• Save
Information security & ethical hacking
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Information security & ethical hacking

  • 1,041 views
Uploaded on

Information security & ethical hacking,computer hacking, workshop

Information security & ethical hacking,computer hacking, workshop

More in: Education , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
1,041
On Slideshare
1,039
From Embeds
2
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
1
Likes
1

Embeds 2

http://192.168.6.179 2

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • MAC- Media Access Control, SIM – Subscriber Identity Module, IMEI – International Mobile Equipment Identity.

Transcript

  • 1. Information Security & Ethical Hacking © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 2. What is Information Security Information security means protecting information and information systems from unauthorized access. © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 3. Why Need to Information Security • Protect information/systems/networks from damage by viruses, spyware, and other malicious code. • Because information is very important for every company, firm or person. If your information disclosed or hacked, Everyone know it is very harm full for him. • So every company needs its information secure from unauthorized access. © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 4. Ethical Hacking • To understand the world of hacking learn Hack Simulation Game as : Follow a map, Choose the Server to enter in a system, Crack the password and within a time limit garb the information, send virus, delete/steal files before you are tracked down. • Many security experts encourage organizations to hire ethical hackers to test their networks. Pathfinder aims to grab these for you. • Ethical Hacking Organizations are increasingly, evaluating the success or failure of their current security measures through use of ethical hacking processes and techniques.
  • 5. Introduction to Cyber crime • Computer Crime, Hi-Tech Crime or Electronic Crime is where a computer or a mobile is the target of crime or is the means adopted to commit a crime. • Cyber criminals are leveraging innovation at a pace which many target organizations and security vendors can not possibly match. • Most of these crimes are not new. Criminals simply revise different ways to undertake standard criminal activities such as fraud, theft, blackmail, and forgery, often involving the Internet. © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 6. India Ranks 5 in Reporting Cyber Crime Cases  India ranks fifth among countries reporting the maximum number of cyber crimes, as the latest report released by Internet Crime Complaint Centre of the United States.  Cyber crimes record 50% rise in India.  The United States led the tally of victims complaints, while India remained at fifth by reporting 0.36% of the global complaints received at IC3 which was about 1,000 complaints, the data said.  Majority of the fraudsters on the information highway, this year, resorted to the trick of selling products online but not delivering it to buyers who had already made payments.  It remained the most adopted method to cheat during the year with 33% of internet crimes of this nature being reported, according to the report.
  • 7. Recent Cyber Cases • Andhra Pradesh Govt websites hacked on Feb 17, 2012, Some Bangladeshi hacking groups are suspected to be behind the incident. • Trinamool Congress website hacked by Bangladeshi hackers on 15 Feb 2012. • Online store of Microsoft India was hacked by Chinese Hackers on 13 Feb 2012. • 5 Million of Android phone infected by virus  The malware is embedded into various apps in the Android Market and once downloaded, launch services that send information from the device, such as MAC Address, SIM Serial, IMEI, and IMSI, back to the malicious host.
  • 8.  Credit card frauds  Online gambling  Software piracy  Copyright infringement  Trademarks violations  Theft of source code  Email spoofing  Forgery  Phishing  Defamation  Cyber stalking (section 509 IPC)  Cyber terrorism  Sale of illegal articles © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 9. © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 10. Hacker can recover or crack windows password with any live CD or Pen drive. • Back Track • Oph Crack • Offline Password Cracker • Hiren Multi Boot Disk • Active Password Changer • ERD Commander • Kon Boot • Back Door © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 11. Admin Password Cracking Recovering or Cracking Windows User Login Passwords © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 12. Windows login password When you create a new user account with password in windows, It will be store in SAM file . SAM (Security Accounts Manager) is the part of Windows NT that manages the database of usernames, passwords and permissions. SAM file located at : C:WindowsSystem32Config When you start the windows, SAM file becomes inaccessible to operating systems. © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 13. How Windows NT Save User Password Lets See New user when creating an account on windows Like a user name : (Sheela) password : (barbie.doll) Password convert in to Hashes It will stored on SAM in hashes formats you can not read , rename or delete .
  • 14. Oph crack his own data base of hashes and their coresponding charactrs Password is stored in form of hashes hsinamgria Windows Password Cracked by Booting the Computer from the Windows Live Disk Matching password with his own database OPH crack example
  • 15. Backdoor A backdoor in a computer system is a method of bypassing normal authentication , securing remote access to a computer. Use the Commands in the Command Prompt: net user administrator * Or net user hacker /add Windows Hacking Method 2 © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 16. Back Track Live CD or USB Windows Hacking Method 3 In This method we are using Linux Advance version live CD And bypass, crack, and change windows Administrator password easily. Backtrack based on Ubuntu © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 17. Windows Hacking Method 4 ERD Commander • The Microsoft Diagnostics and Recovery Toolset (DaRT ) also known as ERD Commander . • Which provides utilities and wizards that will help you to perform system diagnostic and repair procedures , such as recovery data , disabling problematic drivers , and removing data, disabling problematic driver, and removing hotfixes. © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 18. Session High Jacking In computer science, session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer ( HTTP cookie theft). • Facebook session high jacking • Orkut session high jacking
  • 19. MS Windows Link File CVE-2010-2568 • This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening. Description • This signature will detect attempts to exploit a remote code execution vulnerability in Microsoft Windows Shortcut 'LNK' Files. • Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to handle 'LNK' files properly. Microsoft Windows Attack Method 1
  • 20. • Specifically, the issue occurs when loading the icon of a shortcut file. A specially crafted 'LNK' file can cause Windows to automatically execute code that is specified by the shortcut file. • NOTE: This issue is being exploited in the wild as malware W32.Temphid. This issue affects Microsoft Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008. Microsoft Windows Attack Method 1 cont.….
  • 21. Microsoft Windows Attack Method 2 Meta sploit Attack Microsoft windows shell code execution exploit/windows/browser/ms10_046_shortcut_icon_dllloader Description: This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path
  • 22. Sending Anonymous Mail 1. Sending fake mail: In this technic user can easily send fake mail by other user Email id. 2. Sending modify fake mail as Facebook Administrator, Orkut Administrator , and any other company © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 23. VICTIM PC ATTACKER PC Attacker send fake login link to victim As it : http://example.com/gmail.html In phishing attacker manipulate the general parson login with modify fake page, when victim login with fake page his password redirect to hacker . Creating a replica of an existing Web page to fool a user into submitting personal, financial, or password data © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 24. When victim login with fake link attacker job done. User: ***** Pass: ***** User: sheela Pass: barbie.doll User password redirect to attacker systems Miss sheela is hacked User name – sheela Pass- barbie.doll © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 25. Phishing Method 2 Website Attack Vector Credential Harvester Attack Method The Credential Harvester method will utilize web cloning of a web- site that has a username and password field and harvest all the information posted to the website. © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 26. What is SQL SQL is a structure query language It can be store our website data base in websites, user name password table contents and maintains users entry’s ….. © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 27. SQL INJECTION ATTACK A simple SQL injection attack: A SQL injection attack exploits vulnerabilities in a web server database that allows the attacker to gain access to the database and read, modify, or delete information. © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 28. An example of a SQL injection attack is making the login condition “TRUE” by giving the identical value to a web page. These values can be inserted into a login as follows: • Username: 1′ or ’1′=’1 • Password: 1′ or ’1′=’1 © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 29. Try to login with sql injection User name: 1′ or ’1′=’1 Password : 1′ or ’1′=’1 Done to deface administrator panel Easley And stolen , delete , change administrator data. © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 30. Steganography Steganography (computer science) The art and science of hiding a message in a medium, such as a digital picture or audio file. is the hiding of a secret message within an ordinary message and the extraction of it at its destination
  • 31. CDMA Mobile cloning Allowing the (ESN) of the mobile phone to be modified. In mobile cloning hacker copy (ESN) and (MIN) no and write this any other computer chip or devise and easy to clone any cdma mobile numbers ESN (electronic serial number ) MIN ( mobile identification number) Cloned sim card © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 32. © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 33. Information Security Market Scenario • Information security demand increasing 17.5% per year... • Best way of bright future for technical students. • The demand for information security professionals is grown 20% in 2011. • It is expected to grow 25% in the year 2012. © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 34. AAWorld of Opportunities The Asia-Pacific region is anticipated to account for the majority of Information Security solutions market by 2012. In this world of Opportunities you will see almost every sector emphasizing on Information Security • Banking Sector • Corporate Sector • Automobile Sector • Aviation Industry • IT Industry • Educational Institutions • Government Sector • Cyber Crime Investigation Cells • Global Security Agencies • Information System Security Association © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI
  • 35. Become A Security Expert • Cyber security professional • Information Security Professional • IS Executive • Information System Auditor • Security Advisors • Software developers • IT specialists • IT system executives • IT consultants • Assistant Software Engineer • Software Test Engineer • R&D Executive • Security Consultant • System Engineer • Network Engineer • Network Administrator and many more…sector. The Appin Pathfinder prepares you for numerous career opportunities. If you've ever wondered what you can become, here are some answers. These are the career profiles chosen by students immediately after their schools and are earning huge packages despite of their age and less experience. Thousands of our students have been placed with many top companies in IT and security
  • 36. © HaCkHiPp0-TeAm R0oTx:SaHiL_RaI Thank You