GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
Â
Internship ankita jain
1. DEPARTMENT OF FORENSIC
SCIENCE
Name: ANKITA JAIN
Register No: 16MS1FS012
M.Sc. Forensic Science
Jain University â School of
Science
Batch: 2016-2018
2. DEPARTMENT OF FORENSIC
SCIENCE
Bytecode is an Information Security
Training and development company,
based in New Delhi (India). We started
our operations on 1st, February 2008,
since its foundation we are committed
to offer best information security
training and services to our students,
clients and partners.
we have successfully trained and
certified more than 15000 (fifteen
thousands) students accross the world.
3. INTRODUCTION
â˘Ethical hacking refers to the act of locating weaknesses and vulnerabilities of
computer and information systems by duplicating the intent and actions of
malicious hackers.
â˘Ethical hacking is also known as penetration testing, intrusion testing, or red
teaming.
â˘Information security (IS) is designed to protect the confidentiality, integrity and
availability of computer system data from those with malicious intentions.
⢠An ethical hacker is a security professional who applies their hacking skills for
defensive purposes on behalf of the owners of information systems. By
conducting penetration tests, an ethical hacker looks to answer the following
four basic questions:
â˘What information/locations/systems can an attacker gain access?
â˘What can an attacker see on the target?
â˘What can an attacker do with available information?
â˘Does anyone at the target system notice the attempts
DEPARTMENT OF FORENSIC
SCIENCE
4. TYPES OF HACKERS
⢠White Hat
â˘Black Hat
â˘Gray Hat
â˘Green Hat
â˘Red Hat
â˘Blue Hat
DEPARTMENT OF FORENSIC
SCIENCE
5. THE ETHICAL HACKING PROCESS INVOLVE
â˘Planning
â˘Reconnaissance
â˘Enumeration
â˘Vulnerability Analysis
â˘Exploitation
â˘Final Analysis
â˘Deliverables
â˘Integration
DEPARTMENT OF FORENSIC
SCIENCE
6. DENIAL OF SERVICE ( DoS )
A denial of service attack ( DoS attack) is generally the attempt to degrade the
resources of another computer, or crash it, so the that the intended users of that
computer can not longer use it. The methods used to do such an attack usually
involve an attempt to exploit a weakness in one of the protocols that are used on the
internet to cause harm to the target machine or make it lose and use resources at an
unusual level.
Goals of the attacks:
â˘"flood" a network which will prevent legitimate network traffic
â˘disrupt connections between two machines, which will prevent
access to a service
â˘disrupt the service given to a particular system or person
DEPARTMENT OF FORENSIC
SCIENCE
8. CRYPTOGRAPHY
The word cryptography comes from two Greek words meaning "secret writing" and is
the art and science of concealing meaning. Cryptanalysis is the breaking of codes. The
basic component of cryptography is a cryptosystem.
Quintuple (E, D, M, K, C):
M set of plaintexts
K set of keys
C set of ciphertexts
E set of encryption functions
D set of decryption functions
The goal of cryptography is to keep enciphered information secret.
An adversary wishes to break a ciphertext. Standard cryptographic practice is to
assume that one knows the algorithm used to encipher the plaintext, but not the
specific cryptographic key.
DEPARTMENT OF FORENSIC
SCIENCE
9. SNIFFING
Ethernet sniffer or wireless sniffer is a computer program or piece of computer
hardware that can intercept and log traffic that passes over a digital network or
part of a network. As data streams flow across the network, the sniffer captures
each packet and, if needed, decodes the packet's raw data, showing the values of
various fields in the packet, and analyzes its content according to the
appropriate or other specifications.
Packet sniffers can:
â˘Analyze network problems
â˘Detect network intrusion attempts
â˘Detect network misuse by internal and external users
â˘Documenting regulatory compliance through logging all perimeter and endpoint
traffic
â˘Gain information for effecting a network intrusion
DEPARTMENT OF FORENSIC
SCIENCE
11. HACKING WEB SERVER
A web server is just the hardware computer, but a web server is
also the software computer application that is installed in the
hardware computer. The primary function of a web server is to
deliver web pages on the request to clients using the Hypertext
Transfer Protocol (HTTP).
The common vulnerabilities that attackers take advantage of.
â˘Default settings
â˘Misconfiguration
â˘Bugs in the operating system and web servers.
Using scripting languages are-
â˘VB script
â˘Java script
â˘PHP
DEPARTMENT OF FORENSIC
SCIENCE
12. SCANNING NETWORK
Network scanning refers to the use of a computer network to gather
information regarding computing systems. Network scanning is mainly used
for security assessment, system maintenance, and also for performing
attacks by hackers.
The purpose of network scanning is as follows:
â˘Recognize available UDP and TCP network services running on the targeted
hosts
â˘Recognize filtering systems between the user and the targeted hosts
â˘Determine the operating systems (OSs) in use by assessing IP responses
â˘Evaluate the target host's TCP sequence number predictability to
determine sequence prediction attack and TCP spoofing
DEPARTMENT OF FORENSIC
SCIENCE
13. Network scanning consists of network port scanning as well as vulnerability
scanning.
Network port scanning refers to the method of sending data packets via the
network to a computing system's specified service port numbers
Vulnerability scanning is a method used to discover known vulnerabilities of
computing systems available on a network. It helps to detect specific weak spots
in an application software or the operating system (OS), which could be used to
crash the system or compromise it for undesired purposes.
Network port scanning as well as vulnerability scanning is an information-
gathering technique, but when carried out by anonymous individuals, these are
viewed as a prelude to an attack.
DEPARTMENT OF FORENSIC
SCIENCE
14. SOCIAL ENGINEERING
Social Engineering is the manipulation of people to further a person's motives
using various methods. âThe art and science of getting people to comply to your
wishesâ This "compliance" is generally associated with the acquisition of
electronic information
DEPARTMENT OF FORENSIC
SCIENCE
16. PHISHING
The fraudulent practice of sending emails purporting to be from reputable
companies in order to induce individuals to reveal personal information, such as
passwords and credit card numbers.
DEPARTMENT OF FORENSIC
SCIENCE
18. Ethical hacking is an emerging tools used by most of the organizations for testing
network security. The security risks and vulnerabilities in a network can be
recognized with the help of ethical hacking. According to surveys conducted by
cyber security firms in the country, Indian firms lost more than $4 billion in 2013
alone because of hackers. Government agencies and business organizations today
are in constant need of ethical hackers to combat the growing threat to IT
security.
CONCLUSION
DEPARTMENT OF FORENSIC
SCIENCE
19. During my internship, I learnt the underlying principles and techniques
associated with the cyber security practice known as penetration testing or
ethical hacking. I also became familiar with the entire penetration testing
process including planning, reconnaissance, scanning, exploitation, post-
exploitation and result reporting. Ethical hackers assist to preserve data from
the third party access. Their job is also to find any malfunctioned activities
that happened in the system and more importantly immediately send the
alert information and bring it to your knowledge. I developed a practical
understanding of the current cyber security issues and the ways how the
errors made by users, administrators, or programmers can lead to exploitable
insecurities.
LEARNING OUTCOME
DEPARTMENT OF FORENSIC
SCIENCE
20. Govil,J.,(2007) Ramifications of Cyber Crime and Suggestive Preventive Measures,
International Conference on Electro/Information Technology
Jamal,R.,(2014) A survey of Cyber Attack Detection Strategies, International Journal of
Security and itâs Application 8(1)
Kandpal,V.,(2013) Latest Face of Cybercrime and Its Prevention In India, International
Journal of Basic and applied sciences2(4)
Malhotra,S.,(2016)CyberCrime-Itâs types, Analysis and Prevention Techniques
International Journal of Advanced Research in Computer Science and Software
Engineering6(5)
Moore,R.(2005) âCyber crime:Investigating High Technology Computer Crime,â
Cleveland, Mississippi: Anderson publishing
Yadav,S.,(2013)CyberCrime And Security A Research Paper International Journal of
Scientific and Engineering Research4(8)
REFRENCES
DEPARTMENT OF FORENSIC
SCIENCE