Santosh Kumar, profile picture
Uploaded bySantosh Kumar
PPTX, PDF11,623 views

Black hat hackers

This document discusses black hat hackers and hacking. It begins with an introduction that defines hacking and black hat hackers. It then covers the history of hacking from the 1980s to 2007. It discusses famous black hat hackers and the different types of hackers including white hat, black hat, and grey hat hackers. It describes the pre-hacking stages a black hat hacker goes through when targeting a system. It also outlines the domains affected by hacking, types of attacks like denial of service and SQL injection, detection and prevention methods, and the pros and cons of hiring black hat hackers to test security systems.

Embed presentation

Downloaded 687 times
BLACK HAT HACKERS Rajitha.B 09131A1276 Information Technology 14-03-2013 1
OUTLINE • Introduction • History • Famous Hackers • Types of Hackers • Black Hat Hackers • Pre-Hacking stage • Domains affected by Hacking • Types of attacks • Detection and counter measures • SQL Injection • Pros and cons • Conclusion • References 14-03-2013 2
Introduction Hacking refers to an array of activities which are done to intrude someone else‟s personal information space so as to use it for malicious, unwanted purposes. Hacking is a term used for activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks. 14-03-2013 3
History  1980s - Cyberspace coined -414 arrested -Two hacker groups formed -2600 published  1990s -National Crackdown on hackers -Kevin Mitnick arrested 14-03-2013 4
Cont.…  2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others.  2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account. 14-03-2013 5
Famous Hackers 14-03-2013 6
Types of hackers  White hat hacker(The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert.)  Black hat hacker(illegal or bad )  Grey hat hacker(A grey hat in the hacking community refers to a skilled hacker whose activities fall somewhere between white and black hat hackers) 14-03-2013 7
Black Hat Hackers  A "black hat hacker” is a hacker who violates computer security for little reason beyond maliciousness or for personal gain.  Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. 14-03-2013 8
Pre-hacking stage Part 1: Targeting The hacker determines what network to break into during this phase. The target may be of particular interest to the hacker, either politically or personally, or it may be picked at random. Part 2: Research and Information Gathering It is in this stage that the hacker will visit or contact the target in some way in hopes of finding out vital information that will help them to access the system. 14-03-2013 9
Cont.… Part 3: Finishing The Attack This is the stage when the hacker will invade the primary target that he/she was planning to attack or steal from. 14-03-2013 10
Domains affected by hacking  Mobile hacking  Email hacking  Data stealing  Injecting virus and Trojans  Man -in-middle attacks  Internet applications 14-03-2013 11
TYPES OF ATTACKS  Denial of Services attacks  Threat from Sniffing and Key Logging  Trojan Attacks 14-03-2013 12
Denial of Services (DOS) Attacks DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system. In other words, a DOS attack is one in which clogging up so much memory on the target system that it cannot serve legitimate users. 14-03-2013 13
DOS Attacks: Ping of Death Attack The maximum packet size allowed to be transmitted by TCPIP on a network is 65 536 bytes. In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCPIP, is sent to the target system. As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs. 14-03-2013 14
sniffers and Key loggers Sniffers: capture all data packets being sent across the network. Commonly Used for: Traffic Monitoring Network Trouble shooting Gathering Information on Attacker. For stealing company Secrets and sensitive data. Commonly Available Sniffers • tcpdump • DSniff 14-03-2013 15
Threats from key loggers Key loggers: Records all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker. Countermeasures  Periodic Detection practices should be made mandatory. A Typical Key Logger automatically loads itself into the memory, each time the computer boots.  Thus, the start up script of the Key Logger should be removed. 14-03-2013 16
Trojan Attacks Trojans: act as a RAT or Remote Administration Tool, which allow remote control and remote access to the attacker. Working: 1.The Server Part of the Trojan is installed on the target system through trickery or disguise. 2.This server part listens on a predefined port for connections. 3.The attacker connects to this Server Part using the Client part of the Trojan on the predefined port number. 4.Once this is done, the attacker has complete control over the target system. 14-03-2013 17
Trojan Attacks : Detection and counter measures Detection & Countermeasures Scan your own system regularly. If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed. One can remove a Trojan using any normal Anti-Virus Software 14-03-2013 18
SQL injection  SQL injection is a technique often used to attack data driven applications.  This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed SQL command to the database.  string literal escape characters embedded in SQL statements like („ or * ) etc.  SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. 14-03-2013 19
Structure of SQL Injection 14-03-2013 20
How SQL Injection is performed?  when user input is not filtered for escape characters and is then passed into a SQL statement. The following line of code: statement = "SELECT * FROM users WHERE name = '" + userName + "';" For example: For example, setting the "userName" variable as: ' or '1'='1 ' or '1'='1' -- ' ' or '1'='1' ({ ' ' or '1'='1' /* ' 14-03-2013 21
Cont.….  The above username „1=1‟ is always true and can even delete the tables. SELECT * FROM users WHERE name = ''OR '1'='1'; Example: Step 1: Figure out how the application handles bad inputs • Email address is taken for the SQL injection hacker@programmerinterview.com' • The extra quote is added to the above email address. 14-03-2013 22
Cont.… The SQL statement as follows:  SELECT data FROM table WHERE Email input = hacker@programmerinterview.com”;  The query is injected as: SELECT data FROM table WHERE Email input = 'Y'; UPDATE table SET email = 'hacker@ymail.com' WHERE email = 'joe@ymail.com'; 14-03-2013 23
Cont.…  The hacker enters into the database and drops the tables .  Insertion of any other data in table can be done. 14-03-2013 24
SQL Injection 14-03-2013 25
SQL Injection Prevention  Encrypt sensitive data.  Access the database using an account with the least privileges necessary.  Install the database using an account with the least privileges necessary.  Ensure that data is valid. 14-03-2013 26
Pros and cons Pros • Increases computer security –when a hacker is hired he can be given a specific job or way to hack into the system. This can give company insight of possible back doors or openings into the company‟s security. Cons • The hacker can break into the system and steal information. • If the hacker is inexperience he can leave harmful programs and delete the information. 14-03-2013 27
Conclusion  Hacking may be defined as legal or illegal, ethical or unethical but useful for finding out possible back doors or openings into the computer security. 14-03-2013 28
References http://www.blackhatlibrary.net/Main_Page http://prezi.com/sxnobhzvsenq/hacking- and-cracking-pros-and-cons http://www.cybercure.in/hacking/ http://en.wikipedia.org/wiki/Hacker_(compu ter_security) http://en.wikipedia.org/wiki/The_Hacker_Cr ackdown Cyber cure customized e-book http://www.blackhat.com/presentations/bh- usa-04/bh-us-04-hotchkies/bh-us-04- hotchkies.pdf http://crypto.stanford.edu/cs142/lectures/1 6-sql-inj.pdf 14-03-2013 29
Thank you 14-03-2013 30

More Related Content

PPTX
HACKING
byShubham Agrawal
 
PPT
Hacking presentation BASIC
byLakkireddy Bali Reddy Collage of Engineering
 
PPTX
Hacking
byAsma Khan
 
PPSX
Hacking
byRanjan Som
 
PPTX
Password Cracking
bySina Manavi
 
PPTX
Ethical hacking introduction to ethical hacking
bymissstevenson01
 
PPTX
Hacking
byFarkhanda Kiran
 
PPTX
Hacking ppt
byRashed Sayyed
 
HACKING
byShubham Agrawal
 
Hacking presentation BASIC
byLakkireddy Bali Reddy Collage of Engineering
 
Hacking
byAsma Khan
 
Hacking
byRanjan Som
 
Password Cracking
bySina Manavi
 
Ethical hacking introduction to ethical hacking
bymissstevenson01
 
Hacking
byFarkhanda Kiran
 
Hacking ppt
byRashed Sayyed
 

What's hot

PDF
Digital Evidence in Computer Forensic Investigations
byFilip Maertens
 
PPTX
The Deep Web, TOR Network and Internet Anonymity
byAbhimanyu Singh
 
PDF
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
PPTX
Cyber Terrorism
byDeepak Pareek
 
PPTX
A military perspective on cyber security
byJoey Hernandez
 
PPTX
Cybersecurity Capability Maturity Model (C2M2)
byMaganathin Veeraragaloo
 
PPTX
Introduction to filesystems and computer forensics
byMayank Chaudhari
 
PPTX
Introduction to Incident Response Management
byDon Caeiro
 
PDF
Chapter 4 vulnerability threat and attack
bynewbie2019
 
PPTX
Classification of vulnerabilities
byMayur Mehta
 
PPTX
Cyber Security
byApplied Forensic Research Sciences
 
PDF
Basics of Cyber Security
byNikunj Thakkar
 
PDF
A brief Intro to Digital Forensics
byManik Bhola
 
PPTX
Cyber Forensics Overview
byYansi Keim
 
PPTX
Advanced persistent threat (apt)
bymmubashirkhan
 
PPTX
Digital Forensic ppt
bySuchita Rawat
 
PPTX
Network defenses
byPrachi Gulihar
 
PDF
Offensive OSINT
byChristian Martorella
 
PDF
Tracking Emails
byprashant3535
 
PPTX
Cyber kill chain
byAnkita Ganguly
 
Digital Evidence in Computer Forensic Investigations
byFilip Maertens
 
The Deep Web, TOR Network and Internet Anonymity
byAbhimanyu Singh
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
Cyber Terrorism
byDeepak Pareek
 
A military perspective on cyber security
byJoey Hernandez
 
Cybersecurity Capability Maturity Model (C2M2)
byMaganathin Veeraragaloo
 
Introduction to filesystems and computer forensics
byMayank Chaudhari
 
Introduction to Incident Response Management
byDon Caeiro
 
Chapter 4 vulnerability threat and attack
bynewbie2019
 
Classification of vulnerabilities
byMayur Mehta
 
Cyber Security
byApplied Forensic Research Sciences
 
Basics of Cyber Security
byNikunj Thakkar
 
A brief Intro to Digital Forensics
byManik Bhola
 
Cyber Forensics Overview
byYansi Keim
 
Advanced persistent threat (apt)
bymmubashirkhan
 
Digital Forensic ppt
bySuchita Rawat
 
Network defenses
byPrachi Gulihar
 
Offensive OSINT
byChristian Martorella
 
Tracking Emails
byprashant3535
 
Cyber kill chain
byAnkita Ganguly
 

Viewers also liked

PPTX
Ethical hacking presentation
bySuryansh Srivastava
 
PPTX
Hacking ppt
bygiridhar_sadasivuni
 
PPTX
Hacking & its types
bySai Sakoji
 
PPTX
Introduction To Ethical Hacking
byNeel Kamal
 
PDF
Hackers and Hacking a brief overview 5-26-2016
byGohsuke Takama
 
PPTX
Hacking Vs Cracking in Computer Networks
bySrikanth VNV
 
PPTX
Computer Hacking - An Introduction
byJayaseelan Vejayon
 
PDF
How To Become A Successful Hacker In Only 10 Years
byluke_bkk
 
PPTX
ethical hacking in the modern times
byjeshin jose
 
PPTX
Mobile operating system ppt
bySantosh Kumar
 
PPTX
Cyber security presentation
byBijay Bhandari
 
PPT
CYBER CRIME AND SECURITY
bySahil Vashishtha
 
PPTX
Cybercrime.ppt
byAeman Khan
 
PPTX
Cyber security
bySiblu28
 
PPTX
M commerce ppt
bySantosh Kumar
 
PPTX
Hackers
bymauricvio
 
PPTX
Network security
bynivethabaskar
 
PPT
Ethical Hacking
byjustyogesh
 
PPTX
SecurityGateway for Email Servers - Feature Overview
byAlt-N Technologies
 
PPTX
Computer Virus
byDebraj Chatterjee
 
Ethical hacking presentation
bySuryansh Srivastava
 
Hacking ppt
bygiridhar_sadasivuni
 
Hacking & its types
bySai Sakoji
 
Introduction To Ethical Hacking
byNeel Kamal
 
Hackers and Hacking a brief overview 5-26-2016
byGohsuke Takama
 
Hacking Vs Cracking in Computer Networks
bySrikanth VNV
 
Computer Hacking - An Introduction
byJayaseelan Vejayon
 
How To Become A Successful Hacker In Only 10 Years
byluke_bkk
 
ethical hacking in the modern times
byjeshin jose
 
Mobile operating system ppt
bySantosh Kumar
 
Cyber security presentation
byBijay Bhandari
 
CYBER CRIME AND SECURITY
bySahil Vashishtha
 
Cybercrime.ppt
byAeman Khan
 
Cyber security
bySiblu28
 
M commerce ppt
bySantosh Kumar
 
Hackers
bymauricvio
 
Network security
bynivethabaskar
 
Ethical Hacking
byjustyogesh
 
SecurityGateway for Email Servers - Feature Overview
byAlt-N Technologies
 
Computer Virus
byDebraj Chatterjee
 

Similar to Black hat hackers

PDF
Introduction of hacking and cracking
byHarshil Barot
 
PPT
All about Hacking
byMadhusudhan G
 
PPTX
HACKING presentation by Team Shivam.pptx
byshivamgond951
 
PPT
CYBER HACKING DEMYSTIFYING THE MYSTERIOUS BUSINESS OF HACKING
bymailtomanju2410
 
PPTX
Unethical access to website’s databases hacking using sql injection
bySatyajit Mukherjee
 
PPTX
Introduction to the Ethical hacking.pptx
bySahilSwe
 
PPT
31.ppt
byKarmanChandi
 
PPTX
Cyper security & Ethical hacking
byCmano Kar
 
PPT
presentation of professionalism harwares.ppt
byJayPatil820512
 
PPT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
byDHRUV562167
 
PPTX
Tools and Methods used in cybercrime.pptx
byNaziyaShaikh66
 
PPTX
Internet security powerpoint
byArifa Ali
 
PPTX
Hacking by Pratyush Gupta
byTenet Systems Pvt Ltd
 
PPT
Hacking
byDianna Marie Manalo
 
PPT
Hacking
byYhannah
 
PPTX
Cryptography Technoiques and algorithms Part 1.pptx
bymohanapriya462996
 
PPTX
Ethical hacking
byPunit Goswami
 
PPTX
Internet security powerpoint
byArifa Ali
 
PPTX
Ethical Hacking
byLalit Kumar
 
PPTX
Hacking intro
byMilind Mishra
 
Introduction of hacking and cracking
byHarshil Barot
 
All about Hacking
byMadhusudhan G
 
HACKING presentation by Team Shivam.pptx
byshivamgond951
 
CYBER HACKING DEMYSTIFYING THE MYSTERIOUS BUSINESS OF HACKING
bymailtomanju2410
 
Unethical access to website’s databases hacking using sql injection
bySatyajit Mukherjee
 
Introduction to the Ethical hacking.pptx
bySahilSwe
 
31.ppt
byKarmanChandi
 
Cyper security & Ethical hacking
byCmano Kar
 
presentation of professionalism harwares.ppt
byJayPatil820512
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
byDHRUV562167
 
Tools and Methods used in cybercrime.pptx
byNaziyaShaikh66
 
Internet security powerpoint
byArifa Ali
 
Hacking by Pratyush Gupta
byTenet Systems Pvt Ltd
 
Hacking
byDianna Marie Manalo
 
Hacking
byYhannah
 
Cryptography Technoiques and algorithms Part 1.pptx
bymohanapriya462996
 
Ethical hacking
byPunit Goswami
 
Internet security powerpoint
byArifa Ali
 
Ethical Hacking
byLalit Kumar
 
Hacking intro
byMilind Mishra
 

More from Santosh Kumar

PPTX
human computer interface
bySantosh Kumar
 
PPTX
Bit torrent ppt
bySantosh Kumar
 
PPTX
Software technologies in defence ppt
bySantosh Kumar
 
PPTX
Holographic memory systems
bySantosh Kumar
 
PPTX
motion sensing technology
bySantosh Kumar
 
PPT
Face recognition ppt
bySantosh Kumar
 
human computer interface
bySantosh Kumar
 
Bit torrent ppt
bySantosh Kumar
 
Software technologies in defence ppt
bySantosh Kumar
 
Holographic memory systems
bySantosh Kumar
 
motion sensing technology
bySantosh Kumar
 
Face recognition ppt
bySantosh Kumar
 

Recently uploaded

PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Workflow and decision Automation with Flowable
bychakib ch
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 

Black hat hackers

  • 1.
  • 2.
    OUTLINE • Introduction • History •Famous Hackers • Types of Hackers • Black Hat Hackers • Pre-Hacking stage • Domains affected by Hacking • Types of attacks • Detection and counter measures • SQL Injection • Pros and cons • Conclusion • References 14-03-2013 2
  • 3.
    Introduction Hacking refers toan array of activities which are done to intrude someone else‟s personal information space so as to use it for malicious, unwanted purposes. Hacking is a term used for activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks. 14-03-2013 3
  • 4.
    History  1980s - Cyberspacecoined -414 arrested -Two hacker groups formed -2600 published  1990s -National Crackdown on hackers -Kevin Mitnick arrested 14-03-2013 4
  • 5.
    Cont.…  2001 – Inone of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others.  2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account. 14-03-2013 5
  • 6.
  • 7.
    Types of hackers White hat hacker(The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert.)  Black hat hacker(illegal or bad )  Grey hat hacker(A grey hat in the hacking community refers to a skilled hacker whose activities fall somewhere between white and black hat hackers) 14-03-2013 7
  • 8.
    Black Hat Hackers A "black hat hacker” is a hacker who violates computer security for little reason beyond maliciousness or for personal gain.  Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. 14-03-2013 8
  • 9.
    Pre-hacking stage Part 1:Targeting The hacker determines what network to break into during this phase. The target may be of particular interest to the hacker, either politically or personally, or it may be picked at random. Part 2: Research and Information Gathering It is in this stage that the hacker will visit or contact the target in some way in hopes of finding out vital information that will help them to access the system. 14-03-2013 9
  • 10.
    Cont.… Part 3: FinishingThe Attack This is the stage when the hacker will invade the primary target that he/she was planning to attack or steal from. 14-03-2013 10
  • 11.
    Domains affected byhacking  Mobile hacking  Email hacking  Data stealing  Injecting virus and Trojans  Man -in-middle attacks  Internet applications 14-03-2013 11
  • 12.
    TYPES OF ATTACKS Denial of Services attacks  Threat from Sniffing and Key Logging  Trojan Attacks 14-03-2013 12
  • 13.
    Denial of Services(DOS) Attacks DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system. In other words, a DOS attack is one in which clogging up so much memory on the target system that it cannot serve legitimate users. 14-03-2013 13
  • 14.
    DOS Attacks: Pingof Death Attack The maximum packet size allowed to be transmitted by TCPIP on a network is 65 536 bytes. In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCPIP, is sent to the target system. As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs. 14-03-2013 14
  • 15.
    sniffers and Key loggers Sniffers:capture all data packets being sent across the network. Commonly Used for: Traffic Monitoring Network Trouble shooting Gathering Information on Attacker. For stealing company Secrets and sensitive data. Commonly Available Sniffers • tcpdump • DSniff 14-03-2013 15
  • 16.
    Threats from keyloggers Key loggers: Records all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker. Countermeasures  Periodic Detection practices should be made mandatory. A Typical Key Logger automatically loads itself into the memory, each time the computer boots.  Thus, the start up script of the Key Logger should be removed. 14-03-2013 16
  • 17.
    Trojan Attacks Trojans: actas a RAT or Remote Administration Tool, which allow remote control and remote access to the attacker. Working: 1.The Server Part of the Trojan is installed on the target system through trickery or disguise. 2.This server part listens on a predefined port for connections. 3.The attacker connects to this Server Part using the Client part of the Trojan on the predefined port number. 4.Once this is done, the attacker has complete control over the target system. 14-03-2013 17
  • 18.
    Trojan Attacks :Detection and counter measures Detection & Countermeasures Scan your own system regularly. If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed. One can remove a Trojan using any normal Anti-Virus Software 14-03-2013 18
  • 19.
    SQL injection  SQLinjection is a technique often used to attack data driven applications.  This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed SQL command to the database.  string literal escape characters embedded in SQL statements like („ or * ) etc.  SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. 14-03-2013 19
  • 20.
    Structure of SQLInjection 14-03-2013 20
  • 21.
    How SQL Injectionis performed?  when user input is not filtered for escape characters and is then passed into a SQL statement. The following line of code: statement = "SELECT * FROM users WHERE name = '" + userName + "';" For example: For example, setting the "userName" variable as: ' or '1'='1 ' or '1'='1' -- ' ' or '1'='1' ({ ' ' or '1'='1' /* ' 14-03-2013 21
  • 22.
    Cont.….  The aboveusername „1=1‟ is always true and can even delete the tables. SELECT * FROM users WHERE name = ''OR '1'='1'; Example: Step 1: Figure out how the application handles bad inputs • Email address is taken for the SQL injection hacker@programmerinterview.com' • The extra quote is added to the above email address. 14-03-2013 22
  • 23.
    Cont.… The SQL statementas follows:  SELECT data FROM table WHERE Email input = hacker@programmerinterview.com”;  The query is injected as: SELECT data FROM table WHERE Email input = 'Y'; UPDATE table SET email = 'hacker@ymail.com' WHERE email = 'joe@ymail.com'; 14-03-2013 23
  • 24.
    Cont.…  The hackerenters into the database and drops the tables .  Insertion of any other data in table can be done. 14-03-2013 24
  • 25.
  • 26.
    SQL Injection Prevention Encrypt sensitive data.  Access the database using an account with the least privileges necessary.  Install the database using an account with the least privileges necessary.  Ensure that data is valid. 14-03-2013 26
  • 27.
    Pros and cons Pros •Increases computer security –when a hacker is hired he can be given a specific job or way to hack into the system. This can give company insight of possible back doors or openings into the company‟s security. Cons • The hacker can break into the system and steal information. • If the hacker is inexperience he can leave harmful programs and delete the information. 14-03-2013 27
  • 28.
    Conclusion  Hacking maybe defined as legal or illegal, ethical or unethical but useful for finding out possible back doors or openings into the computer security. 14-03-2013 28
  • 29.
  • 30.