-
Footprinting – the process of using passive methods of gaining information about the target system prior to performing the attack. The interaction with the target system is kept at minimum in order to avoid detection and alert the target about the attack. The footprinting can reveal vulnerabilities of the target system and improve the ease with which they can be exploited. Various methods are employed for footprinting, for example whois queries, Google searches, job boards search, network enumeration, operating system identification, etc.
-
Scanning – the process of taking information obtained from the footprinting phase in order to target the attack more precisely. Some of the metods used in this phase are port scans, ping sweeps, operating systems detection, observation of facilities used by the target, and so on.
-
Enumeration – the process of extracting more detailed information about the information obtained during the scanning phase to determine its usefulness. Some of the methods used in this step are user accounts enumeration, SNMP enumeration, UNIX/Linux enumeration, LDAP enumeration, NTP enumeration, SMTP enumeration, DNS enumeration, etc.
-
System hacking – the process of planning and executing the attack based on the information obtained in the previous phases. In this phase the attacker performs the actual hacking process using hacking tools.
-
Escalation of privilege – the process of obtaining privileges that are granted to higher privileged accounts than the attacker broke into originally. The goal of this step is to move from a low-level account (such as a guest account) all the way up to administrator.
-
Covering tracks – the process of removing any evidence of the attacker’s presence in a system. The attacker purges log files and removes other evidence needed for the owner of the system to determine that an attack occured.
-
Planting backdoors – the process of securing unauthorized remote access to a computer, so the attacker can access the system later without being detected. Backdoors are usually computer programs that give an attacker the remote access to a targeted computer system.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM