Exploring iOS App Development: Simplifying the Process
Introduction to Ethical Hacking
1. Muhammad Nasir Mumtaz Bhutta
College of Computer Science and Information Systems
King Faisal University, Saudi Arabia
Email: mmbhutta@kfu.edu.sa,
Tel: +966 – 13589-9207
Office: 2088, first floor, CCSIT Building
www.kfu.edu.sa
CCSIT Cyberlympics 2017
Introduction to Ethical Hacking
07 February 2017
2. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Presentation Overview
• Hacking Overview
• Top Cyber Attacks in History
• Motivations for Black Hat Hackers
• Secret Behind launching attacks on very complex systems
• Types of Hackers
• Why Learn Hacking
• Areas of Hacking
• Basic skills to learn to learn basic hacking
• Assignment 1 Details
– Helpful Resources for Assignment
• Complete Plan for “CCSIT Cyberlympics 2017” Trainings
• Future Security Related Activities in CCSIT
2
3. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Hacking
• Any technical effort to manipulate the normal working of
any computing device or network is called “Hacking”.
– A hacker is a person engaged in hacking.
• Hacking originated from MIT in 1950s or 1960s.
– Before internet became popular, people were illegally modifying
telephones to make free long distance calls.
• Now, Hackers are affecting all fields of life including:
– Banking Systems - Businesses
– Academic Institutes - Vehicles (Cars, Trains)
– Mobile Phones - Space (Satellites, Air Planes)
– Industries (Manufacturing, Distributions, Chemical Plants, Oil
Refineries)
– Any other systems relying on computers for their operations.
3
4. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Selected Top Cyber Attacks in
History
Attack Details & Impact
Presidential-Level Espionage In 2008, suspected hackers from China attacked
computer systems being used in campaigns of
Barrack Obama. FBI confiscated all computers
and electronic devices. Now also rumors about
cyber attack on voting in America in 2016
elections where Trump has won the elections.
Stuxnet Iran Nuclear plant was attacked in June 2010 by
destroying 1000 nuclear centrifuges. It set back
Iran at least 2 years back in their nuclear
program.
Opi Israel Israel was attacked on April 7, 2012 in
remembrance of Holocaust to erase Israel from
the internet. All websites were tried to become
unavailable on internet.
Shamoon, Cutting Sword of Justice Attack on Aramco on 15 August 2012, 30,000
workstations affected, “Shamoon" virus was used
by “Cutting Sword of Justice” hackers group.
4
Sources:1. http://list25.com/25-biggest-cyber-attacks-in-history/5/ 2. https://en.wikipedia.org/wiki/Saudi_Aramco#Cyber_Attack
5. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Motivations for Black Hat
Hackers
• Big Games (High Impact Attacks)
– Business Gain
– Politically Motivated
– State/Country Sponsored Attacks
• Middle Level Attacks
– Attacks on small organizations to harm or affecting
products
• Low Impact Attacks
– Friend’s Rifts, Gaining popularity, Just for Chill.
5
6. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Secret Behind Launching Such
Big Attacks
• All big systems like Aero planes, Computer Controlled
Trains, Computer Controlled Cars, Satellites, Voting
Campaigns, state secret systems are:
– Just simple computer programs written specifically for special
needs, may be in C++, Java, C#, ASP.Net etc.
– These softwares are running on same hardware as of my PC
(most of times).
– These systems computers are connected by same networking
technology, protocols.
• So if one learns techniques to break simple softwares,
networks, web programs,
– Can advance skills to hack or test these above mentioned
complex systems as well.
6
7. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Types of Hackers
• Are there only bad people in the hacking world?
– No, there are different types of hackers in the world.
• Black Hat Hackers
– Violates computer security for little reasons beyond
maliciousness or personal gain.
• White Hat Hackers
– An ethical hacker who specializes in penetration testing to help
organizations.
• Grey Hat Hackers
– A hacker who may some time violate typical ethical or law
standards but does not have malicious intent as of black hat.
7
8. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Why Learn Hacking?
• To become “White Hat Hacker/Penetration Tester”.
– Not to harm world, other people or businesses.
• Organizations hire these people to test their security
and protect against found vulnerability.
• Penetration Testers are in very high much demand.
– Millions of Ethical hackers are needed by
organizations in the world by 2020.
– Highly paid jobs.
– Shortage of occupation in all world.
– Interesting work and highly skills are required.
8
9. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Areas of Hacking
• CCSIT focus for this year is only on two areas:
– Infrastructure Hacking
– Web Hacking
• Infrastructure Hacking
– Usually involves hacking computer systems on
network level.
• Web Application Hacking
– Usually involves hacking computer systems softwares
via web applications or code.
– More areas may be included in coming years.
9
10. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Basic Skills to Learn for Hacking
• There are few concepts to learn before learning infrastructure or
web hacking.
– It will be great if you can please learn these concepts before coming
workshops.
– Basic overview of these concepts will be discussed in training sessions
where needed.
• Infrastructure Hacking
• Application (Web) Hacking
10
Networking Concepts
(Devices, Switches,
Routers, Servers)
Protocols (TCP, IP,
HTTP, HTTPs)
Headers info
Basic Linux
Commands
(Installation, using
Command Prompt)
Comfortable using
Tools
Web Programming
Language at least
one (PHP, Java,
ASP.Net)
Scripting Languages
Concepts at least one
(Java script,
VBScript, JQuery etc)
Good Understanding
of HTML
Comfortable using
Tools
11. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Assignment 1
• Establish a small lab on your laptop for experiments:
– Task 1: Install Vmware player on your laptop to create “Virtual
Machines”.
– Task 2: Create “Attacking Machine (AM)” as virtual machine by
installing “Kali Linux”.
– Task 3: Create “Victim Machine (VM)” as virtual machine by
installing “Metasploitable II” to face attacks launched by AM.
• Students who will not complete Assignment before next
workshop will not be allowed to sit in next training
workshop.
– Also will be considered out of the Cyberlympics competition as
well.
11
12. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Helpful Resources for
Assignment 1
• All softwares are downloaded by CCSIT Dept
(Contact Mr. Ahmad in CCSIT):
– Vmware player installation setup, Kali Linux and
Metasploitable II will be shared on network (around
3.4 GB space is required).
– All students, please login to their accounts in labs to
copy all softwares from shared folder.
• DVD can be collected from IT Dept to write these setups.
• Student’s own USB drvies can also be used to copy these
setup files.
– Installation manuals for all required softwares can be
obtained from IT Dept.
12
13. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Complete Plan for “CCSIT
Cyberlympics 2017”
13
Workshop 1: Introduction to Ethical Hacking 30 mins lecture by Dr. M Nasir Mumtaz Bhutta
07 Feb 2017
Assignment 1: Setting up lab on each student’s laptop Students will not be allowed to sit in the next workshop if didn’t
setup the lab.
Workshop 2: Penetration Testing Process 3 Hours workshop by Dr. M Nasir Mumtaz Bhutta
28 Feb 2017
Students will be split into two groups
Group 1 (Infrastructure/Network Hacking) Group 2 (Application/Web Hacking)
Assignment 2: Prepare complete hacking plan for given case
study
Assignment 2: Prepare complete hacking plan for given case
study(s)
Students will not be allowed to sit in the next workshop if didn’t complete the assignment.
Workshop 3: Infrastructure Hacking Tools and execution of
selected case study.
(3 Hours workshop by Dr. M Nasir Mumtaz Bhutta 28 March
2017)
Workshop 4: Infrastructure Hacking Tools and execution of
selected case study.
(3 Hours workshop by Dr. M Nasir Mumtaz Bhutta, 25 April
2017)
Assignment 3: Students will be given small hacking tasks to practice. Similar kind of tasks will be set in the competition.
Best 10 Boys Teams and 10 Girls Teams will be selected from the Assignment 3 for competition day.
Competition Day Plan and Preparation (will be announced later)
14. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa
Future Plans to Advance Security
Teaching/Research in CCSIT
• ISACA Official Student Group
• Establishing Research Cyber Security
Group
• Establishment of Cyber Security Lab
• More workshops will be conducted on
training of ethical hacking
– CCSIT Activities calendar has already
published details.
14
15. Dr M Nasir Mumtaz Bhutta www.kfu.edu.sa15
Thanks for listening !
»Questions ?