Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka

Cybersecurity Certification Course www.edureka.co/cybersecurity-certification-training

Why we need Cyber Security?
What is Cyber Security?
The CIA Triad
Vulnerability, Threat and Risk
Cognitive Cyber Security
Agenda

A Digital Era

Golden Age for Data Exploits

Cyber Threats
Phishing
Malware
Password Attacks
Maladvertising
Man In the Middle
Drive-By Downloads
Rogue SoftwareDDoS

History of Cyber Attacks
Cyber-threats are not only increasing by the year, but they are becoming harder to recognise and also evolving
with time so they can easily by pass normal anti-viruses

Cyber Security
Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from
cyberattacks.

Protect Against What?
Unauthorised Deletion
Unauthorised Access
Unauthorised Modification

The CIA Triad
Confidentiality Integrity Availability

Attacks on CIA
o Cracking Encrypted Data
o Man In The Middle
attacks on plain text
o Data leakage/
Unauthorised copying of
sensitive data
o Installing
Spyware/Malware on a
server
o Web Penetration for
malware insertion
o Maliciously accessing
servers and forging
records
o Unauthorised Database
scans
o Remotely controlling
zombie systems
o DOS/DDoS attacks
o Ransomware attacks –
Forced encryption of Key
data
oDeliberately disrupting a
server rooms power
supply
o Flooding a server with
too many requests
Confidentiality Integrity Availability

Steps to Fix a Crime
Analyse and Evaluate
Treat
Identify

Vulnerability, Threat & Risk
o Vulnerability refers to the
weakness of an asset that
can be exploited by one or
more attacker
o In context of cyber world,
vulnerability refers to a
bug/ defect in hardware
or software which
remains to be fixed and is
prone to be exploited to
cause a damage to one of
the elements within CIA
triad
o Risk refers to the
potential for loss or
damage when a threat
exploits a vulnerability
o Risk = Threat x
Vulnerability
o Risk management is key
to cybersecurity
o A threat is any event that
has the potential to bring
harm to an organisation
or individual
o Natural Threats,
Intentional Threats,
Unintentional threats
o Threat assessment
techniques are used for
understanding threats.
THREAT
Vulnerability Threat Risk

Meet Bob

Activity Response System
People Processes
Activity Response System

Cyber Attack

Security Information and Event Management
SIEM

Threat Intelligence Software
Threat
Intelligence
Software

Patching
Step 1 for Debugging

Without Cyber Security

What is Cryptography?
Classification of Cryptography
How Various Cryptographic Algorithms Works?
Agenda of Today’s Session
Scenario: What is Cryptography?
Demo: RSA Cryptography

Cybersecurity Certification Training www.edureka.co/blockchain-training
Communicating over Internet
Hey Sam! How are you?
Hey Sam! Lend
me $100 Please
Andy Sam

Hey Sam! Lend
me $100 Please
Andy Sam
Eaves
Sending message over the network connection

What is Cryptography?
Message
1034259
1034259
110340082
E
110340082
D 1034259 Or Error
Cybersecurity refers to a set of techniques used to protect the integrity of networks,
programs and data from attack, damage or unauthorized access

Enters Cryptography
2806793004
Error
560213
2806793001
2806793004
Sending message over Cryptographically secure network

Classification of Cryptography
Cryptography
Symmetric key
Cryptography
Asymmetric Key
Cryptography
Classical
Cryptography
Modern
Cryptography
Transposition
Cipher
Substitution
Cipher
Stream Cipher Block Cipher

Copyright © 2018, edureka and/or its affiliates. All rights reserved.
Symmetric Key
Cryptography
Let’s talk about
Symmetric key
cryptography to
begin with

Symmetric Key Cryptography
‘
Secret key Secret key
Same key
‘
Plain Text
Plain TextCipher Text
An encryption system in which the sender and receiver of a message
share a single, common key that is used to encrypt and decrypt the
message. ... The most popular symmetric-key system is the
Data Encryption Standard (DES)

Transposition
Cipher
Alright, let’s discuss
the subset of classical
cryptography. We’ll
start with
Transposition cipher

Transposition Cipher
1 2 3 4 5 6
M E E T M E
A F T E R P
A R T Y
4 2 1 6 3 5
T E M E E M
E F A P T R
Y R A T
In cryptography, a transposition cipher is a method of encryption by which the positions
held by units of plaintext (which are commonly characters or groups of characters) are
shifted according to a regular system, so that the ciphertext constitutes a permutation of
the plaintext
Plain Text: MEET ME AFTER PARTY
Cipher Text: TEMEEMEFAPTRYRAT
Key Used: 421635

Substitution
Cipher
Next, we’ll talk about
the 2nd type of
classical cryptography
which is Substitution
Cipher

Substitution Cipher
Method of encrypting by which units of plaintext are replaced with
ciphertext, according to a fixed system; the "units" may be single letters
(the most common), pairs of letters, triplets of letters, mixtures of the
above, and so forth
ROT13 is a Caesar cipher, a type of
substitution cipher. In ROT13 alphabet is
rotated 13 steps
Plaintext Alphabet:
Ciphertext Alphabet:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ZEBRASCDFGHIJKLMNOPQTUVWXY
Keyword: Zebras
A message of: flee at once. We are discovered!
enciphers to: SIAA ZQ LKBA. VA ZOA RFPBLUAOAR!
SIAAZ QLKBA VAZOA RFPBL UAOAR

Stream
Cipher
Having discussed the
classical
cryptography, next we
have modern
start with Stream
Cipher

Stream Cipher
A symmetric or secret-key encryption algorithm that encrypts a
single bit at a time. With a Stream Cipher, the same plaintext bit or
byte will encrypt to a different bit or byte every time it is encrypted
+ +
Key
K
Key
K
Encryption
Ciphertext
byte stream
C
Plain
byte stream
MDecryption
Pseudorandom byte
generator
(key stream generator)
Pseudorandom byte
generator
(key stream generator)
Plain
byte stream
M

Block
Cipher
Having discussed the
classical
cryptography, next we
have modern
start with Stream
Cipher

Block Cipher
An encryption method that applies a deterministic algorithm along
with a symmetric key to encrypt a block of text, rather than encrypting one bit at a
time as in stream ciphers
Block Cipher
Encryption
Key
Block Cipher
Decryption
Key

Asymmetric
Key cryptography
Lastly. Let’s discuss
the asymmetric key
cryptography

Public Key Cryptography
Transaction Message
Sam’s Secret key (sk)
Sign
Verification
Transaction Message
Bobby’s Public key (pk)
Sam decides to send money
to his friend Bobby
Digital Signature
Bobby receives the
transaction

8 Common Cyber Threats
What the particular threat is
How the threat works
How to Protect Yourself
Agenda

Cybersecurity Threats Everywhere

Types of Cyberattacks
Malware Phishing Password Attacks DDoS
01 02 03 04
Man in the Middle Drive-By Download Malvertising Rogue Software
05 06 07 08

Malware
Computer Virus
Trojan Horse
Worms
Adware
Spyware
MALWARE

How Malware
Email Attachments
OS Vulnerabilities
Software Downloads

Stop Malware
o Stop clicking suspicious
links
oAlways study the URL
consciously and make
sure you are not on a
counterfeit site
o It’s also important to
make sure your
computer’s operating
system (e.g. Windows,
Mac OS X, Linux) uses the
most up-to-date security
updates
o Software programmers
update programs
frequently to address any
holes or weak points.
o Updating your firewall
constantly is a great idea
o Firewalls prevent the
transfer of large data files
over the network in a
hope to weed out
attachments that may
contain malware.
Suspicious Links Updated Firewall Updated OS

Phishing
Most of the attacks on financial
institutions the past 3 years have NOT
been through brute force attacks on
firewall appliances, it has been
through acquiring users’ passwords,
this technique is called “Phishing”

What is phishing used for
Stealing Confidential
Data
Harvesting Login
Credential
Impersonating

Phishing Awareness
From
Subject
Reply
Dear client,
We have strong reasons to believe that your credentials may have been
compromised and might have been used by someone else. We have locked
your amazon account please click here to unlock.
Sincerely,
Amazon Associate Team
Amazon<management@mazoncanada.ca>
Account Detail Compromised
click here
Always check the sender email
address
Look out for common generalised
addressing
Always hover over links to check
the redirect address

It’s time for a demo

Password Attacks
An attempt to obtain or decrypt a
user's password for illegal use.
Hackers can use cracking programs,
dictionary attacks, and password
sniffers in password attacks. Defence
against password attacks is rather
limited but usually consists of a
password policy including a minimum
length, unrecognizable words, and
frequent changes.

Types of Password Attacks
Brute Force Attacks
Dictionary Attacks
Keylogger Attacks

Stop Password Attacks
o It’s always a great idea to
keep changing essential
passwords in regular
intervals
o Passwords shouldn’t be
the same for everything
o It’s always a great idea to
use a password that only
makes sense to you
o Passwords which use
actual words that make
sense are much more
susceptible to dictionary
attacks
o When setting a password
general best practices
should be followed
o A password should
contain a multitude of
characters with a
generous use of alpha
numeric
Update Password Use Alpha-Numeric NO Dictionary

Distributed Denial of Service
Distributed denial of service (DDoS)
attacks are a subclass of denial of
service (DoS) attacks. A DDoS attack
involves multiple connected online
devices, collectively known as a
botnet, which are used to overwhelm
a target website with fake traffic.

Packet Flooding

Prevention
Traffic Analysis
Traffic Control
Recovery
Management

Man in the Middle
Man in the Middle
BanksLe You

Prevent MITM
Use encrypted WAP
Always check the security of you
connection(HSTS/HTTPS)
Invest in a VPN

What is a Drive-by Download
Drive-by download attacks occur
when vulnerable computers get
infected by just visiting a website.
Findings from latest Microsoft
Security Intelligence Report and many
of its previous volumes reveal
that Drive-by Exploits have become
the top web security threat to worry
about.

Visiting a Site
https://wordpress.myfashionblog.co

How it Works

Malvertising
Malvertising is the name we in the security industry give to criminally-controlled adverts which intentionally infect people and
businesses. These can be any ad on any site – often ones which you use as part of your everyday Internet usage. It is a growing
problem, as is evidenced by a recent US Senate report, and the establishment of bodies like Trust In Ads.

How does it work
https://www.fakesite.co

How does it work
Redirect
Malware Injection

Prevention
Common Sense
Regular Software
Updates
Adblocker

Rogue Software
Also called smitfraud, scareware, or rogue security
software, this type of software is defined as malware -
it is designed specifically to damage or disrupt a
computer system. In this case, not only is the software
going to disrupt your system, it's going to try and trick
you into making a purchase using your credit card

Propogation
Please update your software to protect yourself
from unknown access!

Prevention
Updated Firewall
Use Efficient
Antivirus
General Distrust

Foot-printing and Reconnaissance
Networking Fundamentals
Cryptography
Scanning and Enumeration
Agenda
Penetration
Malware

Goals of Computer Security
Denial of Service Attacks
Web Application Hacking
Agenda
Wireless Attacking
Detection Evasion
Programming Attacks

What is Hacking?

Early Days of Hacking
The first instance of hacking dates back to 1960’s and it all began in MIT with the Model rail road club.
(1960)
:
A person who delights in having an intimate understanding of the
internal workings of a system, computers and computer networks in
particular.

The First Computer Worm
Robert Tappan Morris is an American computer scientist and entrepreneur. He is best known for
creating the Morris Worm in 1988, considered the first computer worm on the Internet
(1980)
: An individual who gains access with malicious intent in their mind.

Hacking in Popular Culture
Hacking has been prevalent since then in a lot of popular movies and tv series. This has been useful for spreading awareness.

Reasons People Hack
Hacking has been prevalent since then in a lot of popular movies and tv series. This has
been useful for spreading awareness.
Some Times Just for Fun

Reasons People Hack
On the morning of the dedication of the William H. Gates Building, the internet kiosks in
the lobby which normally ran Windows XP were changed to temporarily boot linux. The
screens displayed a welcome message from Tux the Linux penguin
To make a political point

Reasons People Hack
Students at MIT turned the façade of a building into a Tetris game board just to see if
they could take on this daunting task.
For the Challenge

Reasons People Hack
Sometimes, its better to hack so that you know what’s wrong with a system and
fix it before someone with malicious intentions gets knowledge of it.
To get there before the bad guys

Types of Hackers
White Hat Hacker Grey Hat Hacker Black Hat Hacker

Skills Necessary
Computing
• Basic understanding of
operating systems
•Understanding of basic software
systems
•Grasp on CLI commands
Networking
•Cables, Systems, Switches
•Networking Architecture
•Understanding of different
networking protocols
Life Skills
•Ability to think out of the box
•Ability to accept failure and move
on
•Perseverance

Skills Necessary
Tools
•How to use a lot of tools
•Networking
•Security
Networking
•How to capture packets from a
network
•TCP/IP in detail
•Understanding how protocols
interact
Methods
•How to use gathered information
•Getting the best out of your
resources

Types of Attacks

Defacing
A website defacement is an attack on a website that changes
the visual appearance of the site or a webpage. These are
typically the work of system crackers, who break into a web
server and replace the hosted website with one of their own.

Buffer Overflow
U A E I O S T D
Buffer Overflow
When a piece of data is being transferred over a network, it isn’t immediately written to memory but rather
stored on the RAM which has a set buffer size. This can be easily exploited by bombarding the target with data
causing the buffer to overflow.

Denial of Service

Penetration Testing

What is Penetration Testing?
Vulnerability Assessment
Penetration testing, also called pen testing or ethical
hacking, is the practice of testing a computer system,
network or web application to find security vulnerabilities
that an attacker could exploit.

Goals
Assessing the weakness in an
organisation’s security posture
Understanding Risk
Positions better
Accessing systems to find
weaknesses before external
exploits

Results
Report
Create a detailed report
Suggest fixes to the bugs

Scope
How big is the sandbox? Restricted/No-touch? Scope of Contract

Footprinting

What is Footprinting?
Footprinting is a part of reconnaissance process which is used for gathering possible information about a target
computer system or network. Footprinting could be both passive and active. Reviewing a company’s website is an
example of passive footprinting, whereas attempting to gain access to sensitive information through social
engineering is an example of active information gathering.

Wayback Machine – Archive.org

Netcraft

Using DNS to Get information

Hostname Resolution
Domain Name Service
DNS is a necessity because IP addresses are hard to
remember which makes mnemonics a necessity in this case
DNS
• Easier to remember
• Reference for IP

Finding Network Ranges
192.168.54.32
IP Address
255.255.255.0
Subnet Mask
Finding the network range for a relevant scan is very necessary as scanning for vulnerabilities is a time
consuming task

Using Google for Reconnaissance

Google Hacking
Google is a valuable resource when it comes to information gathering, Knowing how to use google to target the
things you are looking for is a useful skill as an ethical hacker

TCP/IP

History of the Internet
Advanced research project agency commissioned a network in 1968 and the first internet
connection was in 1969

OSI an TCP/IP Model
Application
Presentation
Session
Transport
Network
Datalink
Physical
Application
Transport
Internet
Link

Addressing: Unicast

Addressing: Broadcast

Addressing: Multicast

Wireshark

What is Wireshark?

DHCP

What is DHCP?
DHCP
CLIENT
DHCP
SERVER
DISCOVER
OFFER
REQUEST
ACKNOWLEDGE

Why use DHCP?
A computer, or any other device that connects to a network (local or internet), must be properly configured to communicate on that network.
Since DHCP allows that configuration to happen automatically, it's used in almost every device that connects to a network including computers,
switches, smartphones, gaming consoles, etc.

Address Resolution Protocol

Address Resolution Protocol
192.168.1.31
192.168.1.33192.168.1.32 192.168.1.34
Who is 192.168.1.33?

ARP isn’t reliable
192.168.1.31
Hey that’s me. Here have my MAC address
too so that we can communicate more easily
in future
192.168.1.33
Well….that’s easily exploitable! I could just lie.

Liars…liars everywhere
192.168.1.31
192.168.1.33
192.168.1.32

Cryptography

History of Cryptography
The Caesar cipher is one of the earliest known and simplest ciphers. It is a type of substitution cipher in which each letter in the plaintext is
'shifted' a certain number of places down the alphabet.

Enigma Cipher
The Enigma cipher was a field cipher used by the Germans during World War II. The Enigma is one of the better known historical encryption
machines, and it actually refers to a range of similar cipher machines

Digital Encryption Standard
The Data Encryption Standard (DES) is a symmetric-key
block cipher published by the National Institute of
Standards and Technology (NIST). DES is an
implementation of a Feistel Cipher

Triple DES
In cryptography, Triple DES (3DES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies
the DES cipher algorithm three times to each data block.

Advanced Encryption Standard
The Advanced Encryption Standard, also known by its original name
Rijndael, is a specification for the encryption of electronic data
established by the U.S. National Institute of Standards and Technology in
2001

Types of Cryptography

Certificates

What is a Certificate?
A Digital Certificate is an electronic "password" that allows a person, organizaion to exchange data securely
over the Internet using the public key infrastructure (PKI). Digital Certificate is also known as a public key
certificate or identity certificate.

Who can issue a Digital Certificate?

Cryptographic Hashing

What is Hashing?
Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string.
Hashing is used to index and retrieve items in a database because it is faster to find the item using the shorter hashed key than to find it using
the original value.

TLS and SSL

History of SSL

TLS
TLS is a cryptographic protocol that provides end-to-end communications security over networks and is widely used for internet communications
and online transactions. It is an IETF standard intended to prevent eavesdropping, tampering and message forgery

Disk Encryption

Bitlocker

Scanning

What is Scanning?
Network scanning refers to the use of a computer network to gather information regarding computing systems. Network scanning is mainly used
for security assessment, system maintenance, and also for performing attacks by hackers.

NMAP
Nmap is a free and open-source security scanner, originally written by Gordon Lyon, used to discover hosts and services on a computer network,
thus building a "map" of the network.

IDS Evasion

What is IDS
An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is
discovered. While anomaly detection and reporting is the primary function, some intrusion detection systems are capable of taking actions when
malicious activity or anomalous traffic is detected, including blocking traffic sent from suspicious IP addresses.

Why evade IDS
Intrusion detection system evasion techniques are modifications made to attacks in order to prevent detection by an intrusion detection system
(IDS). Almost all published evasion techniques modify network attacks. The 1998 paper Insertion, Evasion, and Denial of Service: Eluding Network
Intrusion Detection popularized IDS evasion, and discussed both evasion techniques and areas where the correct interpretation was ambiguous
depending on the targeted computer system.

Agenda
What is
Kali Linux?
Kali Linux
install options
Demo –
Installing Kali
Linux

Introduction to Kali LinuxIntroduction to Kali Linux

Introduction to
Kali Linux
Kali Linux is a Debian-based Linux distribution
aimed at advanced Penetration Testing and
Security Auditing.
600+
Customizable Secure Platform
Multi Language
Penetration
Tools
Cost Free

Kali Linux – Installation Options

Installing Kali
Linux
Kali bootable USB
Drive
Kali Linux Hard Disk
Dual Boot Kali with
Windows/Mac
Launch with
Virtualization Software

Kali bootable
USB drive
Non-destructive
Easily Portable
Customizable
Potentially Persistent
Plug your USB drive & note down to which drive it mounts
Launch Win32 Disk Imager and choose Kali Linux ISO to be
imaged
Select the USB drive to be over written. Eject the USB

Demo
How to install Kali Linux using VMware/Virtual Box?
How to install Kali Linux tools on different Linux distros?
How to install Kali Linux on Windows 10 using
Windows Subsystem For Linux(WSL)?
How to install Kali Linux on Mac using
VMware/Virtual Box?

Launch Kali Linux on Windows
using VMware

Launch Kali Linux on MAC
using VirtualBox

Installing Kali Linux tools on
Linux distribitions

Install Kali Linux on Windows using
Windows Subsystem for Linux(WSL)

What
is
Ethical Hacking?
“Hacking is the process of finding vulnerabilities in a system and using these found
vulnerabilities to gain unauthorised access into the system to perform malicious activities
ranging from deleting system files or stealing sensitive information”

What is
Kali Linux ?
Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and
Security Auditing. Kali contains several hundred tools which are geared towards various
information security tasks, such as Penetration Testing, Security research, Computer
Forensics and Reverse Engineering.

Command Line Essentials
Staying Anonymous With Proxychains
Macchanger
Introductions to Wireless Penetration Testing
Aircrack-ngAgenda

Proxychain is a ny tool that forces any TCP connection made by any given application. to
follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported
auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP.
Client System
Target System
Intermediary
Systems
What is
a
Proxychain?

A media access control address of a device is a unique identifier assigned to a network
interface controller for communications at the data link layer of a network segment. MAC
addresses are used as a network address for most IEEE 802 network technologies, including
Ethernet, Wi-Fi and Bluetooth.
What is a
Mac Address?
00 3E 1A F1 4C C6
Mac Address
Organisationally
Unique Identifier
Universally
Administered Address

What is Penetration Testing?
What is Metasploit?
Demonstration
Agenda

What is Vulnerability Assessment?
Vulnerability Assessment
A vulnerability assessment is the process of defining, identifying,
classifying and prioritizing vulnerabilities in computer systems,
applications and network infrastructures and providing the
organization doing the assessment with the necessary
knowledge, awareness and risk background to understand the
threats to its environment and react appropriately.
Identify assets and capabilities
Quantify the assessment
Report the results

What is Metasploit?
Penetration Testing
Exploit Research

What is DOS & DDOS?
How does it Work?
Types of DDOS
DOS Demonstration
Agenda

What
is
DOS & DDOS
DOS - simply stands for Denial Of Service.
This service could be of any kind, for example, imagine your mother confiscates your cell
phone when you are preparing for your exams to help you study without any sort of
distraction. While the intention of your mother is truly out of care and concern, you are
being denied the service of calling and any other services offered by your cell phone.
Hijacking a server Port Overloading
De-authenticate
wireless
Denying internet
based services

How does it
Work?
The main idea of a DOS attack is making a certain service unavailable. Since every service
is, in reality, running on a machine, the service can be made unavailable if the performance
on the machine can be brought down. This is the fundamental behind DOS and DDOS.

Types
of
DOS Attack
Ping of Death

Types
of
DOS Attack
Reflected Attack
REFLECTOR Innocent Computer

Types
of
DOS Attack
Mailbomb

Types
of
DOS Attack
Teardrop Attack

Agenda
What is Application
Security?
What is SQL Injection
Attack?
Types of SQL
Injection Attacks
Demo - SQL Injection
Attack types
Prevention of SQL
Injection attack
01
02
03
04
05

Application Security

Cybersecurity
Network Security
Information Security
Operational Security
Disaster Recovery
End-user Education
Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices,
programs, and data from attack, damage, or unauthorized access.

Web Application Vulnerabilities
Application security is the use of software, hardware, and procedural
methods to protect applications from external threats.
0% 10% 20% 30% 40% 50%
0.06%
0.19%
0.63%
1.69%
2.19%
2.19%
2.44%
2.75%
8.63%
9.69%
18.01%
4.57%
46.97%
Denial of Service
XML External Entity
Open Direct
General Bypass
Authentication Bypass
Remote File Inclusion
Full Path Disclosure
Remote Code Execution
Local File Inclusion
Cross Site Request Forgery
File Upload
SQL Injection
Cross Site Scripting

What is SQL Injection?

Front End: HTML, CSS,
JavaScript
The need for more advanced
technology and dynamic websites grew.
Database: MySQL, Oracle,
MongoDB
Back End: .NET, PHP, Ruby,
Python
In the early days of internet, building
websites was pretty straightforward

What is SQL Injection?
A SQL query is in one
way an application
interacts with database
An SQL Injection occurs
when an application fails to
sanitize the user input data
An attacker can use specially
crafted SQL commands to
control web application’s
database server

SQL Injection Attack – Non Technical Explanation
Drive through <route> and <where should the bus stop?> if <when should the bus
stop?>.
Sample populated form
Drive through route77 and stop at the bus stop if
there are people at the bus stop
Drive through route77 and do not stop at the bus stop
and ignore the rest of the from. if there are people at
the bus stop

SQL Injection Attack – Technical Explanation
Sample SQL statement
$statement = “SELECT *
FROM users
WHERE username = ‘$user’ AND password = ‘$password‘“;
FROM users
WHERE username = ‘Dean’ AND password = ‘WinchesterS’“;
Sample SQL Injection
Condition that will always be true, thereby it is
accepted as a valid input by the application
Instructs the SQL parser that the rest of the line is
a comment and should not be executed
FROM users
WHERE username = ‘Dean OR ‘1’=‘1’ --‘AND password = ‘WinchesterS’“;

Impact of SQL Injection Attack
Extract sensitive
information Misusing authentication details
Delete data and drop tables

Types of SQL Injection

Categories of SQL Injection
SQL Injection
Error-based Union-based
In-Band SQLi
Blind SQLi
Out-of-bound SQLi
Boolean-based Time-based

Error BasedError Based
Types of SQL Injection
Error-based SQL Injection Union-based SQL Injection
Union Based Boolean Based Time Based Out-of-bound
https://example.com/index.php?id=1 AND SELECT "mysql" UNION SELECT @@version
https://example.com/index.php?id=1 AND(SELECT 1 FROM(SELECT
COUNT(*),concat(version(),FLOOR(rand(0)*2))x FROM information_schema.TABLES GROUP
BY x)a)--
https://example.com/index.php?id=1+AND+IF(version()+LIKE+'5%',true,false)
https://example.com/index.php?id=1+AND+IF(version()+LIKE+'5%',sleep(3),false))
Out-of-boundTime BasedUnion Based Boolean Based

Demo – Types of SQL Injection

Preventing SQL Injection
Performing static and dynamic testing
Using parameterized queries and ORMs
Using escape characters in SQL queries
Enforcing least privilege on database
Enabling web-application firewalls

Exploiting SQL Vulnerability in Application

Agenda
01 What is Steganography?
02 History of Steganography
03 Basic Steganographic Model
04 LSB Steganography - Demo
05 Steganography Tools

What is Steganography?

Data is hidden in the
plain sight

Cryptography
Board meeting is
happening on Tuesday. We
are meeting at 40.7127 S,
74.0059 E
Uksb klsmnc ou fghmhnvb
gh sdeygdh. eu sfhd
vbsnmrig st lolmnar K,
dgfhal V
Board meeting is
happening on Tuesday. We
are meeting at 40.7127 S,
74.0059 E
Sender Receiver

Cryptography
Sender ReceiverIntruder understands that
secret message is being sent
Uksb klsmnc ou
fghmhnvb gh sdeygdh

Steganography is the art and science of embedding secret messages in cover message in such a way that no one,
apart from the sender and intended recipient, suspects the existence of the message
Sender ReceiverIntruder will not get to know of the
existence of secret message

History of Steganography

Steganographic Tecniques
Steganography
STEGANOS GRAPHEN
Concealed or
Hidden
Drawing or
Writing
Null CipherWax Tablet Invisible Ink Microdots Semagrams
20191800

Steganography Types
Text
Steganography
Image
Steganography
Audio
Steganography
Email
Steganography Network
Steganography
Video
Steganography

Characteristics of Steganographic Techniques
Transparency
Robustness
Tamper Resistance
Original Image Stego Image

Basic Steganographic Model

Basic Steganographic Model
Cover File(X)
Steganographic
Encoder
f(X,M,K)
Secret
Message(M)
Secret
Message(M)
Stego
Object
Key(K)
Steganographic
Decoder
Communication
Channel
Stego Object

Steganographic Model: With Encryption
Encryption
Algorithm
Steganographic
Encoder
Decryption
Algorithm
Communication
Channel
Steganographic
Decoder
Message
Key
RECEIVER
Message
Cypher
Text
Cypher
Text
Key Stego Key
Stego Key Cover File
Stego Object
Stego Object
SENDER

LSB Steganography

Pixels & Bits
Pixel
R
G
B
1 0 1 1 0 1 1 1
1 1 0 1 1 0 0 1
1 0 1 0 0 1 0 0
Total: 24 Bits

Least Significance Bit Steganography
1 1 1 1 1 1 1 1
Most Significant
Bit(MSB)
Least Significant
Bit(LSB)
Value: 255
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0
255
127
255
254
If we change MSB, it will have larger impact on final value. If we change LSB, the impact on final value
is very less
Change in bytes is 99.99999% Change in bytes is 0.000002%

Least Significant Bit Steganography
1 0 0 0 0 0 1Secret message to hidden:
Letter ‘A’
Pixels before insertion(3 pixels)
Least Significant Bit Steganography(LSBS) involves overwriting the bit with the lowest arithmetic value
Pixels after insertion
10000000 10100100 10110101
10110101 11110011 10110111
11100111 10110011 00110011
10000001 10100100 10110100
10110100 11110010 10110110
11100110 10110011 00110011

Demo

Least Significant Bit Steganography - Demo
1 Loads an image and looks at each pixels in hexadecimal value.
2 Converts secret text into bits and stores them in LSB of pixel bits
3 A delimiter is added to the end of the edited pixel values
4
To encode the text into image
To decode the text from image
While retrieving all the 0’s and 1’s extracted until delimiter is found.
Extracted bits are converted into string(secret message)

Steganography Tools

Steganographic Tools
Tool Description
Stegosuite Hide text inside any image
Stegohide Hide secret file in image or audio file.
Xiao Steganography Free software that can be used to hide secret files in BMP
images or in WAV files.
SSuite Picsel Portable application to hide text inside image file
OpenPuff Tool to conceal files in image, audio & flash files
Camouflage Tool that lets you hide any type of file inside of file.

Who is an Ethical Hacker?
Roadmap to become an Ethical Hacker
Roles and Responsibilities
Skills Required
Job Trends
Companies
Salary
Agenda

Who
is an
Ethical Hacker?
An Ethical Hacker, also known as a White Hat Hacker, is a network security
expert who penetrates systems with prior permission to point out major
vulnerabilities and security flaws that could potentially result to loss of privacy
or even major business loss.
Interest in Cybersecurity
Time

Ethical Hacker
Roadmap
Cybersecurity
Computer Science
Information Security
Gain Hands On Experience
Earn Minor Certificates
Prepare for CEH v10

Roles
and
Responsibilities
Scanning open and closed ports using reconnaissance tools like Nessus and NMAP. Scanning is a set of
procedures for identifying live hosts, ports, and services, discovering Operating system and
architecture of target system, Identifying vulnerabilities and threats in the network. Network scanning
is used to create a profile of the target organization.

Roles
and
Responsibilities
It is the responsibility of an Ethical Hacker to engage his organisations member in social engineering
awareness activities. Social Engineering for the purpose of Hacking has proven to be one of the most
effective ways over time and knowing how to avoid any form of social manipulation is key to
organisations security!

Roles
and
Responsibilities
Ethical Hackers also get to test new patch releases and software updates pertaining to the companies
products and peripherals. It is their responsibility to identify any vulnerability that might exist in the
patch and notify the appropriate team to fix them.

Roles
and
Responsibilities
Ethical Hackers are also responsible for building and maintaining effective intrusion prevention and
intrusion detection system. IDS/IPS help monitor traffic and prevent any sort of DDOS attacks that might
be targeted.

Roles
and
Responsibilities
Ethical hackers are responsible for employing strategies like sniffing networks, bypassing
and cracking wireless encryption, and hijacking web servers and web applications for
testing security of a system.

Skills
Required
Sniffing is the process of monitoring and capturing all the packets passing
through a given network using sniffing tools. It is a form of “tapping phone
wires” and get to know about the conversation. It is also called wiretapping
applied to the computer networks.

Skills
Required
Ethical Hackers should know how to orchestrate different types of Network and
Database attacks as their main job is to predict black hat hackers and to do this
one must be able to think and act like a black hat hacker.

Skills
Required
Ethical Hackers have to deal with different kind of
operating systems on a daily basis with Linux being the
daily driver. So, it is obvious that an Ethical Hacker needs
to have an in depth knowledge of the working of
operating systems in general

Skills
Required
Ethical Hackers have to deal with different
kind of database formats. Whether it be SQL,
PostgreSQL, NoSQL an Ethical Hacker at least
needs a general knowledge of their working.

Skills
Required
An Ethical Hacker should also be proficient in
cryptanalysis, which is basically the
deciphering of cipher text without knowing
the key. This is also the fundamentals of
Password cracking using different methods
like brute force, dictionary attacks etc

Skills
Required
Ethical Hackers generally are endowed with the responsibility of network
traffic monitoring. Therefore they must be proficient in intrusion
detection and prevention techniques, session hijacking knowledge and
overall an in depth knowledge of network in general

Skills
Required
Ethical Hackers also have to make custom software to tackle the use case
specific security flaws that might be affecting the company. This requires
general programming knowledge so that you can execute solutions to
problems. It also helps in automating a lot pf tasks that would generally
take a lot of precious time

Ethical Hacker
Job Trends
Interest in Cybersecurity
Time

Money
$88,000
Payscale.com
$95,000
CEH Council
$50,000-100,000
1-2 Experience
$120,000
3-5 Experience
How much
money will I
make?

Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka

Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka

More Related Content

What's hot

Similar to Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka

More from Edureka!

Recently uploaded

Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka