Ethical hacking involves locating vulnerabilities in computer systems by simulating malicious hackers with permission. An ethical hacker tests security defenses by conducting penetration tests to identify weaknesses from an attacker's perspective in order to strengthen security. The process of ethical hacking involves preparation, information gathering, vulnerability analysis, simulated attacks, escalating access, covering tracks, and creating backdoors to access compromised systems. The goal is to improve security by identifying vulnerabilities before criminals can exploit them.

1. Ethical Hacking
a soft approach
1

2. Ethical hacking is also known as
penetration testing, intrusion testing,
or red teaming, is the controversial
act of locating weaknesses and
vulnerabilities of computer and
information systems by duplicating
the intent and actions of malicious
hackers.
2

3. An Ethical Hacker :
An ethical hacker is a security
professional who applies their hacking
skills for defensive purposes on behalf
of the owners of information systems.
By conducting penetration tests, an
ethical hacker looks after the
previously stored data.
3

4. To make security
stronger ( Ethical
Hacking )
Just for fun
Show off
Hack other systems
secretly
Notify many people
about their thought
4
Steal important
Why Do
People
Hack:

5. How is it
different from
Hacking??
• It is Legal
• Permission is obtained from
the target
• Part of an overall
security program
• Identify vulnerabilities
visible from the Internet
• Ethical hackers possesses
5
same skills, mindset and

6. What’s Hacking?
 Process of breaking into
systems for:
 Personal or
Commercial Gains
 Done with Malicious
Intent – Causing
severe damage to
6
Information & Assets

7. Types of Hackers:
I White Hat Hackers: A White Hat
who specializes in penetration
testing and in other testing
methodologies to ensure the
security of an organization's
information systems.
II Black Hat Hackers: A Black Hat
is the villain or bad guy,
especially in a western 7
movie in
which such a character would

8. Why We can’t defend against
Hackers?
•There are many unknown
security hole
•Hackers need to know only one
security hole to hack the
system
•Admin need to know all security
holes to defend the system
8

9. Ethical Hacking - Commandments
Working Ethically
Trustworthiness
Misuse for personal gain
Respecting privacy
Not crashing the systems
9

10. What Hackers do after
10
Hacking?
• Patch a security hole.
• Make sure that other
hackers can’t intrude.
• Clear logs and hide
themselves.
• Install rootkit (Backdoor).
• The hacker who hacked the
system can use the system
later.
• Contains a number of trojan
files and so on.

11. 11
Basic Knowledge
Required:
• Should have basic knowledge
of permissible issues
• Should know about hacking
wireless networks.
• Should know how to handle
viruses and worms.
• Should have basic knowledge
of cryptography.
• Should know how to perform
system hacking.
• Should have the knowledge

12. What to do after being
12
Hacked?
• Shutdown the system
or Turn off the
system
• Separate the system
from the network
• Restore the system
with the backup or
reinstall all
programs and setup a

13. Processes involved in Ethical Hacking-
I. Preparation
II. Foot printing
III.Enumeration & Fingerprinting
IV.Identification of Vulnerabilities
V. Attack – Exploit the Vulnerabilities
VI.Gaining Access
VII.Escalating Privilege
VIII.Covering Tracks
IX.Creating Backdoors
13

14. 14
1.
Preparatio
• Identificnation of
Targets – company
websites, mail
servers
• Agreement on
protection against
any legal issues
• Total time for the
testing

15. 15
2. Foot
printing Collection of as much
information about the
target as such:
# DNS Servers
# IP Ranges
# Administrative
Contacts
# Problems revealed
by the administrator
Information Sources:
# Search engines
# Databases

16. 3.Enumeration &
Fingerprinting  Specific targets
determined
 Identification of Services
/ open ports
 Operating System
Enumeration
Methods
• Port / Service Scans –
TCP Connect, TCP SYN, TCP
FIN, etc.
16
Tools

17. 4. Identification
of Vulnerabilities
• Weak passwords
• Insecure programming
• Insecure
configuration
• Weak access control
17
Vulnerabilities
Methods
• Using default
passwords
• SQL injection
and so on… Too
Nessus, ISlSs, SARA, Legion, SAINT, Ethercap, Whisker

18. 5. Attack – Exploit the
18
Vulnerabilities
• Obtain as much
information from the
target
• Gain normal access
• Obtain access to
other connected
systems
• Gaining access to
application Databases
• Spamming

19. 7. Escalating
Privileges
Techniques include
password cracking and
other known exploits.
8. Covering
Tracks
On total ownership
of the target is secured,
hiding this fact form 19
the
system administrators

20. 9. Creating
Backdoors Trap doors will be
laid in various parts
of the system to
ensure that
privileged access is
easily regained at
the whim of the
intruder.
20

21. 21
Thank you!!!
A presentation prepared Rohan
Raj
C.S.E. Vth
sem.