SlideShare a Scribd company logo

Introduction to Ethical Hacking

Nasir Bhutta
Nasir Bhutta

The first workshop in series of training workshops for learning ethical hacking.

Software
1 of 15
Download to read offline
Muhammad Nasir Mumtaz Bhutta College of Computer Science and Information Systems King Faisal University, Saudi Arabia Email: mmbhutta@kfu.edu.sa, Tel: +966 – 13589-9207 Office: 2088, first floor, CCSIT Building www.kfu.edu.sa CCSIT Cyberlympics 2017 Introduction to Ethical Hacking 07 February 2017
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Presentation Overview • Hacking Overview • Top Cyber Attacks in History • Motivations for Black Hat Hackers • Secret Behind launching attacks on very complex systems • Types of Hackers • Why Learn Hacking • Areas of Hacking • Basic skills to learn to learn basic hacking • Assignment 1 Details – Helpful Resources for Assignment • Complete Plan for “CCSIT Cyberlympics 2017” Trainings • Future Security Related Activities in CCSIT 2
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Hacking • Any technical effort to manipulate the normal working of any computing device or network is called “Hacking”. – A hacker is a person engaged in hacking. • Hacking originated from MIT in 1950s or 1960s. – Before internet became popular, people were illegally modifying telephones to make free long distance calls. • Now, Hackers are affecting all fields of life including: – Banking Systems - Businesses – Academic Institutes - Vehicles (Cars, Trains) – Mobile Phones - Space (Satellites, Air Planes) – Industries (Manufacturing, Distributions, Chemical Plants, Oil Refineries) – Any other systems relying on computers for their operations. 3
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Selected Top Cyber Attacks in History Attack Details & Impact Presidential-Level Espionage In 2008, suspected hackers from China attacked computer systems being used in campaigns of Barrack Obama. FBI confiscated all computers and electronic devices. Now also rumors about cyber attack on voting in America in 2016 elections where Trump has won the elections. Stuxnet Iran Nuclear plant was attacked in June 2010 by destroying 1000 nuclear centrifuges. It set back Iran at least 2 years back in their nuclear program. Opi Israel Israel was attacked on April 7, 2012 in remembrance of Holocaust to erase Israel from the internet. All websites were tried to become unavailable on internet. Shamoon, Cutting Sword of Justice Attack on Aramco on 15 August 2012, 30,000 workstations affected, “Shamoon" virus was used by “Cutting Sword of Justice” hackers group. 4 Sources:1. http://list25.com/25-biggest-cyber-attacks-in-history/5/ 2. https://en.wikipedia.org/wiki/Saudi_Aramco#Cyber_Attack
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Motivations for Black Hat Hackers • Big Games (High Impact Attacks) – Business Gain – Politically Motivated – State/Country Sponsored Attacks • Middle Level Attacks – Attacks on small organizations to harm or affecting products • Low Impact Attacks – Friend’s Rifts, Gaining popularity, Just for Chill. 5
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Secret Behind Launching Such Big Attacks • All big systems like Aero planes, Computer Controlled Trains, Computer Controlled Cars, Satellites, Voting Campaigns, state secret systems are: – Just simple computer programs written specifically for special needs, may be in C++, Java, C#, ASP.Net etc. – These softwares are running on same hardware as of my PC (most of times). – These systems computers are connected by same networking technology, protocols. • So if one learns techniques to break simple softwares, networks, web programs, – Can advance skills to hack or test these above mentioned complex systems as well. 6
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Types of Hackers • Are there only bad people in the hacking world? – No, there are different types of hackers in the world. • Black Hat Hackers – Violates computer security for little reasons beyond maliciousness or personal gain. • White Hat Hackers – An ethical hacker who specializes in penetration testing to help organizations. • Grey Hat Hackers – A hacker who may some time violate typical ethical or law standards but does not have malicious intent as of black hat. 7
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Why Learn Hacking? • To become “White Hat Hacker/Penetration Tester”. – Not to harm world, other people or businesses. • Organizations hire these people to test their security and protect against found vulnerability. • Penetration Testers are in very high much demand. – Millions of Ethical hackers are needed by organizations in the world by 2020. – Highly paid jobs. – Shortage of occupation in all world. – Interesting work and highly skills are required. 8
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Areas of Hacking • CCSIT focus for this year is only on two areas: – Infrastructure Hacking – Web Hacking • Infrastructure Hacking – Usually involves hacking computer systems on network level. • Web Application Hacking – Usually involves hacking computer systems softwares via web applications or code. – More areas may be included in coming years. 9
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Basic Skills to Learn for Hacking • There are few concepts to learn before learning infrastructure or web hacking. – It will be great if you can please learn these concepts before coming workshops. – Basic overview of these concepts will be discussed in training sessions where needed. • Infrastructure Hacking • Application (Web) Hacking 10 Networking Concepts (Devices, Switches, Routers, Servers) Protocols (TCP, IP, HTTP, HTTPs) Headers info Basic Linux Commands (Installation, using Command Prompt) Comfortable using Tools Web Programming Language at least one (PHP, Java, ASP.Net) Scripting Languages Concepts at least one (Java script, VBScript, JQuery etc) Good Understanding of HTML Comfortable using Tools
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Assignment 1 • Establish a small lab on your laptop for experiments: – Task 1: Install Vmware player on your laptop to create “Virtual Machines”. – Task 2: Create “Attacking Machine (AM)” as virtual machine by installing “Kali Linux”. – Task 3: Create “Victim Machine (VM)” as virtual machine by installing “Metasploitable II” to face attacks launched by AM. • Students who will not complete Assignment before next workshop will not be allowed to sit in next training workshop. – Also will be considered out of the Cyberlympics competition as well. 11
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Helpful Resources for Assignment 1 • All softwares are downloaded by CCSIT Dept (Contact Mr. Ahmad in CCSIT): – Vmware player installation setup, Kali Linux and Metasploitable II will be shared on network (around 3.4 GB space is required). – All students, please login to their accounts in labs to copy all softwares from shared folder. • DVD can be collected from IT Dept to write these setups. • Student’s own USB drvies can also be used to copy these setup files. – Installation manuals for all required softwares can be obtained from IT Dept. 12
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Complete Plan for “CCSIT Cyberlympics 2017” 13 Workshop 1: Introduction to Ethical Hacking 30 mins lecture by Dr. M Nasir Mumtaz Bhutta 07 Feb 2017 Assignment 1: Setting up lab on each student’s laptop Students will not be allowed to sit in the next workshop if didn’t setup the lab. Workshop 2: Penetration Testing Process 3 Hours workshop by Dr. M Nasir Mumtaz Bhutta 28 Feb 2017 Students will be split into two groups Group 1 (Infrastructure/Network Hacking) Group 2 (Application/Web Hacking) Assignment 2: Prepare complete hacking plan for given case study Assignment 2: Prepare complete hacking plan for given case study(s) Students will not be allowed to sit in the next workshop if didn’t complete the assignment. Workshop 3: Infrastructure Hacking Tools and execution of selected case study. (3 Hours workshop by Dr. M Nasir Mumtaz Bhutta 28 March 2017) Workshop 4: Infrastructure Hacking Tools and execution of selected case study. (3 Hours workshop by Dr. M Nasir Mumtaz Bhutta, 25 April 2017) Assignment 3: Students will be given small hacking tasks to practice. Similar kind of tasks will be set in the competition. Best 10 Boys Teams and 10 Girls Teams will be selected from the Assignment 3 for competition day. Competition Day Plan and Preparation (will be announced later)
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Future Plans to Advance Security Teaching/Research in CCSIT • ISACA Official Student Group • Establishing Research Cyber Security Group • Establishment of Cyber Security Lab • More workshops will be conducted on training of ethical hacking – CCSIT Activities calendar has already published details. 14
Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa15 Thanks for listening ! »Questions ?

Recommended

Ccsit cyberlympics 2017 workshop 3 - presentation
Ccsit cyberlympics 2017 workshop 3 - presentationCcsit cyberlympics 2017 workshop 3 - presentation
Ccsit cyberlympics 2017 workshop 3 - presentationNasir Bhutta
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Kabul Education University
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation TrainingBryan Len
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2Kabul Education University
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Kabul Education University
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-wantSecurity Bootcamp
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systemsCity Unrulyversity
 

Recommended

Ccsit cyberlympics 2017 workshop 3 - presentation
Ccsit cyberlympics 2017 workshop 3 - presentationCcsit cyberlympics 2017 workshop 3 - presentation
Ccsit cyberlympics 2017 workshop 3 - presentationNasir Bhutta
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases Nasir Bhutta
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Kabul Education University
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation TrainingBryan Len
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2Kabul Education University
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Kabul Education University
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-wantSecurity Bootcamp
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systemsCity Unrulyversity
 
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)Pace IT at Edmonds Community College
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering AttacksPACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering AttacksPace IT at Edmonds Community College
 
PACE-IT, Security+3.5: Types of Application Attacks (part 2)
PACE-IT, Security+3.5: Types of Application Attacks (part 2)PACE-IT, Security+3.5: Types of Application Attacks (part 2)
PACE-IT, Security+3.5: Types of Application Attacks (part 2)Pace IT at Edmonds Community College
 
Information Security Awareness
Information Security AwarenessInformation Security Awareness
Information Security AwarenessDigit Oktavianto
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1 Lastline, Inc.
 
PACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPace IT at Edmonds Community College
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewSam Bowne
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Lastline, Inc.
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecuritySecurity Bootcamp
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3 Kabul Education University
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot EssentialsAnton Chuvakin
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Open Analytics
 
Security & Privacy - Lecture A
Security & Privacy - Lecture ASecurity & Privacy - Lecture A
Security & Privacy - Lecture ACMDLearning
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Cyber Attack Analysis
Cyber Attack AnalysisCyber Attack Analysis
Cyber Attack Analysiscodefortomorrow
 

More Related Content

What's hot

Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Information Security Awareness
Information Security AwarenessInformation Security Awareness
Information Security AwarenessDigit Oktavianto
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1 Lastline, Inc.
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewSam Bowne
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Lastline, Inc.
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecuritySecurity Bootcamp
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Open Analytics
 
Security & Privacy - Lecture A
Security & Privacy - Lecture ASecurity & Privacy - Lecture A
Security & Privacy - Lecture ACMDLearning
 

What's hot (20)

PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering AttacksPACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
 
PACE-IT, Security+3.5: Types of Application Attacks (part 2)
PACE-IT, Security+3.5: Types of Application Attacks (part 2)PACE-IT, Security+3.5: Types of Application Attacks (part 2)
PACE-IT, Security+3.5: Types of Application Attacks (part 2)
 
Information Security Awareness
Information Security AwarenessInformation Security Awareness
Information Security Awareness
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1
 
PACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPACE-IT: Common Network Security Issues
PACE-IT: Common Network Security Issues
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking Overview
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known Vulnerabilities
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer Privacy
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurity
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet Security
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
 
Security & Privacy - Lecture A
Security & Privacy - Lecture ASecurity & Privacy - Lecture A
Security & Privacy - Lecture A
 

Similar to Introduction to Ethical Hacking

Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET Journal
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
Network security
Network securityNetwork security
Network securitymena kaheel
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
Brief Introduction of Hackers
Brief Introduction of HackersBrief Introduction of Hackers
Brief Introduction of HackersChintzy
 
CYBERSECURITY TRACK.pptx
CYBERSECURITY TRACK.pptxCYBERSECURITY TRACK.pptx
CYBERSECURITY TRACK.pptxlevimax2
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 
Report on hacking crime and workable solution
Report on hacking crime and workable solutionReport on hacking crime and workable solution
Report on hacking crime and workable solutionShohag Prodhan
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)Rohana K Amarakoon
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisIRJET Journal
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Qazi Anwar
 

Similar to Introduction to Ethical Hacking (20)

Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
Cyber Attack Analysis
Cyber Attack AnalysisCyber Attack Analysis
Cyber Attack Analysis
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
hacker culture
hacker culturehacker culture
hacker culture
 
Network security
Network securityNetwork security
Network security
 
CA_Module_1.pptx
CA_Module_1.pptxCA_Module_1.pptx
CA_Module_1.pptx
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurity
 
Brief Introduction of Hackers
Brief Introduction of HackersBrief Introduction of Hackers
Brief Introduction of Hackers
 
CYBERSECURITY TRACK.pptx
CYBERSECURITY TRACK.pptxCYBERSECURITY TRACK.pptx
CYBERSECURITY TRACK.pptx
 
Hacking (1)
Hacking (1)Hacking (1)
Hacking (1)
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
 
Report on hacking crime and workable solution
Report on hacking crime and workable solutionReport on hacking crime and workable solution
Report on hacking crime and workable solution
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
 

More from Nasir Bhutta

Blockchain for Interdisciplinary Research
Blockchain for Interdisciplinary ResearchBlockchain for Interdisciplinary Research
Blockchain for Interdisciplinary ResearchNasir Bhutta
 
Basics of Blockchain Technology
Basics of Blockchain TechnologyBasics of Blockchain Technology
Basics of Blockchain TechnologyNasir Bhutta
 
secure smart cities
secure smart cities secure smart cities
secure smart citiesNasir Bhutta
 
Different types of networks
Different types of networksDifferent types of networks
Different types of networksNasir Bhutta
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Topics in network security
Topics in network securityTopics in network security
Topics in network securityNasir Bhutta
 
Introduction to Secure Delay/Disruption Tolerant Networks (DTN)
Introduction to Secure Delay/Disruption Tolerant Networks (DTN)Introduction to Secure Delay/Disruption Tolerant Networks (DTN)
Introduction to Secure Delay/Disruption Tolerant Networks (DTN)Nasir Bhutta
 
Multilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet ProtocolsMultilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet ProtocolsNasir Bhutta
 
Cyber Security: Trends and Globar War
Cyber Security: Trends and Globar WarCyber Security: Trends and Globar War
Cyber Security: Trends and Globar WarNasir Bhutta
 
Introduction to Delay/Disruption Tolerant Networking and Applications
Introduction to Delay/Disruption Tolerant Networking and ApplicationsIntroduction to Delay/Disruption Tolerant Networking and Applications
Introduction to Delay/Disruption Tolerant Networking and ApplicationsNasir Bhutta
 
Cloud computing overview & current research
Cloud computing overview & current researchCloud computing overview & current research
Cloud computing overview & current researchNasir Bhutta
 

More from Nasir Bhutta (11)

Blockchain for Interdisciplinary Research
Blockchain for Interdisciplinary ResearchBlockchain for Interdisciplinary Research
Blockchain for Interdisciplinary Research
 
Basics of Blockchain Technology
Basics of Blockchain TechnologyBasics of Blockchain Technology
Basics of Blockchain Technology
 
secure smart cities
secure smart cities secure smart cities
secure smart cities
 
Different types of networks
Different types of networksDifferent types of networks
Different types of networks
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
 
Introduction to Secure Delay/Disruption Tolerant Networks (DTN)
Introduction to Secure Delay/Disruption Tolerant Networks (DTN)Introduction to Secure Delay/Disruption Tolerant Networks (DTN)
Introduction to Secure Delay/Disruption Tolerant Networks (DTN)
 
Multilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet ProtocolsMultilayer Security Architecture for Internet Protocols
Multilayer Security Architecture for Internet Protocols
 
Cyber Security: Trends and Globar War
Cyber Security: Trends and Globar WarCyber Security: Trends and Globar War
Cyber Security: Trends and Globar War
 
Introduction to Delay/Disruption Tolerant Networking and Applications
Introduction to Delay/Disruption Tolerant Networking and ApplicationsIntroduction to Delay/Disruption Tolerant Networking and Applications
Introduction to Delay/Disruption Tolerant Networking and Applications
 
Cloud computing overview & current research
Cloud computing overview & current researchCloud computing overview & current research
Cloud computing overview & current research
 

Recently uploaded

TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 

Recently uploaded (20)

TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 

Introduction to Ethical Hacking

  • 1. Muhammad Nasir Mumtaz Bhutta College of Computer Science and Information Systems King Faisal University, Saudi Arabia Email: mmbhutta@kfu.edu.sa, Tel: +966 – 13589-9207 Office: 2088, first floor, CCSIT Building www.kfu.edu.sa CCSIT Cyberlympics 2017 Introduction to Ethical Hacking 07 February 2017
  • 2. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Presentation Overview • Hacking Overview • Top Cyber Attacks in History • Motivations for Black Hat Hackers • Secret Behind launching attacks on very complex systems • Types of Hackers • Why Learn Hacking • Areas of Hacking • Basic skills to learn to learn basic hacking • Assignment 1 Details – Helpful Resources for Assignment • Complete Plan for “CCSIT Cyberlympics 2017” Trainings • Future Security Related Activities in CCSIT 2
  • 3. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Hacking • Any technical effort to manipulate the normal working of any computing device or network is called “Hacking”. – A hacker is a person engaged in hacking. • Hacking originated from MIT in 1950s or 1960s. – Before internet became popular, people were illegally modifying telephones to make free long distance calls. • Now, Hackers are affecting all fields of life including: – Banking Systems - Businesses – Academic Institutes - Vehicles (Cars, Trains) – Mobile Phones - Space (Satellites, Air Planes) – Industries (Manufacturing, Distributions, Chemical Plants, Oil Refineries) – Any other systems relying on computers for their operations. 3
  • 4. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Selected Top Cyber Attacks in History Attack Details & Impact Presidential-Level Espionage In 2008, suspected hackers from China attacked computer systems being used in campaigns of Barrack Obama. FBI confiscated all computers and electronic devices. Now also rumors about cyber attack on voting in America in 2016 elections where Trump has won the elections. Stuxnet Iran Nuclear plant was attacked in June 2010 by destroying 1000 nuclear centrifuges. It set back Iran at least 2 years back in their nuclear program. Opi Israel Israel was attacked on April 7, 2012 in remembrance of Holocaust to erase Israel from the internet. All websites were tried to become unavailable on internet. Shamoon, Cutting Sword of Justice Attack on Aramco on 15 August 2012, 30,000 workstations affected, “Shamoon" virus was used by “Cutting Sword of Justice” hackers group. 4 Sources:1. http://list25.com/25-biggest-cyber-attacks-in-history/5/ 2. https://en.wikipedia.org/wiki/Saudi_Aramco#Cyber_Attack
  • 5. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Motivations for Black Hat Hackers • Big Games (High Impact Attacks) – Business Gain – Politically Motivated – State/Country Sponsored Attacks • Middle Level Attacks – Attacks on small organizations to harm or affecting products • Low Impact Attacks – Friend’s Rifts, Gaining popularity, Just for Chill. 5
  • 6. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Secret Behind Launching Such Big Attacks • All big systems like Aero planes, Computer Controlled Trains, Computer Controlled Cars, Satellites, Voting Campaigns, state secret systems are: – Just simple computer programs written specifically for special needs, may be in C++, Java, C#, ASP.Net etc. – These softwares are running on same hardware as of my PC (most of times). – These systems computers are connected by same networking technology, protocols. • So if one learns techniques to break simple softwares, networks, web programs, – Can advance skills to hack or test these above mentioned complex systems as well. 6
  • 7. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Types of Hackers • Are there only bad people in the hacking world? – No, there are different types of hackers in the world. • Black Hat Hackers – Violates computer security for little reasons beyond maliciousness or personal gain. • White Hat Hackers – An ethical hacker who specializes in penetration testing to help organizations. • Grey Hat Hackers – A hacker who may some time violate typical ethical or law standards but does not have malicious intent as of black hat. 7
  • 8. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Why Learn Hacking? • To become “White Hat Hacker/Penetration Tester”. – Not to harm world, other people or businesses. • Organizations hire these people to test their security and protect against found vulnerability. • Penetration Testers are in very high much demand. – Millions of Ethical hackers are needed by organizations in the world by 2020. – Highly paid jobs. – Shortage of occupation in all world. – Interesting work and highly skills are required. 8
  • 9. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Areas of Hacking • CCSIT focus for this year is only on two areas: – Infrastructure Hacking – Web Hacking • Infrastructure Hacking – Usually involves hacking computer systems on network level. • Web Application Hacking – Usually involves hacking computer systems softwares via web applications or code. – More areas may be included in coming years. 9
  • 10. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Basic Skills to Learn for Hacking • There are few concepts to learn before learning infrastructure or web hacking. – It will be great if you can please learn these concepts before coming workshops. – Basic overview of these concepts will be discussed in training sessions where needed. • Infrastructure Hacking • Application (Web) Hacking 10 Networking Concepts (Devices, Switches, Routers, Servers) Protocols (TCP, IP, HTTP, HTTPs) Headers info Basic Linux Commands (Installation, using Command Prompt) Comfortable using Tools Web Programming Language at least one (PHP, Java, ASP.Net) Scripting Languages Concepts at least one (Java script, VBScript, JQuery etc) Good Understanding of HTML Comfortable using Tools
  • 11. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Assignment 1 • Establish a small lab on your laptop for experiments: – Task 1: Install Vmware player on your laptop to create “Virtual Machines”. – Task 2: Create “Attacking Machine (AM)” as virtual machine by installing “Kali Linux”. – Task 3: Create “Victim Machine (VM)” as virtual machine by installing “Metasploitable II” to face attacks launched by AM. • Students who will not complete Assignment before next workshop will not be allowed to sit in next training workshop. – Also will be considered out of the Cyberlympics competition as well. 11
  • 12. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Helpful Resources for Assignment 1 • All softwares are downloaded by CCSIT Dept (Contact Mr. Ahmad in CCSIT): – Vmware player installation setup, Kali Linux and Metasploitable II will be shared on network (around 3.4 GB space is required). – All students, please login to their accounts in labs to copy all softwares from shared folder. • DVD can be collected from IT Dept to write these setups. • Student’s own USB drvies can also be used to copy these setup files. – Installation manuals for all required softwares can be obtained from IT Dept. 12
  • 13. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Complete Plan for “CCSIT Cyberlympics 2017” 13 Workshop 1: Introduction to Ethical Hacking 30 mins lecture by Dr. M Nasir Mumtaz Bhutta 07 Feb 2017 Assignment 1: Setting up lab on each student’s laptop Students will not be allowed to sit in the next workshop if didn’t setup the lab. Workshop 2: Penetration Testing Process 3 Hours workshop by Dr. M Nasir Mumtaz Bhutta 28 Feb 2017 Students will be split into two groups Group 1 (Infrastructure/Network Hacking) Group 2 (Application/Web Hacking) Assignment 2: Prepare complete hacking plan for given case study Assignment 2: Prepare complete hacking plan for given case study(s) Students will not be allowed to sit in the next workshop if didn’t complete the assignment. Workshop 3: Infrastructure Hacking Tools and execution of selected case study. (3 Hours workshop by Dr. M Nasir Mumtaz Bhutta 28 March 2017) Workshop 4: Infrastructure Hacking Tools and execution of selected case study. (3 Hours workshop by Dr. M Nasir Mumtaz Bhutta, 25 April 2017) Assignment 3: Students will be given small hacking tasks to practice. Similar kind of tasks will be set in the competition. Best 10 Boys Teams and 10 Girls Teams will be selected from the Assignment 3 for competition day. Competition Day Plan and Preparation (will be announced later)
  • 14. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa Future Plans to Advance Security Teaching/Research in CCSIT • ISACA Official Student Group • Establishing Research Cyber Security Group • Establishment of Cyber Security Lab • More workshops will be conducted on training of ethical hacking – CCSIT Activities calendar has already published details. 14
  • 15. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa15 Thanks for listening ! »Questions ?