This excerpt is a reprint from Leonard Chin’s whitepaper “5 Phases Every Hacker Must Follow”, which was reprinted with permission.
Hackers will often use one of five phases of hacking to attack a network before they attack it.
What is scanning?
Scanning can be seen as an extension and overlap to active reconnaissance, which aids attackers in identifying vulnerabilities.
Attackers often use automated tools such as network scanners and war dialers to locate systems and attempt to exploit vulnerabilities.
An attacker must follow a set of steps to scan a network. These are the criteria that determine which scanning methods will be used.
Scanners can be a boon to hackers
Vulnerability scanners are the most widely used tool. They can scan for multiple vulnerabilities on a target network and potentially detect thousands of them. This gives attackers an advantage in time as they only need one entry point to attack whereas the system’s professional must protect many areas with patches.
Organizations with intrusion detection systems need to be concerned that attackers could use evasion techniques at both the application and network levels.
An attacker can gain critical network information using simple tools such as traceroute (computer network diagnosis commands), including routing information, firewalls and mapping of systems. Cheops, a network management program, can be used to enhance the functionality of traceroute.
Port scanners can also be used to listen for ports and obtain information about the services and nature of the target machine. Port scanners can be stopped by shutting down all unnecessary services. Although appropriate filtering can be used to defend against port scanners, attackers still have the option of using tools to determine filtering rules.
Hacking Phase 2: Scanning
Scanning is the second phase of hacking. It is preceded and preceded by reconnaissance. The remaining phases are:
3. Gaining Access
5. Track coverage
This course teaches you more about hacking
Certified Ethical Hacker v11
Why should you become a Certified Ethical Hacker?
Due to the many cybersecurity attacks and the high amount of personal information at stake, as also the potential legal liabilities, there is a high demand for ethical hackers certified. This course is required for anyone responsible for data security and network security. Learn more about this course page.