SlideShare a Scribd company logo

Exploring Ethical Hacking - By Cyber Expert Amish Patel - 8690029004

A
Amish Patel

In this slide you will learn... What is hack? What do you mean by Hacker? Types of Hackers Levels of Hackers Is hacking Legal? How to earn money using hacking skills? Phase of Hacking Hacker vs Crackers Penetration Testing

Education
1 of 51
Download to read offline
Exploring Ethical Hacking Behind Hackers and Security : csivvn : csi_vvn : csi_vvn
Topics Covered :  Information Security  Information Security Threats  Hacking Explained  5 Phases For Hackers & Investigator  Social Engineering & Techniques  Need of Ethical Hacker : csivvn : csi_vvn : csi_vvn
Information Security  Information Security is not all about securing information from unauthorized access. Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Information can be physical or electrical one. Information can be anything like Your details or we can say your profile on social media, your data in mobile phone, your biometrics etc. Thus Information Security spans so many research areas like Cryptography, Mobile Computing, Cyber Forensics, Online Social Media etc.  Information Security programs are build around 3 + 2 objectives, commonly known as CIA & AN. Cont.. : csivvn : csi_vvn : csi_vvn
Information Security Confidentiality Integrity Availability Authenticity Non-repudiation : csivvn : csi_vvn : csi_vvn
Information Security  Confidentiality – means information is not disclosed to unauthorized individuals, entities and process. For example if we say I have a password for my Gmail account but someone saw while I was doing a login into Gmail account. In that case my password has been compromised and Confidentiality has been breached.  Integrity – means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorized way. For example if an employee leaves an organization then in that case data for that employee in all departments like accounts, should be updated to reflect status to JOB LEFT so that data is complete and accurate and in addition to this only authorized person should be allowed to edit employee data.  Availability – means information must be available when needed. For example if one needs to access information of a particular employee to check whether employee has outstanded the number of leaves, in that case it requires collaboration from different organizational teams like network operations, development operations, incident response and policy/change management. Denial of service attack is one of the factor that can hamper the availability of information. : csivvn : csi_vvn : csi_vvn
Information Security  Authenticity – means verifying that users are who they say they are and that each input arriving at destination is from a trusted source. This principle if followed guarantees the valid and genuine message received from a trusted source through a valid transmission. For example if take above example sender sends the message along with digital signature which was generated using the hash value of message and private key. Now at the receiver side this digital signature is decrypted using the public key generating a hash value and message is again hashed to generate the hash value. If the 2 value matches then it is known as valid transmission with the authentic or we say genuine message received at the recipient side  Non repudiation – means one party cannot deny receiving a message or a transaction nor can the other party deny sending a message or a transaction. For example in cryptography it is sufficient to show that message matches the digital signature signed with sender’s private key and that sender could have a sent a message and nobody else could have altered it in transit. Data Integrity and Authenticity are pre-requisites for Non repudiation. : csivvn : csi_vvn : csi_vvn
1)3 Types of Information Security Threats 1.) Network Threats Identify Vulnerabilities Spoofing Man-in-The Middle Attack Sniffing Session Hijacking Dos/DDoS Attack ARP & DNS Poisoning Compromised Key Attack Network Threats : csivvn : csi_vvn : csi_vvn
1)3 Types of Information Security Threats 2.) Host Threats Host Threats Malware Threat Backdoor Attacks Password Cracking : csivvn : csi_vvn : csi_vvn
1)3 Types of Information Security Threats 3.) Application Threats Application Threats Authorization Attacks Authentication Attack Buffer Overflow Attack SQL injection False Error Handling Security Miss- Configuration : csivvn : csi_vvn : csi_vvn
WHAT IS HACK?? : csivvn : csi_vvn : csi_vvn
Technically, Hack is overriding or modifying stuff to achieve something uncommon to normal user say overriding normal procedures of doing things or modifying things to achieve something hidden or uncommon. WHAT IS HACK?? : csivvn : csi_vvn : csi_vvn
: csivvn : csi_vvn : csi_vvn
Let’s understand it with an example. Suppose we wish to change the administrator password of windows operating system. Now we all know that we can change windows password by following below procedure: For windows operating system: GO TO CONTROL PANEL >USER ACCOUNTS >SELECT USER >CHANGE PASS-WORD >SAVE NEW PASSWORD. : csivvn : csi_vvn : csi_vvn
The above explained procedure is normal way that users use to change windows administrator or users password. : csivvn : csi_vvn : csi_vvn
But we all know that there are several uncommon ways of changing windows administrator or users password. These ways is what we call HACK. : csivvn : csi_vvn : csi_vvn
Now in above explained procedure won’t work if I don’t have administrator rights or I forgot the administrator password. Now how I will change the administrator password or unlock system. : csivvn : csi_vvn : csi_vvn
Here the term Hack and Hacker will come into picture. Now we have to use un-common ways to achieve the target as normal procedure is no longer working in our situation. : csivvn : csi_vvn : csi_vvn
We can do above tasks by several methods according to levels of Hackers. : csivvn : csi_vvn : csi_vvn
Novice Users: They will format the windows operating system or will take experts help. Script Kiddies (beginner level hackers): They will use Linux live disks or Emergency rescue disks to reset the password. Medium Level Hackers (who have good knowledge of system and hacking tools): They will use advance Hacking tools like OPHCrack or Backtrack OS to retrieve the password. Elite Hackers (expert level hackers): Why to use any third party tool (know how to do with third party tools): when I can do this manually by breaking into sys-tem root and reset it. I will explain all the above methods in forthcoming classes but I want to tell the elite one’s procedure to give you an idea about up to what level we will learn things. : csivvn : csi_vvn : csi_vvn
So below is the procedure how Elite Hackers will do: Elite Hackers do things based on situations say how I will do if it’s my own system and if it’s somebody else’s system (i.e. I want to break into his/her system without getting tracked). If it’s my own system, I have two choices: First, I can reset the password and Second, I can retrieve the password. If it’s somebody else’s system, I am left with only one choice i.e. I need to retrieve the password because if I reset it then victim will know that somebody’s has broken into his/her system and you cannot call yourself elite if you can be tracked. : csivvn : csi_vvn : csi_vvn
So as a elite hacker I will try to retrieve the administrator password without getting tracked or caught and its simplest way is using OPHCrack Live CD because this is the only possible way to retrieve the existing password without resetting it. All other methods reset the windows password. Alternatively, I will insert windows operating system CD/DVD and try to retrieve the windows password encrypted file and then decrypt it at my own system. I will share the exact methods in later classes. : csivvn : csi_vvn : csi_vvn
WHAT IS HACKING?? : csivvn : csi_vvn : csi_vvn
Hacking is derived by merging two words HACK and ING i.e. Hack and its working. Technically, Hacking is an art of exploring uncommon things or modifying things to achieve uncommon functionalities. : csivvn : csi_vvn : csi_vvn
When I frankly asked people, why you want to learn Hacking? This is the reply what I got: 1. I want to hack my friends emails and Facebook >> 40% 2. I want to have fun >> 30% 3. I want to become security professional or Ethical Hacker >> 15% 4. I want to see what my girlfriend is doing >> 11% 5. I want to take revenge >> 3% 6. I want to learn cool stuff >> 1% See only 16% people (15% Ethical hackers + 1% learn cool stuff) want to learn ethical hacking for good reasons. I will teach you everything but it’s solely your decision what’s your reason to learn Hacking. : csivvn : csi_vvn : csi_vvn
MOST IMPORTANT TERMS..!! : csivvn : csi_vvn : csi_vvn
MOST IMPORTANT TERMS..!! Threat – An action or event that might compromise security. Usually a threat is a potential violation of security. Exploit – It is defined way to breach the security of a computer or network system through vulnerabilities found during system analysis or penetration testing. Vulnerability –It is a weakness, design, or implementation error that can lead to an unexpected, undesirable event or module compromising the security of the sys-tem. Target – Target can be any system or network or web application which a Hacker wishes to hack. Attack – Attack is basically system violation which is launched against any system or network or web application. Security – It is a set of rules which are made to harden system so that others can-not penetrate into the system. : csivvn : csi_vvn : csi_vvn
“We cannot make a system which is completely unhackable; we can only make system harden so that it cannot be hacked.” : csivvn : csi_vvn : csi_vvn
CAN HACKING BE ETHICAL? Significant Cyber Security India - SCSI : csivvn : csi_vvn : csi_vvn
IF YES, THEN HOW AND WHAT IS ETHICAL? Yes, Hacking can be Ethical. Major companies nowadays are expanding their business to attract web users and we all know web world is still unsecure. So these companies hire hackers to test their website against several hacking attempts. This is also called Penetration testing. Hence, Companies by themselves allows hackers to hack their web application to test the security of their web application. So the hackers which got the authority from company to hack their system are called Ethical Hackers or Professional Hackers. : csivvn : csi_vvn : csi_vvn
For performing such tasks Ethical hackers are handsomely paid. In IT world terminology this type of Hacking is referred as Penetration testing. Is this the only way to become Ethical Hacker? : csivvn : csi_vvn : csi_vvn
Answer is absolutely NO. There are several hackers who find out the bugs in the web application or system and report them back to company instead of using those bugs to attack the web application. This type of hackers are also considered as Ethical Hacker but technically there is separate term defined in hacking world for such hackers which is known as Grey Hat Hackers. : csivvn : csi_vvn : csi_vvn
DIFFERENCE BETWEEN HACKERS AND CRACKERS Significant Cyber Security India - SCSI : csivvn : csi_vvn : csi_vvn
There is a very thin line difference between the hacker and cracker. Like a coin has two faces heads or tails, similar is true for computer experts. Some uses their techniques and expertise to help the others and secure the systems or networks and some misuses them and use that for their own selfish reasons. There are several traditional ways that determines the difference between the hackers and crackers. I will provide you these ways in order of their acceptance in the computer and IT market. First of all, let me provide you the basic definitions of both hackers and crackers. DIFFERENCE BETWEEN HACKERS AND CRACKERS : csivvn : csi_vvn : csi_vvn
Hackers: A Hacker is a person who is extremely interested in exploring the things and recondite workings of any computer system or networking system. Most often, hackers are the expert programmers. These are also called Ethical Hackers or white hat hackers. And the technique or hacking they perform is called ethical hacking. Ethical Hacking Means you think like Hackers that is first you Hack the Systems and find out the loop holes and then try to correct those Loop Holes. These types of hackers protect the cyber world from every possible threat and fix the future coming security loop holes. These peoples are also called as "GURU's" of Computer Security. Significant Cyber Security India - SCSI : csivvn : csi_vvn : csi_vvn
Crackers: Crackers or Black Hat hackers or cheaters or simply criminals, they are called criminals because they are having the mindset of causing harm to security and they steals very useful data and use it in wrong ways. Phishers also come in this category who steals account info and steal your credit card nos. and money over the Net. Significant Cyber Security India - SCSI : csivvn : csi_vvn : csi_vvn
HOW HACKERS PERFORM THEIR HACK ATTACKS? : csivvn : csi_vvn : csi_vvn
There are several ways using which Hackers perform Hack attacks. How a hacker performs hacking attempt is solely dependent on Hacker but we can tell the fundamentals of doing it because fundamentals are always same. Most hackers architect their hacking attempt before performing a hacking attempt to understand what he is going to do and how he is going to perform it and how he will prevent himself from being caught. Hackers who hack without thinking anything prior are considered as novice hackers and they can be easily tracked or caught during the process because each step is important. Also chances of success increases when we follow some procedure rather than following nothing. HOW HACKERS PERFORM THEIR HACK ATTACKS? : csivvn : csi_vvn : csi_vvn
I have divided any hacking attempt into 5 different phases mentioned below: Phase 1: Information Gathering and Reconnaissance Phase 2: Scanning the target Phase 3: Breaking the system and Gaining the Access Phase 4: Maintaining the access without getting acknowledged Phase 5: Removing and covering traces This is how a hacking attempt is launched or performed. Now let’s learn these phases in detail to get a clear view. : csivvn : csi_vvn : csi_vvn
PHASE 1: INFORMATION GATHERING AND RECONNAISSANCE As the name suggests, in this phase we collect all the necessary information that we can gather or possible to gather. We can call this phase as preparatory phase also because this is where the preparation of hacking attempt is made. What is the use of this step? Practically this is one of the most important phases because this step helps us in evaluating the target and provides all basic information that we can be useful. : csivvn : csi_vvn : csi_vvn
Consider an example: I want to hack somebody’s Facebook account. Now what exactly we are looking in Information Gathering Phase; First whose Facebook account I want to hack, name of the user, his date of birth, his email address, his phone numbers(current and previous one if possible), his/her fiancé/spouse details, his city of birth, his education background, his favorite things, passions, hobbies etc. : csivvn : csi_vvn : csi_vvn
We all know that we can extract above mentioned things quite easily. Now how this can be useful. First we can use above information for launching Social Engineering attack (according to latest research 80% people use passwords that are related to above details). Secondly we can use these details to retrieve accounts or recover passwords. Thirdly, we can use his/her favorites/hobbies/passions to create a phishing/Key logging trap. We can do much more these are just examples. I hope this clears why this is so much important step or phase. : csivvn : csi_vvn : csi_vvn
PHASE 2: SCANNING THE TARGET This phase is applicable to selected category to hacking attempts like hacking networks, operating systems, web applications, web hosting servers etc. In this phase we launch a Port (in case of network) or URL (in case of Websites) to identify the vulnerability in the system like open ports or vulnerable URL’s. This is one of the most important steps for launching hacking attempts on websites or network servers or web servers. : csivvn : csi_vvn : csi_vvn
Consider an example: I want hack some website. In information gathering phase, I will identify all the basic details about the website and its admin or owner. In scan phase I will launch a URL scan to identify infected URL’s (URL’s that can vulnerable to Injection attacks, Cross Site scripting attacks, other script based attacks) and launch a scan on web server to identify anonymous logins or other FTP or port related bugs. : csivvn : csi_vvn : csi_vvn
PHASE 3: BREAKING THE SYSTEM AND GAINING THE ACCESS This is the step where the actual hacking attempt is launched. In this system hacker exploits the vulnerabilities that are found in the scanning phase to gain the access of the system. Continuing the above example, now user has identified that so and so URL is vulnerable to SQL Injection attack. Now in this phase Hacker will launch the SQL injection attack on the website to get the admin or root access. : csivvn : csi_vvn : csi_vvn
PHASE 4: MAINTAINING THE ACCESS WITHOUT GETTING ACKNOWLEDGED In this phase Hacker tries to maintain his ownership inside the victim’s system or web server. By ownership, I meant that we can upload, download, configure or manipulate the data whenever we want. : csivvn : csi_vvn : csi_vvn
Maintaining access depends upon the host system. For Example, if we have hacked into victim’s computer system, we will install key loggers, backdoors or spy root kits so that we can remain inside the victim’s system. Now if we have hacked into some website, then we will create one more admin user inside the database or change the file permissions or simply enable the anonymous login so that whenever we want, we can hack into website again. Hence the tools like key loggers, Rats, Trojans, spywares are general tools to maintain access into the system. : csivvn : csi_vvn : csi_vvn
PHASE 5: REMOVING AND COVERING TRACES This is one of the most important phase of any hacking attempt. This is the step where you cover your tracks or misdeeds from getting detected or being caught. This is necessary to avoid detection and most importantly to avoid legal action against you. : csivvn : csi_vvn : csi_vvn
This step generally involves deleting of logs, altering of logs, tunneling, proxifying your details including IP ad-dress and other important data. Why this is so important? : csivvn : csi_vvn : csi_vvn
I hacked into someone’s website and defaced it. Now if victim is good enough then he will check the upload logs. Upload logs contains the IP address and system details from which file has been upload and if he want he can lodge a complaint against you in cyber cell and believe me cyber cell hardly takes 10 minutes to reach anywhere. Then either you go to jail or need to pay defamation charges. Hence it’s always mandatory to cover your tracks to avoid legal action against you. Consider one example, : csivvn : csi_vvn : csi_vvn
: csivvn : csi_vvn : csi_vvn
Thanks to All Any Query? Call : +91.9099082532 : csivvn : csi_vvn : csi_vvn Like/Follow for Notification of Latest Cyber Security & Technology's Update.

Recommended

Introduction to Penetration Testing - By Cyber Expert Amish Patel - 8690029004
Introduction to Penetration Testing - By Cyber Expert Amish Patel - 8690029004Introduction to Penetration Testing - By Cyber Expert Amish Patel - 8690029004
Introduction to Penetration Testing - By Cyber Expert Amish Patel - 8690029004
Amish Patel
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
Octogence
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
btpsec
 
Nii sample pt_report
Nii sample pt_reportNii sample pt_report
Nii sample pt_report
Chandan Bagai, GWAPT, CEHv8, CCNA
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
Pen test methodology
Pen test methodologyPen test methodology
Pen test methodology
Cahyo Darujati
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modelling
Invisibits
 
Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015
Hitachi Solutions America, Ltd.
 

Recommended

Introduction to Penetration Testing - By Cyber Expert Amish Patel - 8690029004
Introduction to Penetration Testing - By Cyber Expert Amish Patel - 8690029004Introduction to Penetration Testing - By Cyber Expert Amish Patel - 8690029004
Introduction to Penetration Testing - By Cyber Expert Amish Patel - 8690029004
Amish Patel
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
Octogence
 
Btpsec Sample Penetration Test Report
Btpsec Sample Penetration Test ReportBtpsec Sample Penetration Test Report
Btpsec Sample Penetration Test Report
btpsec
 
Nii sample pt_report
Nii sample pt_reportNii sample pt_report
Nii sample pt_report
Chandan Bagai, GWAPT, CEHv8, CCNA
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
Yulian Slobodyan
 
Pen test methodology
Pen test methodologyPen test methodology
Pen test methodology
Cahyo Darujati
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modelling
Invisibits
 
Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015Security Testing Report Hitachi Application Q1 Sep 2015
Security Testing Report Hitachi Application Q1 Sep 2015
Hitachi Solutions America, Ltd.
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
n|u - The Open Security Community
 
Kali linux useful tools
Kali linux useful toolsKali linux useful tools
Kali linux useful tools
milad mahdavi
 
Accurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilegeAccurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilege
UltraUploader
 
Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overview
Supriya G
 
MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - Funcionamiento
Chema Alonso
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
Shruthi Reddy
 
Wm4
Wm4Wm4
Wm4
Umang Patel
 
Whitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest MindsWhitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest Minds
Happiest Minds Technologies
 
Automated malware invariant generation
Automated malware invariant generationAutomated malware invariant generation
Automated malware invariant generation
UltraUploader
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci compliance
Shiva Hullavarad
 
The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...
franco_bb
 
Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hyd
Rama krishna
 
Nss labs-breach-detection
Nss labs-breach-detectionNss labs-breach-detection
Nss labs-breach-detection
Michael Kurzidim
 
Ids 00 introduction_ intrusion detection & prevention systems
Ids 00 introduction_ intrusion detection & prevention systemsIds 00 introduction_ intrusion detection & prevention systems
Ids 00 introduction_ intrusion detection & prevention systems
jyoti_lakhani
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
Hadi Fadlallah
 
Class 8, 9 and 10
Class 8, 9 and 10Class 8, 9 and 10
Class 8, 9 and 10
Al Imam University
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
IJNSA Journal
 
Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016
Rihab Chebbah
 
Ethical hacking interview questions and answers
Ethical hacking interview questions and answersEthical hacking interview questions and answers
Ethical hacking interview questions and answers
ShivamSharma909
 
Certified Ethical Hacking (CEH V9) Course Details | EC-Council
Certified Ethical Hacking (CEH V9) Course Details | EC-CouncilCertified Ethical Hacking (CEH V9) Course Details | EC-Council
Certified Ethical Hacking (CEH V9) Course Details | EC-Council
CRAW CYBER SECURITY PVT LTD
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
ShivamSharma909
 

More Related Content

What's hot

Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
n|u - The Open Security Community
 
Kali linux useful tools
Kali linux useful toolsKali linux useful tools
Kali linux useful tools
milad mahdavi
 
Accurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilegeAccurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilege
UltraUploader
 
Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overview
Supriya G
 
MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - Funcionamiento
Chema Alonso
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
Shruthi Reddy
 
Wm4
Wm4Wm4
Wm4
Umang Patel
 
Whitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest MindsWhitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest Minds
Happiest Minds Technologies
 
Automated malware invariant generation
Automated malware invariant generationAutomated malware invariant generation
Automated malware invariant generation
UltraUploader
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci compliance
Shiva Hullavarad
 
The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...
franco_bb
 
Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hyd
Rama krishna
 
Nss labs-breach-detection
Nss labs-breach-detectionNss labs-breach-detection
Nss labs-breach-detection
Michael Kurzidim
 
Ids 00 introduction_ intrusion detection & prevention systems
Ids 00 introduction_ intrusion detection & prevention systemsIds 00 introduction_ intrusion detection & prevention systems
Ids 00 introduction_ intrusion detection & prevention systems
jyoti_lakhani
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
Hadi Fadlallah
 
Class 8, 9 and 10
Class 8, 9 and 10Class 8, 9 and 10
Class 8, 9 and 10
Al Imam University
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
IJNSA Journal
 
Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016
Rihab Chebbah
 

What's hot (19)

Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
Kali linux useful tools
Kali linux useful toolsKali linux useful tools
Kali linux useful tools
 
Accurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilegeAccurately detecting source code of attacks that increase privilege
Accurately detecting source code of attacks that increase privilege
 
Penetration testing overview
Penetration testing overviewPenetration testing overview
Penetration testing overview
 
MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - Funcionamiento
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
 
Wm4
Wm4Wm4
Wm4
 
Whitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest MindsWhitepaper: Network Penetration Testing - Happiest Minds
Whitepaper: Network Penetration Testing - Happiest Minds
 
Automated malware invariant generation
Automated malware invariant generationAutomated malware invariant generation
Automated malware invariant generation
 
Monitoring threats for pci compliance
Monitoring threats for pci complianceMonitoring threats for pci compliance
Monitoring threats for pci compliance
 
The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...The security mindset securing social media integrations and social learning...
The security mindset securing social media integrations and social learning...
 
Itis pentest slides hyd
Itis pentest slides hydItis pentest slides hyd
Itis pentest slides hyd
 
Nss labs-breach-detection
Nss labs-breach-detectionNss labs-breach-detection
Nss labs-breach-detection
 
Ids 00 introduction_ intrusion detection & prevention systems
Ids 00 introduction_ intrusion detection & prevention systemsIds 00 introduction_ intrusion detection & prevention systems
Ids 00 introduction_ intrusion detection & prevention systems
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
 
Class 8, 9 and 10
Class 8, 9 and 10Class 8, 9 and 10
Class 8, 9 and 10
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
 
Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016Microsoft threat modeling tool 2016
Microsoft threat modeling tool 2016
 

Similar to Exploring Ethical Hacking - By Cyber Expert Amish Patel - 8690029004

Ethical hacking interview questions and answers
Ethical hacking interview questions and answersEthical hacking interview questions and answers
Ethical hacking interview questions and answers
ShivamSharma909
 
Certified Ethical Hacking (CEH V9) Course Details | EC-Council
Certified Ethical Hacking (CEH V9) Course Details | EC-CouncilCertified Ethical Hacking (CEH V9) Course Details | EC-Council
Certified Ethical Hacking (CEH V9) Course Details | EC-Council
CRAW CYBER SECURITY PVT LTD
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
ShivamSharma909
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Infosectrain3
 
Adaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber AttacksAdaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber Attacks
Jermund Ottermo
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
slametarrokhim1
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Asaduzzaman Kanok
 
Know All About Certified Ethical Hacking (CEH v9) Course
Know All About Certified Ethical Hacking (CEH v9) CourseKnow All About Certified Ethical Hacking (CEH v9) Course
Know All About Certified Ethical Hacking (CEH v9) Course
Mercury Solutions Limited
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
Sripati Mahapatra
 
Module 4 (enumeration)
Module 4 (enumeration)Module 4 (enumeration)
Module 4 (enumeration)
Wail Hassan
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
ITpreneurs
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
Vivek Chauhan
 
eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...
eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...
eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
Muhammad FAHAD
 
(SACON) Wayne Tufek - chapter two - kill chain
(SACON) Wayne Tufek - chapter two - kill chain(SACON) Wayne Tufek - chapter two - kill chain
(SACON) Wayne Tufek - chapter two - kill chain
Priyanka Aash
 
Synchronized security
Synchronized securitySynchronized security
Synchronized security
DefCom Technology
 
TM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptxTM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptx
MohammedYusuf609377
 
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxDomain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Infosectrain3
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
 
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainSEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill Chain
Erik Van Buggenhout
 

Similar to Exploring Ethical Hacking - By Cyber Expert Amish Patel - 8690029004 (20)

Ethical hacking interview questions and answers
Ethical hacking interview questions and answersEthical hacking interview questions and answers
Ethical hacking interview questions and answers
 
Certified Ethical Hacking (CEH V9) Course Details | EC-Council
Certified Ethical Hacking (CEH V9) Course Details | EC-CouncilCertified Ethical Hacking (CEH V9) Course Details | EC-Council
Certified Ethical Hacking (CEH V9) Course Details | EC-Council
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
 
Adaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber AttacksAdaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber Attacks
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Know All About Certified Ethical Hacking (CEH v9) Course
Know All About Certified Ethical Hacking (CEH v9) CourseKnow All About Certified Ethical Hacking (CEH v9) Course
Know All About Certified Ethical Hacking (CEH v9) Course
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
 
Module 4 (enumeration)
Module 4 (enumeration)Module 4 (enumeration)
Module 4 (enumeration)
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
 
eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...
eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...
eForensics Magazine - HOW TO STEAL GMAIL CREDENTIALS USING SE-TOOLKIT – A CA...
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
 
(SACON) Wayne Tufek - chapter two - kill chain
(SACON) Wayne Tufek - chapter two - kill chain(SACON) Wayne Tufek - chapter two - kill chain
(SACON) Wayne Tufek - chapter two - kill chain
 
Synchronized security
Synchronized securitySynchronized security
Synchronized security
 
TM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptxTM112 Meeting10-Dangerous Data.pptx
TM112 Meeting10-Dangerous Data.pptx
 
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxDomain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
SEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill ChainSEC599 - Breaking The Kill Chain
SEC599 - Breaking The Kill Chain
 

Recently uploaded

The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
History of Stoke Newington
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
paigestewart1632
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
RAHUL
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
Celine George
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
Celine George
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
Dr. Shivangi Singh Parihar
 
Life upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for studentLife upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for student
NgcHiNguyn25
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
PECB
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
GeorgeMilliken2
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
Colégio Santa Teresinha
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
chanes7
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
eBook.com.bd (প্রয়োজনীয় বাংলা বই)
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
Priyankaranawat4
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
Jean Carlos Nunes Paixão
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
Community pharmacy- Social and preventive pharmacy UNIT 5
Community pharmacy- Social and preventive pharmacy UNIT 5Community pharmacy- Social and preventive pharmacy UNIT 5
Community pharmacy- Social and preventive pharmacy UNIT 5
sayalidalavi006
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
Nguyen Thanh Tu Collection
 

Recently uploaded (20)

The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
 
Life upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for studentLife upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for student
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
 
clinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdfclinical examination of hip joint (1).pdf
clinical examination of hip joint (1).pdf
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
Community pharmacy- Social and preventive pharmacy UNIT 5
Community pharmacy- Social and preventive pharmacy UNIT 5Community pharmacy- Social and preventive pharmacy UNIT 5
Community pharmacy- Social and preventive pharmacy UNIT 5
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
 

Exploring Ethical Hacking - By Cyber Expert Amish Patel - 8690029004

  • 1. Exploring Ethical Hacking Behind Hackers and Security : csivvn : csi_vvn : csi_vvn
  • 2. Topics Covered :  Information Security  Information Security Threats  Hacking Explained  5 Phases For Hackers & Investigator  Social Engineering & Techniques  Need of Ethical Hacker : csivvn : csi_vvn : csi_vvn
  • 3. Information Security  Information Security is not all about securing information from unauthorized access. Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Information can be physical or electrical one. Information can be anything like Your details or we can say your profile on social media, your data in mobile phone, your biometrics etc. Thus Information Security spans so many research areas like Cryptography, Mobile Computing, Cyber Forensics, Online Social Media etc.  Information Security programs are build around 3 + 2 objectives, commonly known as CIA & AN. Cont.. : csivvn : csi_vvn : csi_vvn
  • 5. Information Security  Confidentiality – means information is not disclosed to unauthorized individuals, entities and process. For example if we say I have a password for my Gmail account but someone saw while I was doing a login into Gmail account. In that case my password has been compromised and Confidentiality has been breached.  Integrity – means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorized way. For example if an employee leaves an organization then in that case data for that employee in all departments like accounts, should be updated to reflect status to JOB LEFT so that data is complete and accurate and in addition to this only authorized person should be allowed to edit employee data.  Availability – means information must be available when needed. For example if one needs to access information of a particular employee to check whether employee has outstanded the number of leaves, in that case it requires collaboration from different organizational teams like network operations, development operations, incident response and policy/change management. Denial of service attack is one of the factor that can hamper the availability of information. : csivvn : csi_vvn : csi_vvn
  • 6. Information Security  Authenticity – means verifying that users are who they say they are and that each input arriving at destination is from a trusted source. This principle if followed guarantees the valid and genuine message received from a trusted source through a valid transmission. For example if take above example sender sends the message along with digital signature which was generated using the hash value of message and private key. Now at the receiver side this digital signature is decrypted using the public key generating a hash value and message is again hashed to generate the hash value. If the 2 value matches then it is known as valid transmission with the authentic or we say genuine message received at the recipient side  Non repudiation – means one party cannot deny receiving a message or a transaction nor can the other party deny sending a message or a transaction. For example in cryptography it is sufficient to show that message matches the digital signature signed with sender’s private key and that sender could have a sent a message and nobody else could have altered it in transit. Data Integrity and Authenticity are pre-requisites for Non repudiation. : csivvn : csi_vvn : csi_vvn
  • 7. 1)3 Types of Information Security Threats 1.) Network Threats Identify Vulnerabilities Spoofing Man-in-The Middle Attack Sniffing Session Hijacking Dos/DDoS Attack ARP & DNS Poisoning Compromised Key Attack Network Threats : csivvn : csi_vvn : csi_vvn
  • 8. 1)3 Types of Information Security Threats 2.) Host Threats Host Threats Malware Threat Backdoor Attacks Password Cracking : csivvn : csi_vvn : csi_vvn
  • 9. 1)3 Types of Information Security Threats 3.) Application Threats Application Threats Authorization Attacks Authentication Attack Buffer Overflow Attack SQL injection False Error Handling Security Miss- Configuration : csivvn : csi_vvn : csi_vvn
  • 10. WHAT IS HACK?? : csivvn : csi_vvn : csi_vvn
  • 11. Technically, Hack is overriding or modifying stuff to achieve something uncommon to normal user say overriding normal procedures of doing things or modifying things to achieve something hidden or uncommon. WHAT IS HACK?? : csivvn : csi_vvn : csi_vvn
  • 13. Let’s understand it with an example. Suppose we wish to change the administrator password of windows operating system. Now we all know that we can change windows password by following below procedure: For windows operating system: GO TO CONTROL PANEL >USER ACCOUNTS >SELECT USER >CHANGE PASS-WORD >SAVE NEW PASSWORD. : csivvn : csi_vvn : csi_vvn
  • 14. The above explained procedure is normal way that users use to change windows administrator or users password. : csivvn : csi_vvn : csi_vvn
  • 15. But we all know that there are several uncommon ways of changing windows administrator or users password. These ways is what we call HACK. : csivvn : csi_vvn : csi_vvn
  • 16. Now in above explained procedure won’t work if I don’t have administrator rights or I forgot the administrator password. Now how I will change the administrator password or unlock system. : csivvn : csi_vvn : csi_vvn
  • 17. Here the term Hack and Hacker will come into picture. Now we have to use un-common ways to achieve the target as normal procedure is no longer working in our situation. : csivvn : csi_vvn : csi_vvn
  • 18. We can do above tasks by several methods according to levels of Hackers. : csivvn : csi_vvn : csi_vvn
  • 19. Novice Users: They will format the windows operating system or will take experts help. Script Kiddies (beginner level hackers): They will use Linux live disks or Emergency rescue disks to reset the password. Medium Level Hackers (who have good knowledge of system and hacking tools): They will use advance Hacking tools like OPHCrack or Backtrack OS to retrieve the password. Elite Hackers (expert level hackers): Why to use any third party tool (know how to do with third party tools): when I can do this manually by breaking into sys-tem root and reset it. I will explain all the above methods in forthcoming classes but I want to tell the elite one’s procedure to give you an idea about up to what level we will learn things. : csivvn : csi_vvn : csi_vvn
  • 20. So below is the procedure how Elite Hackers will do: Elite Hackers do things based on situations say how I will do if it’s my own system and if it’s somebody else’s system (i.e. I want to break into his/her system without getting tracked). If it’s my own system, I have two choices: First, I can reset the password and Second, I can retrieve the password. If it’s somebody else’s system, I am left with only one choice i.e. I need to retrieve the password because if I reset it then victim will know that somebody’s has broken into his/her system and you cannot call yourself elite if you can be tracked. : csivvn : csi_vvn : csi_vvn
  • 21. So as a elite hacker I will try to retrieve the administrator password without getting tracked or caught and its simplest way is using OPHCrack Live CD because this is the only possible way to retrieve the existing password without resetting it. All other methods reset the windows password. Alternatively, I will insert windows operating system CD/DVD and try to retrieve the windows password encrypted file and then decrypt it at my own system. I will share the exact methods in later classes. : csivvn : csi_vvn : csi_vvn
  • 22. WHAT IS HACKING?? : csivvn : csi_vvn : csi_vvn
  • 23. Hacking is derived by merging two words HACK and ING i.e. Hack and its working. Technically, Hacking is an art of exploring uncommon things or modifying things to achieve uncommon functionalities. : csivvn : csi_vvn : csi_vvn
  • 24. When I frankly asked people, why you want to learn Hacking? This is the reply what I got: 1. I want to hack my friends emails and Facebook >> 40% 2. I want to have fun >> 30% 3. I want to become security professional or Ethical Hacker >> 15% 4. I want to see what my girlfriend is doing >> 11% 5. I want to take revenge >> 3% 6. I want to learn cool stuff >> 1% See only 16% people (15% Ethical hackers + 1% learn cool stuff) want to learn ethical hacking for good reasons. I will teach you everything but it’s solely your decision what’s your reason to learn Hacking. : csivvn : csi_vvn : csi_vvn
  • 25. MOST IMPORTANT TERMS..!! : csivvn : csi_vvn : csi_vvn
  • 26. MOST IMPORTANT TERMS..!! Threat – An action or event that might compromise security. Usually a threat is a potential violation of security. Exploit – It is defined way to breach the security of a computer or network system through vulnerabilities found during system analysis or penetration testing. Vulnerability –It is a weakness, design, or implementation error that can lead to an unexpected, undesirable event or module compromising the security of the sys-tem. Target – Target can be any system or network or web application which a Hacker wishes to hack. Attack – Attack is basically system violation which is launched against any system or network or web application. Security – It is a set of rules which are made to harden system so that others can-not penetrate into the system. : csivvn : csi_vvn : csi_vvn
  • 27. “We cannot make a system which is completely unhackable; we can only make system harden so that it cannot be hacked.” : csivvn : csi_vvn : csi_vvn
  • 28. CAN HACKING BE ETHICAL? Significant Cyber Security India - SCSI : csivvn : csi_vvn : csi_vvn
  • 29. IF YES, THEN HOW AND WHAT IS ETHICAL? Yes, Hacking can be Ethical. Major companies nowadays are expanding their business to attract web users and we all know web world is still unsecure. So these companies hire hackers to test their website against several hacking attempts. This is also called Penetration testing. Hence, Companies by themselves allows hackers to hack their web application to test the security of their web application. So the hackers which got the authority from company to hack their system are called Ethical Hackers or Professional Hackers. : csivvn : csi_vvn : csi_vvn
  • 30. For performing such tasks Ethical hackers are handsomely paid. In IT world terminology this type of Hacking is referred as Penetration testing. Is this the only way to become Ethical Hacker? : csivvn : csi_vvn : csi_vvn
  • 31. Answer is absolutely NO. There are several hackers who find out the bugs in the web application or system and report them back to company instead of using those bugs to attack the web application. This type of hackers are also considered as Ethical Hacker but technically there is separate term defined in hacking world for such hackers which is known as Grey Hat Hackers. : csivvn : csi_vvn : csi_vvn
  • 32. DIFFERENCE BETWEEN HACKERS AND CRACKERS Significant Cyber Security India - SCSI : csivvn : csi_vvn : csi_vvn
  • 33. There is a very thin line difference between the hacker and cracker. Like a coin has two faces heads or tails, similar is true for computer experts. Some uses their techniques and expertise to help the others and secure the systems or networks and some misuses them and use that for their own selfish reasons. There are several traditional ways that determines the difference between the hackers and crackers. I will provide you these ways in order of their acceptance in the computer and IT market. First of all, let me provide you the basic definitions of both hackers and crackers. DIFFERENCE BETWEEN HACKERS AND CRACKERS : csivvn : csi_vvn : csi_vvn
  • 34. Hackers: A Hacker is a person who is extremely interested in exploring the things and recondite workings of any computer system or networking system. Most often, hackers are the expert programmers. These are also called Ethical Hackers or white hat hackers. And the technique or hacking they perform is called ethical hacking. Ethical Hacking Means you think like Hackers that is first you Hack the Systems and find out the loop holes and then try to correct those Loop Holes. These types of hackers protect the cyber world from every possible threat and fix the future coming security loop holes. These peoples are also called as "GURU's" of Computer Security. Significant Cyber Security India - SCSI : csivvn : csi_vvn : csi_vvn
  • 35. Crackers: Crackers or Black Hat hackers or cheaters or simply criminals, they are called criminals because they are having the mindset of causing harm to security and they steals very useful data and use it in wrong ways. Phishers also come in this category who steals account info and steal your credit card nos. and money over the Net. Significant Cyber Security India - SCSI : csivvn : csi_vvn : csi_vvn
  • 36. HOW HACKERS PERFORM THEIR HACK ATTACKS? : csivvn : csi_vvn : csi_vvn
  • 37. There are several ways using which Hackers perform Hack attacks. How a hacker performs hacking attempt is solely dependent on Hacker but we can tell the fundamentals of doing it because fundamentals are always same. Most hackers architect their hacking attempt before performing a hacking attempt to understand what he is going to do and how he is going to perform it and how he will prevent himself from being caught. Hackers who hack without thinking anything prior are considered as novice hackers and they can be easily tracked or caught during the process because each step is important. Also chances of success increases when we follow some procedure rather than following nothing. HOW HACKERS PERFORM THEIR HACK ATTACKS? : csivvn : csi_vvn : csi_vvn
  • 38. I have divided any hacking attempt into 5 different phases mentioned below: Phase 1: Information Gathering and Reconnaissance Phase 2: Scanning the target Phase 3: Breaking the system and Gaining the Access Phase 4: Maintaining the access without getting acknowledged Phase 5: Removing and covering traces This is how a hacking attempt is launched or performed. Now let’s learn these phases in detail to get a clear view. : csivvn : csi_vvn : csi_vvn
  • 39. PHASE 1: INFORMATION GATHERING AND RECONNAISSANCE As the name suggests, in this phase we collect all the necessary information that we can gather or possible to gather. We can call this phase as preparatory phase also because this is where the preparation of hacking attempt is made. What is the use of this step? Practically this is one of the most important phases because this step helps us in evaluating the target and provides all basic information that we can be useful. : csivvn : csi_vvn : csi_vvn
  • 40. Consider an example: I want to hack somebody’s Facebook account. Now what exactly we are looking in Information Gathering Phase; First whose Facebook account I want to hack, name of the user, his date of birth, his email address, his phone numbers(current and previous one if possible), his/her fiancé/spouse details, his city of birth, his education background, his favorite things, passions, hobbies etc. : csivvn : csi_vvn : csi_vvn
  • 41. We all know that we can extract above mentioned things quite easily. Now how this can be useful. First we can use above information for launching Social Engineering attack (according to latest research 80% people use passwords that are related to above details). Secondly we can use these details to retrieve accounts or recover passwords. Thirdly, we can use his/her favorites/hobbies/passions to create a phishing/Key logging trap. We can do much more these are just examples. I hope this clears why this is so much important step or phase. : csivvn : csi_vvn : csi_vvn
  • 42. PHASE 2: SCANNING THE TARGET This phase is applicable to selected category to hacking attempts like hacking networks, operating systems, web applications, web hosting servers etc. In this phase we launch a Port (in case of network) or URL (in case of Websites) to identify the vulnerability in the system like open ports or vulnerable URL’s. This is one of the most important steps for launching hacking attempts on websites or network servers or web servers. : csivvn : csi_vvn : csi_vvn
  • 43. Consider an example: I want hack some website. In information gathering phase, I will identify all the basic details about the website and its admin or owner. In scan phase I will launch a URL scan to identify infected URL’s (URL’s that can vulnerable to Injection attacks, Cross Site scripting attacks, other script based attacks) and launch a scan on web server to identify anonymous logins or other FTP or port related bugs. : csivvn : csi_vvn : csi_vvn
  • 44. PHASE 3: BREAKING THE SYSTEM AND GAINING THE ACCESS This is the step where the actual hacking attempt is launched. In this system hacker exploits the vulnerabilities that are found in the scanning phase to gain the access of the system. Continuing the above example, now user has identified that so and so URL is vulnerable to SQL Injection attack. Now in this phase Hacker will launch the SQL injection attack on the website to get the admin or root access. : csivvn : csi_vvn : csi_vvn
  • 45. PHASE 4: MAINTAINING THE ACCESS WITHOUT GETTING ACKNOWLEDGED In this phase Hacker tries to maintain his ownership inside the victim’s system or web server. By ownership, I meant that we can upload, download, configure or manipulate the data whenever we want. : csivvn : csi_vvn : csi_vvn
  • 46. Maintaining access depends upon the host system. For Example, if we have hacked into victim’s computer system, we will install key loggers, backdoors or spy root kits so that we can remain inside the victim’s system. Now if we have hacked into some website, then we will create one more admin user inside the database or change the file permissions or simply enable the anonymous login so that whenever we want, we can hack into website again. Hence the tools like key loggers, Rats, Trojans, spywares are general tools to maintain access into the system. : csivvn : csi_vvn : csi_vvn
  • 47. PHASE 5: REMOVING AND COVERING TRACES This is one of the most important phase of any hacking attempt. This is the step where you cover your tracks or misdeeds from getting detected or being caught. This is necessary to avoid detection and most importantly to avoid legal action against you. : csivvn : csi_vvn : csi_vvn
  • 48. This step generally involves deleting of logs, altering of logs, tunneling, proxifying your details including IP ad-dress and other important data. Why this is so important? : csivvn : csi_vvn : csi_vvn
  • 49. I hacked into someone’s website and defaced it. Now if victim is good enough then he will check the upload logs. Upload logs contains the IP address and system details from which file has been upload and if he want he can lodge a complaint against you in cyber cell and believe me cyber cell hardly takes 10 minutes to reach anywhere. Then either you go to jail or need to pay defamation charges. Hence it’s always mandatory to cover your tracks to avoid legal action against you. Consider one example, : csivvn : csi_vvn : csi_vvn
  • 51. Thanks to All Any Query? Call : +91.9099082532 : csivvn : csi_vvn : csi_vvn Like/Follow for Notification of Latest Cyber Security & Technology's Update.