Hacking attack - concept and techniques

Table of Contents

What is "hacking"?

This is what is meant by the term hacking attack Detection of vulnerabilities in a computer system or network to exploit the resulting security vulnerabilities. These targeted attacks are carried out by a so-called "hacker".

In general, the hacker has established himself as a self-taught personality or even a rogue programmer who is able to modify application programs, for example. This gives it functions and behavior that were not intended by the developers when originally programmed.

However, this motive is considered to be a very narrow view that does not even begin to encompass the broad spectrum of reasons a person would turn to the hacking attack. In this context, a white hat hacker is pursuing ethical intentions and, with the permission of the owner, tries to identify a system for security gaps in order to close them again in the next step. If the hacker does not have the permits and still operates, he is breaking the law and making himself liable to prosecution.

The history behind the term "hacking"

In 1950, members at MIT first used the term "hacking" as an attack to create potential solution processes for a technical problem.

Basically, the "hacking" attack is about overcoming original restrictions and about the need to find new application possibilities and solution strategies through manipulation.

Phreaking (a subculture of hacking attack), for example, focuses on telephony security mechanisms and the manipulation of telephone lines.

Do you want to protect your IT from damage caused by hackers?
Optimize your IT with us now!
For IT security advice

In addition to the technical nature of the hacking attack, the human factor (Social Engineering) into account, for example to trick a user into downloading a malicious attachment or revealing personal information.

The attacker thus tries to trick a person into actions that have a negative effect on the company and a positive effect on the hacking attacker.

We are already on the categorization of hackers as well as various methods
like  Man in the MiddleBrute Force or Denial of Service Attacks.

Wiki cyber attacks company

The stages of a hacking attack

In this section we at ProSec want to enlighten you about the different phases of a hacking attack. It is important to mention that we are not on the level of the script kiddies here, but on the level of the technical attacker or even APT. Attacks in this area usually follow a pattern and require a certain amount of preparation time. This scheme is often referred to as the attack chain.


information gathering

The phase before a hacking attack is known as “gathering information”, i.e. selecting potential victims. Either the target that is to be used for the attack is already known in advance, or research is being carried out in this regard in order to identify a possible target.

Icon threat modeling infrastructure

reconnaissance phase

First comes the reconnaissance phase, scouting over the target determined before the hacking attack. This includes, among other things, researching which applications and systems are in use, which employees are working and which information is already visible to the "outside". Basically, the hacker thinks about potential ways in which a network break-in could be successful.

Depending on the size of the company and interest in damage, the duration here can vary.

Network separation list

Weaponization phase

Once all the information necessary for an attack has been gathered, the weaponization phase follows. This includes developing suitable malware in order to later be able to carry out a remote code execution or to find out how the hacker can later spread in the network in the event of a hacking attack (lateral movement).

Here, too, the complexity varies depending on the know-how of the attacker.

See also the wiki text Threat Modeling.

Emotet, Emotet Trojan

delivery phase

The delivery phase is the delivery to a device to be infected. Basically, you're trying to "deliver" the previously developed malware to the target network. The only thing that is missing afterwards is that the “human factor” helps out here and is exploited as a supplier. A classic example is the attachment to a phishing email or the USB stick in the parking lot.

Penetration Tester

exploit stage

In the exploit phase of the hacking attack, the malware is now executed in order to take advantage of the vulnerability information collected in advance. This can be, for example, outdated machines that pose an increased security risk


installation phase

The installation phase, as the name suggests, installs the malware on the target computer, for example to create a "backdoor" and thus load additional payloads or store so-called "droppers". This refers to independently executable programs that are used to release malicious programs. An example of one that everyone knows is Emotet.

Once the malware is installed and the exploit is successful, the hacker has remote access to the infected machine. This is known as the Command & Control phase and gives the hacker permanent access.

Penetration Tester

Actions on objective

The last phase is the Actions on Objective,
so to speak, the target of the hacking attack. This can be:

Encrypting the data on the system for a ransom (classic ransomware)

Data exfiltration (to access sensitive data such as customer data, etc.)

Destroying the data (simply to cause damage)

to manipulate information

Attacking other companies present in the supply chain (watering hole)

Constant outflow of information

damage to reputation

The attacker can then plan how to proceed with the hacking attack in the victim's internal network, with options for concealing traces.

You are looking for a professional
IT security partner for
your company?
Contact us now!
Contact us now

Protect yourself from hacking attacks with ProSec

The hacking attack described above can be simulated in a practical manner by means of a penetration test. For this purpose, ProSec GmbH uses various methodologies and guidelines such as "PTES". This is referred to as a guideline that establishes a certain standard.

We uncover your vulnerabilities to give you an overview of your security gaps and the potential possibilities of a hacking attack. We recommend carrying out regular penetration tests, in which the organisations, networks and systems are checked for potential vulnerabilities and a hacking attack can be prevented.

Newsletter Form

Become a Cyber ​​Security Insider

Get early access and exclusive content!

By signing up, you agree to receive occasional marketing emails from us.
Please accept the cookies at the bottom of this page to be able to submit the form!

Table of Contents

NewsLetter Form Pop Up New

Become a Cyber ​​Security Insider

Subscribe to our knowledge base and get:

Early access to new blog posts
Exclusive content
Regular updates on industry trends and best practices

By signing up, you agree to receive occasional marketing emails from us.
Please accept the cookies at the bottom of this page to be able to submit the form!