SlideShare a Scribd company logo

Ethical hacking-guide-infosec

CMR WORLD TECH
CMR WORLD TECH

Ethical hacking

Data & Analytics
1 of 10
Download to read offline
Guide Book © 2015 Foursys. All rights reserved Quick Start Guide to Ethical Hacking Includes: Example Lab with Kali Linux Written by Matt Ford, CEH
Guide Book © 2015 Foursys. All rights reserved WhatisEthicalHacking? The definition of Ethical Hacking as described by the Ethical Hacking Council is: “The goal of the ethical hacker is to help the organisation take pre-emptive measures against malicious attacks by attacking the system himself; all the while staying within legal limits.” The important factor in this description is that as an Ethical Hacker we “stay within the scope of our legal limits”. While a malicious attacker would not be constrained by these boundaries, it is imperative that as an Ethical Hacker we conform to a structured framework and a clear scope when providing internal or external Penetration Tests or Network Security Assessments, whether for the company we work for or as a contracted third party. So, as an Ethical Hacker, are our goals are to: • Give IT Administrators a more informed overview of their network • Find security weaknesses before hackers do • Enable Administrators to counteract those weaknesses • Understand how a potential hacker might think • Put pre-emptive measures in place to mitigate a security risk. There is also an important distinction to make with testing terminology, as “Pen Testing” is often used to cover all aspects. Vulnerability Scanning: Is the process of scanning your infrastructure for network vulnerabilities without the intent to exploit any vulnerabilities found. Penetration Testing: Goes one step beyond Vulnerability Scanning in that it endeavours to exploit any issues found. This could range from gaining access to machines, obtaining sensitive information or escalation privileges to enabling access to other areas on the network. Hence the scopes and goals for Penetration Testing can vary, depending on the requirements. Having said this, it is important not to underestimate the value a series of simple scans can offer without having to delve into the world of full-on Penetration Testing. These scans offer a fairly easy and inexpensive way of showing up holes across the network without the risks of potential exploitation methods that go with a hacking scenario, albeit that Penetration Testing or Ethical Hacking will result in a far more comprehensive network security report. In summary, while the goals of each Ethical Hacking engagement might be different (e.g. looking at data security or Domain Administrator access), it is always beneficial to get as close as possible to a “real world” scenario. Introduction In this Guide to Ethical Hacking, Matt Ford of Foursys sets out the definition, goals and processes involved in the use of ethical hacking. Using practical examples, the guide covers the 5 key phases of hacking typically used by hackers to gain access to networks that IT Administrators all too often believe are secure. From initial network and system reconnaissance of target networks, to scanning for possible areas of vulnerability, through gaining and maintaining access, to hiding the evidence of an attack, the Guide offers often thought-provoking insights into the techniques and secrets of malicious hackers. With example lab tests that can be readily used by IT professionals, the “Quick Start Guide to Ethical Hacking” offers a comprehensive look at the methods used, helping you stay a step ahead of the hackers by understanding their mind-set. Crucially, it will also help you put the necessary measures in place to prevent them compromising your network.
Guide Book © 2015 Foursys. All rights reserved Reconnaissance Reconnaissance is the “information gathering” phase around a target in preparation for an attack. This is often over looked by IT Administrators as they concentrate on the more technical side of their infrastructure, but the more information that can be gathered around a target, the easier it will be to narrow down the attack vector and increase the chances of the hack being successful. Gathering all this information will allow you to be more proficient with Social Engineering or Spear Phishing attacks, for example. © 2014 Foursys. All rights reserved CS-NSHCT/1014 The reconnaissance phase is often split into two further areas, Active and Passive. Passive allows you to collect data without any contact with the target, while active involves closer contact with the target and therefore more risk. When it comes to passive information gathering, numerous tools can be used to collate data from various sources and build a picture of your target. Network information is an obvious one such as gathering WHOIS or external IP details, but using various applications this process can be taken a step further by collecting metadata from documents, obtaining e-mail addresses, discovering usernames, understanding which products are in use and so on. Social media also lets you tie in certain individuals to a job role, or site location and used in conjunction with social engineering skills can result in a huge amount of information being put at your disposal. Many IT Administrators know this information is out there, but either fail to see a way of managing these details, or don’t see the dangers of all this information being presented in one report as particularly serious. Active reconnaissance involves the hacker interacting directly with the target in some way and will often bleed over into the second phase, Scanning. This can be anything from port scanning external IP addresses to running web application scans on external facing web servers. Scanning There is clear overlap between network scanning and active reconnaissance, however in this phase the hacker will gather as much technical information about the network infrastructure as possible to increase the chances of a successful entry into that network. This information can range from simple tools, such as traceroute or ping, to full network sweeps using NMAP and a vulnerability scanner. Gathering information such as network routes, open port information and server roles is clearly a very important discovery process for any hacker. While the exact process might change depending on the engagement, an example flow of information gathering from a scan could look something like: • Discovery of “live” machines • Discovery of open ports on those machines, which in turn would lead to identifying the services running • OS fingerprinting and banner grabbing • Discovery of vulnerabilities. Tools like NMAP and vulnerability scanners are invaluable to a hacker as they enable an easy, scripted approach The 5 phases of hacking • Reconnaissance - Active - Passive • Scanning • Gaining access • Maintaining access • Covering your tracks
Guide Book © 2015 Foursys. All rights reserved Modified host files or registry keys will also ensure that this access is enabled, even after the machine in question has been rebooted. Tools can also be used to scrape information from various network drives, to sniff network traffic and send it back to a central server over a period of time. This reduces the amount of time that an attacker needs to be active on the network and thus reduces their risk. Finally, hackers can introduce extra layers of security to a machine to stop other attackers from gaining access over “their” system. It is not unheard of for a network compromise to last weeks or even months, with attackers slowly syphoning off information. Covering tracks Covering of tracks is a key element for any hacker. The reason for this is to ensure continued access, or to steal information and get out without anybody knowing they were there. Attacking a system is likely to leave a trace, whether in Event logs as with some Buffer Overflow exploits, or IP addresses in firewall logs. Destroying these logs will remove all evidence of any activity across the system. They may also look out for any syslog servers, as this not only assists in deleting a large number of log files in one swoop, but can also be used before deleting to obtain further information about the network. Manipulating these event logs to scanning entire IP ranges and return a huge amount of information which the attacker can run through at their leisure looking for a way in. Meanwhile, while IT Administrators are concerned with covering all aspects across their estate from open ports to OS and application patching. While there are many methods such as Intrusion Prevention Systems to hinder the attacker, IT Administrators cannot rest on their laurels as these systems can be circumvented using evasion techniques at the Network or Application layers. Gaining access When it comes to gaining and maintaining access to a compromised system, we move from vulnerability scanning to full Ethical Hacking. In order to gain access to a network it is necessary to find and exploit a particular vulnerability such as the OS, an application or an end user. Gaining access into systems can be done in a variety of ways, depending on what the hacker is trying to achieve, being local, across the LAN, or remotely via the Internet. SQL injection attacks using tools such as SQLMAP can enable not only data theft and manipulation but also credential theft and command line access to a server. Viruses, java exploits, DLL hijacking, compromised wireless access points, DDOS attacks, session hijacking, call back software in malware - and many others - are all ways which an attacker may gain access to a system. Phishing and Spear Phishing are also very popular ways of trying to enter a network, by attempting to fool people into downloading malicious software. When we talk about “access to a compromised system”, what do we mean? Take an end user machine as an example. When a piece of malware is run, the attacker can gain access via a specially crafted command line with the same privileges as that user. From here, it is possible not only to try and escalate these privileges, but to download files, set up a keylogger, enable the webcam and microphone, take a copy of local user account passwords for cracking - and much more. Of course, this machine can then be used as a stepping stone to gain access to servers and systems across the rest of the network including domain controllers, finance systems, database servers and other file servers. Maintaining access Once a hacker gains control of a machine, there can be great benefit in maintaining access to this machine, depending on what they are trying to achieve. Creating backdoors into the system will allow future access at the hacker’s will without the need for user interaction, particularly if the vulnerability that was originally used is subsequently patched. By using Rootkits, a hacker can upload and run Trojans, or tools such as NetCat to gain access again at any time.
Guide Book © 2015 Foursys. All rights reserved can be very beneficial from an attacker’s standpoint, as simply deleting the logs in full will still give an indication of a breach, even if the access information itself is removed. Utilities are available to disable the logging of information, for example future login attempts, for a period of time, to delete only selected entries or to disable logging altogether. Most System Administrators will monitor logging information on a regular basis to look for possible breaches, so this is a very common place to start in covering a hacker’s activity Further methods used in avoiding detection include reverting the system back to the same state it was before the attack; removing Trojans or other software that may have been uploaded, modifying file sizes back to the original or using root kits. Root kits are designed to be out of sight and enable copies of key files to be taken, modified and used while still preserving the originals file sizes and locations. The system will then use these modified files, for example on start-up, instead of the originals, but be out of sight to the casual user or System Administrator. Other techniques include IP Address and MAC address spoofing, or accessing services via the TOR Network. To hide information, hackers may use Steganography. This is the art of concealing a message within another image or file. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. For example, a sender might start with an innocuous image file and adjust the colour of every 150th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it. Tunnelling is also a technique which can be used, usually to evade firewalls, by taking advantage of the Transmission Protocol and carrying one protocol over another.
Guide Book © 2015 Foursys. All rights reserved ExampleLab For this quick lab we are going to look at using the Kali Linux distribution and their Social Engineering tool kit to make a cloned website and host a malicious Java Applet. In order to complete this lab, you will need to visit https:// www.kali.org/ and download a distribution that fits your requirements. I would suggest downloading an ISO and creating a VM to use. You will also need internet access from the VM to clone a website, so either use a USB network adapter or NAT behind the host if using a virtual machine. You will also need a target, or victim, machine. We have demonstrated this using XP, Vista, Windows 7 and Windows 8.1 Once you have Kali loaded go to Applications > Kali Linux > Social Engineering Toolkit > setoolkit You should see a list of options shown here. It is certainly worth looking into the SET Application as there is a lot we can do with it. We will choose option #1. As you can see from the list, there are a lot of attack methods within the SET application. In this example we will be using option #2. There is an explanation of each selection at the top of the screen. In this example we are planning to use a Java Applet so we will select option #1.
Guide Book © 2015 Foursys. All rights reserved Here we reach the main configuration part. We first need to choose the type of website we want our target to visit. We can use a template, a cloned site or import our own custom pages. Cloning a site will copy everything, so bear this in mind with regards to disk space, but as you will see it offers a complete like-for-like clone. After choosing option #2, we enter the IP details. As I am using this on a local subnet I set “No” to the NAT and enter the IP address of my Kali Linux machine. This IP address is where we are going to send our victim, so if you are looking at using this for external Pen testing and hosting a cloned site outside of the local LAN, make sure you enter the correct details. As part of the exploit, we can choose how we want the applet signed. This will give us more credibility when the end user is prompted to install the malicious applet. In this example, I will simply select option #2. Once that is done, enter the URL you wish to clone. SET will now clone the entire site, host it on the IP you specified, and ask you to select a payload. If you have experience of Metasploit you will know about the Meterpreter prompt. If not, I suggest some further reading on the subject. In short it is a specifically crafted CLI which allows an ethical hacker to run various commands on the victim machine. In this case, we will use option #2 and select the Reverse_TCP Meterpreter payload.
Guide Book © 2015 Foursys. All rights reserved In order to try and evade AV or other security measures, we can encode the payload (using msfvenom at the backend) and all are certainly worth testing. In this instance we will choose “No Encoding” and select option #2. We also need to set a port that the Java App will connect back to us on. In this case we use a standard port usually allowed through a firewall; port 443. You will then see the Metasploit Framework (MSF) load up and start a listening process. Your Kali Linux box is now simply waiting for the app to connect in, using the port we selected. You are now ready to launch the attack. This exploit can be added into Phishing or Spear Phishing attacks, with the link being included in a crafted e-mail to the victim. For internal tests this could be a link to the company site to list an expenses change, or through to an Intranet page, or even to a third party vendor. The choice is yours, however please bear in mind the ethical side of these tests and only use these tools in situations where you have express permission to do so. On the victim machine, enter the IP address of your cloned site in the web browser. An actual attacker might register a URL to attempt to fool the end user, such as www.ffoursys.co.uk for example. The end user will see something similar to the above, depending on their Windows version.
Guide Book © 2015 Foursys. All rights reserved Typing the ? character will give you a list of things you are now able to do and the list is far too long to go into a quick start guide, but a few notable ones include: • Getuid – Lists the user you are logged in as. This will be the user who was logged in at the time the applet was run, including all their network permissions. • Sysinfo – Information regarding the system you are on. • Hashdump – Dumps local account hashes to screen if you have the correct permissions. • Keyscan_start – Starts a keylogger. • Webcam_snap – Takes a snapshot of what the webcam can currently see. • Record_mic – Sets the local microphone to record and listen to conversations. • Download – Downloads files of your choice. With all these tools, it is worth taking some time to read up on everything you can do. Troubleshooting: As with all exploits there are conditions that need to be met for them to work. If you are having trouble with this lab, try the following: • Disable AV – we have selected “No Encoding” as part of this lab, so AV will get in the way. • Lower Java permissions – if the Java security settings are high then the malicious app will not run. You may wonder why this is a useful exploit if these conditions have to be met. There have been numerous times during assessments where I have seen AV disabled or running at a reduced security setting and the same can be said of the Java settings given the number of Java applets used on bespoke applications. With all potential attacks, the more information you can obtain through the Reconnaissance/Information Gathering phase, the more prepared you will be with your exploits. The publisher is something that can be modified with the certificate settings we mentioned earlier to add extra authenticity. After all, why wouldn’t an end user trust a Java applet from their own company website? The moment the user accepts the risks and clicks on the Run command, the exploit is fired and the user is redirected to the actual website. No further interaction is required on the user’s part, the attack has been successful. From the Kali Linux box you will see a session created, which is the connection into this remote machine. If you type sessions you will see the connections you are able to interact with. It should look something like this: We can then access that session using the ID: » Sessions –i 1 You will receive a message about interacting with the session and obtain the meterpreter prompt. You now have command line access to the victim’s machine.
© 2015 Foursys. All rights reserved 20 years of IT security excellence We live for IT security, we think about it 24/7, we breathe it, eat it, we are it. It’s what we do; it’s why we’re here and at your service to protect you from the bad guys. It doesn’t matter if you’re an NHS, government, education, SMB or enterprise organisation – we’ve had all of your backs for over two decades. Head Office Manor Park, Great Barton, Bury St Edmunds, IP31 2QR, United Kingdom www.foursys.co.uk Main Switchboard +44 (0) 1284 788900 Technical Support +44 (0) 1284 788901 Email enquiries@foursys.co.uk Contact us Guide Book EthicalHackingCourses Foursys offers one day Ethical Hacking Training Courses designed to teach you some techniques and tools used by white hat hackers to help you better secure your organisation from the latest targeted attacks. One of our experts will delve into the world of ethical hacking and teach you some techniques and tools used by white hat hackers to help you better secure your organisation from the latest targeted attacks. The intensive day course will discuss the theory behind attacks covering in detail: • Reconnaissance • Scanning • Gaining Access • Maintaining Access • Covering Tracks After which you’ll then get taught and carry out some of the most common attacks used by cyber criminals to exploit your organisation. The types of attacks you’ll learn are: • Identifying vulnerable machines • Exploiting windows vulnerabilities • Exploiting application vulnerabilities • SQL Injection techniques • Password Scanning • Malware/Trojans • Social Engineering Armed with this knowledge and understanding our trainer will then discuss and advise on the range of preventative measures you can undergo to secure your network from these specific malicious attacks. This fascinating, educational and enjoyable course gives each delegate a laptop, a course manual and all the tools to carry out these techniques to vulnerability test your own network when you return. The course can also be tailored to any specific threats or attacks you’d like to focus on as long as suitable notice is given. To find a course in your local area visit: https://www.foursys.co.uk/events 20% off! When you use promo code ‘INFOSEC’ at time of booking.

Recommended

ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guideMatt Ford
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cyclepenetration Tester
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkOkehie Collins
 
RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attackintegritysolutions
 
Advanced Privileged Identity Management: Moving Beyond the Gateway Approach t...
Advanced Privileged Identity Management: Moving Beyond the Gateway Approach t...Advanced Privileged Identity Management: Moving Beyond the Gateway Approach t...
Advanced Privileged Identity Management: Moving Beyond the Gateway Approach t...SSH Communications Security
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 

Recommended

ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guideMatt Ford
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cyclepenetration Tester
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkOkehie Collins
 
RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attackintegritysolutions
 
Advanced Privileged Identity Management: Moving Beyond the Gateway Approach t...
Advanced Privileged Identity Management: Moving Beyond the Gateway Approach t...Advanced Privileged Identity Management: Moving Beyond the Gateway Approach t...
Advanced Privileged Identity Management: Moving Beyond the Gateway Approach t...SSH Communications Security
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
D03302030036
D03302030036D03302030036
D03302030036theijes
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...wajug
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
Intrusion prevension
Intrusion prevensionIntrusion prevension
Intrusion prevensionahmad abdelhafeez
 
A hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environmentsA hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environmentsMohamed Jelidi
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Deris Stiawan
 
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Rishabh Gupta
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
45
4545
45ieeeprojectsvadapalani
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
targeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-septtargeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-sept*****Dominic A Ienco
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Penetration Testing
Penetration TestingPenetration Testing
Penetration TestingMayank Singh
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 

More Related Content

What's hot

ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
D03302030036
D03302030036D03302030036
D03302030036theijes
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...wajug
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system securityGary Mendonca
 
A hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environmentsA hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environmentsMohamed Jelidi
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Deris Stiawan
 
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Rishabh Gupta
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
targeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-septtargeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-sept*****Dominic A Ienco
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Penetration Testing
Penetration TestingPenetration Testing
Penetration TestingMayank Singh
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 

What's hot (19)

ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
D03302030036
D03302030036D03302030036
D03302030036
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
Intrusion prevension
Intrusion prevensionIntrusion prevension
Intrusion prevension
 
A hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environmentsA hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environments
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System
 
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
 
45
4545
45
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
targeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-septtargeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-sept
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Penetration Testing
Penetration TestingPenetration Testing
Penetration Testing
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
 

Similar to Ethical hacking-guide-infosec

Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxyoufanlimboo
 
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...Boston Institute of Analytics
 
A security strategy against steal and pass
A security strategy against steal and passA security strategy against steal and pass
A security strategy against steal and passIJNSA Journal
 
A SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKS
A SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKSA SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKS
A SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKSIJNSA Journal
 
A SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKS
A SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKSA SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKS
A SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKSIJNSA Journal
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxAmardeepKumar621436
 
The Maple County court is redesigning its network to ensure more secu.docx
The Maple County court is redesigning its network to ensure more secu.docx The Maple County court is redesigning its network to ensure more secu.docx
The Maple County court is redesigning its network to ensure more secu.docxKomlin1
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Top 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdfTop 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdfinfosec train
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...ShivamSharma909
 

Similar to Ethical hacking-guide-infosec (20)

Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.final
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptx
 
Network srcurity
Network srcurityNetwork srcurity
Network srcurity
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
 
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
 
A security strategy against steal and pass
A security strategy against steal and passA security strategy against steal and pass
A security strategy against steal and pass
 
A SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKS
A SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKSA SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKS
A SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKS
 
A SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKS
A SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKSA SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKS
A SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKS
 
Ethical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive CheatsheetEthical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive Cheatsheet
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
The Maple County court is redesigning its network to ensure more secu.docx
The Maple County court is redesigning its network to ensure more secu.docx The Maple County court is redesigning its network to ensure more secu.docx
The Maple County court is redesigning its network to ensure more secu.docx
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
Top 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdfTop 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdf
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
 

More from CMR WORLD TECH

Cyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCMR WORLD TECH
 
Cpq basics bycesaribeiro
Cpq basics bycesaribeiroCpq basics bycesaribeiro
Cpq basics bycesaribeiroCMR WORLD TECH
 
Questoes processautomation
Questoes processautomationQuestoes processautomation
Questoes processautomationCMR WORLD TECH
 
Aws migration-whitepaper-en
Aws migration-whitepaper-enAws migration-whitepaper-en
Aws migration-whitepaper-enCMR WORLD TECH
 
Delivery readness for pick season and higth volume
Delivery readness for pick season and higth volumeDelivery readness for pick season and higth volume
Delivery readness for pick season and higth volumeCMR WORLD TECH
 
Why digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagementWhy digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagementCMR WORLD TECH
 
Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure CMR WORLD TECH
 
Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance CMR WORLD TECH
 
Hyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusHyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusCMR WORLD TECH
 
Apexand visualforcearchitecture
Apexand visualforcearchitectureApexand visualforcearchitecture
Apexand visualforcearchitectureCMR WORLD TECH
 
Trailblazers guide-to-apps
Trailblazers guide-to-appsTrailblazers guide-to-apps
Trailblazers guide-to-appsCMR WORLD TECH
 
Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1CMR WORLD TECH
 
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_CMR WORLD TECH
 
Salesforce voice-and-tone
Salesforce voice-and-toneSalesforce voice-and-tone
Salesforce voice-and-toneCMR WORLD TECH
 

More from CMR WORLD TECH (20)

Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project PresentationCyber Security for Everyone Course - Final Project Presentation
Cyber Security for Everyone Course - Final Project Presentation
 
CPQ Básico
CPQ BásicoCPQ Básico
CPQ Básico
 
Cpq basics bycesaribeiro
Cpq basics bycesaribeiroCpq basics bycesaribeiro
Cpq basics bycesaribeiro
 
Apexbasic
ApexbasicApexbasic
Apexbasic
 
Questoes processautomation
Questoes processautomationQuestoes processautomation
Questoes processautomation
 
Process automationppt
Process automationpptProcess automationppt
Process automationppt
 
Transcript mva.cesar
Transcript mva.cesarTranscript mva.cesar
Transcript mva.cesar
 
Aws migration-whitepaper-en
Aws migration-whitepaper-enAws migration-whitepaper-en
Aws migration-whitepaper-en
 
Delivery readness for pick season and higth volume
Delivery readness for pick season and higth volumeDelivery readness for pick season and higth volume
Delivery readness for pick season and higth volume
 
Why digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagementWhy digital-will-become-the-primary-channel-for-b2 b-engagement
Why digital-will-become-the-primary-channel-for-b2 b-engagement
 
Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure Transcript Micrsosft Java Azure
Transcript Micrsosft Java Azure
 
Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance Buisiness UK Trading Marketing Finance
Buisiness UK Trading Marketing Finance
 
Hyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensusHyperledger arch wg_paper_1_consensus
Hyperledger arch wg_paper_1_consensus
 
Master lob-e-book
Master lob-e-bookMaster lob-e-book
Master lob-e-book
 
Apexand visualforcearchitecture
Apexand visualforcearchitectureApexand visualforcearchitecture
Apexand visualforcearchitecture
 
Trailblazers guide-to-apps
Trailblazers guide-to-appsTrailblazers guide-to-apps
Trailblazers guide-to-apps
 
Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1Berkeley program on_data_science___analytics_1
Berkeley program on_data_science___analytics_1
 
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
Rep consumer experience_in_the_retail_renaissance_en_28_mar18_final_dm_
 
Salesforce voice-and-tone
Salesforce voice-and-toneSalesforce voice-and-tone
Salesforce voice-and-tone
 

Recently uploaded

Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Delhi Call girls
 
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...Pooja Nehwal
 
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingBrighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingNeil Barnes
 
VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...
VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...
VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...Suhani Kapoor
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /WhatsappsBeautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsappssapnasaifi408
 
Unveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystUnveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystSamantha Rae Coolbeth
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfMarinCaroMartnezBerg
 
Aminabad Call Girl Agent 9548273370 , Call Girls Service Lucknow
Aminabad Call Girl Agent 9548273370 , Call Girls Service LucknowAminabad Call Girl Agent 9548273370 , Call Girls Service Lucknow
Aminabad Call Girl Agent 9548273370 , Call Girls Service Lucknowmakika9823
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一ffjhghh
 
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxEMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxthyngster
 
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...Jack DiGiovanna
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfLars Albertsson
 
Predicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project PresentationPredicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project PresentationBoston Institute of Analytics
 
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...Florian Roscheck
 
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...soniya singh
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxStephen266013
 
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...Sapana Sha
 

Recently uploaded (20)

Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
 
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
 
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingBrighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data Storytelling
 
VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...
VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...
VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /WhatsappsBeautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
 
Unveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystUnveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data Analyst
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
 
Aminabad Call Girl Agent 9548273370 , Call Girls Service Lucknow
Aminabad Call Girl Agent 9548273370 , Call Girls Service LucknowAminabad Call Girl Agent 9548273370 , Call Girls Service Lucknow
Aminabad Call Girl Agent 9548273370 , Call Girls Service Lucknow
 
E-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptxE-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
 
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxEMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
 
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
 
Predicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project PresentationPredicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project Presentation
 
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
 
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docx
 
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
 

Ethical hacking-guide-infosec

  • 1. Guide Book © 2015 Foursys. All rights reserved Quick Start Guide to Ethical Hacking Includes: Example Lab with Kali Linux Written by Matt Ford, CEH
  • 2. Guide Book © 2015 Foursys. All rights reserved WhatisEthicalHacking? The definition of Ethical Hacking as described by the Ethical Hacking Council is: “The goal of the ethical hacker is to help the organisation take pre-emptive measures against malicious attacks by attacking the system himself; all the while staying within legal limits.” The important factor in this description is that as an Ethical Hacker we “stay within the scope of our legal limits”. While a malicious attacker would not be constrained by these boundaries, it is imperative that as an Ethical Hacker we conform to a structured framework and a clear scope when providing internal or external Penetration Tests or Network Security Assessments, whether for the company we work for or as a contracted third party. So, as an Ethical Hacker, are our goals are to: • Give IT Administrators a more informed overview of their network • Find security weaknesses before hackers do • Enable Administrators to counteract those weaknesses • Understand how a potential hacker might think • Put pre-emptive measures in place to mitigate a security risk. There is also an important distinction to make with testing terminology, as “Pen Testing” is often used to cover all aspects. Vulnerability Scanning: Is the process of scanning your infrastructure for network vulnerabilities without the intent to exploit any vulnerabilities found. Penetration Testing: Goes one step beyond Vulnerability Scanning in that it endeavours to exploit any issues found. This could range from gaining access to machines, obtaining sensitive information or escalation privileges to enabling access to other areas on the network. Hence the scopes and goals for Penetration Testing can vary, depending on the requirements. Having said this, it is important not to underestimate the value a series of simple scans can offer without having to delve into the world of full-on Penetration Testing. These scans offer a fairly easy and inexpensive way of showing up holes across the network without the risks of potential exploitation methods that go with a hacking scenario, albeit that Penetration Testing or Ethical Hacking will result in a far more comprehensive network security report. In summary, while the goals of each Ethical Hacking engagement might be different (e.g. looking at data security or Domain Administrator access), it is always beneficial to get as close as possible to a “real world” scenario. Introduction In this Guide to Ethical Hacking, Matt Ford of Foursys sets out the definition, goals and processes involved in the use of ethical hacking. Using practical examples, the guide covers the 5 key phases of hacking typically used by hackers to gain access to networks that IT Administrators all too often believe are secure. From initial network and system reconnaissance of target networks, to scanning for possible areas of vulnerability, through gaining and maintaining access, to hiding the evidence of an attack, the Guide offers often thought-provoking insights into the techniques and secrets of malicious hackers. With example lab tests that can be readily used by IT professionals, the “Quick Start Guide to Ethical Hacking” offers a comprehensive look at the methods used, helping you stay a step ahead of the hackers by understanding their mind-set. Crucially, it will also help you put the necessary measures in place to prevent them compromising your network.
  • 3. Guide Book © 2015 Foursys. All rights reserved Reconnaissance Reconnaissance is the “information gathering” phase around a target in preparation for an attack. This is often over looked by IT Administrators as they concentrate on the more technical side of their infrastructure, but the more information that can be gathered around a target, the easier it will be to narrow down the attack vector and increase the chances of the hack being successful. Gathering all this information will allow you to be more proficient with Social Engineering or Spear Phishing attacks, for example. © 2014 Foursys. All rights reserved CS-NSHCT/1014 The reconnaissance phase is often split into two further areas, Active and Passive. Passive allows you to collect data without any contact with the target, while active involves closer contact with the target and therefore more risk. When it comes to passive information gathering, numerous tools can be used to collate data from various sources and build a picture of your target. Network information is an obvious one such as gathering WHOIS or external IP details, but using various applications this process can be taken a step further by collecting metadata from documents, obtaining e-mail addresses, discovering usernames, understanding which products are in use and so on. Social media also lets you tie in certain individuals to a job role, or site location and used in conjunction with social engineering skills can result in a huge amount of information being put at your disposal. Many IT Administrators know this information is out there, but either fail to see a way of managing these details, or don’t see the dangers of all this information being presented in one report as particularly serious. Active reconnaissance involves the hacker interacting directly with the target in some way and will often bleed over into the second phase, Scanning. This can be anything from port scanning external IP addresses to running web application scans on external facing web servers. Scanning There is clear overlap between network scanning and active reconnaissance, however in this phase the hacker will gather as much technical information about the network infrastructure as possible to increase the chances of a successful entry into that network. This information can range from simple tools, such as traceroute or ping, to full network sweeps using NMAP and a vulnerability scanner. Gathering information such as network routes, open port information and server roles is clearly a very important discovery process for any hacker. While the exact process might change depending on the engagement, an example flow of information gathering from a scan could look something like: • Discovery of “live” machines • Discovery of open ports on those machines, which in turn would lead to identifying the services running • OS fingerprinting and banner grabbing • Discovery of vulnerabilities. Tools like NMAP and vulnerability scanners are invaluable to a hacker as they enable an easy, scripted approach The 5 phases of hacking • Reconnaissance - Active - Passive • Scanning • Gaining access • Maintaining access • Covering your tracks
  • 4. Guide Book © 2015 Foursys. All rights reserved Modified host files or registry keys will also ensure that this access is enabled, even after the machine in question has been rebooted. Tools can also be used to scrape information from various network drives, to sniff network traffic and send it back to a central server over a period of time. This reduces the amount of time that an attacker needs to be active on the network and thus reduces their risk. Finally, hackers can introduce extra layers of security to a machine to stop other attackers from gaining access over “their” system. It is not unheard of for a network compromise to last weeks or even months, with attackers slowly syphoning off information. Covering tracks Covering of tracks is a key element for any hacker. The reason for this is to ensure continued access, or to steal information and get out without anybody knowing they were there. Attacking a system is likely to leave a trace, whether in Event logs as with some Buffer Overflow exploits, or IP addresses in firewall logs. Destroying these logs will remove all evidence of any activity across the system. They may also look out for any syslog servers, as this not only assists in deleting a large number of log files in one swoop, but can also be used before deleting to obtain further information about the network. Manipulating these event logs to scanning entire IP ranges and return a huge amount of information which the attacker can run through at their leisure looking for a way in. Meanwhile, while IT Administrators are concerned with covering all aspects across their estate from open ports to OS and application patching. While there are many methods such as Intrusion Prevention Systems to hinder the attacker, IT Administrators cannot rest on their laurels as these systems can be circumvented using evasion techniques at the Network or Application layers. Gaining access When it comes to gaining and maintaining access to a compromised system, we move from vulnerability scanning to full Ethical Hacking. In order to gain access to a network it is necessary to find and exploit a particular vulnerability such as the OS, an application or an end user. Gaining access into systems can be done in a variety of ways, depending on what the hacker is trying to achieve, being local, across the LAN, or remotely via the Internet. SQL injection attacks using tools such as SQLMAP can enable not only data theft and manipulation but also credential theft and command line access to a server. Viruses, java exploits, DLL hijacking, compromised wireless access points, DDOS attacks, session hijacking, call back software in malware - and many others - are all ways which an attacker may gain access to a system. Phishing and Spear Phishing are also very popular ways of trying to enter a network, by attempting to fool people into downloading malicious software. When we talk about “access to a compromised system”, what do we mean? Take an end user machine as an example. When a piece of malware is run, the attacker can gain access via a specially crafted command line with the same privileges as that user. From here, it is possible not only to try and escalate these privileges, but to download files, set up a keylogger, enable the webcam and microphone, take a copy of local user account passwords for cracking - and much more. Of course, this machine can then be used as a stepping stone to gain access to servers and systems across the rest of the network including domain controllers, finance systems, database servers and other file servers. Maintaining access Once a hacker gains control of a machine, there can be great benefit in maintaining access to this machine, depending on what they are trying to achieve. Creating backdoors into the system will allow future access at the hacker’s will without the need for user interaction, particularly if the vulnerability that was originally used is subsequently patched. By using Rootkits, a hacker can upload and run Trojans, or tools such as NetCat to gain access again at any time.
  • 5. Guide Book © 2015 Foursys. All rights reserved can be very beneficial from an attacker’s standpoint, as simply deleting the logs in full will still give an indication of a breach, even if the access information itself is removed. Utilities are available to disable the logging of information, for example future login attempts, for a period of time, to delete only selected entries or to disable logging altogether. Most System Administrators will monitor logging information on a regular basis to look for possible breaches, so this is a very common place to start in covering a hacker’s activity Further methods used in avoiding detection include reverting the system back to the same state it was before the attack; removing Trojans or other software that may have been uploaded, modifying file sizes back to the original or using root kits. Root kits are designed to be out of sight and enable copies of key files to be taken, modified and used while still preserving the originals file sizes and locations. The system will then use these modified files, for example on start-up, instead of the originals, but be out of sight to the casual user or System Administrator. Other techniques include IP Address and MAC address spoofing, or accessing services via the TOR Network. To hide information, hackers may use Steganography. This is the art of concealing a message within another image or file. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. For example, a sender might start with an innocuous image file and adjust the colour of every 150th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it. Tunnelling is also a technique which can be used, usually to evade firewalls, by taking advantage of the Transmission Protocol and carrying one protocol over another.
  • 6. Guide Book © 2015 Foursys. All rights reserved ExampleLab For this quick lab we are going to look at using the Kali Linux distribution and their Social Engineering tool kit to make a cloned website and host a malicious Java Applet. In order to complete this lab, you will need to visit https:// www.kali.org/ and download a distribution that fits your requirements. I would suggest downloading an ISO and creating a VM to use. You will also need internet access from the VM to clone a website, so either use a USB network adapter or NAT behind the host if using a virtual machine. You will also need a target, or victim, machine. We have demonstrated this using XP, Vista, Windows 7 and Windows 8.1 Once you have Kali loaded go to Applications > Kali Linux > Social Engineering Toolkit > setoolkit You should see a list of options shown here. It is certainly worth looking into the SET Application as there is a lot we can do with it. We will choose option #1. As you can see from the list, there are a lot of attack methods within the SET application. In this example we will be using option #2. There is an explanation of each selection at the top of the screen. In this example we are planning to use a Java Applet so we will select option #1.
  • 7. Guide Book © 2015 Foursys. All rights reserved Here we reach the main configuration part. We first need to choose the type of website we want our target to visit. We can use a template, a cloned site or import our own custom pages. Cloning a site will copy everything, so bear this in mind with regards to disk space, but as you will see it offers a complete like-for-like clone. After choosing option #2, we enter the IP details. As I am using this on a local subnet I set “No” to the NAT and enter the IP address of my Kali Linux machine. This IP address is where we are going to send our victim, so if you are looking at using this for external Pen testing and hosting a cloned site outside of the local LAN, make sure you enter the correct details. As part of the exploit, we can choose how we want the applet signed. This will give us more credibility when the end user is prompted to install the malicious applet. In this example, I will simply select option #2. Once that is done, enter the URL you wish to clone. SET will now clone the entire site, host it on the IP you specified, and ask you to select a payload. If you have experience of Metasploit you will know about the Meterpreter prompt. If not, I suggest some further reading on the subject. In short it is a specifically crafted CLI which allows an ethical hacker to run various commands on the victim machine. In this case, we will use option #2 and select the Reverse_TCP Meterpreter payload.
  • 8. Guide Book © 2015 Foursys. All rights reserved In order to try and evade AV or other security measures, we can encode the payload (using msfvenom at the backend) and all are certainly worth testing. In this instance we will choose “No Encoding” and select option #2. We also need to set a port that the Java App will connect back to us on. In this case we use a standard port usually allowed through a firewall; port 443. You will then see the Metasploit Framework (MSF) load up and start a listening process. Your Kali Linux box is now simply waiting for the app to connect in, using the port we selected. You are now ready to launch the attack. This exploit can be added into Phishing or Spear Phishing attacks, with the link being included in a crafted e-mail to the victim. For internal tests this could be a link to the company site to list an expenses change, or through to an Intranet page, or even to a third party vendor. The choice is yours, however please bear in mind the ethical side of these tests and only use these tools in situations where you have express permission to do so. On the victim machine, enter the IP address of your cloned site in the web browser. An actual attacker might register a URL to attempt to fool the end user, such as www.ffoursys.co.uk for example. The end user will see something similar to the above, depending on their Windows version.
  • 9. Guide Book © 2015 Foursys. All rights reserved Typing the ? character will give you a list of things you are now able to do and the list is far too long to go into a quick start guide, but a few notable ones include: • Getuid – Lists the user you are logged in as. This will be the user who was logged in at the time the applet was run, including all their network permissions. • Sysinfo – Information regarding the system you are on. • Hashdump – Dumps local account hashes to screen if you have the correct permissions. • Keyscan_start – Starts a keylogger. • Webcam_snap – Takes a snapshot of what the webcam can currently see. • Record_mic – Sets the local microphone to record and listen to conversations. • Download – Downloads files of your choice. With all these tools, it is worth taking some time to read up on everything you can do. Troubleshooting: As with all exploits there are conditions that need to be met for them to work. If you are having trouble with this lab, try the following: • Disable AV – we have selected “No Encoding” as part of this lab, so AV will get in the way. • Lower Java permissions – if the Java security settings are high then the malicious app will not run. You may wonder why this is a useful exploit if these conditions have to be met. There have been numerous times during assessments where I have seen AV disabled or running at a reduced security setting and the same can be said of the Java settings given the number of Java applets used on bespoke applications. With all potential attacks, the more information you can obtain through the Reconnaissance/Information Gathering phase, the more prepared you will be with your exploits. The publisher is something that can be modified with the certificate settings we mentioned earlier to add extra authenticity. After all, why wouldn’t an end user trust a Java applet from their own company website? The moment the user accepts the risks and clicks on the Run command, the exploit is fired and the user is redirected to the actual website. No further interaction is required on the user’s part, the attack has been successful. From the Kali Linux box you will see a session created, which is the connection into this remote machine. If you type sessions you will see the connections you are able to interact with. It should look something like this: We can then access that session using the ID: » Sessions –i 1 You will receive a message about interacting with the session and obtain the meterpreter prompt. You now have command line access to the victim’s machine.
  • 10. © 2015 Foursys. All rights reserved 20 years of IT security excellence We live for IT security, we think about it 24/7, we breathe it, eat it, we are it. It’s what we do; it’s why we’re here and at your service to protect you from the bad guys. It doesn’t matter if you’re an NHS, government, education, SMB or enterprise organisation – we’ve had all of your backs for over two decades. Head Office Manor Park, Great Barton, Bury St Edmunds, IP31 2QR, United Kingdom www.foursys.co.uk Main Switchboard +44 (0) 1284 788900 Technical Support +44 (0) 1284 788901 Email enquiries@foursys.co.uk Contact us Guide Book EthicalHackingCourses Foursys offers one day Ethical Hacking Training Courses designed to teach you some techniques and tools used by white hat hackers to help you better secure your organisation from the latest targeted attacks. One of our experts will delve into the world of ethical hacking and teach you some techniques and tools used by white hat hackers to help you better secure your organisation from the latest targeted attacks. The intensive day course will discuss the theory behind attacks covering in detail: • Reconnaissance • Scanning • Gaining Access • Maintaining Access • Covering Tracks After which you’ll then get taught and carry out some of the most common attacks used by cyber criminals to exploit your organisation. The types of attacks you’ll learn are: • Identifying vulnerable machines • Exploiting windows vulnerabilities • Exploiting application vulnerabilities • SQL Injection techniques • Password Scanning • Malware/Trojans • Social Engineering Armed with this knowledge and understanding our trainer will then discuss and advise on the range of preventative measures you can undergo to secure your network from these specific malicious attacks. This fascinating, educational and enjoyable course gives each delegate a laptop, a course manual and all the tools to carry out these techniques to vulnerability test your own network when you return. The course can also be tailored to any specific threats or attacks you’d like to focus on as long as suitable notice is given. To find a course in your local area visit: https://www.foursys.co.uk/events 20% off! When you use promo code ‘INFOSEC’ at time of booking.