SlideShare a Scribd company logo
ETHICAL HACKING
A LICENCE TO HACK
BY PRABHAT KUMAR SUMAN
Follow me on facebook.com/prabhatksuman
 Ethical hackers are
motivated by different
reasons,but their purpose is
usually the same as that of
crackers: they’re trying to
determine what an intruder
can see on a network or
system and what the hacker
can do with that information
.This process of testing the
security of a system or
network is known as
penetration test or pen test.
Ethical hacking
 White Hat Hackers:
 A White Hat who specializes in penetration testing and in other
testing methodologies to ensure the security of an organization's
information systems.
 Black Hat Hackers:
 A Black Hat is the villain or bad guy, especially in a western movie in
which such a character would stereotypically wear a black hat in
contrast to the hero's white hat.
 Gray Hat Hackers:
 A Grey Hat, in the hacking community, refers to a skilled hacker
whose activities fall somewhere between white and black hat hackers
on a variety of spectra
 Hacking - showing computer expertise
 Cracking - breaching security on software or systems
 Phreaking - cracking telecom networks
 Spoofing - faking the originating IP address in a
datagram
 Denial of Service (DoS) - flooding a host with sufficient
network traffic so that it can’t respond anymore
 Port Scanning - searching for vulnerabilities
 Gain authorization from the client and have a signed contract
giving the tester permission to perform the test.
 Maintain and follow a nondisclosure agreement(NDA) with the
client in case of confidential information disclosed during the test.
 Maintain confidentiality when performing the test.Information
gathered may contain sensitive information.No information about
the test or company confidential data should ever be disclosed to
a third party
 Perform the test up to but beyond the agreed upon limits. For
example,DoS attacks should only be run as part of the test if they
have previously been agreed upon with the client.Loss of
revenue,goodwill, and worse could befall an organisation whose
server or application are unavailable to customers as a result of
test.
Why Do We Need Ethical Hacking
Viruses, Trojan
Horses,
and Worms
Social
Engineering
Automated
Attacks
Accidental
Breaches in
Security Denial of
Service (DoS)
Organizational
Attacks
Restricted
Data
Protection from possible External Attacks
 1969 - Unix ‘hacked’ together
 1971 - Cap ‘n Crunch phone exploit discovered
 1988 - Morris Internet worm crashes 6,000 servers
 1994 - $10 million transferred from CitiBank accounts
 1995 - Kevin Mitnick sentenced to 5 years in jail
 2000 - Major websites succumb to DDoS
 2000 - 15,700 credit and debit card numbers stolen fromWestern Union (haked while web
database was undergoing maintenance)
 2001 Code Red
 exploitedbug in MS IIS to penetrate & spread
 probes random IPs for systems running IIS
 had trigger time for denial-of-service attack
 2nd wave infected 360000 servers in 14 hours
 Code Red 2 - had backdoor installed to allow remote control
 Nimda -used multiple infection mechanisms email, shares, web client, IIS
 2002 – SlammerWorm brings web to its knees by attacking MS SQL Server
 To make security stronger ( Ethical Hacking )
 Just for fun
 Show off
 Hack other systems secretly
 Notify many people their thought
 Steal important information
 Destroy enemy’s computer network during
the war
 Hackers
 Access computer system or network without authorization
 Breaks the law; can go to prison
 Crackers
 Break into systems to steal or destroy data
 U.S. Department of Justice calls both hackers
 Ethical hacker
 Performs most of the same activities but with owner’s permission
Hands-On Ethical Hacking and Network Defense 10
 Buffer overflow attack.
 Denial of service(DoS) attacks.
 Distributed Denial of Service(DDoS) attacks
 Misconfigurations
 Abuse of trust
 Brute force attacks
 CGI andWWW services
 Backdoors andTrojans.
1.Preparation
2.Footprinting
3.Enumeration & Fingerprinting
4.Identitification of vulnerabilities
5.Attack :- Exploit the vulnerabilities
6.Gaining access
7.Escalating privilage
8.Covering tracks
9.Creating backdoors
 28.02.13The CyberThreat: Planning for theWay Ahead
 Director says network intrusions pose urgent threat to
nation’s security and economy.
 05.02.13Sextortion Cons Like ‘Bieber Ruse’Targeted Minor
Girls
 Tricks like an Alabama man’s claim to be Justin Bieber
target minors on social websites.
 Reconnaissance
 Scanning
 Gaining access
 MaintaingAccess
 Covering tracks
 Reconnaissance refers to the preparatory
phase where an attacker gathers as much
information as possible about the target
prior to launching the attack. Also in this
phase, the attacker draws on competitive
intelligence to learn more about the
target. This phase may also involve
network scanning,either external or
internal, without authorization
 Scanning is the method an attacker performs
prior to attacking the network. In scanning,
the attacker uses the details gathered during
reconnaissance to identify specific
vulnerabilities. Scanning can be considered a
logical extension (and overlap) of the active
reconnaissance. Often attackers use
automated tools such as network/host
scanners, and war dialers to locate systems
and attempt to discover vulnerabilities.
Ethical hacking
 Gaining access is the most important phase of
an attack in terms of potential damage.
Attackers need not always gain access to the
system to cause damage. For instance, denial-
of-service attacks can either exhaust resources
or stop services from running on the target
system. Stopping of service can be carried out by
killing processes, using a logic/time bomb, or
even reconfiguring and crashing the system.
Resources can be exhausted locally by filling up
outgoing communication links.
Ethical hacking
 Once an attacker gains access to the target
system, the attacker can choose to use both the
system and its resources, and further use the
system as a launch pad to scan and exploit other
systems, or to keep a low profile and continue
exploiting the system. Both these actions can
damage the organization. For instance, the
attacker can implement a sniffer to capture all
network traffic, including telnet and ftp sessions
with other systems.
Ethical hacking
 An attacker would like to destroy evidence of his/her presence and
activities for various reasons such as maintaining access and
evading punitive action. Erasing evidence of a compromise is a
requirement for any attacker who would like to remain obscure.
This is one of the best methods to evade trace back.This usually
starts with erasing the contaminated logins and any possible error
messages that may have been generated from the attack
process, e.g., a buffer overflow attack will usually leave a message
in the systemlogs. Next, the attention is turned to effecting
changes so that future logins are not logged. By manipulating and
tweaking the event logs, the system administrator can be
convinced that the output of his/her system is correct, and that no
intrusion or compromise has actually taken place
Ethical hacking
 To protect cyber crime
 To protect secret information of any country’s
secret information
 If you know how to rob somebody …..then
atleast you know how to protect your self.
 Never use computer of untrusted
person/Cyber Cafe for E-BANKING!!!
 Be careful in using PUBLICWI-FI
 Facebook can be FUN but if possible avoid
using FACEBOOK Apps
 Keep changing your PASSWORDS once in a
while !!!
 Be careful in usingTorrents
 Never leave your PC unattended
 Ethical hacking is more than running hacking tools
and gaining unauthorized access to system just to see
what is accessible.When performed by a security
professional, ethical hacking encompasses all aspects
of reconnsissance and information gathering ,a
structured approach, and post attack analysis. Ethical
hacker require in-depth knowledge of systems and
tools as well as a great deal of patience and restraint
to ensure no damage is done to the target systems.
Hacking can be performed ethically and in fact is
being mandated by government and the private
sector to ensure systems security.
Ethical hacking

More Related Content

What's hot

Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux ppt
AbhayNaik8
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Monika Deswal
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Keith Brooks
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Vivek Agarwal
 
Hacking
HackingHacking
Ethical hacking Presentation
Ethical hacking PresentationEthical hacking Presentation
Ethical hacking Presentation
AmbikaMalgatti
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
Ramiro Cid
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
Vikram Khanna
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Suryansh Srivastava
 
Spoofing
SpoofingSpoofing
Spoofing
Sanjeev
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
SHAHID ANSARI
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Sanu Subham
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Akash Dhiman
 
ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION
Yash Shukla
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
chrizjohn896
 

What's hot (20)

Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux ppt
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Hacking
HackingHacking
Hacking
 
Ethical hacking Presentation
Ethical hacking PresentationEthical hacking Presentation
Ethical hacking Presentation
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Spoofing
SpoofingSpoofing
Spoofing
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 

Viewers also liked

الگوریتم ژنتیک
الگوریتم ژنتیکالگوریتم ژنتیک
الگوریتم ژنتیک
saeedeh ezzati
 
توسعه هواشناسی کاربردی - تهک دستگاهی
توسعه هواشناسی کاربردی - تهک دستگاهیتوسعه هواشناسی کاربردی - تهک دستگاهی
توسعه هواشناسی کاربردی - تهک دستگاهی
Babak Asadi
 
Genetic
GeneticGenetic
Leis de escala
Leis de escalaLeis de escala
Leis de escala
Armando Vieira
 
Face recognition with age
Face recognition with ageFace recognition with age
Face recognition with age
Prabhat kumar Suman
 
An introduction to Big-Data processing applying hadoop
An introduction to Big-Data processing applying hadoopAn introduction to Big-Data processing applying hadoop
An introduction to Big-Data processing applying hadoop
Amir Sedighi
 
Genetic Algoritm
Genetic AlgoritmGenetic Algoritm
Genetic Algoritm
saeedeh ezzati
 
Ip mv workshop
Ip mv workshopIp mv workshop
Ip mv workshop
Seyed Yahya Moradi
 
Animetrics Webinar: How Law Enforcement is Closing Cases with Face Biometric ...
Animetrics Webinar: How Law Enforcement is Closing Cases with Face Biometric ...Animetrics Webinar: How Law Enforcement is Closing Cases with Face Biometric ...
Animetrics Webinar: How Law Enforcement is Closing Cases with Face Biometric ...
Animetrics
 
An introduction to bayesian statistics
An introduction to bayesian statisticsAn introduction to bayesian statistics
An introduction to bayesian statistics
John Tyndall
 
Hadoop 2.x HDFS Cluster Installation (VirtualBox)
Hadoop 2.x  HDFS Cluster Installation (VirtualBox)Hadoop 2.x  HDFS Cluster Installation (VirtualBox)
Hadoop 2.x HDFS Cluster Installation (VirtualBox)
Amir Sedighi
 
An Introduction to Elasticsearch for Beginners
An Introduction to Elasticsearch for BeginnersAn Introduction to Elasticsearch for Beginners
An Introduction to Elasticsearch for Beginners
Amir Sedighi
 
Boosting conversion rates on ecommerce using deep learning algorithms
Boosting conversion rates on ecommerce using deep learning algorithmsBoosting conversion rates on ecommerce using deep learning algorithms
Boosting conversion rates on ecommerce using deep learning algorithms
Armando Vieira
 
Elasticsearch 1.x Cluster Installation (VirtualBox)
Elasticsearch 1.x Cluster Installation (VirtualBox)Elasticsearch 1.x Cluster Installation (VirtualBox)
Elasticsearch 1.x Cluster Installation (VirtualBox)
Amir Sedighi
 
Big Data and Machine Learning Workshop - Day 2 @ UTACM
Big Data and Machine Learning Workshop - Day 2 @ UTACMBig Data and Machine Learning Workshop - Day 2 @ UTACM
Big Data and Machine Learning Workshop - Day 2 @ UTACM
Amir Sedighi
 
Distributed Data Processing Workshop - SBU
Distributed Data Processing Workshop - SBUDistributed Data Processing Workshop - SBU
Distributed Data Processing Workshop - SBU
Amir Sedighi
 
Augmented reality and virtual reality
Augmented reality and virtual realityAugmented reality and virtual reality
Augmented reality and virtual reality
Kamran Fartash Toloue
 
Pattern Recognition
Pattern RecognitionPattern Recognition
Pattern Recognition
Maaz Hasan
 
Big Data and Machine Learning Workshop - Day 6 @ UTACM
Big Data and Machine Learning Workshop - Day 6 @ UTACMBig Data and Machine Learning Workshop - Day 6 @ UTACM
Big Data and Machine Learning Workshop - Day 6 @ UTACM
Amir Sedighi
 

Viewers also liked (20)

الگوریتم ژنتیک
الگوریتم ژنتیکالگوریتم ژنتیک
الگوریتم ژنتیک
 
توسعه هواشناسی کاربردی - تهک دستگاهی
توسعه هواشناسی کاربردی - تهک دستگاهیتوسعه هواشناسی کاربردی - تهک دستگاهی
توسعه هواشناسی کاربردی - تهک دستگاهی
 
Genetic
GeneticGenetic
Genetic
 
Leis de escala
Leis de escalaLeis de escala
Leis de escala
 
Face recognition with age
Face recognition with ageFace recognition with age
Face recognition with age
 
An introduction to Big-Data processing applying hadoop
An introduction to Big-Data processing applying hadoopAn introduction to Big-Data processing applying hadoop
An introduction to Big-Data processing applying hadoop
 
Genetic Algoritm
Genetic AlgoritmGenetic Algoritm
Genetic Algoritm
 
Ip mv workshop
Ip mv workshopIp mv workshop
Ip mv workshop
 
Animetrics Webinar: How Law Enforcement is Closing Cases with Face Biometric ...
Animetrics Webinar: How Law Enforcement is Closing Cases with Face Biometric ...Animetrics Webinar: How Law Enforcement is Closing Cases with Face Biometric ...
Animetrics Webinar: How Law Enforcement is Closing Cases with Face Biometric ...
 
Fpga 2
Fpga 2Fpga 2
Fpga 2
 
An introduction to bayesian statistics
An introduction to bayesian statisticsAn introduction to bayesian statistics
An introduction to bayesian statistics
 
Hadoop 2.x HDFS Cluster Installation (VirtualBox)
Hadoop 2.x  HDFS Cluster Installation (VirtualBox)Hadoop 2.x  HDFS Cluster Installation (VirtualBox)
Hadoop 2.x HDFS Cluster Installation (VirtualBox)
 
An Introduction to Elasticsearch for Beginners
An Introduction to Elasticsearch for BeginnersAn Introduction to Elasticsearch for Beginners
An Introduction to Elasticsearch for Beginners
 
Boosting conversion rates on ecommerce using deep learning algorithms
Boosting conversion rates on ecommerce using deep learning algorithmsBoosting conversion rates on ecommerce using deep learning algorithms
Boosting conversion rates on ecommerce using deep learning algorithms
 
Elasticsearch 1.x Cluster Installation (VirtualBox)
Elasticsearch 1.x Cluster Installation (VirtualBox)Elasticsearch 1.x Cluster Installation (VirtualBox)
Elasticsearch 1.x Cluster Installation (VirtualBox)
 
Big Data and Machine Learning Workshop - Day 2 @ UTACM
Big Data and Machine Learning Workshop - Day 2 @ UTACMBig Data and Machine Learning Workshop - Day 2 @ UTACM
Big Data and Machine Learning Workshop - Day 2 @ UTACM
 
Distributed Data Processing Workshop - SBU
Distributed Data Processing Workshop - SBUDistributed Data Processing Workshop - SBU
Distributed Data Processing Workshop - SBU
 
Augmented reality and virtual reality
Augmented reality and virtual realityAugmented reality and virtual reality
Augmented reality and virtual reality
 
Pattern Recognition
Pattern RecognitionPattern Recognition
Pattern Recognition
 
Big Data and Machine Learning Workshop - Day 6 @ UTACM
Big Data and Machine Learning Workshop - Day 6 @ UTACMBig Data and Machine Learning Workshop - Day 6 @ UTACM
Big Data and Machine Learning Workshop - Day 6 @ UTACM
 

Similar to Ethical hacking

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
aashish2cool4u
 
Hacking.pptx
Hacking.pptxHacking.pptx
Hacking.pptx
Yogesh Chauhan
 
Computer security
Computer securityComputer security
Computer security
sruthiKrishnaG
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Aditya Vikram Singhania
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
prachi67
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
Shivam Sahu
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
chakrekevin
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
Harshil Barot
 
Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...
Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...
Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...
PavanKumarSurala
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
prosunghosh7
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Anumadil1
 
Ethical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptxEthical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptx
Nargis Parveen
 
EthicalHacking.pptx
EthicalHacking.pptxEthicalHacking.pptx
EthicalHacking.pptx
DrPrabakaranPerumal
 
my new HACKING
my new HACKINGmy new HACKING
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hacking
parag101
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Ritwick Mukherjee
 
Computer hacking
Computer hackingComputer hacking
Computer hacking
shreyas dani
 
Hacking
HackingHacking
Hacking
blues_mfi
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hacking
Waseem Rauf
 
The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking
- Mark - Fullbright
 

Similar to Ethical hacking (20)

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Hacking.pptx
Hacking.pptxHacking.pptx
Hacking.pptx
 
Computer security
Computer securityComputer security
Computer security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 
Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...
Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...
Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptxEthical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptx
 
EthicalHacking.pptx
EthicalHacking.pptxEthicalHacking.pptx
EthicalHacking.pptx
 
my new HACKING
my new HACKINGmy new HACKING
my new HACKING
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Computer hacking
Computer hackingComputer hacking
Computer hacking
 
Hacking
HackingHacking
Hacking
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hacking
 
The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking
 

Ethical hacking

  • 1. ETHICAL HACKING A LICENCE TO HACK BY PRABHAT KUMAR SUMAN Follow me on facebook.com/prabhatksuman
  • 2.  Ethical hackers are motivated by different reasons,but their purpose is usually the same as that of crackers: they’re trying to determine what an intruder can see on a network or system and what the hacker can do with that information .This process of testing the security of a system or network is known as penetration test or pen test.
  • 4.  White Hat Hackers:  A White Hat who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.  Black Hat Hackers:  A Black Hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat.  Gray Hat Hackers:  A Grey Hat, in the hacking community, refers to a skilled hacker whose activities fall somewhere between white and black hat hackers on a variety of spectra
  • 5.  Hacking - showing computer expertise  Cracking - breaching security on software or systems  Phreaking - cracking telecom networks  Spoofing - faking the originating IP address in a datagram  Denial of Service (DoS) - flooding a host with sufficient network traffic so that it can’t respond anymore  Port Scanning - searching for vulnerabilities
  • 6.  Gain authorization from the client and have a signed contract giving the tester permission to perform the test.  Maintain and follow a nondisclosure agreement(NDA) with the client in case of confidential information disclosed during the test.  Maintain confidentiality when performing the test.Information gathered may contain sensitive information.No information about the test or company confidential data should ever be disclosed to a third party  Perform the test up to but beyond the agreed upon limits. For example,DoS attacks should only be run as part of the test if they have previously been agreed upon with the client.Loss of revenue,goodwill, and worse could befall an organisation whose server or application are unavailable to customers as a result of test.
  • 7. Why Do We Need Ethical Hacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
  • 8.  1969 - Unix ‘hacked’ together  1971 - Cap ‘n Crunch phone exploit discovered  1988 - Morris Internet worm crashes 6,000 servers  1994 - $10 million transferred from CitiBank accounts  1995 - Kevin Mitnick sentenced to 5 years in jail  2000 - Major websites succumb to DDoS  2000 - 15,700 credit and debit card numbers stolen fromWestern Union (haked while web database was undergoing maintenance)  2001 Code Red  exploitedbug in MS IIS to penetrate & spread  probes random IPs for systems running IIS  had trigger time for denial-of-service attack  2nd wave infected 360000 servers in 14 hours  Code Red 2 - had backdoor installed to allow remote control  Nimda -used multiple infection mechanisms email, shares, web client, IIS  2002 – SlammerWorm brings web to its knees by attacking MS SQL Server
  • 9.  To make security stronger ( Ethical Hacking )  Just for fun  Show off  Hack other systems secretly  Notify many people their thought  Steal important information  Destroy enemy’s computer network during the war
  • 10.  Hackers  Access computer system or network without authorization  Breaks the law; can go to prison  Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers  Ethical hacker  Performs most of the same activities but with owner’s permission Hands-On Ethical Hacking and Network Defense 10
  • 11.  Buffer overflow attack.  Denial of service(DoS) attacks.  Distributed Denial of Service(DDoS) attacks  Misconfigurations  Abuse of trust  Brute force attacks  CGI andWWW services  Backdoors andTrojans.
  • 12. 1.Preparation 2.Footprinting 3.Enumeration & Fingerprinting 4.Identitification of vulnerabilities 5.Attack :- Exploit the vulnerabilities 6.Gaining access 7.Escalating privilage 8.Covering tracks 9.Creating backdoors
  • 13.  28.02.13The CyberThreat: Planning for theWay Ahead  Director says network intrusions pose urgent threat to nation’s security and economy.  05.02.13Sextortion Cons Like ‘Bieber Ruse’Targeted Minor Girls  Tricks like an Alabama man’s claim to be Justin Bieber target minors on social websites.
  • 14.  Reconnaissance  Scanning  Gaining access  MaintaingAccess  Covering tracks
  • 15.  Reconnaissance refers to the preparatory phase where an attacker gathers as much information as possible about the target prior to launching the attack. Also in this phase, the attacker draws on competitive intelligence to learn more about the target. This phase may also involve network scanning,either external or internal, without authorization
  • 16.  Scanning is the method an attacker performs prior to attacking the network. In scanning, the attacker uses the details gathered during reconnaissance to identify specific vulnerabilities. Scanning can be considered a logical extension (and overlap) of the active reconnaissance. Often attackers use automated tools such as network/host scanners, and war dialers to locate systems and attempt to discover vulnerabilities.
  • 18.  Gaining access is the most important phase of an attack in terms of potential damage. Attackers need not always gain access to the system to cause damage. For instance, denial- of-service attacks can either exhaust resources or stop services from running on the target system. Stopping of service can be carried out by killing processes, using a logic/time bomb, or even reconfiguring and crashing the system. Resources can be exhausted locally by filling up outgoing communication links.
  • 20.  Once an attacker gains access to the target system, the attacker can choose to use both the system and its resources, and further use the system as a launch pad to scan and exploit other systems, or to keep a low profile and continue exploiting the system. Both these actions can damage the organization. For instance, the attacker can implement a sniffer to capture all network traffic, including telnet and ftp sessions with other systems.
  • 22.  An attacker would like to destroy evidence of his/her presence and activities for various reasons such as maintaining access and evading punitive action. Erasing evidence of a compromise is a requirement for any attacker who would like to remain obscure. This is one of the best methods to evade trace back.This usually starts with erasing the contaminated logins and any possible error messages that may have been generated from the attack process, e.g., a buffer overflow attack will usually leave a message in the systemlogs. Next, the attention is turned to effecting changes so that future logins are not logged. By manipulating and tweaking the event logs, the system administrator can be convinced that the output of his/her system is correct, and that no intrusion or compromise has actually taken place
  • 24.  To protect cyber crime  To protect secret information of any country’s secret information  If you know how to rob somebody …..then atleast you know how to protect your self.
  • 25.  Never use computer of untrusted person/Cyber Cafe for E-BANKING!!!  Be careful in using PUBLICWI-FI  Facebook can be FUN but if possible avoid using FACEBOOK Apps  Keep changing your PASSWORDS once in a while !!!  Be careful in usingTorrents  Never leave your PC unattended
  • 26.  Ethical hacking is more than running hacking tools and gaining unauthorized access to system just to see what is accessible.When performed by a security professional, ethical hacking encompasses all aspects of reconnsissance and information gathering ,a structured approach, and post attack analysis. Ethical hacker require in-depth knowledge of systems and tools as well as a great deal of patience and restraint to ensure no damage is done to the target systems. Hacking can be performed ethically and in fact is being mandated by government and the private sector to ensure systems security.