Major Boothroyd here for the first time to tell you about hacking. The Major asked some acquaintances for topics to blog on and several stated an introductory about hacking. First, hacking is the ability to reverse engineer, recreate, modify, or create computer programs via programming languages –this blog will have a heavy concentration on teaching programming languages, Linux operating system, computer networking, robotics/electrical engineering, mathematics, and cryptography but give very thorough from start to finish explanations of these advanced topics. We will not directly respond or instruct on requests such as “How to hack <xyz>.com”, but this blog may convey knowledge such as carrying out brute force attacks against HTTPS protect forms which could be applied to attempting such a request with the website owners legal consent. The reader’s goal should be to hack to learn, not learn to hack. However, the reader is responsible for the use of all knowledge conveyed and any/all tests using this blogs information should be against one’s own network or a network which the user has obtained legal consent. The words “legal consent” do not pertain to any legal advice and legal counsel should be consulted in defining the policies and procedures of obtaining legal consent in one’s country or territory.
This blog will aim to teach one how to achieve a variety of topics using various tools, scripts, etc. contained within Q’S Consulting’s qBox. The qBox is a discreet portable penetration testing device pre-loaded with several tools & scripts. The qBox is essentially a custom 32 GB+ Debian Stretch battery powered handheld device pre-loaded with all the popular penetration testing scripts from Kali Linux plus the tools/scripts covered by this blog. To learn more about the qBox check our Products page.
BEGIN: So now that we have defined hacking from Q’s perspective let’s talk about it from the defender/incident responder’s perspective. Wait, I thought you said hacking is programming? So this is where hacking gets confusing because clearly hacking attacks are malicious. Due to being heavily misunderstood hacking is generalized as primarily a bad or “black hat” activity, but there are also good or “white hat” hackers/incident responders/defenders.
Lockheed Martin’s Kill Chain Model has been developed to describe attacks or generalized “hacks” in various phases to get through some of this confusion allowing “white hat” hackers to talk about “black hat” hackers actions. For example, one would not just say there was a shooting; there is still more to the story to be told: who got shot, who did the shooting, where did the shooting occur, what time did the shooting occur, what was the motive, was the police involved, etc. So the Kill Chain Model can be thought of as an activity report based on a hacking attack, not how to describe ALL hacking. If one “hacked” together a script to do something they would not use a Kill Chain Model to describe its use, a Kill Chain Model is like a cyber police report and would indicate the tool was used in a hacking attack. We will tag blog posts on this blog according to Kill Chain Model where applicable. Also, we will attempt to explain both the attack and mitigations where applicable.
Attacks are not blindly carried out. First to carry out an attack the attacker must assess the targets vulnerabilities choose which type of attack to carry out. A basic example of reconnaissance would be port scanning a target machine to see what services are potentially running on the device.
Utilizing the information collected during the reconnaissance phase an attacker may begin to weaponize the attack by developing their exploit.
The method used to connect the exploit with the target: E-Mail, SMS, a social media message, phishing page, etc.
When the delivery weaponization and delivery are combined together plus executed exploitation occurs. Whether the exploitation is successful or not depends if the attacker will go back through the previous steps or continue on.
Establishing persistent interactions with the system once the exploit has successfully delivered the payload via software. The software used in the installation phase may include but not be limited to: key loggers, Remote Access Trojans (RAT)s, cryptocurrency mining software, proxy software allowing the attacker to use the victims IP address as a mask of their activities pointing back at the victim, etc.
Sometimes also called C2, short for Command & Control is the exfiltration of data. Data can be exfiltrated in multiple ways including but not limited to: social media, E-Mail, FTP, SFTP, SSH, video or voice recordings, in-person theft via USB or mobile device, and many other ways. The data is generally the overall objective of the attack whether the data is credit cards, social security numbers, addresses, E-Mails, password hashes, hair color, type of pet, etc.
Recon on internal networks to create a second attack cycle on the internal vs. external network, extortion, insider trading, the final actions taken with the data. A lot of researchers do not include this phase when dissecting an attack utilizing a Kill Chain Model because it is often redundant information. Not only is the information redundant but it is often unnecessary for how to mitigate or deal with post-attack issues.