We get it: Ads are not what you are here for. But ads help us keep the lights on. So, add us to your adblock's whitelist or register for free to remove this notice. Either way, you are supporting our journalism. We'd really appreciate it.
Advanced Hacking Fundamentals
Passwords and email accounts will not bring you any pleasure and you will try to go for bigger targets every time, only to end up in jail.
At the point I will assume you already know the basics but want to move to more “advanced” learning. Make sure that you have firm grip at basics because if not, you might face problems ahead.
Before you start I want you to familiarise yourself with the following terms used in the advance field of hacking:
- Worms, Malware, and Viruses
- Botnets, IRC Bots, and Zombies
- Cryptography, Encryption, and Decryption
- Pentesting and Forensics
- Decompiling, Reverse Engineering and Debugging
- Remote Administration Tool
Worms, Malware, and Viruses
Worms are malicious programs that make copies of themselves again and again on the local drive, network shares, etc. The only purpose of the worm is to reproduce itself again and again. It doesn’t harm any data/file on the computer. Unlike a virus, it does not need to attach itself to an existing program. Worms spread by exploiting vulnerabilities in operating systems.
Examples of worm are:
Malware is short for malicious software and used as a single term to refer to virus, spyware, worm etc. Malware is designed to cause damage to a stand alone computer or a networked PC. So wherever a malware term is used it means a program which is designed to damage your computer it may be a virus, worm or Trojan. Example of malware are:
- Cryptolocker Ransomware
- Blackshades Backdoor RAT
Virus is a program written to enter to your computer and damage/alter your files/data. A virus might corrupt or delete data on your computer. Viruses can also replicate themselves. A computer Virus is more dangerous than a computer worm as it makes changes or deletes your files while worms only replicates itself with out making changes to your files/data. Examples of virus are:
Botnets, IRC Bots, and Zombies
A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software.
An IRC bot is a set of scripts or an independent program that connects to Internet Relay Chat as a client, and so appears to other IRC users as another user. An IRC bot differs from a regular client in that instead of providing interactive access to IRC for a human user, it performs automated functions.
The term “Zombie” is a computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction. Most owners of “zombie” computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to fictional zombies.
Cryptography, Encryption, and Decryption
Cryptography involves creating written or generated codes that allow information to be kept secret. Cryptography converts data into a format that is unreadable for an unauthorized user.
Cryptography also allows senders and receivers to authenticate each other through the use of key pairs. There are various types of algorithms for encryption, some common algorithms include:
- Secret Key Cryptography (SKC): Here only one key is used for both encryption and decryption. This type of encryption is also referred to as symmetric encryption.
- Public Key Cryptography (PKC): Here two keys are used. This type of encryption is also called asymmetric encryption. One key is the public key that anyone can access. The other key is the private key, and only the owner can access it. The sender encrypts the information using the receiver’s public key. The receiver decrypts the message using his/her private key. For nonrepudiation, the sender encrypts plain text using a private key, while the receiver uses the sender’s public key to decrypt it. Thus, the receiver knows who sent it.
- Hash Functions: These are different from SKC and PKC. They use no key and are also called one-way encryption. Hash functions are mainly used to ensure that a file has remained unchanged.
Encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot.
Encryption is widely used on the internet to protect user information being sent between a browser and a server, including passwords, payment information and other personal information that should be considered private. Types of Encryption are:
Decryption is generally the reverse process of encryption. It is the process of decoding the data which has been encrypted into a secret format. An authorized user can only decrypt data because decryption requires a secret key or password.
To make the data confidential, data(plain text) is encrypted using a particular algorithm and a secret key. After encryption process, plain text gets converted into cipher text. To decrypt the cipher text, similar algorithm is used and at the end the original data is obtained again.
Pentesting and Forensics
Penetration testing, more commonly called pentesting, is the practice of finding holes that could be exploited in an application, network or system with the goal of detecting security vulnerabilities that a hacker could use against it. Pentesting is used to detect three things: how the system reacts to an attack, which weak spots exist that could be breached, if any, and what data could be stolen from an active system.
Don’t confuse penetration testing with simply vulnerability scanning or security assessments – it’s those things plus more. Pentesting helps find some of the most complicated attack vectors across systems, finding vulnerabilities that tools and techniques used during development are unable to detect, as they are testing single systems, not yet embedded in the organization’s wider network. Pentesting is also often used after an intrusion to detect the vectors used by the attackers to recreate the attack and prevent it from happening again.
Decompiling, Reverse Engineering and Debugging
The term “Decompiling” means to convert executable (ready-to-run) program code into some form of higher-level programming language so that it can be read by a human.
Decompilation is not always successful for a number of reasons. It is not possible to decompile all programs, and data and code are difficult to separate, because both are represented similarly in most current computer systems.
Decompilation is sometimes used unethically, to reproduce source code for reuse or adaptation without permission of the copyright holder. Programs can be designed to be resistant to decompilation through protective means such as obfuscation.
Reverse engineering is taking apart an object to see how it works in order to duplicate or enhance the object. Software reverse engineering involves reversing a program’s machine code (the string of 0s and 1s that are sent to the logic processor) back into the source code that it was written in, using program language statements.
Debugging is the process of finding and resolving defects or problems within a computer program that prevent correct operation of computer software or a system.
Developing software programs undergo heavy testing, updating, troubleshooting and maintenance. Normally, software contains errors and bugs, which are routinely removed. In the debugging process, complete software programs are regularly compiled and executed to identify and rectify issues. Large software programs, which contain millions of source code lines, are divided into small components. For efficiency, each component is debugged separately at first, followed by the program as a whole.
A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer’s keyboard. Keylogger software is also available for use on smartphones, such as Apple’s iPhone and Android devices.
The main objective of keyloggers is to interfere in the chain of events that happen when a key is pressed and when the data is displayed on the monitor as a result of a keystroke. Here’s how keyloggers spread:
- Keyloggers can be installed when a user clicks on a link or opens an attachment/file from a phishing mail
- Keyloggers can be installed through webpage script. This is done by exploiting a vulnerable browser and the keylogger is launched when the user visits the malicious website.
- a keylogger can be installed when a user opens a file attached to an email
- a keylogger can be installed via a web page script which exploits a browser vulnerability. The program will automatically be launched when a user visits an infected site
- a keylogger can exploit an infected system and is sometimes capable to download and install other malware to the system.
Remote Administration Tool
A RAT or remote administration tool, is software that gives a person full control a tech device, remotely. The RAT gives the user access to your system, just as if they had physical access to your device. With this access, the person can access your files, use your camera, and even turn on/off your device.
Mostly the people who use RATs are skids trying to gain access to your information for malicious purposes. These type of RATs are also called remote access as they are often downloaded invisibly without your knowledge, with a legitimate program you requested—such as a game.
A well-designed RAT will allow the hacker the ability to do anything that they could do with physical access to the device. So remember, just like you don’t want your home infested by rats, you also don’t want a RAT on your device. Here are some tips on how you can avoid a RAT:
- Be careful what links you click and what you download. Often times RATs are installed unknowingly by you after you’ve opened an email attachment or visited an software in the background.
- Beware of P2P file-sharing. Not only is a lot the content in these files pirated, criminals love to sneak in a few malware surprises in there too.
- Use comprehensive security software on all your devices. Make sure you install a security software, which protects your data and identity on all your PCs, Macs, tablets and smartphones.
Early cyberattacks used proxies to hide the origin of their attacks. Many of these proxies were “slaved” machines controlled by trojan horse programs like Sub7.
90’s-era infosec research was rudimentary at best, and major cyberattacks (such as the early DoS attacks on e-commerce companies like eBay) relied on attackers forwarding attacks from their computers through proxies in western-unfriendly countries or “slaved” machines controlled by early RAT tools.
To stay private, hackers would complete their attacks then wipe their infected systems via basic attempts at self-destruction: deleting files then corrupting the Windows system flies, corrupting the master boot table on the hard drive that governs how a computer knows where an operating system is located, etc.
But as infosec research has matured, so too have attempts to obfuscate and anonymize attackers.
From a network perspective, most modern adversaries hide behind Tor, I2P, or a private cloud of onion-routed botnet systems (e.g.: Storm) that make it very difficult to establish the original point of origin. Rather than compromising a single proxy or 2-tier structure of proxies, this approach makes researchers have to sift through an impossibly dense set of servers forwarding traffic. If used properly, a system like Tor can almost completely anonymize a user.
As a result, researchers tend not to look for a point of origin and look instead at the structure of the attack’s C2 (Command and Control) infrastructure. Without using outside tools like financial analysis or HUMINT you may never be able to determine the original identity of an attacker. But you can determine that the same attacker launched the same set of attacks. This is why most APTs (Advanced Persistent Threats) are given names like “Fancy Bear” and “Energetic “Panda” – they’re code words for attacks launched by the same adversary without saying who specifically that adversary is.
Because of these mechanisms, it is increasingly important for infosec researchers to employ “dummy” systems like honey pots that expose themselves to attack and allow the research community to study the vagary of ways that a determined and anonymous adversary strikes a system.
Anonymity for the modern adversary is no longer wearing a ski mask when you knock over a convenience store. It’s using encryption and complex C2 infrastructures to be the digital equivalent of the Zodiac killer.