Special thanks & reference:- https://www.youtube.com/watch?v=XLvPpirlmEs&t=374s
Google slide:- https://docs.google.com/presentation/d/16xDioTAN2AdASOoFAqLHeMG7oImMsrdPVhpy5D7T2ec/edit
2. PLANFORTHEDAY
PURPOSE
Why we need a
Security Testing
and Ethical Hacking
initiative?
CYBER
ATTACKS
‘Hacking’, is it
wrong?
ETHICAL
HACKING
Why a s/w company
need ethical hackers
and how it happens
TODAY’S
SPECIAL
3. PURPOSE
Let’s forget our day to day
boring shit and will try
something new. Hacking is
fun as long as it is ethical.
01
4. If you want to learn something which grow your interest day by
day then it will be none other than Ethical Hacking.
Possible Outcomes
● Career benefits as an engineer who knows information security.
● Prevention is better than cure.
● High demand for an ethical hacker.
● Easy way to increase your salary.
● Become an Asset for a company.
● It is fun !!!
● Security testing skills.
● Help you to be a really good programmer who aware of security
threats.
OVERVIEW
7. ● Began in the 1961 at MIT, origin of the term “hacker”, when students
hacked their high-tech train sets in order to modify their functions
● In the 1970s hacked telephone systems to make free long distance
calls.
● In 1980s hackers started to spoil networks for personal benefits.
Used it to criminal activities, including pirating software, creating
viruses and breaking into systems to steal sensitive information.
● In 1990s hackers become headache to the world.No of cyber
crimes were increased.first computer worm is introduced and
leading the first digital bank heist.
● In 2000s Microsoft, eBay, Yahoo! and Amazon were taken down in
massive DOS attacks.Department of Defense and International
Space Station had its systems breached.
● Today hacking change the world. Simply we use free windows
licenses thanks to the hackers.
HISTORY
8. cyber attack is an attack launched from one or
more computers against another computer,
multiple computers or networks.
There can be 2 goals of this.
1. Disable the target computer or knock it offline
or
2. Get access to the target computer's data
WHATISCYBERATTACK?
10. To prevent such attacks
Cyber Security is
implemented.
Cyber Security helps to
protect Network,
Programs, Computer
systems and their
components from
unauthorized digital
attacks.
CYBERSECURITY
11. Hacking can be used as an
illegal weapon to steal
anything on the
cyberspace. This can
destroy a business within
few seconds by accessing
unauthorized information
ITHURTS….
13. —ANONYMOUS HACKER
“It’s impossible.” said Pride.
“It’s Risky.” said
Experience.
“It’s Pointless.” said
Reason.
If you really are Hacker !
Then Give it a Try!
15. Multiple entry points
are there to let in and
out. But you want to
allow the people who
you know to enter your
house.
SUPPOSEYOUBUILTYOUR
OWNHOUSE!!!
19. ● Ethical hackers prevent malicious hackers from
breaching an organization's network
● Ethical hackers look for system vulnerabilities
that others may exploit
● Ethical hackers analyze and enhance an
organization’s security policies
● They help protect customer data
WHATISETHICAL
HACKING?
22. ETHICALHACKINGVS
PENETRATIONTESTING
ETHICAL
HACKING
The goal of ethical hacking is
still to identify vulnerabilities
and fix them before they can
be exploited by criminals,
but the approach is much
wider in scope than pen
testing
PENETRATION
TESTING
Represents one subset of
all ethical hacking.
Ex:- Software companies
perform penetration testing
by forming a Security
specialized testers.
23. SKILLS LINUX (KAALI)
There are lot of
supporting tools for
Ethical hacking
PROGRAMMING
Python/JS/BASH/Sc
ripting (Basics)
TOOLS
Metasploit, Burp
Suite, Nessus, NMap
NETWORKING
OSI Model,
Protocols
HACKING
METHODOLOGIES
Footprinting,
Scanning, System
hacking
OPERATING
SYSTEMS
Windows, Linux,
Unix
MIT Student and early hackers only interested in exploring, improving and testing the limits of existing programs.
Ransomware — Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment
WannaCry attacked on May of 2017 started in Asia and spread across the world. 230,000 computers were infected.
Target audience was a Microsoft windows users who didn't update the latest security update in March 2017.
Encrypted files in Windows networked machines and demanded $300-600 bitcoins payment to decrypt them.(Unlock files)
Affected companies:- Bank of China, Nissan, Hitachi, Fedex. Put there business on hold for days. There systems were affected.
Hackers are not always wrong. Different modes are there.
Black hat - they are the hackers we see in movies and the ones we are frightened about. They steal money, information through networks
White hat - they defend organizations and governments.
Grey hat - They may have hidden agendas. Discovers vulnerabilities in a system and report to the system owner. Its a good act
But do this without owners approval and ask money for their findings.
Normally i hate theories but will use few examples to make everyone in to the same page.
You want to check the what are the possibilities to breaking in to the house/ security weaknesses in entry and exits.
Call expert of house security
He come and check all the security measures
Also he will try to breaking to the house with all possible ways
At the end he will create a report with all the security weaknesses in house and will give security recommendations (Ex:- security alarms, Security guard, CCTV Camera, Close the open areas)
“Shahan” runs an online trading company with money and his customers
Everything is going well and now he is rich
One day hacker called “Heshi” decided to hack the company servers
“Heshi” steal the credentials of trading accounts
She asked for $ (ransom) to exchange for the stolen credentials. Black hacker
“Shahan” took the “Heshi’s” words lightly and didn't pay a single penny.so “Heshi” got angry (Girls noh).
So “Heshi” using credentials withdrew money from various customer accounts
Then “Shahan” liable to pay back to customers. “Shahan” lost lot of money and trust from Customers
Also “periya nangi” baba left him :( since he is lost.
After this incident “Shahan” thought a lot about what went wrong (Talked with vajira before his own retro)
He understood something is wrong about the security infrastructure of his company.
He wishes if someone is there who could have run test attacks to see how vulnerable his systems were before a hacker enters to the network.
So he wanted employee who thinks like a hacker and identify vulnerabilities before an outsider does.
To do this job “Shahan” hired a ethical hacker “Sajith”.
“Sajith” spotted lot of vulnerabilities in Shahan organization.
And closed all the loopholes.
Hiring ethical hacker helped “Shahan” prevent from security attacks in future. Then slowly “Shahan’s” company productivity increased.
“Shahan’s” company damaged reputation came back. “Periya nangi baba” came back. Thanks to Ethical hacker “Sajith”, “Shahan” is a happy man again.
Vulnerability scanning will locate individual vulnerabilities.
penetration testing will actually attempt to verify that these vulnerabilities are exploitable within the target environment. (Identify system is vulnerable for SQL injections, Cross site scripting etc..)
Reconnaissance - Gathers all the information about organization and systems he wanted to attack.Use tools (NMap, Hping)
Scanning phase - Now try to stop vulnerabilities using NMap, nexpose tools
Gaining access - Now she located the vulnerabilities. Now try to exploit them (Hack it and access the system private data). install an application needs or modify data or hide data.
Maintaining access - After find a way to go through organizations network now. If Gayara asked to retain access to the system again without whole process she create a backdoor access.For that she install backdoors(using protocol, proxy or end-to-end connection strategies) in the target system.(Tool:- Metaspolit tool)
Clearing tracks - Clear the all evidence of ethical attacks as no attacker likes to get caught.This involves modifying/corrupting/deleting the values of Logs, modifying registry values and uninstalling all applications he used and deleting all folders he created.
Reporting - creates a summary report that consists of the vulnerabilities spotted, the tools used to attack, and the success rate of the operation.
Ethical hacking vs Penetration testing
“Ethical hacking” scope matters. This has a scope of an infrastructure which might be a combination of systems and networks. Lot of hackings use to asses the entire infrastructure. Meanwhile “Penetration testing” asses security issues in specific systems/scopes.
“Ethical hacker” need a broad knowledge about the field as well as need a valid security test certification. knowledge and skills in the specific area enough for a “Penetration tester.
“Ethical hacker” required the access of entire system infrastructure to hack it but “Penetration tester” Access is required only to systems on which the pen testing will be conducted.
First will find how hackers can access our system.
Then let's see how they access important information in our system.
Example:- My friend use Lucky 1 system u