Certified Ethical Hacking Methodology by Ec-council 💻

Ethical Hacking Methodology is a step-by-step process to perform ethical hacking. The Hacker follows the same method to fulfill or achieve the hacking goals. This also helps security professionals or ethical hackers to map the techniques, tactics, and procedures followed by evil hackers to gain control over the systems. In, this CHM contains five phases as

1. FootPrinting
2. Scanning
3. Enumeration
4. Vulnerability Analysis
5. System Hacking.

In the Footprinting, process the hacker will find information about the target range, IP address, and the technologies the target uses. If the target runs a website find the tools and technologies used for the website and according to that the attacker creates a malicious payload using the Metasploit or the VeilEvasion tool. The attacker establishes the script according to the client and server-side technologies. This is the main phase in the hacking because the more information you have the more chances that you are getting successful while hacking the target system.

                                                                               And in the Scanning phase which is the second phase of hacking after finding the IP address of the target in the footprinting process now, we scan the IP address and find the open ports and the services that are running on the target system.  As an ethical hacker, we have to take permission from the org to know whether we are allowed to scan those IP addresses. And finding the versions that are running can really help us to create a payload to exploit that vulnerability by grabbing the banner and the version that it is running. There is a Network Mapper tool Nmap which really helps in the scanning phase.

Enumeration is the process of systematically probing the target for some information. This provides the roadmap for entering into the system by finding the usernames, passwords, and open ports on the target system. We can further do Social Engineering to gain privileged access to the target system. 

Vulnerability Analysis is the process of finding the loopholes in the target system. The way security architecture is built up, the versions they are running, and knowing whether those versions are vulnerable to attack will help us to break into the target system.

Once after exploiting the target system, in the System Hacking phase, we gain access, escalate privileges, maintain access, and clear our logs. In System Hacking, Gaining Access to the target system is the first step which will help us to know more about the infrastructure and helps to gain access to the others system in the network. After gaining access, we will escalate our privileges from the lower level access to the root level access which is the highest access in the system. With the help of this access, we can install some software and can hide our malware. We install some keyloggers, backdoors, malware, and rootkits to make our attack more persistent even when the system reboots which helps us to maintain our access. And finally, we clear all the traces of our footprints on the target system by clearing the logs and using some modern cleaning software to be stealthy and not get detected by the forensic department.

---

Connect With Me:-

1. LinkedIn
2. Twitter
3. GitHub

---