Ethical Hacking workshop conducted for the students of AATMIYA University.

1. Presented to ATMIYA University
ethical
/ˈɛθɪk(ə)l/
adjective
relating to moral principles or the
branch of knowledge
dealing with these.

2. Krutarth Vasavada
• B.E. (Electronics and Communication), AITS 2002-06
• M.S. (Computer Engineering), San Jose State University,
California, US
• Certified Cloud Security Professional, ISC2
• 13+ Years into Software Product Development,
Cybersecurity, Information Security Audits, Data
Privacy & Compliance
• Worked in India, USA, EU (currently) in Automobile,
Chemicals, Insurance, Investment Banking, and e-
Commerce domains.

3. Topics
Let’s Refresh
01
What is hacking?
– Ethical /
Unethical
02
Why hack(ing)?
03
Type of attacks
04
Cause of attacks
05
Prevention
06
Career
Opportunities
07

4. Let’s Refresh: Why Cybersecurity?
CONFIDENTIALITY
Unauthorized individuals or
entities can not get any
information that is not intended
for them.
INTEGRITY
The accuracy and
completeness of data must be
assured.
AVAILABILITY
It must be ensured that vital
information is available
whenever needed.

5. Let’s Refresh: How are we dealing with cyber
attacks?
To be honest, pretty badly! Here’s the list of data breaches occurred during the year 2020 so far.

6. Next Topic
Let’s Refresh
01
What is hacking?
– Ethical /
Unethical
02
Why hack(ing)?
03
Type of attacks
04
Cause of attacks
05
Prevention
06
Career
Opportunities
07

7. What is Hacking?
Hacking is an attempt to exploit
a computer system or a private
network.
In simple words, it is the
unauthorized access made
over computer network security
systems for some illicit / illegal
purpose.

8. What is Ethical Hacking?
Ethical Hacking is an attempt to
exploit a computer system or a
private network.
In simple words, it is the
unauthorized access made
over computer network security
systems for some illicit / illegal
known / valid / approved
purpose.

9. Characteristics of Ethical Hacking
• Target is almost always known
• Identity of technical professionals involved
is known to some extent
• Neither the target system is damaged, nor
information is stolen
• Vulnerabilities are always reported back to
the owner(s)

10. Who is an ethical hacker?
Person who is
• interested in cybersecurity
• keen to explore various computer networks
• aware of damage a security loophole can cause
• interested in improving overall security of the
target system
Remember, being motivated by monitory reasons is
NOT a bad thing for an ethical hacker.

11. Next Topic
Let’s Refresh
01
What is hacking?
– Ethical /
Unethical
02
Why
hack(ing)?
03
Type of attacks
04
Cause of attacks
05
Prevention
06
Career
Opportunities
07

12. Who is interested in hacking – ethically or
otherwise?
Individuals
Corporations
Governments

13. Why to hack – ethically or otherwise?
Many reasons
• Steal information
• Earn money (not always a bad thing!)
• Just for fun!
• Attack enemy system/company/country/ideology
• To understand the current security status of the
system
• To remain secure

14. Next Topic
Let’s Refresh
01
What is hacking?
– Ethical /
Unethical
02
Why hack(ing)?
03
Type of
attacks
04
Cause of attacks
05
Prevention
06
Career
Opportunities
07

15. Hacking Attack
Success, scale, and impact of any hacking attempt
depends on three things.
Exploitability – How easy the system is to exploit?
Prevalence – How widespread/prevalent the
system and vulnerability are?
Detectability – How easy it is to detect the intended
security defect?

16. Type of Vulnerabilities
Before understanding type of attacks, it is important
to understand type of vulnerabilities.
Let’s go the most trusted industry standard
resource:
Open Web Application Security Project (OWASP)

17. Commonly Known Cybersecurity Attacks
Denial-of-service (DoS)
and distributed denial-
of-service (DDoS)
Man-in-the-middle
(MitM)
Phishing Drive-by attack
Identity Theft SQL Injection
Cross-site scripting
(XSS)
Eavesdropping
Malware/Ransomware

18. Next Topic
Let’s Refresh
01
What is hacking?
– Ethical /
Unethical
02
Why hack(ing)?
03
Type of attacks
04
Cause of
attacks
05
Prevention
06
Career
Opportunities
07

19. How an attack is caused?
Footprinting
Sniffing
Fingerprinting
DNS Poisoning
Social Engineering
Password Hacking

20. Attack type: Footprinting
In this type of attack, a hacker attempts to gather
something information around
• Domain name
• IP Addresses
• Namespaces
• Employee information
• Phone numbers
• E-mails
• Job Information
Depending on type of the target system, this can be very
crucial or not-so-crucial information.

21. Attack type: Sniffing
Sniffing is the process of monitoring and capturing all the packets passing
through a given network using sniffing tools.
It is a form of “tapping phone wires” and get to know about the
conversation. It is also called wiretapping applied to the computer
networks.
One can sniff the following sensitive information from a network −
Email traffic
FTP passwords
Web traffics
Telnet passwords
Router configuration
Chat sessions
DNS traffic

22. Attack type: Fingerprinting
Active Fingerprinting
Active fingerprinting is accomplished by sending specially
crafted packets to a target machine and then noting down
its response and analyzing the gathered information to
determine the target OS.
Passive Fingerprinting
Passive fingerprinting is based on sniffer traces from the
remote system. Based on the sniffer traces (such as
Wireshark) of the packets, you can determine the operating
system of the remote host.

23. Attack type: DNS Poisoning
DNS Poisoning is a technique that tricks a DNS server into
believing that it has received authentic information when, in
reality, it has not. It results in the substitution of false IP
address at the DNS level where web addresses are
converted into numeric IP addresses.
DNS poisoning is used to redirect the users to fake pages
which are managed by the attackers.

24. Attack type: Social Engineering
A phishing attack is a computer-based social engineering,
where an attacker crafts an email that appears legitimate.
Such emails have the same look and feel as those received
from the original site, but they might contain links to fake
websites. If you are not careful enough, then you will type
your user ID and password and will try to login which will
result in failure and by that time, the attacker will have your
ID and password to attack your original account.

25. Attack type: Password/Dictionary Hacking
In a dictionary attack, the hacker uses a predefined list of
words from a dictionary to try and guess the password. If
the set password is weak, then a dictionary attack can
decode it quite fast.

26. Topics
Let’s Refresh
01
What is hacking?
– Ethical /
Unethical
02
Why hack(ing)?
03
Type of attacks
04
Cause of attacks
05
Prevention
06
Career
Opportunities
07

27. How to prevent attacks
Question: Is it possible to be 100% secure?
Answer: It depends.
Answer Explanation: Don’t put a $10 lock on a $5 bicycle!

28. How to prevent attacks
Each attack requires unique approach in averting them.
Multiple factors contribute in determining the course of
action.
• Tactical Fix or Strategic Solution?
• Impacted target audience?
• Geography?
• Functional area/Domain?
• Historical trends? etc.

29. How to prevent attacks
Good News – Ethical Hackers Can Help!
• Know their subject
• Understand impact of an attack
• Aware of known vulnerabilities
• Wide range of tools/technology to choose from
• Most importantly – no malicious intention

30. Remember…
The more you sweat in peace,
the less you bleed in war!
Ethical hacking is a proactive and preventive measure

31. Next Topic
Let’s Refresh
01
What is hacking?
– Ethical /
Unethical
02
Why hack(ing)?
03
Type of attacks
04
Cause of attacks
05
Prevention
06
Career
Opportunities
07

32. What are the skills needed?
computer systems expertise
strong programming skills
computer networking knowledge
patience

33. Which tools* can help me?
nmap
burp suite
etherpeak
qualysguard
webinspect
postman
etc.
* there can never be an exhaustive or a definitive tool list. Consider these as a
recommendation to start with.

34. How to avail career opportunities?
Step 1
•Obtain a Bachelor’s degree in Computer Science (or, similar) or A+ Certification
•Gain an understanding of the most common hardware and software technologies.
Step 2
•Get into a programmer’s role for a few years
Step 3
•Proceed to get network certifications or security certification
Step 4
•Keep going through various books, tutorials and papers to understand various computer security aspects
Step 5
•Master the art of penetration testing, footprinting and reconnaissance, and social engineering.
Step 6
•Certified Ethical Hacker (CEH) Certification

35. In conclusion
“Government agencies and business organizations
today are in constant need of ethical hackers to
combat the growing threat to IT security. A lot of
government agencies, professionals and
corporations now understand that if you want to
protect a system, you cannot do it by just locking
your doors”
EC-Council

36. Questions?
Thank you!