Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ethical Hacking

2,361 views

Published on

  • Be the first to comment

Ethical Hacking

  1. 1. Information Security &Ethical Hacking<br />PushkarPashupat<br /><br />
  2. 2. #./whoami<br /><ul><li>Student.
  3. 3. Free Lancer.
  4. 4. Malware Analyst.
  5. 5. Moderator - null, Pune Chapter.
  6. 6. M.ScComp.Sci, PGDCS – Cyber Security, EC-C|EH.</li></li></ul><li># ls -a<br /><ul><li>Information Security.
  7. 7. International Scenario.
  8. 8. Hacking.
  9. 9. Careers in Information Security.
  10. 10. Fun Time.
  11. 11. Q&A</li></li></ul><li>This information provided would be purely for academic purposes only! This info is not to be abused!<br />I am not responsible for any damage that you may create!<br />I do not promote or encourage any kind of hacking(unethical).<br />You implement the information given at your own risk.<br />
  12. 12. # information.security<br /><ul><li>Information Security - protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
  13. 13. Computer Security.
  14. 14. Network Security.
  15. 15. Cyber Security.</li></li></ul><li>International Scenario…<br />
  16. 16. # Some Stats…<br />Source : Business Week magzine/Symantec, 2009<br />4 out 5 Indians are Victims of Cyber Crime : Reports<br /> DNA, Sept 9, 2011<br />
  17. 17. # Some Stats…<br />Cyber Crime costs India $4 billion annually, according to Symantec – Sept,2011<br />
  18. 18. # Some Stats…<br />
  19. 19.
  20. 20. # Hacking – curiosity to gain knowledge<br />Person who is a geek , computer freak and loves exploring every bit of it.<br />Hacker<br />Hacker using his knowledge for illegal purpose and crime.<br />Cracker<br />Act of hacking performed on the backdrop of social or patriotic motive.<br />Hacktivism<br />
  21. 21. # ls –hackers –types <br /><ul><li>Black Hats
  22. 22. White Hats
  23. 23. Gray Hats
  24. 24. Newbies
  25. 25. Script-kiddies
  26. 26. The Hackers</li></li></ul><li># ethical.hacking…<br /><ul><li>“Information Security Professionals” alias “Legal Hackers” alias “Ethical Hackers”.
  27. 27. Hacking into a system/network with prior permission of owning authority for defensive purposes.
  28. 28. If you want to catch a criminal, think like a criminal.
  29. 29. Know yourself before, someone else knows.
  30. 30. Auditing / Profiling the suite.</li></li></ul><li># cat hack<br />I<br />N<br />F<br />O<br />R<br />M<br />A<br />T<br />I<br />O<br />N<br />G<br />A<br />T<br />H<br />E<br />R<br />I<br />N<br />G<br />ACTUAL ATTACK<br />
  31. 31. # man information.gathering<br />“Knowing the enemy is half the battle won”<br /><ul><li>Collect as much information as possible about the target…
  32. 32. Information can be collected by,
  33. 33. Reconnaissance
  34. 34. Scanning
  35. 35. Active information gathering
  36. 36. Passive information gathering</li></li></ul><li># man reconnaissance<br /><ul><li>Mostly passive reconnaissance
  37. 37. Social Engineering
  38. 38. Dumpster diving
  39. 39. Shoulder surfing
  40. 40. Internet</li></li></ul><li><ul><li>Active reconnaissance
  41. 41. Port scanning
  42. 42. Security in place
  43. 43. Vulnerability assessment
  44. 44. DNS , OS , Software identification</li></ul># man scanning<br />
  45. 45. # man gaining.access<br /><ul><li>Implementing the actual attack…
  46. 46. Use of collected information makes it easy…
  47. 47. Way in which target can be attacked…
  48. 48. System Hacking
  49. 49. Session Hijacking
  50. 50. SQL Injection
  51. 51. Man-In-The-Middle
  52. 52. Denial of Service
  53. 53. Malware Attacks
  54. 54. Sniffing
  55. 55. Password Hacking
  56. 56. Hacking Web Servers
  57. 57. Wi-Fi Hacking
  58. 58. Identity Theft
  59. 59. XSS</li></ul>And the list goes on…<br />
  60. 60. Once the target has been attacked, the control over the machine has to be maintained…<br />Techniques to evade detection<br />Rootkits,<br />Backdoors,<br />Hidden files <br /># man maintaining.access<br />
  61. 61. System is hacked , but you shouldn’t get caught.<br />Clearing evidence and proofs…<br />Clearing logs<br />Disabling auditing<br /># man covering.tracks<br />
  62. 62. # man steagnography<br />
  63. 63. http://gprivacy.t35.com/gmail.html<br /># man phishing<br />
  64. 64. # man email forging<br />
  65. 65. surface.pk<br /># man sql injection<br />
  66. 66. Penetration Testing<br />Vulnerability Assessments<br />Network Auditors<br /># cat careers.infosec<br />
  67. 67. Malware Analyst<br />Security consultants<br />Ethical Hackers<br />Cyber Forensics<br />Crime Investigations.<br /># cat careers.infosec<br />
  68. 68.
  69. 69. # quit<br />And If any…<br />

×