SlideShare uma empresa Scribd logo

ethical hacking tips

Transferir como PPT, PDF
M
mathewjose228

ethicalhacking228.blogspot.in pls logon to this site

Tecnologia
1 de 22
PRESENTED BY Mathew jose http://ethicalhacking228.blogspot.in/ pls logon to this site to get tips on ethical hacking re…..
Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Reporting Ethical Hacking – Commandments
What is Ethical Hacking Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Ethical Conforming to accepted professional standards of conduct Black-hat – Bad guys White-hat - Good Guys
What is Ethical Hacking  It is Legal  Permission is obtained from the target  Part of an overall security program  Identify vulnerabilities visible from Internet at particular point of time  Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
Why – Ethical Hacking January - 2005 June 01, 2004 to Dec.31, 2004 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Defacement Statistics for Indian Websites Source: CERT-India
Why – Ethical Hacking Total Number of Incidents Incidents Source: CERT/CC
Why – Ethical Hacking Source: US - CERT
Why – Ethical Hacking Protection from possible External Attacks Social Engineering Automated Organizational Attacks Attacks Restricted Data Accidental Breaches in Security Denial of Viruses, Trojan Service (DoS) Horses, and Worms
Ethical Hacking - Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
Preparation  Identification of Targets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
Footprinting Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
Enumeration & Fingerprinting  Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
Identification of Vulnerabilities Vulnerabilities  Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
Identification of Vulnerabilities Methods  Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
Attack – Exploit the vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
Attack – Exploit the vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
Attack – Exploit the vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
Attack – Exploit the vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
Reporting  Methodology  Exploited Conditions & Vulnerabilities that could not be exploited  Proof for Exploits - Trophies  Practical Security solutions
Ethical Hacking - Commandments  Working Ethically  Trustworthiness  Misuse for personal gain  Respecting Privacy  Not Crashing the Systems
QUESTIONS ???

Recomendados

Introduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinIntroduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinEslam Hussein
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0Murray Security Services
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15haney888
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internetAlexander Decker
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-bBbAOC
 
Hackers ethics presentation
Hackers ethics presentationHackers ethics presentation
Hackers ethics presentationteriwoja
 
Social Engineering : To Err is Human...
Social Engineering : To Err is Human...Social Engineering : To Err is Human...
Social Engineering : To Err is Human...n|u - The Open Security Community
 
Ethical_Hacking_ppt
Ethical_Hacking_pptEthical_Hacking_ppt
Ethical_Hacking_pptNarayanan
 

Recomendados

Introduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinIntroduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinEslam Hussein
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0Murray Security Services
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15haney888
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internetAlexander Decker
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-bBbAOC
 
Hackers ethics presentation
Hackers ethics presentationHackers ethics presentation
Hackers ethics presentationteriwoja
 
Social Engineering : To Err is Human...
Social Engineering : To Err is Human...Social Engineering : To Err is Human...
Social Engineering : To Err is Human...n|u - The Open Security Community
 
Ethical_Hacking_ppt
Ethical_Hacking_pptEthical_Hacking_ppt
Ethical_Hacking_pptNarayanan
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringNeelu Tripathy
 
P50 fahl
P50 fahlP50 fahl
P50 fahlКомсс Файквэе
 
Introduction To Hacking
Introduction To HackingIntroduction To Hacking
Introduction To HackingRaghav Bisht
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTechWell
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking pptVallapureddy Sravani
 
Security terms & definitions
Security terms & definitionsSecurity terms & definitions
Security terms & definitionsRozell Sneede
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII studentsAkiumi Hasegawa
 
Ethical hacking - Good Aspect of Hacking
Ethical hacking - Good Aspect of HackingEthical hacking - Good Aspect of Hacking
Ethical hacking - Good Aspect of HackingDivy Singh Rathore
 
Data privacy over internet
Data privacy over internetData privacy over internet
Data privacy over internetdevashishicai
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingViraj Kansara
 
Hacking presentation
Hacking presentationHacking presentation
Hacking presentationdineshgarhwal77
 
presentation on hacking
presentation on hackingpresentation on hacking
presentation on hackingAyush Upadhyay
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Cengage Learning
 
Privacy and Security Information
Privacy and Security InformationPrivacy and Security Information
Privacy and Security InformationAdeel Rasheed
 
Computer Security
Computer SecurityComputer Security
Computer SecurityVaibhavi Patel
 
Computer Security
Computer SecurityComputer Security
Computer SecurityKlynveld Peat Marwick Goerdeler Global Services
 
Alpha Tech Module7 8 glossary
Alpha Tech Module7 8 glossaryAlpha Tech Module7 8 glossary
Alpha Tech Module7 8 glossarythinkict
 
Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataLindsey Landolfi
 
APT & Data Breach - Lesson Learned
APT & Data Breach - Lesson LearnedAPT & Data Breach - Lesson Learned
APT & Data Breach - Lesson LearnedAde Ismail Isnan
 
Evaluating the effectiveness of strategies and alternatives to
Evaluating the effectiveness of strategies and alternatives toEvaluating the effectiveness of strategies and alternatives to
Evaluating the effectiveness of strategies and alternatives toandibonks
 
Hướng dẫn lắp đặt máy nước nóng năng lượng mặt trời
Hướng dẫn lắp đặt máy nước nóng năng lượng mặt trờiHướng dẫn lắp đặt máy nước nóng năng lượng mặt trời
Hướng dẫn lắp đặt máy nước nóng năng lượng mặt trờiLong Nguyen
 
Lighting design lecture
Lighting design lectureLighting design lecture
Lighting design lectureHytham Bardecy
 

Mais conteúdo relacionado

Mais procurados

Introduction To Hacking
Introduction To HackingIntroduction To Hacking
Introduction To HackingRaghav Bisht
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTechWell
 
Security terms & definitions
Security terms & definitionsSecurity terms & definitions
Security terms & definitionsRozell Sneede
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII studentsAkiumi Hasegawa
 
Ethical hacking - Good Aspect of Hacking
Ethical hacking - Good Aspect of HackingEthical hacking - Good Aspect of Hacking
Ethical hacking - Good Aspect of HackingDivy Singh Rathore
 
Data privacy over internet
Data privacy over internetData privacy over internet
Data privacy over internetdevashishicai
 
presentation on hacking
presentation on hackingpresentation on hacking
presentation on hackingAyush Upadhyay
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Cengage Learning
 
Privacy and Security Information
Privacy and Security InformationPrivacy and Security Information
Privacy and Security InformationAdeel Rasheed
 
Alpha Tech Module7 8 glossary
Alpha Tech Module7 8 glossaryAlpha Tech Module7 8 glossary
Alpha Tech Module7 8 glossarythinkict
 
Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataLindsey Landolfi
 
APT & Data Breach - Lesson Learned
APT & Data Breach - Lesson LearnedAPT & Data Breach - Lesson Learned
APT & Data Breach - Lesson LearnedAde Ismail Isnan
 

Mais procurados (19)

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
P50 fahl
P50 fahlP50 fahl
P50 fahl
 
Introduction To Hacking
Introduction To HackingIntroduction To Hacking
Introduction To Hacking
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche Exposed
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Security terms & definitions
Security terms & definitionsSecurity terms & definitions
Security terms & definitions
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII students
 
Ethical hacking - Good Aspect of Hacking
Ethical hacking - Good Aspect of HackingEthical hacking - Good Aspect of Hacking
Ethical hacking - Good Aspect of Hacking
 
Data privacy over internet
Data privacy over internetData privacy over internet
Data privacy over internet
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Hacking presentation
Hacking presentationHacking presentation
Hacking presentation
 
presentation on hacking
presentation on hackingpresentation on hacking
presentation on hacking
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
 
Privacy and Security Information
Privacy and Security InformationPrivacy and Security Information
Privacy and Security Information
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Alpha Tech Module7 8 glossary
Alpha Tech Module7 8 glossaryAlpha Tech Module7 8 glossary
Alpha Tech Module7 8 glossary
 
Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary Data
 
APT & Data Breach - Lesson Learned
APT & Data Breach - Lesson LearnedAPT & Data Breach - Lesson Learned
APT & Data Breach - Lesson Learned
 

Destaque

Evaluating the effectiveness of strategies and alternatives to
Evaluating the effectiveness of strategies and alternatives toEvaluating the effectiveness of strategies and alternatives to
Evaluating the effectiveness of strategies and alternatives toandibonks
 
Hướng dẫn lắp đặt máy nước nóng năng lượng mặt trời
Hướng dẫn lắp đặt máy nước nóng năng lượng mặt trờiHướng dẫn lắp đặt máy nước nóng năng lượng mặt trời
Hướng dẫn lắp đặt máy nước nóng năng lượng mặt trờiLong Nguyen
 
Lighting design lecture
Lighting design lectureLighting design lecture
Lighting design lectureHytham Bardecy
 
Mcte2013 participant
Mcte2013 participantMcte2013 participant
Mcte2013 participantJen Heymoss
 
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...Deepak Mishra
 
Never say never again macondo
Never say never again macondoNever say never again macondo
Never say never again macondoPritish Mukherjee
 
Catalunya- Papers nº 142 setembre 2012
Catalunya- Papers nº 142 setembre 2012Catalunya- Papers nº 142 setembre 2012
Catalunya- Papers nº 142 setembre 2012Revista Catalunya
 
July Newsletter
July NewsletterJuly Newsletter
July Newslettermjcunny
 
奇才のマンガ家・天久聖一さんから学ぶ「毎日を幸せに生きる発想法」をマスターしよう! 【家庭遺産 編】先生:天久 聖一
奇才のマンガ家・天久聖一さんから学ぶ「毎日を幸せに生きる発想法」をマスターしよう! 【家庭遺産 編】先生:天久 聖一奇才のマンガ家・天久聖一さんから学ぶ「毎日を幸せに生きる発想法」をマスターしよう! 【家庭遺産 編】先生:天久 聖一
奇才のマンガ家・天久聖一さんから学ぶ「毎日を幸せに生きる発想法」をマスターしよう! 【家庭遺産 編】先生:天久 聖一schoowebcampus
 
「自分に合うメイク」の発見と作り方 先生:黒木 絵里
「自分に合うメイク」の発見と作り方 先生:黒木 絵里「自分に合うメイク」の発見と作り方 先生:黒木 絵里
「自分に合うメイク」の発見と作り方 先生:黒木 絵里schoowebcampus
 
Constructivism
ConstructivismConstructivism
Constructivismwmjennings
 
Full service creative anm q3 2012
Full service creative anm q3 2012Full service creative anm q3 2012
Full service creative anm q3 2012Guy Turner
 
Basisbedrijfsmodel Terreinbeheer
Basisbedrijfsmodel TerreinbeheerBasisbedrijfsmodel Terreinbeheer
Basisbedrijfsmodel TerreinbeheerFrank Steeneken
 

Destaque (20)

Evaluating the effectiveness of strategies and alternatives to
Evaluating the effectiveness of strategies and alternatives toEvaluating the effectiveness of strategies and alternatives to
Evaluating the effectiveness of strategies and alternatives to
 
Hướng dẫn lắp đặt máy nước nóng năng lượng mặt trời
Hướng dẫn lắp đặt máy nước nóng năng lượng mặt trờiHướng dẫn lắp đặt máy nước nóng năng lượng mặt trời
Hướng dẫn lắp đặt máy nước nóng năng lượng mặt trời
 
Lighting design lecture
Lighting design lectureLighting design lecture
Lighting design lecture
 
Humble sparrow
Humble sparrowHumble sparrow
Humble sparrow
 
Mcte2013 participant
Mcte2013 participantMcte2013 participant
Mcte2013 participant
 
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
 
Article02
Article02Article02
Article02
 
Never say never again macondo
Never say never again macondoNever say never again macondo
Never say never again macondo
 
Catalunya- Papers nº 142 setembre 2012
Catalunya- Papers nº 142 setembre 2012Catalunya- Papers nº 142 setembre 2012
Catalunya- Papers nº 142 setembre 2012
 
Gn the first 24
Gn the first 24Gn the first 24
Gn the first 24
 
July Newsletter
July NewsletterJuly Newsletter
July Newsletter
 
奇才のマンガ家・天久聖一さんから学ぶ「毎日を幸せに生きる発想法」をマスターしよう! 【家庭遺産 編】先生:天久 聖一
奇才のマンガ家・天久聖一さんから学ぶ「毎日を幸せに生きる発想法」をマスターしよう! 【家庭遺産 編】先生:天久 聖一奇才のマンガ家・天久聖一さんから学ぶ「毎日を幸せに生きる発想法」をマスターしよう! 【家庭遺産 編】先生:天久 聖一
奇才のマンガ家・天久聖一さんから学ぶ「毎日を幸せに生きる発想法」をマスターしよう! 【家庭遺産 編】先生:天久 聖一
 
Embrace The Evolution
Embrace The EvolutionEmbrace The Evolution
Embrace The Evolution
 
「自分に合うメイク」の発見と作り方 先生:黒木 絵里
「自分に合うメイク」の発見と作り方 先生:黒木 絵里「自分に合うメイク」の発見と作り方 先生:黒木 絵里
「自分に合うメイク」の発見と作り方 先生:黒木 絵里
 
Comic
ComicComic
Comic
 
Constructivism
ConstructivismConstructivism
Constructivism
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Full service creative anm q3 2012
Full service creative anm q3 2012Full service creative anm q3 2012
Full service creative anm q3 2012
 
Polozhenia uom
Polozhenia uomPolozhenia uom
Polozhenia uom
 
Basisbedrijfsmodel Terreinbeheer
Basisbedrijfsmodel TerreinbeheerBasisbedrijfsmodel Terreinbeheer
Basisbedrijfsmodel Terreinbeheer
 

Semelhante a ethical hacking tips

Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hackingSunny Sundeep
 
Vulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfVulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfMithunJV
 
Ethi mini1 - ethical hacking
Ethi mini1 - ethical hackingEthi mini1 - ethical hacking
Ethi mini1 - ethical hackingBeing Uniq Sonu
 
A REVIEW PAPER ON ETHICAL HACKING
A REVIEW PAPER ON ETHICAL HACKINGA REVIEW PAPER ON ETHICAL HACKING
A REVIEW PAPER ON ETHICAL HACKINGNathan Mathis
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPTashish kumar
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...Quinnipiac University
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Nicholas Davis
 
61370436 main-case-study
61370436 main-case-study61370436 main-case-study
61370436 main-case-studyhomeworkping4
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hackingBeing Uniq Sonu
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testingchampubhaiya8
 

Semelhante a ethical hacking tips (20)

Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hacking
 
Vulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfVulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdf
 
Ethi mini1 - ethical hacking
Ethi mini1 - ethical hackingEthi mini1 - ethical hacking
Ethi mini1 - ethical hacking
 
A REVIEW PAPER ON ETHICAL HACKING
A REVIEW PAPER ON ETHICAL HACKINGA REVIEW PAPER ON ETHICAL HACKING
A REVIEW PAPER ON ETHICAL HACKING
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPT
 
Ethical h
Ethical hEthical h
Ethical h
 
Ethical h
Ethical hEthical h
Ethical h
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
 
unit-1.pptx
unit-1.pptxunit-1.pptx
unit-1.pptx
 
Ethical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive CheatsheetEthical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive Cheatsheet
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy
 
61370436 main-case-study
61370436 main-case-study61370436 main-case-study
61370436 main-case-study
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hacking
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
 

Último

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 

Último (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

ethical hacking tips

  • 1. PRESENTED BY Mathew jose http://ethicalhacking228.blogspot.in/ pls logon to this site to get tips on ethical hacking re…..
  • 2. Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Reporting Ethical Hacking – Commandments
  • 3. What is Ethical Hacking Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Ethical Conforming to accepted professional standards of conduct Black-hat – Bad guys White-hat - Good Guys
  • 4. What is Ethical Hacking  It is Legal  Permission is obtained from the target  Part of an overall security program  Identify vulnerabilities visible from Internet at particular point of time  Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
  • 5. Why – Ethical Hacking January - 2005 June 01, 2004 to Dec.31, 2004 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Defacement Statistics for Indian Websites Source: CERT-India
  • 6. Why – Ethical Hacking Total Number of Incidents Incidents Source: CERT/CC
  • 7. Why – Ethical Hacking Source: US - CERT
  • 8. Why – Ethical Hacking Protection from possible External Attacks Social Engineering Automated Organizational Attacks Attacks Restricted Data Accidental Breaches in Security Denial of Viruses, Trojan Service (DoS) Horses, and Worms
  • 9. Ethical Hacking - Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
  • 10. Preparation  Identification of Targets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
  • 11. Footprinting Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
  • 12. Enumeration & Fingerprinting  Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
  • 13. Identification of Vulnerabilities Vulnerabilities  Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
  • 14. Identification of Vulnerabilities Methods  Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
  • 15. Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
  • 16. Attack – Exploit the vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
  • 17. Attack – Exploit the vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
  • 18. Attack – Exploit the vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
  • 19. Attack – Exploit the vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
  • 20. Reporting  Methodology  Exploited Conditions & Vulnerabilities that could not be exploited  Proof for Exploits - Trophies  Practical Security solutions
  • 21. Ethical Hacking - Commandments  Working Ethically  Trustworthiness  Misuse for personal gain  Respecting Privacy  Not Crashing the Systems

Notas do Editor

  1. Red teaming – used for the first time by US government for testing its systems early 90’s Black & white hat terminology comes from the Hollywood movies where good guys wear white hats and bad guys wear black hats
  2. Other information not available