Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence.
Hacking involves gaining unauthorized access to computer systems or networks. It began in the 1960s at MIT and has been part of computing for 40 years. There are different types of hacking such as website hacking, network hacking, and password hacking. Hackers hack for reasons like fun, showing off skills, stealing information, or destroying enemy networks. While hacking can test security and help find vulnerabilities, it is generally illegal and can harm privacy or destroy data. Famous hacker groups include Anonymous, which opposes censorship through hacking government websites.
IDS dan IPS digunakan untuk mendeteksi dan mencegah insiden keamanan jaringan. IDS hanya melakukan deteksi dan pelaporan insiden, sementara IPS dapat melakukan deteksi dan juga menghentikan insiden dengan cara memblokir akses. Metode deteksi yang digunakan antara lain berbasis signature dan berbasis anomalis untuk mendeteksi pola serangan yang dikenal maupun perilaku yang tidak normal. Contoh produk IPS komersial adalah Cisco FirePower, HP NGIPS,
This document discusses ethical hacking. It defines ethical hacking as testing systems for security purposes with permission, compared to cracking which is hacking without permission for malicious reasons. It outlines different types of hackers like script kiddies, white hat hackers who hack legally for security work, grey hat hackers who can help or harm, and black hat hackers who hack criminally. The document advises on security practices like using antiviruses and strong passwords to prevent hacking.
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
This document provides an overview of social engineering attacks. It defines social engineering as manipulating people into giving up confidential information through deception and manipulation. Various social engineering principles are described, including authority, social proof, urgency, and scarcity, which attackers use to carry out successful attacks. Different types of social engineering attacks are also outlined, such as phishing, spear phishing, baiting, DNS spoofing, honey traps, tailgating, shoulder surfing, and impersonation attacks.
This 1-day course introduces network penetration testing concepts and provides an overview of the penetration testing process. It covers prerequisites, objectives, benefits, definitions, types of penetration testing and phases including reconnaissance, scanning, exploitation, and reporting. The goal is to prepare students to understand and assist with penetration tests, though they will not be able to independently conduct professional tests after this introductory course.
Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence.
Hacking involves gaining unauthorized access to computer systems or networks. It began in the 1960s at MIT and has been part of computing for 40 years. There are different types of hacking such as website hacking, network hacking, and password hacking. Hackers hack for reasons like fun, showing off skills, stealing information, or destroying enemy networks. While hacking can test security and help find vulnerabilities, it is generally illegal and can harm privacy or destroy data. Famous hacker groups include Anonymous, which opposes censorship through hacking government websites.
IDS dan IPS digunakan untuk mendeteksi dan mencegah insiden keamanan jaringan. IDS hanya melakukan deteksi dan pelaporan insiden, sementara IPS dapat melakukan deteksi dan juga menghentikan insiden dengan cara memblokir akses. Metode deteksi yang digunakan antara lain berbasis signature dan berbasis anomalis untuk mendeteksi pola serangan yang dikenal maupun perilaku yang tidak normal. Contoh produk IPS komersial adalah Cisco FirePower, HP NGIPS,
This document discusses ethical hacking. It defines ethical hacking as testing systems for security purposes with permission, compared to cracking which is hacking without permission for malicious reasons. It outlines different types of hackers like script kiddies, white hat hackers who hack legally for security work, grey hat hackers who can help or harm, and black hat hackers who hack criminally. The document advises on security practices like using antiviruses and strong passwords to prevent hacking.
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
This document provides an overview of social engineering attacks. It defines social engineering as manipulating people into giving up confidential information through deception and manipulation. Various social engineering principles are described, including authority, social proof, urgency, and scarcity, which attackers use to carry out successful attacks. Different types of social engineering attacks are also outlined, such as phishing, spear phishing, baiting, DNS spoofing, honey traps, tailgating, shoulder surfing, and impersonation attacks.
This 1-day course introduces network penetration testing concepts and provides an overview of the penetration testing process. It covers prerequisites, objectives, benefits, definitions, types of penetration testing and phases including reconnaissance, scanning, exploitation, and reporting. The goal is to prepare students to understand and assist with penetration tests, though they will not be able to independently conduct professional tests after this introductory course.
Cyber crime & security final tapanTapan Khilar
This document discusses various types of cybercrimes and the relevant laws in India. It defines cybercrimes as crimes that involve computers and the internet. The key points covered are:
- Types of cybercrimes include hacking, phishing, computer viruses, cyber pornography, denial of service attacks, and software piracy.
- The Indian IT Act 2000 is the main law governing cybercrimes and has sections dealing with hacking, data alteration, unauthorized access, and publishing obscene material.
- Other relevant laws include the IPC for offenses like fraud, forgery and criminal breach of trust.
- Investigating cybercrimes involves computer forensics to preserve digital evidence that can be accepted in
Red team and blue team in ethical hackingVikram Khanna
Red team blue team work on two approaches, one attacks it while blue team defends it. View this presentation now to understand what is red team and blue team and its importance in ethical hacking!
Happy learning!!
OSINT e Ingeniería Social aplicada a las investigacionesemilianox
Este documento trata sobre ingeniería social y OSINT (Open Source Intelligence). Explica que la ingeniería social es la manipulación o influencia de personas o grupos mediante técnicas de psicología, comunicación y otras habilidades. También describe las diferentes etapas de OSINT como requisitos, fuentes de información, adquisición, procesamiento, análisis y presentación. Finalmente, presenta varias herramientas y técnicas para la recolección de información de fuentes abiertas y la manipulación de personas.
There are a number of different kinds of tools for collecting information about the thoughts and beliefs that different groups have about your organization.
The cyber kill chain describes cyber attacks from an attacker's perspective through distinct phases: (1) reconnaissance, (2) weaponization, (3) delivery, (4) exploitation, (5) installation, (6) command and control, and (7) actions on objectives. Each phase of the kill chain can be mapped to defensive tools and actions to prevent attacks. Understanding the kill chain stages gives analysts insight into what is being attempted and how to respond appropriately. The kill chain was developed by Lockheed Martin as a method to describe intrusions and prevent advanced persistent threats by highly trained adversaries targeting sensitive information.
Hacking involves exploiting vulnerabilities in computer systems or networks to gain unauthorized access. There are different types of hackers, including white hat hackers who perform ethical hacking to test security, black hat hackers who perform hacking with malicious intent, and grey hat hackers who may sometimes hack ethically and sometimes not. Ethical hacking involves testing one's own systems for vulnerabilities without causing harm. Vulnerability assessments and penetration tests are common ethical hacking techniques that involve scanning for vulnerabilities and attempting to exploit them in a controlled way. Popular tools used for ethical hacking include Kali Linux, Nmap, Metasploit, and John the Ripper.
Ethical hacking : Its methodologies and toolschrizjohn896
This Presentation gives you the knowledge about ethical hacking and its methodologies. This PPT also explains the type of hackers and tools used with example of hashcat which is used to break hash algorithms like MD5, SHA1, SHA256 Etc
DDoS attacks target companies and institutions that provide online services. They work by overloading servers with traffic from multiple compromised systems known as "bots" or "zombies". Common DDoS attack types include SMURF, TCP SYN/ACK, UDP flood, DNS amplification, and attacks using peer-to-peer networks. Defenses include configuring routers and firewalls to filter unauthorized traffic, limiting response messages, and tracking malicious activity on peer-to-peer networks. As attack methods evolve, continued development of detection and mitigation techniques is needed.
In the world of cyber security, a single defeat can be extremely costly.Before you create a plan, it’s vital to learn about the anatomy of a data breach – and understand who your attackers are.
In a standard data breach, the type that occurs between 80 to 90 million times per year, there are roughly 6 essential steps, each of which will be outlined below. It’s time for a quick anatomy lesson to strengthen your cyber security program:
Hacking involves gaining unauthorized access to computer systems or networks, and can be done for malicious or ethical purposes. Ethical hackers are skilled at techniques used by criminal hackers but use their skills to test security and find vulnerabilities with permission. The document outlines different types of hackers and hacking, how to defend against hacking through strong passwords and updates, and the legal consequences of illegal hacking versus the paid work of ethical hackers.
Ethical Hacking Concepts and Scopes, Threats and Attack Vectors, Information Assurance, Threat Modelling
Enterprise Information Security Architecture, Vulnerability
Assessment and Penetration Testing
Types of Social Engineering, Insider Attack, Preventing Insider
Threats, Social Engineering Targets and Defence Strategies
This document provides greetings in 11 official languages of South Africa: Afrikaans, English, isiNdebele, isiXhosa, isiZulu, Sepedi, Sesotho, Setswana, SiSwati, Tshivenda, and Xitsonga. It lists each language along with the greeting used. At the end it thanks the reader in each of the 11 languages. The purpose is to showcase South Africa's multilingualism and celebrate its diversity of official languages.
This document defines hacking and discusses its history and types. It began in the 1960s at MIT and was done by early computer programmers out of curiosity. There are three main types of hackers - black hat hackers violate security for gain/malice, white hats exploit weaknesses ethically, and grey hats fall in between. Reasons for hacking include fun, status, stealing information, or destroying enemy networks. The document outlines various hacking techniques like website, network, password and computer hacking. It provides tips for securing data and accounts as well as discussing advantages like recovering lost information and disadvantages like harming privacy and illegality.
This document discusses open-source intelligence (OSINT) and how it can be used for cybersecurity awareness or against individuals. OSINT involves collecting information from public sources and can be used by cybersecurity professionals, but also by threat actors for attacks like identity theft, account takeover, and social engineering. The document provides examples of OSINT tools and techniques that can be used for both ethical purposes like penetration testing or unethical purposes like criminal phishing campaigns.
Dokumen tersebut membahas sejarah dan perkembangan CERT di Indonesia dan dunia, serta fungsi dan layanan yang disediakan oleh ID-CERT sebagai lembaga respon insiden keamanan siber di Indonesia.
This document provides an overview of open-source intelligence (OSINT) techniques. It defines OSINT as information gathered from publicly available sources on the internet and media. Some key OSINT data sources it outlines include search engines, social networks, maps, public databases, and other online tools that can be used to gather intelligence on people, organizations, domains, and technical information. The document also lists specific tools and websites that can be used for OSINT activities like searching social media, performing online investigations, and monitoring open data sources.
This document discusses ethical hacking and provides information on various types of hackers, why people hack, and the hacking process. It defines ethical hacking as legal hacking done with permission to identify vulnerabilities. The hacking process involves preparation, footprinting, enumeration and fingerprinting, vulnerability identification, gaining access, escalating privileges, covering tracks, and creating backdoors. It also discusses how to protect systems and what to do if hacked, such as restoring from backups and patching security holes.
This document outlines the phases of a penetration testing execution, with a focus on the reconnaissance phase. It discusses the reconnaissance phase in depth, including levels of information gathering, goals of information gathering through open source intelligence (OSINT), and types of corporate and target details that should be collected. The key aspects covered are the importance of gathering information before launching attacks, doing so in a legal and ethical manner according to the rules of engagement, and focusing reconnaissance efforts on information directly relevant to the goals of the penetration test. The overall goal of the reconnaissance phase is to safely and effectively collect intelligence on the target to inform subsequent phases of testing.
This document discusses improving detection rules coverage through infrastructure automation tools, testing frameworks, and metrics. It introduces tools like Packer, Vagrant, Terraform, and DetectionLab for building detection environments. Atomic Red Team and the MITRE ATT&CK framework are covered for testing detections. Metrics like the ATT&CK heatmap and KPIs are suggested for measuring coverage. Common pitfalls like assuming full coverage and not prioritizing are addressed.
Cybersecurity for industry 4.0-part-1.pptxmasadjie
Dokumen tersebut membahas tantangan keamanan siber di era industri 4.0 dan masa normal baru. Terdapat ancaman serangan siber baik dari internal maupun eksternal perusahaan seperti phishing, malware, dan eksploitasi kerentanan sistem. Dokumen ini juga menjelaskan berbagai jenis serangan siber seperti ransomware dan DoS serta cara melindungi data pribadi dan organisasi.
Cyber crime & security final tapanTapan Khilar
This document discusses various types of cybercrimes and the relevant laws in India. It defines cybercrimes as crimes that involve computers and the internet. The key points covered are:
- Types of cybercrimes include hacking, phishing, computer viruses, cyber pornography, denial of service attacks, and software piracy.
- The Indian IT Act 2000 is the main law governing cybercrimes and has sections dealing with hacking, data alteration, unauthorized access, and publishing obscene material.
- Other relevant laws include the IPC for offenses like fraud, forgery and criminal breach of trust.
- Investigating cybercrimes involves computer forensics to preserve digital evidence that can be accepted in
Red team and blue team in ethical hackingVikram Khanna
Red team blue team work on two approaches, one attacks it while blue team defends it. View this presentation now to understand what is red team and blue team and its importance in ethical hacking!
Happy learning!!
OSINT e Ingeniería Social aplicada a las investigacionesemilianox
Este documento trata sobre ingeniería social y OSINT (Open Source Intelligence). Explica que la ingeniería social es la manipulación o influencia de personas o grupos mediante técnicas de psicología, comunicación y otras habilidades. También describe las diferentes etapas de OSINT como requisitos, fuentes de información, adquisición, procesamiento, análisis y presentación. Finalmente, presenta varias herramientas y técnicas para la recolección de información de fuentes abiertas y la manipulación de personas.
There are a number of different kinds of tools for collecting information about the thoughts and beliefs that different groups have about your organization.
The cyber kill chain describes cyber attacks from an attacker's perspective through distinct phases: (1) reconnaissance, (2) weaponization, (3) delivery, (4) exploitation, (5) installation, (6) command and control, and (7) actions on objectives. Each phase of the kill chain can be mapped to defensive tools and actions to prevent attacks. Understanding the kill chain stages gives analysts insight into what is being attempted and how to respond appropriately. The kill chain was developed by Lockheed Martin as a method to describe intrusions and prevent advanced persistent threats by highly trained adversaries targeting sensitive information.
Hacking involves exploiting vulnerabilities in computer systems or networks to gain unauthorized access. There are different types of hackers, including white hat hackers who perform ethical hacking to test security, black hat hackers who perform hacking with malicious intent, and grey hat hackers who may sometimes hack ethically and sometimes not. Ethical hacking involves testing one's own systems for vulnerabilities without causing harm. Vulnerability assessments and penetration tests are common ethical hacking techniques that involve scanning for vulnerabilities and attempting to exploit them in a controlled way. Popular tools used for ethical hacking include Kali Linux, Nmap, Metasploit, and John the Ripper.
Ethical hacking : Its methodologies and toolschrizjohn896
This Presentation gives you the knowledge about ethical hacking and its methodologies. This PPT also explains the type of hackers and tools used with example of hashcat which is used to break hash algorithms like MD5, SHA1, SHA256 Etc
DDoS attacks target companies and institutions that provide online services. They work by overloading servers with traffic from multiple compromised systems known as "bots" or "zombies". Common DDoS attack types include SMURF, TCP SYN/ACK, UDP flood, DNS amplification, and attacks using peer-to-peer networks. Defenses include configuring routers and firewalls to filter unauthorized traffic, limiting response messages, and tracking malicious activity on peer-to-peer networks. As attack methods evolve, continued development of detection and mitigation techniques is needed.
In the world of cyber security, a single defeat can be extremely costly.Before you create a plan, it’s vital to learn about the anatomy of a data breach – and understand who your attackers are.
In a standard data breach, the type that occurs between 80 to 90 million times per year, there are roughly 6 essential steps, each of which will be outlined below. It’s time for a quick anatomy lesson to strengthen your cyber security program:
Hacking involves gaining unauthorized access to computer systems or networks, and can be done for malicious or ethical purposes. Ethical hackers are skilled at techniques used by criminal hackers but use their skills to test security and find vulnerabilities with permission. The document outlines different types of hackers and hacking, how to defend against hacking through strong passwords and updates, and the legal consequences of illegal hacking versus the paid work of ethical hackers.
Ethical Hacking Concepts and Scopes, Threats and Attack Vectors, Information Assurance, Threat Modelling
Enterprise Information Security Architecture, Vulnerability
Assessment and Penetration Testing
Types of Social Engineering, Insider Attack, Preventing Insider
Threats, Social Engineering Targets and Defence Strategies
This document provides greetings in 11 official languages of South Africa: Afrikaans, English, isiNdebele, isiXhosa, isiZulu, Sepedi, Sesotho, Setswana, SiSwati, Tshivenda, and Xitsonga. It lists each language along with the greeting used. At the end it thanks the reader in each of the 11 languages. The purpose is to showcase South Africa's multilingualism and celebrate its diversity of official languages.
This document defines hacking and discusses its history and types. It began in the 1960s at MIT and was done by early computer programmers out of curiosity. There are three main types of hackers - black hat hackers violate security for gain/malice, white hats exploit weaknesses ethically, and grey hats fall in between. Reasons for hacking include fun, status, stealing information, or destroying enemy networks. The document outlines various hacking techniques like website, network, password and computer hacking. It provides tips for securing data and accounts as well as discussing advantages like recovering lost information and disadvantages like harming privacy and illegality.
This document discusses open-source intelligence (OSINT) and how it can be used for cybersecurity awareness or against individuals. OSINT involves collecting information from public sources and can be used by cybersecurity professionals, but also by threat actors for attacks like identity theft, account takeover, and social engineering. The document provides examples of OSINT tools and techniques that can be used for both ethical purposes like penetration testing or unethical purposes like criminal phishing campaigns.
Dokumen tersebut membahas sejarah dan perkembangan CERT di Indonesia dan dunia, serta fungsi dan layanan yang disediakan oleh ID-CERT sebagai lembaga respon insiden keamanan siber di Indonesia.
This document provides an overview of open-source intelligence (OSINT) techniques. It defines OSINT as information gathered from publicly available sources on the internet and media. Some key OSINT data sources it outlines include search engines, social networks, maps, public databases, and other online tools that can be used to gather intelligence on people, organizations, domains, and technical information. The document also lists specific tools and websites that can be used for OSINT activities like searching social media, performing online investigations, and monitoring open data sources.
This document discusses ethical hacking and provides information on various types of hackers, why people hack, and the hacking process. It defines ethical hacking as legal hacking done with permission to identify vulnerabilities. The hacking process involves preparation, footprinting, enumeration and fingerprinting, vulnerability identification, gaining access, escalating privileges, covering tracks, and creating backdoors. It also discusses how to protect systems and what to do if hacked, such as restoring from backups and patching security holes.
This document outlines the phases of a penetration testing execution, with a focus on the reconnaissance phase. It discusses the reconnaissance phase in depth, including levels of information gathering, goals of information gathering through open source intelligence (OSINT), and types of corporate and target details that should be collected. The key aspects covered are the importance of gathering information before launching attacks, doing so in a legal and ethical manner according to the rules of engagement, and focusing reconnaissance efforts on information directly relevant to the goals of the penetration test. The overall goal of the reconnaissance phase is to safely and effectively collect intelligence on the target to inform subsequent phases of testing.
This document discusses improving detection rules coverage through infrastructure automation tools, testing frameworks, and metrics. It introduces tools like Packer, Vagrant, Terraform, and DetectionLab for building detection environments. Atomic Red Team and the MITRE ATT&CK framework are covered for testing detections. Metrics like the ATT&CK heatmap and KPIs are suggested for measuring coverage. Common pitfalls like assuming full coverage and not prioritizing are addressed.
Cybersecurity for industry 4.0-part-1.pptxmasadjie
Dokumen tersebut membahas tantangan keamanan siber di era industri 4.0 dan masa normal baru. Terdapat ancaman serangan siber baik dari internal maupun eksternal perusahaan seperti phishing, malware, dan eksploitasi kerentanan sistem. Dokumen ini juga menjelaskan berbagai jenis serangan siber seperti ransomware dan DoS serta cara melindungi data pribadi dan organisasi.
Hacker dapat digunakan untuk kebaikan atau kejahatan. Beberapa hacker membantu pemerintah dengan meningkatkan keamanan sistem, sementara yang lain mencuri data pribadi atau merusak sistem. Hacker harus waspada terhadap ancaman keamanan siber dan melindungi informasi pribadi.
Hacker dapat digunakan untuk kebaikan atau kejahatan. Beberapa hacker membantu pemerintah dengan meningkatkan keamanan sistem, sementara yang lain mencuri data pribadi atau merusak sistem. Hacker harus waspada terhadap ancaman keamanan siber dan melindungi informasi pribadi.
Dokumen tersebut membahas tentang keamanan komputer, termasuk definisi keamanan komputer, aspek-aspek keamanan seperti kerahasiaan, integritas, ketersediaan, kontrol akses, dan non-repudiasi, serta serangan-serangan terhadap sistem komputer seperti gangguan, intersepsi, modifikasi, dan fabrikasi."
Dokumen tersebut membahas tentang keamanan dalam e-commerce, termasuk berbagai ancaman keamanan seperti penipuan, pencurian data, virus komputer, dan teknik-teknik hacking seperti denial of service dan sniffer. Dibahas pula berbagai aspek keamanan seperti kerahasiaan, integritas, ketersediaan, otentikasi, kontrol akses, dan non-repudiasi dalam transaksi online.
Ringkasan dokumen tersebut adalah sebagai berikut:
Dokumen tersebut membahas tentang keamanan jaringan komputer, yang mencakup tujuan keamanan seperti ketersediaan, kehandalan, dan kerahasiaan serta cara pengamanan melalui autentikasi dan enkripsi. Dokumen tersebut juga menjelaskan proses autentikasi dan enkripsi serta ancaman-ancaman terhadap jaringan komputer seperti sniffer dan spoofing beserta cara mengelola
Dokumen tersebut membahas tentang session hijacking pada sistem keamanan komputer. Session hijacking adalah pengambilalihan sesi aplikasi web milik pengguna lain dengan mendapatkan ID sesi mereka, biasanya melalui cookies. Dokumen tersebut juga membahas berbagai aspek keamanan komputer seperti social engineering, serangan jaringan, dan cara-cara pencegahannya seperti enkripsi dan firewall.
Dokumen tersebut memberikan informasi mengenai kontrak perkuliahan yang mencakup aturan-aturan akademik seperti kehadiran minimal 75%, nilai akhir yang terdiri dari berbagai komponen, grade yang diterima, dan sanksi bagi mahasiswa yang tidak memenuhi syarat. Dokumen tersebut juga menjelaskan jumlah pertemuan berdasarkan SKS yang diambil.
Ringkasan dokumen tersebut adalah:
Dokumen tersebut membahas tentang pengertian hacker dan cracker, tingkatannya, kode etik dan aturan main hacker, contoh kasus hacker, akibat dari kegiatan hacker dan cracker, serta teknik-teknik hacking website seperti upload file, SQL injection, phishing, DDoS, XSS, serta latihan hacking website menggunakan teknik-teknik tersebut.
3. Hacker
• Pemuda yang berambut panjang duduk
di depan komputer berjam-jam sambil
memakan pizza dan membobol system
pertahanan.
• Orang yang mempelajari, menganalisis,
memodifikasi, serta menerobos masuk ke
dalam sistem komputer dan jaringan
komputer, baik untuk keuntungan pribadi
atau dimotivasi oleh tantangan.
6. 2. Scanning
• Proses dimana hacker menggunakan berbagai alat dan tools berusaha mencari
celah masuk atau lokasi tempat serangan akan diluncurkan.
• Yang akan di scan : port(port scanning), pemetaan jaringan (network mapping),
pencarian kerawanan (vulnerability scanning).
• Jika target memiliki perangkat IDS (Intrusion Detection System) proses
penyesupuan akan terdeteksi.
• Pada dasarnya scanning melanggar undang-undang
7. 3. Gaining Access
• Melakukan pembajakan hak akses seseorang (session hijacking),
sehingga yang bersangkutan dapat masuk ke dalam sistem yang
bukan merupakan teritorinya
• Proses mendapatkan hak akses berlangsung cukup singkat
tergantung sejumlah faktor, seperti konfigurasi jaringan, jenis
system yang digunakan, keahlian hacker, jenis tool
• Ex : password cracking, buffer overflows
• Jika perusahaan gagal mendeteksi tahap ini akan mendatangkan
malapetaka yang cukup besar
8. A. Operating System Level (Serangan perangkat lunak sistem)
B. Network Level (Serangan Jaringan)
C. Denial Of Service (serangan mencegah pengguna yang
sesungguhnya menikmati layanan yang diberikan server)
9. 4. Maintaining Access
• Sebuah periode dimana setelah hacker berhasil masuk kedalam system, dan
berusaha untuk tetap bertahan memperoleh hak akses.
• Pada tahap ini sistem anda telah berhasil diambil alih oleh pihak yg tidak
berhak.
• Data/program target sudah bisa diunduh, diedit
10.
11. 5. Clearing Tracks
• Penghapusan Jejak
• Untuk mendapatkan penghapusan jejak sempurna dibutuhkan sumber
daya yang tidak sedikit, pengetahuan dan keahlian hacker yang
bersangkutan