SlideShare a Scribd company logo

Introduction to Ethical Hacking pdf file

D
debmajumder741249

learning purpose

Education
1 of 31
Download to read offline
Introduction to Ethical Hacking ©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
What is Hacking? ©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
What is Hacking? Ethical Hacking is the protection of inter-connected systems, including hardware, software and data, from cyber attacks. White Hat Hacker Grey Hat Hacker Black Hat Hacker
Computer Security Threats • Computer Virus • Computer Worm • Scareware • Key logger • Adware • Malware • Backdoor • Trojan • Ransomware • Spyware
Goals of ethical Hacking • Protect the privacy of an Organization • Transparently report all the identified bugs/weaknesses/vulnerabilities to the organization. • Inform the vendors about the security measures and patches.
Skills Required by Ethical Hackers Operating Systems Programming Languages Networking
Tools Used by Ethical Hackers
Process of Ethical Hacking Reconnaissance Maintaining Access Scanning Gaining Access Reporting Clearing Tracks
Reconnaissance This is the first step of hacking. It is also called as Foot printing and information gathering phase. This is the preparatory phase where we collect as much as information as possible about these the target. We usually collect information about three groups: • Network • Host • People Involved
Scanning Three types of scanning are involved: Port scanning: This phase involves scanning the target for the information like open ports, live systems, various services running on the host. Vulnerability Scanning: Checking the target for the weakness or vulnerabilities which can be exploited. Usually done with the help of automated tools. Network Mapping: Finding the topology of network, routers, firewalls servers if any, and host information and drawing a network diagram with the available information. This map may serve as a valuable piece of information. This map may serve as a valuable piece of information throughout the hacking process.
Clearing Tracks No thief wants to get caught. An intelligent hacker always clears all the evidence so that in later point of time, no one will find any traces leading to him. This involves modifying/corrupting/deleting the values of logs, modifying registry values and uninstalling all the applications he used and deleting all folders he created.
Demonstration ©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
Ethical Hacking Across Domains At it’s core, Ethical Hacking occupies a prominent role in various verticals such as: • WebApplication Environment • Mobile Applications • And many more…
Web Application Domain Two Major Categories: • Client side vulnerabilities • Server side vulnerabilities All attacks can be categorized intro 3 major attacks: • Parameter Tampering • Unvalidated inputs • Directory TraversalAttacks
Web Application Domain Client Database Server Application Server example.com Attacker
Web Application Domain login Name: <script>alert("You are hacked")</script> Login Password: login Name: 'Union select * from users' Login Password: login Name: <iframe src="....org"></iframe> Login Password:
Common Web Application attacks • Injection Flaws eg. SQL injection, HTML injection, etc. • Cross site Scripting eg. Reflected, Stored, etc. • WebServices Attacks eg. DNS Cache Poising, File uploads etc.
Web Application Domain login: <script>alert(document.cookie)</script> password: subscribe: email: <script>code to mail him user information</script>
Hacking Methodology • WebFootprinting – Gathering Information • Vulnerability Scanners – w3af, Acunetix • Identify Entry Points and Attack surface
Example : SQL injections Victim Attacker Server Select * from users where user_id=‘admin’ and password=‘shadow’ Select * from users where user_id=‘blah’ or 1= 1-- and password=‘anything’
Mobile Domain The Mobile Device has become an inseparable part of life today. The attackers are easily able to compromise the mobile network because of various vulnerabilities, the majority of the attacks are because of the untrusted apps. The main operating systems used are: • Android • IOS • Windows • Blackberry
©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited Example: Android Libraries Applications Application Framework LinuxKernel Android Runtime
Types of Android Attacks • Untrusted APKs • SMS • Email • Spying • App sandboxing • Rooting
Example: Tap Jacking
Network Domain A network is an attempt to gain unauthorised access to an organisation’s network, with the objective of stealing data or perform other malicious activity. There are two main types of network attacks: • Passive: Attackers gain access to a network and can monitor or steal sensitive information, but without making any change to data, leaving it intact. • Active: Attackers not only gain unauthorised access but also modify data , either deleting, encrypting or otherwise harming it.
Types of Network Attacks Endpoint attacks – gaining unauthorised access to user devices, servers or other endpoints, typically compromising them by infecting them with malware. Malware attacks – infecting IT resources with malware, allowing attackers to compromise systems, steal data and do damage. These also include ransomware attacks. Vulnerabilities, exploits and attacks – exploiting vulnerabilities in software used in the organization, to gain unauthorised access, compromise or sabotage systems. Advanced persistent threats – These are complex multi-layered threats, which include network attacks but also other attack types.
Ransomware The WannaCry ransomware attack was a May 2017 worldwide cyberattack by the WannaCry ransomware cyrptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
Example : DDOS attack
Other Domains • Cloud Computing • IOT • Block chain • Edge Computing
Demonstration – SQL injection ©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited

Recommended

Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityparveen837153
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityparveen837153
 
Lec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesLec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesBilalMehmood44
 
Computer security
Computer securityComputer security
Computer securityMahesh Singh Madai
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptxANIKETKUMARSHARMA3
 

Recommended

Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityparveen837153
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityparveen837153
 
Lec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesLec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesBilalMehmood44
 
Computer security
Computer securityComputer security
Computer securityMahesh Singh Madai
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptxANIKETKUMARSHARMA3
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptxSohamChakraborty61
 
Cyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensiveCyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensivesidraasif9090
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKINGSweta Leena Panda
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicpiyushkamble6
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).pptGooglePay16
 
Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptxVIRAJDEY1
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityGeevarghese Titus
 
Lecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdfLecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdfAsmaaLafi1
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxEthical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxGovandJamalSaeed
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking pptNitesh Dubey
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Јаѓќеѕн Јажѕшаф
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxInfosectrain3
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Lecture 3.pptx
Lecture 3.pptxLecture 3.pptx
Lecture 3.pptxMuhammadRehan856177
 
Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxLigayaBacuel1
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 

More Related Content

Similar to Introduction to Ethical Hacking pdf file

Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptxSohamChakraborty61
 
Cyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensiveCyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensivesidraasif9090
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicpiyushkamble6
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).pptGooglePay16
 
Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptxVIRAJDEY1
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityGeevarghese Titus
 
Lecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdfLecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdfAsmaaLafi1
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxEthical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxGovandJamalSaeed
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking pptNitesh Dubey
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxInfosectrain3
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 

Similar to Introduction to Ethical Hacking pdf file (20)

Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
 
Cyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensiveCyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensive
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).ppt
 
Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptx
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Lecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdfLecture 3 Security terminologies.pdf
Lecture 3 Security terminologies.pdf
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxEthical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Lecture 3.pptx
Lecture 3.pptxLecture 3.pptx
Lecture 3.pptx
 

Recently uploaded

Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxLigayaBacuel1
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Romantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptxRomantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptxsqpmdrvczh
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationAadityaSharma884161
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 

Recently uploaded (20)

Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Romantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptxRomantic Opera MUSIC FOR GRADE NINE pptx
Romantic Opera MUSIC FOR GRADE NINE pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint Presentation
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 

Introduction to Ethical Hacking pdf file

  • 1. Introduction to Ethical Hacking ©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
  • 2. What is Hacking? ©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
  • 3. What is Hacking? Ethical Hacking is the protection of inter-connected systems, including hardware, software and data, from cyber attacks. White Hat Hacker Grey Hat Hacker Black Hat Hacker
  • 4. Computer Security Threats • Computer Virus • Computer Worm • Scareware • Key logger • Adware • Malware • Backdoor • Trojan • Ransomware • Spyware
  • 5. Goals of ethical Hacking • Protect the privacy of an Organization • Transparently report all the identified bugs/weaknesses/vulnerabilities to the organization. • Inform the vendors about the security measures and patches.
  • 6. Skills Required by Ethical Hackers Operating Systems Programming Languages Networking
  • 7. Tools Used by Ethical Hackers
  • 8. Process of Ethical Hacking Reconnaissance Maintaining Access Scanning Gaining Access Reporting Clearing Tracks
  • 9. Reconnaissance This is the first step of hacking. It is also called as Foot printing and information gathering phase. This is the preparatory phase where we collect as much as information as possible about these the target. We usually collect information about three groups: • Network • Host • People Involved
  • 10. Scanning Three types of scanning are involved: Port scanning: This phase involves scanning the target for the information like open ports, live systems, various services running on the host. Vulnerability Scanning: Checking the target for the weakness or vulnerabilities which can be exploited. Usually done with the help of automated tools. Network Mapping: Finding the topology of network, routers, firewalls servers if any, and host information and drawing a network diagram with the available information. This map may serve as a valuable piece of information. This map may serve as a valuable piece of information throughout the hacking process.
  • 11. Clearing Tracks No thief wants to get caught. An intelligent hacker always clears all the evidence so that in later point of time, no one will find any traces leading to him. This involves modifying/corrupting/deleting the values of logs, modifying registry values and uninstalling all the applications he used and deleting all folders he created.
  • 12. Demonstration ©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
  • 13. Ethical Hacking Across Domains At it’s core, Ethical Hacking occupies a prominent role in various verticals such as: • WebApplication Environment • Mobile Applications • And many more…
  • 14. Web Application Domain Two Major Categories: • Client side vulnerabilities • Server side vulnerabilities All attacks can be categorized intro 3 major attacks: • Parameter Tampering • Unvalidated inputs • Directory TraversalAttacks
  • 15. Web Application Domain Client Database Server Application Server example.com Attacker
  • 16. Web Application Domain login Name: <script>alert("You are hacked")</script> Login Password: login Name: 'Union select * from users' Login Password: login Name: <iframe src="....org"></iframe> Login Password:
  • 17. Common Web Application attacks • Injection Flaws eg. SQL injection, HTML injection, etc. • Cross site Scripting eg. Reflected, Stored, etc. • WebServices Attacks eg. DNS Cache Poising, File uploads etc.
  • 18. Web Application Domain login: <script>alert(document.cookie)</script> password: subscribe: email: <script>code to mail him user information</script>
  • 19. Hacking Methodology • WebFootprinting – Gathering Information • Vulnerability Scanners – w3af, Acunetix • Identify Entry Points and Attack surface
  • 20. Example : SQL injections Victim Attacker Server Select * from users where user_id=‘admin’ and password=‘shadow’ Select * from users where user_id=‘blah’ or 1= 1-- and password=‘anything’
  • 21. Mobile Domain The Mobile Device has become an inseparable part of life today. The attackers are easily able to compromise the mobile network because of various vulnerabilities, the majority of the attacks are because of the untrusted apps. The main operating systems used are: • Android • IOS • Windows • Blackberry
  • 22. ©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited Example: Android Libraries Applications Application Framework LinuxKernel Android Runtime
  • 23. Types of Android Attacks • Untrusted APKs • SMS • Email • Spying • App sandboxing • Rooting
  • 25. Network Domain A network is an attempt to gain unauthorised access to an organisation’s network, with the objective of stealing data or perform other malicious activity. There are two main types of network attacks: • Passive: Attackers gain access to a network and can monitor or steal sensitive information, but without making any change to data, leaving it intact. • Active: Attackers not only gain unauthorised access but also modify data , either deleting, encrypting or otherwise harming it.
  • 26. Types of Network Attacks Endpoint attacks – gaining unauthorised access to user devices, servers or other endpoints, typically compromising them by infecting them with malware. Malware attacks – infecting IT resources with malware, allowing attackers to compromise systems, steal data and do damage. These also include ransomware attacks. Vulnerabilities, exploits and attacks – exploiting vulnerabilities in software used in the organization, to gain unauthorised access, compromise or sabotage systems. Advanced persistent threats – These are complex multi-layered threats, which include network attacks but also other attack types.
  • 27. Ransomware The WannaCry ransomware attack was a May 2017 worldwide cyberattack by the WannaCry ransomware cyrptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
  • 28. Example : DDOS attack
  • 29. Other Domains • Cloud Computing • IOT • Block chain • Edge Computing
  • 30. Demonstration – SQL injection ©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited
  • 31. ©Great Learning. All Rights Reserved. Unauthorized use or distribution prohibited