This document discusses information security, ethical hacking, and cybercrime. It defines information security as protecting information and systems from unauthorized access. It explains that ethical hacking involves legally testing networks for vulnerabilities to evaluate security measures. The document also outlines various types of cybercrimes like phishing, SQL injection, and malware attacks. It notes that demand for information security professionals is growing due to increasing cyber threats facing organizations.
4. Ethical Hacking
• To understand the world of hacking learn Hack Simulation
Game as : Follow a map, Choose the Server to enter in a
system, Crack the password and within a time limit garb the
information, send virus, delete/steal files before you are
tracked down.
• Many security experts encourage organizations to hire ethical
hackers to test their networks. Pathfinder aims to grab these
for you.
• Ethical Hacking Organizations are increasingly, evaluating
the success or failure of their current security measures
through use of ethical hacking processes and techniques.
6. India Ranks 5 in Reporting Cyber
Crime Cases
India ranks fifth among countries reporting the maximum number of
cyber crimes, as the latest report released by Internet Crime Complaint
Centre of the United States.
Cyber crimes record 50% rise in India.
The United States led the tally of victims complaints, while India
remained at fifth by reporting 0.36% of the global complaints received
at IC3 which was about 1,000 complaints, the data said.
Majority of the fraudsters on the information highway, this year,
resorted to the trick of selling products online but not delivering it to
buyers who had already made payments.
It remained the most adopted method to cheat during the year with
33% of internet crimes of this nature being reported, according to the
report.
7. Recent Cyber Cases
• Andhra Pradesh Govt websites hacked on Feb 17, 2012, Some
Bangladeshi hacking groups are suspected to be behind the
incident.
• Trinamool Congress website hacked by Bangladeshi hackers
on 15 Feb 2012.
• Online store of Microsoft India was hacked by Chinese
Hackers on 13 Feb 2012.
• 5 Million of Android phone infected by virus
The malware is embedded into various apps in the Android
Market and once downloaded, launch services that send
information from the device, such as MAC Address, SIM
Serial, IMEI, and IMSI, back to the malicious host.
13. How Windows NT Save User Password
Lets See
New user when creating an account on
windows
Like a user name : (Sheela)
password : (barbie.doll)
Password
convert in
to
Hashes
It will stored on SAM in hashes formats you can not
read , rename or delete .
14. Oph crack his
own data base
of hashes and
their
coresponding
charactrs
Password is
stored in form of
hashes
hsinamgria
Windows Password Cracked by Booting the Computer
from the Windows Live Disk
Matching
password with his
own database
OPH crack example
18. Session High Jacking
In computer science, session hijacking is the exploitation of a
valid computer session—sometimes also called a session key—to
gain unauthorized access to information or services in a computer
system. In particular, it is used to refer to the theft of a magic
cookie used to authenticate a user to a remote server. It has
particular relevance to web developers, as the HTTP cookies used
to maintain a session on many web sites can be easily stolen by an
attacker using an intermediary computer or with access to the
saved cookies on the victim's computer ( HTTP cookie theft).
• Facebook session high jacking
• Orkut session high jacking
19. MS Windows Link File CVE-2010-2568
• This attack could pose a serious security threat. You should
take immediate action to stop any damage or prevent further
damage from happening. Description
• This signature will detect attempts to exploit a remote code
execution vulnerability in Microsoft Windows Shortcut 'LNK'
Files.
• Microsoft Windows is prone to a vulnerability that may allow a
file to automatically run because the software fails to handle
'LNK' files properly.
Microsoft Windows Attack
Method 1
20. • Specifically, the issue occurs when loading the icon of a
shortcut file. A specially crafted 'LNK' file can cause Windows
to automatically execute code that is specified by the shortcut
file.
• NOTE: This issue is being exploited in the wild as malware
W32.Temphid.
This issue affects Microsoft Windows XP, Windows Vista,
Windows 7, Windows Server 2003, and Windows Server 2008.
Microsoft Windows Attack
Method 1 cont.….
21. Microsoft Windows Attack
Method 2
Meta sploit Attack
Microsoft windows shell code execution
exploit/windows/browser/ms10_046_shortcut_icon_dllloader
Description:
This module exploits a vulnerability in the handling of Windows
Shortcut files (.LNK) that contain an icon resource pointing to a
malicious DLL. This module creates a WebDAV service that can
be used to run an arbitrary payload when accessed as a UNC path
30. Steganography
Steganography (computer science) The art and science of hiding a message in a
medium, such as a digital picture or audio file.
is the hiding of a secret message within an ordinary message and the extraction
of it at its destination
35. Become A Security Expert
• Cyber security professional
• Information Security Professional
• IS Executive
• Information System Auditor
• Security Advisors
• Software developers
• IT specialists
• IT system executives
• IT consultants
• Assistant Software Engineer
• Software Test Engineer
• R&D Executive
• Security Consultant
• System Engineer
• Network Engineer
• Network Administrator and many more…sector.
The Appin Pathfinder prepares you for numerous career opportunities. If you've ever
wondered what you can become, here are some answers.
These are the career profiles chosen by students immediately after their schools and are
earning huge packages despite of their age and less experience. Thousands of our students
have been placed with many top companies in IT and security