Recommended
More Related Content
What's hot
What's hot (20)
Similar to Security and ethical hacking initiative first session
Similar to Security and ethical hacking initiative first session (20)
Recently uploaded
Recently uploaded (20)
Security and ethical hacking initiative first session
- 1. CYBER බදාදා පිටුව DigitalX දැවැන්ත Cyber පෙරළිපේ ප්රථම දිගහැරුම
- 2. PLANFORTHEDAY PURPOSE Why we need a Security Testing and Ethical Hacking initiative? CYBER ATTACKS ‘Hacking’, is it wrong? ETHICAL HACKING Why a s/w company need ethical hackers and how it happens TODAY’S SPECIAL
- 3. PURPOSE Let’s forget our day to day boring shit and will try something new. Hacking is fun as long as it is ethical. 01
- 4. If you want to learn something which grow your interest day by day then it will be none other than Ethical Hacking. Possible Outcomes ● Career benefits as an engineer who knows information security. ● Prevention is better than cure. ● High demand for an ethical hacker. ● Easy way to increase your salary. ● Become an Asset for a company. ● It is fun !!! ● Security testing skills. ● Help you to be a really good programmer who aware of security threats. OVERVIEW
- 5. WHOA!Hacking is what made your computer the way as it is today.
- 6. CYBER ATTACKS Will start from the history because its changed the history 02
- 7. ● Began in the 1961 at MIT, origin of the term “hacker”, when students hacked their high-tech train sets in order to modify their functions ● In the 1970s hacked telephone systems to make free long distance calls. ● In 1980s hackers started to spoil networks for personal benefits. Used it to criminal activities, including pirating software, creating viruses and breaking into systems to steal sensitive information. ● In 1990s hackers become headache to the world.No of cyber crimes were increased.first computer worm is introduced and leading the first digital bank heist. ● In 2000s Microsoft, eBay, Yahoo! and Amazon were taken down in massive DOS attacks.Department of Defense and International Space Station had its systems breached. ● Today hacking change the world. Simply we use free windows licenses thanks to the hackers. HISTORY
- 8. cyber attack is an attack launched from one or more computers against another computer, multiple computers or networks. There can be 2 goals of this. 1. Disable the target computer or knock it offline or 2. Get access to the target computer's data WHATISCYBERATTACK?
- 9. WannaCry
- 10. To prevent such attacks Cyber Security is implemented. Cyber Security helps to protect Network, Programs, Computer systems and their components from unauthorized digital attacks. CYBERSECURITY
- 11. Hacking can be used as an illegal weapon to steal anything on the cyberspace. This can destroy a business within few seconds by accessing unauthorized information ITHURTS….
- 12. HACKERISAPERSONWHO TRIESTOHACKINTOA COMPUTERSYSTEM Black Hat Individual who illegally hacks into a system for personal benefits. White Hat an Ethical Hacker is an individual who discovers vulnerabilities in a computer network Grey Hat A blend of both black and white hat hackers
- 13. —ANONYMOUS HACKER “It’s impossible.” said Pride. “It’s Risky.” said Experience. “It’s Pointless.” said Reason. If you really are Hacker ! Then Give it a Try!
- 14. ETHICAL HACKING Protect data by discovering vulnerabilities in a system 03
- 15. Multiple entry points are there to let in and out. But you want to allow the people who you know to enter your house. SUPPOSEYOUBUILTYOUR OWNHOUSE!!!
- 18. Hacking is not always bad
- 19. ● Ethical hackers prevent malicious hackers from breaching an organization's network ● Ethical hackers look for system vulnerabilities that others may exploit ● Ethical hackers analyze and enhance an organization’s security policies ● They help protect customer data WHATISETHICAL HACKING?
- 20. MAYBEYOUNEEDTODIVIDE YOURTEXT PENETRATION TESTING Identifies security vulnerabilities, flaws risks, and unreliable environments VULNERABILITY ASSESSMENT Vulnerability scanning will locate individual vulnerabilities
- 22. ETHICALHACKINGVS PENETRATIONTESTING ETHICAL HACKING The goal of ethical hacking is still to identify vulnerabilities and fix them before they can be exploited by criminals, but the approach is much wider in scope than pen testing PENETRATION TESTING Represents one subset of all ethical hacking. Ex:- Software companies perform penetration testing by forming a Security specialized testers.
- 23. SKILLS LINUX (KAALI) There are lot of supporting tools for Ethical hacking PROGRAMMING Python/JS/BASH/Sc ripting (Basics) TOOLS Metasploit, Burp Suite, Nessus, NMap NETWORKING OSI Model, Protocols HACKING METHODOLOGIES Footprinting, Scanning, System hacking OPERATING SYSTEMS Windows, Linux, Unix
- 24. TODAY’S SPECIAL Let's do a penetration testing example ! 04
Editor's Notes
- Its like “Dam Rajina”
- MIT Student and early hackers only interested in exploring, improving and testing the limits of existing programs.
- Ransomware — Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment WannaCry attacked on May of 2017 started in Asia and spread across the world. 230,000 computers were infected. Target audience was a Microsoft windows users who didn't update the latest security update in March 2017. Encrypted files in Windows networked machines and demanded $300-600 bitcoins payment to decrypt them.(Unlock files) Affected companies:- Bank of China, Nissan, Hitachi, Fedex. Put there business on hold for days. There systems were affected.
- Hackers are not always wrong. Different modes are there. Black hat - they are the hackers we see in movies and the ones we are frightened about. They steal money, information through networks White hat - they defend organizations and governments. Grey hat - They may have hidden agendas. Discovers vulnerabilities in a system and report to the system owner. Its a good act But do this without owners approval and ask money for their findings.
- Normally i hate theories but will use few examples to make everyone in to the same page.
- You want to check the what are the possibilities to breaking in to the house/ security weaknesses in entry and exits. Call expert of house security He come and check all the security measures Also he will try to breaking to the house with all possible ways At the end he will create a report with all the security weaknesses in house and will give security recommendations (Ex:- security alarms, Security guard, CCTV Camera, Close the open areas)
- “Shahan” runs an online trading company with money and his customers Everything is going well and now he is rich One day hacker called “Heshi” decided to hack the company servers “Heshi” steal the credentials of trading accounts She asked for $ (ransom) to exchange for the stolen credentials. Black hacker “Shahan” took the “Heshi’s” words lightly and didn't pay a single penny.so “Heshi” got angry (Girls noh). So “Heshi” using credentials withdrew money from various customer accounts Then “Shahan” liable to pay back to customers. “Shahan” lost lot of money and trust from Customers Also “periya nangi” baba left him :( since he is lost.
- After this incident “Shahan” thought a lot about what went wrong (Talked with vajira before his own retro) He understood something is wrong about the security infrastructure of his company. He wishes if someone is there who could have run test attacks to see how vulnerable his systems were before a hacker enters to the network. So he wanted employee who thinks like a hacker and identify vulnerabilities before an outsider does. To do this job “Shahan” hired a ethical hacker “Sajith”. “Sajith” spotted lot of vulnerabilities in Shahan organization. And closed all the loopholes. Hiring ethical hacker helped “Shahan” prevent from security attacks in future. Then slowly “Shahan’s” company productivity increased. “Shahan’s” company damaged reputation came back. “Periya nangi baba” came back. Thanks to Ethical hacker “Sajith”, “Shahan” is a happy man again.
- Vulnerability scanning will locate individual vulnerabilities. penetration testing will actually attempt to verify that these vulnerabilities are exploitable within the target environment. (Identify system is vulnerable for SQL injections, Cross site scripting etc..)
- Reconnaissance - Gathers all the information about organization and systems he wanted to attack.Use tools (NMap, Hping) Scanning phase - Now try to stop vulnerabilities using NMap, nexpose tools Gaining access - Now she located the vulnerabilities. Now try to exploit them (Hack it and access the system private data). install an application needs or modify data or hide data. Maintaining access - After find a way to go through organizations network now. If Gayara asked to retain access to the system again without whole process she create a backdoor access.For that she install backdoors(using protocol, proxy or end-to-end connection strategies) in the target system.(Tool:- Metaspolit tool) Clearing tracks - Clear the all evidence of ethical attacks as no attacker likes to get caught.This involves modifying/corrupting/deleting the values of Logs, modifying registry values and uninstalling all applications he used and deleting all folders he created. Reporting - creates a summary report that consists of the vulnerabilities spotted, the tools used to attack, and the success rate of the operation.
- Ethical hacking vs Penetration testing “Ethical hacking” scope matters. This has a scope of an infrastructure which might be a combination of systems and networks. Lot of hackings use to asses the entire infrastructure. Meanwhile “Penetration testing” asses security issues in specific systems/scopes. “Ethical hacker” need a broad knowledge about the field as well as need a valid security test certification. knowledge and skills in the specific area enough for a “Penetration tester. “Ethical hacker” required the access of entire system infrastructure to hack it but “Penetration tester” Access is required only to systems on which the pen testing will be conducted.
- First will find how hackers can access our system. Then let's see how they access important information in our system. Example:- My friend use Lucky 1 system u