Menu

Pretending to protect: How ethical hacking exposes weaknesses to be protected

The best defence is a good attack, or at least that is how it is in cybersecurity. From this concept comes the concept of pentesting, which allows weaknesses in a device, in this case a virtual machine, to be revealed and corrected.

Pentesting, or ethical hacking, simulates all kinds of attacks in order to find the weak points of a system that would not withstand a real attack, dedicating efforts to strengthen them and ensure that they will not be repeated.

Carried out by Andrés Orozco Noreña | Ernesto López Bravo | Luis Miguel Rodríguez

Qualification Cybersecurity Master

Technologies DoubleTrouble | Kali Linux | Metasploit | NMAP | ARP | GoBuster | StegSeek | Steghide | Searchsploit | Hacker Kid | Hacker Kid | Searchsploit | Searchsploit | Searchsploit | Searchsploit | Hacker Kid

Best Capstone Award 2024

What is the motivation?

Cybersecurity is key in an increasingly technological world and, at the moment, there is no more reliable way to understand how a cybercriminal works than by mimicking it. An ethical hacking process simulates a real attack, finding weaknesses and vulnerabilities, so that they can be addressed. In recent years, numerous techniques and procedures have emerged that allow these tests to be carried out more efficiently and to counter the advances of cybercrime.

Program aims

  • Carry out an exhaustive analysis of the existing vulnerabilities in the DoubleTrouble virtual machine with ethical hacking tools and techniques.
  • Identify and assess the weaknesses present in the virtual machine.
  • Propose mitigation measures to correct the vulnerabilities found.
  • Document the analysis process and mitigation measures.

Development

The ethical hacking process followed several steps, which employed a variety of pentesting techniques:

  • Definition of types of evidenceEthical hacking can be done with a lot or little information, depending on the objectives. In this case, it was decided on the types of tests in which the organisation under analysis provides access to the network where the resources are located, but not to the servers or applications. The different attacks to be carried out, such as network penetration or database access, were also defined.
  • Phases of implementationAs with any process, pentesting is done in phases. It started with a scan in order to find the access point, after which the access was kept undetected in order to get all the necessary information. Finally, a fingerprint wipe was performed, which is essential to avoid being discovered later on.
  • Report writingEthical hacking concluded with the production of a report containing all the findings, as well as recommendations to be followed in order to solve the problems and protect the assets against real attacks.

Results

This ethical hacking process revealed numerous vulnerabilities in the virtual machine, such as compromised ports and injected code, through non-intrusive scanning so that traffic was not blocked and raised no alarms. All vulnerabilities found were compiled in a report in order to have a complete overview and facilitate the resolution of all issues, thus preventing different types of attacks and problems.

Conclusions

Ethical hacking has become an essential process for any organisation, as it is a proactive way to stay ahead of cybercriminals and keep all assets safe. It also provides security recommendations, both for devices and the people who interact with them.

arrow-right