1.
Ethical
hacking
A COMPREHENSIVE CHEATSHEET
Author: Alex Lin Holden
Content Strategist
www.megawattcontent.com

2.
Tip: Use links to automatically jump to another section.
How: Select a tile on the table. Click on the link symbol
on the toolbar, and select the page in your presentation
you want to connect.
3
What is ethical
hacking?
4
why do we ethically
hack?
5 the five phases
6 reconnaissance
10 scanning
14 gaining access
18 maintaining access
22 covering tracks
26 Megawatt takeawayS
Navigation
Page

3.
what is ethical hacking?
ETHICAL HACKING IS:
The authorized process of bypassing defense programs
to test an organization's security infrastructure
A proactive method of identifying vulnerabilities in
systems to defend against breaches, risks, and threats
When a compensated and qualified professional will
transparently act as a malicious intruder
Always pre-approved and permitted by the penetrated
organization
Back to Navigation Page
IT IS NOT:
An add-on or "nice to have" in a comprehensive security
program
A new or experimental method of enhancing cybersecurity
programs — today's approach can be traced to the 1970s
When an unsolicited hacker breaches systems "for the
greater good"
An excuse to wear a dark hoodie before Labor Day

4.
Hex Code
#FFFFFF
Why do we ethically
hack?
It incorporates one
of the key parts of
real BAD ACTOR
attacks: the human
element.
(Though many
attacks today have
automated elements
as well.)
Ethical hacking is
a safe, proactive,
and measurable
way of testing for
risks and
vulnerabilities.
Back to Navigation Page
Ethical hackers are
able to think, plan,
and behave like
actual threat
actors, allowing
them to
meticulously probe
an organization's
security systems
for weaknesses.
Ethical hacking
minimizes the
impact of
potential threats
and optimizes
limited resources,
reducing the
chances of a
successful attack.

5.
the five stages
reconnaissance
research
information
gathering on
everything about /
related to the
organization
STAGE 1 STAGE 3
STAGE 2
Back to Navigation Page
STAGE 4 STAGE 5
scanning
research
finding and testing
for open ports
associated with the
organization
gaining access
action
exploiting an open
port to penetrate the
organization's
systems
maintaining
access
action
developing stealthy
ways of lingering in
the organization's
environments
covering
tracks
action
Removing signs of
exploitation before
exiting systems

6.
reconnaissance
Reconnaissance is the first — and
arguably most important — stage
of ethical hacking.
It is the widespread information
gathering stage, where ethical
hackers mine open sources for as
many details on the target
organization as possible.
During this stage, ethical hackers
may use tools like Whois,
theHarvester, and Hunter.io.
Back to Navigation Page

7.
Back to Navigation Page
Reconnaissance
The goal of
reconnaissance is to learn
as much information as
possible and become
deeply familiar with the
target systems.
Ethical hackers gather IP
addresses, email
addresses, OS types,
active machines, and
networks to build a strong
foundation for their attack
plans.

8.
Most reconnaissance time is spent
"footprinting."
Footprinting is the process of
gathering data about target
systems that can be used to hack
further down the line. Ethical
hackers investigate the "footprint,"
or connection of digital assets, that
an organization has.
Valuable information acquired
through footprinting includes
firewalls, OS types, security
configurations, URLs, VPNs,
networks, devices, and more.
Back to Navigation Page
reconnaissance

9.
Back to Navigation Page
Reconnaissance
Another critical part of the
reconnaissance stage is
enumeration.
Enumeration is when an
ethical hacker sets up an
active connection with the
target system to discover
as many attack vectors as
possible.
One popular enumeration
tool is enum4linux, which
can deliver all usernames
associated with a particular
IP address.

10.
Scanning is the second stage of
ethical hacking.
It is one of the most famous
methods that attackers use to find
vulnerable services and systems.
Back to Navigation Page
Scanning

11.
Back to Navigation Page
Scanning
Scanning is a more
aggressive and more
active form of
reconnaissance. It is the
process of identifying live
hosts, ports, and services
and pinpointing their
potential vulnerabilities.
Network scanning is used
to create a digital profile of
the targeted organization.

12.
Ethical hackers use tools called
vulnerability scanners to search a
target's network for exploitable
entrypoints.
A simple tool like traceroute can
gather information about systems,
routers, firewalls, and other critical
network aspects.
Traceroute works by sending
Internet Control Message Protocol
(ICMP) packets. These packets
help determine if a particular
router is capable of transferring
data, as well as map out the path
each packet takes.
Back to Navigation Page
Scanning

13.
Back to Navigation Page
Scanning
Ethical hackers also use
port scanners, like Nmap,
to detect listening ports
and find out information
about the services running
on these ports.
This is a key part of ethical
hacking as it helps
determine which ports are
unnecessarily active and
vulnerable, allowing
defending organizations to
shut down extraneous
services.

14.
Gaining access
Passive Online Attacks
Active Online Attacks
Offline Attacks
Non-Electronic Attacks
This is the phase of ethical
hacking where the hacker gains
access to the target organization's
system. AKA, the actual "attack"
part of the hack.
There are many different types of
attacks hackers use to gain
access:
Back to Navigation Page

15.
Hex Code
#FFFFFF
Gaining access
Their main goal
in attacking is
to passively
observe the
system
environment.
they do not
change the
system in any
way.
Passive online
attacks include
wire sniffing, man
in the middle
attacks, and
replay attacks.
Back to Navigation Page
Active online
attacks include
password
guessing,
trojans/spyware/
keyloggers, hash
injection, and
phishing.
These attacks
aggressively
upgrade the hacker
to administrator-
level privileges.
This allows
hackers to make
changes to the
exploited system.

16.
Hex Code
#FFFFFF
Gaining access
Offline
attacks are
most often used
by attackers
when they're
checking the
validity of
passwords.
Offline attacks
include pre-
computed
hashes,
distributed
networks, and
rainbow attacks.
Back to Navigation Page
Non-electronic
attacks include
social
engineering,
shoulder surfing,
phishing, and
dumpster diving.
These are like
those
stereotypical
phishing emails
"From the IRS" that
make their way
through filters.
they require no
technical
knowledge and are
the most common
type of attack.

17.
Gaining access is the "boom" in
the attack cycle. Ethical hackers
can test the strength of security
processes by using each type of
method to ensure an
organization's technical and
cultural strengths around security.
Although this may be the flashiest
part of the ethical hacking phases,
it is key to note that this step would
not be possible without the prior
two. The more information on a
target system that is readily
accessible, the easier it is to hack
into.
Back to Navigation Page
Gaining access

18.
After gaining access, ethical
hackers must take steps to
maintain access.
Often, hackers can't accomplish
all their goals with a single visit. It
may take several sessions to
steal, change, gain, or destroy all
the targeted information and
assets.
So, there are a few key strategies
that ethical hackers use to stay
within systems.
Back to Navigation Page
Maintaining access

19.
Back to Navigation Page
maintaining access
Stealth: The first strategy
that ethical hackers use to
maintain access is to
remain undetected.
To be stealthy, hackers
will often work very slowly
to avoid detection under
security systems looking
for suspicious or abnormal
behavior.
These stealth methods
can include slowing scans,
programming malware so
it runs in the background,
and hiding data in
innocuous-looking DNS
requests to make traffic
look legitimate

20.
Privilege Escalation: Another
method ethical hackers use to
maintain access is enacting
privilege escalation.
Privilege escalation is the process
of gaining higher-level
permissions and access to servers
and networks. Ethical hackers
accomplish this by creating admin-
level usernames and passwords
which they then operate under,
allowing hackers to simply log into
environments the next time they
want to initiate an attack.
Back to Navigation Page
Maintaining access

21.
Back to Navigation Page
maintaining access
Backdoor: The third
strategy ethical hackers
use to maintain access is
creating backdoors.
A backdoor is a type of
installable software that
allows hackers to remotely
log into systems without
detection.
When OS updates and
patches happen, it can be
difficult to maintain access
through back doors.
Luckily (or unluckily?),
ethical hackers can utilize
rootkits, or malware
packages that boot up
before operating systems
to keep backdoors active
and accessible.

22.
Covering Tracks
Covering tracks is the last phase
of ethical hacking. It entails hiding
any evidence that a hacker was
even present in the environment.
If hackers can successfully
conceal their presence, then they
open up the possibility of further
attacks on the same systems,
targets, and organizations.
Back to Navigation Page

23.
Hex Code
#FFFFFF
Covering tracks
Their main goal
here is to
delete any
digital trails
of their
activity in the
environment.
The easiest
course of
action here is
deleting logs.
The first step
hackers take in
covering tracks is
identifying every
log or file that
maintains some
record of their
presence or
movement.
Back to Navigation Page
But simply
deleting logs
would arouse
suspicion. More
sophisticated
ethical hackers
edit the logs by
removing those
detecting their
presence.
An even more
advanced ethical
hacker would take
previous logs and
sessions and place
them where the
removed logs were,
updating the time
stamps so there
are no suspicious
gaps.

24.
Hex Code
#FFFFFF
Covering tracks
Ethical
hackers can
hack into the
network's logs
and similarly
edit session
logs and
timestamps to
remove signs of
suspicious
activity or
access.
After ethical
hackers remove
traces of
intrusion, they
also need to
remove traces of
the attack from
the network.
Back to Navigation Page
Several other
systems in a
network keep logs
of activity. Ethical
hackers must edit
these logs, too, to
fully cover their
tracks, as anything
left behind could
sound alarm bells.
DNS, DHCP, and file
servers are other
places that
ethical hackers
must keep in mind
when covering up
their tracks.
Suffice to say,
there's a lot of
activity auditing
going on in this
last step.

25.
Covering Tracks
Not all ethical hackers approach
the idea of covering tracks in the
same way.
While many ethical hackers do
their due diligence and edit all logs
tracking their activity, some ethical
hackers relax into a "security
through obscurity" approach.
Given the vast amount of data that
systems process each day, these
ethical hackers bank on the idea
that if they work slowly enough, no
one will notice their activity, even if
it's logged.
Back to Navigation Page

26.
Megawatt takeawayS
WHY IS THIS IMPORTANT?
Ethical hackers utilize the same tactics that malicious
actors use; the only difference is that they use their
powers for good. So, all the strategies we covered in this
deck are strategies organizations need to know about to
defend against threats and attacks.
Back to Navigation Page
With the average cost of a data breach skyrocketing to
$4.4M in 2022, all businesses must make cybersecurity a
top priority. The best way to identify vulnerabilities and
develop a good attack response plan is to find out exactly
where vulnerabilities are and how attacks happen. Enter
ethical hacking!
According to the US Bureau of Labor, the information
security analysis industry is projected to grow 33% by
2030, making it one of the fastest-growing industries in the
country. Ethical hackers are transforming and shaping
the cybersecurity industry of tomorrow, and security
marketers should understand this trend to stay up to
date.

27.
About Megawatt
WHO IS MEGAWATT
We are a content marketing agency focused on a few key
B2B tech niches, including cybersecurity — one of our
main areas of expertise. Our team loves to dig deep and
learn about topics like ethical hacking and write awesome
content for (ourselves and) our awesome security clients.
Many Megawatt cybersecurity clients offer an abundance
of professional services to their own customers. These
services can include penetration testing, which is a form
of ethical hacking.
Back to Navigation Page
Want to learn more about Megawatt and how we help
security companies of all stripes — including those that
employ ethical hacking — produce content that security
pros actually want to read? (Yeah, we know.) Get in touch!
Website: www.megawattcontent.com
Email: inquiry@megawattcontent.com
Weekly (short and sweet) Newsletter
LinkedIn: Megawatt
Instagram: Megawatt_Content
Twitter: MegawattContent

28.
Back to Navigation Page
</fin>