SlideShare a Scribd company logo

Unit iii: Common Hacking Techniques

Download as PPTX, PDF
Arnav Chowdhury
Arnav Chowdhury

offline credential stealing, phishing, malware, pharming, online credential stealing, spyware, worms, trojans.

Technology
1 of 29
UNIT III: Common Hacking Techniques Off-Line Credential-Stealing Attacks: Phishing, Vishing, Malware and Pharming. On-Line Credential-Stealing Attack: Spyware, Logging Worms, Trojans, In Session Phishing Attacks.
What is a Credential-Based Attack? • Credential based attacks occur when attackers steal credentials to gain access, bypass an organizations security measures, and steal critical data. • Credential theft, the first stage of a credential-based attack, is the process of stealing credentials. Attackers commonly use phishing for credential theft, as it is a fairly cheap and extremely efficient tactic. The effectiveness of credential phishing relies on human interaction in an attempt to deceive employees, unlike malware and exploits, which rely on weaknesses in security defenses.
What is a Credential-Based Attack? • Corporate credential theft is usually a targeted effort. Attackers scour social media sites such as LinkedIn, searching for specific users whose credentials will grant access to critical data and information. The phishing emails and websites utilized in corporate credential theft are much more sophisticated than those used for consumer credential theft. Attackers put a great deal of effort into making these emails and websites look nearly identical to legitimate corporate applications and communications.
Phishing • Due to the lack of adoption of multi-factor authentication and poor password best practices, the number of credential thefts by way of phishing has grown exponentially. Phishing attacks are often carried out when a cybercriminal poses as part of the users’ social or professional networks – either as an individual or entity, such as a bank – and directs targets to enter personal information at a fraudulent website that matches the looks of the legitimate site. Additionally, attackers oftentimes use phishing attacks to plant malware on systems and gain full unauthorized access to sensitive data.
Types of phishing include spear phishing, whaling and clone phishing. • Spear phishing involves the targeting of specific organizations or individuals to steal sensitive information such as account credentials. In this type of attack, hackers disguise themselves as trustworthy identities and typically access sensitive information via email-spoofing or by infiltrating other online messaging systems. • Whaling is a type of spear phishing attack aimed at C-suite executives within an organization and often impersonate customer complaints or personal issues. • Clone phishing is carried out by stealing a previously delivered email containing an attachment and/or link and then using it to create a similar or “cloned” email with the intent of gaining access to privileged credentials. Within these, the attachments/links are replaced with malicious versions and the email address is slightly altered to deceive the recipient.
Vishing • Vishing, a combination of ‘voice’ and ‘phishing,’ is a phone scam designed to get you to share personal information. In 2018, phishing crimes cost victims $48 million, according to the FBI’s Internet Crime Complaint Center. • During a vishing phone call, a scammer uses social engineering to get you to share personal information and financial details, such as account numbers and passwords. The scammer might say your account has been compromised, claim to represent your bank or law enforcement, or offer to help you install software. Warning: It's probably malware. • Vishing is just one form of phishing, which is any type of message — such as an email, text, phone call or direct-chat message — that appears to be from a trusted source, but isn’t. The goal is to steal someone's identity or money. • It’s getting easier to contact more people, too. Scammers can place hundreds of calls at a time using voice over internet protocol (VoIP) technology and can spoof the caller ID to make the call appear to come from a trusted source, such as your bank.
Common vishing scams • “Compromised” bank or credit card account Whether it’s a person or a prerecorded message on the other end, you’ll be told there’s an issue with your account or a payment you made. You may be asked for your login credentials to fix the problem or asked to make a new payment. Instead of giving out your info, hang up and call your financial institution on their publicly available number. • Unsolicited loan or investment offers Scammers will call with offers that are too good to be true. They'll say, for example, that you can earn millions of dollars on one small investment, pay off all your debt with one quick fix, or get all your student loans forgiven in one fell swoop. Typically, you must “act now” and will need to pay a small fee. Don't fall for it. Legitimate lenders and investors won't make these types of offers and won't initiate contact out of the blue.
Common vishing scams • Medicare or Social Security scam Phone calls are the No. 1 method scammers use to reach older adults, according to the Federal Trade Commission. Crooks pose as Medicare reps — often during Medicare open enrollment season — and try to glean financial information from the victim, such as their Medicare number or bank account details. Then the scammer will either fraudulently use the victim's Medicare benefits or steal their money. • IRS tax scam There are many variations of this type of scam, but typically, you'll receive a prerecorded message. It tells you something's wrong with your tax return and if you don't call back, a warrant will be issued for your arrest. Scammers usually pair this with a spoofed caller ID made to look like the call is coming from the IRS.
How to spot a vishing scam Here are some of the tell-tale signs of a vishing scam: • The caller claims to represent the IRS, Medicare, or the Social Security Administration. Unless you've requested contact, none of these federal agencies will ever initiate contact with you by email, text messages, or social media channels to request personal or financial information. In fact, be skeptical of anyone who calls you with an offer. • There's a frantic sense of urgency. Scammers will try to tap into your sense of fear, using threats of arrest warrants and problems with your account. If you get one of these phone calls, remain calm and never give out your own information. Hang up and do your own investigation. • The caller asks for your information. They may ask you to confirm your name, address, birth date, Social Security number, bank account info, and other identifying details. To trick you into thinking they're legit, they may even have some of this info on hand. The goal is to get the remaining info that they don't have yet.
Malware • Malicious software, more commonly known as malware, is a threat to your devices and your cybersecurity. It’s software that cyber attackers develop to gain access or cause damage to a computer or network, usually without the victim’s knowledge. What is a malware attack? • A malware attack is when cybercriminals create malicious software that’s installed on someone else’s device without their knowledge to gain access to personal information or to damage the device, usually for financial gain. Different types of malware include viruses, spyware, ransomware, and Trojan horses. • Malware attacks can occur on all sorts of devices and operating systems, including Microsoft Windows, macOS, Android, and iOS. • At least one type of malware attack is growing. Mobile ransomware attacks increased by a third in 2018 from the previous year. Most of those attacks occurred in the United States.
Types of malware attacks • Exploit kit • Exploit kits are malicious toolkits that attackers use to search for software vulnerabilities on a target’s computer or mobile device. The kits come with prewritten code that will search for vulnerabilities. When a vulnerability is found, the kit can inject malware into the computer through that security hole. This is a highly effective malware attack variety, and one of the reasons why it is so important to run software updates as soon as they become available in order to patch security flaws. • Malicious websites and drive-by-downloads • A drive-by-download is a download that occurs when a user visits a malicious website that is hosting an exploit kit for malware attacks. There is no interaction needed on the user’s part other than visiting the infected webpage. The exploit kit will look for a vulnerability in the software of the browser, and inject malware via the security hole.
Types of malware attacks • Malvertising • Malicious advertising — malvertising, for short — is a threat that’s popular among cybercriminals. The cybercriminal will purchase legitimate advertising space on legitimate websites, but malicious code will be embedded within the ad. Similar to a drive-by-download, there is no interaction needed on the user’s part to download the malware and be impacted by this kind of malware attack. • Man-in-the-middle (MitM) attack • A man-in-the-middle attack employs the use of an unsecured, or poorly secured, usually public Wi-Fi router. The hacker will then scan the router using special code looking for certain weaknesses such as default or poor password use. • Once the attacker has found the vulnerability, they will then insert themselves in between the user’s computer and the websites that user visits and intercept the messages or information being transmitted between the two, such as passwords or payment card data.
Types of malware attacks • Man-in-the-browser (MitB) attack • This is similar to a man-in-the-middle attack attack. All an attacker needs to do is inject malware into the computer, which will then install itself into the browser without the user’s knowledge. The malware will then record the data that is being sent between the victim and specifically targeted websites. • Social engineering and malware attacks • Social engineering is a popular malware delivery method that involves the manipulation of human emotions. Social engineering uses spam phishing via email, instant messages, social media, and more. The goal is to trick the user into downloading malware or clicking a link to a compromised website that hosts the malware.
What should I do about malware attacks? Keep your software updated • Software updates are important because they repair security holes that have been discovered, and fix or remove computer bugs. It’s smart to run software updates as soon as they become available. Back up your files regularly • Regularly copy your data to an external hard drive or a reputable cloud storage provider in case it’s ever compromised in a malware attack. Back up the data on all of your devices, including your tablets, computers, and smartphones. Scan executable files before running them • “Executable” files, which end in “.exe.”, contain step-by-step instructions for a computer to carry out a function. Double-clicking the .exe file will trigger your computer to execute these instructions using a software program. • There are plenty of software options that contain antivirus software, but it’s a good idea to choose one that scans in real-time rather than manually.
Pharming • Pharming is a form of online fraud involving malicious code and fraudulent websites. Cybercriminals install malicious code on your computer or server. The code automatically directs you to bogus websites without your knowledge or consent. • The goal is to get you to provide personal information, like payment card data or passwords, on the false websites. Cybercriminals could then use your personal information to commit financial fraud and identity theft. • Pharming combines the words “phishing” and “farming.” This cybercrime is also known as “phishing without a lure.” • Phishing is an online fraud scheme where a cybercriminal hopes you’ll click on a compromised email link which takes you to a fake site where you then enter your access credentials — such as your username and password. If you do, the fraudster can then access the real site and steal your personal information there.
Pharming • Pharming, on the other hand, is a two-step process. One, cybercriminals install malicious code on your computer or server. Two, the code sends you to a bogus website, where you may be tricked in providing personal information. Computer pharming doesn’t require that initial click to take you to a fraudulent website. Instead, you’re redirected there automatically. The fraudster has immediate access to any personal information you enter on the site.
How to protect yourself against pharming • Ensure you are using secure web connections (look for https in the web address) • Be cautious when opening links or attachments that you weren’t expecting or that are from an unfamiliar sender • Avoid suspicious websites • Enable two-factor authentication on sites that offer it • Use a reputable internet service provider, whenever possible • Use a VPN service that has reputable DNS servers • Change the default password on your consumer-grade routers and wireless access point Here are two signals of pharming. • An unsecure connection. If your site address says “http” instead of “https” in the address line, the website may be corrupted. • A website that doesn’t seem right. If the site you’re on has spelling errors, unfamiliar font or colors, or otherwise just doesn’t seem legitimate, it may not be.
Online Credential Theft Attacks: SPYWARE • Spyware is unwanted software that infiltrates your computing device, stealing your internet usage data and sensitive information. Spyware is classified as a type of malware — malicious software designed to gain access to or damage your computer, often without your knowledge. Spyware gathers your personal information and relays it to advertisers, data firms, or external users. • Spyware is used for many purposes. Usually it aims to track and sell your internet usage data, capture your credit card or bank account information, or steal your personal identity. How? Spyware monitors your internet activity, tracking your login and password information, and spying on your sensitive information. • Some types of spyware can install additional software and change the settings on your device, so it’s important to use secure passwords and keep your devices updated.
Spyware There are four main types of spyware. Each uses unique tactics to track you. • Adware. This type of spyware tracks your browser history and downloads, with the intent of predicting what products or services you’re interested in. The adware will display advertisements for the same or related products or services to entice you to click or make a purchase. Adware is used for marketing purposes and can slow down your computer. • Trojan. This kind of malicious software disguises itself as legitimate software. For example, Trojans may appear to be a Java or Flash Player update upon download. Trojan malware is controlled by third parties. It can be used to access sensitive information such as Social Security numbers and credit card information. • Tracking cookies. These track the user’s web activities, such as searches, history, and downloads, for marketing purposes. • System monitors. This type of spyware can capture just about everything you do on your computer. System monitors can record all keystrokes, emails, chat-room dialogs, websites visited, and programs run. System monitors are often disguised as freeware.
How do I get spyware? • Your device is slow or crashes unexpectedly. • Your device is running out of hard drive space. • You get pop-ups when you are online or offline. How to help prevent spyware? Here are four main steps to help prevent spyware. • Don’t open emails from unknown senders. • Don’t download files from untrustworthy sources. • Don’t click on pop-up advertisements. • Use reputable antivirus software.
Worms A worm is a malicious computer program that replicates itself usually over a computer network. An attacker may use a worm to accomplish the following tasks; • Install backdoors on the victim’s computers. The created backdoor may be used to create zombie computers that are used to send spam emails, perform distributed denial of service attacks, etc. the backdoors can also be exploited by other malware. • Worms may also slowdown the network by consuming the bandwidth as they replicate. • Install harmful payload code carried within the worm.
Protecting yourself from Computer Worms • Keep the computers’ operating system and software up-to-date with vendor-issued security releases. These updates often contain security patches designed to protect computers from newly discovered worms. • Avoid opening emails that you don’t recognize or expect, as many computer worms spread via email. • Refrain from opening attachments and clicking on links from untrusted/unfamiliar sources. • Run a firewall and antivirus software to be further protected from computer worms. Software firewalls will keep the computer protected from unauthorized access. Choose an antivirus program that includes download scanning functionality (to detect malicious content in email and web downloads) as well as malware removal tools
Symptoms of a Computer Worm • Slow computer performance • Freezing/crashing • Programs opening and running automatically • Irregular web browser performance • Unusual computer behavior (messages, images, sounds, etc) • Firewall warnings • Missing/modified files • Appearance of strange/unintended desktop files or icons • Operating system errors and system error messages • Emails sent to contacts without the user’s knowledge
Computer Worm Removal • Check that all antivirus signatures are up-to-date. • Scan the computer with antivirus software. • If the scan detects a computer worm or other malware, use the software to remove malware and clean or delete infected files. A scan that detects no malware is usually indicative that symptoms are being caused by hardware or software problems. • Check that the computer’s operating system is up-to-date and all software and applications have current patches installed. • If a worm is difficult to remove, check online for specific computer worm removal utilities.
Trojan • A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network.
How do Trojans work? • You might think you’ve received an email from someone you know and click on what looks like a legitimate attachment. But you’ve been fooled. The email is from a cybercriminal, and the file you clicked on — and downloaded and opened — has gone on to install malware on your device. • When you execute the program, the malware can spread to other files and damage your computer. • How? It varies. Trojans are designed to do different things. But you’ll probably wish they weren’t doing any of them on your device.
Common types of Trojans Backdoor Trojan • This Trojan can create a “backdoor” on your computer. It lets an attacker access your computer and control it. Your data can be downloaded by a third party and stolen. Or more malware can be uploaded to your device. Downloader Trojan • This Trojan targets your already-infected computer. It downloads and installs new versions of malicious programs. These can include Trojans and adware. SMS Trojan • This type of Trojan infects your mobile device and can send and intercept text messages. Texts to premium-rate numbers can drive up your phone costs. Distributed Denial of Service (DDoS) attack Trojan • This Trojan performs DDoS attacks. The idea is to take down a network by flooding it with traffic. That traffic comes from your infected computer and others.
How to help protect against Trojans • Computer security begins with installing and running an internet security suite. Run periodic diagnostic scans with your software. You can set it up so the program runs scans automatically during regular intervals. • Update your operating system’s software as soon as updates are made available from the software company. Cybercriminals tend to exploit security holes in outdated software programs. In addition to operating system updates, you should also check for updates on other software that you use on your computer. • Protect your accounts with complex, unique passwords. Create a unique password for each account using a complex combination of letters, numbers, and symbols. • Keep your personal information safe with firewalls. • Back up your files regularly. If a Trojan infects your computer, this will help you to restore your data. • Be careful with email attachments. To help stay safe, scan an email attachment first.
In-session phishing • With this technique, a fake pop-up is generated as users browse on legitimate websites. The pop-up typically requests for account credentials or other personal information. Users, thinking that the pop-up is tied to the website they are browsing, enter their information which is then retrieved by the cybercriminals. • The best defense against this phishing technique is to always ensure that your browsers have pop-up blockers enabled.

Recommended

Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Arnav Chowdhury
 
CYBER CRIME
CYBER CRIMECYBER CRIME
CYBER CRIME
ATUL KUMAR YADAV
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
Anuradha Moti T
 
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South AfricaCyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Jacqueline Fick
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Teja Babu
 
Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic Commerce
Darlene Enderez
 
Unit 1
Unit 1Unit 1
Unit 1
Jigarthacker
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Mohammad Ahmed
 

Recommended

Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Arnav Chowdhury
 
CYBER CRIME
CYBER CRIMECYBER CRIME
CYBER CRIME
ATUL KUMAR YADAV
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
Anuradha Moti T
 
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South AfricaCyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Jacqueline Fick
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Teja Babu
 
Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic Commerce
Darlene Enderez
 
Unit 1
Unit 1Unit 1
Unit 1
Jigarthacker
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Mohammad Ahmed
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
Emmanuel Gbenga Dada (BSc, MSc, PhD)
 
Name parul
Name parulName parul
Name parul
Parul231
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber Crime
Dr Raghu Khimani
 
Cyber Crime Types & Tips
Cyber Crime Types & TipsCyber Crime Types & Tips
Cyber Crime Types & Tips
Deepak Kumar (D3)
 
cyber crime and privacy issues by varun call for assistence 8003498888
cyber crime and privacy issues by varun call for assistence 8003498888 cyber crime and privacy issues by varun call for assistence 8003498888
cyber crime and privacy issues by varun call for assistence 8003498888
Varun Mathur
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docx
saivarun91
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
AfnanHusain
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Malicion software
Malicion softwareMalicion software
Malicion software
A. Shamel
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
Dinesh O Bareja
 
Cyber law and password protection
Cyber law and password protectionCyber law and password protection
Cyber law and password protection
Bavijesh Thaliyil
 
Computer Security
Computer SecurityComputer Security
Computer SecurityVaibhavi Patel
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)
AFROZULLA KHAN Z
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
eiramespi07
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
Haider Ali Malik
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)
Thangaraj Murugananthan
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internetAlexander Decker
 
Cyber Security in the Age of Globalization
Cyber Security in the Age of GlobalizationCyber Security in the Age of Globalization
Cyber Security in the Age of GlobalizationBenjamin Morley
 
Client server security threats
Client server security threatsClient server security threats
Client server security threatsrahul kundu
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Innocent Korie
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
Evs, Lahore
 

More Related Content

What's hot

Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
Emmanuel Gbenga Dada (BSc, MSc, PhD)
 
Name parul
Name parulName parul
Name parul
Parul231
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber Crime
Dr Raghu Khimani
 
Cyber Crime Types & Tips
Cyber Crime Types & TipsCyber Crime Types & Tips
Cyber Crime Types & Tips
Deepak Kumar (D3)
 
cyber crime and privacy issues by varun call for assistence 8003498888
cyber crime and privacy issues by varun call for assistence 8003498888 cyber crime and privacy issues by varun call for assistence 8003498888
cyber crime and privacy issues by varun call for assistence 8003498888
Varun Mathur
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docx
saivarun91
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
AfnanHusain
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Malicion software
Malicion softwareMalicion software
Malicion software
A. Shamel
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
Dinesh O Bareja
 
Cyber law and password protection
Cyber law and password protectionCyber law and password protection
Cyber law and password protection
Bavijesh Thaliyil
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)
AFROZULLA KHAN Z
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
eiramespi07
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
Haider Ali Malik
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)
Thangaraj Murugananthan
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internetAlexander Decker
 
Cyber Security in the Age of Globalization
Cyber Security in the Age of GlobalizationCyber Security in the Age of Globalization
Cyber Security in the Age of GlobalizationBenjamin Morley
 
Client server security threats
Client server security threatsClient server security threats
Client server security threatsrahul kundu
 

What's hot (20)

Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
 
Name parul
Name parulName parul
Name parul
 
Security threats
Security threatsSecurity threats
Security threats
 
Introduction to Cyber Crime
Introduction to Cyber CrimeIntroduction to Cyber Crime
Introduction to Cyber Crime
 
Cyber Crime Types & Tips
Cyber Crime Types & TipsCyber Crime Types & Tips
Cyber Crime Types & Tips
 
cyber crime and privacy issues by varun call for assistence 8003498888
cyber crime and privacy issues by varun call for assistence 8003498888 cyber crime and privacy issues by varun call for assistence 8003498888
cyber crime and privacy issues by varun call for assistence 8003498888
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docx
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Malicion software
Malicion softwareMalicion software
Malicion software
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
 
Cyber law and password protection
Cyber law and password protectionCyber law and password protection
Cyber law and password protection
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)
 
An overview study on cyber crimes in internet
An overview study on cyber crimes in internetAn overview study on cyber crimes in internet
An overview study on cyber crimes in internet
 
Cyber Security in the Age of Globalization
Cyber Security in the Age of GlobalizationCyber Security in the Age of Globalization
Cyber Security in the Age of Globalization
 
Client server security threats
Client server security threatsClient server security threats
Client server security threats
 

Similar to Unit iii: Common Hacking Techniques

Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Innocent Korie
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
Evs, Lahore
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
Blue and White Minimal Professional Business Project Presentation .pptx
Blue and White Minimal Professional Business Project Presentation .pptxBlue and White Minimal Professional Business Project Presentation .pptx
Blue and White Minimal Professional Business Project Presentation .pptx
jennblair0830
 
cyber_crim.pptx
cyber_crim.pptxcyber_crim.pptx
cyber_crim.pptx
Vishwanath976500
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
Cyber Crime & Precautions
Cyber Crime & PrecautionsCyber Crime & Precautions
Cyber Crime & Precautions
Talwant Singh
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
ijtsrd
 
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2Conf
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
seadeloitte
 
social engineering attacks.docx
social engineering attacks.docxsocial engineering attacks.docx
social engineering attacks.docx
MehwishAnsari11
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
MaherHamza9
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
Aswani34
 
Typology of Cyber Crime
Typology of Cyber CrimeTypology of Cyber Crime
Typology of Cyber Crime
Gaurav Patel
 
Software Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.pptSoftware Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.ppt
PramodAlfred
 
CYBER.pptx
CYBER.pptxCYBER.pptx
CYBER.pptx
ssuser8b4eb21
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Vansh Verma
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
MariGogokhia
 

Similar to Unit iii: Common Hacking Techniques (20)

Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Blue and White Minimal Professional Business Project Presentation .pptx
Blue and White Minimal Professional Business Project Presentation .pptxBlue and White Minimal Professional Business Project Presentation .pptx
Blue and White Minimal Professional Business Project Presentation .pptx
 
Pp8
Pp8Pp8
Pp8
 
cyber_crim.pptx
cyber_crim.pptxcyber_crim.pptx
cyber_crim.pptx
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
Cyber Crime & Precautions
Cyber Crime & PrecautionsCyber Crime & Precautions
Cyber Crime & Precautions
 
E Mail Phishing Prevention and Detection
E Mail Phishing Prevention and DetectionE Mail Phishing Prevention and Detection
E Mail Phishing Prevention and Detection
 
IB Fraud
IB FraudIB Fraud
IB Fraud
 
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
social engineering attacks.docx
social engineering attacks.docxsocial engineering attacks.docx
social engineering attacks.docx
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
Typology of Cyber Crime
Typology of Cyber CrimeTypology of Cyber Crime
Typology of Cyber Crime
 
Software Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.pptSoftware Frauds or Ethical Issues.ppt
Software Frauds or Ethical Issues.ppt
 
CYBER.pptx
CYBER.pptxCYBER.pptx
CYBER.pptx
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
 

More from Arnav Chowdhury

Startup Funding and Strategies for Future
Startup Funding and Strategies for FutureStartup Funding and Strategies for Future
Startup Funding and Strategies for Future
Arnav Chowdhury
 
Marketing Management Introduction.pptx
Marketing Management Introduction.pptxMarketing Management Introduction.pptx
Marketing Management Introduction.pptx
Arnav Chowdhury
 
Marketing Management Product.pptx
Marketing Management Product.pptxMarketing Management Product.pptx
Marketing Management Product.pptx
Arnav Chowdhury
 
Institutional Support to Entrepreneurship
Institutional Support to EntrepreneurshipInstitutional Support to Entrepreneurship
Institutional Support to Entrepreneurship
Arnav Chowdhury
 
New Venture Expansion and Exit Strategies
New Venture Expansion and Exit StrategiesNew Venture Expansion and Exit Strategies
New Venture Expansion and Exit Strategies
Arnav Chowdhury
 
Creating a Business Plan
Creating a Business PlanCreating a Business Plan
Creating a Business Plan
Arnav Chowdhury
 
Business Research Methodology ( Data Collection)
Business Research Methodology ( Data Collection)Business Research Methodology ( Data Collection)
Business Research Methodology ( Data Collection)
Arnav Chowdhury
 
Business Research Methods (Introduction)
Business Research Methods (Introduction)Business Research Methods (Introduction)
Business Research Methods (Introduction)
Arnav Chowdhury
 
Planning and organizing Entrepreneurial Venture
Planning and organizing Entrepreneurial VenturePlanning and organizing Entrepreneurial Venture
Planning and organizing Entrepreneurial Venture
Arnav Chowdhury
 
Fundamentals of Entrepreneurship
Fundamentals of EntrepreneurshipFundamentals of Entrepreneurship
Fundamentals of Entrepreneurship
Arnav Chowdhury
 
ICT tools in Education
ICT tools in EducationICT tools in Education
ICT tools in Education
Arnav Chowdhury
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety Mechanism
Arnav Chowdhury
 
UNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement StrategiesUNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement Strategies
Arnav Chowdhury
 
Information Technology and Modern Gadgets
Information Technology and Modern GadgetsInformation Technology and Modern Gadgets
Information Technology and Modern Gadgets
Arnav Chowdhury
 
Unit iv FMIS
Unit iv FMISUnit iv FMIS
Unit iv FMIS
Arnav Chowdhury
 
Unit iii FMIS
Unit iii FMISUnit iii FMIS
Unit iii FMIS
Arnav Chowdhury
 
Unit ii FMIS
Unit ii FMISUnit ii FMIS
Unit ii FMIS
Arnav Chowdhury
 
Unit iv graphics
Unit iv graphicsUnit iv graphics
Unit iv graphics
Arnav Chowdhury
 
Unit v: Device Management
Unit v: Device ManagementUnit v: Device Management
Unit v: Device Management
Arnav Chowdhury
 
Unit iii: Audio
Unit iii: AudioUnit iii: Audio
Unit iii: Audio
Arnav Chowdhury
 

More from Arnav Chowdhury (20)

Startup Funding and Strategies for Future
Startup Funding and Strategies for FutureStartup Funding and Strategies for Future
Startup Funding and Strategies for Future
 
Marketing Management Introduction.pptx
Marketing Management Introduction.pptxMarketing Management Introduction.pptx
Marketing Management Introduction.pptx
 
Marketing Management Product.pptx
Marketing Management Product.pptxMarketing Management Product.pptx
Marketing Management Product.pptx
 
Institutional Support to Entrepreneurship
Institutional Support to EntrepreneurshipInstitutional Support to Entrepreneurship
Institutional Support to Entrepreneurship
 
New Venture Expansion and Exit Strategies
New Venture Expansion and Exit StrategiesNew Venture Expansion and Exit Strategies
New Venture Expansion and Exit Strategies
 
Creating a Business Plan
Creating a Business PlanCreating a Business Plan
Creating a Business Plan
 
Business Research Methodology ( Data Collection)
Business Research Methodology ( Data Collection)Business Research Methodology ( Data Collection)
Business Research Methodology ( Data Collection)
 
Business Research Methods (Introduction)
Business Research Methods (Introduction)Business Research Methods (Introduction)
Business Research Methods (Introduction)
 
Planning and organizing Entrepreneurial Venture
Planning and organizing Entrepreneurial VenturePlanning and organizing Entrepreneurial Venture
Planning and organizing Entrepreneurial Venture
 
Fundamentals of Entrepreneurship
Fundamentals of EntrepreneurshipFundamentals of Entrepreneurship
Fundamentals of Entrepreneurship
 
ICT tools in Education
ICT tools in EducationICT tools in Education
ICT tools in Education
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety Mechanism
 
UNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement StrategiesUNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement Strategies
 
Information Technology and Modern Gadgets
Information Technology and Modern GadgetsInformation Technology and Modern Gadgets
Information Technology and Modern Gadgets
 
Unit iv FMIS
Unit iv FMISUnit iv FMIS
Unit iv FMIS
 
Unit iii FMIS
Unit iii FMISUnit iii FMIS
Unit iii FMIS
 
Unit ii FMIS
Unit ii FMISUnit ii FMIS
Unit ii FMIS
 
Unit iv graphics
Unit iv graphicsUnit iv graphics
Unit iv graphics
 
Unit v: Device Management
Unit v: Device ManagementUnit v: Device Management
Unit v: Device Management
 
Unit iii: Audio
Unit iii: AudioUnit iii: Audio
Unit iii: Audio
 

Recently uploaded

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 

Recently uploaded (20)

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 

Unit iii: Common Hacking Techniques

  • 1. UNIT III: Common Hacking Techniques Off-Line Credential-Stealing Attacks: Phishing, Vishing, Malware and Pharming. On-Line Credential-Stealing Attack: Spyware, Logging Worms, Trojans, In Session Phishing Attacks.
  • 2. What is a Credential-Based Attack? • Credential based attacks occur when attackers steal credentials to gain access, bypass an organizations security measures, and steal critical data. • Credential theft, the first stage of a credential-based attack, is the process of stealing credentials. Attackers commonly use phishing for credential theft, as it is a fairly cheap and extremely efficient tactic. The effectiveness of credential phishing relies on human interaction in an attempt to deceive employees, unlike malware and exploits, which rely on weaknesses in security defenses.
  • 3. What is a Credential-Based Attack? • Corporate credential theft is usually a targeted effort. Attackers scour social media sites such as LinkedIn, searching for specific users whose credentials will grant access to critical data and information. The phishing emails and websites utilized in corporate credential theft are much more sophisticated than those used for consumer credential theft. Attackers put a great deal of effort into making these emails and websites look nearly identical to legitimate corporate applications and communications.
  • 4. Phishing • Due to the lack of adoption of multi-factor authentication and poor password best practices, the number of credential thefts by way of phishing has grown exponentially. Phishing attacks are often carried out when a cybercriminal poses as part of the users’ social or professional networks – either as an individual or entity, such as a bank – and directs targets to enter personal information at a fraudulent website that matches the looks of the legitimate site. Additionally, attackers oftentimes use phishing attacks to plant malware on systems and gain full unauthorized access to sensitive data.
  • 5. Types of phishing include spear phishing, whaling and clone phishing. • Spear phishing involves the targeting of specific organizations or individuals to steal sensitive information such as account credentials. In this type of attack, hackers disguise themselves as trustworthy identities and typically access sensitive information via email-spoofing or by infiltrating other online messaging systems. • Whaling is a type of spear phishing attack aimed at C-suite executives within an organization and often impersonate customer complaints or personal issues. • Clone phishing is carried out by stealing a previously delivered email containing an attachment and/or link and then using it to create a similar or “cloned” email with the intent of gaining access to privileged credentials. Within these, the attachments/links are replaced with malicious versions and the email address is slightly altered to deceive the recipient.
  • 6. Vishing • Vishing, a combination of ‘voice’ and ‘phishing,’ is a phone scam designed to get you to share personal information. In 2018, phishing crimes cost victims $48 million, according to the FBI’s Internet Crime Complaint Center. • During a vishing phone call, a scammer uses social engineering to get you to share personal information and financial details, such as account numbers and passwords. The scammer might say your account has been compromised, claim to represent your bank or law enforcement, or offer to help you install software. Warning: It's probably malware. • Vishing is just one form of phishing, which is any type of message — such as an email, text, phone call or direct-chat message — that appears to be from a trusted source, but isn’t. The goal is to steal someone's identity or money. • It’s getting easier to contact more people, too. Scammers can place hundreds of calls at a time using voice over internet protocol (VoIP) technology and can spoof the caller ID to make the call appear to come from a trusted source, such as your bank.
  • 7. Common vishing scams • “Compromised” bank or credit card account Whether it’s a person or a prerecorded message on the other end, you’ll be told there’s an issue with your account or a payment you made. You may be asked for your login credentials to fix the problem or asked to make a new payment. Instead of giving out your info, hang up and call your financial institution on their publicly available number. • Unsolicited loan or investment offers Scammers will call with offers that are too good to be true. They'll say, for example, that you can earn millions of dollars on one small investment, pay off all your debt with one quick fix, or get all your student loans forgiven in one fell swoop. Typically, you must “act now” and will need to pay a small fee. Don't fall for it. Legitimate lenders and investors won't make these types of offers and won't initiate contact out of the blue.
  • 8. Common vishing scams • Medicare or Social Security scam Phone calls are the No. 1 method scammers use to reach older adults, according to the Federal Trade Commission. Crooks pose as Medicare reps — often during Medicare open enrollment season — and try to glean financial information from the victim, such as their Medicare number or bank account details. Then the scammer will either fraudulently use the victim's Medicare benefits or steal their money. • IRS tax scam There are many variations of this type of scam, but typically, you'll receive a prerecorded message. It tells you something's wrong with your tax return and if you don't call back, a warrant will be issued for your arrest. Scammers usually pair this with a spoofed caller ID made to look like the call is coming from the IRS.
  • 9. How to spot a vishing scam Here are some of the tell-tale signs of a vishing scam: • The caller claims to represent the IRS, Medicare, or the Social Security Administration. Unless you've requested contact, none of these federal agencies will ever initiate contact with you by email, text messages, or social media channels to request personal or financial information. In fact, be skeptical of anyone who calls you with an offer. • There's a frantic sense of urgency. Scammers will try to tap into your sense of fear, using threats of arrest warrants and problems with your account. If you get one of these phone calls, remain calm and never give out your own information. Hang up and do your own investigation. • The caller asks for your information. They may ask you to confirm your name, address, birth date, Social Security number, bank account info, and other identifying details. To trick you into thinking they're legit, they may even have some of this info on hand. The goal is to get the remaining info that they don't have yet.
  • 10. Malware • Malicious software, more commonly known as malware, is a threat to your devices and your cybersecurity. It’s software that cyber attackers develop to gain access or cause damage to a computer or network, usually without the victim’s knowledge. What is a malware attack? • A malware attack is when cybercriminals create malicious software that’s installed on someone else’s device without their knowledge to gain access to personal information or to damage the device, usually for financial gain. Different types of malware include viruses, spyware, ransomware, and Trojan horses. • Malware attacks can occur on all sorts of devices and operating systems, including Microsoft Windows, macOS, Android, and iOS. • At least one type of malware attack is growing. Mobile ransomware attacks increased by a third in 2018 from the previous year. Most of those attacks occurred in the United States.
  • 11. Types of malware attacks • Exploit kit • Exploit kits are malicious toolkits that attackers use to search for software vulnerabilities on a target’s computer or mobile device. The kits come with prewritten code that will search for vulnerabilities. When a vulnerability is found, the kit can inject malware into the computer through that security hole. This is a highly effective malware attack variety, and one of the reasons why it is so important to run software updates as soon as they become available in order to patch security flaws. • Malicious websites and drive-by-downloads • A drive-by-download is a download that occurs when a user visits a malicious website that is hosting an exploit kit for malware attacks. There is no interaction needed on the user’s part other than visiting the infected webpage. The exploit kit will look for a vulnerability in the software of the browser, and inject malware via the security hole.
  • 12. Types of malware attacks • Malvertising • Malicious advertising — malvertising, for short — is a threat that’s popular among cybercriminals. The cybercriminal will purchase legitimate advertising space on legitimate websites, but malicious code will be embedded within the ad. Similar to a drive-by-download, there is no interaction needed on the user’s part to download the malware and be impacted by this kind of malware attack. • Man-in-the-middle (MitM) attack • A man-in-the-middle attack employs the use of an unsecured, or poorly secured, usually public Wi-Fi router. The hacker will then scan the router using special code looking for certain weaknesses such as default or poor password use. • Once the attacker has found the vulnerability, they will then insert themselves in between the user’s computer and the websites that user visits and intercept the messages or information being transmitted between the two, such as passwords or payment card data.
  • 13. Types of malware attacks • Man-in-the-browser (MitB) attack • This is similar to a man-in-the-middle attack attack. All an attacker needs to do is inject malware into the computer, which will then install itself into the browser without the user’s knowledge. The malware will then record the data that is being sent between the victim and specifically targeted websites. • Social engineering and malware attacks • Social engineering is a popular malware delivery method that involves the manipulation of human emotions. Social engineering uses spam phishing via email, instant messages, social media, and more. The goal is to trick the user into downloading malware or clicking a link to a compromised website that hosts the malware.
  • 14. What should I do about malware attacks? Keep your software updated • Software updates are important because they repair security holes that have been discovered, and fix or remove computer bugs. It’s smart to run software updates as soon as they become available. Back up your files regularly • Regularly copy your data to an external hard drive or a reputable cloud storage provider in case it’s ever compromised in a malware attack. Back up the data on all of your devices, including your tablets, computers, and smartphones. Scan executable files before running them • “Executable” files, which end in “.exe.”, contain step-by-step instructions for a computer to carry out a function. Double-clicking the .exe file will trigger your computer to execute these instructions using a software program. • There are plenty of software options that contain antivirus software, but it’s a good idea to choose one that scans in real-time rather than manually.
  • 15. Pharming • Pharming is a form of online fraud involving malicious code and fraudulent websites. Cybercriminals install malicious code on your computer or server. The code automatically directs you to bogus websites without your knowledge or consent. • The goal is to get you to provide personal information, like payment card data or passwords, on the false websites. Cybercriminals could then use your personal information to commit financial fraud and identity theft. • Pharming combines the words “phishing” and “farming.” This cybercrime is also known as “phishing without a lure.” • Phishing is an online fraud scheme where a cybercriminal hopes you’ll click on a compromised email link which takes you to a fake site where you then enter your access credentials — such as your username and password. If you do, the fraudster can then access the real site and steal your personal information there.
  • 16. Pharming • Pharming, on the other hand, is a two-step process. One, cybercriminals install malicious code on your computer or server. Two, the code sends you to a bogus website, where you may be tricked in providing personal information. Computer pharming doesn’t require that initial click to take you to a fraudulent website. Instead, you’re redirected there automatically. The fraudster has immediate access to any personal information you enter on the site.
  • 17. How to protect yourself against pharming • Ensure you are using secure web connections (look for https in the web address) • Be cautious when opening links or attachments that you weren’t expecting or that are from an unfamiliar sender • Avoid suspicious websites • Enable two-factor authentication on sites that offer it • Use a reputable internet service provider, whenever possible • Use a VPN service that has reputable DNS servers • Change the default password on your consumer-grade routers and wireless access point Here are two signals of pharming. • An unsecure connection. If your site address says “http” instead of “https” in the address line, the website may be corrupted. • A website that doesn’t seem right. If the site you’re on has spelling errors, unfamiliar font or colors, or otherwise just doesn’t seem legitimate, it may not be.
  • 18. Online Credential Theft Attacks: SPYWARE • Spyware is unwanted software that infiltrates your computing device, stealing your internet usage data and sensitive information. Spyware is classified as a type of malware — malicious software designed to gain access to or damage your computer, often without your knowledge. Spyware gathers your personal information and relays it to advertisers, data firms, or external users. • Spyware is used for many purposes. Usually it aims to track and sell your internet usage data, capture your credit card or bank account information, or steal your personal identity. How? Spyware monitors your internet activity, tracking your login and password information, and spying on your sensitive information. • Some types of spyware can install additional software and change the settings on your device, so it’s important to use secure passwords and keep your devices updated.
  • 19. Spyware There are four main types of spyware. Each uses unique tactics to track you. • Adware. This type of spyware tracks your browser history and downloads, with the intent of predicting what products or services you’re interested in. The adware will display advertisements for the same or related products or services to entice you to click or make a purchase. Adware is used for marketing purposes and can slow down your computer. • Trojan. This kind of malicious software disguises itself as legitimate software. For example, Trojans may appear to be a Java or Flash Player update upon download. Trojan malware is controlled by third parties. It can be used to access sensitive information such as Social Security numbers and credit card information. • Tracking cookies. These track the user’s web activities, such as searches, history, and downloads, for marketing purposes. • System monitors. This type of spyware can capture just about everything you do on your computer. System monitors can record all keystrokes, emails, chat-room dialogs, websites visited, and programs run. System monitors are often disguised as freeware.
  • 20. How do I get spyware? • Your device is slow or crashes unexpectedly. • Your device is running out of hard drive space. • You get pop-ups when you are online or offline. How to help prevent spyware? Here are four main steps to help prevent spyware. • Don’t open emails from unknown senders. • Don’t download files from untrustworthy sources. • Don’t click on pop-up advertisements. • Use reputable antivirus software.
  • 21. Worms A worm is a malicious computer program that replicates itself usually over a computer network. An attacker may use a worm to accomplish the following tasks; • Install backdoors on the victim’s computers. The created backdoor may be used to create zombie computers that are used to send spam emails, perform distributed denial of service attacks, etc. the backdoors can also be exploited by other malware. • Worms may also slowdown the network by consuming the bandwidth as they replicate. • Install harmful payload code carried within the worm.
  • 22. Protecting yourself from Computer Worms • Keep the computers’ operating system and software up-to-date with vendor-issued security releases. These updates often contain security patches designed to protect computers from newly discovered worms. • Avoid opening emails that you don’t recognize or expect, as many computer worms spread via email. • Refrain from opening attachments and clicking on links from untrusted/unfamiliar sources. • Run a firewall and antivirus software to be further protected from computer worms. Software firewalls will keep the computer protected from unauthorized access. Choose an antivirus program that includes download scanning functionality (to detect malicious content in email and web downloads) as well as malware removal tools
  • 23. Symptoms of a Computer Worm • Slow computer performance • Freezing/crashing • Programs opening and running automatically • Irregular web browser performance • Unusual computer behavior (messages, images, sounds, etc) • Firewall warnings • Missing/modified files • Appearance of strange/unintended desktop files or icons • Operating system errors and system error messages • Emails sent to contacts without the user’s knowledge
  • 24. Computer Worm Removal • Check that all antivirus signatures are up-to-date. • Scan the computer with antivirus software. • If the scan detects a computer worm or other malware, use the software to remove malware and clean or delete infected files. A scan that detects no malware is usually indicative that symptoms are being caused by hardware or software problems. • Check that the computer’s operating system is up-to-date and all software and applications have current patches installed. • If a worm is difficult to remove, check online for specific computer worm removal utilities.
  • 25. Trojan • A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network.
  • 26. How do Trojans work? • You might think you’ve received an email from someone you know and click on what looks like a legitimate attachment. But you’ve been fooled. The email is from a cybercriminal, and the file you clicked on — and downloaded and opened — has gone on to install malware on your device. • When you execute the program, the malware can spread to other files and damage your computer. • How? It varies. Trojans are designed to do different things. But you’ll probably wish they weren’t doing any of them on your device.
  • 27. Common types of Trojans Backdoor Trojan • This Trojan can create a “backdoor” on your computer. It lets an attacker access your computer and control it. Your data can be downloaded by a third party and stolen. Or more malware can be uploaded to your device. Downloader Trojan • This Trojan targets your already-infected computer. It downloads and installs new versions of malicious programs. These can include Trojans and adware. SMS Trojan • This type of Trojan infects your mobile device and can send and intercept text messages. Texts to premium-rate numbers can drive up your phone costs. Distributed Denial of Service (DDoS) attack Trojan • This Trojan performs DDoS attacks. The idea is to take down a network by flooding it with traffic. That traffic comes from your infected computer and others.
  • 28. How to help protect against Trojans • Computer security begins with installing and running an internet security suite. Run periodic diagnostic scans with your software. You can set it up so the program runs scans automatically during regular intervals. • Update your operating system’s software as soon as updates are made available from the software company. Cybercriminals tend to exploit security holes in outdated software programs. In addition to operating system updates, you should also check for updates on other software that you use on your computer. • Protect your accounts with complex, unique passwords. Create a unique password for each account using a complex combination of letters, numbers, and symbols. • Keep your personal information safe with firewalls. • Back up your files regularly. If a Trojan infects your computer, this will help you to restore your data. • Be careful with email attachments. To help stay safe, scan an email attachment first.
  • 29. In-session phishing • With this technique, a fake pop-up is generated as users browse on legitimate websites. The pop-up typically requests for account credentials or other personal information. Users, thinking that the pop-up is tied to the website they are browsing, enter their information which is then retrieved by the cybercriminals. • The best defense against this phishing technique is to always ensure that your browsers have pop-up blockers enabled.