Introduction to Ethical Hacking pdf file
debmajumder741249
2,014 views
31 slides
Feb 29, 2024
Slide 1 of 31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
About This Presentation
learning purpose
Slide Content
Introduction to Ethical Hacking
©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
What is Hacking?
©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
What is Hacking ?
Ethical Hackingisthe protection of inter-connectedsystems,
includinghardware, softwareanddata, fromcyberattacks.
White Hat HackerGrey Hat HackerBlack Hat Hacker
Ethical Hackingisthe protection of inter-connectedsystems,
includinghardware, softwareanddata, fromcyberattacks.
White Hat HackerGrey Hat HackerBlack Hat Hacker
Computer Security Threats
•Computer Virus
•Computer Worm
•Scareware
•Key logger
•Adware
•Malware
•Backdoor
•Trojan
•Ransomware
•Spyware
•Computer Virus
•Computer Worm
•Scareware
•Key logger
•Adware
•Malware
•Backdoor
•Trojan
•Ransomware
•Spyware
Goals of ethical Hacking
•Protect the privacy of an Organization
•Transparently report all the identified bugs/weaknesses/vulnerabilities to
t
he organization.
•Inform the vendors about the security measures and patches.
•Protect the privacy of an Organization
•Transparently report all the identified bugs/weaknesses/vulnerabilities to
t
he organization.
•Inform the vendors about the security measures and patches.
Skills Required by Ethical Hackers
Operating
Systems
Programming
Languages
Networking
Operating
Systems
Programming
Languages
Networking
Tools Used by Ethical Hackers
Process of Ethical Hacking
Reconnaissance
Maintaining Access
Scanning
Gaining Access
Reporting
Clearing Tracks
Reconnaissance
Maintaining Access
Scanning
Gaining Access
Reporting
Clearing Tracks
Reconnaissance
Thisisthefirststepof hacking. Itisalso calledasFoot printingand
informationgathering phase.Thisisthepreparatoryphasewhere
wecollect asmuchas informationas possible about these the
target.Weusually collectinformationabout three groups:
•Network
•Host
•PeopleI
Thisisthefirststepof hacking. Itisalso calledasFoot printingand
informationgathering phase.Thisisthepreparatoryphasewhere
wecollect asmuchas informationas possible about these the
target.Weusually collectinformationabout three groups:
•Network
•Host
•PeopleI
Scanning
Three typesofscanningareinvolved:
Portscanning: This phaseinvolvesscanning thetarget forthe
informationlikeopenports,livesystems,variousservices running
onthe host.
VulnerabilityScanning: Checking thetarget fortheweakness or
vulnerabilitieswhichcanbeexploited.Usuallydonewiththe helpof
automatedtools.
NetworkMapping: Finding thetopology of network, routers,
firewallsserversifany,and hostinformationand drawinganetwork
diagramwiththeavailable information.Thismap mayserveasa
valuablepiece ofinformation.Thismap mayserve asavaluable
pieceof informationthroughout the hackingprocess.
Three typesofscanningareinvolved:
Portscanning: This phaseinvolvesscanning thetarget forthe
informationlikeopenports,livesystems,variousservices running
onthe host.
VulnerabilityScanning: Checking thetarget fortheweakness or
vulnerabilitieswhichcanbeexploited.Usuallydonewiththe helpof
automatedtools.
NetworkMapping: Finding thetopology of network, routers,
firewallsserversifany,and hostinformationand drawinganetwork
diagramwiththeavailable information.Thismap mayserveasa
valuablepiece ofinformation.Thismap mayserve asavaluable
pieceof informationthroughout the hackingprocess.
Clearing Tracks
Nothiefwantstoget caught.Anintelligenthacker always clearsall
the evidencesothatinlaterpointoftime,no onewillfind anytraces
leadingtohim.Thisinvolvesmodifying/corrupting/deleting the
values oflogs,modifyingregistryvaluesand uninstallingallthe
applications he used and deletingallfoldershecreated.
Nothiefwantstoget caught.Anintelligenthacker always clearsall
the evidencesothatinlaterpointoftime,no onewillfind anytraces
leadingtohim.Thisinvolvesmodifying/corrupting/deleting the
values oflogs,modifyingregistryvaluesand uninstallingallthe
applications he used and deletingallfoldershecreated.
Demonstration
©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
Ethical Hacking Across Domains
Atit’score,Ethical Hacking occupiesaprominentroleinvarious
verticalssuchas:
•WebA
•MobileA
•Andma
…
Atit’score,Ethical Hacking occupiesaprominentroleinvarious
verticalssuchas:
•WebA
•MobileA
•Andma
…
Web Application Domain
TwoMajorCategories:
•Clients
•Servers
Allattackscanbecategorizedintro3majorattacks:
•ParameterT
ampering
•Unvalidatedi
nputs
•DirectoryT
Attacks
TwoMajorCategories:
•Clients
•Servers
Allattackscanbecategorizedintro3majorattacks:
•ParameterT
ampering
•Unvalidatedi
nputs
•DirectoryT
Attacks
Web Application Domain
ClientDatabaseServer Application Server
example.com
Attacker
ClientDatabaseServer Application Server
example.com
Attacker
Web Application Domain
login Name: <script>alert("You are hacked")</script> Login Password:
login Name: 'Union select * from users'
Login Password:
login Name: <iframe src="....org"></iframe>
Login Password:
login Name: <script>alert("You are hacked")</script> Login Password:
login Name: 'Union select * from users'
Login Password:
login Name: <iframe src="....org"></iframe>
Login Password:
Common Web Application attacks
•InjectionF eg.SQLinjection,HTMLinjection,etc.
•Crosss
Scriptingeg.Reflected,Stored,etc.
•WebS
Attackseg.DNSCachePoising,Fileuploadsetc.
•InjectionF eg.SQLinjection,HTMLinjection,etc.
•Crosss
Scriptingeg.Reflected,Stored,etc.
•WebS
Attackseg.DNSCachePoising,Fileuploadsetc.
Web Application Domain
login: <script>alert(document.cookie)</script>
password:
subscribe:
email: <script>code to mail him user information</script>
login: <script>alert(document.cookie)</script>
password:
subscribe:
email: <script>code to mail him user information</script>
Hacking Methodology
•WebF –GatheringInformation
•Vulnerability S
canners– w3af,Acunetix
•Identify E
Points andAttacksurface
•WebF –GatheringInformation
•Vulnerability S
canners– w3af,Acunetix
•Identify E
Points andAttacksurface
Example : SQL injections
Victim
Attacker
Server
Select * from users where user_id=‘admin’ and
password=‘shadow’
Select * from users where user_id=‘blah’ or 1= 1-- and password=‘anything’
Victim
Attacker
Server
Select * from users where user_id=‘admin’ and
password=‘shadow’
Select * from users where user_id=‘blah’ or 1= 1-- and password=‘anything’
Mobile Domain
TheMobile Devicehas becomeaninseparable part oflifetoday.
Theattackersareeasilyabletocompromisethemobilenetwork
becauseofvariousvulnerabilities,themajority oftheattacksare
because ofthe untrusted apps.Themainoperatingsystemsused
are:
•Android
•IOS
•Windows
•Blackberry
TheMobile Devicehas becomeaninseparable part oflifetoday.
Theattackersareeasilyabletocompromisethemobilenetwork
becauseofvariousvulnerabilities,themajority oftheattacksare
because ofthe untrusted apps.Themainoperatingsystemsused
are:
•Android
•IOS
•Windows
•Blackberry
©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
Example: Android
Libraries
Applications
Application Framework
Linux Kernel
Android Runtime
Example: Android
Libraries
Applications
Application Framework
Linux Kernel
Android Runtime
Types of Android Attacks
•UntrustedAPKs
•SMS
•Email
•Spying
•App s
•Rooting
•UntrustedAPKs
•SMS
•Spying
•App s
•Rooting
Example: Tap Jacking
Network Domain
Anetworkisanattempt togain unauthorised accesstoan
organisation’s network,withtheobjective ofstealing dataorperform
othermaliciousactivity.Therearetwomaintypesof networkattacks:
•Passive:A
gainaccesstoanetworkandcan monitor or
stealsensitiveinformation,but withoutmakingany changetodata,
leavingitintact.
•Active:A
not only gainunauthorisedaccessbutalsomodify
data,eitherdeleting, encryptingorotherwiseharmingit.
Anetworkisanattempt togain unauthorised accesstoan
organisation’s network,withtheobjective ofstealing dataorperform
othermaliciousactivity.Therearetwomaintypesof networkattacks:
•Passive:A
gainaccesstoanetworkandcan monitor or
stealsensitiveinformation,but withoutmakingany changetodata,
leavingitintact.
•Active:A
not only gainunauthorisedaccessbutalsomodify
data,eitherdeleting, encryptingorotherwiseharmingit.
Types of Network Attacks
Endpointattacks–gainingunauthorisedaccesstouserdevices,
servers orotherendpoints,typicallycompromisingthem by infecting
themwithmalware.
Malwareattacks–infectingITresourceswithmalware,allowing
attackerstocompromisesystems,steal dataanddo damage.These
alsoincluderansomwareattacks.
Vulnerabilities, exploitsandattacks–exploiting vulnerabilitiesin
softwareusedintheorganization,togainunauthorisedaccess,
compromiseorsabotagesystems.
Advanced persistentthreats–Thesearecomplexmulti-layeredthreats,
whichincludenetworkattacksbutalsootherattacktypes.
Endpointattacks–gainingunauthorisedaccesstouserdevices,
servers orotherendpoints,typicallycompromisingthem by infecting
themwithmalware.
Malwareattacks–infectingITresourceswithmalware,allowing
attackerstocompromisesystems,steal dataanddo damage.These
alsoincluderansomwareattacks.
Vulnerabilities, exploitsandattacks–exploiting vulnerabilitiesin
softwareusedintheorganization,togainunauthorisedaccess,
compromiseorsabotagesystems.
Advanced persistentthreats–Thesearecomplexmulti-layeredthreats,
whichincludenetworkattacksbutalsootherattacktypes.
Ransomware
The WannaCryransomwareattackwasaMay2017worldwide
cyberattackby the WannaCryransomware cyrptoworm,which
targetedcomputers running the Microsoft Windowsoperating
systemby encrypting data anddemanding ransompaymentsinthe
Bitcoincryptocurrency.
The WannaCryransomwareattackwasaMay2017worldwide
cyberattackby the WannaCryransomware cyrptoworm,which
targetedcomputers running the Microsoft Windowsoperating
systemby encrypting data anddemanding ransompaymentsinthe
Bitcoincryptocurrency.
Example : DDOS attack
Other Domains
•CloudC
•IOT
•Blockc
•Edge C
•CloudC
•IOT
•Blockc
•Edge C
Demonstration –SQL injection
©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 2,014
- Slides 31
- Age 643 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views