Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
The Ultimate Kali Linux Book

You're reading from   The Ultimate Kali Linux Book Harness Nmap, Metasploit, Aircrack-ng, and Empire for cutting-edge pentesting

Arrow left icon
Product type Paperback
Published in Apr 2024
Publisher Packt
ISBN-13 9781835085806
Length 828 pages
Edition 3rd Edition
Arrow right icon
Author (1):
Arrow left icon
Glen D. Singh Glen D. Singh
Author Profile Icon Glen D. Singh
Glen D. Singh
Arrow right icon
View More author details
Toc

Table of Contents (21) Chapters Close

Preface 1. Introduction to Ethical Hacking 2. Building a Penetration Testing Lab FREE CHAPTER 3. Setting Up for Advanced Penetration Testing Techniques 4. Passive Reconnaissance 5. Exploring Open-Source Intelligence 6. Active Reconnaissance 7. Performing Vulnerability Assessments 8. Understanding Network Penetration Testing 9. Performing Network Penetration Testing 10. Post-Exploitation Techniques 11. Delving into Command and Control Tactics 12. Working with Active Directory Attacks 13. Advanced Active Directory Attacks 14. Advanced Wireless Penetration Testing 15. Social Engineering Attacks 16. Understanding Website Application Security 17. Advanced Website Penetration Testing 18. Best Practices for the Real World 19. Index
Appendix

Exploring cybersecurity terminology

During your journey in the field of cybersecurity, you’ll discover the jargon and terminology that is commonly used within various research papers, articles, literature, discussions, and learning resources. As an aspiring cybersecurity professional, it’s important to be aware of and gain a solid understanding of common terminology and how it is related to ethical hacking and penetration testing.

The following are the most common terms used within the cybersecurity industry:

  • Asset – Within the field of cybersecurity, we usually define an asset to be anything that has value to an organization or person. For instance, assets are systems within a network that can be interacted with and potentially expose an organization’s network infrastructure to security weaknesses that could be compromised and enable unauthorized access to a cyber criminal, while providing a way to escalate their privileges on the compromised system from standard user to administrator-/root-level privileges. However, it’s important to mention that assets are not and should not be limited to technical systems. In addition, other forms of assets include people (humans), physical security controls, and even the data that resides within the network and systems we aim to protect. Assets are commonly categorized as follows:
    • Tangible – Tangible assets are simply described as any physical object with value, such as computers, servers, networking devices (routers, switches, etc.), and security appliances (firewalls). Computers and other end devices help typical users and employees access the resources on a network and perform their daily duties within an organization. Servers are typically used to store and host applications and provide services that are needed within typical network infrastructures. Networking devices contain configurations that are used to forward network traffic between systems, and security appliances are implemented to filter unwanted traffic and prevent threats between networks and systems. If these systems and devices are compromised, cyber criminals will be able to redirect network traffic to malicious websites that are owned by malicious actors and expand their operations.
    • Intangible – Intangible assets are things without a physical form that have value, such as applications, software license keys, intellectual property, business plans and models, and data.
    • People – This type of asset is the customers and employees of an organization. Protecting customers’ data from being stolen and leaked on the Dark Web, and safeguarding employees from various types of threats are of paramount importance. It is important to identify all the assets of an organization and potential threats that can cause harm and damage to them.
  • Threat – In the context of cybersecurity, a threat is anything that has the potential to cause harm or damage to a system, network, or person. Whether you’re focusing on the offensive or defensive path in cybersecurity, it’s important to identify various types of threats. Many organizations around the world encounter different types of threats each day, and cybersecurity teams work around the clock to ensure their company’s assets are safeguarded from cyber criminals.

    One of the most exciting but also overwhelming aspects of cybersecurity is industry professionals always need to stay one step ahead of threat actors to quickly find security weaknesses in systems, networks, and applications and implement countermeasures to mitigate any potential threats those assets.

  • Vulnerability – A vulnerability is a security weakness or flaw that exists within a system that enables hackers to exploit it in order to gain unauthorized access or control over systems within a network. Common vulnerabilities that exist within organizations include human error (the greatest of vulnerabilities on a global scale), misconfiguration of devices, weak user credentials, poor programming practices, unpatched operating systems, outdated applications on host systems, default against configurations on systems, and so on.

    A threat actor usually looks for the lowest-hanging fruits such as the vulnerabilities that are the easiest to exploit on a targeted system. The same concept applies to penetration testing. During a security assessment, the penetration tester will use various techniques and tools to discover vulnerabilities and will attempt to exploit the easy ones before moving on to more complex security flaws on a targeted system.

  • Exploit – An exploit is anything such as a tool or code that is used to take advantage of security vulnerabilities on a system. For instance, take a hammer, a piece of wood, and a nail. The vulnerability is the soft, permeable nature of the wood, the exploit is the act of hammering the nail into the piece of the wood, while the hammer is the threat. Once a security vulnerability is found on a targeted system, the threat actor or penetration tester will either acquire an exploit from various online sources or develop one on their own that has the capability of taking advantage of the security weakness.

    If you’ve acquired or developed an exploit, it’s important that you test the exploit on a system to ensure it has the capabilities to compromise the targeted system and works as expected. Sometimes, an exploit may work on one system and not on another. Hence, it’s a common practice that seasoned penetration testers will test and ensure their exploits are working as expected and graded on their rate of success for a vulnerability.

  • Attack – An attack is simply a method or technique that is used by a threat actor to take advantage of (exploit) a security vulnerability (weakness) within a system. There are various types of attacks that are commonly used by cyber criminals to compromise the confidentiality, integrity, and/or availability of a targeted system. For instance, the LockBit 3.0 ransomware focuses on exploiting the security vulnerabilities that are found on internet-facing systems that do not have their language settings configured to match a specific exclusion list. The attack launches ransomware on the internet; it will automatically seek and compromise vulnerable systems.

    NOTE

    To learn more about the LockBit 3.0 ransomware, please see the official Cybersecurity and Infrastructure Security Agency (CISA) advisory at https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a.

  • Attack vector – An attack vector is simply an area or pathway through which a targeted system, network, or organization can be compromised by a threat actor.

    The following are common attack vectors:

    • Direct access – Physical access to the targeted computer or network
    • Wireless – Exploiting security vulnerabilities found within the target’s wireless network infrastructure
    • Email – Sending malicious email messages containing links to malware-infected services, fake websites, and malicious attachments
    • Supply chain – Compromising the security of a vendor or supplier to gain access to a target
    • Social media – Using deceptive messages or malicious advertising (malvertising) to trick the target into revealing sensitive information or downloading a malicious file
    • Removable media – Connecting malware-infected media to the targeted system
    • Cloud – Exploiting security vulnerabilities within cloud services and its infrastructure

    These are the infrastructures in which an attacker can deliver a malicious payload to a target.

  • Risk – Risk is the potential impact that a vulnerability, threat, or attack presents to the assets of an organization and the likelihood an attack or threat has to cause harm systems. Evaluating risk helps to determine the likelihood of a specific issue causing a data breach that will cause harm to an organization’s finances, reputation, or regulatory compliance. Reducing risk is critical for many organizations. There are many certifications, regulatory standards, and frameworks that are designed to help companies understand, identify, and reduce risks.

    While it may seem like ethical hackers and penetration testers are hired to simulate real-world cyber-attacks on a target organization, the goal of such engagements is much deeper than it seems. At the end of the penetration test, the cybersecurity professional will present all the vulnerabilities and possible solutions to help the organization mitigate and reduce the risk of a potential cyber-attack while reducing the attack surface of the company.

  • Attack surface – This is all the vulnerable points of entry into a system, network, or organization that can be exploited by a threat actor to gain unauthorized access and expand their foothold on the network. Ethical hackers and penetration testers focus on identifying these vulnerability points of entry to determine the attack surface of an organization and how a cyber criminal would potentially exploit those weaknesses to compromise their target.
  • Zero-day – A zero-day is when a threat actor discovers a security vulnerability within a product or application and is able to exploit it before the vendor is either aware of the vulnerability or has time to develop a security patch to resolve the issue. These attacks are commonly used in nation-state attacks, Advanced Persistent Threat (APT) groups, and large criminal organizations. The discovery of a zero-day vulnerability can be very valuable to ethical hackers and penetration testers and can earn them a bug bounty. These bounties are fees paid by vendors to security researchers who discover unknown vulnerabilities in their applications.

    There are many bug bounty programs that allow security researchers, professionals, and anyone with the right skill set to discover security vulnerabilities within an application or system owned by a vendor and report them for a reward. The person who reports the security vulnerability, usually a zero-day flaw, is often given a financial reward. However, there are threat actors who intentionally attempt to exploit the targeted system for personal gain, which is commonly referred to as the hack value of the target.

So far, you have learned about the importance and need for cybersecurity within various industries around the world. Next, let’s learn about various types of threat actors and the motives behind their cyber-attacks.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime