Module 02

Module 02
Net 185 - Ethical Hacking

 This section  talks about the fundamentals of pen testing procedure as well about different compliance and regulations which pen testers have to know when performing pen tests. The chapter also talks about how to prepare the risk assessment and which type of pen tests to use ( internal, external, white box and black box tests). I learn that the scope of the assessment has to be documented in detail in the SOW document (scope of work). The SOW has to include what will be tested and when and if there are any exclusions. I learn from my own experience that there will be exclusions and not all the  targets can be scanned. Even when scanning is usual non-intrusive for some production systems like mainframe scanning can produce a denial of service which can cause access and monetary loss.

This week I was researching the latest ransomware attacks and I found that one of the crystal lake high schools gets hit by ransomware attacks. A lot of these attacks are random mostly started by internal users opening malicious files from the email. It seems the Crystal Lake School District 155 High school was lucky and was able to discover the ransomware in the beginning stage which didn't spread to the whole organization. Some of the victims of these attacks have limited ways to recover which tends them to pay the ransom.

https://www.nwherald.com/2020/01/29/district-155-hasnt-communicated-with-hackers-paid-ransom-following-ransomware-attack/avdxsgz/