Learning a Hacker’s Common Tricks

by | May 2, 2021 | AI in Automated Pen Test

Knowing Your Enemy is the First Line of Defense

What do the “The Godfather” and Sun Tzu have in common? This sage advice: Keep your friends close and your enemies closer. This means that you need to know the hacker mindset and M.O. like the back of your hands.  Hackers are like rats – persistent, come in colonies, and can cause untold damage if they are allowed to proliferate. But unlike rats, and unfortunately for the rest of us, they are patient and more resourceful.

Once a hacker gets into your system, their actions can be hard to detect. Sophisticated attackers know how to use techniques that prod for vulnerabilities without setting off alarms. Sometimes they have specific targets, and sometimes they are just looking for whatever is easily available. IT Managers need to know where all of their network vulnerabilities are in order to keep the network safe.

That’s why at Ridge Security we often say, “think like a hacker.”

What it Takes to Take Your Assets

As difficult as it is to thwart the constant onslaught of attacks, it’s also hard work for the hackers. They have to sift through a huge amount of information to find a suitable target, and a lot of it isn’t useful information. Even high severity CVE’s are usually well-known by security experts, and therefore well-guarded. They might not be easy penetration points, but they are often a good starting point to locate similar bugs that aren’t well protected. Even if you patch a bug in your code, if you don’t patch every version that is currently deployed, you leave the door open for exploits.

The Trail of Breadcrumbs

The rushed nature of the software development cycle can lead to missed errors and easily found mistakes that were overlooked or hastily cleaned up by the developers. These flaws can be as simple as a note left in the code saying “FIXME” or “RBF”, which are jackpots for hackers searching for low hanging fruit.

Support Requests on the Internet

Hackers have many methods of finding exploits and some come from pretty unexpected places, such as product support forums, social media posts, and other publicly available sources of information.

Fuzzing

Another simple method of finding a way in to a network is known as “Fuzzing.”  It involves inputting massive amounts of random data, called fuzz, to the test subject in an attempt to make it crash. This method is slow and tedious, and it doesn’t always work, but… remember: hackers are patient, and persistent.

Ridge in your Corner

Defending against an enemy like this can seem impossible and the odds are overwhelming, but if you learn to “think like a hacker,” it is possible to stay ahead of them. Doing a security audit of your network can help you to identify which data is the most desired by an attacker, and frequent penetration testing keeps you on top of any potential gaps in your defenses.

This is easier than you might think: use an automated penetration tester robot, such as RidgeBot®, to constantly scrutinize your network without ever taking a day off. Because after all, the bad guys never do.