1. The document introduces some essential terminology related to ethical hacking such as hack value, exploits, vulnerabilities, and different types of attacks.
2. It discusses the key elements of information security - confidentiality, integrity, availability, authenticity, and repudiation.
3. The document also covers types of hackers, hacking phases, skills required for an ethical hacker, and penetration testing.
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
Cyber security is the body of technologies , processes and practices designed to protect networks , computers , programs and data from attack , damage or unauthorized access . In a computing context , security includes both cyber security and physical security .
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
Cyber security is the body of technologies , processes and practices designed to protect networks , computers , programs and data from attack , damage or unauthorized access . In a computing context , security includes both cyber security and physical security .
Understanding Penetration Testing & its Benefits for OrganizationPECB
This topic will cover the most important part related the penetration testing and the importance of its implementation on the organization. Considering it as a good tool for companies to deal with information security vulnerabilities, it is becoming significant part for companies to develop it.
Main point that will be covered:
• Overview of Penetration Testing
• Purpose of Penetration testing and benefits
• What are the Rules of Engagement (White, Black and Grey Box Testing)
• Penetration Testing and Phases
Presenter:
Christie Oso is Managing Principal Information Security consultant and trainer at Intex IT. She is also responsible for Risk Management, Vulnerability Assessment, and Penetration Testing. She holds certification on CISSP, CISM, CEH, ISO 27001 LA, ISO 27005 Risk Manager,
Link of the recorded session published on YouTube: https://youtu.be/lyqOJmC94vg
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
This presentation contains Introduction of Phishing attack, its types and Various techniques, their impact with real live example, after that its Avoidance, Prevention and Solution. Also it contains brief introduction of SSL and HTTPS with their working.
Ethical hacking is the art of legally exploiting the security weaknesses to steal confidential/personal information from an individual or organization’s network.
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
E. Andrew Keeney presented CyberSecurity (Emerging Threats) at The Credit Union League of Connecticut's Compliance Series: Social Media Compliance Risks on February 10, 2015.
Cyber crime & security
If we can defeat them sitting at home……who needs to fight with tanks and guns!!!!
Introduction
Cyber Crime
- What Is Cyber Crime?
- Types Of Cyber Crime
Cyber Security
- What Is Cyber Security?
- Top Seven Cyber Safety Actions
- Cyber Safety At Work & Home
Coclusion
INRTODUCTION
This tutorial provides some basic information about “Cyber Crime” and practical suggestions for protecting your personal information and computer from cyber-attacks i.e. “Cyber Security”!!!
What Is Cyber Crime ?
Cybercrime is nothing but where the computer used as an object or subject of crime!
Crime committed using a computer and the internet to steal a person’s identity!!
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxSharmilaMore5
Unit 1: Introduction to Cyber Security and various challenges in cyber security
1.1. Overview of Cyber Security,
1.2. Internet Governance – Challenges and Constraints,
1.3. Cyber Threats: - Cyber Warfare-Cyber Crime-Cyber Terrorism-Cyber Espionage,
Understanding Penetration Testing & its Benefits for OrganizationPECB
This topic will cover the most important part related the penetration testing and the importance of its implementation on the organization. Considering it as a good tool for companies to deal with information security vulnerabilities, it is becoming significant part for companies to develop it.
Main point that will be covered:
• Overview of Penetration Testing
• Purpose of Penetration testing and benefits
• What are the Rules of Engagement (White, Black and Grey Box Testing)
• Penetration Testing and Phases
Presenter:
Christie Oso is Managing Principal Information Security consultant and trainer at Intex IT. She is also responsible for Risk Management, Vulnerability Assessment, and Penetration Testing. She holds certification on CISSP, CISM, CEH, ISO 27001 LA, ISO 27005 Risk Manager,
Link of the recorded session published on YouTube: https://youtu.be/lyqOJmC94vg
Cyber Security introduction. Cyber security definition. Vulnerabilities. Social engineering and human error. Financial cost of security breaches. Computer protection. The cyber security job market
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
This presentation contains Introduction of Phishing attack, its types and Various techniques, their impact with real live example, after that its Avoidance, Prevention and Solution. Also it contains brief introduction of SSL and HTTPS with their working.
Ethical hacking is the art of legally exploiting the security weaknesses to steal confidential/personal information from an individual or organization’s network.
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
E. Andrew Keeney presented CyberSecurity (Emerging Threats) at The Credit Union League of Connecticut's Compliance Series: Social Media Compliance Risks on February 10, 2015.
Cyber crime & security
If we can defeat them sitting at home……who needs to fight with tanks and guns!!!!
Introduction
Cyber Crime
- What Is Cyber Crime?
- Types Of Cyber Crime
Cyber Security
- What Is Cyber Security?
- Top Seven Cyber Safety Actions
- Cyber Safety At Work & Home
Coclusion
INRTODUCTION
This tutorial provides some basic information about “Cyber Crime” and practical suggestions for protecting your personal information and computer from cyber-attacks i.e. “Cyber Security”!!!
What Is Cyber Crime ?
Cybercrime is nothing but where the computer used as an object or subject of crime!
Crime committed using a computer and the internet to steal a person’s identity!!
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxSharmilaMore5
Unit 1: Introduction to Cyber Security and various challenges in cyber security
1.1. Overview of Cyber Security,
1.2. Internet Governance – Challenges and Constraints,
1.3. Cyber Threats: - Cyber Warfare-Cyber Crime-Cyber Terrorism-Cyber Espionage,
Four User Insight Techniques in 60 minutes
Beyond asking users to play with your prototype or product how do you get meaningful feedback to influence your design? This talk was from an interactive Meetup about how to gather deeper information from users. We started with a quick introduction of four techniques of gathering information: observation, talk out loud, contextual inquiry, and storytelling. Then volunteers from the audience practiced these four techniques with a volunteer user using a real product from a local startup. We discussed how these methods gave triangulation and depth to what could be learned in interviews. There are MANY tools for gathering insight; these four are good ones to add to your toolkit.
Usable security it isn't secure if people can't use it mwux 2 jun2012Darren Kall
This is one of a pair of talks. This one encourages the UX community to get involved in security products and security aspects. It outlines how UX skills can help make security more secure by making it more usable. It challenges the UX community to adopt "security thinking" because it stretches the traditional boundaries of UX focus. Security products and security issues do not get enough attention from user experience. Yet user experience is at the root cause of many, if not most, security issues. The weakest link in security is not technology but the gap between technology and people. The developer, IT implementer, administrator, and end-user each create vulnerabilities if the system wasn’t designed to be usable for each of them. Technology, policies, management and metrics all improve with a user-centric approach that merges development, security implementation and monitoring with usability. It isn't secure if people can't use it. ™
Ever tried to send an encrypted email? Who knows what all this "certificate warnings" in Firefox/Chrome are about? Do you know when your WiFi is secure, and when not?
Security and usability are two parameters which are often played out against each other when it comes to designing and developing software. In my opinion that should not be the case.
Talk written in partnership with Guy Podjarny
When a user opens Facebook, he wants to post a picture. When she logs into her bank, she wants to see her balance. For our users, security is not front of mind. If it gets in their way – they’re likely to look for a shortcut or skip it entirely. And yet, we consistently push security decisions to users, ranging from passwords to security warnings, usually resulting in an experience that’s neither usable nor secure.
This talk shares examples that aspire to solve the problem, best practices, and discusses how to provide a secure experience that doesn’t alienate users.
Surviving the trainwreck andrew hackman full_3Andrew Hackman
We all know how much can be learned from a great user test. This talk will give you advice learned from years of not-so-great user tests about how to make the best out of the worst that user testing can throw at you.
Presented by Jay Kumar Kamala - Epinion Vietnam
This slideshow is from a presentation at the M2 Marketing & Media events in Ho Chi Minh City, Vietnam organized by ITV-Asia.com and VietnamBusiness.TV
To see videos from the events, interviews with speakers and to get information on upcoming M2 - Marketing & Media Network events please visit VietnamBusiness.TV
Ethical Hacking Concepts and Scopes, Threats and Attack Vectors, Information Assurance, Threat Modelling
Enterprise Information Security Architecture, Vulnerability
Assessment and Penetration Testing
Types of Social Engineering, Insider Attack, Preventing Insider
Threats, Social Engineering Targets and Defence Strategies
ETHICAL HACKING AND SOCIAL ENGINEERING
Topics Covered: Ethical Hacking Concepts and Scopes, Threats and Attack Vectors, Information Assurance, Threat Modelling, Enterprise Information Security Architecture, Vulnerability, Assessment and Penetration Testing, Types of Social Engineering, Insider Attack, Preventing Insider Threats, Social Engineering Targets and Defence Strategies
Top 20 cyber security interview questions and answers in 2023.pdfAnanthReddy38
Here are 20 commonly asked cybersecurity interview questions along with their answers:
What is the difference between authentication and authorization?
Authentication is the process of verifying the identity of a user, system, or device, while authorization is the process of granting or denying access to specific resources or actions based on the authenticated user’s privileges.
What is a firewall, and how does it work?
A firewall is a network security device that monitors and filters network traffic based on predefined security rules. It acts as a barrier between internal and external networks, allowing or blocking traffic based on the configured rules.
What are the common types of malware, and how do they work?
Common types of malware include viruses, worms, Trojans, ransomware, and spyware. Malware typically infiltrates systems through various means and executes malicious actions, such as stealing data, corrupting files, or gaining unauthorized access.
What is encryption, and why is it important in cybersecurity?
Encryption is the process of converting data into a form that can only be read by authorized parties. It ensures that sensitive information remains secure during storage, transmission, and processing, preventing unauthorized access or tampering.
Explain the concept of “defense in depth.”
Defense in depth is a cybersecurity strategy that employs multiple layers of defense mechanisms to protect systems and data. It involves implementing various security controls at different levels, such as network, host, application, and data, to create overlapping layers of protection.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
2. ESSENTIAL TERMINOLOGY
1. Hack Value: It is the notion among hackers that something doing is interesting or
worthwhile.
2. Exploit: A piece of software that takes advantages of a bug, glitch or vulnerability that
leads to unauthorized access, privilege escalation or denial of service on computer
systems and networks.
3. Vulnerability: Existence of software flaw, logic design or implementation error that
could lead an operation system or an application to attack or misuse.
4. Target of Evaluation: An IT system, product or network that is the subject of security
analysis or attacks.
3. ESSENTIAL TERMINOLOGY
5. Zero Day attacks: A computer threats that tries to exploit computer system
vulnerabilities that are undisclosed to others or undisclosed to the software developers
6. Daisy Chaining: Hackers who get away with database theft usually complete their task,
then backtrack to cover their tracks by destroying logs etc.
9. Attacks: An action or an event that might compromise security.
10. Threat: An environment or a situation that might lead to potential breach of security.
4. ELEMENTS OF
INFORMATION SECURITY
Security is a state of well being of information and infrastructure in which the possibility
of theft, tampering and disruption of information and services is kept low or tolerable. It
relies upon the five major elements of information security.
1. Confidentiality: Confidentiality is the assurance that the information is accessible only to
those authorized to have access. Confidentiality breaches may occur due to improper data
handling or hacking attempt.
2. Integrity: Integrity is the trustworthiness of data and resources in terms of preventing
improper and unauthorized changes the assurance that the information can be relied upon
to be sufficiently accurate for its purpose.
5. ELEMENTS OF
INFORMATION SECURITY
3. Availability: Is the assurance that the system responsible for delivering, storing or
processing information is available to authorized users when required.
4. Authenticity: Authenticity refers to characteristics of a communication, document or any
data that ensures the quality of being genuine and not corrupted from the original. Major
roles of authentication includes that the user is claiming he or she to be, this is done by
biometrics or smart cards, digital certificates etc.
5. Repudiation: Refers to ensure that the party to a contract or a communication cannot
later deny the authenticity of their signature on a document or sending the message that
their originated. It is a way to guarantee that the sender of the message cannot later deny
having sent the message and the recipient cannot deny having received the message.
6. THE SECURITY, FUNCTIONALITY
AND USABILITY TRIANGLE
Level of Security in any system can be defined by the strength of the three components:
Security(Restrictions)
Moving the ball towards security means
less of other two.
Functionality(Features) Usability(GUI)
7. TOP INFORMATION SECURITY
ATTACKS VECTOR
Attack vector is a path or mean by which an attacker can gain access to information system
to perform malicious activities.
The following are the possible top attacks vector from which an attacker can attack
information system:
Virtualization and
cloud computing
Organized cyber
crime
Unpatched
software
Targeted Malwares
Botnets
8. TOP INFORMATION SECURITY
ATTACKS VECTOR
Compliance to
Government laws
and regulations
Network
Applications
Lack of cyber
security
professionals
Mobile device
security
Complexity of
Computer
Infrastructure
Hacktivism
Internal Threats
9. Attack • Attacks=Motives(Goal)+Method+ Vulnerability.
Goals
• Disrupting business continuity, information theft, data
manipulations, or taking revenge.
Motives• Something Valuable-Data or Money
Objectives• Exploit vulnerabilities
MOTIVES, GOALS AND OBJECTIVES OF
INFORMATION SECURITY ATTACKS
10. Natural Threats
• Natural Disaster
• Flood
• Famines
• Earthquakes
• Hurricanes
Physical Threats
• Loss of damage of
system resources
• Physical Intrusion
• Sabotage, espionage and
errors
Human Threats
• Hackers
• Insiders
• Social Engineering
• Lack of Knowledge and
Awareness
INFORMATION SECURITY
THREATS
Information Security Threats are broadly classified into three categories:
11. Network Threats
• Information Gathering
• Sniffing and Spoofing
• Session Hijacking
• ARP Poisoning
• DOS and SQL Injection
Attacks
• MITM Attacks
Host Threats
• Malware Attacks
• Password Attacks
• Unauthorized access
• DOS Attacks
• Privilege Escalation
• Password Attacks
Application Threats
• Buffer Overflow
• Auditing and Logging
Issues
• Information Disclosure
• Cryptography Attacks
INFORMATION SECURITY
THREATS
12. INFORMATION WARFARE
Information Warfare or Info-War refers to the use of Information and Communicative
technologies(ICT) to take competitive advantages over an opponent.
1. Defensive Information warfare: refers to all the strategies and actions to defend against
attacks on ICT Assets.
2. Offensive Information warfare: refers to information warfare that involves attacks
against ICT assets over an opponent.
13. IPV6 SECURITY THREATS
Compared to IPv4, IPv6 has an improved security mechanism that assures a higher level
of security and confidentiality for the information transferred over a network.
However , IPv6 is still vulnerable. It still possesses information security threats that include.
1. Auto configuration threats
2. Unavailability Reputation based protection
3. Incompatibility logging systems
4. Rate Limiting Problem
5. Default IPv6 activation
6. Complexity of Network Management tasks
14. IPV6 SECURITY THREATS
7. Complexity in Vulnerability Assessment
8. Overloading of Perimeter Security controls
9. IPv4 to IPv6 Translation Issues
10. Security Information and Event Management (SIEM) problems
11. Denial of Services(DOS)
12. Trespassing
15. HACKING VS ETHICAL HACKING
Hacking: Hacking refers to exploitation and exploration of computer software or
hardware to gain unauthorized access to perform malicious activities.
Ethical Hacking: Ethical Hacking refers to exploration and exploitation of the computer
software and hardware to make it more secure and ease of use.
16. Rep
utati
on
Business Loss
Loss Of Revenues
Compromise Information
EFFECTS OF HACKING ON
BUSINESS
Theft of Customers Personal Information
Hacking used to steal and distribute data
Botnet can be used to launch DDos leading to business
Downtime
Attackers may steal corporate information and sell
To competitors and leak info to rivals
17. WHO IS A HACKER?
A hacker is a person who illegally break into system or network without any authorization
to steal or destroy sensitive data or to perform malicious attacks. Hackers may be motivated
by a multitude of reasons:
1. Intelligent individuals with excellent computer skills with the ability to explore into the
computer software and hardware.
2. For some hackers hacking is a hobby to see how many computer systems or network they
can compromise.
3. Their intention can either be to gain knowledge or to poke around to do illegal things.
4. Some hack with malicious intent such as stealing business data, credit card information,
social security numbers, email password, etc.
18. HACKER CLASSES
1. Black Hat: Individuals with excellent computer skills who resort to malicious activities
are also known as crackers.
2. White Hat: Individuals professing hackers skills and using them for defensive purposes
are know as security consultants.
3. Grey Hat: Individuals who work both offensively and defensively at various times.
4. Suicide Hackers: Individuals who aim to bring down critical information for a cause and
are not worried about facing 30 years in jail for their actions.
19. HACKER CLASSES
5. Script Kiddies: Individuals who depend on other hacking skills or tools. Unskilled
hackers.
6. Spy Hackers: Hackers who are employed by the organization to spy on their competitors
and gain trade secrets.
7. Cyber Terrorists: Group with religious or political motives to create fear by large scale
disruption of computer networks.
8. State Sponsored Hackers: Hackers employed by the government to penetrate and gain
top-secret information and to damage information systems of other governments.
20. HACKTIVISM
Hacktivism is an act of promoting political agenda by hacking, especially by defacing or
disabling websites.
It thrives in the environment where information is easily accessible.
Aims at sending a message through their hacking activities and gain visibility for a cause.
Common targets include government agencies, multinational corporations or any other
entity perceived as bad or wrong be these group of individuals.
22. Operating System
Attacks
• OS vulnerabilities
Application Level
Attacks
• No Complete Testing
Misconfiguration
attacks
• Default Setting or Misconfigured
Shrink Wrap Codes
Attacks
• Default Scripts (Vulnerabilites)
TYPES OF ATTACKS ON A SYSTEM
There are several ways an attacker can attacks information system. The attacker must be
able to exploit a weakness or vulnerability in a system.
24. VULNERABILITY
RESEARCH
Vulnerability Research is the process of discovering vulnerabilities and design flaw that will
open and operating system and its application to attack or misuse.
Vulnerabilities are classified based on severity level(low, medium or high) and exploit range
(local or remote)
An administration needs vulnerability research:
1. To gather information about security treads, threats and attacks
2. To find weakness and alert the network administrator before a network attack
3. To get information that help to prevent security problems
4. To know how to recover form a network attack.
25. PENETRATION TESTING
Penetration Testing is a method of completely evaluating the security of an information
system or network by simulating an attack from malicious source.
Types of Penetration testing:
1. Black box testing: no knowledge of the computer infrastructure and network.
2. White box testing: complete knowledge
3. Grey box testing: partial knowledge
26. “IF YOU KNOW YOURSELF BUT NOT YOUR
ENEMY, FOR VERY VICTORY GAINED YOU
WILL ALSO SUFFER A DEFEAT”
-Sun Tzu
(Art of War)