Legality of Hacking: A Critical Discussion
VerifiedAdded on  2022/12/28
|11
|4644
|27
AI Summary
This article discusses the legality of hacking and its implications in the world of computer crime. It explores the difference between traditional and computer crimes, the challenges in prosecuting hackers, and the positive uses of hacking. It also provides an overview of penetration testing and its methodology.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Introduction
Criminal activities are the acts made by an individual or group of people which is against the
constitutional laws. In our discussions, we saw that there is a difference between traditional and
computer crime activities. In traditional crimes, it clearly shows that foundations of the criminal
laws are effective since the accused persons have the evidence to testify against them. We found
that there is full evidence of the crime in the crime scene because criminals leave tangible evidence
such as fingerprints, photographs or even there documents like identification cards are left in the
crime scene. It, therefore, make the court to prosecute them since there is evidence against them
which testify there activities and such scenarios are clearly stated in actus reus and men's rea
criminal laws. On the other hand, computer crime will be very difficult for actus reus and men's rea
criminal laws to be applied. Everybody would like to hack and hence there is the usefulness of
understanding the hacking. If in-case there is a problem in the company maybe let say an employee
forgot the password then the most important thing is to crack that password and it can be done with
the authorization hence the is not criminal activity. Hackers in companies can hack the systems and
check if there are any vulnerabilities that can be used by other malicious hackers to gain access into
the company's systems and begin to do malicious activities which will cost the company. Hackers
can also check the network security if there is any hole that malicious hackers can gain access and
still passwords though traffics hence it is important to prevent them before it is too late. Therefore,
hacking can be used in a positive way not always in a negative way (Ross, Baji, and Barnett, 2019
p.237).
Criminal activities are the acts made by an individual or group of people which is against the
constitutional laws. In our discussions, we saw that there is a difference between traditional and
computer crime activities. In traditional crimes, it clearly shows that foundations of the criminal
laws are effective since the accused persons have the evidence to testify against them. We found
that there is full evidence of the crime in the crime scene because criminals leave tangible evidence
such as fingerprints, photographs or even there documents like identification cards are left in the
crime scene. It, therefore, make the court to prosecute them since there is evidence against them
which testify there activities and such scenarios are clearly stated in actus reus and men's rea
criminal laws. On the other hand, computer crime will be very difficult for actus reus and men's rea
criminal laws to be applied. Everybody would like to hack and hence there is the usefulness of
understanding the hacking. If in-case there is a problem in the company maybe let say an employee
forgot the password then the most important thing is to crack that password and it can be done with
the authorization hence the is not criminal activity. Hackers in companies can hack the systems and
check if there are any vulnerabilities that can be used by other malicious hackers to gain access into
the company's systems and begin to do malicious activities which will cost the company. Hackers
can also check the network security if there is any hole that malicious hackers can gain access and
still passwords though traffics hence it is important to prevent them before it is too late. Therefore,
hacking can be used in a positive way not always in a negative way (Ross, Baji, and Barnett, 2019
p.237).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
TASK 1
A critical discussion on the legality of hacking
Computer Crime
Computer crime is also known as cyber-crime is a major concern in the technology industry.
Computer crime basically means the misuse of computer skills by committing a crime. Crimes such
as terrorism, hacking, viruses, malicious software, among others are the main crimes found all over.
The computer knowledge gained should be used to bring positive impact in the world but there are
few individuals who want to exploits others hard work by just stealing their properties by use of
such skills. Complains as always been launch about cyber-crime all over and it now high time to
make sure they don't bring negative impact again. Businesses, individual and even government
security is in great danger of this computer crime issue. There are rules and regulations governing
the crimes but because technology is growing so faster then such policies should be changed
regularly to ensure that such crimes are eradicated fully (Ross, Baji, and Barnett, 2019 p.237).
Traditional Crime Computer crime
They leave evidence of the crime such as
fingerprints hence easily traceable.
They leave little evidence of which digital
forensic investigators have difficulties in tracing.
They take a shorter time for investigations since
there is evidence such as DNA, fingerprints and
also photographs available in the scene.
It takes a long time since the evidence is very
little because hackers cannot be easily traced
hence any sufficient evidence against them.
Most crimes involving the use of force may be
to steal or sexual assault or any other crime
which is against the laws.
Cyber-crime doesn't involve any use of force
since only computer and internet are needed
hence no physical work done.
Courts find traditional cases to be easy and
direct since there is tangible evidence which can
be used to testify their criminal activities.
Courts find difficulties to prosecute hackers
because in constitutions there are amendments
which state that no one shall be prosecuted
without evidence hence lack of insufficient
evidence will offer them escape route
A critical discussion on the legality of hacking
Computer Crime
Computer crime is also known as cyber-crime is a major concern in the technology industry.
Computer crime basically means the misuse of computer skills by committing a crime. Crimes such
as terrorism, hacking, viruses, malicious software, among others are the main crimes found all over.
The computer knowledge gained should be used to bring positive impact in the world but there are
few individuals who want to exploits others hard work by just stealing their properties by use of
such skills. Complains as always been launch about cyber-crime all over and it now high time to
make sure they don't bring negative impact again. Businesses, individual and even government
security is in great danger of this computer crime issue. There are rules and regulations governing
the crimes but because technology is growing so faster then such policies should be changed
regularly to ensure that such crimes are eradicated fully (Ross, Baji, and Barnett, 2019 p.237).
Traditional Crime Computer crime
They leave evidence of the crime such as
fingerprints hence easily traceable.
They leave little evidence of which digital
forensic investigators have difficulties in tracing.
They take a shorter time for investigations since
there is evidence such as DNA, fingerprints and
also photographs available in the scene.
It takes a long time since the evidence is very
little because hackers cannot be easily traced
hence any sufficient evidence against them.
Most crimes involving the use of force may be
to steal or sexual assault or any other crime
which is against the laws.
Cyber-crime doesn't involve any use of force
since only computer and internet are needed
hence no physical work done.
Courts find traditional cases to be easy and
direct since there is tangible evidence which can
be used to testify their criminal activities.
Courts find difficulties to prosecute hackers
because in constitutions there are amendments
which state that no one shall be prosecuted
without evidence hence lack of insufficient
evidence will offer them escape route
Criminal Activities
Actus reus and men's rea are the foundations of criminal laws. It is, however, important to judge
criminal activities basing on the guidelines of these foundations.
Criminal activities are the acts made by an individual or group of people which is against the
constitutional laws. In our discussions, we saw that there is a difference between traditional and
computer crime activities. In traditional crimes, it clearly shows that foundations of the criminal
laws are effective since the accused persons have the evidence to testify against them. We found
that there is full evidence of the crime in the crime scene because criminals leave tangible evidence
such as fingerprints, photographs or even there documents like identification cards are left in the
crime scene. It, therefore, makes the court to prosecute them since there is evidence against them
which testify there activities and such scenarios are clearly stated in actus reus and men's rea
criminal laws. On the other hand, computer crime will be very difficult for actus reus and men's rea
criminal laws to be applied. First, there are no tangle evidence because hackers will before there
activities and leave the crime scene without any evidence because the delete and destroy all the
evidence because technology can be done everything according to the will of the person provided
that they have sufficient skills to do them (Li, Furlong, Yorio, and Portnoff, 2019).
Hacking
Hacking is an unauthorized intrusion into a network or computer systems. Hacking has been always
misunderstood by many to be a criminal activity. Hackers are the professionals who practice
hacking and they can be white hat, back hat, and red hat hackers. White hat hackers are
professionals who operate hacking legally for the benefit of the business or organizations. They
normally hack computer systems and networks with permissions to check the vulnerabilities which
might be available and hence they have to solve them before malicious hackers use such
vulnerabilities to exploit the systems. This is a legal activity and every organization's and business
must have a group of hackers to always survey their infrastructure before they are destroyed. Black
hat is professional hackers who use their skills to hack systems and exploit them for their personal
interests. They are bad guys who run businesses and an organization's systems. Red hat hackers are
the professionals who use their skills either for benefits of organization's or business or for
malicious intentions. They are middle guys. Hackers activities are to crack the password,
vulnerability scanning, packet sniffing, spoofing attack among other activities. Such activities will
always depend on the intentions of the hackers hence hacking activities are not always used
maliciously (Kachhwaha and Purohit, 2019 pp. 41-51).
Hacking is not a criminal activity
Hacking is not a criminal activity since it is always advisable for the managers and CEO's of the
companies to learn to hack. Everybody would like to hack and hence there is the usefulness of
understanding the hacking. If in-case there is a problem in the company maybe let say an employee
forgot the password then the most important thing is to crack that password and it can be done with
the authorization hence the is not criminal activity. Hackers in companies can hack the systems and
check if there are any vulnerabilities that can be used by other malicious hackers to gain access into
the company's systems and begin to do malicious activities which will cost the company. Hackers
can also check the network security if there is any hole that malicious hackers can gain access and
still passwords though traffics hence it is important to prevent them before it is too late. Therefore,
hacking can be used in a positive way not always in a negative way (Ross, Baji, and Barnett, 2019
p.237).
Actus reus and men's rea are the foundations of criminal laws. It is, however, important to judge
criminal activities basing on the guidelines of these foundations.
Criminal activities are the acts made by an individual or group of people which is against the
constitutional laws. In our discussions, we saw that there is a difference between traditional and
computer crime activities. In traditional crimes, it clearly shows that foundations of the criminal
laws are effective since the accused persons have the evidence to testify against them. We found
that there is full evidence of the crime in the crime scene because criminals leave tangible evidence
such as fingerprints, photographs or even there documents like identification cards are left in the
crime scene. It, therefore, makes the court to prosecute them since there is evidence against them
which testify there activities and such scenarios are clearly stated in actus reus and men's rea
criminal laws. On the other hand, computer crime will be very difficult for actus reus and men's rea
criminal laws to be applied. First, there are no tangle evidence because hackers will before there
activities and leave the crime scene without any evidence because the delete and destroy all the
evidence because technology can be done everything according to the will of the person provided
that they have sufficient skills to do them (Li, Furlong, Yorio, and Portnoff, 2019).
Hacking
Hacking is an unauthorized intrusion into a network or computer systems. Hacking has been always
misunderstood by many to be a criminal activity. Hackers are the professionals who practice
hacking and they can be white hat, back hat, and red hat hackers. White hat hackers are
professionals who operate hacking legally for the benefit of the business or organizations. They
normally hack computer systems and networks with permissions to check the vulnerabilities which
might be available and hence they have to solve them before malicious hackers use such
vulnerabilities to exploit the systems. This is a legal activity and every organization's and business
must have a group of hackers to always survey their infrastructure before they are destroyed. Black
hat is professional hackers who use their skills to hack systems and exploit them for their personal
interests. They are bad guys who run businesses and an organization's systems. Red hat hackers are
the professionals who use their skills either for benefits of organization's or business or for
malicious intentions. They are middle guys. Hackers activities are to crack the password,
vulnerability scanning, packet sniffing, spoofing attack among other activities. Such activities will
always depend on the intentions of the hackers hence hacking activities are not always used
maliciously (Kachhwaha and Purohit, 2019 pp. 41-51).
Hacking is not a criminal activity
Hacking is not a criminal activity since it is always advisable for the managers and CEO's of the
companies to learn to hack. Everybody would like to hack and hence there is the usefulness of
understanding the hacking. If in-case there is a problem in the company maybe let say an employee
forgot the password then the most important thing is to crack that password and it can be done with
the authorization hence the is not criminal activity. Hackers in companies can hack the systems and
check if there are any vulnerabilities that can be used by other malicious hackers to gain access into
the company's systems and begin to do malicious activities which will cost the company. Hackers
can also check the network security if there is any hole that malicious hackers can gain access and
still passwords though traffics hence it is important to prevent them before it is too late. Therefore,
hacking can be used in a positive way not always in a negative way (Ross, Baji, and Barnett, 2019
p.237).
TASK 2
Penetration Testing (PenTest)
Penetration testing is a scenario where vulnerabilities are investigated to have full information on
how the systems can be compromised in-case of any attacker either legitimate or malicious attack. It
mainly involves the exploitation of the networks, firewalls, and computers among other devices and
systems. This will lead to checking the vulnerabilities that are available (Lasser, Xm Cyber Ltd and
XM Ltd, 2019).
PenTest Methodology
PenTest have different methods which might be categorized on the basis of knowledge of the target
or position of the penetration tester. The following are among such methods:
1. Black Box, Gray Box, and White Box:
White box PenTest is basically when the penetration tester is given the full knowledge of the target
systems before the attack is initiated. Such information includes IP addresses, code samples, among
other needed information. On the other hand, the black box is a scenario where the attacker doesn't
have any knowledge of the target hence the attacker will have to do more to gain the necessary
information. Finally, gray box is a situation where the tester can have information that is publicly
available about the target hence this little information can help attacker launch their attacks, such
information are URLs, IP address, etc. This method of boxes will determine the attacker's approach
and also the techniques to use (Li, Furlong, Yorio, and Portnoff, 2019).
2. Internal and External PenTest
PenTest can be done either inside or outside the network. External PenTest is an approach that is
initiated from the outside the network and is attackers uses so many techniques to launch the attack
since they don't understand the network structure. Internal PenTest, on the other hand, is an attacker
that is done by the internal person who understands the network structure and all the systems.
Hence internal attacker will have more impact as compared to external (Kachhwaha and Purohit,
2019 pp. 41-51).
3. In-house and Third party PenTest
Company may decide to conduct penetration testing by use of in-house security team or hire a third-
party organization to conduct such test hence they are called in-house PenTest and third-party
PenTest respectively (Lasser, Xm Cyber Ltd and XM Ltd, 2019).
4. Blind and Double-Blind PenTest
Blind PenTest is a penetration test where the tester doesn't give any information except only
organizations name. Therefore, all the work will be done by the tester just like the authorized
attacker performs there work. This will be time-consuming but the results are always close to the
practical work. A double-blind test is a scenario where the test is done when the security experts
don't know anything but the senior staffs have the information when the test should be carried. This
kind of test will always alert and make sure that the security team aware when the attack is real
attacks can occur (Holsapple, Smoot, and Evert, 2019).
Penetration Testing (PenTest)
Penetration testing is a scenario where vulnerabilities are investigated to have full information on
how the systems can be compromised in-case of any attacker either legitimate or malicious attack. It
mainly involves the exploitation of the networks, firewalls, and computers among other devices and
systems. This will lead to checking the vulnerabilities that are available (Lasser, Xm Cyber Ltd and
XM Ltd, 2019).
PenTest Methodology
PenTest have different methods which might be categorized on the basis of knowledge of the target
or position of the penetration tester. The following are among such methods:
1. Black Box, Gray Box, and White Box:
White box PenTest is basically when the penetration tester is given the full knowledge of the target
systems before the attack is initiated. Such information includes IP addresses, code samples, among
other needed information. On the other hand, the black box is a scenario where the attacker doesn't
have any knowledge of the target hence the attacker will have to do more to gain the necessary
information. Finally, gray box is a situation where the tester can have information that is publicly
available about the target hence this little information can help attacker launch their attacks, such
information are URLs, IP address, etc. This method of boxes will determine the attacker's approach
and also the techniques to use (Li, Furlong, Yorio, and Portnoff, 2019).
2. Internal and External PenTest
PenTest can be done either inside or outside the network. External PenTest is an approach that is
initiated from the outside the network and is attackers uses so many techniques to launch the attack
since they don't understand the network structure. Internal PenTest, on the other hand, is an attacker
that is done by the internal person who understands the network structure and all the systems.
Hence internal attacker will have more impact as compared to external (Kachhwaha and Purohit,
2019 pp. 41-51).
3. In-house and Third party PenTest
Company may decide to conduct penetration testing by use of in-house security team or hire a third-
party organization to conduct such test hence they are called in-house PenTest and third-party
PenTest respectively (Lasser, Xm Cyber Ltd and XM Ltd, 2019).
4. Blind and Double-Blind PenTest
Blind PenTest is a penetration test where the tester doesn't give any information except only
organizations name. Therefore, all the work will be done by the tester just like the authorized
attacker performs there work. This will be time-consuming but the results are always close to the
practical work. A double-blind test is a scenario where the test is done when the security experts
don't know anything but the senior staffs have the information when the test should be carried. This
kind of test will always alert and make sure that the security team aware when the attack is real
attacks can occur (Holsapple, Smoot, and Evert, 2019).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
SOP for PenTesting
Standard Operating Procedure (SOP) are the procedures or phase that are followed to facilitate
PenTest activities. It normally depends on the organization whether they want internal or rather
eternal PenTest. In our case, we have a look at some of the basic phases used:
1. Agreement Phase
There should be a mutual agreement among both parties involved in this activity, that is, high-level
detailed methods to be followed in the exploitation. This agreement involves the appropriate time
that the test should be carried out since the test should not be carried when the network is busy
which may lead to loss of some data hence it will be a very big blow to the company. Experts to
carry out test should have full knowledge of the methods to use depending on the company and
which test should be carried (Lasser, Xm Cyber Ltd and XM Ltd, 2019).
2. Planning and reconnaissance
In this phase, there are a lot of activities to be done to benefit further which follows steps.
Information such as IP addresses, network topology, mail servers, among others, are collected in
this phase. It might be time-consuming but the results collected will make other steps easy since
information is very important to the hackers before they begin the actual attack (Justusson, Pang,
Molitor, Rassaian, and Pereira, 2019 p. 2056).
3. Scanning
Scanning is a process where the hacker will interact with the systems hence identifying their
vulnerabilities. In this phase, the hacker will only test the targeted system to check if they can gain
access to the systems (Holsapple, Smoot, and Evert, 2019).
4. Gaining Access
When the scanning is done, you have to identify vulnerabilities available and gain access to them.
Such vulnerabilities on the systems will make you do exploitation and gain full access to the
systems (Gorodissky, Ashkenazy, and Segal MX Cyber Ltd, 2019).
5. Maintaining Access
Maintaining access means make sure that you remain on the system even if the systems are
rebooted or modified. This will let you gain all information needed and also launch the test that is
after understanding how the system works (Oguz, Huvaj, and Griffiths, 2019 pp.45-56).
6. Exploitation
This is now the stage where the damage is done or if legitimate then the information needed is
collected (Justusson, Pang, Molitor, Rassaian, and Pereira, 2019 p. 2056).
7. Evidence Collection and Report writing
In this last stage, the evidence is collected and recorded then written in a report. This is where the
company will refer to any information that was done (Holsapple, Smoot, and Evert, 2019).
Standard Operating Procedure (SOP) are the procedures or phase that are followed to facilitate
PenTest activities. It normally depends on the organization whether they want internal or rather
eternal PenTest. In our case, we have a look at some of the basic phases used:
1. Agreement Phase
There should be a mutual agreement among both parties involved in this activity, that is, high-level
detailed methods to be followed in the exploitation. This agreement involves the appropriate time
that the test should be carried out since the test should not be carried when the network is busy
which may lead to loss of some data hence it will be a very big blow to the company. Experts to
carry out test should have full knowledge of the methods to use depending on the company and
which test should be carried (Lasser, Xm Cyber Ltd and XM Ltd, 2019).
2. Planning and reconnaissance
In this phase, there are a lot of activities to be done to benefit further which follows steps.
Information such as IP addresses, network topology, mail servers, among others, are collected in
this phase. It might be time-consuming but the results collected will make other steps easy since
information is very important to the hackers before they begin the actual attack (Justusson, Pang,
Molitor, Rassaian, and Pereira, 2019 p. 2056).
3. Scanning
Scanning is a process where the hacker will interact with the systems hence identifying their
vulnerabilities. In this phase, the hacker will only test the targeted system to check if they can gain
access to the systems (Holsapple, Smoot, and Evert, 2019).
4. Gaining Access
When the scanning is done, you have to identify vulnerabilities available and gain access to them.
Such vulnerabilities on the systems will make you do exploitation and gain full access to the
systems (Gorodissky, Ashkenazy, and Segal MX Cyber Ltd, 2019).
5. Maintaining Access
Maintaining access means make sure that you remain on the system even if the systems are
rebooted or modified. This will let you gain all information needed and also launch the test that is
after understanding how the system works (Oguz, Huvaj, and Griffiths, 2019 pp.45-56).
6. Exploitation
This is now the stage where the damage is done or if legitimate then the information needed is
collected (Justusson, Pang, Molitor, Rassaian, and Pereira, 2019 p. 2056).
7. Evidence Collection and Report writing
In this last stage, the evidence is collected and recorded then written in a report. This is where the
company will refer to any information that was done (Holsapple, Smoot, and Evert, 2019).
Decision-Making Tree
Decision-making tree is basically a method of identifying and sorting out the problem with the aim
of solving it using the procedures. We can apply in PenTest as shown below:
1. Intelligence Gathering
Intelligence information gathering is the process of collecting information by performing
reconnaissance on the systems. Information is very important to the attacks hence they should
collect enough pieces of information which will help them to exploitations. The attacker can use
active or passive reconnaissance. Active reconnaissance is a process of information gathering while
the targeted company is fully aware that their systems are being attacked. This requires experts
because they can be easily known that there is an attack being launched. Passive reconnaissance is
done when the systems are not actively working but they are on. This attack cannot involve a lot of
challenges because no one can notice the activity hence it is easier to check vulnerabilities
(Gorodissky, Ashkenazy, and Segal MX Cyber Ltd, 2019).
2. Vulnerability Identification and Analysis
Scanning is a process where the hacker will interact with the systems hence identifying their
vulnerabilities. In this phase, the hacker will only test the targeted system to check if they can gain
access to the systems. When the scanning is done, you have to identify vulnerabilities available and
gain access to them. Such vulnerabilities on the systems will make you do exploitation and gain full
access to the systems. Maintaining access means make sure that you remain on the system even if
the systems are rebooted or modified. This will let you gain all information needed and also launch
the test that is after understanding how the system works (Wang, Shao, Ge, and Yu, 2019 p.334).
3. Target Exploitation
This is now the stage where the damage is done or if legitimate then the information needed is
collected. At this point, the targeted systems have already been identified and hence it will be very
easy to exploit them. The only process remaining is launching the attack and waiting for the results
(Oguz, Huvaj, and Griffiths, 2019 pp.45-56).
Decision-making tree is basically a method of identifying and sorting out the problem with the aim
of solving it using the procedures. We can apply in PenTest as shown below:
1. Intelligence Gathering
Intelligence information gathering is the process of collecting information by performing
reconnaissance on the systems. Information is very important to the attacks hence they should
collect enough pieces of information which will help them to exploitations. The attacker can use
active or passive reconnaissance. Active reconnaissance is a process of information gathering while
the targeted company is fully aware that their systems are being attacked. This requires experts
because they can be easily known that there is an attack being launched. Passive reconnaissance is
done when the systems are not actively working but they are on. This attack cannot involve a lot of
challenges because no one can notice the activity hence it is easier to check vulnerabilities
(Gorodissky, Ashkenazy, and Segal MX Cyber Ltd, 2019).
2. Vulnerability Identification and Analysis
Scanning is a process where the hacker will interact with the systems hence identifying their
vulnerabilities. In this phase, the hacker will only test the targeted system to check if they can gain
access to the systems. When the scanning is done, you have to identify vulnerabilities available and
gain access to them. Such vulnerabilities on the systems will make you do exploitation and gain full
access to the systems. Maintaining access means make sure that you remain on the system even if
the systems are rebooted or modified. This will let you gain all information needed and also launch
the test that is after understanding how the system works (Wang, Shao, Ge, and Yu, 2019 p.334).
3. Target Exploitation
This is now the stage where the damage is done or if legitimate then the information needed is
collected. At this point, the targeted systems have already been identified and hence it will be very
easy to exploit them. The only process remaining is launching the attack and waiting for the results
(Oguz, Huvaj, and Griffiths, 2019 pp.45-56).
TASK 3
Penetration Test Attack Narrative (not an activity narrative)
Network Penetration Test
A network penetration test can be successfully achieved by effort and plans to ensure that the test is
properly executed. We should follow step by step procedures until we have a successful penetration
test.
Comprehensive network assessment
The network should be comprehensively assessed before penetration test is carried out. Many
companies would prefer external test to internal test simply because it exposes vulnerabilities that
another hacker can use to gain access into the network and do their malicious activities. We have to
check the network topology to see which available layers can be attacked. We should also apply the
box techniques. White box PenTest is basically when the penetration tester is given the full
knowledge of the target systems before the attack is initiated. Such information includes IP
addresses, code samples, among other needed information. On the other hand, a black box is a
scenario where the attacker doesn't have any knowledge of the target hence the attacker will have to
do more to gain the necessary information. Finally, gray box is a situation where the tester can have
information that is publicly available about the target hence this little information can help attacker
launch their attacks, such information are URLs, IP address, etc. This method of boxes will
determine the attacker's approach and also the techniques to use (Gorodissky, Ashkenazy, and Segal
MX Cyber Ltd, 2019).
Planning and reconnaissance
We need to have a plan and also do both passive and active reconnaissance on the network
topology, there are a lot of activities to be done to benefit further which follows steps. Information
such as IP addresses, network topology, mail servers, among others, are collected in this phase. It
might be time-consuming but the results collected will make other steps easy since information is
very important to the hackers before they begin the actual attack. We have to be more patient here
just to obtain relevant information about the network (Shah, Ahmed, Saeed, Junaid, and Khan,
2019, January pp. 1-6).
Creating a communications plan
We should create a communication plan where we should phish IT department using email hence
obtaining relevant data which contains router passwords. After doing this we have to now make sure
we monitor the activities taking place inside the department. We need to use scanners here to check
active IP addresses and computers hence give us a chance to gain access into them (Oguz, Huvaj,
and Griffiths, 2019 pp.45-56).
Penetration Test Attack Narrative (not an activity narrative)
Network Penetration Test
A network penetration test can be successfully achieved by effort and plans to ensure that the test is
properly executed. We should follow step by step procedures until we have a successful penetration
test.
Comprehensive network assessment
The network should be comprehensively assessed before penetration test is carried out. Many
companies would prefer external test to internal test simply because it exposes vulnerabilities that
another hacker can use to gain access into the network and do their malicious activities. We have to
check the network topology to see which available layers can be attacked. We should also apply the
box techniques. White box PenTest is basically when the penetration tester is given the full
knowledge of the target systems before the attack is initiated. Such information includes IP
addresses, code samples, among other needed information. On the other hand, a black box is a
scenario where the attacker doesn't have any knowledge of the target hence the attacker will have to
do more to gain the necessary information. Finally, gray box is a situation where the tester can have
information that is publicly available about the target hence this little information can help attacker
launch their attacks, such information are URLs, IP address, etc. This method of boxes will
determine the attacker's approach and also the techniques to use (Gorodissky, Ashkenazy, and Segal
MX Cyber Ltd, 2019).
Planning and reconnaissance
We need to have a plan and also do both passive and active reconnaissance on the network
topology, there are a lot of activities to be done to benefit further which follows steps. Information
such as IP addresses, network topology, mail servers, among others, are collected in this phase. It
might be time-consuming but the results collected will make other steps easy since information is
very important to the hackers before they begin the actual attack. We have to be more patient here
just to obtain relevant information about the network (Shah, Ahmed, Saeed, Junaid, and Khan,
2019, January pp. 1-6).
Creating a communications plan
We should create a communication plan where we should phish IT department using email hence
obtaining relevant data which contains router passwords. After doing this we have to now make sure
we monitor the activities taking place inside the department. We need to use scanners here to check
active IP addresses and computers hence give us a chance to gain access into them (Oguz, Huvaj,
and Griffiths, 2019 pp.45-56).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Monitoring Plan
We should also have a strict monitoring plan to make sure we study their network traffic carefully.
This included scanning, you have to identify vulnerabilities available and gain access to them. Such
vulnerabilities on the systems will make you do exploitation and gain full access to the systems.
Maintaining access means make sure that you remain on the system even if the systems are
rebooted or modified. This will let you gain all information needed and also launch the test that is
after understanding how the system works (Justusson, Pang, Molitor, Rassaian, and Pereira, 2019 p.
2056).
Vulnerability Detail and Mitigation
Intelligence information gathering is the process of collecting information by performing
reconnaissance on the systems. Information is very important to the attacks hence they should
collect enough information which will help them to exploitations. We have to use active or passive
reconnaissance. Active reconnaissance is a process of information gathering while the targeted
company is fully aware that their network is being attacked. This requires a lot of skills because
they can easily know that there is an attack being launched. Passive reconnaissance is done when
the systems are not actively working but they are on. This attack cannot involve a lot of challenges
because no one can notice the activity hence it is easier to check vulnerabilities.
Scanning is a process where the hacker will interact with the systems hence identifying their
vulnerabilities. In this phase, we will only test the network topology to check if they can gain access
through any layer. When the scanning is done, we have to identify vulnerabilities available and gain
access to them. Such vulnerabilities on the systems will make you do exploitation and gain full
access to the systems. Maintaining access means make sure that you remain on the system even if
the systems are rebooted or modified. This will let you gain all information needed and also launch
the test that is after understanding how the system works (Shah, Ahmed, Saeed, Junaid, and Khan,
2019, January pp. 1-6).
Network Exploitation
This is now the stage where the damage is done or if legitimate then the information needed is
collected. At this point, the targeted network has already been identified and hence it will be very
easy to exploit them. The only process remaining is launching the attack and waiting for the results.
Blind PenTest is a penetration test where the tester doesn't give any information except only
organizations name. Therefore, all the work will be done by the tester just like the authorized
attacker performs there work. This will be time-consuming but the results are always close to the
practical work. A double-blind test is a scenario where the test is done when the security experts
don't know anything but the senior staffs have the information when the test should be carried. This
kind of test will always alert and make sure that the security team aware when the attack is real
attacks can occur (Wang, Shao, Ge, and Yu, 2019 p.334).
We should also have a strict monitoring plan to make sure we study their network traffic carefully.
This included scanning, you have to identify vulnerabilities available and gain access to them. Such
vulnerabilities on the systems will make you do exploitation and gain full access to the systems.
Maintaining access means make sure that you remain on the system even if the systems are
rebooted or modified. This will let you gain all information needed and also launch the test that is
after understanding how the system works (Justusson, Pang, Molitor, Rassaian, and Pereira, 2019 p.
2056).
Vulnerability Detail and Mitigation
Intelligence information gathering is the process of collecting information by performing
reconnaissance on the systems. Information is very important to the attacks hence they should
collect enough information which will help them to exploitations. We have to use active or passive
reconnaissance. Active reconnaissance is a process of information gathering while the targeted
company is fully aware that their network is being attacked. This requires a lot of skills because
they can easily know that there is an attack being launched. Passive reconnaissance is done when
the systems are not actively working but they are on. This attack cannot involve a lot of challenges
because no one can notice the activity hence it is easier to check vulnerabilities.
Scanning is a process where the hacker will interact with the systems hence identifying their
vulnerabilities. In this phase, we will only test the network topology to check if they can gain access
through any layer. When the scanning is done, we have to identify vulnerabilities available and gain
access to them. Such vulnerabilities on the systems will make you do exploitation and gain full
access to the systems. Maintaining access means make sure that you remain on the system even if
the systems are rebooted or modified. This will let you gain all information needed and also launch
the test that is after understanding how the system works (Shah, Ahmed, Saeed, Junaid, and Khan,
2019, January pp. 1-6).
Network Exploitation
This is now the stage where the damage is done or if legitimate then the information needed is
collected. At this point, the targeted network has already been identified and hence it will be very
easy to exploit them. The only process remaining is launching the attack and waiting for the results.
Blind PenTest is a penetration test where the tester doesn't give any information except only
organizations name. Therefore, all the work will be done by the tester just like the authorized
attacker performs there work. This will be time-consuming but the results are always close to the
practical work. A double-blind test is a scenario where the test is done when the security experts
don't know anything but the senior staffs have the information when the test should be carried. This
kind of test will always alert and make sure that the security team aware when the attack is real
attacks can occur (Wang, Shao, Ge, and Yu, 2019 p.334).
Reporting
Penetration testing was successfully launched. We obtain the IP addresses on the network and mail
servers passwords. The methods we applied was successful and all was helpful even though we
experienced some difficulties. We collected routers password and we now understand the traffic
flow of the systems hence we can now exploit the network and do anything we would like to do
there. The information we phished in the IT department means we have collected all the relevant
information about the company in general hence we can now launch an attack at anytime
(Justusson, Pang, Molitor, Rassaian, and Pereira, 2019 p. 2056).
Penetration testing was successfully launched. We obtain the IP addresses on the network and mail
servers passwords. The methods we applied was successful and all was helpful even though we
experienced some difficulties. We collected routers password and we now understand the traffic
flow of the systems hence we can now exploit the network and do anything we would like to do
there. The information we phished in the IT department means we have collected all the relevant
information about the company in general hence we can now launch an attack at anytime
(Justusson, Pang, Molitor, Rassaian, and Pereira, 2019 p. 2056).
Conclusion
The network should be comprehensively assessed before penetration test is carried out. Penetration
testing is scenario where vulnerabilities are investigated to have full information on how the
systems can be compromised in-case of any attacker either legitimate or malicious attack. It mainly
involves the exploitation of the networks, firewalls and computers among other devices and
systems. This will lead to checking the vulnerabilities that are available. Network penetration test
can be successfully achieved by effort and plans to ensure that the test is properly executed. We
should follow step by step procedures until we have a successful penetration test. We have to check
the network topology to see which available layers can be attacked. We should also apply the box
techniques. White box PenTest is basically when the penetration tester is given the full knowledge
of the target systems before the attack is initiated. Such information includes IP addresses, code
samples, among other needed information. On the other hand, the black box is a scenario where the
attacker doesn't have any knowledge of the target hence the attacker will have to do more to gain
the necessary information. Finally, gray box is a situation where the tester can have information that
is publicly available about the target hence this little information can help attacker launch their
attacks, such information are URLs, IP address, etc. This method of boxes will determine the
attacker's approach and also the techniques to use (Shah, Ahmed, Saeed, Junaid, and Khan, 2019,
January pp. 1-6).
The network should be comprehensively assessed before penetration test is carried out. Penetration
testing is scenario where vulnerabilities are investigated to have full information on how the
systems can be compromised in-case of any attacker either legitimate or malicious attack. It mainly
involves the exploitation of the networks, firewalls and computers among other devices and
systems. This will lead to checking the vulnerabilities that are available. Network penetration test
can be successfully achieved by effort and plans to ensure that the test is properly executed. We
should follow step by step procedures until we have a successful penetration test. We have to check
the network topology to see which available layers can be attacked. We should also apply the box
techniques. White box PenTest is basically when the penetration tester is given the full knowledge
of the target systems before the attack is initiated. Such information includes IP addresses, code
samples, among other needed information. On the other hand, the black box is a scenario where the
attacker doesn't have any knowledge of the target hence the attacker will have to do more to gain
the necessary information. Finally, gray box is a situation where the tester can have information that
is publicly available about the target hence this little information can help attacker launch their
attacks, such information are URLs, IP address, etc. This method of boxes will determine the
attacker's approach and also the techniques to use (Shah, Ahmed, Saeed, Junaid, and Khan, 2019,
January pp. 1-6).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Reference
Gorodissky, B., Ashkenazy, A. and Segal, R., Xm Cyber Ltd, 2019. Verifying success of
compromising a network node during penetration testing of a networked system. U.S. Patent
Application 10/257,220.
Holsapple, H., Smoot, D., and Evert, J., 2019. Penetration Testing Using A Raspberry Pi.
Justusson, B., Pang, J., Molitor, M., Russian, M. and Pereira, M., 2019. The Use of Depth of
Penetration Testing to Develop Element Erosion Parameters in LS-DYNA Explicit Simulations. In
AIAA SciTech 2019 Forum (p. 2056).
Kachhwaha, R. and Purohit, R., 2019. Relating vulnerability and security service points for web
application through penetration testing. In Progress in Advanced Computing and Intelligent
Engineering (pp. 41-51). Springer, Singapore.
Lasser, M., Xm Cyber Ltd and XM Ltd, 2019. Systems and methods for using multiple lateral
movement strategies in penetration testing. U.S. Patent Application 15/993,453.
Li, M., Furlong, J.L., Yorio, P.L. and Portnoff, L., 2019. A new approach to measure the resistance
of a fabric to liquid and viral penetration. PloS one, 14(2), p.e0211827.
Oguz, E.A., Huvaj, N. and Griffiths, D.V., 2019. Vertical spatial correlation length based on
standard penetration tests. Marine Georesources & Geotechnology, 37(1), pp.45-56.
Ross, R., Baji, A. and Barnett, D., 2019. Inner Profile Measurement for Pipes Using Penetration
Testing. Sensors, 19(2), p.237.
Shah, M., Ahmed, S., Saeed, K., Junaid, M. and Khan, H., 2019, January. Penetration Testing Active
Reconnaissance Phase–Optimized Port Scanning With Nmap Tool. In 2019 2nd International
Conference on Computing, Mathematics and Engineering Technologies (iCoMET) (pp. 1-6). IEEE.
Wang, J., Shao, Y., Ge, Y. and Yu, R., 2019. A survey of the vehicle to everything (v2x) testing.
Sensors, 19(2), p.334.
Gorodissky, B., Ashkenazy, A. and Segal, R., Xm Cyber Ltd, 2019. Verifying success of
compromising a network node during penetration testing of a networked system. U.S. Patent
Application 10/257,220.
Holsapple, H., Smoot, D., and Evert, J., 2019. Penetration Testing Using A Raspberry Pi.
Justusson, B., Pang, J., Molitor, M., Russian, M. and Pereira, M., 2019. The Use of Depth of
Penetration Testing to Develop Element Erosion Parameters in LS-DYNA Explicit Simulations. In
AIAA SciTech 2019 Forum (p. 2056).
Kachhwaha, R. and Purohit, R., 2019. Relating vulnerability and security service points for web
application through penetration testing. In Progress in Advanced Computing and Intelligent
Engineering (pp. 41-51). Springer, Singapore.
Lasser, M., Xm Cyber Ltd and XM Ltd, 2019. Systems and methods for using multiple lateral
movement strategies in penetration testing. U.S. Patent Application 15/993,453.
Li, M., Furlong, J.L., Yorio, P.L. and Portnoff, L., 2019. A new approach to measure the resistance
of a fabric to liquid and viral penetration. PloS one, 14(2), p.e0211827.
Oguz, E.A., Huvaj, N. and Griffiths, D.V., 2019. Vertical spatial correlation length based on
standard penetration tests. Marine Georesources & Geotechnology, 37(1), pp.45-56.
Ross, R., Baji, A. and Barnett, D., 2019. Inner Profile Measurement for Pipes Using Penetration
Testing. Sensors, 19(2), p.237.
Shah, M., Ahmed, S., Saeed, K., Junaid, M. and Khan, H., 2019, January. Penetration Testing Active
Reconnaissance Phase–Optimized Port Scanning With Nmap Tool. In 2019 2nd International
Conference on Computing, Mathematics and Engineering Technologies (iCoMET) (pp. 1-6). IEEE.
Wang, J., Shao, Y., Ge, Y. and Yu, R., 2019. A survey of the vehicle to everything (v2x) testing.
Sensors, 19(2), p.334.
1 out of 11
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.