0
GUIDED BY –
Prof.-Pravin Patil
PICT PUNE
Prof.-Mr.R. Vimal Karthik
VTU CHENNAI

AJAY KAURAV
PNR- 0812356100001
M.TECH (CSE...




What is HACKING ???
Who are Hackers???



What is Ethical Hacking ???



Who are Ethical Hackers???



Types Of H...










Hacking - showing computer expertise
Cracking - breaching security on software or
systems
Phreaking - crac...
Hacking is cracking into an
account or cheating in a game
without using cheat codes.
Hacking passwords requires
a program ...


Hacker is a hacker who "violates computer security
for little reason beyond maliciousness or for
personal gain"


Black hats :– highly skilled, malicious, destructive
“crackers”



White hats – skills used for defensive security
ana...


It is Partially Legal (May vary by country law)



Completely legal in INDIA



Permission is obtained from the targe...









Completely trustworthy.
Strong programming and computer networking
skills.
Techniques of Criminal hackers- D...










Website Hacking
Email Hacking
Network Hacking
Password Hacking
Online transactions Hacking
Computer Hac...







Routers : knowledge of routers, routing protocols, and
access control lists Microsoft: skills in operation,
co...
Footprinting

Who is, ping
Traceroot, nslookup

Scanning

nmap • nessus

Enumeration

Netcat. Tcpdump
Telnet, firewalk
A typical attacker works in the following manner:
 Identify the target system.
 Gathering Information on the target syst...







Foot printing
Discovery of Web application
Profiling
Getting Real Attack Points
Exploit the system
Finding th...


IP Address and Port as start point for assessmentMYTH
What if IP address is multi-hosted?
One IP can have more applic...


Host Foot printing



Domain Foot printing.



Both focus on Web application.



Tools and method.



LETS CHECK IT...
Hacking: Scanning
Determine if system is alive
Methods
1) Ping sweep: ICMP packets

Fping, nmap for UNIX

Pinger, Ping S...




Port scanning: Detentive
Networking based IDS like Snort
firewalls can detect port scan attempts
eg. ZoneAlarm(Windo...







Poor Web Application coding
Insecure deployment of web application
Insufficient input validation
No web traffi...









Next generation patch management tool released- Secunia
CSI 7.0
Anonymity tool TOR gains more than 1.2 mil...
THANK YOU 
Ethical hacking
Ethical hacking
Ethical hacking
Ethical hacking
Ethical hacking
Upcoming SlideShare
Loading in...5
×

Ethical hacking

1,302

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,302
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
113
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Ethical hacking "

  1. 1. GUIDED BY – Prof.-Pravin Patil PICT PUNE Prof.-Mr.R. Vimal Karthik VTU CHENNAI AJAY KAURAV PNR- 0812356100001 M.TECH (CSE) VTP -1044 VTU CHENNAI
  2. 2.   What is HACKING ??? Who are Hackers???  What is Ethical Hacking ???  Who are Ethical Hackers???  Types Of Hacking
  3. 3.       Hacking - showing computer expertise Cracking - breaching security on software or systems Phreaking - cracking telecom networks Spoofing - faking the originating IP address in a datagram Denial of Service (DoS) - flooding a host with sufficient network traffic so that it can’t respond anymore Port Scanning - searching for vulnerabilities
  4. 4. Hacking is cracking into an account or cheating in a game without using cheat codes. Hacking passwords requires a program or requires finding glitches from the website.
  5. 5.  Hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain"
  6. 6.  Black hats :– highly skilled, malicious, destructive “crackers”  White hats – skills used for defensive security analysts  Gray hats – offensively and defensively; will hack for different reasons, depends on situation.
  7. 7.  It is Partially Legal (May vary by country law)  Completely legal in INDIA  Permission is obtained from the target user  Part of an overall security program.
  8. 8.      Completely trustworthy. Strong programming and computer networking skills. Techniques of Criminal hackers- DetectionPrevention. Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a nondestructive manner . E.G. Cyber Crime investigators
  9. 9.          Website Hacking Email Hacking Network Hacking Password Hacking Online transactions Hacking Computer Hacking Mobile Hacking PDA hacking Metropolitan system hacking
  10. 10.      Routers : knowledge of routers, routing protocols, and access control lists Microsoft: skills in operation, configuration and management. Linux: knowledge of Linux/Unix; security setting, configuration, and services. Firewalls: configurations, and operation of intrusion detection systems. Mainframes Network Protocols: TCP/IP how they function and can be manipulated. Project Management: knowledge of leading, planning, organizing, and controlling a penetration testing team. (Source: http://www.examcram.com )
  11. 11. Footprinting Who is, ping Traceroot, nslookup Scanning nmap • nessus Enumeration Netcat. Tcpdump Telnet, firewalk
  12. 12. A typical attacker works in the following manner:  Identify the target system.  Gathering Information on the target system.  Finding a possible loophole in the target system.  Exploiting this loophole using exploit code.  Removing all traces from the log files and escaping without a trace.
  13. 13.       Foot printing Discovery of Web application Profiling Getting Real Attack Points Exploit the system Finding the defend mechanism and approach for them
  14. 14.  IP Address and Port as start point for assessmentMYTH What if IP address is multi-hosted? One IP can have more application to assess.  Finding web application running on domain.  HOW????
  15. 15.  Host Foot printing  Domain Foot printing.  Both focus on Web application.  Tools and method.  LETS CHECK IT OUT!!!!!
  16. 16. Hacking: Scanning Determine if system is alive Methods 1) Ping sweep: ICMP packets  Fping, nmap for UNIX  Pinger, Ping Sweep for Windows 2) Port Scan: TCP packets  Nmap can send TCP  Hping2 can fragment TCP packets bypassing some  access control devices
  17. 17.   Port scanning: Detentive Networking based IDS like Snort firewalls can detect port scan attempts eg. ZoneAlarm(Windows) Preventive Disable unnecessary services to minimize exposureCountermeasures
  18. 18.      Poor Web Application coding Insecure deployment of web application Insufficient input validation No web traffic filtering Web application attributes are not guarded well. For example Query String.
  19. 19.        Next generation patch management tool released- Secunia CSI 7.0 Anonymity tool TOR gains more than 1.2 million users since NSA PRISM Scandal Fear of NSA PRISM : Indian Government may ban US email services for official Communication CISCO vulnerability allows remote attacker to take control of Windows System New York Times. Twitter and Huffington Post Domains hijacked by Syrian Electronic Army FBI uses Anonymous Hackers to attack foreign Governments Palestinian Hacker , who hacked Zuckerberg’s Facebook Account to be awarded with $12000
  20. 20. THANK YOU 
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×