What do ethical hackers do?
Effective ethical hacking follows a process for each project. This ensures that everything is properly tested and that no details are overlooked.
In between projects, white hats will also practice their skills using a hacking simulator. These simulators mimic real-world IT systems and defences without having to build a full test lab – or attack a real-world network.
Scope and goal setting (rules of engagement)
Before conducting any kind of pen test, an ethical hacker will first discuss your specific needs. Are you looking to test a specific system? Do you want to assess your employees’ readiness to deal with social engineering? Or are you looking for regular ongoing testing of your systems to ensure cyber security standards are being maintained?
Defining the project scope ensures you get the testing you need – and that your cyber security consultant doesn’t inadvertently over-step the mark and cause unexpected disruption.
Hackers rarely jump straight into an attack; trying to break into your systems without any foreknowledge is likely to see their efforts detected and blocked before they achieve their goals. In the same way, ethical hackers will begin gathering information about your business before attempting to penetrate defences.
They will typically gather insights into how your business uses and stores data, your operating environment and potential exploits to use against your security. They may even use no-tech methods like “dumpster diving”, going through your bins to retrieve old information that has been thrown away that reveals details of your operations.
Footprinting, scanning & enumeration
Initial reconnaissance completed, activities then step up a gear, using technology to probe at your systems in an effort to create a more detailed picture of operations.
- Footprinting begins to identify your systems and potential attack points. Passive footprinting may be nothing more than reviewing your company email system. Active footprinting is more hands-on, testing systems to see if they respond to SQL injection commands for instance.
- Scanning uses automated tools to probe your systems and infrastructure to see what is in use on your network. This will reveal active computers (hosts) and the ports left open allowing traffic into and out of your company network and firewall.
- Enumeration seeks to extract specific details from the network, such as usernames, machine names and any available network resources.
Put together, the results of these activities will give your ethical hackers a very good understanding of your network, the technologies you use and likely points of entry.
With potential entry points identified, ethical hackers put their extensive technical knowledge to work breaking in. They use a combination of scripts and tools to circumvent or break security.
Once inside the network, hackers will daisy-chain techniques to escalate privileges and compromise other systems. This process can last days or months as the hacker continues looking for valuable data without triggering any of your network defence mechanisms.
Maintaining access (gaining persistence)
Having broken through your defences and established a foothold on the network, the hacker will first ensure they can maintain access. They will create new user accounts with admin level permissions for instance, allowing them to log in through the “front door”. Or they may install trojan horse malware on the network, providing a backdoor from which to work in future.
Large hacking projects can take months to execute, so maintaining access is vital until the hacker’s target is accomplished.
With analysis and testing complete, the ethical hacker will produce a detailed report of their findings. They will document each of the vulnerabilities they identified, the tools they used and how successfully they were able to exploit each weakness.
The final report is an important tool for your cybersecurity strategy. Not only does it document where there are failings, but it will also help to prioritise remedial work to bring defences up to standard and reduce the risk of being successfully hacked by a black hat.