The term “attack” is used here to denote performing a variety of hacks, including brute force and social engineering, that require access to the target’s computer system or network. Here are some terms and processes related to this skill boot camp:
- Brute Forcing
- Password Hashing
- Capture The Flag (CTF)
- Phishing
Brute Forcing:
Brute forcing is the process of attempting password guesses against a computer system in order to gain unauthorized access to it. Brute forcing a password is a common practice among hackers, even though it is not used by most penetration testers, who instead prefer to employ social engineering tactics and exploits. To perform brute forcing, a hacker attempts combinations of words or numbers in the hope of eventually finding one that works on the target computer or network. It’s a popular technique because some people use weak passwords.
Password Hashing
A Password Hashing System (PHS) is a method of storing passwords securely, making them difficult for an unauthorized person to crack through brute force or dictionary attacks. A PHS is often referred to as a one-way hash function because the password is not reverse engineered after input, but rather the result is always the same (the hashed password). When entered into a target computer or network, all PHS’s return the same “hash value” which typically cannot be changed using traditional attack methods such as brute force and dictionary attacks.
Capture The Flag:
Capture the Flag (CTF) is a computer security competition in which teams compete to obtain as many flags as possible from a selected set of computers, and return them to their own base before time runs out. Typically, the goal is to infiltrate a secure computer system or network and retrieve data that can be used for further analysis or exploitation. CTF is generally used for training forensic technicians, penetration testers, and security engineers in several key areas including reverse engineering, social engineering, assessments, and exploits. Once the flags are captured, teams are scored based on how many flags they obtained.
Phishing:
Phishing is a form of attack in which an attacker sends e-mails and malicious websites to entice a victim to reveal confidential information such as passwords, credit card numbers, and bank account information. The attacker then uses that information to compromise the target computer network or system. The term originates from “fishing”, as in using a fishing line to catch a fish. It is an unauthorized attempt to acquire the sensitive information of the victim by sending them a malicious or suspicious link.
Key Points:
- Brute force attack is the most commonly used attack method for hacking.
- Password Hashing System is widely used on all platforms.
- Capture the Flag can be performed by multiple users simultaneously, which motivates hackers to improve their skills more.
Role of Attackers:
A penetration tester or ethical hacker seeks to gain unauthorized access to a shared network or system through the use of tools and methods that are related to physical security, network security, and social engineering. The attacker may test a system via one of several routes, such as via default accounts, operating systems and applications, services/ports, and open services/ports.