Ethical hacking is a practice that focuses on identifying vulnerabilities in computers and networks to assess an organization's overall security. The term is often used synonymously with penetration testing, which involves simulating real-world cyber attacks to ensure that systems are robustly protected and compliant.
These mimic the TTPs, or tactics, techniques, and procedures, that adversarial parties often use and thus provide a realistic way of knowing potential breach pathways and strategies. The ethical hacker's involvement may extend beyond simple penetration testing, as it may involve social engineering techniques, including finding ways to get employees to reveal organizational login credentials and data.
The TTP matrix spans a dozen foundational tactics, starting with the initial access tactic, which can range from phishing to hardware additions. One common technique, drive-by compromise, involves visiting a malicious website as part of normal browsing activities. As the compromised site is loaded, malicious code is executed secretly in the background, which is useful for accessing the user's system. This is often accomplished through an application access token, part of token-based authentication, which enables applications to access the application programming interface (API). The user's system can then be exploited through the covert installation of malware or plugins.
Another initial access tactic involves exploiting a public-facing application, such as an eCommerce platform with a login portal open to the internet. Taking advantage of vulnerabilities in the outmoded authentication software, the attacker gains unauthorized access and can escalate privileges, enhancing the breach of sensitive customer data or compromise of other network areas. Eliminating this issue involves deploying access controls, firewalls, network segmentation techniques, multi-factor authentication (MFA), and other related tactics. It also involves regularly checking for and installing the latest security patches and updates.
Another initial entry route centers on targeting external-facing remote devices, commonly used by companies that enable employees to connect with the organizational network remotely using a VPN. Vulnerabilities in the VPN allow access to the organizational network and compromise communications and personal and organizational data.
Avoiding this issue involves employing SSH (Secure Shell) remote access protocol. This ensures robust encrypted connections between internal networks and remote users. Intrusion detection and prevention systems (IDS/IPS) can also be deployed to monitor network traffic for suspicious activities. Finally, network segmentation ensures that remote services are securely isolated from critical internal systems.
A related type of remote attack is domain name system (DNS) spoofing (or cache poisoning). This involves compromising DNS records so users are redirected from intended websites to fake and potentially malicious ones.
Phishing entails sending text messages or emails to victims, often under the guise of a familiar company name or a hacked trusted source, such as a colleague's email account. The aim is to get the user to click on a malicious link impulsively. This is often accomplished by creating a sense of panic or urgency, which sidesteps the person's rational instincts and gets them to click the target link.
Hardware additions employ malicious hardware components installed into the device. An example would be a company employee receiving a USB keyboard from a seemingly legitimate vendor with a microcontroller. When connected to the computer, this injects malicious keystrokes and enables malware to be transferred onto the corporate network, thus providing backdoor access. Ethical hackers aim to identify organizational vulnerabilities to these and other initial access tactics and ensure that they address them.
