Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Practical Cyber Attacking Tutorial

The field of Offensive Cyber and Penetration Testing is one of the most fascinating fields in the world of information security. This talk will go through all the steps of cyber attacking, from Information gathering to penetration techniques and actual demonstrations. The talk will cover the following topics: Introduction to cyber, Reconnaissance, Network Attacks and Penetration, Privilege Escalation, Wireless and radio attacking, Web application penetration ,Exploitation and Reverse Engineering.

  • Be the first to comment

  • Be the first to like this

Practical Cyber Attacking Tutorial

  1. 1. Se7en - Creative Powerpoint Template Practical Cyber Attacking Tutorial Yam Peleg
  2. 2. Se7en - Creative Powerpoint Template Cyber?
  3. 3. Se7en - Creative Powerpoint Template
  4. 4. Se7en - Creative Powerpoint Template Introduction To Cyber
  5. 5. Se7en - Creative Powerpoint Template Cyber Attacking Active Reconnaissance Gaining Access Passive Reconnaissance Maintaining Access Gaining Access This is the phase where the real hacking takes place. Vulnerabilities discovered during the reconnaissance and scanning phase are now exploited to gain access. Maintaining Access Once a hacker has gained access, they want to keep that access for future exploitation and attacks. Passive Reconnaissance Passive reconnaissance involves gathering information regarding a potential target without the targeted individual’s or company’s knowledge Active Reconnaissance Active reconnaissance involves probing the network to discover individual hosts, IP addresses, and services on the network. This usually involves more risk of detection than passive reconnaissance
  6. 6. Se7en - Creative Powerpoint Template Vulnerability based cyber attacks Attacker - Develops code that will be sent to the victim and then - Uses a vulnerability to insert and run that code to the victim's device. Victim - Unaware of the attacker’s code running on the device. - The malicious code transmit to the attacker. The art of running your own code on someone else’s computer :) ❞ ❞ LOLZ
  7. 7. Se7en - Creative Powerpoint Template Social Engineering
  8. 8. Se7en - Creative Powerpoint Template 9 Social Engineering Phishing Practice of sending emails Or creating sites appearing to be from reputable source with the Goal of influencing or gaining Personal information Impersonation Practice of pretexting as Another person with the goal Of obtaining information or Access to a person, Company, or computer system. Vishing Practice of eliciting Information of attempting to Influence action via the Telephone may include such Tools as “phone spoofing” Hey! I am from IT Can you please give Me your password So I can.. Blah Blah..
  9. 9. Se7en - Creative Powerpoint Template Passive reconnaissance
  10. 10. Se7en - Creative Powerpoint Template Where can we find information?
  11. 11. Se7en - Creative Powerpoint Template Google Hacking
  12. 12. Se7en - Creative Powerpoint Template Google Hacking www.victim.com
  13. 13. Se7en - Creative Powerpoint Template Google Hacking site:www.victim.com intitle:index.of www.victim.com
  14. 14. Se7en - Creative Powerpoint Template Google Hacking www.victim.com site:www.victim.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini
  15. 15. Se7en - Creative Powerpoint Template Google Hacking www.victim.com site:www.victim.com ext:sql | ext:dbf | ext:mdb
  16. 16. Se7en - Creative Powerpoint Template Google Hacking www.victim.com site:www.victim.com ext:log
  17. 17. Se7en - Creative Powerpoint Template Google Hacking www.victim.com site:www.victim.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup
  18. 18. Se7en - Creative Powerpoint Template Google Hacking www.victim.com site:www.victim.com inurl:login
  19. 19. Se7en - Creative Powerpoint Template Google Hacking www.victim.com site:www.victim.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"
  20. 20. Se7en - Creative Powerpoint Template Google Hacking www.victim.com site:www.victim.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"
  21. 21. Se7en - Creative Powerpoint Template Google Hacking www.victim.com site:www.victim.com ext:php intitle:phpinfo "published by the PHP Group"
  22. 22. Se7en - Creative Powerpoint Template Searching for information Searching for “Information”?
  23. 23. Se7en - Creative Powerpoint Template Whois
  24. 24. Se7en - Creative Powerpoint Template Kali Linux
  25. 25. Se7en - Creative Powerpoint Template Maltego
  26. 26. Se7en - Creative Powerpoint Template Active reconnaissance
  27. 27. Se7en - Creative Powerpoint Template Client Server Three way handshake
  28. 28. Se7en - Creative Powerpoint Template Me Server Port Scanning LOLZ Ports .. 25 .. 80 .. Server Open ports: 25
  29. 29. Se7en - Creative Powerpoint Template Network Attacking
  30. 30. Se7en - Creative Powerpoint Template You Someone who is good looking ARP IP:192.168.2.13 IP:192.168.2.52 MAC: 7B-DA-70-1C-2E-EA MAC: ? Who has 192.168.2.52 I Know 192.168.2.52 Mac: E5-28-EC-7E-8B-5E Someone
  31. 31. Se7en - Creative Powerpoint Template You Someone who is good looking ARP Poisoning IP:192.168.2.13 IP:192.168.2.52 MAC: 7B-DA-70-1C-2E-EA MAC: E5-28-EC-7E-8B-5E Me LOLZ MAC: BE-EF-CA-CE-13-37 I Know 192.168.2.52 Mac: BE-EF-CA-CE-13-37 Than you :) I Know 192.168.2.13 Mac: BE-EF-CA-CE-13-37 Than you :)
  32. 32. Se7en - Creative Powerpoint Template Wireless Hacking
  33. 33. Se7en - Creative Powerpoint Template Web HackingWWW
  34. 34. Se7en - Creative Powerpoint Template Client Server SQL Injection Request: auth.html POST: user: user Pass: pass SQLQuery "Do we have a user with user name: user and password: pass?” SELECT user from users WHERE user=‘user’ and password=‘pass’
  35. 35. Se7en - Creative Powerpoint Template Me Server SQL Injection User: user SQLQuery SELECT user from users WHERE user=‘user’ and password=‘pass’ False User: ‘OR ‘1’=‘1 SELECT user from users WHERE user=‘’OR ‘1’ =‘1’ and password=‘pass’ True LOLZ
  36. 36. Se7en - Creative Powerpoint Template Client Server Cross side scripting GET: Page.html Backend Data Other Guys
  37. 37. Se7en - Creative Powerpoint Template Cross side scripting Backend Data Runnable Script Runnable Script
  38. 38. Se7en - Creative Powerpoint Template Cross side scripting
  39. 39. Se7en - Creative Powerpoint Template Exploitation
  40. 40. Se7en - Creative Powerpoint Template How a normal program works..
  41. 41. Se7en - Creative Powerpoint Template How a normal program works..
  42. 42. Se7en - Creative Powerpoint Template Reverse Engineering
  43. 43. Se7en - Creative Powerpoint Template Exploiting
  44. 44. Se7en - Creative Powerpoint Template Everyday use of windows
  45. 45. Se7en - Creative Powerpoint Template The Vulnerability NetpwPathCanonicalize serverdir1..dir2 serverdir2
  46. 46. Se7en - Creative Powerpoint Template Exploiting..
  47. 47. Se7en - Creative Powerpoint Template Exploiting..
  48. 48. Se7en - Creative Powerpoint Template a7 87 ce 5c 95 b2 4d 98 d6 fc e6 0a 56 19 96 b8 cd d3 e5 77 4d 98 d6 fc e6 0a 56 Exploiting.. c0 33 5b ac 12 8 2 1b ab 2b 02 9d ac 6a 93 e0 9e a 5 ea 3a 9e 25 5c 7b c1 ad 90 29 9 b 2f e6 3a 47 7d 9a 20 c6 75 dc 0 Address

×