You all can infer what would be in the PPT from the title itself. In this PPT it is not told directly how to hack. Just a brief info of hacking and cyber security is given. How can one save himself/herself from becoming a victim of cybercrime? How to hack is given in my next PPT?
3. Hacker….??? Who is a HACKER?
A hacker is someone who seeks and expoits
weaknesses in a computer system or
computer network.
Hacker is a term, generally used by some to
mean ‘a clever programmer’, and by others to
mean ‘someone who tries to break into
computer systems’
5. When someone hacks a computer or network system, it's typically
for one of three main reasons:
Hacking for fun:-
Some hackers make attempts on computers, servers or network systems
just for the personal gratification. Others may feel that they need to prove
something to their peers or friends, and hack something only for the
challenge. They don’t steal any data.
Hacking to steal:-
Another reason to hack a system is to steal information or money. A large
portion of hacking attempts fall into this category. Banks and large
companies are common targets for hacking jobs, but sometimes smaller
companies or even a specific person's computer are targeted, as well. If
the companies are hacked they suffer a huge loss.
Why people hack?
6. Hacking to disrupt:-
There are also some hackers, including hacking groups; that target a
company to disrupt or disturb business, create chaos and just be a
nuisance. These groups often be trying to make a statement with their
hacking, demonstrate security inadequacies, or to show general
disapproval for the business itself. It can be compared to ‘poking’ in
Facebook.
CONTINUED…..
7. Career in Hacking
• Network administrator
Administer network which means that they
take care of task of installing, configuration,
expanding and repairing of network.
Network administrator take care of network
hardware such as cables, hubs, switches,
routers, servers and clients.
8. Continued…
• Job description:
An ethical hacker conducts advanced
penetration tests to identify vulnerability in
computer system.
The ability to analyze risk assessment and put
in place measures to control vulnerable areas.
Ethical hacker is also many times more
involves with other areas of interests
security for company such as encryption,
security protocols, firewalls.
10. Continued …
Government jobs:
Government agencies.
Military.
Defense organization.
Cbi ( central bureau of investigation).
Forensic laboratories.
12. Continued …
Jobs: private options
• Fresher salary: 1.5 to 3.0 lakhs per annum.
• Pg. diploma or masters will get 16 to 25 lakhs.
• So simply hacking is very beneficial and
necessary for todays generation children.
13. • Social engineering is the art of manipulating people so that
give up confidential information.
• A social engineer commonly use telephone or internet to trick
a person into revealing sensitive information or getting them
to do something that is against typical policies.
14. Types of Social Engineering
Pre-texting
Diversion theft
Phishing
IVR or phone phishing
Baiting
Quid pro quo
Tailgating
15. Pre-Texting
When one party lies to another to gain access
to privileged data. For example, a pre-texting
scam could involve an attacker who pretends
to need personal or financial data in order to
confirm the identity of the recipient.
They are most frequently done through phone
calls. They pretend to be worker of your bank,
and then they ask for your CVV, credit card no.
etc.
16. Diversion theft
Diversion theft is a "con" exercised by
professional thieves, normally against a
transport or courier company.
The objective is to persuade the persons
responsible for a legitimate delivery that the
consignment is requested elsewhere — hence,
"round the corner".
17. Phishing
Phishing is when a malicious party sends a
fraudulent email disguised as a legitimate
email, often purporting to be from a trusted
source. The message is meant to trick the
recipient into sharing personal or financial
information or clicking on a link that installs
malware.
18. Phone Phishing
Phone phishing (or "vishing") uses a rogue interactive
voice response (IVR) system to recreate a legitimate-
sounding copy of a bank or other institution's IVR
system.
The victim is prompted (typically via a phishing e-mail)
to call in to the "bank" via a (ideally toll free) number
provided in order to "verify" information.
A typical "vishing" system will reject log-ins continually,
ensuring the victim enters PINs or passwords multiple
times, often disclosing several different passwords
19. Quid pro quo
An attacker calls random numbers at a company,
claiming to be calling back from technical
support.
Eventually this person will hit someone with a
legitimate problem, grateful that someone is
calling back to help them.
The attacker will "help" solve the problem and, in
the process, have the user type commands that
give the attacker access or launch malware.
20. Tailgating
An attacker, seeking entry to a restricted area secured
by unattended, electronic access control, e.g.
by RFID card, simply walks in behind a person who has
legitimate access.
Following common courtesy, the legitimate person will
usually hold the door open for the attacker or the
attackers themselves may ask the employee to hold it
open for them.
The legitimate person may fail to ask for identification
for any of several reasons, or may accept an assertion
that the attacker has forgotten or lost the appropriate
identity token.
21. More Tips
BEFORE clicking on links both in emails and on
websites keep an eye out for misspellings, @
signs and suspicious sub-domains.
When clicking on links sent via email or on
websites, always keep a watch out for uninitiated
or automatic downloads. It could be a malware
installing itself on your system. All such activity
should be reported IMMEDIATELY to your
security manager.
22. Some more
BLOCK USB devices in order to reduce the risk of
Baiting. Baiting is the digital equivalent of a real-world
Trojan Horse, where the attacker tempts users with
free or found physical media (USB drives) and relies on
the curiosity or greed of the victim – if they plug it in,
they are hacked!
Follow the ATE – AWARENESS, TRAINING and
EDUCATION security concept for all employees, no
matter what level and what position they hold in the
organization. While C-level employees are great
targets, their admins can be even more powerful
vectors for attack!
25. IP ADRESS
A Unique identifier
Way to identify machineon a network
Connectto other computer
26. IP Address
• An Internet Protocol (IP) address is a numerical
label assigned to each device (e.g. computer,
printer etc.) participating in a computer
network that uses the Internet Protocol for
communication.
• Its role has been characterized as follows:
"A name indicates what we seek. An address
indicates where it is. A route indicates how to
get there.”
27. IP Address
• Internet Protocol can be defined as a 32 -
bit number and this system, known as Internet
Protocol Version 4 (IPv4), is still in use today.
• IP addresses are usually written and displayed
in human-readable notations, such as
172.16.254.1 (IPv4), and
2001:db8:0:1234:0:567:8:1 (IPv6).
28. MAC ADDRESS
Media Access Control
Mac attack technique employed to compromise security of network
switches. So that switches star behaving like a hub and switches and hub
are two different things.
29. What is MAC address?
Switches turns into hub.
User 1
User 2
Mac hood
hacker
30. MACAttack
If User 1 sending information to User 2 and hacker
sends bogus MAC address, then switch behaves as hub.
So attacker gets sensitive information like password,
protected files, credit card number and more.
Due to Mac address you are identified in a computer
network
31. MACAttack
Physical Address: This is your identification in a
network. E.g.: 08-00-27-00-S4-7E .
When spoofing attack is done, attacker pretends
to be someone else by falsifying data and there
by gain restricted sources and steals personal
information.
By changing MAC address we pretend that we are
something else.
32. We all have seen that all websites start from either ‘https’ or
‘http’. So, what is http and https in relation to hacking
HTTP (HyperText Transfer
Protocol) and HTTPS
(HyperText Transfer Protocol
Secure)
34. When We use HTTP
A SENDS
PASSWORD
B RECEIVES
PASSWORD
HACKER HACKES LINKS
GETS PASSWORD
35. When We use HTTPs
A SENDS
PASSWORD
B RECEIVES MESSAGE
ENCRYPTED DECRYPTED
36. Proxy means to represent someone else in your name.
To mask your IP under a proxy server to show that you
live in a different country and to make yourself
untraceable.
39. Types of PROXY
• Direct Attack
• Logged Attack
Proxy
Attacker Target
Attacker USA Target
40. • Using proxy changing
Continued…
Attacker
Using proxy
changing Target
We can use proxy changing, so that target will
never know our destination.
41. Go to Google chrome and then type hide me. Then go to
free proxy. Then you can access Google of any country
like Germany, USA, Netherland.
You can also use Hideme.be.
Hide.me simply hide your identity to which country you
belongs.
Go to Google and type proxy list hide my ass. In this you
get IP address of different countries to use as proxy IP
address.
How to se Proxy changing