SlideShare una empresa de Scribd logo

Black hat hackers

Descargar como PPTX, PDF
Santosh Kumar
Santosh Kumar
TecnologíaNoticias y política
1 de 30
BLACK HAT HACKERS Rajitha.B 09131A1276 Information Technology 14-03-2013 1
OUTLINE • Introduction • History • Famous Hackers • Types of Hackers • Black Hat Hackers • Pre-Hacking stage • Domains affected by Hacking • Types of attacks • Detection and counter measures • SQL Injection • Pros and cons • Conclusion • References 14-03-2013 2
Introduction Hacking refers to an array of activities which are done to intrude someone else‟s personal information space so as to use it for malicious, unwanted purposes. Hacking is a term used for activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks. 14-03-2013 3
History  1980s - Cyberspace coined -414 arrested -Two hacker groups formed -2600 published  1990s -National Crackdown on hackers -Kevin Mitnick arrested 14-03-2013 4
Cont.…  2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others.  2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account. 14-03-2013 5
Famous Hackers 14-03-2013 6
Types of hackers  White hat hacker(The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert.)  Black hat hacker(illegal or bad )  Grey hat hacker(A grey hat in the hacking community refers to a skilled hacker whose activities fall somewhere between white and black hat hackers) 14-03-2013 7
Black Hat Hackers  A "black hat hacker” is a hacker who violates computer security for little reason beyond maliciousness or for personal gain.  Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. 14-03-2013 8
Pre-hacking stage Part 1: Targeting The hacker determines what network to break into during this phase. The target may be of particular interest to the hacker, either politically or personally, or it may be picked at random. Part 2: Research and Information Gathering It is in this stage that the hacker will visit or contact the target in some way in hopes of finding out vital information that will help them to access the system. 14-03-2013 9
Cont.… Part 3: Finishing The Attack This is the stage when the hacker will invade the primary target that he/she was planning to attack or steal from. 14-03-2013 10
Domains affected by hacking  Mobile hacking  Email hacking  Data stealing  Injecting virus and Trojans  Man -in-middle attacks  Internet applications 14-03-2013 11
TYPES OF ATTACKS  Denial of Services attacks  Threat from Sniffing and Key Logging  Trojan Attacks 14-03-2013 12
Denial of Services (DOS) Attacks DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system. In other words, a DOS attack is one in which clogging up so much memory on the target system that it cannot serve legitimate users. 14-03-2013 13
DOS Attacks: Ping of Death Attack The maximum packet size allowed to be transmitted by TCPIP on a network is 65 536 bytes. In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCPIP, is sent to the target system. As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs. 14-03-2013 14
sniffers and Key loggers Sniffers: capture all data packets being sent across the network. Commonly Used for: Traffic Monitoring Network Trouble shooting Gathering Information on Attacker. For stealing company Secrets and sensitive data. Commonly Available Sniffers • tcpdump • DSniff 14-03-2013 15
Threats from key loggers Key loggers: Records all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker. Countermeasures  Periodic Detection practices should be made mandatory. A Typical Key Logger automatically loads itself into the memory, each time the computer boots.  Thus, the start up script of the Key Logger should be removed. 14-03-2013 16
Trojan Attacks Trojans: act as a RAT or Remote Administration Tool, which allow remote control and remote access to the attacker. Working: 1.The Server Part of the Trojan is installed on the target system through trickery or disguise. 2.This server part listens on a predefined port for connections. 3.The attacker connects to this Server Part using the Client part of the Trojan on the predefined port number. 4.Once this is done, the attacker has complete control over the target system. 14-03-2013 17
Trojan Attacks : Detection and counter measures Detection & Countermeasures Scan your own system regularly. If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed. One can remove a Trojan using any normal Anti-Virus Software 14-03-2013 18
SQL injection  SQL injection is a technique often used to attack data driven applications.  This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed SQL command to the database.  string literal escape characters embedded in SQL statements like („ or * ) etc.  SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. 14-03-2013 19
Structure of SQL Injection 14-03-2013 20
How SQL Injection is performed?  when user input is not filtered for escape characters and is then passed into a SQL statement. The following line of code: statement = "SELECT * FROM users WHERE name = '" + userName + "';" For example: For example, setting the "userName" variable as: ' or '1'='1 ' or '1'='1' -- ' ' or '1'='1' ({ ' ' or '1'='1' /* ' 14-03-2013 21
Cont.….  The above username „1=1‟ is always true and can even delete the tables. SELECT * FROM users WHERE name = ''OR '1'='1'; Example: Step 1: Figure out how the application handles bad inputs • Email address is taken for the SQL injection hacker@programmerinterview.com' • The extra quote is added to the above email address. 14-03-2013 22
Cont.… The SQL statement as follows:  SELECT data FROM table WHERE Email input = hacker@programmerinterview.com”;  The query is injected as: SELECT data FROM table WHERE Email input = 'Y'; UPDATE table SET email = 'hacker@ymail.com' WHERE email = 'joe@ymail.com'; 14-03-2013 23
Cont.…  The hacker enters into the database and drops the tables .  Insertion of any other data in table can be done. 14-03-2013 24
SQL Injection 14-03-2013 25
SQL Injection Prevention  Encrypt sensitive data.  Access the database using an account with the least privileges necessary.  Install the database using an account with the least privileges necessary.  Ensure that data is valid. 14-03-2013 26
Pros and cons Pros • Increases computer security –when a hacker is hired he can be given a specific job or way to hack into the system. This can give company insight of possible back doors or openings into the company‟s security. Cons • The hacker can break into the system and steal information. • If the hacker is inexperience he can leave harmful programs and delete the information. 14-03-2013 27
Conclusion  Hacking may be defined as legal or illegal, ethical or unethical but useful for finding out possible back doors or openings into the computer security. 14-03-2013 28
References http://www.blackhatlibrary.net/Main_Page http://prezi.com/sxnobhzvsenq/hacking- and-cracking-pros-and-cons http://www.cybercure.in/hacking/ http://en.wikipedia.org/wiki/Hacker_(compu ter_security) http://en.wikipedia.org/wiki/The_Hacker_Cr ackdown Cyber cure customized e-book http://www.blackhat.com/presentations/bh- usa-04/bh-us-04-hotchkies/bh-us-04- hotchkies.pdf http://crypto.stanford.edu/cs142/lectures/1 6-sql-inj.pdf 14-03-2013 29
Thank you 14-03-2013 30

Recomendados

Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attackssommerville-videos
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Malware and security
Malware and securityMalware and security
Malware and securityGurbakash Phonsa
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentationA.S. Sabuj
 

Recomendados

Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attackssommerville-videos
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Malware and security
Malware and securityMalware and security
Malware and securityGurbakash Phonsa
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentationA.S. Sabuj
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Ransomware
RansomwareRansomware
RansomwareChaitali Sharma
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Ransomware
RansomwareRansomware
RansomwareAkshita Pillai
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingTharindu Kalubowila
 
cyber security PPT
cyber security PPTcyber security PPT
cyber security PPTNitesh Dubey
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Cyber security
Cyber securityCyber security
Cyber securityDr. Kishor Nikam
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber SecuritySazed Salman
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks Anuradha Moti T
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
CyberCrimes
CyberCrimesCyberCrimes
CyberCrimesFettah Kurtulus
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringn|u - The Open Security Community
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentationSuryansh Srivastava
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 

Más contenido relacionado

La actualidad más candente

Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
cyber security PPT
cyber security PPTcyber security PPT
cyber security PPTNitesh Dubey
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber SecuritySazed Salman
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 

La actualidad más candente (20)

Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Cyber security
Cyber securityCyber security
Cyber security
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
Ransomware
RansomwareRansomware
Ransomware
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
Ransomware
RansomwareRansomware
Ransomware
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
cyber security PPT
cyber security PPTcyber security PPT
cyber security PPT
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber Security
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDF
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
CyberCrimes
CyberCrimesCyberCrimes
CyberCrimes
 
Cyber security
Cyber securityCyber security
Cyber security
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 

Destacado

Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingNeel Kamal
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Gohsuke Takama
 
Hacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksHacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksSrikanth VNV
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
How To Become A Successful Hacker In Only 10 Years
How To Become A Successful Hacker In Only 10 YearsHow To Become A Successful Hacker In Only 10 Years
How To Become A Successful Hacker In Only 10 Yearsluke_bkk
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern timesjeshin jose
 
Mobile operating system ppt
Mobile operating system pptMobile operating system ppt
Mobile operating system pptSantosh Kumar
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingjustyogesh
 
SecurityGateway for Email Servers - Feature Overview
SecurityGateway for Email Servers - Feature OverviewSecurityGateway for Email Servers - Feature Overview
SecurityGateway for Email Servers - Feature OverviewAlt-N Technologies
 

Destacado (20)

Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016
 
Hacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksHacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer Networks
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
How To Become A Successful Hacker In Only 10 Years
How To Become A Successful Hacker In Only 10 YearsHow To Become A Successful Hacker In Only 10 Years
How To Become A Successful Hacker In Only 10 Years
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
 
Mobile operating system ppt
Mobile operating system pptMobile operating system ppt
Mobile operating system ppt
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber security
Cyber securityCyber security
Cyber security
 
M commerce ppt
M commerce pptM commerce ppt
M commerce ppt
 
Hackers
HackersHackers
Hackers
 
Network security
Network securityNetwork security
Network security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
SecurityGateway for Email Servers - Feature Overview
SecurityGateway for Email Servers - Feature OverviewSecurityGateway for Email Servers - Feature Overview
SecurityGateway for Email Servers - Feature Overview
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 

Similar a Black hat hackers

CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)SHUBHA CHATURVEDI
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
VTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesVTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesJayanth Dwijesh H P
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
Ethical_Hacking_ppt
Ethical_Hacking_pptEthical_Hacking_ppt
Ethical_Hacking_pptNarayanan
 
Security challenges of cloud computing
Security challenges of cloud computingSecurity challenges of cloud computing
Security challenges of cloud computingMd. Hasibur Rashid
 
ThreatModeling.ppt
ThreatModeling.pptThreatModeling.ppt
ThreatModeling.ppttashon2
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Komal Mehfooz
 
Ddos- distributed denial of service
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service laxmi chandolia
 

Similar a Black hat hackers (20)

CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurity
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
VTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesVTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notes
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Aw36294299
Aw36294299Aw36294299
Aw36294299
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
 
basic knowhow hacking
basic knowhow hackingbasic knowhow hacking
basic knowhow hacking
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 
Ethical_Hacking_ppt
Ethical_Hacking_pptEthical_Hacking_ppt
Ethical_Hacking_ppt
 
Security challenges of cloud computing
Security challenges of cloud computingSecurity challenges of cloud computing
Security challenges of cloud computing
 
System Security
System SecuritySystem Security
System Security
 
ThreatModeling.ppt
ThreatModeling.pptThreatModeling.ppt
ThreatModeling.ppt
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz)
 
Ddos- distributed denial of service
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Más de Santosh Kumar

human computer interface
human computer interfacehuman computer interface
human computer interfaceSantosh Kumar
 
Software technologies in defence ppt
Software technologies in defence pptSoftware technologies in defence ppt
Software technologies in defence pptSantosh Kumar
 
Holographic memory systems
Holographic memory systemsHolographic memory systems
Holographic memory systemsSantosh Kumar
 
motion sensing technology
motion sensing technologymotion sensing technology
motion sensing technologySantosh Kumar
 
Face recognition ppt
Face recognition pptFace recognition ppt
Face recognition pptSantosh Kumar
 

Más de Santosh Kumar (6)

human computer interface
human computer interfacehuman computer interface
human computer interface
 
Bit torrent ppt
Bit torrent pptBit torrent ppt
Bit torrent ppt
 
Software technologies in defence ppt
Software technologies in defence pptSoftware technologies in defence ppt
Software technologies in defence ppt
 
Holographic memory systems
Holographic memory systemsHolographic memory systems
Holographic memory systems
 
motion sensing technology
motion sensing technologymotion sensing technology
motion sensing technology
 
Face recognition ppt
Face recognition pptFace recognition ppt
Face recognition ppt
 

Último

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Último (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 

Black hat hackers

  • 2. OUTLINE • Introduction • History • Famous Hackers • Types of Hackers • Black Hat Hackers • Pre-Hacking stage • Domains affected by Hacking • Types of attacks • Detection and counter measures • SQL Injection • Pros and cons • Conclusion • References 14-03-2013 2
  • 3. Introduction Hacking refers to an array of activities which are done to intrude someone else‟s personal information space so as to use it for malicious, unwanted purposes. Hacking is a term used for activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks. 14-03-2013 3
  • 4. History  1980s - Cyberspace coined -414 arrested -Two hacker groups formed -2600 published  1990s -National Crackdown on hackers -Kevin Mitnick arrested 14-03-2013 4
  • 5. Cont.…  2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others.  2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account. 14-03-2013 5
  • 7. Types of hackers  White hat hacker(The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert.)  Black hat hacker(illegal or bad )  Grey hat hacker(A grey hat in the hacking community refers to a skilled hacker whose activities fall somewhere between white and black hat hackers) 14-03-2013 7
  • 8. Black Hat Hackers  A "black hat hacker” is a hacker who violates computer security for little reason beyond maliciousness or for personal gain.  Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. 14-03-2013 8
  • 9. Pre-hacking stage Part 1: Targeting The hacker determines what network to break into during this phase. The target may be of particular interest to the hacker, either politically or personally, or it may be picked at random. Part 2: Research and Information Gathering It is in this stage that the hacker will visit or contact the target in some way in hopes of finding out vital information that will help them to access the system. 14-03-2013 9
  • 10. Cont.… Part 3: Finishing The Attack This is the stage when the hacker will invade the primary target that he/she was planning to attack or steal from. 14-03-2013 10
  • 11. Domains affected by hacking  Mobile hacking  Email hacking  Data stealing  Injecting virus and Trojans  Man -in-middle attacks  Internet applications 14-03-2013 11
  • 12. TYPES OF ATTACKS  Denial of Services attacks  Threat from Sniffing and Key Logging  Trojan Attacks 14-03-2013 12
  • 13. Denial of Services (DOS) Attacks DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system. In other words, a DOS attack is one in which clogging up so much memory on the target system that it cannot serve legitimate users. 14-03-2013 13
  • 14. DOS Attacks: Ping of Death Attack The maximum packet size allowed to be transmitted by TCPIP on a network is 65 536 bytes. In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCPIP, is sent to the target system. As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs. 14-03-2013 14
  • 15. sniffers and Key loggers Sniffers: capture all data packets being sent across the network. Commonly Used for: Traffic Monitoring Network Trouble shooting Gathering Information on Attacker. For stealing company Secrets and sensitive data. Commonly Available Sniffers • tcpdump • DSniff 14-03-2013 15
  • 16. Threats from key loggers Key loggers: Records all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker. Countermeasures  Periodic Detection practices should be made mandatory. A Typical Key Logger automatically loads itself into the memory, each time the computer boots.  Thus, the start up script of the Key Logger should be removed. 14-03-2013 16
  • 17. Trojan Attacks Trojans: act as a RAT or Remote Administration Tool, which allow remote control and remote access to the attacker. Working: 1.The Server Part of the Trojan is installed on the target system through trickery or disguise. 2.This server part listens on a predefined port for connections. 3.The attacker connects to this Server Part using the Client part of the Trojan on the predefined port number. 4.Once this is done, the attacker has complete control over the target system. 14-03-2013 17
  • 18. Trojan Attacks : Detection and counter measures Detection & Countermeasures Scan your own system regularly. If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed. One can remove a Trojan using any normal Anti-Virus Software 14-03-2013 18
  • 19. SQL injection  SQL injection is a technique often used to attack data driven applications.  This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed SQL command to the database.  string literal escape characters embedded in SQL statements like („ or * ) etc.  SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. 14-03-2013 19
  • 20. Structure of SQL Injection 14-03-2013 20
  • 21. How SQL Injection is performed?  when user input is not filtered for escape characters and is then passed into a SQL statement. The following line of code: statement = "SELECT * FROM users WHERE name = '" + userName + "';" For example: For example, setting the "userName" variable as: ' or '1'='1 ' or '1'='1' -- ' ' or '1'='1' ({ ' ' or '1'='1' /* ' 14-03-2013 21
  • 22. Cont.….  The above username „1=1‟ is always true and can even delete the tables. SELECT * FROM users WHERE name = ''OR '1'='1'; Example: Step 1: Figure out how the application handles bad inputs • Email address is taken for the SQL injection hacker@programmerinterview.com' • The extra quote is added to the above email address. 14-03-2013 22
  • 23. Cont.… The SQL statement as follows:  SELECT data FROM table WHERE Email input = hacker@programmerinterview.com”;  The query is injected as: SELECT data FROM table WHERE Email input = 'Y'; UPDATE table SET email = 'hacker@ymail.com' WHERE email = 'joe@ymail.com'; 14-03-2013 23
  • 24. Cont.…  The hacker enters into the database and drops the tables .  Insertion of any other data in table can be done. 14-03-2013 24
  • 26. SQL Injection Prevention  Encrypt sensitive data.  Access the database using an account with the least privileges necessary.  Install the database using an account with the least privileges necessary.  Ensure that data is valid. 14-03-2013 26
  • 27. Pros and cons Pros • Increases computer security –when a hacker is hired he can be given a specific job or way to hack into the system. This can give company insight of possible back doors or openings into the company‟s security. Cons • The hacker can break into the system and steal information. • If the hacker is inexperience he can leave harmful programs and delete the information. 14-03-2013 27
  • 28. Conclusion  Hacking may be defined as legal or illegal, ethical or unethical but useful for finding out possible back doors or openings into the computer security. 14-03-2013 28