“Ethical hacking” describes the use of cybersecurity tools to promote “good”.
Linux Club provides this content for educational use only. Please ask your victims politely before attempting to compromise their data or devices.
Attempting to gain unauthorized access to any computer system is illegal.
https://en.wikipedia.org/wiki/Penetration_test
A penetration test, colloquially known as a pen test, is an authorized simulated attack on a computer system that looks for security weaknesses, potentially gaining access to the system’s features and data.
Kali Linux is the most popular Linux distro for advanced pennetration testing.
Kill Chain
https://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html
The kill chain describes your procedures and approach. In short, there are four phases of an attack.
- Reconnaissance: collect information on your target.
- Passive reconnaissance avoids direct contact with the system. Usually harder to detect. (eg. browsing the company’s website)
- Active reconnaissance is where the attacker engages with the target. High-risk and high-reward. (eg. social engineering, port scanning)
- Attack: create and deploy your exploits.
- Objective: you’ve infiltrated the target, now compromise the system.
- Report: After a successful attack, propose solutions that can reduce the company’s vulnerability.
Best practices
Avoid detection
- Virtual machine
- Virtualization is a technology that allows computer resources to be dedicated to run a second operating system within a host.
- Virtual machines can be deleted within seconds.
- Live sessions
- Kali is often ran from USBs. All memory is erased simply by pulling out.
- Network isolation
Kali Linux should never be used as your primary workstation. You should be comfotable with the thought of immediately destroying any device with Kali installed.