Downloaded 32 times
Uploaded byRashad Aliyev
Introduction to Information security
This document introduces information security topics. It discusses hackers and different types, vulnerabilities and how they work, footprinting and scanning techniques, and bug bounty programs. It also describes a penetration testing website that allows users to plan, perform exploits, generate reports, and view results. Useful links are provided for hands-on exercises in cross-site scripting, web application hacking, and cybersecurity competitions.
More Related Content
Similar to Introduction to Information security
Introduction to Information security
- 1. Introduction to Information security RashadAliyev Valencia, Spain 15.12.2015 Keywords: InfoSec, Cyber Secyrity, PenTest, Penetration Testing, Network testing, bug bounty
- 2. Introduction to Informationsecurity Hack • Hacked site • Hacker • Hacktivism • Vulnerabilities How it works • Footprinting • Scanning Bug Bounty PENTESTON.COM • What we do • Plans
- 3. Azerbaijan Rashad Aliyev, Introductionto Information security Bounded by the • Caspian sea • Russia • Georgia • Iran • Turkey Language: Azerbaijani Capital: Baku Population: 9,624,900 Currency: Manat
- 4. Rashad Aliyev Zend CertifiedEngineer (PHP) Work areas: WEB Programming, Information Security, Hosting , IT Events organisation Organised: Hackathons, CTF competion, Mobile app competitions Teacher: Internet programming, Database systems, Information Security Rashad Aliyev, Introduction to Information security
- 5. HACK? Hacked site, Hackeror Script kiddie …?
- 6. Hacked site Sample http://viajesvuelos.es/king.htm zone-h Rashad Aliyev,Introduction to Information security
- 7. Hacker? Who is hacker? BlackHat Individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also known as crackers White hats Individuals professing hacker skills and using them for defensive purposes and are also known as security analysts. Gray hats Individuals who work both offensively and defensively at various times. Suicide hackers Individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing jail terms or any other kind of punishment. Rashad Aliyev, Introduction to Information security
- 8. Hacker? Who is hacker? Scriptkiddies An unskilled hacker who compromises system by running tools, scripts, software developed by real hacker. Spy hacker Individuals employed by the organization to penetrate and gain trade secretes of the competitor. Cyber Terrorists Individuals with wide range of skills motivated by religious or political benefits to create fear by large scale disruption of computer networks. State Sponsored Hackers Individuals employed by the government to penetrate and gain top- secrete information and to damage information systems of other governments. Rashad Aliyev, Introduction to Information security
- 9. Hacktivism Rashad Aliyev, Introductionto Information security
- 10. Vulnerabilities Starting 1989 aftermorris worm virus DARPA establish the CERT-the Computer Emergency Response Team-at the Software Engineering Institute at Carnegie Mellon University for finding and getting announce peoples about vulnerabilities. 1.Vulnerability 2.Exploit 3.Solution • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5999 • http://www.securityfocus.com/bid/77588/info • https://www.exploit-db.com/exploits/38707/ Rashad Aliyev, Introduction to Information security
- 11. How it works? Collecting,preparing, attack…
- 12. Footprinting 1.Pipl 2.Social engineering 3.Job sites 4.Website (technology) 5.Whois 6.Archive 7.http://www.googleguide.com/advanced_operators_reference.html 8.GHDB Internet, Social engineering collecting… Rashad Aliyev, Introduction to Information security
- 13. Scanning 1.nmap 2.Acunetix 3.Nessus 4.OWASP ZAP Rashad Aliyev,Introduction to Information security
- 14. Bug Bounty You findsome vulnerability…
- 15. Bug Bounty https://bugcrowd.com/list-of-bug-bounty-programs https://hackerone.com/ http://en.wooyun.org/ Rashad Aliyev,Introduction to Information security
- 16. PENTESTON.COM What we do, Plans …
- 17. WWW.PENTESTON.COM 1 Site for Penetrationtesting Site ONLINE Rashad Aliyev, Introduction to Information security
- 18. Site for Penetrationtesting 1 Planning Foot printing Exploiting WWW.PENTESTON.COM - - - Reporting- Rashad Aliyev, Introduction to Information security
- 19. Site Structure 1 Rashad Aliyev,Introduction to Information security
- 20. Features 2 Reporting - Generate Report -Compare Reports Exploiting - Send attack result Foot printing - Upload scan result - Send bug - View resultsPlanning - Penetration tests Member - Google Open ID 01 02 03 04 05 Rashad Aliyev, Introduction to Information security
- 22. Useful links 1.https://xss-game.appspot.com 2.OWASP WebGoatProject http://webgoat.github.io/ 3.http://cyberlympics.org/ Rashad Aliyev, Introduction to Information security
- 23.
- 24. Rashad Aliyev Universitat Politècnicade València rashad@aliev.info @alievinfo Thank you
Editor's Notes
- #8 Black Hats Black hats are individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also known as crackers. These individuals mostly use their skills for only destructive activities, causing huge losses for companies as well as individuals. They use their skills in finding vulnerabilities in the various networks including defense and government websites, banking and finance, etc. Some do it to cause damage, steal information, destroy data, or earn money easily by hacking IDs of bank customers. White Hats White hats are individuals who possess hacking skills and use them for defensive purposes; they are also known as security analysts. These days, almost every company has security analysts to defend their systems against the malicious attacks. White hats help companies secure their networks from outside intruders. Gray Hats Gray hats are the individuals who work both offensively and defensively at various times. Gray hats fall between white and black hats. Gray hats might help hackers by finding various vulnerabilities of a system or network and at the same time help vendors to improve products (software or hardware) by checking limitations and making them more secure, etc. Suicide Hackers Suicide hackers are individuals who aim to bring down critical infrastructure for a "cause" and are not worried about facing 30 years in jail for their actions. Suicide hackers are closely related to suicide bombers, who sacrifice their life for the attack and are not concerned with the consequences of their actions. There has been a rise in cyber terrorism in recent years.
- #9 Script Kiddies Script kiddies are the unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers. They utilize small, easy-to-use programs or scripts as well as distinguished techniques to find and exploit the vulnerabilities of a machine. Script kiddies usually focus on the quantity of attacks rather than the quality of the attacks that they initiate. Spy Hackers Spy hackers are individuals who are employed by an organization to penetrate and gain trade secrets of the competitor. These insiders can take advantage of the privileges they have to hack a system or network. Cyber Terrorists Cyber terrorists could be people, organized groups formed by terrorist organizations, that have a wide range of skills, motivated by religious or political beliefs, to create fear by large-scale disruption of computer networks. This type of hacker is more dangerous as they can hack not only a website but whole Internet zones State Sponsored Hackers State sponsored hackers are individuals employed by the government to penetrate and gain top-secret information and to damage information systems of other governments.
- #10 Hacktivism is an act of promoting a political agenda by hacking, especially by defacing or disabling websites. The person who does these things is known as a hacktivist. - Hacktivism thrives in an environment where information is easily accessible - It aims to send a message through hacking activities and gain visibility for a cause. - Common targets include government agencies, multinational corporations, or any other entity perceived as “bad" or ”wrong” by these groups or individuals. - It remains a fact, however, that gaining unauthorized access is a crime, no matter what the intention is. - Hacktivism is motivated by revenge, political or social reasons, ideology, vandalism, protest, and a desire to humiliate victims.