SlideShare a Scribd company logo
Ethical Hacking
                         Keith Brooks
                         CIO and Director of Services
                         Vanessa Brooks, Inc.
                         Twitter/Skype: lotusevangelist
                         keith@vanessabrooks.com


Adapted from Zephyr Gauray’s slides found here:
http://www.slideworld.com/slideshow.aspx/Ethical-Hacking-ppt-2766165

And from Achyut Paudel’s slides found here:
http://www.wiziq.com/tutorial/183883-Computer-security-and-ethical-hacking-slide

And from This Research Paper:
http://www.theecommercesolution.com/usefull_links/ethical_hacking.php
“How often have I said to you that when you
 have eliminated the impossible, whatever
 remains, however improbable, must be the
 truth? “
Or a modern variation:
 "If you eliminate the impossible, whatever
 remains, however improbable, must be the
 truth."
  2nd Quote is from Spock in Star Trek (2009) but really
  from Sir Arthur Conan Doyle’s infamous Detective,
  Sherlock Holmes as seen above
Anonymous
As for the literal operation of Anonymous, becoming part of it is
  as simple as going onto its Internet Relay Chat forums and
  typing away.
The real-life people involved in Anonymous could be behind their
  laptops anywhere, from an Internet café in Malaysia to a
  Michigan suburb.
Anonymous appears to have no spokesperson or leader.
One could participate for a minute or a day in a chat room, and
  then never go back again.
Anonymous is the future form of Internet-based social activism.
  They laud the "hactivists" for their actions.
Underground Toolkit Arms Hackers For Java Flaw
By Antone Gonsalves, CRN March 29, 2012 3:57 PM ET

A software toolkit popular among cyber-criminals has been updated
to include malicious code targeting a critical Java vulnerability that
experts say many Internet users have yet to patch.
…
A patch for the Java bug was released in February, but based on the
Java patching behavior of 28 million Internet users, Rapid7 estimates
that from 60 percent to 80 percent of computers running Java
are vulnerable. The bug affects all operating systems, including
Windows, starting with XP, Ubuntu and Mac OS X.

In general, up to 60 percent of Java installations are never
updated to the latest version, according to Rapid7.

http://www.crn.com/news/security/232700528/underground-toolkit-
arms-hackers-for-java-flaw.htm;jsessionid=aN-
QwyraKe6tlMxNtzWh5A**.ecappj03?cid=nl_sec
Federal Statute 2B1.1. - Protected Computer - Civil Penalty

Protected Computer Cases.--In the case of an offense involving
unlawfully accessing, or exceeding authorized access to, a "protected
computer" as defined in 18 U.S.C. § 1030(e)(2), actual loss includes
the following pecuniary harm, regardless of whether such pecuniary
harm was reasonably foreseeable: reasonable costs to the victim of
conducting a damage assessment, and restoring the system and data
to their condition prior to the offense, and any lost revenue due to
interruption of service.

(B) Gain.--The court shall use the gain that resulted from the offense
as an alternative measure of loss only if there is a loss but it
reasonably cannot be determined.

(C) Estimation of Loss.--The court need only make a reasonable
estimate of the loss. The sentencing judge is in a unique position to
assess the evidence and estimate the loss based upon that evidence.
Why Do People Hack

    To make security stronger ( Ethical Hacking )

    Just for fun

    Show off

    Hack other systems secretly

    Notify many people their thought

    Steal important information

    Destroy enemy’s computer network during
    the war
What is Ethical Hacking
Also Called – Attack & Penetration Testing, White-hat hacking,
Red teaming
•It is Legal
•Permission is obtained from the target
•Part of an overall security program
•Identify vulnerabilities visible from the Internet
•Ethical hackers possesses same skills, mindset and tools of
     a hacker but the attacks are done in a non-destructive manner

Hacking
Process of breaking into systems for:
Personal or Commercial Gains
Malicious Intent – Causing sever damage to Information & Assets
Conforming to accepted professional standards of conduct
Types of Hackers

    White Hat Hackers:
    
        A White Hat who specializes in penetration testing and in other
        testing methodologies to ensure the security of an organization's
        information systems.

    Black Hat Hackers:
    
        A Black Hat is the villain or bad guy, especially in a western movie in
        which such a character would stereotypically wear a black hat in
        contrast to the hero's white hat.

    Gray Hat Hackers:
    
        A Grey Hat, in the hacking community, refers to a skilled hacker
        whose activities fall somewhere between white and black hat
        hackers on a variety of spectra
Why Can’t We Defend Against Hackers?

• There are many unknown security hole
• Hackers need to know only one security hole to
  hack the system
• Admin need to know all security holes to defend
  the system
Why Do We Need Ethical Hacking
          Protection from possible External Attacks
                                Social
                              Engineering
                                              Automated
 Organizational                                Attacks
   Attacks



               Restricted
                 Data

 Accidental
 Breaches in
  Security                                      Denial of
                            Viruses, Trojan   Service (DoS)
                                Horses,
                              and Worms
Ethical Hacking - Commandments
 Working Ethically
    Trustworthiness
    Misuse for personal gain
 Respecting Privacy
 Not Crashing the Systems
What do hackers do after hacking? (1)

• Patch security hole
   • The other hackers can’t intrude
• Clear logs and hide themselves
• Install rootkit ( backdoor )
   • The hacker who hacked the system can use the
     system later
   • It contains trojan virus, and so on
• Install irc related program
   • identd, irc, bitchx, eggdrop, bnc
What do hackers do after hacking? (2)

• Install scanner program
   • mscan, sscan, nmap
• Install exploit program
• Install denial of service program
• Use all of installed programs silently
Basic Knowledge Required

    The basic knowledge that an Ethical Hacker should have about different
    fields, is as follows:

    Should have basic knowledge of ethical and permissible issues

    Should have primary level knowledge of session hijacking

    Should know about hacking wireless networks

    Should be good in sniffing

    Should know how to handle virus and worms

    Should have the basic knowledge of cryptography

    Should have the basic knowledge of accounts administration

    Should know how to perform system hacking
Basic Knowledge Required (con’t)

    Should have the knowledge of physical infrastructure hacking

    Should have the primary knowledge of social engineering

    Should know to how to do sacking of web servers

    Should have the basic knowledge of web application weakness

    Should have the knowledge of web based password breaking procedure

    Should have the basic knowledge of SQL injection

    Should know how to hack Linux

    Should have the knowledge of IP hacking

    Should have the knowledge of application hacking
Denial of Service
If an attacker is unsuccessful in gaining access, they may use readily
   available exploit code to disable a target as a last resort

    Techniques
    
        SYN flood
    
        ICMP techniques
    
        Identical SYN requests
    
        Overlapping fragment/offset bugs
    
        Out of bounds TCP options (OOB)
    
        DDoS
How Can We Protect The System?

    Patch security hole often

    Encrypt important data
     
       Ex) pgp, ssh

    Do not run unused daemon

    Remove unused setuid/setgid program

    Setup loghost
    •
        Backup the system often

    Setup firewall

    Setup IDS
     
       Ex) snort
What should do after hacked?

    Shutdown the system
    
        Or turn off the system

    Separate the system from network

    Restore the system with the backup
    
        Or reinstall all programs

    Connect the system to the network
Many topics of hacking still remain to be covered and there are
  more slides in this presentation for your review later.




                     Thank You !!!
Ethical Hacking - Process
1. Preparation
2. Foot Printing
3. Enumeration & Fingerprinting
4. Identification of Vulnerabilities
5. Attack – Exploit the Vulnerabilities
6. Gaining Access
7. Escalating Privilege
8. Covering Tracks
9. Creating Back Doors
1.Preparation
 Identification of Targets – company websites, mail
  servers, extranets, etc.
 Signing of Contract
   Agreement on protection against any legal issues
   Contracts to clearly specifies the limits and dangers of the
    test
   Specifics on Denial of Service Tests, Social Engineering,
    etc.
   Time window for Attacks
   Total time for the testing
   Prior Knowledge of the systems
   Key people who are made aware of the testing
2.Footprinting
Collecting as much information about the target
 DNS Servers
 IP Ranges
 Administrative Contacts
 Problems revealed by administrators

Information Sources
 Search engines
 Forums
 Databases – whois, ripe, arin, apnic
 Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
3.Enumeration & Fingerprinting
 Specific targets determined
 Identification of Services / open ports
 Operating System Enumeration

Methods
 Banner grabbing
 Responses to various protocol (ICMP &TCP) commands
 Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc.

Tools
 Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP
  Scanner
4.Identification of Vulnerabilities
Vulnerabilities

 Insecure Configuration
 Weak passwords
 Unpatched vulnerabilities in services, Operating systems,
  applications
 Possible Vulnerabilities in Services, Operating Systems
 Insecure programming
 Weak Access Control
4.Identification of Vulnerabilities
Methods
 Unpatched / Possible Vulnerabilities – Tools, Vulnerability
  information Websites
 Weak Passwords – Default Passwords, Brute force, Social
  Engineering, Listening to Traffic
 Insecure Programming – SQL Injection, Listening to Traffic
 Weak Access Control – Using the Application Logic, SQL
  Injection
4.Identification of Vulnerabilities
Tools
Vulnerability Scanners - Nessus, ISS, SARA, SAINT
Listening to Traffic – Ethercap, tcpdump
Password Crackers – John the ripper, LC4, Pwdump
Intercepting Web Traffic – Achilles, Whisker, Legion

Websites
 Common Vulnerabilities & Exposures – http://cve.mitre.org
 Bugtraq – www.securityfocus.com
 Other Vendor Websites
5.Attack – Exploit the Vulnerabilities
 Obtain as much information (trophies) from the Target
  Asset
 Gaining Normal Access
 Escalation of privileges
 Obtaining access to other connected systems

Last Ditch Effort – Denial of Service
5.Attack – Exploit the Vulnerabilities
Network Infrastructure Attacks
 Connecting to the network through modem
 Weaknesses in TCP / IP, NetBIOS
 Flooding the network to cause DOS

Operating System Attacks
   Attacking Authentication Systems
   Exploiting Protocol Implementations
   Exploiting Insecure configuration
   Breaking File-System Security
5.Attack – Exploit the Vulnerabilities
Application Specific Attacks
 Exploiting implementations of HTTP, SMTP protocols
 Gaining access to application Databases
 SQL Injection
 Spamming
5.Attack – Exploit the Vulnerabilities
Exploits
 Free exploits from Hacker Websites
 Customised free exploits
 Internally Developed

Tools – Nessus, Metasploit Framework,
6. Gaining access:

    Enough data has been gathered at this point to make an informed
    attempt to access the target

    Techniques
    
        Password eavesdropping
    
        File share brute forcing
    
        Password file grab
    
        Buffer overflows
7. Escalating Privileges

    If only user-level access was obtained in the last step, the attacker will
    now seek to gain complete control of the system

    Techniques
     
         Password cracking
     
         Known exploits
8. Covering Tracks

     Once total ownership of the target is
    secured, hiding this fact from system
    administrators becomes paramount, lest
    they quickly end the romp.

    Techniques
    
        Clear logs
    
        Hide tools
9. Creating Back Doors

    Trap doors will be laid in various parts of the system to ensure that
    privileged access is easily regained at the whim of the intruder

    Techniques
     
         Create rogue user accounts
     
         Schedule batch jobs
     
         Infect startup files
     
         Plant remote control services
     
         Install monitoring mechanisms
     
         Replace apps with trojans

More Related Content

What's hot

Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
Divyank Jindal
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
himanshujoshi238
 
ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION
Yash Shukla
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
Edureka!
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
ankit sarode
 
Cyber security
Cyber securityCyber security
Cyber security
Pihu Goel
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
chrizjohn896
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Suryansh Srivastava
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Sanu Subham
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Anumadil1
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
Vikram Khanna
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Naveen Sihag
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Namrata Raiyani
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Alapan Banerjee
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Nitheesh Adithyan
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
AnshumaanTiwari2
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types  Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types  Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Qazi Anwar
 
Ethical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu aroraEthical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu arora
VaishnaviKhandelwal6
 

What's hot (20)

Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Cyber security
Cyber securityCyber security
Cyber security
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types  Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types  Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
 
Ethical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu aroraEthical hacking ppt by shantanu arora
Ethical hacking ppt by shantanu arora
 

Similar to Ethical Hacking

Ethichack 2012
Ethichack 2012Ethichack 2012
Ethichack 2012
santhosh kumarRG
 
Summer training in jaipur
Summer training in jaipurSummer training in jaipur
Summer training in jaipur
cyber cure
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking ppt
Shravan Sanidhya
 
Ethical-Hacking-ppt.pptx
Ethical-Hacking-ppt.pptxEthical-Hacking-ppt.pptx
Ethical-Hacking-ppt.pptx
MaheshDhope1
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
VishnuVarma47
 
CSSE-Ethical-Hacking-ppt.pptx
CSSE-Ethical-Hacking-ppt.pptxCSSE-Ethical-Hacking-ppt.pptx
CSSE-Ethical-Hacking-ppt.pptx
VishnuVarma47
 
Ethical Hacking.pptx
Ethical Hacking.pptxEthical Hacking.pptx
Ethical Hacking.pptx
achint20
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
Harshil Barot
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Prabhat kumar Suman
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hacking
Waseem Rauf
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
SHAHID ANSARI
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
SHAHID ANSARI
 
ethical hacking
ethical hackingethical hacking
ethical hacking
samprada123
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
aashish2cool4u
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Chetanmalviya8
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi          .pptxEthical Hacking justvamshi          .pptx
Ethical Hacking justvamshi .pptx
vamshimatangi
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
Shivam Sahu
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical Hacking
IRJET Journal
 
Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking Overview
Subhoneel Datta
 

Similar to Ethical Hacking (20)

Ethichack 2012
Ethichack 2012Ethichack 2012
Ethichack 2012
 
Summer training in jaipur
Summer training in jaipurSummer training in jaipur
Summer training in jaipur
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking ppt
 
Ethical-Hacking-ppt.pptx
Ethical-Hacking-ppt.pptxEthical-Hacking-ppt.pptx
Ethical-Hacking-ppt.pptx
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
 
CSSE-Ethical-Hacking-ppt.pptx
CSSE-Ethical-Hacking-ppt.pptxCSSE-Ethical-Hacking-ppt.pptx
CSSE-Ethical-Hacking-ppt.pptx
 
Ethical Hacking.pptx
Ethical Hacking.pptxEthical Hacking.pptx
Ethical Hacking.pptx
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hacking
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
ethical hacking
ethical hackingethical hacking
ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi          .pptxEthical Hacking justvamshi          .pptx
Ethical Hacking justvamshi .pptx
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical Hacking
 
Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking Overview
 

More from Keith Brooks

Yes, It's Number One it's TOTP!
Yes, It's Number One it's TOTP!Yes, It's Number One it's TOTP!
Yes, It's Number One it's TOTP!
Keith Brooks
 
Hacking Administrators
Hacking AdministratorsHacking Administrators
Hacking Administrators
Keith Brooks
 
Modernizing Rooms and Resources Functionality
Modernizing Rooms and Resources FunctionalityModernizing Rooms and Resources Functionality
Modernizing Rooms and Resources Functionality
Keith Brooks
 
Shoot me NOW! The Life and Death of an O365 Admin and User
Shoot me NOW! The Life and Death of an O365 Admin and UserShoot me NOW! The Life and Death of an O365 Admin and User
Shoot me NOW! The Life and Death of an O365 Admin and User
Keith Brooks
 
To Home, To Work, To Home, To Collabsphere!
To Home, To Work, To Home, To Collabsphere!To Home, To Work, To Home, To Collabsphere!
To Home, To Work, To Home, To Collabsphere!
Keith Brooks
 
Decks Matter, And Other startup Font Tales
Decks Matter, And Other startup Font TalesDecks Matter, And Other startup Font Tales
Decks Matter, And Other startup Font Tales
Keith Brooks
 
Domino Administration Wizardry - Dark Arts Edition
Domino Administration Wizardry - Dark Arts EditionDomino Administration Wizardry - Dark Arts Edition
Domino Administration Wizardry - Dark Arts Edition
Keith Brooks
 
Admin Hacks for Users and Admins Sanity
Admin Hacks for Users and Admins SanityAdmin Hacks for Users and Admins Sanity
Admin Hacks for Users and Admins Sanity
Keith Brooks
 
ISBG / NCUG Why Didn't Anyone Tell Me Notes Could Do That
ISBG / NCUG Why Didn't Anyone Tell Me Notes Could Do ThatISBG / NCUG Why Didn't Anyone Tell Me Notes Could Do That
ISBG / NCUG Why Didn't Anyone Tell Me Notes Could Do That
Keith Brooks
 
Why This Global Law Firm Does Not Miss Deadlines
Why This Global Law Firm Does Not Miss DeadlinesWhy This Global Law Firm Does Not Miss Deadlines
Why This Global Law Firm Does Not Miss Deadlines
Keith Brooks
 
Shout IT Out loud
Shout IT Out loudShout IT Out loud
Shout IT Out loud
Keith Brooks
 
Pointing Fingers? DDM to the Rescue
Pointing Fingers? DDM to the RescuePointing Fingers? DDM to the Rescue
Pointing Fingers? DDM to the Rescue
Keith Brooks
 
Breaking the Unwritten Rules to Help Your Users
Breaking the Unwritten Rules to Help Your UsersBreaking the Unwritten Rules to Help Your Users
Breaking the Unwritten Rules to Help Your Users
Keith Brooks
 
I'm a LEGO Man Living in a Duplo World
I'm a LEGO Man Living in a Duplo WorldI'm a LEGO Man Living in a Duplo World
I'm a LEGO Man Living in a Duplo World
Keith Brooks
 
Presentation on Soft Skills, Hard Skills, Body Language and More
Presentation on Soft Skills, Hard Skills, Body Language and MorePresentation on Soft Skills, Hard Skills, Body Language and More
Presentation on Soft Skills, Hard Skills, Body Language and More
Keith Brooks
 
Faster Translations Start With A Faster Computer
Faster Translations Start With A Faster ComputerFaster Translations Start With A Faster Computer
Faster Translations Start With A Faster Computer
Keith Brooks
 
IBM Sametime 9 Installation Woes and Proactive Repairs by Keith Brooks
IBM Sametime 9 Installation Woes and Proactive Repairs by Keith BrooksIBM Sametime 9 Installation Woes and Proactive Repairs by Keith Brooks
IBM Sametime 9 Installation Woes and Proactive Repairs by Keith Brooks
Keith Brooks
 
One Firm's Wild Ride to The Cloud
One Firm's Wild Ride to The CloudOne Firm's Wild Ride to The Cloud
One Firm's Wild Ride to The Cloud
Keith Brooks
 
18+ Ways To Help Clients Love You
18+ Ways To Help Clients Love You18+ Ways To Help Clients Love You
18+ Ways To Help Clients Love You
Keith Brooks
 
Advanced Backups
Advanced BackupsAdvanced Backups
Advanced Backups
Keith Brooks
 

More from Keith Brooks (20)

Yes, It's Number One it's TOTP!
Yes, It's Number One it's TOTP!Yes, It's Number One it's TOTP!
Yes, It's Number One it's TOTP!
 
Hacking Administrators
Hacking AdministratorsHacking Administrators
Hacking Administrators
 
Modernizing Rooms and Resources Functionality
Modernizing Rooms and Resources FunctionalityModernizing Rooms and Resources Functionality
Modernizing Rooms and Resources Functionality
 
Shoot me NOW! The Life and Death of an O365 Admin and User
Shoot me NOW! The Life and Death of an O365 Admin and UserShoot me NOW! The Life and Death of an O365 Admin and User
Shoot me NOW! The Life and Death of an O365 Admin and User
 
To Home, To Work, To Home, To Collabsphere!
To Home, To Work, To Home, To Collabsphere!To Home, To Work, To Home, To Collabsphere!
To Home, To Work, To Home, To Collabsphere!
 
Decks Matter, And Other startup Font Tales
Decks Matter, And Other startup Font TalesDecks Matter, And Other startup Font Tales
Decks Matter, And Other startup Font Tales
 
Domino Administration Wizardry - Dark Arts Edition
Domino Administration Wizardry - Dark Arts EditionDomino Administration Wizardry - Dark Arts Edition
Domino Administration Wizardry - Dark Arts Edition
 
Admin Hacks for Users and Admins Sanity
Admin Hacks for Users and Admins SanityAdmin Hacks for Users and Admins Sanity
Admin Hacks for Users and Admins Sanity
 
ISBG / NCUG Why Didn't Anyone Tell Me Notes Could Do That
ISBG / NCUG Why Didn't Anyone Tell Me Notes Could Do ThatISBG / NCUG Why Didn't Anyone Tell Me Notes Could Do That
ISBG / NCUG Why Didn't Anyone Tell Me Notes Could Do That
 
Why This Global Law Firm Does Not Miss Deadlines
Why This Global Law Firm Does Not Miss DeadlinesWhy This Global Law Firm Does Not Miss Deadlines
Why This Global Law Firm Does Not Miss Deadlines
 
Shout IT Out loud
Shout IT Out loudShout IT Out loud
Shout IT Out loud
 
Pointing Fingers? DDM to the Rescue
Pointing Fingers? DDM to the RescuePointing Fingers? DDM to the Rescue
Pointing Fingers? DDM to the Rescue
 
Breaking the Unwritten Rules to Help Your Users
Breaking the Unwritten Rules to Help Your UsersBreaking the Unwritten Rules to Help Your Users
Breaking the Unwritten Rules to Help Your Users
 
I'm a LEGO Man Living in a Duplo World
I'm a LEGO Man Living in a Duplo WorldI'm a LEGO Man Living in a Duplo World
I'm a LEGO Man Living in a Duplo World
 
Presentation on Soft Skills, Hard Skills, Body Language and More
Presentation on Soft Skills, Hard Skills, Body Language and MorePresentation on Soft Skills, Hard Skills, Body Language and More
Presentation on Soft Skills, Hard Skills, Body Language and More
 
Faster Translations Start With A Faster Computer
Faster Translations Start With A Faster ComputerFaster Translations Start With A Faster Computer
Faster Translations Start With A Faster Computer
 
IBM Sametime 9 Installation Woes and Proactive Repairs by Keith Brooks
IBM Sametime 9 Installation Woes and Proactive Repairs by Keith BrooksIBM Sametime 9 Installation Woes and Proactive Repairs by Keith Brooks
IBM Sametime 9 Installation Woes and Proactive Repairs by Keith Brooks
 
One Firm's Wild Ride to The Cloud
One Firm's Wild Ride to The CloudOne Firm's Wild Ride to The Cloud
One Firm's Wild Ride to The Cloud
 
18+ Ways To Help Clients Love You
18+ Ways To Help Clients Love You18+ Ways To Help Clients Love You
18+ Ways To Help Clients Love You
 
Advanced Backups
Advanced BackupsAdvanced Backups
Advanced Backups
 

Recently uploaded

Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
itnewsafrica
 
MEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final PresentationMEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final Presentation
PhysicsUtu
 
Top Digital Marketing Strategy in 2024.pdf
Top Digital Marketing Strategy in 2024.pdfTop Digital Marketing Strategy in 2024.pdf
Top Digital Marketing Strategy in 2024.pdf
Top IT Marketing
 
Zodiac Signs and Fashion: Dressing to Suit Your Astrological Style
Zodiac Signs and Fashion: Dressing to Suit Your Astrological StyleZodiac Signs and Fashion: Dressing to Suit Your Astrological Style
Zodiac Signs and Fashion: Dressing to Suit Your Astrological Style
my Pandit
 
High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...
High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...
High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...
dimplekumaridk322
 
Data Analytics and AI Strategy Toolkit, Playbook and Templates
Data Analytics and AI Strategy Toolkit, Playbook and TemplatesData Analytics and AI Strategy Toolkit, Playbook and Templates
Data Analytics and AI Strategy Toolkit, Playbook and Templates
Aurelien Domont, MBA
 
The-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptx
The-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptxThe-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptx
The-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptx
Jindal Global University, Sonipat Haryana 131001
 
PETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAA
PETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAAPETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAA
PETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAA
lawrenceads01
 
Managing Customer & User Experience of Customers
Managing Customer & User Experience of CustomersManaging Customer & User Experience of Customers
Managing Customer & User Experience of Customers
SalmanTahir60
 
Test Bank For Principles Of Cost Accounting, 17th Edition Edward J. Vander...
Test Bank For Principles Of Cost Accounting, 	  17th Edition Edward J. Vander...Test Bank For Principles Of Cost Accounting, 	  17th Edition Edward J. Vander...
Test Bank For Principles Of Cost Accounting, 17th Edition Edward J. Vander...
kevinkariuki227
 
Unveiling the Latest Eternal IPTV Features for Seamless Streaming in 2024.pdf
Unveiling the Latest Eternal IPTV Features for Seamless Streaming in 2024.pdfUnveiling the Latest Eternal IPTV Features for Seamless Streaming in 2024.pdf
Unveiling the Latest Eternal IPTV Features for Seamless Streaming in 2024.pdf
Xtreame HDTV
 
Navigating Change Strategies for Effective Transition and Operational Plannin...
Navigating Change Strategies for Effective Transition and Operational Plannin...Navigating Change Strategies for Effective Transition and Operational Plannin...
Navigating Change Strategies for Effective Transition and Operational Plannin...
Brian Frerichs
 
Don’t Get Left Behind: Leveraging Modern Product Management Across the Organi...
Don’t Get Left Behind: Leveraging Modern Product Management Across the Organi...Don’t Get Left Behind: Leveraging Modern Product Management Across the Organi...
Don’t Get Left Behind: Leveraging Modern Product Management Across the Organi...
Aggregage
 
Patrick Dwyer Merrill Lynch - Founder of the Dwyer Family Foundation
Patrick Dwyer Merrill Lynch - Founder of the Dwyer Family FoundationPatrick Dwyer Merrill Lynch - Founder of the Dwyer Family Foundation
Patrick Dwyer Merrill Lynch - Founder of the Dwyer Family Foundation
Patrick Dwyer Merrill Lynch
 
Restaurant Chiraz Sindbad Hotel Hammamet
Restaurant Chiraz Sindbad Hotel HammametRestaurant Chiraz Sindbad Hotel Hammamet
Restaurant Chiraz Sindbad Hotel Hammamet
rihabkorbi24
 
Gym business MODEL .pdf .
Gym business MODEL .pdf                 .Gym business MODEL .pdf                 .
Gym business MODEL .pdf .
Divyanshu56740
 
TALENT ACQUISITION AND MANAGEMENT LECTURE 2
TALENT ACQUISITION AND MANAGEMENT LECTURE 2TALENT ACQUISITION AND MANAGEMENT LECTURE 2
TALENT ACQUISITION AND MANAGEMENT LECTURE 2
projectseasy
 
WAM Corporate Presentation July 2024.pdf
WAM Corporate Presentation July 2024.pdfWAM Corporate Presentation July 2024.pdf
WAM Corporate Presentation July 2024.pdf
Western Alaska Minerals Corp.
 
Cracking the Customer Experience Code.pptx
Cracking the Customer Experience Code.pptxCracking the Customer Experience Code.pptx
Cracking the Customer Experience Code.pptx
Workforce Group
 
1234567891011121314151617181920212223242
12345678910111213141516171819202122232421234567891011121314151617181920212223242
1234567891011121314151617181920212223242
fauzanal343
 

Recently uploaded (20)

Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
Anton Grutzmache- Ominisient: The Data Revolution in Banking: From Scoring Cr...
 
MEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final PresentationMEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final Presentation
 
Top Digital Marketing Strategy in 2024.pdf
Top Digital Marketing Strategy in 2024.pdfTop Digital Marketing Strategy in 2024.pdf
Top Digital Marketing Strategy in 2024.pdf
 
Zodiac Signs and Fashion: Dressing to Suit Your Astrological Style
Zodiac Signs and Fashion: Dressing to Suit Your Astrological StyleZodiac Signs and Fashion: Dressing to Suit Your Astrological Style
Zodiac Signs and Fashion: Dressing to Suit Your Astrological Style
 
High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...
High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...
High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...
 
Data Analytics and AI Strategy Toolkit, Playbook and Templates
Data Analytics and AI Strategy Toolkit, Playbook and TemplatesData Analytics and AI Strategy Toolkit, Playbook and Templates
Data Analytics and AI Strategy Toolkit, Playbook and Templates
 
The-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptx
The-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptxThe-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptx
The-Three-Pillars-of-Doctoral-Research-What-Why-and-How (1).pptx
 
PETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAA
PETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAAPETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAA
PETAVIT MICHAEL TAY.pdfAAAAAAAAAAAAAAAAAAAA
 
Managing Customer & User Experience of Customers
Managing Customer & User Experience of CustomersManaging Customer & User Experience of Customers
Managing Customer & User Experience of Customers
 
Test Bank For Principles Of Cost Accounting, 17th Edition Edward J. Vander...
Test Bank For Principles Of Cost Accounting, 	  17th Edition Edward J. Vander...Test Bank For Principles Of Cost Accounting, 	  17th Edition Edward J. Vander...
Test Bank For Principles Of Cost Accounting, 17th Edition Edward J. Vander...
 
Unveiling the Latest Eternal IPTV Features for Seamless Streaming in 2024.pdf
Unveiling the Latest Eternal IPTV Features for Seamless Streaming in 2024.pdfUnveiling the Latest Eternal IPTV Features for Seamless Streaming in 2024.pdf
Unveiling the Latest Eternal IPTV Features for Seamless Streaming in 2024.pdf
 
Navigating Change Strategies for Effective Transition and Operational Plannin...
Navigating Change Strategies for Effective Transition and Operational Plannin...Navigating Change Strategies for Effective Transition and Operational Plannin...
Navigating Change Strategies for Effective Transition and Operational Plannin...
 
Don’t Get Left Behind: Leveraging Modern Product Management Across the Organi...
Don’t Get Left Behind: Leveraging Modern Product Management Across the Organi...Don’t Get Left Behind: Leveraging Modern Product Management Across the Organi...
Don’t Get Left Behind: Leveraging Modern Product Management Across the Organi...
 
Patrick Dwyer Merrill Lynch - Founder of the Dwyer Family Foundation
Patrick Dwyer Merrill Lynch - Founder of the Dwyer Family FoundationPatrick Dwyer Merrill Lynch - Founder of the Dwyer Family Foundation
Patrick Dwyer Merrill Lynch - Founder of the Dwyer Family Foundation
 
Restaurant Chiraz Sindbad Hotel Hammamet
Restaurant Chiraz Sindbad Hotel HammametRestaurant Chiraz Sindbad Hotel Hammamet
Restaurant Chiraz Sindbad Hotel Hammamet
 
Gym business MODEL .pdf .
Gym business MODEL .pdf                 .Gym business MODEL .pdf                 .
Gym business MODEL .pdf .
 
TALENT ACQUISITION AND MANAGEMENT LECTURE 2
TALENT ACQUISITION AND MANAGEMENT LECTURE 2TALENT ACQUISITION AND MANAGEMENT LECTURE 2
TALENT ACQUISITION AND MANAGEMENT LECTURE 2
 
WAM Corporate Presentation July 2024.pdf
WAM Corporate Presentation July 2024.pdfWAM Corporate Presentation July 2024.pdf
WAM Corporate Presentation July 2024.pdf
 
Cracking the Customer Experience Code.pptx
Cracking the Customer Experience Code.pptxCracking the Customer Experience Code.pptx
Cracking the Customer Experience Code.pptx
 
1234567891011121314151617181920212223242
12345678910111213141516171819202122232421234567891011121314151617181920212223242
1234567891011121314151617181920212223242
 

Ethical Hacking

  • 1. Ethical Hacking Keith Brooks CIO and Director of Services Vanessa Brooks, Inc. Twitter/Skype: lotusevangelist keith@vanessabrooks.com Adapted from Zephyr Gauray’s slides found here: http://www.slideworld.com/slideshow.aspx/Ethical-Hacking-ppt-2766165 And from Achyut Paudel’s slides found here: http://www.wiziq.com/tutorial/183883-Computer-security-and-ethical-hacking-slide And from This Research Paper: http://www.theecommercesolution.com/usefull_links/ethical_hacking.php
  • 2. “How often have I said to you that when you have eliminated the impossible, whatever remains, however improbable, must be the truth? “ Or a modern variation: "If you eliminate the impossible, whatever remains, however improbable, must be the truth." 2nd Quote is from Spock in Star Trek (2009) but really from Sir Arthur Conan Doyle’s infamous Detective, Sherlock Holmes as seen above
  • 3. Anonymous As for the literal operation of Anonymous, becoming part of it is as simple as going onto its Internet Relay Chat forums and typing away. The real-life people involved in Anonymous could be behind their laptops anywhere, from an Internet café in Malaysia to a Michigan suburb. Anonymous appears to have no spokesperson or leader. One could participate for a minute or a day in a chat room, and then never go back again. Anonymous is the future form of Internet-based social activism. They laud the "hactivists" for their actions.
  • 4. Underground Toolkit Arms Hackers For Java Flaw By Antone Gonsalves, CRN March 29, 2012 3:57 PM ET A software toolkit popular among cyber-criminals has been updated to include malicious code targeting a critical Java vulnerability that experts say many Internet users have yet to patch. … A patch for the Java bug was released in February, but based on the Java patching behavior of 28 million Internet users, Rapid7 estimates that from 60 percent to 80 percent of computers running Java are vulnerable. The bug affects all operating systems, including Windows, starting with XP, Ubuntu and Mac OS X. In general, up to 60 percent of Java installations are never updated to the latest version, according to Rapid7. http://www.crn.com/news/security/232700528/underground-toolkit- arms-hackers-for-java-flaw.htm;jsessionid=aN- QwyraKe6tlMxNtzWh5A**.ecappj03?cid=nl_sec
  • 5. Federal Statute 2B1.1. - Protected Computer - Civil Penalty Protected Computer Cases.--In the case of an offense involving unlawfully accessing, or exceeding authorized access to, a "protected computer" as defined in 18 U.S.C. § 1030(e)(2), actual loss includes the following pecuniary harm, regardless of whether such pecuniary harm was reasonably foreseeable: reasonable costs to the victim of conducting a damage assessment, and restoring the system and data to their condition prior to the offense, and any lost revenue due to interruption of service. (B) Gain.--The court shall use the gain that resulted from the offense as an alternative measure of loss only if there is a loss but it reasonably cannot be determined. (C) Estimation of Loss.--The court need only make a reasonable estimate of the loss. The sentencing judge is in a unique position to assess the evidence and estimate the loss based upon that evidence.
  • 6. Why Do People Hack  To make security stronger ( Ethical Hacking )  Just for fun  Show off  Hack other systems secretly  Notify many people their thought  Steal important information  Destroy enemy’s computer network during the war
  • 7. What is Ethical Hacking Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming •It is Legal •Permission is obtained from the target •Part of an overall security program •Identify vulnerabilities visible from the Internet •Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Conforming to accepted professional standards of conduct
  • 8. Types of Hackers  White Hat Hackers:  A White Hat who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.  Black Hat Hackers:  A Black Hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat.  Gray Hat Hackers:  A Grey Hat, in the hacking community, refers to a skilled hacker whose activities fall somewhere between white and black hat hackers on a variety of spectra
  • 9. Why Can’t We Defend Against Hackers? • There are many unknown security hole • Hackers need to know only one security hole to hack the system • Admin need to know all security holes to defend the system
  • 10. Why Do We Need Ethical Hacking Protection from possible External Attacks Social Engineering Automated Organizational Attacks Attacks Restricted Data Accidental Breaches in Security Denial of Viruses, Trojan Service (DoS) Horses, and Worms
  • 11. Ethical Hacking - Commandments  Working Ethically  Trustworthiness  Misuse for personal gain  Respecting Privacy  Not Crashing the Systems
  • 12. What do hackers do after hacking? (1) • Patch security hole • The other hackers can’t intrude • Clear logs and hide themselves • Install rootkit ( backdoor ) • The hacker who hacked the system can use the system later • It contains trojan virus, and so on • Install irc related program • identd, irc, bitchx, eggdrop, bnc
  • 13. What do hackers do after hacking? (2) • Install scanner program • mscan, sscan, nmap • Install exploit program • Install denial of service program • Use all of installed programs silently
  • 14. Basic Knowledge Required  The basic knowledge that an Ethical Hacker should have about different fields, is as follows:  Should have basic knowledge of ethical and permissible issues  Should have primary level knowledge of session hijacking  Should know about hacking wireless networks  Should be good in sniffing  Should know how to handle virus and worms  Should have the basic knowledge of cryptography  Should have the basic knowledge of accounts administration  Should know how to perform system hacking
  • 15. Basic Knowledge Required (con’t)  Should have the knowledge of physical infrastructure hacking  Should have the primary knowledge of social engineering  Should know to how to do sacking of web servers  Should have the basic knowledge of web application weakness  Should have the knowledge of web based password breaking procedure  Should have the basic knowledge of SQL injection  Should know how to hack Linux  Should have the knowledge of IP hacking  Should have the knowledge of application hacking
  • 16. Denial of Service If an attacker is unsuccessful in gaining access, they may use readily available exploit code to disable a target as a last resort  Techniques  SYN flood  ICMP techniques  Identical SYN requests  Overlapping fragment/offset bugs  Out of bounds TCP options (OOB)  DDoS
  • 17. How Can We Protect The System?  Patch security hole often  Encrypt important data  Ex) pgp, ssh  Do not run unused daemon  Remove unused setuid/setgid program  Setup loghost • Backup the system often  Setup firewall  Setup IDS  Ex) snort
  • 18. What should do after hacked?  Shutdown the system  Or turn off the system  Separate the system from network  Restore the system with the backup  Or reinstall all programs  Connect the system to the network
  • 19. Many topics of hacking still remain to be covered and there are more slides in this presentation for your review later. Thank You !!!
  • 20. Ethical Hacking - Process 1. Preparation 2. Foot Printing 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities 6. Gaining Access 7. Escalating Privilege 8. Covering Tracks 9. Creating Back Doors
  • 21. 1.Preparation  Identification of Targets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
  • 22. 2.Footprinting Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
  • 23. 3.Enumeration & Fingerprinting  Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
  • 24. 4.Identification of Vulnerabilities Vulnerabilities  Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
  • 25. 4.Identification of Vulnerabilities Methods  Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
  • 26. 4.Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
  • 27. 5.Attack – Exploit the Vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
  • 28. 5.Attack – Exploit the Vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
  • 29. 5.Attack – Exploit the Vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
  • 30. 5.Attack – Exploit the Vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
  • 31. 6. Gaining access:  Enough data has been gathered at this point to make an informed attempt to access the target  Techniques  Password eavesdropping  File share brute forcing  Password file grab  Buffer overflows
  • 32. 7. Escalating Privileges  If only user-level access was obtained in the last step, the attacker will now seek to gain complete control of the system  Techniques  Password cracking  Known exploits
  • 33. 8. Covering Tracks  Once total ownership of the target is secured, hiding this fact from system administrators becomes paramount, lest they quickly end the romp.  Techniques  Clear logs  Hide tools
  • 34. 9. Creating Back Doors  Trap doors will be laid in various parts of the system to ensure that privileged access is easily regained at the whim of the intruder  Techniques  Create rogue user accounts  Schedule batch jobs  Infect startup files  Plant remote control services  Install monitoring mechanisms  Replace apps with trojans

Editor's Notes

  1. Red teaming – used for the first time by US government for testing its systems early 90’s Black & white hat terminology comes from the Hollywood movies where good guys wear white hats and bad guys wear black hats