1) Reconnaissance
2) Scanning
3) Gaining Access
4) Maintaining Access
5) Clearing Tracks
6) Performing Reconnaissance
7) Scanning and Enumeration
8) Gaining access
9) Maintaining access and
Placing Backdoors
10) Covering tracks or Clearing
Logs
Phase I: Reconnaissance
Reconnaissance can be described as the pre-attack phase
and is a systematic attempt to locate, gather, identify,
and record information about the target. The Hacker seeks
to find out as much information as possible about the
target.
Phase II: Scanning and
Enumeration
Scanning and enumeration is considered the second
pre-attack phase. This phase involves taking the information
discovered during reconnaissance and
using it to examine the network. Scanning involves steps such as intelligent
system port scanning which is used to determine open ports
and vulnerable services. In this stage the attacker
can use different automated tools to discover system
vulnerabilities.
Phase III: Gaining Access
This is the phase where the real hacking takes place.
Vulnerabilities discovered during the reconnaissance and
scanning phase are now exploited to gain access. The
method of connection the Hacker uses for an exploit can be
a local area network, local access to a PC, the Internet,
or offline. Gaining access is known in the Hacker world as
owning the system. During a real security breach it would
be this stage where the Hacker can utilize simple
techniques to cause irreparable damage to the target
system.
Phase IV: Maintaining Access
and Placing Backdoors
Once a Hacker has gained access, they want to keep that
access for future exploitation and attacks. Sometimes,
Hackers harden the system from other Hackers or security
personnel by securing their exclusive access with
Backdoors, Root kits, and Trojans.
The attacker can use automated scripts and automated tools
for hiding attack evidence and also to create
backdoors for further attack.
Phase V: Clearing Tracks
In this phase, once Hackers have been able to gain and
maintain access, they cover their tracks to avoid detection by security personnel, to continue to use the owned
system, to remove evidence of hacking, or to avoid legal action. At present, many successful security breaches are
made but never detected. This includes cases where firewalls and vigilant log checking were in place.
Kindly Share this Post using your favorite Bookmarking service:
This post was written by:
I am Boopathi. I'am currently perusing his bachelor’s degree in Electronic and Communication engineering and is working as and information security consultant and web designer. An ethical hacker and a freelance web designer is famous for his website Hacking Track which is for security field.I Love to spend time on Internet and researching on Hacking field and corporate security technologies and it’s my passionate too. Read more..
Get Free Email Updates to your Inbox!
0 comments:
Post a Comment