SlideShare a Scribd company logo

Black hat hackers

Download as PPTX, PDF
Santosh Kumar
Santosh Kumar
TechnologyNews & Politics
1 of 30
BLACK HAT HACKERS Rajitha.B 09131A1276 Information Technology 14-03-2013 1
OUTLINE • Introduction • History • Famous Hackers • Types of Hackers • Black Hat Hackers • Pre-Hacking stage • Domains affected by Hacking • Types of attacks • Detection and counter measures • SQL Injection • Pros and cons • Conclusion • References 14-03-2013 2
Introduction Hacking refers to an array of activities which are done to intrude someone else‟s personal information space so as to use it for malicious, unwanted purposes. Hacking is a term used for activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks. 14-03-2013 3
History  1980s - Cyberspace coined -414 arrested -Two hacker groups formed -2600 published  1990s -National Crackdown on hackers -Kevin Mitnick arrested 14-03-2013 4
Cont.…  2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others.  2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account. 14-03-2013 5
Famous Hackers 14-03-2013 6
Types of hackers  White hat hacker(The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert.)  Black hat hacker(illegal or bad )  Grey hat hacker(A grey hat in the hacking community refers to a skilled hacker whose activities fall somewhere between white and black hat hackers) 14-03-2013 7
Black Hat Hackers  A "black hat hacker” is a hacker who violates computer security for little reason beyond maliciousness or for personal gain.  Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. 14-03-2013 8
Pre-hacking stage Part 1: Targeting The hacker determines what network to break into during this phase. The target may be of particular interest to the hacker, either politically or personally, or it may be picked at random. Part 2: Research and Information Gathering It is in this stage that the hacker will visit or contact the target in some way in hopes of finding out vital information that will help them to access the system. 14-03-2013 9
Cont.… Part 3: Finishing The Attack This is the stage when the hacker will invade the primary target that he/she was planning to attack or steal from. 14-03-2013 10
Domains affected by hacking  Mobile hacking  Email hacking  Data stealing  Injecting virus and Trojans  Man -in-middle attacks  Internet applications 14-03-2013 11
TYPES OF ATTACKS  Denial of Services attacks  Threat from Sniffing and Key Logging  Trojan Attacks 14-03-2013 12
Denial of Services (DOS) Attacks DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system. In other words, a DOS attack is one in which clogging up so much memory on the target system that it cannot serve legitimate users. 14-03-2013 13
DOS Attacks: Ping of Death Attack The maximum packet size allowed to be transmitted by TCPIP on a network is 65 536 bytes. In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCPIP, is sent to the target system. As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs. 14-03-2013 14
sniffers and Key loggers Sniffers: capture all data packets being sent across the network. Commonly Used for: Traffic Monitoring Network Trouble shooting Gathering Information on Attacker. For stealing company Secrets and sensitive data. Commonly Available Sniffers • tcpdump • DSniff 14-03-2013 15
Threats from key loggers Key loggers: Records all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker. Countermeasures  Periodic Detection practices should be made mandatory. A Typical Key Logger automatically loads itself into the memory, each time the computer boots.  Thus, the start up script of the Key Logger should be removed. 14-03-2013 16
Trojan Attacks Trojans: act as a RAT or Remote Administration Tool, which allow remote control and remote access to the attacker. Working: 1.The Server Part of the Trojan is installed on the target system through trickery or disguise. 2.This server part listens on a predefined port for connections. 3.The attacker connects to this Server Part using the Client part of the Trojan on the predefined port number. 4.Once this is done, the attacker has complete control over the target system. 14-03-2013 17
Trojan Attacks : Detection and counter measures Detection & Countermeasures Scan your own system regularly. If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed. One can remove a Trojan using any normal Anti-Virus Software 14-03-2013 18
SQL injection  SQL injection is a technique often used to attack data driven applications.  This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed SQL command to the database.  string literal escape characters embedded in SQL statements like („ or * ) etc.  SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. 14-03-2013 19
Structure of SQL Injection 14-03-2013 20
How SQL Injection is performed?  when user input is not filtered for escape characters and is then passed into a SQL statement. The following line of code: statement = "SELECT * FROM users WHERE name = '" + userName + "';" For example: For example, setting the "userName" variable as: ' or '1'='1 ' or '1'='1' -- ' ' or '1'='1' ({ ' ' or '1'='1' /* ' 14-03-2013 21
Cont.….  The above username „1=1‟ is always true and can even delete the tables. SELECT * FROM users WHERE name = ''OR '1'='1'; Example: Step 1: Figure out how the application handles bad inputs • Email address is taken for the SQL injection hacker@programmerinterview.com' • The extra quote is added to the above email address. 14-03-2013 22
Cont.… The SQL statement as follows:  SELECT data FROM table WHERE Email input = hacker@programmerinterview.com”;  The query is injected as: SELECT data FROM table WHERE Email input = 'Y'; UPDATE table SET email = 'hacker@ymail.com' WHERE email = 'joe@ymail.com'; 14-03-2013 23
Cont.…  The hacker enters into the database and drops the tables .  Insertion of any other data in table can be done. 14-03-2013 24
SQL Injection 14-03-2013 25
SQL Injection Prevention  Encrypt sensitive data.  Access the database using an account with the least privileges necessary.  Install the database using an account with the least privileges necessary.  Ensure that data is valid. 14-03-2013 26
Pros and cons Pros • Increases computer security –when a hacker is hired he can be given a specific job or way to hack into the system. This can give company insight of possible back doors or openings into the company‟s security. Cons • The hacker can break into the system and steal information. • If the hacker is inexperience he can leave harmful programs and delete the information. 14-03-2013 27
Conclusion  Hacking may be defined as legal or illegal, ethical or unethical but useful for finding out possible back doors or openings into the computer security. 14-03-2013 28
References http://www.blackhatlibrary.net/Main_Page http://prezi.com/sxnobhzvsenq/hacking- and-cracking-pros-and-cons http://www.cybercure.in/hacking/ http://en.wikipedia.org/wiki/Hacker_(compu ter_security) http://en.wikipedia.org/wiki/The_Hacker_Cr ackdown Cyber cure customized e-book http://www.blackhat.com/presentations/bh- usa-04/bh-us-04-hotchkies/bh-us-04- hotchkies.pdf http://crypto.stanford.edu/cs142/lectures/1 6-sql-inj.pdf 14-03-2013 29
Thank you 14-03-2013 30

Recommended

Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: WannacryMikel Solabarrieta
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attackAbdelhakim Salama
 
Sit presentation - Hacking
Sit presentation - HackingSit presentation - Hacking
Sit presentation - Hackingmsolis0710
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 

Recommended

Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Ransomware: Wannacry
Ransomware: WannacryRansomware: Wannacry
Ransomware: WannacryMikel Solabarrieta
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attackAbdelhakim Salama
 
Sit presentation - Hacking
Sit presentation - HackingSit presentation - Hacking
Sit presentation - Hackingmsolis0710
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber SecurityDominic Rajesh
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks Anuradha Moti T
 
Cyber crime.pptx
Cyber crime.pptxCyber crime.pptx
Cyber crime.pptxDawood Faheem Abbasi
 
Data breach
Data breachData breach
Data breachBurhan Ahmed
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapanTapan Khilar
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismshaympariyar
 
Cyber security
Cyber securityCyber security
Cyber securityvishakha bhagwat
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
 
Cyber threats
Cyber threatsCyber threats
Cyber threatskelsports
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringPaul Devassy, CPP
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismSavigya Singh
 
Module 4 (enumeration)
Module 4 (enumeration)Module 4 (enumeration)
Module 4 (enumeration)Wail Hassan
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYMohammad Shakirul islam
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentationSuryansh Srivastava
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 

More Related Content

What's hot

General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber SecurityDominic Rajesh
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapanTapan Khilar
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
 
Cyber threats
Cyber threatsCyber threats
Cyber threatskelsports
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Module 4 (enumeration)
Module 4 (enumeration)Module 4 (enumeration)
Module 4 (enumeration)Wail Hassan
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 

What's hot (20)

General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
 
Cyber crime.pptx
Cyber crime.pptxCyber crime.pptx
Cyber crime.pptx
 
Data breach
Data breachData breach
Data breach
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
 
Cyber threats
Cyber threatsCyber threats
Cyber threats
 
Phishing
PhishingPhishing
Phishing
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
 
Cyber security
Cyber securityCyber security
Cyber security
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Module 4 (enumeration)
Module 4 (enumeration)Module 4 (enumeration)
Module 4 (enumeration)
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
 

Viewers also liked

Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingNeel Kamal
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Gohsuke Takama
 
Hacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksHacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksSrikanth VNV
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
How To Become A Successful Hacker In Only 10 Years
How To Become A Successful Hacker In Only 10 YearsHow To Become A Successful Hacker In Only 10 Years
How To Become A Successful Hacker In Only 10 Yearsluke_bkk
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern timesjeshin jose
 
Mobile operating system ppt
Mobile operating system pptMobile operating system ppt
Mobile operating system pptSantosh Kumar
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingjustyogesh
 
SecurityGateway for Email Servers - Feature Overview
SecurityGateway for Email Servers - Feature OverviewSecurityGateway for Email Servers - Feature Overview
SecurityGateway for Email Servers - Feature OverviewAlt-N Technologies
 

Viewers also liked (20)

Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016
 
Hacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksHacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer Networks
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
How To Become A Successful Hacker In Only 10 Years
How To Become A Successful Hacker In Only 10 YearsHow To Become A Successful Hacker In Only 10 Years
How To Become A Successful Hacker In Only 10 Years
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
 
Mobile operating system ppt
Mobile operating system pptMobile operating system ppt
Mobile operating system ppt
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber security
Cyber securityCyber security
Cyber security
 
M commerce ppt
M commerce pptM commerce ppt
M commerce ppt
 
Hackers
HackersHackers
Hackers
 
Network security
Network securityNetwork security
Network security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
SecurityGateway for Email Servers - Feature Overview
SecurityGateway for Email Servers - Feature OverviewSecurityGateway for Email Servers - Feature Overview
SecurityGateway for Email Servers - Feature Overview
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 

Similar to Black hat hackers

CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)SHUBHA CHATURVEDI
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
VTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesVTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesJayanth Dwijesh H P
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
Ethical_Hacking_ppt
Ethical_Hacking_pptEthical_Hacking_ppt
Ethical_Hacking_pptNarayanan
 
Security challenges of cloud computing
Security challenges of cloud computingSecurity challenges of cloud computing
Security challenges of cloud computingMd. Hasibur Rashid
 
ThreatModeling.ppt
ThreatModeling.pptThreatModeling.ppt
ThreatModeling.ppttashon2
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Komal Mehfooz
 
Ddos- distributed denial of service
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service laxmi chandolia
 

Similar to Black hat hackers (20)

CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurity
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
VTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesVTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notes
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Aw36294299
Aw36294299Aw36294299
Aw36294299
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
 
basic knowhow hacking
basic knowhow hackingbasic knowhow hacking
basic knowhow hacking
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 
Ethical_Hacking_ppt
Ethical_Hacking_pptEthical_Hacking_ppt
Ethical_Hacking_ppt
 
Security challenges of cloud computing
Security challenges of cloud computingSecurity challenges of cloud computing
Security challenges of cloud computing
 
System Security
System SecuritySystem Security
System Security
 
ThreatModeling.ppt
ThreatModeling.pptThreatModeling.ppt
ThreatModeling.ppt
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz)
 
Ddos- distributed denial of service
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

More from Santosh Kumar

human computer interface
human computer interfacehuman computer interface
human computer interfaceSantosh Kumar
 
Software technologies in defence ppt
Software technologies in defence pptSoftware technologies in defence ppt
Software technologies in defence pptSantosh Kumar
 
Holographic memory systems
Holographic memory systemsHolographic memory systems
Holographic memory systemsSantosh Kumar
 
motion sensing technology
motion sensing technologymotion sensing technology
motion sensing technologySantosh Kumar
 
Face recognition ppt
Face recognition pptFace recognition ppt
Face recognition pptSantosh Kumar
 

More from Santosh Kumar (6)

human computer interface
human computer interfacehuman computer interface
human computer interface
 
Bit torrent ppt
Bit torrent pptBit torrent ppt
Bit torrent ppt
 
Software technologies in defence ppt
Software technologies in defence pptSoftware technologies in defence ppt
Software technologies in defence ppt
 
Holographic memory systems
Holographic memory systemsHolographic memory systems
Holographic memory systems
 
motion sensing technology
motion sensing technologymotion sensing technology
motion sensing technology
 
Face recognition ppt
Face recognition pptFace recognition ppt
Face recognition ppt
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 

Black hat hackers

  • 2. OUTLINE • Introduction • History • Famous Hackers • Types of Hackers • Black Hat Hackers • Pre-Hacking stage • Domains affected by Hacking • Types of attacks • Detection and counter measures • SQL Injection • Pros and cons • Conclusion • References 14-03-2013 2
  • 3. Introduction Hacking refers to an array of activities which are done to intrude someone else‟s personal information space so as to use it for malicious, unwanted purposes. Hacking is a term used for activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks. 14-03-2013 3
  • 4. History  1980s - Cyberspace coined -414 arrested -Two hacker groups formed -2600 published  1990s -National Crackdown on hackers -Kevin Mitnick arrested 14-03-2013 4
  • 5. Cont.…  2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others.  2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account. 14-03-2013 5
  • 7. Types of hackers  White hat hacker(The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert.)  Black hat hacker(illegal or bad )  Grey hat hacker(A grey hat in the hacking community refers to a skilled hacker whose activities fall somewhere between white and black hat hackers) 14-03-2013 7
  • 8. Black Hat Hackers  A "black hat hacker” is a hacker who violates computer security for little reason beyond maliciousness or for personal gain.  Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. 14-03-2013 8
  • 9. Pre-hacking stage Part 1: Targeting The hacker determines what network to break into during this phase. The target may be of particular interest to the hacker, either politically or personally, or it may be picked at random. Part 2: Research and Information Gathering It is in this stage that the hacker will visit or contact the target in some way in hopes of finding out vital information that will help them to access the system. 14-03-2013 9
  • 10. Cont.… Part 3: Finishing The Attack This is the stage when the hacker will invade the primary target that he/she was planning to attack or steal from. 14-03-2013 10
  • 11. Domains affected by hacking  Mobile hacking  Email hacking  Data stealing  Injecting virus and Trojans  Man -in-middle attacks  Internet applications 14-03-2013 11
  • 12. TYPES OF ATTACKS  Denial of Services attacks  Threat from Sniffing and Key Logging  Trojan Attacks 14-03-2013 12
  • 13. Denial of Services (DOS) Attacks DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system. In other words, a DOS attack is one in which clogging up so much memory on the target system that it cannot serve legitimate users. 14-03-2013 13
  • 14. DOS Attacks: Ping of Death Attack The maximum packet size allowed to be transmitted by TCPIP on a network is 65 536 bytes. In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCPIP, is sent to the target system. As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs. 14-03-2013 14
  • 15. sniffers and Key loggers Sniffers: capture all data packets being sent across the network. Commonly Used for: Traffic Monitoring Network Trouble shooting Gathering Information on Attacker. For stealing company Secrets and sensitive data. Commonly Available Sniffers • tcpdump • DSniff 14-03-2013 15
  • 16. Threats from key loggers Key loggers: Records all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker. Countermeasures  Periodic Detection practices should be made mandatory. A Typical Key Logger automatically loads itself into the memory, each time the computer boots.  Thus, the start up script of the Key Logger should be removed. 14-03-2013 16
  • 17. Trojan Attacks Trojans: act as a RAT or Remote Administration Tool, which allow remote control and remote access to the attacker. Working: 1.The Server Part of the Trojan is installed on the target system through trickery or disguise. 2.This server part listens on a predefined port for connections. 3.The attacker connects to this Server Part using the Client part of the Trojan on the predefined port number. 4.Once this is done, the attacker has complete control over the target system. 14-03-2013 17
  • 18. Trojan Attacks : Detection and counter measures Detection & Countermeasures Scan your own system regularly. If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed. One can remove a Trojan using any normal Anti-Virus Software 14-03-2013 18
  • 19. SQL injection  SQL injection is a technique often used to attack data driven applications.  This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed SQL command to the database.  string literal escape characters embedded in SQL statements like („ or * ) etc.  SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. 14-03-2013 19
  • 20. Structure of SQL Injection 14-03-2013 20
  • 21. How SQL Injection is performed?  when user input is not filtered for escape characters and is then passed into a SQL statement. The following line of code: statement = "SELECT * FROM users WHERE name = '" + userName + "';" For example: For example, setting the "userName" variable as: ' or '1'='1 ' or '1'='1' -- ' ' or '1'='1' ({ ' ' or '1'='1' /* ' 14-03-2013 21
  • 22. Cont.….  The above username „1=1‟ is always true and can even delete the tables. SELECT * FROM users WHERE name = ''OR '1'='1'; Example: Step 1: Figure out how the application handles bad inputs • Email address is taken for the SQL injection hacker@programmerinterview.com' • The extra quote is added to the above email address. 14-03-2013 22
  • 23. Cont.… The SQL statement as follows:  SELECT data FROM table WHERE Email input = hacker@programmerinterview.com”;  The query is injected as: SELECT data FROM table WHERE Email input = 'Y'; UPDATE table SET email = 'hacker@ymail.com' WHERE email = 'joe@ymail.com'; 14-03-2013 23
  • 24. Cont.…  The hacker enters into the database and drops the tables .  Insertion of any other data in table can be done. 14-03-2013 24
  • 26. SQL Injection Prevention  Encrypt sensitive data.  Access the database using an account with the least privileges necessary.  Install the database using an account with the least privileges necessary.  Ensure that data is valid. 14-03-2013 26
  • 27. Pros and cons Pros • Increases computer security –when a hacker is hired he can be given a specific job or way to hack into the system. This can give company insight of possible back doors or openings into the company‟s security. Cons • The hacker can break into the system and steal information. • If the hacker is inexperience he can leave harmful programs and delete the information. 14-03-2013 27
  • 28. Conclusion  Hacking may be defined as legal or illegal, ethical or unethical but useful for finding out possible back doors or openings into the computer security. 14-03-2013 28