Learn all about hacking and penetration testing. The phases in hacking, the process of hacking and then learning what is penetration testing. Also get a sense of cyber crimes and cyber security

1. HACKING & CYBER SECURITY
PANKAJ DUBEY
Sr. QA Engineer
pankajdubeyk@gmail.com
http://PRELRIK.COM
http://youtube.com/c/prelrik
VULNERABILITY ASSESSMENT & PENETRATION TESTING
a beginner’s guide to ...
hacking &
penetration testing

2. ● 500 hrs of video uploaded on YouTube
● 3.3million Facebook posts
● 448,800 tweets
● 65972 photos are uploaded on Instagram
● 29 million whatsapp messages are sent
Report credit - cuencatechlife
● 1440 wordpress posts are published
60 Seconds on
Internet

3. Cyber crimes
** Hacking is the major reason behind cyber crimes **
● Unauthorized access in computer or network
● Spreading malwares or viruses to harm the system
● Data manipulation or Data theft
● Cyber espionage or spying
● Child pornography
● Committing fraud
“Offences that are committed against individuals or groups of individuals with a
criminal motive by using computer, mobile or any digital medium are called
cyber crimes.”
“To solve and investigate the cyber crimes, Digital forensics comes into the picture.”

4. Cyber Security
“Cyber security is the concept of securing the computers, networks
and Data from any unauthorized access or activity”
** Penetration Testing is the best countermeasure to defend against cyber crimes **
● Countermeasures taken to prevent your network, application or system from being
hacked is cyber security.
● Cybersecurity experts have deep knowledge of how Network, computer, applications,
Database and website works
● They use their skills to shield the services against any cyber attacks
“To solve and investigate the cyber crimes, Digital forensics comes into the picture.”

5. Motives behind cyber attack
Disrupting business reputation Data Manipulation Data theft
Identity theft Financial frauds Cyber espionage
Cyber terrorism Propaganda spreading Spreading religious tensions

6. Networks
Information gathering
Spoofing & tricking
Session hijacking or MIM
DOS (Denial of service)
DNS and ARP poisoning
Sniffing and Eavesdropping
Application
Field validations
Authentication and authorization
attacks
SQL injection
Cryptographic attacks
Security Misconfiguration
Broken session management
Host
Footprinting
Malware attacks
Password attacks
Backdoor attacks
Physical security threats
Denial of service (DoS or DDos)
Security threat types

7. What is hacking?
“Gaining an unauthorized access in computer, network or
Database to do malicious activity is called hacking”
All hackers aren’t bad people.
● Hacking is illegal if done in an unauthorized manner or without any pre approval
● Even human nature have many vulnerabilities that can be exploited to gain confidential
information and that’s called social Engineering.
● An illegal hacking is performed by black hat hackers

8. What is Ethical hacking?
“If hacking is done with a pre approval by authorized admin
then it’s called ethical hacking.”
● Ethical hacking is legal if done with an authorized admin approval
● The reason of performing ethical hacking is to find and fix the security
vulnerabilities so that system can be defended against any cyber attack.
● Ethical hacking is performed by white hat hackers
CEH or Certified Ethical Hacker (CEH) is a qualification obtained by assessing the security
of computer systems, using penetration testing techniques.

9. Result - Blocked Iran's Nuclear
Program
● It disrupted the operations of Siemens
centrifuges in nuclear power plants,
making them spin at uneven speeds
"My opinion is that the Mossad is involved, but that the
leading force is not Israel. The leading force behind Stuxnet is
the cyber superpower – there is only one; and that's the
United States."
- Kevin Hogan, Senior Director of Security Response
at Symantec
The great example - stuxnet

10. Result - 200,000 computers were
infected across 150 countries
● The WannaCry ransomware attack was a
May 2017 worldwide cyberattack by the
WannaCry ransomware cryptoworm
● It targeted computers running the
Microsoft Windows operating system by
encrypting data and demanding ransom
payments in the Bitcoin cryptocurrency
The great example - wannacry

11. types of - hackers
BLACK HAT - They use hacking skills for destructive and malicious
activities.
WHITE HAT - They use hacking skill to defend against any sort of
cyber attack.
GRAY HAT - They use hacking skills for both offensive and
defensive purposes.

12. Elite hackers: Elite hacker are the most skilled hackers.
Script kiddie : They are unskilled hacker who breaks into computer systems by using
automated tools
Neophyte: Someone who is new to hacking and has no knowledge of hacking or how
technology works
Hacktivist: A hacktivist is a hacker who utilizes technology to publicize a social, ideological,
religious or political message.
Nation state hackers: Intelligence agencies and cyber warfare operatives of nation states.
The types of - hackers
Blue hat hackers: A blue hat hacker is someone outside computer security consulting firms
who is used to security test a system prior to its launch.

13. VAPT - vulnerability assessment & Penetration Testing
“A vulnerability assessment is the process of identifying,
quantifying, and prioritizing (or ranking) the vulnerabilities in a
system.”
Vulnerability assessment is done to :
● Identify the weakness in system
● Measure the effectiveness against any attack
NETWORK VULNERABILITY ASSESSMENT TOOLS
● Nmap
● OpenVAS
● Wireshark
● Metasploit
● MBSA (Microsoft baseline security analyzer)
WEB VULNERABILITY ASSESSMENT TOOLS
● OWASP ZAP
● Acunetix
● Burp suite
● Nikto
● sqlmap

14. VAPT - a sample report

15. Active Assessment
Using a network scanner to find hosts, services and vulnerabilities.
Passive Assessment
A technique used to sniff the network to find hosts, services and
vulnerabilities.
vulnerability assessment types
Internal Assessment
A technique used to assess internal infrastructure.
External Assessment
A technique used by krackers to assess from outside to find the
vulnerability.
Wireless network
Assessment
Assessing wireless
network to penetrate in
network.
Host based
Assessment
Determines the
vulnerability in a specific
server or computer.
Application & DB
Assessing an application,
website or database for
any misconfiguration.
Physical security
Assessment
Assessing the physical
security to reach out to
network or computer.
Network Assessment
Assessing network to find
the network
vulnerabilities.

16. Penetration Testing or Security Testing
● Pen testers are usually certified white hat hackers or LPTs (licensed pen testers)
● Pen testers reports that how a vulnerability can be exploited
● Pen testers also report that how to patch the issue in properly documented report
“Pen testing is the process of finding and reporting security
vulnerabilities in network, computer or application in order to secure it
with any sort of attacks.”
A penetration test, also known as a pen test, is an authorized simulated attack on a computer
system that looks for security weaknesses, potentially gaining access to the system's features
and data.

17. ETHICAL HACKING
“Ethical hacking focuses on using all
techniques to find and exploit the
vulnerabilities.”
Main target is to break in the system
Ethical hacking is an offensive
measure
PEN TESTING
“Pen testing focuses on finding all
vulnerabilities in the network,
computer or application.”
Main target is to defend the system
against any threat
Pen testing is defensive measure
Ethical hacking vs Penetration Testing

18. types of - pen testers
BLACK HAT - With no prior knowledge of network, computer or
application that needs to be tested.
WHITE HAT - With complete knowledge of network, computer or
application that needs to be tested.
GRAY HAT - With limited knowledge of network, computer or application
that needs to be tested.

19. Technical skills
In depth knowledge of operating systems
In depth knowledge of servers
In depth knowledge of Networks
In depth knowledge of hacking tools and
technologies
Should be an expert in exploiting the vulnerabilities
Behavioural skills
Ability to learn quickly
Awareness of law of the land
Target company's code of conduct and policies
Should be quick to find the loopholes in
Should update themselves with new technologies
and tools
Skills required for - hackers / pen testers

20. Network services
Penetration testing can be performed on
Application test
Web services test
Web site test
Wireless network test
Database test
Social engineering

21. ● Planning & preparation
● Choosing methods
● Information gathering
Pre attack phase
● Penetrating parameter
● Acquiring target
● Execution,
implementation,
retracting
Attack phase
● Reporting
● Cleanup
● Artifact destruction
Post attack phase
pen testing / hacking phases

22. 1. Footprinting
2. Scanning
3. Gaining Access
4. Maintaining
Access
5. Clearing tracks
Gathering preliminary information before attacks
Scanning the target system or network to find the open ports
The term refers to when an attacker gains the access in NETWORK,
SYSTEM or APPLICATION
In this phase attacker tries to remains the control of network or
application
This is the final phase of hacking, where attacker delete all the
evidences and logs
pen testing / hacking phases

23. Cross site scripting (xss)
SQL Injection
Session hijacking
Parameter manipulation
Buffer Overflow
Denial of service
Weak authentication and session management
Security misconfiguration
Computer security threats

24. Malwares
ransomware
SQL injection
software which is specifically designed to disrupt, damage, or gain
authorized access to a computer system. Ex - virus, worms,
spywares, backdoors
It blocks access to data or system if unless a ransom is paid. Ex -
wannacry
Injection is a code injection technique to hack into database using
website client end.
D-DoS
Distributed denial of service attack makes a system resource
unresponsive to actual intended users.
Security threats (1/2)

25. Pharming
Wireless network
Botnets
Pharming is a cyber attack intended to redirect a website's traffic to
another, fake site.
User attacks on the wireless network to gain access in an organization’s or
individual’s network
Botnets can be used to perform distributed denial-of-service attack
(DDoS attack), steal data, send spam, and allow the attacker access to the
device and its connection
Phishing
Trojans
Phishing is a technique used to get a person in confidence and to get
confidential detail or do fraud
Trojan horse is a type of virus that looks like a legitimate software and once
user installs it, it passes on the control to hackers
Security threats (2/2)

26. Hack Value
To evaluate the outcome for hacking something
Back door
Process of bypassing security and front gate and entering in the system from backdoor
Zero Day Attack
Hacking the application before patch is released
Def CON
They organize hackers conference
Important hacking terminologies
Trojans
a Trojan horse, or Trojan, is any malicious computer program which misleads users of its true intent

27. Important hacking terminologies - BOTNET
“ A network of private computers
infected with malicious software
and controlled by a master
computer as a group without the
owner's knowledge. “
● It can be simulated to do Denial of
Service attack. As each computer has
different IP and that can not be blocked.

28. Important hacking terminologies -
Social Engineering
● It’s a type of confidence trick for the purpose of information gathering, fraud, or
system access.
● Human behaviour also have some vulnerabilities and hackers never hesitate
exploiting that vulnerability.
“Social Engineering is an art of convincing a person to reveal
confidential information.”
● Eavesdropping
● Shoulder surfing
● Dumpster diving
● Baiting
● Phishing
● Spear phishing
Social Engineering techniques

29. “Kali Linux is a Linux distribution designed for digital
forensics and penetration testing. It has over 600 pre
installed applications for hacking, penetration
testing and digital forensics.”
● It is maintained and funded by Offensive Security Ltd.
● The earlier version of Kali Linux was known as BackTrack
● Kali Linux is developed using a secure environment with
only a small number of trusted people
Important hacking terminologies - KALI LINUX

30. “Deep web is the hidden part of World Wide Web, which
is not indexed by standard search engines and not
accessible with usual web browsers”
● There is no censorship on contents available on Deep web
● The usual search engine for deep web is Duck Duck go
● The usual domains on deep web ends with .onion instead of
.com
● The sites on deep web can only be accessed using TOR network
Important hacking terminologies - Dark Web

31. Important hacking terminologies - TOR
“Tor is free software for enabling anonymous communication. The
name is derived from an acronym for the original software project
name "The Onion Router"
● TOR stands for The Onion Router
● TOR is a browser to access dark web
● TOR makes it very hard to trace back the user
Tor is handy, but it's far from perfect. Don't think just because you're using Tor that you're perfectly
anonymous. Someone like the NSA can tell if you're a Tor user and that makes them more likely
to target you.

32. Important hacking terminologies - DOXING
“Doxing is a hacking practice where hacker searches the private
information posted on publicly accessible sites”
Searching for private or identifying information about a particular individual on the
Internet, typically with malicious intent.
● Name
● Contact details
● Date of Birth
● Your pet name
● Your favourite food

33. Important hacking terminologies - STEGANOGRAPHY
“Steganography is a technique of hiding an object (file, image or
video) behind another image, audio or video”
● Steganography is combination of greek words ‘steganos’ and ‘graphein’ meaning
‘concealing’ and ‘writing’
● A virus can also be hidden behind an image known as trojan
● It is almost undetectable until special softwares are used
● If you have original image and suspicious steganographic image then you can detect it by
comparing the size of files.

34. Important hacking terminologies - SPOOFING
Ex - instead of facebook.com you can trick someone by sending a link of faceb00k.com,
where if target enters the ID, password and you can write a code to get that detail.
● An email can be spoofed (site - www.emkei.cz)
● A call can be spoofed (site - www.crazycall.net)
● An SMS can be spoofed (site - www.spoofsms.com)
● IP can be spoofed
● DNS can be spoofed
“Spoofing is a technique to trick someone to get confidential
information or access ”

35. Important hacking terminologies - SQL INJECTION
● It is the most common hacking technique to
bypass the user authentication for weak
sites
● Developers should sanitize the user fields
and should not trust what user types in the
input field
“Sql injection is a code injection
technique in the user fields to hack into
the database.”

36. hacking - CAREER
&
CERTIFICATION
● The International Council of
Electronic Commerce
Consultants (EC-Council)
● The EC-Council is
headquartered in
Albuquerque, New Mexico.
● Its best-known certification
is the Certified Ethical
Hacker

37. Footprinting and Reconnaissance
Network scanning
Enumeration
Viruses and malwares
Sniffing
Social Engineering
Session hijacking
Denial of service
SQL Injection
System hacking
Website hacking
Network hacking
Web Server hacking
Wifi Hacking
Mobile hacking
what needs to be learnt - for hackers and Pen testers (...learn in
next videos )
Steganography and Cryptography Spoofing / Phishing Social Engineering