Learn all about hacking and penetration testing. The phases in hacking, the process of hacking and then learning what is penetration testing. Also get a sense of cyber crimes and cyber security
Learn what is social engineering attack. It includes the social engineering techniques like shoulder surfing, eavesdropping, baiting, Tailgating, phishing, spear phishing and pretexting.
Social Engineering as the Art of "Human OS" hacking
Main points of the presentation (1) Overall introduction on social engineering (2) Case studies (3) Defending against Social Engineering.
for: http://armsec.org/
Attacker uses human interaction to obtain or compromise information.Attacker my appear unassuming or respectable
Pretend to be a new employee, repair man,
May even offer credentials.
By:Maulik Kotak
Learn what is social engineering attack. It includes the social engineering techniques like shoulder surfing, eavesdropping, baiting, Tailgating, phishing, spear phishing and pretexting.
Social Engineering as the Art of "Human OS" hacking
Main points of the presentation (1) Overall introduction on social engineering (2) Case studies (3) Defending against Social Engineering.
for: http://armsec.org/
Attacker uses human interaction to obtain or compromise information.Attacker my appear unassuming or respectable
Pretend to be a new employee, repair man,
May even offer credentials.
By:Maulik Kotak
What is Social Engineering? An illustrated presentation.Pratum
Social engineering relies profoundly on human interaction and often involves the misleading of employees into violating their organization’s security procedures. Humans are naturally helpful, but when it comes to protecting an organization’s security, being helpful to an outsider can do more harm than good.
These slides discuss social engineering, the most common attack methods, and the best means for defending against a social engineering attack.
For more helpful cyber security blog articles, visit www.integritysrc.com/blog.
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
Social engineering is not just a supporting process to obtain system access; it could be the main attack. Organizations that focus only on a narrow definition of social engineering as an attack vector to obtain system access will fail to create awareness of all other possible social engineering attack methods.
Social Engineering is a kind of advance persistent threat (APT) that gains private and sensitive information through social networks or other types of communication
Presentation of Social Engineering - The Art of Human Hackingmsaksida
Nowadays if you want to hack a corporation or damage a personal "enemy" fast, Social Engineering techniques work every time and more often than not it works the first time. Within the presentation you will be able to learn what social engineering is, types of social engineering and related threats.
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
Social engineering is a growing industry. Even the biggest companies as well as technology-savvy individuals fall victim to social engineering attacks. This training deck will help you understand the different types of social engineering attacks and how to protect your assets and data.
Credits:
Photos - unsplash, pixabay, flaticons
Presentation by: Jam Rivera
This slide gives a brief description of social engineering, its classcification, attack environment and various impersonation scenario which will give the audinece a sound knowledge on social engineering technique.
Introduction to Basic Social Engineering. It is based on the session delivered by Neelu Tripathy in InfoSec Girls meet up detailing some methods of how social engineering is performed in the industry.
An introductory session about Social Engineering presented at ICT Nuggets Forum - Khartoum, organized by Duko team. We talked about what is social engineering? terms related to it? and how attacks can bee carried. We also told a lot of stories about successful social engineering attacks and how much damage they did. Finally we talked about how to protect yourself and your company social engineering attacks.
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignPratum
A thorough penetration testing campaign involves social engineering, vulnerability scanning, and the manual hacking of computer systems, networks, and web applications. Follow this infographic to learn more about the various elements of a complete penetration test.
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
One of today's most challenging security issues is social engineering defense. Despite evidence proving the impact of a social engineering attack, we often see inadequate incident response plans in place. In this talk, we will share our experiences about what organizations are doing when (or, more commonly, if) they detect an attack, steps to strengthen the social engineering defensive strategy, and what best practices to enforce for the strongest possible security posture.
What is Social Engineering? An illustrated presentation.Pratum
Social engineering relies profoundly on human interaction and often involves the misleading of employees into violating their organization’s security procedures. Humans are naturally helpful, but when it comes to protecting an organization’s security, being helpful to an outsider can do more harm than good.
These slides discuss social engineering, the most common attack methods, and the best means for defending against a social engineering attack.
For more helpful cyber security blog articles, visit www.integritysrc.com/blog.
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
Social engineering is not just a supporting process to obtain system access; it could be the main attack. Organizations that focus only on a narrow definition of social engineering as an attack vector to obtain system access will fail to create awareness of all other possible social engineering attack methods.
Social Engineering is a kind of advance persistent threat (APT) that gains private and sensitive information through social networks or other types of communication
Presentation of Social Engineering - The Art of Human Hackingmsaksida
Nowadays if you want to hack a corporation or damage a personal "enemy" fast, Social Engineering techniques work every time and more often than not it works the first time. Within the presentation you will be able to learn what social engineering is, types of social engineering and related threats.
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
Social engineering is a growing industry. Even the biggest companies as well as technology-savvy individuals fall victim to social engineering attacks. This training deck will help you understand the different types of social engineering attacks and how to protect your assets and data.
Credits:
Photos - unsplash, pixabay, flaticons
Presentation by: Jam Rivera
This slide gives a brief description of social engineering, its classcification, attack environment and various impersonation scenario which will give the audinece a sound knowledge on social engineering technique.
Introduction to Basic Social Engineering. It is based on the session delivered by Neelu Tripathy in InfoSec Girls meet up detailing some methods of how social engineering is performed in the industry.
An introductory session about Social Engineering presented at ICT Nuggets Forum - Khartoum, organized by Duko team. We talked about what is social engineering? terms related to it? and how attacks can bee carried. We also told a lot of stories about successful social engineering attacks and how much damage they did. Finally we talked about how to protect yourself and your company social engineering attacks.
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignPratum
A thorough penetration testing campaign involves social engineering, vulnerability scanning, and the manual hacking of computer systems, networks, and web applications. Follow this infographic to learn more about the various elements of a complete penetration test.
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
One of today's most challenging security issues is social engineering defense. Despite evidence proving the impact of a social engineering attack, we often see inadequate incident response plans in place. In this talk, we will share our experiences about what organizations are doing when (or, more commonly, if) they detect an attack, steps to strengthen the social engineering defensive strategy, and what best practices to enforce for the strongest possible security posture.
This is the small Presentation of ethical hacking you can Present this in seminar presentation Subject..
i can describe in this presentation small small things i means to say types of hacking Application & Features, Advantages & Disadvantages and many more..
This is a presentation I gave to senior high school students. The 1st part is an overview the 2nd part is more detailed on the ways to perform the Ethical Hacking.
Need my help? Contact Keith Brooks via one of the following ways:
Blog http://blog.vanessabrooks.com
Twitter http://twitter.com/lotusevangelist
http://about.me/keithbrooks
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s
viewpoint so systems can be better secured. It’s part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
Similar to Hacking and Penetration Testing - a beginners guide (20)
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
2. ● 500 hrs of video uploaded on YouTube
● 3.3million Facebook posts
● 448,800 tweets
● 65972 photos are uploaded on Instagram
● 29 million whatsapp messages are sent
Report credit - cuencatechlife
● 1440 wordpress posts are published
60 Seconds on
Internet
3. Cyber crimes
** Hacking is the major reason behind cyber crimes **
● Unauthorized access in computer or network
● Spreading malwares or viruses to harm the system
● Data manipulation or Data theft
● Cyber espionage or spying
● Child pornography
● Committing fraud
“Offences that are committed against individuals or groups of individuals with a
criminal motive by using computer, mobile or any digital medium are called
cyber crimes.”
“To solve and investigate the cyber crimes, Digital forensics comes into the picture.”
4. Cyber Security
“Cyber security is the concept of securing the computers, networks
and Data from any unauthorized access or activity”
** Penetration Testing is the best countermeasure to defend against cyber crimes **
● Countermeasures taken to prevent your network, application or system from being
hacked is cyber security.
● Cybersecurity experts have deep knowledge of how Network, computer, applications,
Database and website works
● They use their skills to shield the services against any cyber attacks
“To solve and investigate the cyber crimes, Digital forensics comes into the picture.”
5. Motives behind cyber attack
Disrupting business reputation Data Manipulation Data theft
Identity theft Financial frauds Cyber espionage
Cyber terrorism Propaganda spreading Spreading religious tensions
6. Networks
Information gathering
Spoofing & tricking
Session hijacking or MIM
DOS (Denial of service)
DNS and ARP poisoning
Sniffing and Eavesdropping
Application
Field validations
Authentication and authorization
attacks
SQL injection
Cryptographic attacks
Security Misconfiguration
Broken session management
Host
Footprinting
Malware attacks
Password attacks
Backdoor attacks
Physical security threats
Denial of service (DoS or DDos)
Security threat types
7. What is hacking?
“Gaining an unauthorized access in computer, network or
Database to do malicious activity is called hacking”
All hackers aren’t bad people.
● Hacking is illegal if done in an unauthorized manner or without any pre approval
● Even human nature have many vulnerabilities that can be exploited to gain confidential
information and that’s called social Engineering.
● An illegal hacking is performed by black hat hackers
8. What is Ethical hacking?
“If hacking is done with a pre approval by authorized admin
then it’s called ethical hacking.”
● Ethical hacking is legal if done with an authorized admin approval
● The reason of performing ethical hacking is to find and fix the security
vulnerabilities so that system can be defended against any cyber attack.
● Ethical hacking is performed by white hat hackers
CEH or Certified Ethical Hacker (CEH) is a qualification obtained by assessing the security
of computer systems, using penetration testing techniques.
9. Result - Blocked Iran's Nuclear
Program
● It disrupted the operations of Siemens
centrifuges in nuclear power plants,
making them spin at uneven speeds
"My opinion is that the Mossad is involved, but that the
leading force is not Israel. The leading force behind Stuxnet is
the cyber superpower – there is only one; and that's the
United States."
- Kevin Hogan, Senior Director of Security Response
at Symantec
The great example - stuxnet
10. Result - 200,000 computers were
infected across 150 countries
● The WannaCry ransomware attack was a
May 2017 worldwide cyberattack by the
WannaCry ransomware cryptoworm
● It targeted computers running the
Microsoft Windows operating system by
encrypting data and demanding ransom
payments in the Bitcoin cryptocurrency
The great example - wannacry
11. types of - hackers
BLACK HAT - They use hacking skills for destructive and malicious
activities.
WHITE HAT - They use hacking skill to defend against any sort of
cyber attack.
GRAY HAT - They use hacking skills for both offensive and
defensive purposes.
12. Elite hackers: Elite hacker are the most skilled hackers.
Script kiddie : They are unskilled hacker who breaks into computer systems by using
automated tools
Neophyte: Someone who is new to hacking and has no knowledge of hacking or how
technology works
Hacktivist: A hacktivist is a hacker who utilizes technology to publicize a social, ideological,
religious or political message.
Nation state hackers: Intelligence agencies and cyber warfare operatives of nation states.
The types of - hackers
Blue hat hackers: A blue hat hacker is someone outside computer security consulting firms
who is used to security test a system prior to its launch.
13. VAPT - vulnerability assessment & Penetration Testing
“A vulnerability assessment is the process of identifying,
quantifying, and prioritizing (or ranking) the vulnerabilities in a
system.”
Vulnerability assessment is done to :
● Identify the weakness in system
● Measure the effectiveness against any attack
NETWORK VULNERABILITY ASSESSMENT TOOLS
● Nmap
● OpenVAS
● Wireshark
● Metasploit
● MBSA (Microsoft baseline security analyzer)
WEB VULNERABILITY ASSESSMENT TOOLS
● OWASP ZAP
● Acunetix
● Burp suite
● Nikto
● sqlmap
15. Active Assessment
Using a network scanner to find hosts, services and vulnerabilities.
Passive Assessment
A technique used to sniff the network to find hosts, services and
vulnerabilities.
vulnerability assessment types
Internal Assessment
A technique used to assess internal infrastructure.
External Assessment
A technique used by krackers to assess from outside to find the
vulnerability.
Wireless network
Assessment
Assessing wireless
network to penetrate in
network.
Host based
Assessment
Determines the
vulnerability in a specific
server or computer.
Application & DB
Assessing an application,
website or database for
any misconfiguration.
Physical security
Assessment
Assessing the physical
security to reach out to
network or computer.
Network Assessment
Assessing network to find
the network
vulnerabilities.
16. Penetration Testing or Security Testing
● Pen testers are usually certified white hat hackers or LPTs (licensed pen testers)
● Pen testers reports that how a vulnerability can be exploited
● Pen testers also report that how to patch the issue in properly documented report
“Pen testing is the process of finding and reporting security
vulnerabilities in network, computer or application in order to secure it
with any sort of attacks.”
A penetration test, also known as a pen test, is an authorized simulated attack on a computer
system that looks for security weaknesses, potentially gaining access to the system's features
and data.
17. ETHICAL HACKING
“Ethical hacking focuses on using all
techniques to find and exploit the
vulnerabilities.”
Main target is to break in the system
Ethical hacking is an offensive
measure
PEN TESTING
“Pen testing focuses on finding all
vulnerabilities in the network,
computer or application.”
Main target is to defend the system
against any threat
Pen testing is defensive measure
Ethical hacking vs Penetration Testing
18. types of - pen testers
BLACK HAT - With no prior knowledge of network, computer or
application that needs to be tested.
WHITE HAT - With complete knowledge of network, computer or
application that needs to be tested.
GRAY HAT - With limited knowledge of network, computer or application
that needs to be tested.
19. Technical skills
In depth knowledge of operating systems
In depth knowledge of servers
In depth knowledge of Networks
In depth knowledge of hacking tools and
technologies
Should be an expert in exploiting the vulnerabilities
Behavioural skills
Ability to learn quickly
Awareness of law of the land
Target company's code of conduct and policies
Should be quick to find the loopholes in
Should update themselves with new technologies
and tools
Skills required for - hackers / pen testers
20. Network services
Penetration testing can be performed on
Application test
Web services test
Web site test
Wireless network test
Database test
Social engineering
22. 1. Footprinting
2. Scanning
3. Gaining Access
4. Maintaining
Access
5. Clearing tracks
Gathering preliminary information before attacks
Scanning the target system or network to find the open ports
The term refers to when an attacker gains the access in NETWORK,
SYSTEM or APPLICATION
In this phase attacker tries to remains the control of network or
application
This is the final phase of hacking, where attacker delete all the
evidences and logs
pen testing / hacking phases
23. Cross site scripting (xss)
SQL Injection
Session hijacking
Parameter manipulation
Buffer Overflow
Denial of service
Weak authentication and session management
Security misconfiguration
Computer security threats
24. Malwares
ransomware
SQL injection
software which is specifically designed to disrupt, damage, or gain
authorized access to a computer system. Ex - virus, worms,
spywares, backdoors
It blocks access to data or system if unless a ransom is paid. Ex -
wannacry
Injection is a code injection technique to hack into database using
website client end.
D-DoS
Distributed denial of service attack makes a system resource
unresponsive to actual intended users.
Security threats (1/2)
25. Pharming
Wireless network
Botnets
Pharming is a cyber attack intended to redirect a website's traffic to
another, fake site.
User attacks on the wireless network to gain access in an organization’s or
individual’s network
Botnets can be used to perform distributed denial-of-service attack
(DDoS attack), steal data, send spam, and allow the attacker access to the
device and its connection
Phishing
Trojans
Phishing is a technique used to get a person in confidence and to get
confidential detail or do fraud
Trojan horse is a type of virus that looks like a legitimate software and once
user installs it, it passes on the control to hackers
Security threats (2/2)
26. Hack Value
To evaluate the outcome for hacking something
Back door
Process of bypassing security and front gate and entering in the system from backdoor
Zero Day Attack
Hacking the application before patch is released
Def CON
They organize hackers conference
Important hacking terminologies
Trojans
a Trojan horse, or Trojan, is any malicious computer program which misleads users of its true intent
27. Important hacking terminologies - BOTNET
“ A network of private computers
infected with malicious software
and controlled by a master
computer as a group without the
owner's knowledge. “
● It can be simulated to do Denial of
Service attack. As each computer has
different IP and that can not be blocked.
28. Important hacking terminologies -
Social Engineering
● It’s a type of confidence trick for the purpose of information gathering, fraud, or
system access.
● Human behaviour also have some vulnerabilities and hackers never hesitate
exploiting that vulnerability.
“Social Engineering is an art of convincing a person to reveal
confidential information.”
● Eavesdropping
● Shoulder surfing
● Dumpster diving
● Baiting
● Phishing
● Spear phishing
Social Engineering techniques
29. “Kali Linux is a Linux distribution designed for digital
forensics and penetration testing. It has over 600 pre
installed applications for hacking, penetration
testing and digital forensics.”
● It is maintained and funded by Offensive Security Ltd.
● The earlier version of Kali Linux was known as BackTrack
● Kali Linux is developed using a secure environment with
only a small number of trusted people
Important hacking terminologies - KALI LINUX
30. “Deep web is the hidden part of World Wide Web, which
is not indexed by standard search engines and not
accessible with usual web browsers”
● There is no censorship on contents available on Deep web
● The usual search engine for deep web is Duck Duck go
● The usual domains on deep web ends with .onion instead of
.com
● The sites on deep web can only be accessed using TOR network
Important hacking terminologies - Dark Web
31. Important hacking terminologies - TOR
“Tor is free software for enabling anonymous communication. The
name is derived from an acronym for the original software project
name "The Onion Router"
● TOR stands for The Onion Router
● TOR is a browser to access dark web
● TOR makes it very hard to trace back the user
Tor is handy, but it's far from perfect. Don't think just because you're using Tor that you're perfectly
anonymous. Someone like the NSA can tell if you're a Tor user and that makes them more likely
to target you.
32. Important hacking terminologies - DOXING
“Doxing is a hacking practice where hacker searches the private
information posted on publicly accessible sites”
Searching for private or identifying information about a particular individual on the
Internet, typically with malicious intent.
● Name
● Contact details
● Date of Birth
● Your pet name
● Your favourite food
33. Important hacking terminologies - STEGANOGRAPHY
“Steganography is a technique of hiding an object (file, image or
video) behind another image, audio or video”
● Steganography is combination of greek words ‘steganos’ and ‘graphein’ meaning
‘concealing’ and ‘writing’
● A virus can also be hidden behind an image known as trojan
● It is almost undetectable until special softwares are used
● If you have original image and suspicious steganographic image then you can detect it by
comparing the size of files.
34. Important hacking terminologies - SPOOFING
Ex - instead of facebook.com you can trick someone by sending a link of faceb00k.com,
where if target enters the ID, password and you can write a code to get that detail.
● An email can be spoofed (site - www.emkei.cz)
● A call can be spoofed (site - www.crazycall.net)
● An SMS can be spoofed (site - www.spoofsms.com)
● IP can be spoofed
● DNS can be spoofed
“Spoofing is a technique to trick someone to get confidential
information or access ”
35. Important hacking terminologies - SQL INJECTION
● It is the most common hacking technique to
bypass the user authentication for weak
sites
● Developers should sanitize the user fields
and should not trust what user types in the
input field
“Sql injection is a code injection
technique in the user fields to hack into
the database.”
36. hacking - CAREER
&
CERTIFICATION
● The International Council of
Electronic Commerce
Consultants (EC-Council)
● The EC-Council is
headquartered in
Albuquerque, New Mexico.
● Its best-known certification
is the Certified Ethical
Hacker
37. Footprinting and Reconnaissance
Network scanning
Enumeration
Viruses and malwares
Sniffing
Social Engineering
Session hijacking
Denial of service
SQL Injection
System hacking
Website hacking
Network hacking
Web Server hacking
Wifi Hacking
Mobile hacking
what needs to be learnt - for hackers and Pen testers (...learn in
next videos )
Steganography and Cryptography Spoofing / Phishing Social Engineering