Uncovering Cybersecurity Weaknesses: The 5 Phases of Hacking - Essay Sample

Introduction

After the reconnaissance, as well as the scanning stages or phrases, have successfully been completed, the Centralia security lab ethical hacking will be therefore be followed through by the Haverbrook investment limited. Specific department computers will be used as a target along with the company network.it is in this phrase that weakness is revealed. However, to gain access, several tools are utilized (5 Phases of Hacking. 2018). for this specific exercise, the remote exploit will be used, and it is directed to accurately test the company network externally just like a typical hacker would attempt. Additionally, a Distributed Denial of Services (DDoS) will be used, and this will play a significant role in providing the penetration opportunity to the company network.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Vulnerable Resources

To assist the personnel at Centralia labs with the penetration process, the team can employ the several vulnerability resources list with the directions on the applicability. The team will use the publicly available information to discover and exploit the vulnerabilities that exist in the company, and this is based on the kind of the software and the hardware that is available in the company (Alex & Hansen, n.d.). Such databased and site possess an abundance of information or resources with the explanation on the vulnerabilities, offer solutions on how to fix these vulnerabilities, as well as the latest exploits as well as the likelihood of success. Such organizations, like the MITRE ATT&CK, provides sufficient information and solutions to the cybersecurity issue based on real-life situations.

MITRE ATT&CK has additionally created an easy to follow matrix and establish what an attack is and how it can effectively prevent it. Common vulnerabilities and exposure are a database that provides vase vulnerabilities that exists within a software (Home. n.d.). The information available in these resources assists the organizations in performing risk assessment prior to the implementation of software and the kind of vulnerabilities that are present in it.

Techniques and Software

Once the team has identified the various resources that can be used and made contact with the organizations provided a point of contact, the gain access to the company network will be initiated. There are, however, a variety of tools or methods that can be employed in this stage, including password cracking, spyware, trojans, and or key loggers. However, for the attack on HIG, the CSL will apply the HTTP unbreakable load king (HULK) script. HULK is used to send a unique HTTP request to a website. The purpose of using the HULK is to overload a website with numerous requests, and this prevents the real users from gaining access to the network (Barnett, 2012). HULK is unique as it is tailored in a way that more HTTP, as well as the user agents, can be added to the script.

Additionally, HULK can bypass caching engines by requesting the server for no-cache (Barnett, 2012). Similarly, it employs the use of the user agent’s forgery to avoid detection (Barnett, 2012). By employing HULK, it makes for a significant threat like a DDoS attack with minimal effort.

Figure 1: (Barnett, 2012)

References

Alex Ø. T. Hansen, & Hansen, A. (n.d.). Ethical Hacking – Tools for the 5 Phases of Hacking. Retrieved June 22, 2020, from http://blog.tofte-it.dk/ethical-hacking-tools-for-the-5-phases-of-hacking/

Barnett, P. (2012, May 18). HULK vs. THOR - Application DoS Smackdown. Retrieved June 22, 2020, from https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hulk-vs-thor-application-dos-smackdown/

Home. (n.d.). Retrieved June 22, 2020, from https://cve.mitre.org/cve/

5 Phases of Hacking. (2018, February 08). Retrieved June 22, 2020, from https://www.geeksforgeeks.org/5-phases-hacking/