This article is a little dated but it describes the approach used by hackers before, during, and after breaching a system. It gives a good overview what malicious hackers plan to do and it coincides, essentially, with what we have been covering in class. Starting with reconnaissance, a hacker will use methods such as Google Hacking as discussed in class. The most extreme example of recon is actually going to a location and physically gaining access. Next, the individual will scan the network as we will do in class or what some of us have already done to the target we have done some reconnaissance against. Ultimately, the hacker will try and gain access, keep that access, and, perhaps most importantly, cover their tracks so as not be detected. What’s most compelling to me is at the end of the article when the author mentions that a hacker must iterate through these phases. Once he or she gains access to part of the system, the reconnaissance usually has to start again. I chose to perform reconnaissance against my particular company because I felt that the industry they are in is vulnerable to attack. I also picked this company because they are not very large but have connections with very large companies that deal with sensitive information. My thinking is that, if the company I chose could be breached, then an attacker might be able to jump from their systems’ into other companies systems. This would be a classic example of iterating through the phases the article talks about.
http://blog.phpkemist.com/2008/07/20/the-five-phase-approach-of-malicious-hackers/
This article was pretty helpful to list the process hackers may be following. It shows that even the hackers follow a routine like a real job.
I like that you targeted a company that has connections to larger companies. Companies are outsourcing multiple parts of their infrastructure to contractors that often have more access than they should. A famous example is the Target breach where the criminals got into the system through the HVAC company.