Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka

714 views

Published on

YouTube Link: https://youtu.be/dz7Ntp7KQGA
** Edureka Ethical Hacking Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "Ethical Hacking Full Course" will help you learn Ethical Hacking and Cyber Security concepts from scratch. You will learn about different kinds of Cyberattacks and ethical hacking tools used to prevent such attacks. There are a lot of demos on several tools in this Ethical Hacking Tutorial for Beginners PPT. You will also learn how to become an Ethical Hacker.

Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Castbox: https://castbox.fm/networks/505?country=in

Published in: Technology
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka

  1. 1. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training
  2. 2. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Why we need Cyber Security? What is Cyber Security? The CIA Triad Vulnerability, Threat and Risk Cognitive Cyber Security Agenda
  3. 3. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training A Digital Era
  4. 4. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Golden Age for Data Exploits
  5. 5. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Cyber Threats Phishing Malware Password Attacks Maladvertising Man In the Middle Drive-By Downloads Rogue SoftwareDDoS
  6. 6. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training History of Cyber Attacks Cyber-threats are not only increasing by the year, but they are becoming harder to recognise and also evolving with time so they can easily by pass normal anti-viruses
  7. 7. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Cyber Security Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks.
  8. 8. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Protect Against What? Unauthorised Deletion Unauthorised Access Unauthorised Modification
  9. 9. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training The CIA Triad Confidentiality Integrity Availability
  10. 10. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Attacks on CIA o Cracking Encrypted Data o Man In The Middle attacks on plain text o Data leakage/ Unauthorised copying of sensitive data o Installing Spyware/Malware on a server o Web Penetration for malware insertion o Maliciously accessing servers and forging records o Unauthorised Database scans o Remotely controlling zombie systems o DOS/DDoS attacks o Ransomware attacks – Forced encryption of Key data oDeliberately disrupting a server rooms power supply o Flooding a server with too many requests Confidentiality Integrity Availability
  11. 11. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Steps to Fix a Crime Analyse and Evaluate Treat Identify
  12. 12. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Vulnerability, Threat & Risk o Vulnerability refers to the weakness of an asset that can be exploited by one or more attacker o In context of cyber world, vulnerability refers to a bug/ defect in hardware or software which remains to be fixed and is prone to be exploited to cause a damage to one of the elements within CIA triad o Risk refers to the potential for loss or damage when a threat exploits a vulnerability o Risk = Threat x Vulnerability o Risk management is key to cybersecurity o A threat is any event that has the potential to bring harm to an organisation or individual o Natural Threats, Intentional Threats, Unintentional threats o Threat assessment techniques are used for understanding threats. THREAT Vulnerability Threat Risk
  13. 13. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Meet Bob
  14. 14. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Activity Response System People Processes Activity Response System
  15. 15. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Cyber Attack
  16. 16. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Security Information and Event Management SIEM
  17. 17. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Threat Intelligence Software Threat Intelligence Software
  18. 18. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Patching Step 1 for Debugging
  19. 19. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Without Cyber Security
  20. 20. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training What is Cryptography? Classification of Cryptography How Various Cryptographic Algorithms Works? Agenda of Today’s Session Scenario: What is Cryptography? Demo: RSA Cryptography
  21. 21. Cybersecurity Certification Training www.edureka.co/blockchain-training Communicating over Internet Hey Sam! How are you? Hey Sam! Lend me $100 Please Andy Sam
  22. 22. Cybersecurity Certification Training www.edureka.co/blockchain-training Hey Sam! How are you? Hey Sam! Lend me $100 Please Andy Sam Eaves Sending message over the network connection
  23. 23. Cybersecurity Certification Training www.edureka.co/blockchain-training What is Cryptography? Message 1034259 1034259 110340082 E 110340082 D 1034259 Or Error Cybersecurity refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access
  24. 24. Cybersecurity Certification Training www.edureka.co/blockchain-training Enters Cryptography 2806793004 Error Hey Sam! How are you? 560213 2806793001 2806793004 Sending message over Cryptographically secure network
  25. 25. Cybersecurity Certification Training www.edureka.co/blockchain-training Classification of Cryptography Cryptography Symmetric key Cryptography Asymmetric Key Cryptography Classical Cryptography Modern Cryptography Transposition Cipher Substitution Cipher Stream Cipher Block Cipher
  26. 26. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Symmetric Key Cryptography Let’s talk about Symmetric key cryptography to begin with
  27. 27. Cybersecurity Certification Training www.edureka.co/blockchain-training Symmetric Key Cryptography ‘ Secret key Secret key Same key ‘ Plain Text Plain TextCipher Text An encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. ... The most popular symmetric-key system is the Data Encryption Standard (DES)
  28. 28. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Transposition Cipher Alright, let’s discuss the subset of classical cryptography. We’ll start with Transposition cipher
  29. 29. Cybersecurity Certification Training www.edureka.co/blockchain-training Transposition Cipher 1 2 3 4 5 6 M E E T M E A F T E R P A R T Y 4 2 1 6 3 5 T E M E E M E F A P T R Y R A T In cryptography, a transposition cipher is a method of encryption by which the positions held by units of plaintext (which are commonly characters or groups of characters) are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext Plain Text: MEET ME AFTER PARTY Cipher Text: TEMEEMEFAPTRYRAT Key Used: 421635
  30. 30. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Substitution Cipher Next, we’ll talk about the 2nd type of classical cryptography which is Substitution Cipher
  31. 31. Cybersecurity Certification Training www.edureka.co/blockchain-training Substitution Cipher Method of encrypting by which units of plaintext are replaced with ciphertext, according to a fixed system; the "units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth ROT13 is a Caesar cipher, a type of substitution cipher. In ROT13 alphabet is rotated 13 steps Plaintext Alphabet: Ciphertext Alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ ZEBRASCDFGHIJKLMNOPQTUVWXY Keyword: Zebras A message of: flee at once. We are discovered! enciphers to: SIAA ZQ LKBA. VA ZOA RFPBLUAOAR! SIAAZ QLKBA VAZOA RFPBL UAOAR
  32. 32. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Stream Cipher Having discussed the classical cryptography, next we have modern cryptography. We’ll start with Stream Cipher
  33. 33. Cybersecurity Certification Training www.edureka.co/blockchain-training Stream Cipher A symmetric or secret-key encryption algorithm that encrypts a single bit at a time. With a Stream Cipher, the same plaintext bit or byte will encrypt to a different bit or byte every time it is encrypted + + Key K Key K Encryption Ciphertext byte stream C Plain byte stream MDecryption Pseudorandom byte generator (key stream generator) Pseudorandom byte generator (key stream generator) Plain byte stream M
  34. 34. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Block Cipher Having discussed the classical cryptography, next we have modern cryptography. We’ll start with Stream Cipher
  35. 35. Cybersecurity Certification Training www.edureka.co/blockchain-training Block Cipher An encryption method that applies a deterministic algorithm along with a symmetric key to encrypt a block of text, rather than encrypting one bit at a time as in stream ciphers Block Cipher Encryption Key Block Cipher Decryption Key
  36. 36. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Asymmetric Key cryptography Lastly. Let’s discuss the asymmetric key cryptography
  37. 37. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Public Key Cryptography Transaction Message Sam’s Secret key (sk) Sign Verification Transaction Message Bobby’s Public key (pk) Sam decides to send money to his friend Bobby Digital Signature Bobby receives the transaction
  38. 38. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training
  39. 39. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training 8 Common Cyber Threats What the particular threat is How the threat works How to Protect Yourself Agenda
  40. 40. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Cybersecurity Threats Everywhere
  41. 41. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Types of Cyberattacks Malware Phishing Password Attacks DDoS 01 02 03 04 Man in the Middle Drive-By Download Malvertising Rogue Software 05 06 07 08
  42. 42. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Malware Computer Virus Trojan Horse Worms Adware Spyware MALWARE
  43. 43. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training How Malware Email Attachments OS Vulnerabilities Software Downloads
  44. 44. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Stop Malware o Stop clicking suspicious links oAlways study the URL consciously and make sure you are not on a counterfeit site o It’s also important to make sure your computer’s operating system (e.g. Windows, Mac OS X, Linux) uses the most up-to-date security updates o Software programmers update programs frequently to address any holes or weak points. o Updating your firewall constantly is a great idea o Firewalls prevent the transfer of large data files over the network in a hope to weed out attachments that may contain malware. Suspicious Links Updated Firewall Updated OS
  45. 45. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Types of Cyberattacks Malware Phishing Password Attacks DDoS 01 02 03 04 Man in the Middle Drive-By Download Malvertising Rogue Software 05 06 07 08
  46. 46. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Phishing Most of the attacks on financial institutions the past 3 years have NOT been through brute force attacks on firewall appliances, it has been through acquiring users’ passwords, this technique is called “Phishing”
  47. 47. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training What is phishing used for Stealing Confidential Data Harvesting Login Credential Impersonating
  48. 48. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Phishing Awareness From Subject Reply Dear client, We have strong reasons to believe that your credentials may have been compromised and might have been used by someone else. We have locked your amazon account please click here to unlock. Sincerely, Amazon Associate Team Amazon<management@mazoncanada.ca> Account Detail Compromised click here Always check the sender email address Look out for common generalised addressing Always hover over links to check the redirect address
  49. 49. Copyright © 2018, edureka and/or its affiliates. All rights reserved. It’s time for a demo
  50. 50. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Types of Cyberattacks Malware Phishing Password Attacks DDoS 01 02 03 04 Man in the Middle Drive-By Download Malvertising Rogue Software 05 06 07 08
  51. 51. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Password Attacks An attempt to obtain or decrypt a user's password for illegal use. Hackers can use cracking programs, dictionary attacks, and password sniffers in password attacks. Defence against password attacks is rather limited but usually consists of a password policy including a minimum length, unrecognizable words, and frequent changes.
  52. 52. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Types of Password Attacks Brute Force Attacks Dictionary Attacks Keylogger Attacks
  53. 53. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Stop Password Attacks o It’s always a great idea to keep changing essential passwords in regular intervals o Passwords shouldn’t be the same for everything o It’s always a great idea to use a password that only makes sense to you o Passwords which use actual words that make sense are much more susceptible to dictionary attacks o When setting a password general best practices should be followed o A password should contain a multitude of characters with a generous use of alpha numeric Update Password Use Alpha-Numeric NO Dictionary
  54. 54. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Types of Cyberattacks Malware Phishing Password Attacks DDoS 01 02 03 04 Man in the Middle Drive-By Download Malvertising Rogue Software 05 06 07 08
  55. 55. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Distributed Denial of Service Distributed denial of service (DDoS) attacks are a subclass of denial of service (DoS) attacks. A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic.
  56. 56. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Packet Flooding
  57. 57. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Prevention Traffic Analysis Traffic Control Recovery Management
  58. 58. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Types of Cyberattacks Malware Phishing Password Attacks DDoS 01 02 03 04 Man in the Middle Drive-By Download Malvertising Rogue Software 05 06 07 08
  59. 59. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Man in the Middle Man in the Middle BanksLe You
  60. 60. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Prevent MITM Use encrypted WAP Always check the security of you connection(HSTS/HTTPS) Invest in a VPN
  61. 61. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Types of Cyberattacks Malware Phishing Password Attacks DDoS 01 02 03 04 Man in the Middle Drive-By Download Malvertising Rogue Software 05 06 07 08
  62. 62. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training What is a Drive-by Download Drive-by download attacks occur when vulnerable computers get infected by just visiting a website. Findings from latest Microsoft Security Intelligence Report and many of its previous volumes reveal that Drive-by Exploits have become the top web security threat to worry about.
  63. 63. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Visiting a Site https://wordpress.myfashionblog.co
  64. 64. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training How it Works
  65. 65. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Types of Cyberattacks Malware Phishing Password Attacks DDoS 01 02 03 04 Man in the Middle Drive-By Download Malvertising Rogue Software 05 06 07 08
  66. 66. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Malvertising Malvertising is the name we in the security industry give to criminally-controlled adverts which intentionally infect people and businesses. These can be any ad on any site – often ones which you use as part of your everyday Internet usage. It is a growing problem, as is evidenced by a recent US Senate report, and the establishment of bodies like Trust In Ads.
  67. 67. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training How does it work https://www.fakesite.co
  68. 68. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training How does it work Redirect Malware Injection
  69. 69. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Prevention Common Sense Regular Software Updates Adblocker
  70. 70. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Types of Cyberattacks Malware Phishing Password Attacks DDoS 01 02 03 04 Man in the Middle Drive-By Download Malvertising Rogue Software 05 06 07 08
  71. 71. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Rogue Software Also called smitfraud, scareware, or rogue security software, this type of software is defined as malware - it is designed specifically to damage or disrupt a computer system. In this case, not only is the software going to disrupt your system, it's going to try and trick you into making a purchase using your credit card
  72. 72. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Propogation Please update your software to protect yourself from unknown access!
  73. 73. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Prevention Updated Firewall Use Efficient Antivirus General Distrust
  74. 74. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training
  75. 75. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Foot-printing and Reconnaissance Networking Fundamentals Cryptography Scanning and Enumeration Agenda Penetration Malware
  76. 76. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Goals of Computer Security Denial of Service Attacks Web Application Hacking Agenda Wireless Attacking Detection Evasion Programming Attacks
  77. 77. Copyright © 2018, edureka and/or its affiliates. All rights reserved. What is Hacking?
  78. 78. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Early Days of Hacking The first instance of hacking dates back to 1960’s and it all began in MIT with the Model rail road club. (1960) : A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
  79. 79. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training The First Computer Worm Robert Tappan Morris is an American computer scientist and entrepreneur. He is best known for creating the Morris Worm in 1988, considered the first computer worm on the Internet (1980) : An individual who gains access with malicious intent in their mind.
  80. 80. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Hacking in Popular Culture Hacking has been prevalent since then in a lot of popular movies and tv series. This has been useful for spreading awareness.
  81. 81. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Reasons People Hack Hacking has been prevalent since then in a lot of popular movies and tv series. This has been useful for spreading awareness. Some Times Just for Fun
  82. 82. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Reasons People Hack On the morning of the dedication of the William H. Gates Building, the internet kiosks in the lobby which normally ran Windows XP were changed to temporarily boot linux. The screens displayed a welcome message from Tux the Linux penguin To make a political point
  83. 83. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Reasons People Hack Students at MIT turned the façade of a building into a Tetris game board just to see if they could take on this daunting task. For the Challenge
  84. 84. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Reasons People Hack Sometimes, its better to hack so that you know what’s wrong with a system and fix it before someone with malicious intentions gets knowledge of it. To get there before the bad guys
  85. 85. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Types of Hackers White Hat Hacker Grey Hat Hacker Black Hat Hacker
  86. 86. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Skills Necessary Computing • Basic understanding of operating systems •Understanding of basic software systems •Grasp on CLI commands Networking •Cables, Systems, Switches •Networking Architecture •Understanding of different networking protocols Life Skills •Ability to think out of the box •Ability to accept failure and move on •Perseverance
  87. 87. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Skills Necessary Tools •How to use a lot of tools •Networking •Security Networking •How to capture packets from a network •TCP/IP in detail •Understanding how protocols interact Methods •How to use gathered information •Getting the best out of your resources
  88. 88. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Types of Attacks
  89. 89. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Defacing A website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own.
  90. 90. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Buffer Overflow U A E I O S T D Buffer Overflow When a piece of data is being transferred over a network, it isn’t immediately written to memory but rather stored on the RAM which has a set buffer size. This can be easily exploited by bombarding the target with data causing the buffer to overflow.
  91. 91. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Denial of Service
  92. 92. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Penetration Testing
  93. 93. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training What is Penetration Testing? Vulnerability Assessment Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.
  94. 94. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Goals Assessing the weakness in an organisation’s security posture Understanding Risk Positions better Accessing systems to find weaknesses before external exploits
  95. 95. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Results Report Create a detailed report Suggest fixes to the bugs
  96. 96. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Scope How big is the sandbox? Restricted/No-touch? Scope of Contract
  97. 97. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Footprinting
  98. 98. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training What is Footprinting? Footprinting is a part of reconnaissance process which is used for gathering possible information about a target computer system or network. Footprinting could be both passive and active. Reviewing a company’s website is an example of passive footprinting, whereas attempting to gain access to sensitive information through social engineering is an example of active information gathering.
  99. 99. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Wayback Machine – Archive.org
  100. 100. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Netcraft
  101. 101. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Using DNS to Get information
  102. 102. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Hostname Resolution Domain Name Service DNS is a necessity because IP addresses are hard to remember which makes mnemonics a necessity in this case DNS • Easier to remember • Reference for IP
  103. 103. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Finding Network Ranges 192.168.54.32 IP Address 255.255.255.0 Subnet Mask Finding the network range for a relevant scan is very necessary as scanning for vulnerabilities is a time consuming task
  104. 104. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Using Google for Reconnaissance
  105. 105. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Google Hacking Google is a valuable resource when it comes to information gathering, Knowing how to use google to target the things you are looking for is a useful skill as an ethical hacker
  106. 106. Copyright © 2018, edureka and/or its affiliates. All rights reserved. TCP/IP
  107. 107. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training History of the Internet Advanced research project agency commissioned a network in 1968 and the first internet connection was in 1969
  108. 108. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training OSI an TCP/IP Model Application Presentation Session Transport Network Datalink Physical Application Transport Internet Link
  109. 109. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Addressing: Unicast
  110. 110. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Addressing: Broadcast
  111. 111. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Addressing: Multicast
  112. 112. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Wireshark
  113. 113. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training What is Wireshark?
  114. 114. Copyright © 2018, edureka and/or its affiliates. All rights reserved. DHCP
  115. 115. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training What is DHCP? DHCP CLIENT DHCP SERVER DISCOVER OFFER REQUEST ACKNOWLEDGE
  116. 116. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Why use DHCP? A computer, or any other device that connects to a network (local or internet), must be properly configured to communicate on that network. Since DHCP allows that configuration to happen automatically, it's used in almost every device that connects to a network including computers, switches, smartphones, gaming consoles, etc.
  117. 117. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Address Resolution Protocol
  118. 118. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Address Resolution Protocol 192.168.1.31 192.168.1.33192.168.1.32 192.168.1.34 Who is 192.168.1.33?
  119. 119. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training ARP isn’t reliable 192.168.1.31 Hey that’s me. Here have my MAC address too so that we can communicate more easily in future 192.168.1.33 Well….that’s easily exploitable! I could just lie.
  120. 120. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Liars…liars everywhere 192.168.1.31 192.168.1.33 192.168.1.32
  121. 121. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Cryptography
  122. 122. Cybersecurity Certification Training www.edureka.co/blockchain-training What is Cryptography? Message 1034259 1034259 110340082 E 110340082 D 1034259 Or Error Cybersecurity refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access
  123. 123. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training History of Cryptography The Caesar cipher is one of the earliest known and simplest ciphers. It is a type of substitution cipher in which each letter in the plaintext is 'shifted' a certain number of places down the alphabet.
  124. 124. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Enigma Cipher The Enigma cipher was a field cipher used by the Germans during World War II. The Enigma is one of the better known historical encryption machines, and it actually refers to a range of similar cipher machines
  125. 125. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Digital Encryption Standard The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National Institute of Standards and Technology (NIST). DES is an implementation of a Feistel Cipher
  126. 126. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Triple DES In cryptography, Triple DES (3DES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block.
  127. 127. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Advanced Encryption Standard The Advanced Encryption Standard, also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology in 2001
  128. 128. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Types of Cryptography
  129. 129. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Certificates
  130. 130. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training What is a Certificate? A Digital Certificate is an electronic "password" that allows a person, organizaion to exchange data securely over the Internet using the public key infrastructure (PKI). Digital Certificate is also known as a public key certificate or identity certificate.
  131. 131. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Who can issue a Digital Certificate?
  132. 132. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Cryptographic Hashing
  133. 133. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training What is Hashing? Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. Hashing is used to index and retrieve items in a database because it is faster to find the item using the shorter hashed key than to find it using the original value.
  134. 134. Copyright © 2018, edureka and/or its affiliates. All rights reserved. TLS and SSL
  135. 135. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training History of SSL
  136. 136. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training TLS TLS is a cryptographic protocol that provides end-to-end communications security over networks and is widely used for internet communications and online transactions. It is an IETF standard intended to prevent eavesdropping, tampering and message forgery
  137. 137. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Disk Encryption
  138. 138. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Bitlocker
  139. 139. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Scanning
  140. 140. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training What is Scanning? Network scanning refers to the use of a computer network to gather information regarding computing systems. Network scanning is mainly used for security assessment, system maintenance, and also for performing attacks by hackers.
  141. 141. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training NMAP Nmap is a free and open-source security scanner, originally written by Gordon Lyon, used to discover hosts and services on a computer network, thus building a "map" of the network.
  142. 142. Copyright © 2018, edureka and/or its affiliates. All rights reserved. IDS Evasion
  143. 143. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training What is IDS An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. While anomaly detection and reporting is the primary function, some intrusion detection systems are capable of taking actions when malicious activity or anomalous traffic is detected, including blocking traffic sent from suspicious IP addresses.
  144. 144. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training Why evade IDS Intrusion detection system evasion techniques are modifications made to attacks in order to prevent detection by an intrusion detection system (IDS). Almost all published evasion techniques modify network attacks. The 1998 paper Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection popularized IDS evasion, and discussed both evasion techniques and areas where the correct interpretation was ambiguous depending on the targeted computer system.
  145. 145. Agenda What is Kali Linux? Kali Linux install options Demo – Installing Kali Linux
  146. 146. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Introduction to Kali LinuxIntroduction to Kali Linux
  147. 147. Introduction to Kali Linux Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. 600+ Customizable Secure Platform Multi Language Penetration Tools Cost Free
  148. 148. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Kali Linux – Installation Options
  149. 149. Installing Kali Linux Kali bootable USB Drive Kali Linux Hard Disk Dual Boot Kali with Windows/Mac Launch with Virtualization Software
  150. 150. Kali bootable USB drive Non-destructive Easily Portable Customizable Potentially Persistent Plug your USB drive & note down to which drive it mounts Launch Win32 Disk Imager and choose Kali Linux ISO to be imaged Select the USB drive to be over written. Eject the USB
  151. 151. Demo How to install Kali Linux using VMware/Virtual Box? How to install Kali Linux tools on different Linux distros? How to install Kali Linux on Windows 10 using Windows Subsystem For Linux(WSL)? How to install Kali Linux on Mac using VMware/Virtual Box?
  152. 152. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Launch Kali Linux on Windows using VMware
  153. 153. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Launch Kali Linux on MAC using VirtualBox
  154. 154. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Installing Kali Linux tools on Linux distribitions
  155. 155. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Install Kali Linux on Windows using Windows Subsystem for Linux(WSL)
  156. 156. What is Ethical Hacking? “Hacking is the process of finding vulnerabilities in a system and using these found vulnerabilities to gain unauthorised access into the system to perform malicious activities ranging from deleting system files or stealing sensitive information”
  157. 157. What is Kali Linux ? Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering.
  158. 158. Why use Kali Linux?
  159. 159. Command Line Essentials Staying Anonymous With Proxychains Macchanger Introductions to Wireless Penetration Testing Aircrack-ngAgenda
  160. 160. Proxychain is a ny tool that forces any TCP connection made by any given application. to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP. Client System Target System Intermediary Systems What is a Proxychain?
  161. 161. A media access control address of a device is a unique identifier assigned to a network interface controller for communications at the data link layer of a network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet, Wi-Fi and Bluetooth. What is a Mac Address? 00 3E 1A F1 4C C6 Mac Address Organisationally Unique Identifier Universally Administered Address
  162. 162. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training What is Penetration Testing? What is Metasploit? Demonstration Agenda
  163. 163. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training What is Vulnerability Assessment? Vulnerability Assessment A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures and providing the organization doing the assessment with the necessary knowledge, awareness and risk background to understand the threats to its environment and react appropriately. Identify assets and capabilities Quantify the assessment Report the results
  164. 164. Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training What is Metasploit? Penetration Testing Exploit Research
  165. 165. What is DOS & DDOS? How does it Work? Types of DDOS DOS Demonstration Agenda
  166. 166. What is DOS & DDOS DOS - simply stands for Denial Of Service. This service could be of any kind, for example, imagine your mother confiscates your cell phone when you are preparing for your exams to help you study without any sort of distraction. While the intention of your mother is truly out of care and concern, you are being denied the service of calling and any other services offered by your cell phone. Hijacking a server Port Overloading De-authenticate wireless Denying internet based services
  167. 167. How does it Work? The main idea of a DOS attack is making a certain service unavailable. Since every service is, in reality, running on a machine, the service can be made unavailable if the performance on the machine can be brought down. This is the fundamental behind DOS and DDOS.
  168. 168. Types of DOS Attack The main idea of a DOS attack is making a certain service unavailable. Since every service is, in reality, running on a machine, the service can be made unavailable if the performance on the machine can be brought down. This is the fundamental behind DOS and DDOS. Ping of Death
  169. 169. Types of DOS Attack The main idea of a DOS attack is making a certain service unavailable. Since every service is, in reality, running on a machine, the service can be made unavailable if the performance on the machine can be brought down. This is the fundamental behind DOS and DDOS. Reflected Attack REFLECTOR Innocent Computer
  170. 170. Types of DOS Attack The main idea of a DOS attack is making a certain service unavailable. Since every service is, in reality, running on a machine, the service can be made unavailable if the performance on the machine can be brought down. This is the fundamental behind DOS and DDOS. Mailbomb
  171. 171. Types of DOS Attack The main idea of a DOS attack is making a certain service unavailable. Since every service is, in reality, running on a machine, the service can be made unavailable if the performance on the machine can be brought down. This is the fundamental behind DOS and DDOS. Teardrop Attack
  172. 172. Cybersecurity Certification Training www.edureka.co/blockchain-training Agenda What is Application Security? What is SQL Injection Attack? Types of SQL Injection Attacks Demo - SQL Injection Attack types Prevention of SQL Injection attack 01 02 03 04 05
  173. 173. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Application Security
  174. 174. Cybersecurity Application Security Network Security Information Security Operational Security Disaster Recovery End-user Education Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.
  175. 175. Cybersecurity Certification Training www.edureka.co/blockchain-training Web Application Vulnerabilities Application Security Application security is the use of software, hardware, and procedural methods to protect applications from external threats. 0% 10% 20% 30% 40% 50% 0.06% 0.19% 0.63% 1.69% 2.19% 2.19% 2.44% 2.75% 8.63% 9.69% 18.01% 4.57% 46.97% Denial of Service XML External Entity Open Direct General Bypass Authentication Bypass Remote File Inclusion Full Path Disclosure Remote Code Execution Local File Inclusion Cross Site Request Forgery File Upload SQL Injection Cross Site Scripting
  176. 176. Cybersecurity Certification Training www.edureka.co/blockchain-training
  177. 177. Copyright © 2018, edureka and/or its affiliates. All rights reserved. What is SQL Injection?
  178. 178. Front End: HTML, CSS, JavaScript The need for more advanced technology and dynamic websites grew. Database: MySQL, Oracle, MongoDB Back End: .NET, PHP, Ruby, Python In the early days of internet, building websites was pretty straightforward
  179. 179. Cybersecurity Certification Training www.edureka.co/blockchain-training What is SQL Injection? A SQL query is in one way an application interacts with database An SQL Injection occurs when an application fails to sanitize the user input data An attacker can use specially crafted SQL commands to control web application’s database server
  180. 180. Cybersecurity Certification Training www.edureka.co/blockchain-training SQL Injection Attack – Non Technical Explanation Drive through <route> and <where should the bus stop?> if <when should the bus stop?>. Sample populated form Drive through route77 and stop at the bus stop if there are people at the bus stop Drive through route77 and do not stop at the bus stop and ignore the rest of the from. if there are people at the bus stop
  181. 181. Cybersecurity Certification Training www.edureka.co/blockchain-training SQL Injection Attack – Technical Explanation Sample SQL statement $statement = “SELECT * FROM users WHERE username = ‘$user’ AND password = ‘$password‘“; $statement = “SELECT * FROM users WHERE username = ‘Dean’ AND password = ‘WinchesterS’“; Sample SQL Injection Condition that will always be true, thereby it is accepted as a valid input by the application Instructs the SQL parser that the rest of the line is a comment and should not be executed $statement = “SELECT * FROM users WHERE username = ‘Dean OR ‘1’=‘1’ --‘AND password = ‘WinchesterS’“;
  182. 182. Cybersecurity Certification Training www.edureka.co/blockchain-training Impact of SQL Injection Attack Extract sensitive information Misusing authentication details Delete data and drop tables
  183. 183. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Types of SQL Injection
  184. 184. Cybersecurity Certification Training www.edureka.co/blockchain-training Categories of SQL Injection SQL Injection Error-based Union-based In-Band SQLi Blind SQLi Out-of-bound SQLi Boolean-based Time-based
  185. 185. Cybersecurity Certification Training www.edureka.co/blockchain-training Error BasedError Based Types of SQL Injection Error-based SQL Injection Union-based SQL Injection Union Based Boolean Based Time Based Out-of-bound https://example.com/index.php?id=1 AND SELECT "mysql" UNION SELECT @@version https://example.com/index.php?id=1 AND(SELECT 1 FROM(SELECT COUNT(*),concat(version(),FLOOR(rand(0)*2))x FROM information_schema.TABLES GROUP BY x)a)-- https://example.com/index.php?id=1+AND+IF(version()+LIKE+'5%',true,false) https://example.com/index.php?id=1+AND+IF(version()+LIKE+'5%',sleep(3),false)) Out-of-boundTime BasedUnion Based Boolean Based
  186. 186. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Demo – Types of SQL Injection
  187. 187. Cybersecurity Certification Training www.edureka.co/blockchain-training Preventing SQL Injection Performing static and dynamic testing Using parameterized queries and ORMs Using escape characters in SQL queries Enforcing least privilege on database Enabling web-application firewalls
  188. 188. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Exploiting SQL Vulnerability in Application
  189. 189. Cybersecurity Certification Training www.edureka.co/blockchain-training Agenda 01 What is Steganography? 02 History of Steganography 03 Basic Steganographic Model 04 LSB Steganography - Demo 05 Steganography Tools
  190. 190. Copyright © 2018, edureka and/or its affiliates. All rights reserved. What is Steganography?
  191. 191. Cybersecurity Certification Training www.edureka.co/blockchain-training What is Steganography? Data is hidden in the plain sight
  192. 192. Cybersecurity Certification Training www.edureka.co/blockchain-training What is Steganography? Cryptography Board meeting is happening on Tuesday. We are meeting at 40.7127 S, 74.0059 E Uksb klsmnc ou fghmhnvb gh sdeygdh. eu sfhd vbsnmrig st lolmnar K, dgfhal V Board meeting is happening on Tuesday. We are meeting at 40.7127 S, 74.0059 E Sender Receiver
  193. 193. Cybersecurity Certification Training www.edureka.co/blockchain-training What is Steganography? Cryptography Sender ReceiverIntruder understands that secret message is being sent Uksb klsmnc ou fghmhnvb gh sdeygdh
  194. 194. Cybersecurity Certification Training www.edureka.co/blockchain-training What is Steganography? Steganography is the art and science of embedding secret messages in cover message in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message Sender ReceiverIntruder will not get to know of the existence of secret message
  195. 195. Copyright © 2018, edureka and/or its affiliates. All rights reserved. History of Steganography
  196. 196. Cybersecurity Certification Training www.edureka.co/blockchain-training Steganographic Tecniques Steganography STEGANOS GRAPHEN Concealed or Hidden Drawing or Writing Null CipherWax Tablet Invisible Ink Microdots Semagrams 20191800
  197. 197. Cybersecurity Certification Training www.edureka.co/blockchain-training Steganography Types Text Steganography Image Steganography Audio Steganography Email Steganography Network Steganography Video Steganography
  198. 198. Cybersecurity Certification Training www.edureka.co/blockchain-training Characteristics of Steganographic Techniques Transparency Robustness Tamper Resistance Original Image Stego Image
  199. 199. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Basic Steganographic Model
  200. 200. Cybersecurity Certification Training www.edureka.co/blockchain-training Basic Steganographic Model Cover File(X) Steganographic Encoder f(X,M,K) Secret Message(M) Secret Message(M) Stego Object Key(K) Steganographic Decoder Communication Channel Stego Object
  201. 201. Cybersecurity Certification Training www.edureka.co/blockchain-training Steganographic Model: With Encryption Encryption Algorithm Steganographic Encoder Decryption Algorithm Communication Channel Steganographic Decoder Message Key RECEIVER Message Cypher Text Cypher Text Key Stego Key Stego Key Cover File Stego Object Stego Object SENDER
  202. 202. Copyright © 2018, edureka and/or its affiliates. All rights reserved. LSB Steganography
  203. 203. Cybersecurity Certification Training www.edureka.co/blockchain-training Pixels & Bits Pixel R G B 1 0 1 1 0 1 1 1 1 1 0 1 1 0 0 1 1 0 1 0 0 1 0 0 Total: 24 Bits
  204. 204. Cybersecurity Certification Training www.edureka.co/blockchain-training Least Significance Bit Steganography 1 1 1 1 1 1 1 1 Most Significant Bit(MSB) Least Significant Bit(LSB) Value: 255 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 255 127 255 254 If we change MSB, it will have larger impact on final value. If we change LSB, the impact on final value is very less Change in bytes is 99.99999% Change in bytes is 0.000002%
  205. 205. Cybersecurity Certification Training www.edureka.co/blockchain-training Least Significant Bit Steganography 1 0 0 0 0 0 1Secret message to hidden: Letter ‘A’ Pixels before insertion(3 pixels) Least Significant Bit Steganography(LSBS) involves overwriting the bit with the lowest arithmetic value Pixels after insertion 10000000 10100100 10110101 10110101 11110011 10110111 11100111 10110011 00110011 10000001 10100100 10110100 10110100 11110010 10110110 11100110 10110011 00110011
  206. 206. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Demo
  207. 207. Cybersecurity Certification Training www.edureka.co/blockchain-training Least Significant Bit Steganography - Demo 1 Loads an image and looks at each pixels in hexadecimal value. 2 Converts secret text into bits and stores them in LSB of pixel bits 3 A delimiter is added to the end of the edited pixel values 4 To encode the text into image To decode the text from image While retrieving all the 0’s and 1’s extracted until delimiter is found. Extracted bits are converted into string(secret message)
  208. 208. Copyright © 2018, edureka and/or its affiliates. All rights reserved. Steganography Tools
  209. 209. Cybersecurity Certification Training www.edureka.co/blockchain-training Steganographic Tools Tool Description Stegosuite Hide text inside any image Stegohide Hide secret file in image or audio file. Xiao Steganography Free software that can be used to hide secret files in BMP images or in WAV files. SSuite Picsel Portable application to hide text inside image file OpenPuff Tool to conceal files in image, audio & flash files Camouflage Tool that lets you hide any type of file inside of file.
  210. 210. Who is an Ethical Hacker? Roadmap to become an Ethical Hacker Roles and Responsibilities Skills Required Job Trends Companies Salary Agenda
  211. 211. Who is an Ethical Hacker? An Ethical Hacker, also known as a White Hat Hacker, is a network security expert who penetrates systems with prior permission to point out major vulnerabilities and security flaws that could potentially result to loss of privacy or even major business loss. Interest in Cybersecurity Time
  212. 212. Ethical Hacker Roadmap Cybersecurity Computer Science Information Security Gain Hands On Experience Earn Minor Certificates Prepare for CEH v10
  213. 213. Roles and Responsibilities Scanning open and closed ports using reconnaissance tools like Nessus and NMAP. Scanning is a set of procedures for identifying live hosts, ports, and services, discovering Operating system and architecture of target system, Identifying vulnerabilities and threats in the network. Network scanning is used to create a profile of the target organization.
  214. 214. Roles and Responsibilities It is the responsibility of an Ethical Hacker to engage his organisations member in social engineering awareness activities. Social Engineering for the purpose of Hacking has proven to be one of the most effective ways over time and knowing how to avoid any form of social manipulation is key to organisations security!
  215. 215. Roles and Responsibilities Ethical Hackers also get to test new patch releases and software updates pertaining to the companies products and peripherals. It is their responsibility to identify any vulnerability that might exist in the patch and notify the appropriate team to fix them.
  216. 216. Roles and Responsibilities Ethical Hackers are also responsible for building and maintaining effective intrusion prevention and intrusion detection system. IDS/IPS help monitor traffic and prevent any sort of DDOS attacks that might be targeted.
  217. 217. Roles and Responsibilities Ethical hackers are responsible for employing strategies like sniffing networks, bypassing and cracking wireless encryption, and hijacking web servers and web applications for testing security of a system.
  218. 218. Skills Required Sniffing is the process of monitoring and capturing all the packets passing through a given network using sniffing tools. It is a form of “tapping phone wires” and get to know about the conversation. It is also called wiretapping applied to the computer networks.
  219. 219. Skills Required Ethical Hackers should know how to orchestrate different types of Network and Database attacks as their main job is to predict black hat hackers and to do this one must be able to think and act like a black hat hacker.
  220. 220. Skills Required Ethical Hackers have to deal with different kind of operating systems on a daily basis with Linux being the daily driver. So, it is obvious that an Ethical Hacker needs to have an in depth knowledge of the working of operating systems in general
  221. 221. Skills Required Ethical Hackers have to deal with different kind of database formats. Whether it be SQL, PostgreSQL, NoSQL an Ethical Hacker at least needs a general knowledge of their working.
  222. 222. Skills Required An Ethical Hacker should also be proficient in cryptanalysis, which is basically the deciphering of cipher text without knowing the key. This is also the fundamentals of Password cracking using different methods like brute force, dictionary attacks etc
  223. 223. Skills Required Ethical Hackers generally are endowed with the responsibility of network traffic monitoring. Therefore they must be proficient in intrusion detection and prevention techniques, session hijacking knowledge and overall an in depth knowledge of network in general
  224. 224. Skills Required Ethical Hackers also have to make custom software to tackle the use case specific security flaws that might be affecting the company. This requires general programming knowledge so that you can execute solutions to problems. It also helps in automating a lot pf tasks that would generally take a lot of precious time
  225. 225. Ethical Hacker Job Trends Interest in Cybersecurity Time
  226. 226. Companies
  227. 227. Money $88,000 Payscale.com $95,000 CEH Council $50,000-100,000 1-2 Experience $120,000 3-5 Experience How much money will I make?

×