Friday, March 2, 2018

Attacking process

Résultat de recherche d'images pour "‫عملية ااختراق‬‎"

Attack: is the set of activity applied trying to exploit a vulnerability or a group of vulnerabilities in order to be able to affect availability, integrity or confidentiality. Attacks can happen without being able to reach their targets. We call the attack that succeeded to achieve any of its target a security breach and the application as a compromised application. 

Attackers normally follow a strict step by step approach to execute attacks because it is well known that attacks based on random approach without good planning mainly end unsuccessfully or by attacker identity discloser. The process steps are the following:

1- Mapping: this step is about collecting information from all available sources 
2- Analyzing: in this step the attacker gains the real added value after analyzing and intersecting collected information. 
3- Executing: this step is where the attacker will begin the penetration trial to compromise the victim application. 
4- Covering trace: as hacking is an illegal act any trace that lead to disclosing the attacker real identity will cause him a serious problem additionally being detected in pre-attack or during attack might cause throwing all time invested in Mapping and analysis phases this is why the attacker needs to cover his trace and minimize the attack detection possibility. Trace coverage is a process that should begin with mapping phase and finalize the whole process. 

Mapping    


Mapping includes all tasks done for the purpose of collecting information about application and infrastructure of the potential victim.  

Mapping infrastructure: mapping infra structure includes collecting information about servers’ networks operating systems and DNS entries of the potential victim. 

Mapping Application: this includes creating a full profile for the application comprising functionalities, components, flow and data. We will cover those main tasks focusing on application mapping more than infra structure due to the subject scope.

Mapping infrastructure 

Even though that mapping infra structure is outside our course scope but it is vital to remind with some of the main practices and tools that can be used in that phase

 












0 comments: