SlideShare a Scribd company logo

Ethical Hacking

Download as PPTX, PDF
A
Aditya Vikram Singhania

Understand what Ethical Hacking is, what are it's phases, and how it is different from Hacking. Followed by screenshots of two common ethical hacking attacks.

Technology
1 of 31
Ethical hacking SHOULD WE FEAR HACKERS? INTENTION IS AT THE HEART OF THIS DISCUSSION. -KEVIN MITNICK
INTRODUCTION “Hacking involves a different way of looking at problems that no one's thought of." -Walter O'Brien Hacking generally refers to unauthorized intrusion into a computer or a network. The person engaged in hacking activities is known as a hacker. This hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system.
Hacker v/s Ethical Hacker A white hat or ethical hacker is a computer security specialist who breaks into protected systems and networks to test and asses their security. White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them. Although the methods used are similar to those employed by malicious hackers, white hat hackers have permission to employ them against the organization that has hired them.
Steps of Ethical Hacking Scanning Gaining Access Elevating Privileges Maintaining Access Clearing Tracks Documenting Everything.
Scanning Reconnaissance refers to the preparatory phase where an attacker seeks to gain information about a target prior to launching an attack. Could be the future point of return, noted for ease of entry for an attack when more about the target is known of a broad scale. Reconnaissance range may include the target organization's clients, employees, operations, networks and systems.
Tools used 1) WHOIS? 2) OSINT Framework 3) ZENMAP
Gaining Access •After scanning, the hacker designs the blueprint of the network of the target with the help of data collected during Scanning. This is the phase where the real hacking takes place. Vulnerabilities discovered during the reconnaissance and scanning phase are now exploited to gain access. The method of connection the hacker uses for an exploit can be a local area network (LAN, either wired or wireless), local access to a PC, the internet or offline. •Examples include stack based buffer overflows, denial of service (DoS), and session hijacking. Gaining access is known in the hacker world as owning the system.
Tools Used 1) Metasploit 2) John the Ripper 3) SE Toolkit
Elevating Privileges 1. We have to check the privileges that the logged in user has and if any other user is also logged into the system. 2. We can steal the credential of a logged in user, a previous user, or simply crack the password.
Maintaining Access •Once a hacker has gained access, they want to keep that access for future exploitation and attacks. •They can maintain control over “their” system for a long time by “hardening” the system against other attackers, and sometimes, in the process, do render some degree of protection to the system from other attacks. They can then use their access to steal data, consume CPU cycles, and trade sensitive information or even resort to extortion.
• When the hacker owns the system, they can use it as a base to launch additional attacks. In this case, the owned system is sometimes referred to as a zombie system. •For instance, the attacker can implement a sniffer to capture all network traffic, including telnet and ftp sessions with other systems.Attackers can use Trojan horses to transfer user names, passwords, and even credit card information stored on the system.
Tools Used 1) Backdoors 2) Rootkit 3) Trojan Horse
Clearing Tracks •Erasing evidence of a compromise is a requirement for any attacker who wants to remain obscure and evade trace back. 1. This usually starts with erasing the contaminated logins and any possible error messages that may have been generated from the attack process. 2. Attention is turned to affecting changes so that future logins are not logged. By manipulating and tweaking the event logs, the system administrator can be convinced that the output of her system is correct and no intrusion or compromise actually took place. •The first thing a system administrator does to monitor unusual activity is check the system log files, it is common for intruders to use a utility to modify the system logs. In some extreme cases, rootkits can disable logging altogether and discard all existing logs. This happens if the intruders intend to use the system for a longer period of time as a launch base for future intrusions. They remove only those portions of logs that can reveal their presence.
Tools Used 1) CCleaner 2) PrivaZer 3) BleachBit
Documenting Every step of an attack, or the entire Ethical Hacking process, has to be noted and labeled stepwise. Every detail, difficulty and vulnerability has to be informed about to the target(parent company). This is the point where the Hacker has the option to suggest or withhold any useful tips or ideas he might have, for or irrespective of an incremental bonus.
Some Attacks Of Ethical Hacking The Silent You Are The More You Are Able To Hear.
Phishing Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site. Attempts to deal with phishing incidents include legislation, user training, public awareness, and technical security measures.
Dictionary A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. 01 In contrast to a brute force attack, where a large proportion of the key space is searched systematically, a dictionary attack tries only those possibilities which are deemed most likely to succeed. 02 Dictionary attacks work because many computer users and businesses insist on using ordinary words as passwords. 03
Thank You !

Recommended

Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingTharindu Kalubowila
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingMonika Deswal
 
Ethical hacking Presentation
Ethical hacking PresentationEthical hacking Presentation
Ethical hacking PresentationAmbikaMalgatti
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking PowerpointRen Tuazon
 
Types of Hacker
Types of Hacker Types of Hacker
Types of HackerMukund Kumar Bharti
 
Hacking
HackingHacking
HackingKarañ Lavharé
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 

Recommended

Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingTharindu Kalubowila
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingMonika Deswal
 
Ethical hacking Presentation
Ethical hacking PresentationEthical hacking Presentation
Ethical hacking PresentationAmbikaMalgatti
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking PowerpointRen Tuazon
 
Types of Hacker
Types of Hacker Types of Hacker
Types of HackerMukund Kumar Bharti
 
Hacking
HackingHacking
HackingKarañ Lavharé
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingNaveen Sihag
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingGoutham Shetty
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical HackingDivyank Jindal
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingVikram Khanna
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Hacking
HackingHacking
HackingRanjan Som
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackDharmesh Makwana
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingVivek Mohbe
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppthimanshujoshi238
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentationSuryansh Srivastava
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingKeith Brooks
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNitheesh Adithyan
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingPrabhat kumar Suman
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxyoufanlimboo
 

More Related Content

What's hot

Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical HackingDivyank Jindal
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingVikram Khanna
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackDharmesh Makwana
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 

What's hot (20)

Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Social engineering
Social engineering Social engineering
Social engineering
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Social engineering
Social engineering Social engineering
Social engineering
 
Hacking
HackingHacking
Hacking
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Similar to Ethical Hacking

Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxyoufanlimboo
 
A REVIEW PAPER ON ETHICAL HACKING
A REVIEW PAPER ON ETHICAL HACKINGA REVIEW PAPER ON ETHICAL HACKING
A REVIEW PAPER ON ETHICAL HACKINGNathan Mathis
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolschrizjohn896
 
Vulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfVulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfMithunJV
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingHassanAhmedShaikh1
 
ethical hacking.pptx
ethical hacking.pptxethical hacking.pptx
ethical hacking.pptxdaxgame
 

Similar to Ethical Hacking (20)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptx
 
A REVIEW PAPER ON ETHICAL HACKING
A REVIEW PAPER ON ETHICAL HACKINGA REVIEW PAPER ON ETHICAL HACKING
A REVIEW PAPER ON ETHICAL HACKING
 
Hacking
HackingHacking
Hacking
 
System Security
System SecuritySystem Security
System Security
 
Computer security
Computer securityComputer security
Computer security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Vulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfVulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdf
 
EthicalHacking.pptx
EthicalHacking.pptxEthicalHacking.pptx
EthicalHacking.pptx
 
Dhams hacking
Dhams hackingDhams hacking
Dhams hacking
 
hacking basics
hacking basicshacking basics
hacking basics
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
ethical hacking.pptx
ethical hacking.pptxethical hacking.pptx
ethical hacking.pptx
 
Types of attack -Part2
Types of attack -Part2Types of attack -Part2
Types of attack -Part2
 
Ethical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive CheatsheetEthical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive Cheatsheet
 
Hackers
HackersHackers
Hackers
 

Recently uploaded

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Ethical Hacking

  • 1. Ethical hacking SHOULD WE FEAR HACKERS? INTENTION IS AT THE HEART OF THIS DISCUSSION. -KEVIN MITNICK
  • 2. INTRODUCTION “Hacking involves a different way of looking at problems that no one's thought of." -Walter O'Brien Hacking generally refers to unauthorized intrusion into a computer or a network. The person engaged in hacking activities is known as a hacker. This hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system.
  • 3. Hacker v/s Ethical Hacker A white hat or ethical hacker is a computer security specialist who breaks into protected systems and networks to test and asses their security. White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them. Although the methods used are similar to those employed by malicious hackers, white hat hackers have permission to employ them against the organization that has hired them.
  • 4.
  • 5. Steps of Ethical Hacking Scanning Gaining Access Elevating Privileges Maintaining Access Clearing Tracks Documenting Everything.
  • 6. Scanning Reconnaissance refers to the preparatory phase where an attacker seeks to gain information about a target prior to launching an attack. Could be the future point of return, noted for ease of entry for an attack when more about the target is known of a broad scale. Reconnaissance range may include the target organization's clients, employees, operations, networks and systems.
  • 7. Tools used 1) WHOIS? 2) OSINT Framework 3) ZENMAP
  • 8. Gaining Access •After scanning, the hacker designs the blueprint of the network of the target with the help of data collected during Scanning. This is the phase where the real hacking takes place. Vulnerabilities discovered during the reconnaissance and scanning phase are now exploited to gain access. The method of connection the hacker uses for an exploit can be a local area network (LAN, either wired or wireless), local access to a PC, the internet or offline. •Examples include stack based buffer overflows, denial of service (DoS), and session hijacking. Gaining access is known in the hacker world as owning the system.
  • 9. Tools Used 1) Metasploit 2) John the Ripper 3) SE Toolkit
  • 10. Elevating Privileges 1. We have to check the privileges that the logged in user has and if any other user is also logged into the system. 2. We can steal the credential of a logged in user, a previous user, or simply crack the password.
  • 11. Maintaining Access •Once a hacker has gained access, they want to keep that access for future exploitation and attacks. •They can maintain control over “their” system for a long time by “hardening” the system against other attackers, and sometimes, in the process, do render some degree of protection to the system from other attacks. They can then use their access to steal data, consume CPU cycles, and trade sensitive information or even resort to extortion.
  • 12. • When the hacker owns the system, they can use it as a base to launch additional attacks. In this case, the owned system is sometimes referred to as a zombie system. •For instance, the attacker can implement a sniffer to capture all network traffic, including telnet and ftp sessions with other systems.Attackers can use Trojan horses to transfer user names, passwords, and even credit card information stored on the system.
  • 13. Tools Used 1) Backdoors 2) Rootkit 3) Trojan Horse
  • 14. Clearing Tracks •Erasing evidence of a compromise is a requirement for any attacker who wants to remain obscure and evade trace back. 1. This usually starts with erasing the contaminated logins and any possible error messages that may have been generated from the attack process. 2. Attention is turned to affecting changes so that future logins are not logged. By manipulating and tweaking the event logs, the system administrator can be convinced that the output of her system is correct and no intrusion or compromise actually took place. •The first thing a system administrator does to monitor unusual activity is check the system log files, it is common for intruders to use a utility to modify the system logs. In some extreme cases, rootkits can disable logging altogether and discard all existing logs. This happens if the intruders intend to use the system for a longer period of time as a launch base for future intrusions. They remove only those portions of logs that can reveal their presence.
  • 15. Tools Used 1) CCleaner 2) PrivaZer 3) BleachBit
  • 16. Documenting Every step of an attack, or the entire Ethical Hacking process, has to be noted and labeled stepwise. Every detail, difficulty and vulnerability has to be informed about to the target(parent company). This is the point where the Hacker has the option to suggest or withhold any useful tips or ideas he might have, for or irrespective of an incremental bonus.
  • 17. Some Attacks Of Ethical Hacking The Silent You Are The More You Are Able To Hear.
  • 18. Phishing Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site. Attempts to deal with phishing incidents include legislation, user training, public awareness, and technical security measures.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28. Dictionary A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. 01 In contrast to a brute force attack, where a large proportion of the key space is searched systematically, a dictionary attack tries only those possibilities which are deemed most likely to succeed. 02 Dictionary attacks work because many computer users and businesses insist on using ordinary words as passwords. 03
  • 29.
  • 30.