Malicious attackers often think and work like thieves, kidnappers, and other organized criminals you hear about in the news every day. The smart ones constantly devise ways to fly under the radar and exploit even the smallest weaknesses that lead them to their target. The following are examples of how hackers and malicious users think and work. This list isn’t intended to highlight specific exploits that I cover in this blog or tests that I recommend you carry out, but rather to demonstrate the context and approach of a malicious mindset:
✓ Evading an intrusion prevention system by changing their MAC address or IP address every few minutes to get further into a network without being completely blocked
✓ Exploiting a physical security weakness by being aware of offices that have already been cleaned by the cleaning crew and are unoccupied (and thus easy to access with little chance of getting caught), which might be made obvious by, for instance, the fact that the office blinds are opened and the curtains are pulled shut in the early morning
✓ Bypassing web access controls by changing a malicious site’s URL to its dotted decimal IP address equivalent and then converting it to hexadecimal for use in the web browser
Also read this :― Social Engineering Toolkit (SET)
✓ Using unauthorized software that would otherwise be blocked at the firewall by changing the default TCP port that it runs on
✓ Setting up a wireless “evil twin” near a local Wi‐Fi hotspot to entice unsuspecting Internet surfers onto a rogue network where their information can be captured and easily manipulated
Also read this :―Wi‐Fi Protected Setup
✓ Using an overly‐trusting colleague’s user ID and password to gain access to sensitive information that would otherwise be highly improbable to obtain
✓ Unplugging the power cord or Ethernet connection to a networked security camera that monitors access to the computer room or other sensitive areas and subsequently gaining unmonitored network access
✓ Performing SQL injection or password cracking against a website via a neighbor’s unprotected wireless network in order to hide the malicious user’s own identity
Malicious hackers operate in countless ways, and this list presents only a small number of the techniques hackers may use. IT and security professionals need to think and work this way in order to really dig in and find security vulnerabilities that may not otherwise be uncovered.
Like us on Facebook : Grey Hat Hackers
NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.