 3 out of 5 stars3/5Investing Made Simple - Warren Buffet Strategies To Building Wealth And Creating Passive Income Rating: 0 out of 5 stars0 ratingsRise of Automation - Technology and Robots Will Replace Humans Rating: 0 out of 5 stars0 ratingsMastering Credit - The Ultimate DIY Credit Repair Guide Rating: 1 out of 5 stars1/5Mastering Habit - How Successful People Think And Operate Rating: 4 out of 5 stars4/5Mindful Eating For The Soul - Rediscover A Healthy And Joyful Relationship With Food And Mind Rating: 5 out of 5 stars5/5The Passive Income BluePrint - How To Make Money While You Sleep Rating: 2 out of 5 stars2/5Mastering Apple MacBook - MacBook Pro, MacBook Air, MacOS Ultimate User Guide Rating: 1 out of 5 stars1/5Mastering Amazon Alexa - The Ultimate User Guide To Amazon Alexa 2nd Generation with Latest Updates Rating: 0 out of 5 stars0 ratingsMastering Apple Music - The Ultimate iTunes User Guide Rating: 0 out of 5 stars0 ratingsPenny Stocks Made Simple - A Beginners Guide To Day Trading Penny Stocks Rating: 3 out of 5 stars3/5
Related to Hacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing
Related ebooks
Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5How to Hack Like a Legend: Hacking the Planet, #7 Rating: 5 out of 5 stars5/5Hacking for Beginners: Mastery Guide to Learn and Practice the Basics of Computer and Cyber Security Rating: 0 out of 5 stars0 ratingsHacking : Guide to Computer Hacking and Penetration Testing Rating: 5 out of 5 stars5/5Hacking Rating: 3 out of 5 stars3/5Zero to Hacking: Zero Series, #1 Rating: 0 out of 5 stars0 ratingsHacking: 10 Easy Beginners Tutorials on How to Hack Plus Basic Security Tips Rating: 0 out of 5 stars0 ratingsComputer Hacking: The Crash Course Guide to Learning Computer Hacking Fast & How to Hack for Beginners Rating: 0 out of 5 stars0 ratingsCybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsEthical Hacking: A Comprehensive Beginner's Guide to Learn and Understand the Concept of Ethical Hacking Rating: 0 out of 5 stars0 ratingsCompsec: For the Home User Rating: 0 out of 5 stars0 ratingsThe Certified Ethical Hacker Exam - version 8 (The concise study guide) Rating: 3 out of 5 stars3/5CEH: Certified Ethical Hacker v11 : Exam Cram Notes - First Edition - 2021 Rating: 0 out of 5 stars0 ratingsThe Core of Hacking Rating: 0 out of 5 stars0 ratingsCybersecurity For Dummies Rating: 4 out of 5 stars4/5Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5Certified Ethical Hacker (CEH) Rating: 0 out of 5 stars0 ratingsBlind Spot: Smartphone and Computer Personal Security Guide Rating: 3 out of 5 stars3/5Ethical Hacking 101 Rating: 5 out of 5 stars5/5How to Hack Like a GOD: Master the secrets of hacking through real-life hacking scenarios Rating: 4 out of 5 stars4/5Ethical Hacking: A Beginners Guide To Learning The World Of Ethical Hacking Rating: 3 out of 5 stars3/5Hacking into Hackers’ Head: A step towards creating CyberSecurity awareness Rating: 5 out of 5 stars5/5Ethical Hacking Rating: 4 out of 5 stars4/5
Operating Systems For You
Mastering Windows PowerShell Scripting Rating: 4 out of 5 stars4/5Bash Command Line Pro Tips Rating: 5 out of 5 stars5/5Linux Command-Line Tips & Tricks Rating: 0 out of 5 stars0 ratingsExcel : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Excel Programming: 1 Rating: 5 out of 5 stars5/5OneNote: The Ultimate Guide on How to Use Microsoft OneNote for Getting Things Done Rating: 1 out of 5 stars1/5RHCSA Red Hat Enterprise Linux 8 (UPDATED): Training and Exam Preparation Guide (EX200), Second Edition Rating: 5 out of 5 stars5/5Linux: Learn in 24 Hours Rating: 5 out of 5 stars5/5Linux Command Line and Shell Scripting Bible Rating: 3 out of 5 stars3/5Help! iOS 17 - iPhone: How to Use iOS17 Rating: 0 out of 5 stars0 ratingsMake Your PC Stable and Fast: What Microsoft Forgot to Tell You Rating: 4 out of 5 stars4/5Windows 11 For Dummies Rating: 0 out of 5 stars0 ratingsMacBook Pro User Manual: 2022 MacBook Pro User Guide for beginners and seniors to Master Macbook Pro like a Pro Rating: 0 out of 5 stars0 ratingsmacOS Sonoma For Dummies Rating: 0 out of 5 stars0 ratingsPowerShell: A Comprehensive Guide to Windows PowerShell Rating: 4 out of 5 stars4/5Linux All-In-One For Dummies Rating: 2 out of 5 stars2/5Linux Bible Rating: 0 out of 5 stars0 ratingsThe Linux Command Line Beginner's Guide Rating: 4 out of 5 stars4/5Raspberry Pi Cookbook for Python Programmers Rating: 0 out of 5 stars0 ratingsNetworking for System Administrators: IT Mastery, #5 Rating: 5 out of 5 stars5/5CompTIA Linux+ Study Guide: Exam XK0-004 Rating: 0 out of 5 stars0 ratingsMacs All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsLinux All-in-One For Dummies Rating: 3 out of 5 stars3/5Exploring Windows 11: The Illustrated, Practical Guide to Using Microsoft Windows Rating: 0 out of 5 stars0 ratingsThe Darknet Superpack Rating: 0 out of 5 stars0 ratingsThe Windows Command Line Beginner's Guide: Second Edition Rating: 4 out of 5 stars4/5XDA Developers' Android Hacker's Toolkit: The Complete Guide to Rooting, ROMs and Theming Rating: 2 out of 5 stars2/5The Mac Terminal Reference and Scripting Primer Rating: 4 out of 5 stars4/5
Reviews for Hacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing
1 rating0 reviews
Book preview
Hacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing - Adidas Wilson
Chapter 1
Phishing Attacks
Phishing is a social engineering attack. In most cases, it is used to access and steal user data such as credit card numbers and login credentials. This kind of attack occurs when an intruder masquerades as a trusted party and deceives the victim into opening a text message, instant message, or email. Next, the victim is duped into clicking a link which allows the attacker to freeze the system or install malware. This kind of attack can be damaging and may lead to identity theft, stealing of funds, and unauthorized purchases. In governmental or corporate networks, phishing grants the intruder a foothold and opens the door for a larger attack like an APT (advanced persistent threat). In an APT, the organization can suffer substantial financial losses among many other damages. Phishing attack examples can be emails like for example myuniversity.edu which may be sent out too faculty members. The email tells the recipient that their user password is going to expire in a short time. Instructions will be included, guiding the user to go to myuniversity.edu/renewal so they can renew their password. When the recipient clicks the clink, a few things may happen: They may be redirected to a bogus page, myuniversity.edurenewal.com , which is very similar to the actual renewal page. The user is asked to enter the old and new password. The attacker monitors the page and gets the original password which will give them access to the university network. The link may redirect the user to the real password renewal page. During the redirection process, the infiltrator activates a malicious script in the background, hijacking the session cookie of the user. The result is a reflected XSS attack that gives the attacker access to privileged information. Email phishing scams are a numbers game. The fraudulent message is sent to a huge number of recipients, so even if only a small percentage of the recipients fall for this scam, the attacker will still gather a lot of information. Intruders have techniques to give them high success rates. They make sure the phishing message looks a lot like an actual email from the targeted information. They create a sense of urgency to push the recipients into action. The links included in the messages look like the legitimate links. Spear phishing is not aimed at random people; it targets a specific enterprise or person. It is an advanced version of phishing and special knowledge about the organization is required. When an attacker gets valid login credentials, they may successfully carry out a first stage APT. To protect an organization from phishing attacks, both the enterprise and users need to take precautionary measures: Users need to be vigilant. Any spoofed message has little mistakes that will expose it. Enterprises should follow several steps to reduce both spear phishing and phishing attacks: Establish a two-factor authentication (2FA). This method requires an extra step of verification from users when they are accessing sensitive information. In addition to 2FA, companies should have strict password management policies. Employees should change their passwords regularly and use different passwords for different applications. The enterprise should organize educational campaigns.
Chapter 2
Advanced Persistent Threat (APT)
An APT is a broad term . It describes an attack campaign by an intruder, where they establish a malicious, long-term presence on a network with the aim of mining sensitive data. The intruder or team of intruders carefully search and pick their targets, usually government networks or large corporations. These intrusions can cause a lot of damage, including:
● Theft of intellectual property
● Compromise of sensitive information
● Total takeover of sites
● Sabotaging of critical infrastructure
APT attacks are a little different from traditional web application attacks in that:
● They are executed manually
● They are way more complex
● They are never hit-and-run attacks
● Their goal is usually to penetrate an entire network
APT Progression
A successful advanced persistent threat happens in three stages: In most cases, enterprises are infiltrated via the compromising of one of the following: authorized human users, network resources, or web assets. This can be achieved through social engineering attacks such as spear phishing or malicious uploads such an SQL injection. Moreover, intruders can execute a DDoS attack simultaneously against the target. This distracts the network personnel and weakens the security perimeter. As soon as the initial access has been achieved, the infiltrators install a backdoor shell. This malware gives them network access and remote control. Once they have established a foothold, they spread their presence. They move up the hierarchy of the organization and compromise staff members by accessing very sensitive data. In this process, they gather the business’ critical information such as financial records, employee data and product line information.
They can sell this information to competitors or sabotage the product line and destroy the company. During the APT event, the thieves store the stolen data somewhere within the network they are assaulting, in a secure place. After they have collected enough data, they extract it quietly without being noticed. Your security team is distracted using white noises as the information is being extracted. The best way to block the extraction of stolen data and prevent the installation of backdoors is monitoring egress and ingress traffic. Make a habit of inspecting traffic in your network perimeter so any unusual behavior does not go unnoticed. Deploy a web application firewall on your network perimeter to help filter the traffic being driven to your web application servers. Network firewalls and other internal traffic monitoring services can also help. Whitelisting controls the domains that are accessible from your network and the applications that users can install. It reduces the attack surfaces that are