DoS and Hacking Methodology

DoS Attack Methodology:

• DoS Attack pen testing
• Define objective
• Test for heavy loads on the server
• Check for DoS vulnerable systems
• Run SYN attack on server
• Run port flooding attacks on the server
• Run email bomber on the email servers
• Flood the website forms and guestbook with bogus entries
• Document all findings

    Hacking Methodolgy - various sections:
    
    

Password Cracking Methodology:

• Identify Password Protected Systems
• Check for password complexity
• Perform Social Engineering (if needed)
• Perform Shoulder surfing (if needed)
• Perform dumpster diving
• Perform Dictionary Attack
• Perform Brute forcing attack
• Perform Rule-based attack
• Perform Password guessing.

Password cracking continued:

• Perform trojan/spyware/keyloggers
• Perform Hash injection attack
• Perform Wire Sniffing
• Perform Man in the middle attack
• Perform Replay attack
• Perform Rainbow table attack
• Perform distributed network attack

Privilege Escalation Methodology:

• Try to log in with enumerated user name and cracked passwords
• Interactive logon privs are restricted
• Try to run services as unpriv accounts
• Perform DLL Hijacking
• Try to exploit vuln
• Perform Dylib hijacking
• Try various priv escalation techniques

Executing Applications:

• Check if AV software is installed and up to date
• Check if firewall software and anti keylogging software is installed
• Check if the hardware systems are secured in a locked enviroment
• Try to use keyloggers
• Try to use Spyware
• Use tools for remote execution

Hiding Files:

• Try to install rootkits in the target system
• Perform intgrity based detection techniques
• Perform signature based detection technique
• Perform Cross view based detection technique
• Perform heuristic detection technique
• Check if AV and anti spyware software are updated regularly
• Check if patches for OS and apps are updated
• Use Windows hidden stream (NTFS-ADS) to inject malicious code
• Use Steg to hide secret messages
• Perform Steganalysis technique

Covering Tracks:

• Remove web activity tracks
• Disable auditing
• Tamper log files
• Clear BASH shell tracks
• Clear tracks on network
• Close all remote connections to the victim machine
• Close any opened ports