Reconnaissance
Reconnaissance refers to information gathering. At this stage, target is known in a broad scale. Target range may include the target organization’s client, employees, operations, network and systems.
Types of Reconnaissance
- Passive Reconnaissance
- Involves acquiring information before directly interacting with the target.
- Searching public records / publicly available information / open intelligence.
- Active Reconnaissance
- Involves interacting with the target directly by any means.
- For example, calling Helpdesk or IT Department trying to gain more information about the target’s information system.
Scanning
- Scanning is known as the Pre-Attack Phase.
- It is when the attacker scans the network for specific information.
- Information used during scanning is based on what was gathered during reconnaissance.
- Includes port scanners, dialers, network mappers, ping tools, vulnerability scanners, etc.
- It is the phase when the attackers gain information about live machines, open ports, running services, OS details, devices used, uptime.
- Gathered information during scanning are essential for the attacker to decide when to launch the attack.
Gaining Access
- This is the phase when the attacker gains access to OS or application of the target.
- Access can be at OS, application or network level.
- During this phase, attacker can escalate privileges in order to obtain complete control of the system.
- Examples: Password cracking, puffer overflows, denial of service, session hijacking.
Maintaining Access
- Attacker tries to retain ownership of the system.
- Samples: Backdoors, RootKits, Trojans.
- Attackers use the compromised system to launch further attacks.
Clearing Tracks
- Refers to covering tracks / hide malicious acts.
- Intentions include maintaining access, remain unnoticed, prevent prosecution.
- Attacker overwrites the server, system and application logs to avoid suspicion.
Project Puchufy 