SlideShare uma empresa Scribd logo

Ethical hacking : Beginner to advanced

Kavin K
Kavin K

I wil already learn in Udemy and cybray online course. This is For knowledge gain in ethical hacking path way

Tecnologia
1 de 66
Baixar para ler offline
Created by KAVIN
What is hacking? Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access. Created by KAVIN
Who is a Hacker? Hackers are usually skilled computer programmers with knowledge of computer security. Created by KAVIN
Typesof Hackers Created by KAVIN
Ethical hacker Penetration tester Cyber securityexperts Good person Security Yearly or monthly income Created by KAVIN
BLACK HAT HACKERS Cyber criminals Computer FraudIdentity Sharing copyrighted files/information Spam Privacy violation Theft Created by KAVIN
What motivates a grey hat hackers? Created by KAVIN
Famous Hackers Created by KAVIN
Jonathan James Jonathan James was an American hacker, illfamous as the first juvenile sent to prison for cybercrime in United States. He committed suicide in 2008 of a self-inflicted gunshot wound. In 1999, at the age of 16, he gained access to several computers by breaking the password of a server that belonged to NASA and stole the source code of the International Space Station among other sensitive information. Ian Murphy Ian Murphy, also known as Captain Zap, at one point of time was having high school students steal computer equipment for him. Ian selfproclaims to have been "the first hacker ever convicted of a crime". Ian's career as a master hacker was fabricated in 1986 after he and his unemployed wife decided to form some type of business. He has a long history of computer and Internet frauds. One of his favourite games is to forge Email headers and to send out third-party threat letters. Created by KAVIN
Kevin Mitnick Kevin Mitnick is a computer security consultant and author, who infiltrates his clients’ companies to expose their security strengths, weaknesses, and potential loopholes. He is the first hacker to have his face immortalized on an FBI "Most Wanted" poster. He was formerly the most wanted computer criminal in the history of United States. From the 1970s up until his last arrest in 1995, he skilfully bypassed corporate security safeguards, and found his way into some of the most well-guarded systems such as Sun Microsystems, Digital Equipment Corporation, Motorola, Netcom, and Nokia. Mark Abene Mark Abene, known around the world by his pseudonym Phiber Optik, is an information security expert and entrepreneur. He was a high-profile hacker in the 1980s and early 1990s. He was one of the first hackers to openly debate and defend the positive merits of ethical hacking as a beneficial tool to industry. His expertise spreads across penetration studies, on-site security assessments, secure code reviews, security policy review and generation and network management, among many others Created by KAVIN
Johan Helsinguis Linus Torvalds is known as one of the best hackers of all time. He rose to fame by creating Linux, the very popular Unix-based operating system. Linux is open source and thousands of developers have contributed to its Kernel. However, Torvalds remains the ultimate authority on what new code is incorporated into the standard Linux kernel. As of 2006, approximately two percent of the Linux kernel was written by Torvalds himself. He just aspires to be simple and have fun by making the world’s best operating system. Torvalds has received honorary doctorates from Stockholm University and University of Helsinki. Johan Helsingius, better known as Julf, came into the limelight in the 1980s when he started operating the world's most popular anonymous remailer, called penet.fi. Johan was also responsible for product development for the first Pan- European internet service provider, Eunet International. He is at present, a member of the board of Technologia Incognita, a hackerspace association in Amsterdam, and supports the communication companies worldwide with his cyber knowledge. Linus Torvalds Created by KAVIN
Created by KAVIN
Get written permission from the owner of the computer system and/or computer network before hacking. Protect the privacy of the organization been hacked. Transparently report all the identified weaknesses in the computer system to the organization. Inform hardware and software vendors of the identified weaknesses. Created by KAVIN
Why Ethical Hacking? Information is one of the most valuable assets of an organization. Keeping information secure can protect an organization’s image and save an organization a lot of money. Hacking can lead to loss of business for organizations that deal in finance such as PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would otherwise lead to loss of business. Created by KAVIN
How to become a Ethical hacker How Created by KAVIN
COMPUTER FUNDAMENTALS Created by KAVIN
HARDWARE • CPU • Motherboard • Ram • Hard Disk • PCI • Graphics • Display • Processor SINGLE BOARD COMPUTER • Rasperri pi • Letti panda Created by KAVIN
SOFTWARE  APPLICATION  Ms office  Photo shop  Visual studio  Android studio  Antivirus  Browser  Share it  Team viewer  AutoCAD  DEVICE  Wifi driver  Graphics driver  Camera  USB  CD  LAN  Chipset  Storage driver Created by KAVIN
OPERATING SYSTEMS Windows Windows 2007 Windows xp Windows visita Windows 7 Windows 8 Windows 8.1 Windows 10 Linux Ubuntu Centos Fedora Kali Parrot Samurai Arch Mac Catalina Mojave Os x Lion os GUI CUI Created by KAVIN
Programming languages WEB HACKING • HTML • CSS • JAVASCRIPT • SQL • PERL SOFTWARE HACKING • C • C++ • JAVA • PYTHON • RUBY • LISP • PHP Created by KAVIN
Protection Created by KAVIN
Created by KAVIN
Created by KAVIN
Created by KAVIN
Created by KAVIN
TEAM Created by KAVIN
HACKING PROCESS Created by KAVIN
INFORMATION GATHERING Created by KAVIN
INFORMATION GATHERING If the attack is to be performed on a company, then the following information will be gathered. • Company details , employee details and their email addresses. • Relation with other companies. • Project details involving other companies. • Legal documents of the company. • News relating company website. • Patents and Trademarks regarding that particular company. • Important dates regarding new projects Created by KAVIN
FOOT PRINTING • Crawling • Whois • Search Engines • Traceroute Created by KAVIN
Reconnaissance Reconnaissance is the phase where the attacker gathers information about a target using active or passive means. The tools that are widely used in this process are NMAP, Hping, Maltego, and Google Dorks. Created by KAVIN
Scanning In this process, the attacker begins to actively probe a target machine or network for vulnerabilities that can be exploited. The tools used in this process are Nessus, Nexpose, and NMAP. Created by KAVIN
Scanning • NMAP • Yersinia Created by KAVIN
Gaining Access In this process, the vulnerability is located and you attempt to exploit it in order to enter into the system. The primary tool that is used in this process is Metasploit Created by KAVIN
Gaining Access • Password Attack • Social Engineering • Viruses Created by KAVIN
Maintaining Access It is the process where the hacker has already gained access into a system. After gaining access, the hacker installs some backdoors in order to enter into the system when he needs access in this owned system in future. Metasploit is the preferred tool in this process. Created by KAVIN
Maintaining Access • Re Entry use backdoors • Trojan • Rootkit for kernel access • Transfer user information with out permission Created by KAVIN
Clearing Tracks This process is actually an unethical activity. It has to do with the deletion of logs of all the activities that take place during the hacking process. Created by KAVIN
Created by KAVIN
Reporting Reporting is the last step of finishing the ethical hacking process. Here the Ethical Hacker compiles a report with his findings and the job that was done such as the tools used, the success rate, vulnerabilities found, and the exploit processes. Created by KAVIN
Created by KAVIN
Created by KAVIN
SNIFFING • EMAIL TRAFFIC • FTP PASSWORDS • WEB TRAFFICS • TELNET PASSWORDS • ROUTER CONFIGURATION • CHAT SESSIONS • DNS TRAFFIC Created by KAVIN
EXPLOITATION • EXPLOITATION IS A PIECE OF PROGRAMMEDSOFTWARE OR SCRIPT WHICH CAN ALLOW HACKERS TO TAKE CONTROL OVER A SYSTEM, EXPLOITING ITS VULNERABILITIES. • HACKERS NORMALLY USE VULNERABILITY SCANNERS LIKE NESSUS, NEXPOSE, OPENVAS Created by KAVIN
ZERO-DAY EXPLOIT • A ZERO-DAY VULNERABILITY, AT ITS CORE, IS A FLAW. • IT IS AN UNKNOWN EXPLOIT IN THE WILD THAT EXPOSES A VULNERABILITY IN SOFTWARE OR HARDWARE AND CAN CREATE COMPLICATED PROBLEMS WELL BEFORE ANYONE REALIZES SOMETHING IS WRONG. • IN FACT, A ZERO-DAY EXPLOIT LEAVES NO OPPORTUNITY FOR DETECTION Created by KAVIN
METASPLOIT • METASPLOIT IS ONE OF THE MOST POWERFUL EXPLOIT TOOLS. MOST OF ITS RESOURCES CAN BE FOUND AT: HTTPS://WWW.METASPLOIT.COM • Payload, in simple terms, are simple scripts that the hackers utilize to interact with a hacked system. • Using payloads, they can transfer data to a victim system. Payload Created by KAVIN
TROJANS • TROJANS ARE NON-REPLICATION PROGRAMS; THEY DON’T REPRODUCE THEIR OWN CODES BY ATTACHING THEMSELVES TO OTHER EXECUTABLE CODES. • THEY OPERATE WITHOUT THE PERMISSIONS OR KNOWLEDGE OF THE COMPUTER USERS. • TROJANS HIDE THEMSELVES IN HEALTHY PROCESSES. • HOWEVER WE SHOULD UNDERLINE THAT TROJANS INFECT OUTSIDE MACHINES ONLY WITH THE ASSISTANCE OF A COMPUTER USER, LIKE CLICKING A FILE THAT COMES ATTACHED WITH EMAIL FROM AN UNKNOWN PERSON, PLUGGING USB WITHOUT SCANNING, OPENING UNSAFE URLS. Created by KAVIN
TCP/IP HIJACKING • TCP/IP HIJACKING IS WHEN AN AUTHORIZED USER GAINS ACCESS TO A GENUINE NETWORK CONNECTION OF ANOTHER USER. • IT IS DONE IN ORDER TO BYPASS THE PASSWORD AUTHENTICATION WHICH IS NORMALLY THE START OF A SESSION. Created by KAVIN
EMAIL SPOOFING • IN EMAIL SPOOFING, THE SPAMMER SENDS EMAILS FROM A KNOWN DOMAIN, • SO THE RECEIVER THINKS THAT HE KNOWS THIS PERSON AND OPENS THE MAIL. • SUCH MAILS NORMALLY CONTAIN SUSPICIOUS LINKS, • DOUBTFUL CONTENT, REQUESTS TO TRANSFER MONEY Created by KAVIN
PASSWORD HACKING • WE HAVE PASSWORDS FOR EMAILS, DATABASES, COMPUTER SYSTEMS, SERVERS, BANK ACCOUNTS, AND VIRTUALLY EVERYTHING THAT WE WANT TO PROTECT. • PASSWORDS ARE IN GENERAL THE KEYS TO GET ACCESS INTO A SYSTEM OR AN ACCOUNT. • IN GENERAL, PEOPLE TEND TO SET PASSWORDS THAT ARE EASY TO REMEMBER, SUCH AS THEIR DATE OF BIRTH, NAMES OF FAMILY MEMBERS, MOBILE NUMBERS, ETC. • THIS IS WHAT MAKES THE PASSWORDS WEAK AND PRONE TO EASY HACKING. Created by KAVIN
Created by KAVIN
WIRELESS HACKING • WIRELESS NETWORKS OFFER GREAT FLEXIBILITY, THEY HAVE THEIR SECURITY PROBLEMS. • A HACKER CAN SNIFF THE NETWORK PACKETS WITHOUT HAVING TO BE IN THE SAME BUILDING WHERE THE NETWORK IS LOCATED. • AS WIRELESS NETWORKS COMMUNICATE THROUGH RADIO WAVES, • A HACKER CAN EASILY SNIFF THE NETWORK FROM A NEARBY LOCATION. • MOST ATTACKERS USE NETWORK SNIFFING TO FIND THE SSID AND HACK A WIRELESS NETWORK. • WHEN OUR WIRELESS CARDS ARE CONVERTED IN SNIFFING MODES, THEY ARE CALLED MONITOR MODE. Created by KAVIN
Created by KAVIN
SOCIAL ENGINEERING • COMPUTER-BASED SOCIAL ENGINEERING, WHERE AN ATTACKER CRAFTS AN EMAIL THAT APPEARS LEGITIMATE. • SUCH EMAILS HAVE THE SAME LOOK AND FEEL AS THOSE RECEIVED FROM THE ORIGINAL SITE, • BUT THEY MIGHT CONTAIN LINKS TO FAKE WEBSITES. • IF YOU ARE NOT SMART ENOUGH, THEN YOU WILL TYPE YOUR USER ID AND PASSWORD AND WILL TRY TO LOGIN WHICH WILL RESULT IN FAILURE AND BY THAT TIME, • THE ATTACKER WILL HAVE YOUR ID AND PASSWORD TO ATTACK YOUR ORIGINAL ACCOUNT. Created by KAVIN
Created by KAVIN
DDOS ATTACK • A DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACK IS AN ATTEMPT TO MAKE AN ONLINE SERVICE OR A WEBSITE UNAVAILABLE BY OVERLOADING IT WITH HUGE FLOODS OF TRAFFIC GENERATED FROM MULTIPLE SOURCES. • UNLIKE A DENIAL OF SERVICE (DOS) ATTACK, IN WHICH ONE COMPUTER AND ONE INTERNET CONNECTION IS USED TO FLOOD A TARGETED RESOURCE WITH PACKETS, A DDOS ATTACK USES MANY COMPUTERS AND MANY INTERNET CONNECTIONS, OFTEN DISTRIBUTED GLOBALLY IN WHAT IS REFERRED TO AS A BOTNET. • A LARGE SCALE VOLUMETRIC DDOS ATTACK CAN GENERATE A TRAFFIC MEASURED IN TENS OF GIGABITS (AND EVEN HUNDREDS OF GIGABITS) PER SECOND. WE ARE SURE YOUR NORMAL NETWORK WILL NOT BE ABLE TO HANDLE SUCH TRAFFIC. Created by KAVIN
Created by KAVIN
CROSS SITE SCRIPTING • THE ATTACKER DOES NOT DIRECTLY TARGET HIS VICTIM. • INSTEAD, HE EXPLOITS A VULNERABILITY IN A WEBSITE THAT THE VICTIM VISITS, IN ORDER TO GET THE WEBSITE TO DELIVER THE MALICIOUS JAVASCRIPT FOR HIM. • TO THE VICTIM'S BROWSER, THE MALICIOUS JAVASCRIPT APPEARS TO BE A LEGITIMATE PART OF THE WEBSITE, AND THE WEBSITE HAS THUS ACTED AS AN UNINTENTIONAL ACCOMPLICE TO THE ATTACKER. • THESE ATTACKS CAN BE CARRIED OUT USING HTML, JAVASCRIPT, VBSCRIPT, ACTIVEX, FLASH, BUT THE MOST USED XSS IS MALICIOUS JAVASCRIPT. • THESE ATTACKS ALSO CAN GATHER DATA FROM ACCOUNT HIJACKING, CHANGING OF USER SETTINGS, COOKIE THEFT/POISONING, OR FALSE ADVERTISING AND CREATE DOS ATTACKS. Created by KAVIN
Created by KAVIN
SQL INJECTION • SQL INJECTION IS A SET OF SQL COMMANDS THAT ARE PLACED IN A URL STRING OR IN DATA STRUCTURES IN ORDER TO RETRIEVE A RESPONSE THAT WE WANT FROM THE DATABASES • THAT ARE CONNECTED WITH THE WEB APPLICATIONS. • THIS TYPE OF ATTACKS GENERALLY TAKES PLACE ON WEBPAGES DEVELOPED USING PHP OR ASP.NET. • TO DUMP THE WHOLE DATABASE OF A SYSTEM, • TO MODIFY THE CONTENT OF THE DATABASES, OR • TO PERFORM DIFFERENT QUERIES THAT ARE NOT ALLOWED BY THE APPLICATION. Created by KAVIN
KALI LINUX GNU/UNIX Most Advanced penetration testing distribution Created by KAVIN
MATI AHARONI Author • It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, • their previous information security testing Linux distribution based on Knoppix. The third core developer, Raphaël Hertzog, • joined them as a Debian expert Created by KAVIN
REQUIREMENTS • 2GB of RAM • 20GB HDD space • Intel or AMD • 32bit or 64bit architecture Created by KAVIN
FEATURES • Kali Linux has over 600 preinstalled penetration-testing programs, including Armitage (a graphical cyber attack management tool), • Nmap (a port scanner), Wireshark (a packet analyzer), • John the Ripper password cracker, Aircrack-ng (a software suite for penetration-testing wireless LANs), • Burp suite and OWASP ZAP web application security scanners. Created by KAVIN
Ethical Hacking Advantages Most of the benefits of ethical hacking are obvious, but many are overlooked. The benefits range from simply preventing malicious hacking to preventing national security breaches.The benefits include: •Fighting against terrorism and national security breaches •Having a computer system that prevents malicious hackers from gaining access •Having adequate preventative measures in place to prevent security breaches Created by KAVIN
Ethical Hacking Dis- AdvantagesAs with all types of activities which have a darker side, there will be…..dishonest people presenting drawbacks.The possible drawbacks of ethical hacking include: •The ethical hacker using the knowledge they gain to do malicious hacking activities •Allowing the company’s financial and banking details to be seen •The possibility that the ethical hacker will send and/or place malicious code, viruses, malware and other destructive and harmful things on a computer system •Massive security breach These are not common; however, they are something all companies should consider when using the services of an ethical hacker. Created by KAVIN

Recomendados

Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 
News Bytes - May 2015
News Bytes - May 2015News Bytes - May 2015
News Bytes - May 2015n|u - The Open Security Community
 
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015
Most Ransomware Isn’t As Complex As You Might Think – Black Hat 2015 Lastline, Inc.
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015Daniel Miessler
 
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseGreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseAndrew Morris
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 

Mais conteúdo relacionado

Mais procurados

Let's Hack a House
Let's Hack a HouseLet's Hack a House
Let's Hack a HouseSynack
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoJohn Bambenek
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareLastline, Inc.
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat ReviewESET
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Duo Security
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya
 

Mais procurados (20)

Let's Hack a House
Let's Hack a HouseLet's Hack a House
Let's Hack a House
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantages
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat Review
 
Honeypot
Honeypot Honeypot
Honeypot
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
 
Honey Pot
Honey PotHoney Pot
Honey Pot
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Honeypot a trap to hackers
Honeypot a trap to hackersHoneypot a trap to hackers
Honeypot a trap to hackers
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher PerspectiveKaseya Connect 2012 – A Kaspersky Researcher Perspective
Kaseya Connect 2012 – A Kaspersky Researcher Perspective
 
Honeypot
HoneypotHoneypot
Honeypot
 

Semelhante a Ethical hacking : Beginner to advanced

Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSamip Shah
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hackingBeing Uniq Sonu
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryInvincea, Inc.
 
Get Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationGet Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationSecurity Innovation
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hackingWaseem Rauf
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsInvincea, Inc.
 
Top 13 hacking software for beginners.pdf
Top 13 hacking software for beginners.pdfTop 13 hacking software for beginners.pdf
Top 13 hacking software for beginners.pdfDipak Tiwari
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptxIkramSabir4
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolschrizjohn896
 

Semelhante a Ethical hacking : Beginner to advanced (20)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Zero day exploit
Zero day exploitZero day exploit
Zero day exploit
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Hacking
Hacking Hacking
Hacking
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hacking
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Hacking
HackingHacking
Hacking
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Get Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationGet Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and Organization
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hacking
 
Detection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day ThreatsDetection and Analysis of 0-Day Threats
Detection and Analysis of 0-Day Threats
 
Top 13 hacking software for beginners.pdf
Top 13 hacking software for beginners.pdfTop 13 hacking software for beginners.pdf
Top 13 hacking software for beginners.pdf
 
Kali presentation
Kali presentationKali presentation
Kali presentation
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 
Honey pots
Honey potsHoney pots
Honey pots
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
Ratzan2
Ratzan2Ratzan2
Ratzan2
 

Último

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - AvrilIvanti
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 

Último (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
How Tech Giants Cut Corners to Harvest Data for A.I.
How Tech Giants Cut Corners to Harvest Data for A.I.How Tech Giants Cut Corners to Harvest Data for A.I.
How Tech Giants Cut Corners to Harvest Data for A.I.
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 

Ethical hacking : Beginner to advanced

  • 2. What is hacking? Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access. Created by KAVIN
  • 3. Who is a Hacker? Hackers are usually skilled computer programmers with knowledge of computer security. Created by KAVIN
  • 5. Ethical hacker Penetration tester Cyber securityexperts Good person Security Yearly or monthly income Created by KAVIN
  • 6. BLACK HAT HACKERS Cyber criminals Computer FraudIdentity Sharing copyrighted files/information Spam Privacy violation Theft Created by KAVIN
  • 7. What motivates a grey hat hackers? Created by KAVIN
  • 9. Jonathan James Jonathan James was an American hacker, illfamous as the first juvenile sent to prison for cybercrime in United States. He committed suicide in 2008 of a self-inflicted gunshot wound. In 1999, at the age of 16, he gained access to several computers by breaking the password of a server that belonged to NASA and stole the source code of the International Space Station among other sensitive information. Ian Murphy Ian Murphy, also known as Captain Zap, at one point of time was having high school students steal computer equipment for him. Ian selfproclaims to have been "the first hacker ever convicted of a crime". Ian's career as a master hacker was fabricated in 1986 after he and his unemployed wife decided to form some type of business. He has a long history of computer and Internet frauds. One of his favourite games is to forge Email headers and to send out third-party threat letters. Created by KAVIN
  • 10. Kevin Mitnick Kevin Mitnick is a computer security consultant and author, who infiltrates his clients’ companies to expose their security strengths, weaknesses, and potential loopholes. He is the first hacker to have his face immortalized on an FBI "Most Wanted" poster. He was formerly the most wanted computer criminal in the history of United States. From the 1970s up until his last arrest in 1995, he skilfully bypassed corporate security safeguards, and found his way into some of the most well-guarded systems such as Sun Microsystems, Digital Equipment Corporation, Motorola, Netcom, and Nokia. Mark Abene Mark Abene, known around the world by his pseudonym Phiber Optik, is an information security expert and entrepreneur. He was a high-profile hacker in the 1980s and early 1990s. He was one of the first hackers to openly debate and defend the positive merits of ethical hacking as a beneficial tool to industry. His expertise spreads across penetration studies, on-site security assessments, secure code reviews, security policy review and generation and network management, among many others Created by KAVIN
  • 11. Johan Helsinguis Linus Torvalds is known as one of the best hackers of all time. He rose to fame by creating Linux, the very popular Unix-based operating system. Linux is open source and thousands of developers have contributed to its Kernel. However, Torvalds remains the ultimate authority on what new code is incorporated into the standard Linux kernel. As of 2006, approximately two percent of the Linux kernel was written by Torvalds himself. He just aspires to be simple and have fun by making the world’s best operating system. Torvalds has received honorary doctorates from Stockholm University and University of Helsinki. Johan Helsingius, better known as Julf, came into the limelight in the 1980s when he started operating the world's most popular anonymous remailer, called penet.fi. Johan was also responsible for product development for the first Pan- European internet service provider, Eunet International. He is at present, a member of the board of Technologia Incognita, a hackerspace association in Amsterdam, and supports the communication companies worldwide with his cyber knowledge. Linus Torvalds Created by KAVIN
  • 13. Get written permission from the owner of the computer system and/or computer network before hacking. Protect the privacy of the organization been hacked. Transparently report all the identified weaknesses in the computer system to the organization. Inform hardware and software vendors of the identified weaknesses. Created by KAVIN
  • 14. Why Ethical Hacking? Information is one of the most valuable assets of an organization. Keeping information secure can protect an organization’s image and save an organization a lot of money. Hacking can lead to loss of business for organizations that deal in finance such as PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would otherwise lead to loss of business. Created by KAVIN
  • 15. How to become a Ethical hacker How Created by KAVIN
  • 17. HARDWARE • CPU • Motherboard • Ram • Hard Disk • PCI • Graphics • Display • Processor SINGLE BOARD COMPUTER • Rasperri pi • Letti panda Created by KAVIN
  • 18. SOFTWARE  APPLICATION  Ms office  Photo shop  Visual studio  Android studio  Antivirus  Browser  Share it  Team viewer  AutoCAD  DEVICE  Wifi driver  Graphics driver  Camera  USB  CD  LAN  Chipset  Storage driver Created by KAVIN
  • 19. OPERATING SYSTEMS Windows Windows 2007 Windows xp Windows visita Windows 7 Windows 8 Windows 8.1 Windows 10 Linux Ubuntu Centos Fedora Kali Parrot Samurai Arch Mac Catalina Mojave Os x Lion os GUI CUI Created by KAVIN
  • 20. Programming languages WEB HACKING • HTML • CSS • JAVASCRIPT • SQL • PERL SOFTWARE HACKING • C • C++ • JAVA • PYTHON • RUBY • LISP • PHP Created by KAVIN
  • 29. INFORMATION GATHERING If the attack is to be performed on a company, then the following information will be gathered. • Company details , employee details and their email addresses. • Relation with other companies. • Project details involving other companies. • Legal documents of the company. • News relating company website. • Patents and Trademarks regarding that particular company. • Important dates regarding new projects Created by KAVIN
  • 30. FOOT PRINTING • Crawling • Whois • Search Engines • Traceroute Created by KAVIN
  • 31. Reconnaissance Reconnaissance is the phase where the attacker gathers information about a target using active or passive means. The tools that are widely used in this process are NMAP, Hping, Maltego, and Google Dorks. Created by KAVIN
  • 32. Scanning In this process, the attacker begins to actively probe a target machine or network for vulnerabilities that can be exploited. The tools used in this process are Nessus, Nexpose, and NMAP. Created by KAVIN
  • 34. Gaining Access In this process, the vulnerability is located and you attempt to exploit it in order to enter into the system. The primary tool that is used in this process is Metasploit Created by KAVIN
  • 35. Gaining Access • Password Attack • Social Engineering • Viruses Created by KAVIN
  • 36. Maintaining Access It is the process where the hacker has already gained access into a system. After gaining access, the hacker installs some backdoors in order to enter into the system when he needs access in this owned system in future. Metasploit is the preferred tool in this process. Created by KAVIN
  • 37. Maintaining Access • Re Entry use backdoors • Trojan • Rootkit for kernel access • Transfer user information with out permission Created by KAVIN
  • 38. Clearing Tracks This process is actually an unethical activity. It has to do with the deletion of logs of all the activities that take place during the hacking process. Created by KAVIN
  • 40. Reporting Reporting is the last step of finishing the ethical hacking process. Here the Ethical Hacker compiles a report with his findings and the job that was done such as the tools used, the success rate, vulnerabilities found, and the exploit processes. Created by KAVIN
  • 43. SNIFFING • EMAIL TRAFFIC • FTP PASSWORDS • WEB TRAFFICS • TELNET PASSWORDS • ROUTER CONFIGURATION • CHAT SESSIONS • DNS TRAFFIC Created by KAVIN
  • 44. EXPLOITATION • EXPLOITATION IS A PIECE OF PROGRAMMEDSOFTWARE OR SCRIPT WHICH CAN ALLOW HACKERS TO TAKE CONTROL OVER A SYSTEM, EXPLOITING ITS VULNERABILITIES. • HACKERS NORMALLY USE VULNERABILITY SCANNERS LIKE NESSUS, NEXPOSE, OPENVAS Created by KAVIN
  • 45. ZERO-DAY EXPLOIT • A ZERO-DAY VULNERABILITY, AT ITS CORE, IS A FLAW. • IT IS AN UNKNOWN EXPLOIT IN THE WILD THAT EXPOSES A VULNERABILITY IN SOFTWARE OR HARDWARE AND CAN CREATE COMPLICATED PROBLEMS WELL BEFORE ANYONE REALIZES SOMETHING IS WRONG. • IN FACT, A ZERO-DAY EXPLOIT LEAVES NO OPPORTUNITY FOR DETECTION Created by KAVIN
  • 46. METASPLOIT • METASPLOIT IS ONE OF THE MOST POWERFUL EXPLOIT TOOLS. MOST OF ITS RESOURCES CAN BE FOUND AT: HTTPS://WWW.METASPLOIT.COM • Payload, in simple terms, are simple scripts that the hackers utilize to interact with a hacked system. • Using payloads, they can transfer data to a victim system. Payload Created by KAVIN
  • 47. TROJANS • TROJANS ARE NON-REPLICATION PROGRAMS; THEY DON’T REPRODUCE THEIR OWN CODES BY ATTACHING THEMSELVES TO OTHER EXECUTABLE CODES. • THEY OPERATE WITHOUT THE PERMISSIONS OR KNOWLEDGE OF THE COMPUTER USERS. • TROJANS HIDE THEMSELVES IN HEALTHY PROCESSES. • HOWEVER WE SHOULD UNDERLINE THAT TROJANS INFECT OUTSIDE MACHINES ONLY WITH THE ASSISTANCE OF A COMPUTER USER, LIKE CLICKING A FILE THAT COMES ATTACHED WITH EMAIL FROM AN UNKNOWN PERSON, PLUGGING USB WITHOUT SCANNING, OPENING UNSAFE URLS. Created by KAVIN
  • 48. TCP/IP HIJACKING • TCP/IP HIJACKING IS WHEN AN AUTHORIZED USER GAINS ACCESS TO A GENUINE NETWORK CONNECTION OF ANOTHER USER. • IT IS DONE IN ORDER TO BYPASS THE PASSWORD AUTHENTICATION WHICH IS NORMALLY THE START OF A SESSION. Created by KAVIN
  • 49. EMAIL SPOOFING • IN EMAIL SPOOFING, THE SPAMMER SENDS EMAILS FROM A KNOWN DOMAIN, • SO THE RECEIVER THINKS THAT HE KNOWS THIS PERSON AND OPENS THE MAIL. • SUCH MAILS NORMALLY CONTAIN SUSPICIOUS LINKS, • DOUBTFUL CONTENT, REQUESTS TO TRANSFER MONEY Created by KAVIN
  • 50. PASSWORD HACKING • WE HAVE PASSWORDS FOR EMAILS, DATABASES, COMPUTER SYSTEMS, SERVERS, BANK ACCOUNTS, AND VIRTUALLY EVERYTHING THAT WE WANT TO PROTECT. • PASSWORDS ARE IN GENERAL THE KEYS TO GET ACCESS INTO A SYSTEM OR AN ACCOUNT. • IN GENERAL, PEOPLE TEND TO SET PASSWORDS THAT ARE EASY TO REMEMBER, SUCH AS THEIR DATE OF BIRTH, NAMES OF FAMILY MEMBERS, MOBILE NUMBERS, ETC. • THIS IS WHAT MAKES THE PASSWORDS WEAK AND PRONE TO EASY HACKING. Created by KAVIN
  • 52. WIRELESS HACKING • WIRELESS NETWORKS OFFER GREAT FLEXIBILITY, THEY HAVE THEIR SECURITY PROBLEMS. • A HACKER CAN SNIFF THE NETWORK PACKETS WITHOUT HAVING TO BE IN THE SAME BUILDING WHERE THE NETWORK IS LOCATED. • AS WIRELESS NETWORKS COMMUNICATE THROUGH RADIO WAVES, • A HACKER CAN EASILY SNIFF THE NETWORK FROM A NEARBY LOCATION. • MOST ATTACKERS USE NETWORK SNIFFING TO FIND THE SSID AND HACK A WIRELESS NETWORK. • WHEN OUR WIRELESS CARDS ARE CONVERTED IN SNIFFING MODES, THEY ARE CALLED MONITOR MODE. Created by KAVIN
  • 54. SOCIAL ENGINEERING • COMPUTER-BASED SOCIAL ENGINEERING, WHERE AN ATTACKER CRAFTS AN EMAIL THAT APPEARS LEGITIMATE. • SUCH EMAILS HAVE THE SAME LOOK AND FEEL AS THOSE RECEIVED FROM THE ORIGINAL SITE, • BUT THEY MIGHT CONTAIN LINKS TO FAKE WEBSITES. • IF YOU ARE NOT SMART ENOUGH, THEN YOU WILL TYPE YOUR USER ID AND PASSWORD AND WILL TRY TO LOGIN WHICH WILL RESULT IN FAILURE AND BY THAT TIME, • THE ATTACKER WILL HAVE YOUR ID AND PASSWORD TO ATTACK YOUR ORIGINAL ACCOUNT. Created by KAVIN
  • 56. DDOS ATTACK • A DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACK IS AN ATTEMPT TO MAKE AN ONLINE SERVICE OR A WEBSITE UNAVAILABLE BY OVERLOADING IT WITH HUGE FLOODS OF TRAFFIC GENERATED FROM MULTIPLE SOURCES. • UNLIKE A DENIAL OF SERVICE (DOS) ATTACK, IN WHICH ONE COMPUTER AND ONE INTERNET CONNECTION IS USED TO FLOOD A TARGETED RESOURCE WITH PACKETS, A DDOS ATTACK USES MANY COMPUTERS AND MANY INTERNET CONNECTIONS, OFTEN DISTRIBUTED GLOBALLY IN WHAT IS REFERRED TO AS A BOTNET. • A LARGE SCALE VOLUMETRIC DDOS ATTACK CAN GENERATE A TRAFFIC MEASURED IN TENS OF GIGABITS (AND EVEN HUNDREDS OF GIGABITS) PER SECOND. WE ARE SURE YOUR NORMAL NETWORK WILL NOT BE ABLE TO HANDLE SUCH TRAFFIC. Created by KAVIN
  • 58. CROSS SITE SCRIPTING • THE ATTACKER DOES NOT DIRECTLY TARGET HIS VICTIM. • INSTEAD, HE EXPLOITS A VULNERABILITY IN A WEBSITE THAT THE VICTIM VISITS, IN ORDER TO GET THE WEBSITE TO DELIVER THE MALICIOUS JAVASCRIPT FOR HIM. • TO THE VICTIM'S BROWSER, THE MALICIOUS JAVASCRIPT APPEARS TO BE A LEGITIMATE PART OF THE WEBSITE, AND THE WEBSITE HAS THUS ACTED AS AN UNINTENTIONAL ACCOMPLICE TO THE ATTACKER. • THESE ATTACKS CAN BE CARRIED OUT USING HTML, JAVASCRIPT, VBSCRIPT, ACTIVEX, FLASH, BUT THE MOST USED XSS IS MALICIOUS JAVASCRIPT. • THESE ATTACKS ALSO CAN GATHER DATA FROM ACCOUNT HIJACKING, CHANGING OF USER SETTINGS, COOKIE THEFT/POISONING, OR FALSE ADVERTISING AND CREATE DOS ATTACKS. Created by KAVIN
  • 60. SQL INJECTION • SQL INJECTION IS A SET OF SQL COMMANDS THAT ARE PLACED IN A URL STRING OR IN DATA STRUCTURES IN ORDER TO RETRIEVE A RESPONSE THAT WE WANT FROM THE DATABASES • THAT ARE CONNECTED WITH THE WEB APPLICATIONS. • THIS TYPE OF ATTACKS GENERALLY TAKES PLACE ON WEBPAGES DEVELOPED USING PHP OR ASP.NET. • TO DUMP THE WHOLE DATABASE OF A SYSTEM, • TO MODIFY THE CONTENT OF THE DATABASES, OR • TO PERFORM DIFFERENT QUERIES THAT ARE NOT ALLOWED BY THE APPLICATION. Created by KAVIN
  • 61. KALI LINUX GNU/UNIX Most Advanced penetration testing distribution Created by KAVIN
  • 62. MATI AHARONI Author • It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, • their previous information security testing Linux distribution based on Knoppix. The third core developer, Raphaël Hertzog, • joined them as a Debian expert Created by KAVIN
  • 63. REQUIREMENTS • 2GB of RAM • 20GB HDD space • Intel or AMD • 32bit or 64bit architecture Created by KAVIN
  • 64. FEATURES • Kali Linux has over 600 preinstalled penetration-testing programs, including Armitage (a graphical cyber attack management tool), • Nmap (a port scanner), Wireshark (a packet analyzer), • John the Ripper password cracker, Aircrack-ng (a software suite for penetration-testing wireless LANs), • Burp suite and OWASP ZAP web application security scanners. Created by KAVIN
  • 65. Ethical Hacking Advantages Most of the benefits of ethical hacking are obvious, but many are overlooked. The benefits range from simply preventing malicious hacking to preventing national security breaches.The benefits include: •Fighting against terrorism and national security breaches •Having a computer system that prevents malicious hackers from gaining access •Having adequate preventative measures in place to prevent security breaches Created by KAVIN
  • 66. Ethical Hacking Dis- AdvantagesAs with all types of activities which have a darker side, there will be…..dishonest people presenting drawbacks.The possible drawbacks of ethical hacking include: •The ethical hacker using the knowledge they gain to do malicious hacking activities •Allowing the company’s financial and banking details to be seen •The possibility that the ethical hacker will send and/or place malicious code, viruses, malware and other destructive and harmful things on a computer system •Massive security breach These are not common; however, they are something all companies should consider when using the services of an ethical hacker. Created by KAVIN