There Is A Process

Business owners and users should be aware of just what the hacking process is to better prepare a defense.

Just as forensic investigations don’t happen as quickly is portrayed in popular CSI television series neither does hacking. There is a time consuming defined process to successful hacks. Although expressed in different terms the basic phases are the same. The methodology and phases will be covered in the next series of post.

The phases are reconnaissance, exploitation, privilege escalation, established persistence, data extraction and covering your tracks. Let’s take a closer look and initial phase and most critical phase, reconnaissance.

The reconnaissance phase can be broken down into two to sub categories. There is passive and active recon.

Passive reconnaissance is the phase that involves social engineering and collecting information by interacting with the target company. This could also include viewing company web pages and googling employees.

Active reconnaissance is when the hacker uses there technical skills and tools to actively probe target systems. More on that in the next installment.