Introducing the hacker's methodology
Of the many types of hacker introduced in Chapter 1, the most dangerous is the black hat, particularly when motivated by money or a grudge. We, therefore, should protect against this worst case scenario and, in the process, resist the more mundane attackers.
While a script kiddie is likely to get bored after a few failed SQL and directory traversal attacks, the black hat is a professional criminal and is armed with a five point plan:
|
Phase |
Description |
|---|---|
|
Reconnaissance |
Gain target knowledge under the radar |
|
Scanning |
Find weaknesses by probing the target |
|
Gain Access |
Attack vulnerabilities to access network |
|
Secure Access |
Maintain access with a backdoor |
|
Cover Tracks |
Remain invisible by editing logs |
Reconnaissance
This time-consuming phase gathers data about the target, such as a site's underlying technology, yet without making any direct web queries so as not to raise alarms. Instead, insight is gained on the quiet, for example by viewing Google-cached...
