Getting Started with Ethical Hacking
The process of ethical hacking involves discovering vulnerabilities that if exploited by a threat actor, could result in a compromise of confidentiality, integrity or availability of a network and the computers running on it. This chapter lays out that process and runs through how to get started. Setting up a virtual machine with a specific operating system tailored to the task of ethical hacking. You will be introduced to Hack The Box and the very first challenge with is solving the registration challenge for signing up for an account. Following the process of enumeration, vulnerability analysis and exploitation we will get access to our first box.
The goal of cybersecurity is to protect valuable assets from vulnerabilities being exploited by threats causing financial loss to the asset's owners. Although these threats are not just malicious hackers, from the perspective of an ethical hacker, it is people as threats which is their main concern. An ethical hacker tries to find exploitable vulnerabilities in an organization's network by emulating a malicious hacker, using same tools but applying some boundaries around what they do and how they do it. To a large degree, ethical hackers are to cybersecurity what softwhware testers are to software development. Ethical hackers test everything, software, configuration, hardware and people that could expose an asset to exploitation. They report on any vulnerabilities found so that the organization can fix or mitigate those vulnerabilities.
To learn the skills of an ethical hacker, it is important to understand the technologies and how people interact with those technologies within the context of the organization that owns them. This is challenging enough, but the technologies evolve rapidly and so even once you understand a technology, you have to keep updating that knowledge with those changes. This is by no means an easy task, but it is a rewarding one. If you are interested in how things work, how to break them and how to put things back together again, ethical hacking will quickly become a passion.
Ethical hacking follows a process that starts with discovery which involves trying to find the machines that are on the network and their network addresses, a process that is called enumeration. With each discovered device, there is further enumeration of the software and services that are running on it. Uncovering potential vulnerabilities will lead to a plan about exploiting the vulnerabilities to gain a foothold on the machine, either to be able to use it to expose information on the machine, or to gain command execution. From there, there is another round of enumeration to discover more information and other users, especially those with higher privileges. This culminates in getting administrative access to the machine and to total control.
Although this might sound like a linear process, sometimes referred to as the "kill chain", it is often an iterative one consisting of the steps of enumeration, discovering vulnerabilities and exploiting them. Because this process can take many paths, it is essential that it is documented as you go. Without this, it is very easy to overlook things, get lost, or simply forget what you did to get to a certain point. In a professional sense, the process needs to be documented for the client as an audit of how their network was compromised so that they can fix it.
Learning the skills of ethical hacking takes practice in as many different contexts as possible. You will build a toolkit to assist with this but quickly discover that no one tool is perfect, and that different approaches and tools may be needed in different situations, including writing custom tools or scripts of your own. Of course, there is a limit to this and by necessity, ethical hackers specialize in carrying out penetration testing, playing out attack and defense scenarios as a red team or blue team (or purple), or end up in another area of cybersecurity such as forensics.
Although there is a difference between a penetration test that simply aims to find exploitable vulnerabilities on a machine or network of machines and a full blown emulation of an adversarial hacker group seeking to take over a network for long term surveillance and information exfiltration, many of the paths of the techniques that are used will be the same. Paul Pols (2017) proposed an organization of stages of an attack he called the Unified Kill Chain. This laid out the staged objectives of the attack as getting an initial foothold, propagating through the network and getting critical access to assets.
Unified Kill Chain as proposed by Paul Pols
Even with this organization, it suggests a linear process which in reality is more iterative. As you will see, gaining access through different users or through exploiting vulnerabilities allows for further enumeration and discovery that leads to new exploits and privilege escalation. However, irrespective of what your objectives are in an ethical hacking assignment, you will still need to know how to carry out enumeration, how to do social engineering, evade defenses, escalate privileges and collect and exfiltrate information.
What we will do in this book is to try and balance straight up theory, how things work, with how they don't work in a particular context that makes them exploitable. We are going to use examples from a site called Hack The Box that provides a range of different types of challenges on different platforms which require a range of ethical hacking skills. Although presented as a capture the flag (CTF) exercise, each box is a mix of hunting for clues about misconfiguration, mistakes that administrators and developers have made or vulnerabilities in the deployed software. What is also good about this environment is that even if you have used a particular technique on a challenge before, the box creators find different ways to make it sufficiently different that you will learn new skills with every attempt.
Another unique and impressive resource that accompanies Hack The Box are the videos from IppSec. In the videos, IppSec goes through a challenge and takes the time to show the underlying assumptions and techniques behind what he is doing at every stage. As a learning (and entertainment) resource, it is priceless, and a strategy for learning ethical hacking would be to simply watch all of IppSec's videos and follow along with what he is doing yourself. Whilst I strongly recommend doing this (or as much as you have time), one thing that this doesn't do is explicitly put all of these techniques into an overall ethical hacking or penetration testing framework. If you take any of the certification courses in ethical hacking or pentesting offered by providers such as Offensive Security, SANS Institute, EC-Council or CREST, you will follow a similar curriculum that covers aspects of general trade-craft including the use of specific tools.
The skills required to do pentesting are quite broad. In training, the focus remains broad and so you are exposed to a wide range of software, technologies and techniques. You will become as fluent in PowerShell as you are in Bash. As comfortable writing a Python script as dissecting PHP code. And able to manipulate Assembly language to make a program do what it was never designed to do.