2. INTRODUCTION TO CYBER
CRIME
Cyber crime refers to criminal activities that are
carried out using computers or the internet. These
activities can range from hacking and phishing
scams to identity theft, fraud, and spreading
malware. Cyber crime is a growing problem
worldwide as more and more people use
computers and the internet for their daily
activities. It is important for individuals and
organizations to be aware of the potential risks
and take steps to protect themselves from cyber
criminals. This can include using strong
passwords, installing security software, and being
2
3. SOME GENERIC EXAMPLES OF CYBER-
CRIME:
1.Phishing: This is a type of scam where criminals use fake emails
or websites to trick people into giving away sensitive information
such as login credentials or credit card details.
2.Malware: This is malicious software that is designed to harm or
take control of a computer system. It can include viruses, worms,
Trojans, and ransomware.
3.Identity theft: This is the theft of someone's personal information
such as name, address, social security number, or credit card
details, with the intention of using that information for fraudulent
purposes.
4.Cyber stalking: This is the use of the internet or other electronic
means to harass, intimidate, or threaten someone.
5.Cyber bullying: This is the use of the internet or other electronic
means to bully or harass someone.
6.Online scams: This can include a range of fraudulent activities
such as online auctions scams, lottery scams, and romance scams.
7.Hacking: This is the unauthorized access to a computer system
or network, with the intention of stealing data or causing damage.
3
4. HACKER:
A hacker is someone who uses their
computer skills to gain unauthorized access
to computer systems, networks, or
websites. They may use their skills to steal
data, spread viruses, or disrupt computer
systems. However, not all hackers are bad.
Some hackers use their skills for good by
identifying and addressing security
vulnerabilities in computer systems and
networks, in a practice known as ethical
4
5. TYPES OF HCKERS
1.Script Kiddies: These are inexperienced hackers who use pre-
written tools and scripts to launch attacks without a deep
understanding of how they work.
2.White-hat hackers: Also known as ethical hackers, these are
professionals who use hacking techniques for good, to identify and
address security vulnerabilities in computer systems and
networks.
3.Grey-hat hackers: These hackers use their skills to find
vulnerabilities in computer systems and networks, but their
intentions may not be entirely ethical. They may offer to fix the
vulnerability for a fee or use the information for personal gain.
4.Black hat hackers: These hackers use their skills for malicious
purposes, such as stealing data, spreading malware, or disrupting
computer systems and networks.
5.Suicide Hackers: These are hackers who carry out attacks with
the intention of getting caught or even sacrificing themselves to
5
6. INTRODUCTION
Ethical hacking is like playing the role of a good guy
hacker who finds and fixes problems in computer
systems before bad guys can use them to do harm.
Ethical hackers are trained to use the same tools and
techniques as bad guys, but they use their skills to help
protect computer systems and networks from cyber
attacks. Ethical Hacking is important because it helps
keep sensitive data safe and prevent businesses and
individuals from being harmed by cyber crime.
6
7. EVOLUTION OF ETHICAL
HACKING
The practice of ethical hacking has evolved and grown significantly over
the past few decades. Initially, it was mostly limited to government
agencies and large corporations that had the resources to hire security
experts. However, with the increasing importance of digital security and
the rise of cyber crime, ethical hacking has become more widespread.
Today, ethical hacking is used by organizations of all sizes and industries
to protect their computer systems and networks. The growth of cloud
computing, mobile devices, and the Internet of Things has created new
vulnerabilities that need to be addressed. Ethical hacking techniques have
also become more advanced, with a range of tools and technologies
available to help identify and address security issues.
Certification programs and training courses have also been developed to
help people learn the skills needed to become ethical hackers. This has
helped to increase the number of professionals in the field and expand the
reach of ethical hacking.
Overall, the evolution and growth of ethical hacking has been driven by
7
8. INTRODUCTION TO AN
ETHICAL HACKER
An ethical hacker is authorized and trained to use
their hacking skills for good. They use the same
tools and technique as malicious hackers to find
and fix vulnerabilities in computer systems,
networks and applications.
9. ETHICAL HACKING AND
PENETRATION TESTING
Ethical hacking and penetration testing are both techniques used to identify
and address potential security vulnerabilities in computer systems, networks,
and applications.
Ethical hacking is a practice where authorized and trained professionals use
the same techniques and tools as malicious hackers to find vulnerabilities and
provide recommendations to improve security. The goal of ethical hacking is
to prevent cyber attacks by discovering and addressing weaknesses before
bad guys can exploit them.
Penetration testing is a process that involves simulating a cyber attack on a
computer system, network, or application to identify potential vulnerabilities.
The process involves attempting to exploit weaknesses in the system to gain
unauthorized access and to test the effectiveness of the security measures in
place.
Ethical hacking and penetration testing are related in that they both involve
using hacking techniques to identify security weaknesses, but the main
difference is that ethical hacking is a broader practice that includes a range of
9
10. SOME KEY WORDS WITH
DEFINITIONS
1.Hack value: The perceived level of prestige, challenge, or thrill
associated with a particular hacking activity.
2.Target of Evolution (TOE): The system, application, or network that is the
focus of an attack or evolution by hackers.
3.Attack: An intentional effort to compromise or exploit a computer
system, network, or application to gain unauthorized access or to disrupt
normal operations.
4.Exploit: A technique or software tool that takes advantage of a security
vulnerability in a computer system or network to gain unauthorized
access or to cause damage.
5.Zero day: A security vulnerability that is not yet known to the vendor or
public, and therefore has not yet been addressed with a patch or update.
6.Security: The state of being protected from unauthorized access, theft,
damage, or other security risks.
7.Threat: Any circumstance or event that has the potential to cause harm
to a computer system, network, or application.
8.Vulnerability: A weakness or flaw in a computer system, network, or
application that can be exploited by an attacker to gain unauthorized
access or cause damage.
10
11. PENETRATION TESTING AND ITS BASIC METHODS
Penetration testing, also known as pen testing, is a process of testing a computer
system, network, or application for potential security vulnerabilities by simulating an
attack from a malicious hacker. The goal of pen testing is to identify weaknesses in
security before they can be exploited by an attacker.
The process of a pen test typically involves the following steps:
1.Planning: The first step is to define the scope of the test and establish objectives.
This includes identifying the systems and networks to be tested, as well as the type
of test to be conducted.
2.Scanning: In this step, the pen tester uses automated tools to scan the target
system or network for vulnerabilities. This includes identifying open ports, running
services, and potentially vulnerable software.
3.Enumeration: This involves gathering information about the target system or
network, including user accounts, passwords, and network topology.
4.Exploitation: Once vulnerabilities have been identified, the pen tester attempts to
exploit them to gain access to the target system or network.
5.Post-Exploitation: If the pen tester is successful in gaining access, they will then
attempt to maintain that access and escalate privileges to gain deeper access to the
system or network.
6.Reporting: The final step involves documenting the findings and presenting them
to the client. This includes identifying vulnerabilities, providing recommendations
for improving security, and outlining any steps taken during the testing process.
Overall, the pen testing process is a crucial tool for identifying potential security
vulnerabilities and improving the overall security of a computer system, network, or
11
12. BLACK BOX, GREY BOX AND WHITE BOX TESTING
When it comes to penetration testing, there are three different
approaches: black box, grey box, and white box testing.
Black box testing involves simulating an attack by an external hacker
who has no prior knowledge of the target system. The pen tester is
given no information about the target system, and their goal is to
identify vulnerabilities and gain access to the system through trial and
error. This approach can be useful for identifying vulnerabilities that an
attacker with no prior knowledge might exploit.
Grey box testing involves simulating an attack by a hacker who has
some knowledge of the target system. The pen tester is given partial
information about the target system, such as login credentials or
network topology. This approach can be useful for identifying
vulnerabilities that an attacker with some knowledge might exploit.
White box testing involves simulating an attack by an insider who has
full knowledge of the target system. The pen tester is given complete
access to the target system and all relevant information about it. This
approach can be useful for identifying vulnerabilities that might be
exploited by an insider with full knowledge of the system.
Each of these approaches has its own strengths and weaknesses, and
the choice of approach will depend on the specific goals of the pen test
12
13. ABOUT CIA TRIAD 13
The CIA triad is a model that represents the three fundamental principles of
information security: confidentiality, integrity, and availability. These
principles form the basis of information security, and they are essential for
protecting the confidentiality, integrity, and availability of sensitive
information.
Confidentiality refers to the protection of information from unauthorized
disclosure or access. This means that sensitive information should be
accessible only to authorized individuals who have a need to know.
Integrity refers to the protection of information from unauthorized
modification, deletion, or corruption. This means that sensitive information
should be accurate and complete, and any unauthorized changes to the
information should be prevented or detected.
Availability refers to the protection of information from unauthorized denial of
service. This means that sensitive information should be accessible to
authorized individuals who have a need to access it, and any unauthorized
attempts to deny access to the information should be prevented.
The CIA triad is an important framework for information security because it
provides a comprehensive approach for protecting sensitive information. By
focusing on confidentiality, integrity, and availability, organizations can
implement effective security measures to protect their information assets.
14. ETHICS INVOLVED IN ETHICAL HACKING 14
Ethics are a critical aspect of ethical hacking, and ethical hackers are
expected to follow a strict code of ethics to ensure that their activities are
legal, responsible, and ethical. Some key ethics involved in ethical
hacking include:
1.Legality: Ethical hackers must ensure that all of their activities are legal,
and they should only access systems and networks that they have been
authorized to test.
2.Confidentiality: Ethical hackers must maintain the confidentiality of any
information they obtain during their testing activities and must not share
this information with unauthorized individuals.
3.Responsibility: Ethical hackers must take responsibility for their actions
and ensure that their activities do not cause harm to others or damage to
systems and networks.
4.Professionalism: Ethical hackers must conduct themselves in a
professional manner and adhere to ethical standards in all of their
interactions with clients and colleagues.
5.Integrity: Ethical hackers must act with integrity and honesty, and they
should not engage in any activities that could compromise their integrity
or the integrity of their profession.
In summary, ethical hacking is guided by a set of ethical principles that
promote legal, responsible, and ethical behavior. Ethical hackers must
adhere to these principles to ensure that their activities are conducted in a