SlideShare una empresa de Scribd logo

Ethical hacking by shivam

S
Shivam Ðreamchazer

http://hacker-shivam.webnode.in/

EducaciónTecnología
1 de 21
#!@ Ethical Hacking by Shivam
2 #!@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting
3 #!@ Ethical Hacking Conforming to accepted professional standards of conduct What is Ethical Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good GuysBlack-hat – Bad guys
4 #!@ What is Ethical Hacking  It is Legal  Permission is obtained from the target  Part of an overall security program  Identify vulnerabilities visible from Internet at particular point of time  Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
5 #!@ Why – Ethical Hacking Source: CERT-India January - 2005 June 01, 2004 to Dec.31, 2004 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Defacement Statistics for Indian Websites
6 #!@ Why – Ethical Hacking Source: CERT/CCTotal Number of Incidents Incidents
7 #!@ Why – Ethical Hacking Source: US - CERT
8 #!@ Why – Ethical Hacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
9 #!@ Ethical Hacking - Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
10 #!@ Preparation  Identification of Targets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
11 #!@ Footprinting Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
12 #!@ Enumeration & Fingerprinting  Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
13 #!@ Identification of Vulnerabilities Vulnerabilities  Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
14 #!@ Identification of Vulnerabilities Methods  Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
15 #!@ Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
16 #!@ Attack – Exploit the vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
17 #!@ Attack – Exploit the vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
18 #!@ Attack – Exploit the vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
19 #!@ Attack – Exploit the vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
20 #!@ Reporting  Methodology  Exploited Conditions & Vulnerabilities that could not be exploited  Proof for Exploits - Trophies  Practical Security solutions
21 #!@ Ethical Hacking - Commandments  Working Ethically  Trustworthiness  Misuse for personal gain  Respecting Privacy  Not Crashing the Systems

Recomendados

Ethical hacking
Ethical hackingEthical hacking
Ethical hackingsumanth1201
 
Ethical h
Ethical hEthical h
Ethical hDr. Salman Iqbal
 
Presentation1
Presentation1Presentation1
Presentation1Abhishek Malhotra
 
Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Gopal Rathod
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingMissStevenson1
 
Hacking and Ethical Hacking
Hacking and Ethical HackingHacking and Ethical Hacking
Hacking and Ethical HackingMasih Karimi
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRavi Rajput
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingkawsarahmedchoudhuryzzz
 

Recomendados

Ethical hacking
Ethical hackingEthical hacking
Ethical hackingsumanth1201
 
Ethical h
Ethical hEthical h
Ethical hDr. Salman Iqbal
 
Presentation1
Presentation1Presentation1
Presentation1Abhishek Malhotra
 
Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Gopal Rathod
 
Ethical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hackingMissStevenson1
 
Hacking and Ethical Hacking
Hacking and Ethical HackingHacking and Ethical Hacking
Hacking and Ethical HackingMasih Karimi
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRavi Rajput
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingkawsarahmedchoudhuryzzz
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingViraj Kansara
 
Certified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book SummaryCertified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book Summaryudemy course
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNitheesh Adithyan
 
Virus and hacker (2)mmm
Virus and hacker (2)mmmVirus and hacker (2)mmm
Virus and hacker (2)mmmandynova
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Rishabh Upadhyay
 
Cyber Security-Ethical Hacking
Cyber Security-Ethical HackingCyber Security-Ethical Hacking
Cyber Security-Ethical HackingViral Parmar
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptshreya_omar
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRohan Raj
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingPraneeth Reddy
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingMohammad Affan
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksInformation Technology
 
An Introduction to Ethical Hacking
An Introduction to Ethical HackingAn Introduction to Ethical Hacking
An Introduction to Ethical HackingVinny Vessel
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingMeghal Murkute
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingRavi Sankar
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testingchampubhaiya8
 
Ethical h
Ethical hEthical h
Ethical hkawsarahmedchoudhuryzzz
 
ethical hacking
ethical hackingethical hacking
ethical hackingNeelima Bawa
 
Chapter 2
Chapter 2Chapter 2
Chapter 2shahhardik27
 

Más contenido relacionado

La actualidad más candente

Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
Certified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book SummaryCertified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book Summaryudemy course
 
Virus and hacker (2)mmm
Virus and hacker (2)mmmVirus and hacker (2)mmm
Virus and hacker (2)mmmandynova
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Rishabh Upadhyay
 
Cyber Security-Ethical Hacking
Cyber Security-Ethical HackingCyber Security-Ethical Hacking
Cyber Security-Ethical HackingViral Parmar
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptshreya_omar
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRohan Raj
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksInformation Technology
 
An Introduction to Ethical Hacking
An Introduction to Ethical HackingAn Introduction to Ethical Hacking
An Introduction to Ethical HackingVinny Vessel
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingRavi Sankar
 

La actualidad más candente (18)

Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Certified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book SummaryCertified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book Summary
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Virus and hacker (2)mmm
Virus and hacker (2)mmmVirus and hacker (2)mmm
Virus and hacker (2)mmm
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
 
Cyber Security-Ethical Hacking
Cyber Security-Ethical HackingCyber Security-Ethical Hacking
Cyber Security-Ethical Hacking
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
 
An Introduction to Ethical Hacking
An Introduction to Ethical HackingAn Introduction to Ethical Hacking
An Introduction to Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical Hacking
 

Similar a Ethical hacking by shivam

Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testingchampubhaiya8
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingjustyogesh
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
CyberIgnite.pdf
CyberIgnite.pdfCyberIgnite.pdf
CyberIgnite.pdfGDSCPUP
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdf
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdfpdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdf
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdftehkotak4
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxDomain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxInfosectrain3
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshellYahia Kandeel
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 

Similar a Ethical hacking by shivam (20)

Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
 
Ethical h
Ethical hEthical h
Ethical h
 
ethical hacking
ethical hackingethical hacking
ethical hacking
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
CyberIgnite.pdf
CyberIgnite.pdfCyberIgnite.pdf
CyberIgnite.pdf
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Introduction to ceh
Introduction to cehIntroduction to ceh
Introduction to ceh
 
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdf
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdfpdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdf
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdf
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptxDomain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 

Último

Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 

Último (20)

Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 

Ethical hacking by shivam

  • 2. 2 #!@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting
  • 3. 3 #!@ Ethical Hacking Conforming to accepted professional standards of conduct What is Ethical Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good GuysBlack-hat – Bad guys
  • 4. 4 #!@ What is Ethical Hacking  It is Legal  Permission is obtained from the target  Part of an overall security program  Identify vulnerabilities visible from Internet at particular point of time  Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
  • 5. 5 #!@ Why – Ethical Hacking Source: CERT-India January - 2005 June 01, 2004 to Dec.31, 2004 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Defacement Statistics for Indian Websites
  • 6. 6 #!@ Why – Ethical Hacking Source: CERT/CCTotal Number of Incidents Incidents
  • 7. 7 #!@ Why – Ethical Hacking Source: US - CERT
  • 8. 8 #!@ Why – Ethical Hacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
  • 9. 9 #!@ Ethical Hacking - Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
  • 10. 10 #!@ Preparation  Identification of Targets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
  • 11. 11 #!@ Footprinting Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
  • 12. 12 #!@ Enumeration & Fingerprinting  Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
  • 13. 13 #!@ Identification of Vulnerabilities Vulnerabilities  Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
  • 14. 14 #!@ Identification of Vulnerabilities Methods  Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
  • 15. 15 #!@ Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
  • 16. 16 #!@ Attack – Exploit the vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
  • 17. 17 #!@ Attack – Exploit the vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
  • 18. 18 #!@ Attack – Exploit the vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
  • 19. 19 #!@ Attack – Exploit the vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
  • 20. 20 #!@ Reporting  Methodology  Exploited Conditions & Vulnerabilities that could not be exploited  Proof for Exploits - Trophies  Practical Security solutions
  • 21. 21 #!@ Ethical Hacking - Commandments  Working Ethically  Trustworthiness  Misuse for personal gain  Respecting Privacy  Not Crashing the Systems

Notas del editor

  1. Red teaming – used for the first time by US government for testing its systems early 90’s Black & white hat terminology comes from the Hollywood movies where good guys wear white hats and bad guys wear black hats
  2. Other information not available