SlideShare a Scribd company logo

Enumeration and system hacking

Download as PPTX, PDF
begmohsin
begmohsin

In enumeration the hacker now pursuing an in-depth analysis of all targeted devices such as hosts, connected devices. Hacker is mapping out your network to build a offensive attack strategy,**very important topic**

Education
1 of 15
Enumeration and System Hacking
Enumeration • Defined as an in-depth analysis of targeted device • Performed by connecting systems to identify user accounts, system accounts, services and system details • Process of proactively querying or connecting with target system in order to elicit information on NetBIOS/LDAP, SNMP, UNIX/Linux operation, NTP Servers, SMTP Servers and DNS Servers.
Windows Enumeration • Intent of windows enumeration is to recognise user account and system account that can be for potential use. • Ethical hacker should aim to collate basic knowledge from an system administer perspective • Understanding of Microsoft Client systems and Server is essential with regards to Windows 7, 8 and 10. • Kernal is considered an essential and trusted part of the operating system. • Operating systems within Microsoft implement rings of protection when evaluating which component to trust • The protection ring model maintains levels of access and granularity
Example of Protective Rings Model
• The example model of the Windows Architecture evidently depicts the User mode (ring 3) and kernel mode (ring 0). Restrictions are contained within the User mode whereas the Kernel mode permits full access of all resources • Ethical hacker must be aware most antivirus and analysis tools have the functional capability of identifying hacking tools and code which operate within the user mode. • Ethical hacker must have awareness in the event if a code is implemented within the realms of the windows system and executed in the kernel mode, the code by large can disguise itself within the user mode detection and will remain harder to identify. • The intent of the Hacker is always to execute code within the highest privilege levels • Windows implements the following types of identifies in order to maintain trace of all user security rights and identity: 1. Security Identifiers (SID) 2. Relative Identifiers (RID)
• SID can be depicted as a data structure of variable length which aims to identify user, group and computer accounts. • RID is a portion element of SID which aims to recognise a user or group in relation to the authority that user has.
System Hacking • Scope of system hacking typically entails attempting to gain access • Intent of system hacking is to authenticate to the remote host with the highest level of access. • Authentication systems can experience non technical and technical password attacks
Nontechnical Password Attacks The following are the types of non technical attacks employed by hackers: • Dumpster Diving • Social Engineering • Shoulder Surfing
Technical Password Attacks Tools used during enumeration typically entail Hyena, Network Performance Monitor, Nbstat. The following password attack techniques comprise of the following: 1. Password Guessing 2. Automated password guessing 3. Password sniffing 4. Keylogging
1.Password Guessing • Documentation should be maintained for all penetration tests and previous activities • Password guessing successful due to people using easy to remember words and phrases • Tools and online passwords and pwned password repositories exist that can be implemented to identify breached passwords • Recon-ng is a full-featured reconnaissance tool that features a pwned lookup.
Automated Password Guessing • Popular free tools such as Brutus and THC Hydra can be implemented to automate password guessing.
Password Sniffing • Sniffing and Keystroke loggers can offer the potential possibility to guess passwords • The scope of password sniffing entails having physical or logical access to the device • Techniques such as Passing the Hash permits Hacker to authenticate to remote server by implementing the NTLM or LM hash of a user’s password in contrary to implementing the relevant password in the form of plaintext
Privilege Escalation and Exploiting Vulnerabilities • Standard User Accounts are based on a limited privilege and do not provide privilege escalation and full control to the hacker • Only in the victim system can the Hackers execute privilege escalation tools
• Common techniques comprise of the following which can aid the hacker in using the victim system to exploit a vulnerability: 1. Manipulating OS or the application 2. Manipulating the user to accepting to execute the program 3. Enforcing the copying of the privilege escalation tool within the targeted system and implementing timescales to execute the exploit 4. Exploiting interactive access into systems such as Terminal Services Web Access (TS Web Access) , Microsoft Remote Desktop, Bomgar etc
UK - Cyber Defence Academy • Specialist provider in bespoke classroom, online and self learning cyber security and cyber defence training. • Visit us on : www.tech-strategygroup.com • Empower your employees to become aware about cyber security • Implement bespoke cyber security training programmes for your employees in alignment to your cyber security strategy, transformation programmes and projects. • For more information e-mail us on: info@tech-strategygroup.com

Recommended

Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumerationleminhvuong
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumerationVi Tính Hoàng Nam
 
Footprinting
FootprintingFootprinting
FootprintingDuah John
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 

Recommended

Module 4 Enumeration
Module 4 EnumerationModule 4 Enumeration
Module 4 Enumerationleminhvuong
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumerationVi Tính Hoàng Nam
 
Footprinting
FootprintingFootprinting
FootprintingDuah John
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101Digit Oktavianto
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 PresentationAmy McMullin
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layersDepartment of Computer Science
 
Aircrack
AircrackAircrack
AircrackNithin Sathees
 
Intruders
IntrudersIntruders
Intruderstechn
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.pptmiki304759
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 

More Related Content

What's hot

System hacking
System hackingSystem hacking
System hackingCAS
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 PresentationAmy McMullin
 
Intruders
IntrudersIntruders
Intruderstechn
 

What's hot (20)

Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
System hacking
System hackingSystem hacking
System hacking
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Operating system security
Operating system securityOperating system security
Operating system security
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
User authentication
User authenticationUser authentication
User authentication
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 Presentation
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layers
 
Aircrack
AircrackAircrack
Aircrack
 
Intruders
IntrudersIntruders
Intruders
 

Similar to Enumeration and system hacking

Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.pptmiki304759
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityGeevarghese Titus
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...GIRISHKUMARBC1
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
Ch1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxCh1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxsalutiontechnology
 
7 Ways To Cyberattack And Hack Azure
7 Ways To Cyberattack And Hack Azure7 Ways To Cyberattack And Hack Azure
7 Ways To Cyberattack And Hack AzureAbdul Khan
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxSriK49
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocolsOnline
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.Ankur Kumar
 
Dncybersecurity
DncybersecurityDncybersecurity
DncybersecurityAnne Starr
 
Lec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesLec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesBilalMehmood44
 

Similar to Enumeration and system hacking (20)

Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Computer security
Computer securityComputer security
Computer security
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Cyber Security # Lec 5
Cyber Security # Lec 5Cyber Security # Lec 5
Cyber Security # Lec 5
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
 
Ch1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxCh1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptx
 
7 Ways To Cyberattack And Hack Azure
7 Ways To Cyberattack And Hack Azure7 Ways To Cyberattack And Hack Azure
7 Ways To Cyberattack And Hack Azure
 
Intruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptxIntruders in cns. Various intrusion detection and prevention technique.pptx
Intruders in cns. Various intrusion detection and prevention technique.pptx
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.
 
Dncybersecurity
DncybersecurityDncybersecurity
Dncybersecurity
 
Lec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesLec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devices
 
Dos unit 5
Dos unit 5Dos unit 5
Dos unit 5
 

More from begmohsin

Skills you need to become a ethical hacker
Skills you need to become a ethical hackerSkills you need to become a ethical hacker
Skills you need to become a ethical hackerbegmohsin
 
Attackers process
Attackers processAttackers process
Attackers processbegmohsin
 
How hackers collate information about employees
How hackers collate information about employees How hackers collate information about employees
How hackers collate information about employees begmohsin
 
Types of hackers
Types of hackersTypes of hackers
Types of hackersbegmohsin
 
Ethical System Hacking- Cyber Training Diploma
Ethical System Hacking- Cyber Training Diploma Ethical System Hacking- Cyber Training Diploma
Ethical System Hacking- Cyber Training Diploma begmohsin
 
Ethical Hacking Tools & Techniques
Ethical Hacking Tools & Techniques Ethical Hacking Tools & Techniques
Ethical Hacking Tools & Techniques begmohsin
 
Defend your organisation from Cyber Attacks
Defend your organisation from Cyber AttacksDefend your organisation from Cyber Attacks
Defend your organisation from Cyber Attacksbegmohsin
 

More from begmohsin (7)

Skills you need to become a ethical hacker
Skills you need to become a ethical hackerSkills you need to become a ethical hacker
Skills you need to become a ethical hacker
 
Attackers process
Attackers processAttackers process
Attackers process
 
How hackers collate information about employees
How hackers collate information about employees How hackers collate information about employees
How hackers collate information about employees
 
Types of hackers
Types of hackersTypes of hackers
Types of hackers
 
Ethical System Hacking- Cyber Training Diploma
Ethical System Hacking- Cyber Training Diploma Ethical System Hacking- Cyber Training Diploma
Ethical System Hacking- Cyber Training Diploma
 
Ethical Hacking Tools & Techniques
Ethical Hacking Tools & Techniques Ethical Hacking Tools & Techniques
Ethical Hacking Tools & Techniques
 
Defend your organisation from Cyber Attacks
Defend your organisation from Cyber AttacksDefend your organisation from Cyber Attacks
Defend your organisation from Cyber Attacks
 

Recently uploaded

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 

Recently uploaded (20)

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 

Enumeration and system hacking

  • 2. Enumeration • Defined as an in-depth analysis of targeted device • Performed by connecting systems to identify user accounts, system accounts, services and system details • Process of proactively querying or connecting with target system in order to elicit information on NetBIOS/LDAP, SNMP, UNIX/Linux operation, NTP Servers, SMTP Servers and DNS Servers.
  • 3. Windows Enumeration • Intent of windows enumeration is to recognise user account and system account that can be for potential use. • Ethical hacker should aim to collate basic knowledge from an system administer perspective • Understanding of Microsoft Client systems and Server is essential with regards to Windows 7, 8 and 10. • Kernal is considered an essential and trusted part of the operating system. • Operating systems within Microsoft implement rings of protection when evaluating which component to trust • The protection ring model maintains levels of access and granularity
  • 5. • The example model of the Windows Architecture evidently depicts the User mode (ring 3) and kernel mode (ring 0). Restrictions are contained within the User mode whereas the Kernel mode permits full access of all resources • Ethical hacker must be aware most antivirus and analysis tools have the functional capability of identifying hacking tools and code which operate within the user mode. • Ethical hacker must have awareness in the event if a code is implemented within the realms of the windows system and executed in the kernel mode, the code by large can disguise itself within the user mode detection and will remain harder to identify. • The intent of the Hacker is always to execute code within the highest privilege levels • Windows implements the following types of identifies in order to maintain trace of all user security rights and identity: 1. Security Identifiers (SID) 2. Relative Identifiers (RID)
  • 6. • SID can be depicted as a data structure of variable length which aims to identify user, group and computer accounts. • RID is a portion element of SID which aims to recognise a user or group in relation to the authority that user has.
  • 7. System Hacking • Scope of system hacking typically entails attempting to gain access • Intent of system hacking is to authenticate to the remote host with the highest level of access. • Authentication systems can experience non technical and technical password attacks
  • 8. Nontechnical Password Attacks The following are the types of non technical attacks employed by hackers: • Dumpster Diving • Social Engineering • Shoulder Surfing
  • 9. Technical Password Attacks Tools used during enumeration typically entail Hyena, Network Performance Monitor, Nbstat. The following password attack techniques comprise of the following: 1. Password Guessing 2. Automated password guessing 3. Password sniffing 4. Keylogging
  • 10. 1.Password Guessing • Documentation should be maintained for all penetration tests and previous activities • Password guessing successful due to people using easy to remember words and phrases • Tools and online passwords and pwned password repositories exist that can be implemented to identify breached passwords • Recon-ng is a full-featured reconnaissance tool that features a pwned lookup.
  • 11. Automated Password Guessing • Popular free tools such as Brutus and THC Hydra can be implemented to automate password guessing.
  • 12. Password Sniffing • Sniffing and Keystroke loggers can offer the potential possibility to guess passwords • The scope of password sniffing entails having physical or logical access to the device • Techniques such as Passing the Hash permits Hacker to authenticate to remote server by implementing the NTLM or LM hash of a user’s password in contrary to implementing the relevant password in the form of plaintext
  • 13. Privilege Escalation and Exploiting Vulnerabilities • Standard User Accounts are based on a limited privilege and do not provide privilege escalation and full control to the hacker • Only in the victim system can the Hackers execute privilege escalation tools
  • 14. • Common techniques comprise of the following which can aid the hacker in using the victim system to exploit a vulnerability: 1. Manipulating OS or the application 2. Manipulating the user to accepting to execute the program 3. Enforcing the copying of the privilege escalation tool within the targeted system and implementing timescales to execute the exploit 4. Exploiting interactive access into systems such as Terminal Services Web Access (TS Web Access) , Microsoft Remote Desktop, Bomgar etc
  • 15. UK - Cyber Defence Academy • Specialist provider in bespoke classroom, online and self learning cyber security and cyber defence training. • Visit us on : www.tech-strategygroup.com • Empower your employees to become aware about cyber security • Implement bespoke cyber security training programmes for your employees in alignment to your cyber security strategy, transformation programmes and projects. • For more information e-mail us on: info@tech-strategygroup.com