Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Seminar Presentation
on
unfdcf
SESSION(2013-
2014)
UNIVERSITY COLLEGE OF ENGINEERING
Seminar Presentation on
“ ETHICAL HAC...
Ethical Hacking
By White Hat Hackers
Ethical Hacking - ?
Why – Ethical Hacking ?
Ethical Hacker
Ethical Hacking – Commandments
Ethical Hacking - Process
HIGHLI...
Ethical
Hacking
Conforming to accepted professional standards of conduct
What is Ethical Hacking
Process of breaking into ...
What is Ethical Hacking
 It is Legal
 Permission is obtained from the target
 Part of an overall security program
 Ide...
Why – Ethical Hacking
Viruses, Trojan
Horses,
and Worms
Social
Engineering
Automated
Attacks
Accidental
Breaches in
Securi...
Someone who is :
 Skilled
 Programming and networking skills
 Installation and maintenance skills
 System management s...
Ethical Hacking - Process
1. Preparation
2. Foot printing
3. Enumeration & Fingerprinting
4. Identification of Vulnerabili...
Preparation
 Identification of Targets – company websites, mail servers,
extranets, etc.
 Signing of Contract
 Agreemen...
Footprinting
Collecting as much information about the target
 DNS Servers
 IP Ranges
 Administrative Contacts
 Problem...
Enumeration & Fingerprinting
 Specific targets determined
 Identification of Services / open ports
 Operating System En...
Identification of Vulnerabilities
Vulnerabilities
 Insecure Configuration
 Weak passwords
 Unpatched vulnerabilities in...
Identification of Vulnerabilities
Methods
 Unpatched / Possible Vulnerabilities – Tools, Vulnerability
information Websit...
Identification of Vulnerabilities
Tools
Vulnerability Scanners - Nessus, ISS, SARA, SAINT
Listening to Traffic – Ethercap,...
Attack – Exploit the vulnerabilities
 Obtain as much information (trophies) from the Target
Asset
 Gaining Normal Access...
Attack – Exploit the vulnerabilities
 Network Infrastructure Attacks
 Connecting to the network through modem
 Weakness...
Attack – Exploit the vulnerabilities
Application Specific Attacks
 Exploiting implementations of HTTP, SMTP protocols
 ...
Attack – Exploit the vulnerabilities
Exploits
 Free exploits from Hacker Websites
 Customised free exploits
 Internally...
Techniques of ethical hacking
 Vulnerability scanner
 Password cracking
 Spoofing attack (Phishing)
 Social engineering
Career In ethical hacking
 Ec-Council’s Certified Ethical Hacker exam: In Los
Angeles College
 Network security certific...
Language of Hackers
1 -> i or l
3 -> e
4 -> a
7 -> t
9 -> g
0 -> o
$ -> s
|| -> n
|/| -> m
s -> z
Example:
1 d1d n0t h4ck th1s p4g3, 1t w4s l1k3
th1s wh3|| 1 h4ck3d 1n
I did not hack this page, it was like
this when I ha...
Ethical Hacking - Commandments
 Working Ethically
 Trustworthiness
 Misuse for personal gain
 Respecting Privacy
 Not...
Conclusion
 Detection-Prevention.
 Released security software.
 Learn about the system.
 Find its weaknesses.
 Ethica...
1.http://www.scribd.com
Thank
You
All Hackers are not BAD
Upcoming SlideShare
Loading in …5
×

ethical hacking

1,038 views

Published on

Published in: Engineering, Technology
  • Be the first to comment

ethical hacking

  1. 1. Seminar Presentation on unfdcf SESSION(2013- 2014) UNIVERSITY COLLEGE OF ENGINEERING Seminar Presentation on “ ETHICAL HACKING ” A LICENCE TO HACK SUBMITTED TO: Mr. R.K.Banyal Ms. Indrepreet PRESENTED BY: Neelima Bawa (11/672) Session 2013-2014
  2. 2. Ethical Hacking By White Hat Hackers
  3. 3. Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacker Ethical Hacking – Commandments Ethical Hacking - Process HIGHLIGHTS Conclusion & Refrences 
  4. 4. Ethical Hacking Conforming to accepted professional standards of conduct What is Ethical Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good GuysBlack-hat – Bad guys
  5. 5. What is Ethical Hacking  It is Legal  Permission is obtained from the target  Part of an overall security program  Identify vulnerabilities visible from Internet at particular point of time  Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
  6. 6. Why – Ethical Hacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
  7. 7. Someone who is :  Skilled  Programming and networking skills  Installation and maintenance skills  System management skills  Knowledgeable  Hardware and software  Completely trustworthy Ethical
  8. 8. Ethical Hacking - Process 1. Preparation 2. Foot printing 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
  9. 9. Preparation  Identification of Targets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
  10. 10. Footprinting Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
  11. 11. Enumeration & Fingerprinting  Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
  12. 12. Identification of Vulnerabilities Vulnerabilities  Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
  13. 13. Identification of Vulnerabilities Methods  Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
  14. 14. Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
  15. 15. Attack – Exploit the vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
  16. 16. Attack – Exploit the vulnerabilities  Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS  Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
  17. 17. Attack – Exploit the vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
  18. 18. Attack – Exploit the vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
  19. 19. Techniques of ethical hacking  Vulnerability scanner  Password cracking  Spoofing attack (Phishing)  Social engineering
  20. 20. Career In ethical hacking  Ec-Council’s Certified Ethical Hacker exam: In Los Angeles College  Network security certificate program :Northern Virginia Community College  Topics include cyber security ,cryptography , steganography , digital forensics, network security, and wireless security.
  21. 21. Language of Hackers 1 -> i or l 3 -> e 4 -> a 7 -> t 9 -> g 0 -> o $ -> s || -> n |/| -> m s -> z
  22. 22. Example: 1 d1d n0t h4ck th1s p4g3, 1t w4s l1k3 th1s wh3|| 1 h4ck3d 1n I did not hack this page, it was like this when I hacked in.
  23. 23. Ethical Hacking - Commandments  Working Ethically  Trustworthiness  Misuse for personal gain  Respecting Privacy  Not Crashing the Systems  Practical Security solution  Proof for Exploits - Trophies
  24. 24. Conclusion  Detection-Prevention.  Released security software.  Learn about the system.  Find its weaknesses.  Ethical hacker are not criminal hacker.
  25. 25. 1.http://www.scribd.com
  26. 26. Thank You All Hackers are not BAD

×