Journal (Ethical Hacking Course)

“This information is for education only, learned from Binus International Ethical Hacking Course”

Fauzan Athallah Arief

WEEK 1

This week’s topic in the class is an introduction to Lab preparation and Testing Procedures. We are instructed to download Kali Linux and Virtual Application to support the Linux system. There are 13 weeks for this course so it means each week we must post a journal mentioning the topic that we learned in each course. Today the lecturer taught us:

Objectives:

  • Hacking tools
  • Introduce ethical hacking cycles, footprinting, enumeration, system hacking, escalation privilege, and covering the track
  • Practice hands-on lab on attacking and defending the systems and network

Prerequisite:

  • Data communication
  • Computer network
  • A hacker mindset

Topic in class:

Introduction to Ethical hacking

  • Ethical Hackers:

Employed by companies to perform a penetration test

  • Penetration Test:

A legal attempt to break in, you report it to the company if you find its weakest link

  • Security Test:

You attempt to a break-in, also includes analyzing the company’s security policy and procedures

Tester offer solution to secure or protect the network

The role of security and penetration tester

  • Hackers:

Access without authorization

Break the law, can go to prison

  • Crackers:

Break into the system to steal or destroy data

U.S Department of justice call both hackers

  • Ethical hacker:

Performs most of the same activities but with the owner’s permission

  • Script kiddies or packet monkey:

Young inexperienced hacker

Copy code and technique from knowledgeable hacker

  • Programming languages used by an experienced penetration tester:

Practical Extraction and Report Language (Perl)

C and C++

Python

JavaScript, Visual Basic, SQL, and many others

  • Script:

Set of instruction that runs in sequence

  • Tiger Box:

Collection of OSs and hacking tools

Usually on a laptop

Helps penetration testers and security testers conduct vulnerabilities assessments and attacks

Penetration Methodologies:

White box model

▪ Tester is told everything about the network topology and technology

▪ Network diagram

▪ Tester is authorized to interview IT personnel and company, employees

▪ Makes tester’s job a little easier

Black box model

▪ Company staff does not know about the test

▪ Tester is not given details about the network

▪ The burden is on the tester to find these details

▪ Tests if security personnel are able to detect an attack

Gray box model

▪ Hybrid of the white and black box models

▪ The company gives tester partial information