[ADAPTED] IB Computer Science Case Study 2026: An ethical approach to hacking

Key terminology

Cross site scripting (xss)

A web application vulnerability. Attackers inject malicious html or java code into a websites code that is executed upon user visit.

Exploit development

Specialized area in cybersecurity focused on discovering and using software vulnerabilities. It involves analyzing software to find weak spots and then crafting code to take advantage of them to gain unauthorized access, escalate privileges, or achieve other obejctives

Password cracking tool

A tool used in attempts to discover passwords, often by trying many possibilities.

Penetration testing

Simulated cyberattack used to evaluate the security of a system or network. It involves ethical hackers that attempt to exploit vulnerabilities to identify weaknesses to improve security measures

Port scanning

Network security technique used to identify open ports on a network, revealing vulnerabilities and services running on the system

Pretexting

A form of social engineering attack where someone fabricates a story to obtain privileged data. Used to gain victim trust and trick them into sharing sensitive information, performing actions, or garanting access to systems

Response plan

A plan that outlines specific actions to be taken in an event, ensures a coordinated and effective reaction. Effective plans are clear, actionable and up to date. Includes incident detection, response strategies, and recovery processes

Search engine dorking

A technique that uses advanced search operators to find specific, hidden or sensitive information on the web. It allows users to target precise information

Security posture assessment

A holistic evaluation of an organization's cybersecurity strength, focusing on identifying vulnerabilities and overall resilience against cyber threats. It helps the understanding of the current security status and prioritize areas for improvement

Hacker

An individual who attempts to gain unauthorized access to a computer system.

Social Engineering Attacks

Tactics used to manipulate individuals into revealing confidential information or performing actions that compromise security.

IP Address

A unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.

Network topology

The arrangement of the various elements: links, nodes, in a network.

OS detection

The process of determining the operating system running on a networked device.

SQL Injection

A technique used to attack data-driven applications by inserting malicious SQL statements into an entry field for execution.

Define White Box Testing

A testing approach that involves an in-depth analysis with full knowledge of the IT infrastructure

Gray Box Testing

Only limited information is shared with the tester. Usually, this takes the form of login credentials. It is useful to help understand the level of access a privileged user could gain and the potential damage they could cause. Balance between depth and efficiency, can be used to simulate either an insider threat or an attack that has breached the network perimeter

Black Box Testing

No information is provided to the tester at all. Most authentic scenario, demonstrating how an individual with no inside knowledge would target and compromise an organisation. Typically the costliest option

OSINT

Data collected from publicly available sources, such as social media and official records that can then be analyzed

Malware

Software designed to disrupt, damage, or gain unauthorised access to a computer system.

Vishing (Voice Phishing)

Fraudulent method of making voice calls or leaving voice messages imitating reputable companies or individuals to obtain sensitive information.

Active-active healthcare data centre

A configuration where two or more data centres are running the same services and applications simultaneously and are synchronised with each other. If one data centre fails or experiences a disruption, the other one can take over seamlessly, with no data loss or downtime.

Network Mapping

The use of tools to discover and document physical and logical connectivity that exists in the network such as network topologies, including servers, firewalls, and other devices.

Network scanning

The use of tools to detect all active hosts on a network and mapping them to their IP addresses, as well as running services and open ports.

CVEs

A list of publicly known cybersecurity vulnerabilities in systems used to address issues and track patch progress.

Return-Oriented Programming (ROP)

A sophisticated technique that uses existing code snippets that are also known as gadgets in memory, chaining them together to bypass certain protection mechanisms and execute arbitrary code.

Network/packet sniffing

A computer program or computer hardware such as a packet capture appliance that can analyze and log traffic that passes over a computer network or part of a network.

Fuzzers

These automatically input a vast amount of random, unexpected, or malformed data into software applications to discover coding errors and vulnerabilities.

PACS

Medical imaging technology which provides economical storage and convenient access to images from multiple modalities/source machine types. Could be compared to an archiving and communication system.

Io T-Enabled medical devices

Devices with unique and critical vulnerabilities that usually can't easily be patched. The use hard-coded passwords and failure can have immediate life or death consequences such as involving infusion pumps or heart monitors.

NMap

A free and open source utility for network discovery that uses raw IP packets to determine characteristics of a network, such as what hosts are available on the network, the services (including the application name and version) and what those hosts are offering. Also determines what operating systems and OS versions they are running and what type of packet filters/firewalls are used.

MetaSploit

A framework designed for developing exploits and executing them in a systematic manner. They can significantly reduce the time needed for writing custom exploits.

Lateral Movement

The technique attacers use to move from a compromised system to others within the network. A key part of Post-Exploitation.

Priviledge Escalation

Ways that hackers use to exploit access to conpromised machines through Vertical priviledge escalation (gaining higher priviledges on the same machine) and Horizontal (gaining access to another user's priviledges at the same level).

Persistence Mechanisms

How attackers maintain access, such as scheduled tasks, new user accounts and Dynamic Loaded Library hacking.

Security Information and Event Management (SIEM)

An application that aggregates and analyzes log data to monitor critical activities in an organization.

Zero-Day Vulnerability

A software vulnerability that is unknown to the developers that can be exploited by attackers.

Cialdini's 6 principles of persuasion

1. friendship/liking
2. commitment/consistency
3. scarcity
4. reciprocity
5. social validation
6. authority

Ways to explain how specific social engineering attacks can work.

Internet of Medical Things

The specific subset of IoT for healthcare.

Clinical Engineering vs IT Departments

Highlights the organizational silos in hospitals that create security gaps for medical devices.

Protected Health Information (PHI)

The specific term for the sensitive data in EHRs that HIPAA protects.

STRIDE Model

Spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege

threat modelling framework

CVSS

Common Vulnerability Scoring System, used to determine the severity of a vulnerability to aid in prioritisation.

DREAD Model

Damage Potential
Reproducibility
Exploitability
Affected Users
Discoverability

The vulnerability severity model

BC&DR

Business Continuity and Disaster Recovery, Broader plans that a cybersecurity incident response plan feeds into.

HIPAA (Healh Insurance Portability and Accountability Act)

The primary US regulation for health and data privacy and security. The legal context for everything in the case study.

Responsible Disclosure

The process of privately reporting a vulnerability to the vendor before making it public. The ethical hacking counterpart to finding bugs.

Get Out Of Jail Free Card

Document used by pen testers to protect themselves in case approached by security during testing. This is a slang term for agreement made in pre engagement phase to define the rules of engagement.

Non-Disclosure Agreement (NDA)

A legal document that binds the testers to confidentiality thats crucial to protecting Personal Health Information (PHI) and details of any vulnerabilities.

Burp Suite / OWASP ZAP

Tools for web application testing (highly relevant for EHR systems and login portals).

Nessus / OpenVAS

Industry standard vulnerability scanners.

Buffer overflow attacks

A technique used to exploit vulnerabilities by overwriting a buffer's boundary and writing into adjacent memory.

Exploit development

The process of creating custom scripts or tools designed to take advantage of specific vulnerabilities in a system.

Pre-engagement interactions

The first phase of PTES, involving preparation, securing approvals, and assembling tools.

Intelligence gathering

The second phase of PTES, where data is collected from external sources like social media and public records.

Threat modelling

The third phase of PTES, where potential threats and vulnerabilities are identified and mitigation strategies are developed.

Vulnerability analysis

The fourth phase of PTES, where vulnerabilities that could be exploited are identified and confirmed.

Exploitation

The fifth phase of PTES, where an attempt is made to breach the system using identified vulnerabilities.

Post-exploitation

The sixth phase of PTES, focusing on maintaining control of a compromised system and extracting data.

Reporting

The final phase of PTES, which involves documenting the entire testing process and presenting the findings to the client.

Internet of Things (IoT)

A network of physical objects that are embedded with other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet.

Electronic Health Records (EHRs)

Digital versions of a patient's paper charts, containing their medical and treatment histories.

System forensics

The analysis of traces left by an exploitation process, such as examining system logs or detecting malware.

SQL injection

A technique used to attack data-driven applications by inserting malicious SQL statements into an entry field for execution.

Search engine dorking

An advanced search technique that uses specific search strings to find sensitive files or login portals that are not intended to be public.

What does White box testing involve?

This involves sharing full network and system information with the tester, including network maps and credentials.

State the advantages and uses of White box testing

This helps to save time and reduce the overall cost of an engagement. A white box penetration test is useful for simulating a targeted attack on a specific system utilising as many attack vectors as possible.