May 28, 2022

The Five Stages of Ethical Hacking

The five stages of ethical hacking are the same, irrespective if you hack into a network or a website:

1. Reconnaissance / information gathering (active vs. passive [Google, LinkedIn])
2. Scanning & enumeration (using tools like Nmap, Nessus, Nikto, etc. to scan avtively against a client for open ports and vulnerabilities. Enumeration is the process of checking items for vulnerabilities that can be exploited, e.g. an outdate version of a webserver.
3. Gaining access / exploitation: using vulnerabilities found in step 2 to gain access to a network or website.
4. Maintaining access: Once we have access, the process of scanning and enumeration starts again so that we still have access after the computer is switched off temporarily, etc.
5. Covering tracks: delete logs that may contain information about us, delete any malware, and generally cleaning up.

Steps 1-3 will be the focus of the “Practical Ethical Hacking” course. This process and methodology never changes, only the tools and attack methods may change.

Further reading:

• 5 Phases of Hacking
• 5 Phases of Ethical Hacking

Von Andreas Janzen

• « Introduction to Python
• Scripting with Bash »

Aktuell

• Credential Stuffing and Password Spraying
• Brute Force Attacks
• Manual Exploitation
• Gaining Root with Metasploit
• Staged vs Non-Staged Payloads
• Enumerating SSH
• Scanning with Nessus
• Reverse Shell vs Bind Shell
• Researching Potential Vulnerabilities
• Enumerating SMB

Search