Introduction: In the fast-evolving digital age of the 21st century, cybersecurity has emerged as a paramount concern for governments, businesses, and individuals. The Workshop on Cybersecurity is a comprehensive and immersive event designed to address the challenges posed by cyber threats and equip participants with the knowledge and tools to safeguard their digital assets. This workshop, to be held over five days, seeks to empower attendees with the latest insights and practices in cyber defense, fostering a culture of resilience and proactive security measures. Day 1: Understanding the Cyber Landscape The workshop commences with a deep dive into the complex cyber landscape that defines modern society. Distinguished experts from the cybersecurity field will present an overview of the ever-changing cyber ecosystem, highlighting its interconnectedness and vulnerabilities. Participants will gain valuable insights into the roles of governments, corporations, and individuals in shaping the cyber landscape. Key topics covered will include the global impact of cyberattacks, the importance of international collaboration in countering cyber threats, and the significance of public-private partnerships. This foundational knowledge will serve as the basis for the subsequent discussions on cyber defense strategies. Day 2: Unraveling Cyber Threats and Attack Vectors Day two focuses on understanding the multitude of cyber threats and attack vectors that can target individuals and organizations. Renowned cybersecurity researchers will present real-life case studies of recent cyber incidents, ranging from nation-state-sponsored attacks to financially motivated hacking campaigns. Participants will gain a comprehensive understanding of the tactics employed by threat actors and the motivations behind their actions. Through interactive sessions, attendees will be immersed in simulated cyber-attack scenarios, enabling them to identify and mitigate potential threats effectively. The day will emphasize the need for a proactive and adaptive approach to cybersecurity, as well as the importance of threat intelligence sharing to bolster collective defense capabilities. Day 3: Building Robust Cyber Defense Strategies Day three delves into the development and implementation of robust cyber defense strategies. Experts in the field will introduce participants to cutting-edge tools and technologies that can effectively detect, prevent, and respond to cyber threats. Topics covered will include advanced threat hunting techniques, next-generation firewalls, intrusion detection systems, and incident response best practices. Participants will engage in practical workshops, enabling them to apply the newly acquired knowledge and skills to real-world scenarios. Emphasis will be placed on the importance of continuous monitoring, vulnerability management, and the establishment of an agile security infrastructure capable of adapting to emerging

1. Cyber Security
Workshop on Information Security
Mehedi Hasan

2. Introduction
Mehedi Hasan
Masters of Information System Security
Bangladesh University of Professionals (BUP),
Email: mehedi0001@yahoo.com
Cell Phone : 01713000056
Working Area: Electronics and Industrial Security.
Job Experience: 15 Years (Multinational Company)
• Brother International Singapore (Full Time)
• Law Enforcement & Intelligence
• Bangladesh Computer Council (Guest Trainer)
• BPATC (Guest Trainer)
• Tracer Electrocom (Consultant)
Professional Training: Singapore, Indonesia, Malaysia,
Vietnam, Thailand, Nepal and India.

3. Introduction
Case Study

4. Chapter Outline
• Introduction to Cyber Crime & Security
• Information Gathering.
• Malware
• Different types of Attack.
• Social Engineering.
• Digital Forensic.
• Banking Sector
• Countermeasure.
• Conclusion.

5. Introduction
Hacking: Unauthorized access in a system

6. Types of Hacking
• Website Hacking.
• Email Hacking.
• Network Hacking.
• Password Hacking.
• Online Bank Hacking
• Computer Hacking.

7. Why Information Security
• Cyber Criminals weapon:
PC/Mobile phones are becoming a primary tool of cyber
criminal & terrorist.
• Academic ravel:
Decreasing level of skill set of professionals. Cyber-
criminals are becoming the master’s of international
Cooperation.
• Updating Technology:
Increasing use of complex computer infrastructure and
network elements.

8. Types of Cyber crime
CHILD PORNOGRAPHY
The Internet is being highly used by its abusers to reach
and abuse children sexually, worldwide. As more homes
have access to internet, more children would be using the
internet and more are the chances of falling victim to the
aggression of Pedophiles.
How Do They Operate
How do they operate Pedophiles use false identity to trap
the children , Pedophiles connect children in various chat
rooms which are used by children to interact with other
children.

9. Types of Cyber crime
DENIAL OF SERVICE ATTACKS :
This is an act by the criminals who floods the bandwidth of the
victims network or fills his E-mail box with spam mail depriving
him of the service he is entitled to access or provide. Many
DOS attacks, such as the ping of death and Tear drop attacks.
VIRUS DISSMINITION : Malicious software that attaches itself
to other software. VIRUS , WORMS, TROJAN HORSE ,WEB
JACKING, E-MAIL BOMBING etc.
COMPUTER VANDALISM :
Damaging or destroying data rather than stealing or misusing
them is called cyber vandalism. These are program that attach
themselves to a file and then circulate.

10. Types of Cyber crime
CYBER TERRORISM
Terrorist attacks on the Internet is by
distributed denial of service attacks, hate
websites and hate E-mails , attacks on service
network etc.
SOFTWARE PIRACY
Theft of software through the illegal copying of
genuine programs or the counterfeiting and
distribution of products intended to pass for
the original.

11. Welcome to BCC

12. Who is a Hacker
He is not a Hacker
He is a Hacker
•Think outside the box.
•Wants to test his limits.
•Wants to try things that are not in the manual.
•Has unlimited curiosity.
•Discover s unknown features about technology.
•Dedicated to knowledge
•Believes in stretching the limits.
•Highly creative.
• Not a Criminal
• Not someone who is good on Microsoft word, excel.

13. Who is Hacker
Hacker Cracker
Lots of Knowledge & Experience Lots of Knowledge & Experience
Good person Bad person
Strong Ethics Poor Ethics
No Crime Involved with crime
Like to fights against criminal They are criminal

14. Modern Hacker
Networking Programming Operating System
Hacker

15. Steps Of Hackers
•Step 1: Information Gathering/Network reconnaissance.
•Step 2: Identify Loophole.
•Step 3: Actual Hack.
•Step 4: Escape without a trace.
Hacking into computer, is just like breaking into a house

16. Case Study
• Balancing money.
• Mumbai Lady.
• Nasa
• Bangladesh Bank.
• American Bank.

17. What will we learn?
• Not teach you how to become a criminal
• Teach you to think like a computer hacker.
• Teach you how computer criminals work.
• Teach you to implement solutions &
countermeasures against criminals.
• Prepare you to fight cyber criminals.
• Techniques to protect yourself.

18. The Anatomy of IP Addresses
• Every system connected to a network has a
unique internet protocol (IP) address
associated with itself.
• An IP address acts as the unique identity of a
computer at which if can be contacted.
• If I wan to connect to your computer, then I
need to know your computer's IP address.
• All data sent or received by a system will be
addressed from or to its IP address.

19. The Anatomy of IP Addresses
Class Range
A 0.0.0.0 to 126.255.255.255
B 128.0.0.0 to 191.255.255.255
C 192.0.0.0 to 223.255.255.255
D 224.0.0.0 to 239.255.255.255
E 240.0.0.0 to 255.255.255.255

20. How to find a remote system’s IP address
www.getnotify.com

21. How to find a remote system’s IP address
www.didtheyreadit.com

22. How to find a remote system’s IP address
www.politemail.com

23. How to find a remote system’s IP address
www.readnotify.com

24. How to find a remote system’s IP address
Email header analysis

25. How to find a remote system’s IP address
EmailtrakerPro

26. How to find a remote system’s IP address
By sending link to victim

27. How to find a remote system’s IP address
www.whatismyipaddress.com

28. How to find a remote system’s IP address
Internet Chat: netstat -n

29. Prot monitoring
CurrPorts (Port monitoring tools)

30. Trace an IP address
Visualroute.visualware.com

31. Trace an IP address
Path analyzer pro

32. Trace an IP address
Visual trace/ Neo trace

33. Trace an IP address
3dtraceroute

34. Trace an IP address
Visual trace/ Neo trace

35. Trace an IP address
www.vtrace.pl

36. Trace an IP address
tracert

37. Mobile phone tracing
www.trace.bharatiyamobile.com

38. Mobile phone tracing
www.lookout.com

39. IP Address
www. anonymizer.com

40. IP Address
www.samair.ru/proxy

41. IP Address
www.hidemyass.com

42. IP Address
www.anonymizer.ru

43. IP Address
www.bitlet.org

44. IP Address
www.torrent2exe.com

45. IP Address
How to unblock Tor?

46. IP Address
• Change the name of the exe file.
• Change the port being used by tor.
• Add bridge relays to tor.
How to unblock Tor?

47. IP Address
www.bridges.torproject.org
Introduction to NAT

48. IP Address
bridges@bridges.torproject.org will get bridges in the
body. Introduction to NAT

49. IP Address
Ultrasurf: Anonymous browsing from your pen drive,
encrypts connection, hide your IP and unblocks stuff.

50. IP Address
Types of Proxy Servers: Socks and http
HTTP Proxy Server:
Http Proxy server allow you to bypass filtering mechanism & access
blocked control. User sends HTTP request to proxy server, who then
reads the host header in the HTTP request, connects to the target
server and transmits back whatever data the server sends back.
Usually works with only HTTP apps. For example,
www.anonymizer.com

51. IP Scanning

52. IP Scanning
SOCKSChain: Connects you to a chain of various SOCKS of
HTTP proxies. (Proxy Bouncing)

53. People Hacking
Whatever you do online, you are leaving a trace behind on some
website, server of system in some part of the world or other.
People hacking is the technique of searching the entire internet
looking for private information about some individual. The
information that you can find out is the following.
• Contact Addresses.
•Date of Birth.
•Email Address.
•Contact Number.
•Place of Work.
•Satellite Photos.
•Work History.

54. Proxy Workbench
www.pipl.com

55. Proxy Workbench
www.anywho.com

56. Proxy Workbench
www.googlemap.com
www.googleearth.com

57. Proxy Workbench
IptoMAC
Coverts know IP to MAC Address.

58. Port Scanning
Port Number Type of Service
21 FTP
23 Telnet
25 SMTP
53 DNS
80 HTTP
110 POP3
443 SSL/HTTPS
513 Rlogin

59. Email Spoofing
Email Spoofing is the art of sending a spoofed email from
somebody else’s email account.
www.anonymizer.in/fake-mailer/

60. SMS Spoofing
SMS Spoofing is the art of sending a spoofed SMS from
somebody else’s mobile phone.
http://www.spranked.com
http://www.phonytext.com

61. Virus
A computer virus is a program or piece of code that is loaded
onto your computer without your knowledge and runs against
your wishes. Viruses can also replicate themselves.
Vital Information Resources Under Siege

62. Trojans
Trojans are RATs or Remote Administration tools that
give an attacker remote control or remote to the
victim’s computer
NETBUS, BACK ORRIFICE, SUB7, GIRLFRIEND and WIN BACKDOOR.

63. Trojans
Keylogger
Ardamax Keylogger, Sniperspy, Winspy.

64. Trojans

65. Trojans

66. Break

67. Phishing Attacks

68. Types of ATM frauds
Card Stolen
PIN Compromise
Card Skimming
Cash Trapping
Transaction Reversal
Deposit Fraud

69. What is ATM Skimming

70. How PIN is Compromised
Its obtaining debit card information by
unauthorized individual.
Shoulder surfing or using use of a
miniature camera.
Video surveillance
Hidden video camera
Overhead cell phone camera
Remotely positioned cameras
PIN pad overlay

71. How PIN is Compromised
• Choose your ATM machines carefully
• Prefer ATMs near Bank
• Don´t let anyone distract or assist you
• Cancel your card immediately if it is lost
• Check the card slot carefully
• Ensure that there are no hidden cameras
• Shield your hand when you enter in your PIN
• Ensure that no one is peeking or shoulder surfing
while you are entering PIN.
• Avoid using ATMs in isolated locations
• Always prefer ATM machines near Bank Branch.

72. Windows Hacking
The SAM File
Windows login Passwords
The typical Structure of the SAM file is like the following:
Username: UserID: LM_Hash: NTLM_hash
For Example:
Mehedi Hasan
423nfkdfkjio34lkerirelkfnm.z,dmworulkadj.,sdJDSAHREIRs
(Note: UserID 500 is for admin, 501 is for guest and 1000+ for
standard user)
(Note: LM Hash has been disabled in windows vista, windows
7 onwards. Instead of the LM Hash, blank will be displayed.)

73. Windows Hacking
Online Attack : Cain and Able
Dumps password hashes from the SAM file requires admin access
http://www.oxid.it

74. Cracking Network Passwords
Brutus
Fantastic Brute Force Password cracking tools

75. Captcha
Solution Against Brute force attacks

76. DOS Attack
TYPES OF DOS ATTACKS
Application Specific DOS Attacks: Instead of attacking the entire system,
it is possible for a criminal to DOS attack only specific applications on
the victim system. For example, the criminal can DOS atack only the
FTP, HTTP or SQL application by flooding any of them with infinite
requests, hence bringing them down.

77. DOS Attack
NPING
Command line packet generator

78. DOS Attack
Cyber terrorism War
Case Study

79. Types of Cyber attack
• Financial fraud 11%
• Data & Network Hacking: 17%
• Personal Identity stolen: 20%
• System penetration from outside: 25%
• DoS Attack: 27%
• Unauthorized access by insider: 71%
• Employee abuse of internet privileges: 79%
• Viruses / Trojan: 85%

80. DOS Attack
Cyber terrorism War
Case Study

81. DOS Attack
Cyber terrorism War
Case Study

82. Low Orbit lon Cannon (LOIC)
It is an open source network stress tool. But can also be used as
a dDOS attack application.
It tries to bring down a server by flooding the victim with infinite
number of TCP or UDP packets. If a lot of people run LOIC
against the same victim simultaneously then it becomes a
distributed VOS Attack.
For example, the anonymous hacker group were using IRC
channels and online forums to inform all their supporters about
which computer to attack using LOIC on a specific day.
Http://cisko.fr/

83. DDOS Attack
DoSHTTP

84. Social Engineering

85. Social Engineering

86. CCTV Hacking
• inurl:/view.shtml
• intitle:”Live View / – AXIS” | inurl:view/view.shtml^
• inurl:ViewerFrame?Mode=
• inurl:ViewerFrame?Mode=Refresh
• inurl:axis-cgi/jpg
• inurl:view/index.shtml inurl:view/view.shtml
• allintitle:”Network Camera NetworkCamera”
• intitle:axis intitle:”video server”
• intitle:liveapplet inurl:LvAppl
• intitle:”EvoCam” inurl:”webcam.html”
• intitle:”Live NetSnap Cam-Server feed”
• intitle:”Live View / – AXIS 206M”
• intitle:”Live View / – AXIS 210″

87. Hacking Password with google
• intitle:index.of ws_ftp.ini
• "index of/" "ws_ftp.ini" "parent directory“
• "cache:www.abc.com/ws_ftp.ini“
• intitle:index.of config.php
• site:pastebin.com intext:@gmail.com | @yahoo.com
• filetype:log intext:password | pass | pw
• Index of //file name

88. Digital forensic
• Forensic & Digital forensic:
• Forensics is the application of science to solve a legal
problem
• Digital Forensics is a part of forensic science (in relation to
computer crime) focusing on the recovery and investigation
of material (essentially data) found in digital devices.
In a word, It is recovery Science

89. Computer forensic
Identity Finder

90. Smartphone forensic
Andriller

91. Digital Forensic
• Power off the device.
• Do not delete or install any apps.
• Handover to responsible person.

92. Install Safety software program
• Secure browsing tools.
Cleaner, Antivirus Program, Awareness.
• Data safety tools
Folder Locker, True Crypt, SafeHouse
Explorar, BitLocker.
Countermeasure

93. Countermeasure
• Password Changing policy.
• Don’t use simple password. (apni123, apni789,
apni111, 123456, 098765, 0171300056, apni00056,
apniabc)
• Don’t click on un trusted link.
• Spoofing email (Lottery, Girlfriend/boyfriend, Job)
• Remove unknown friend social media.
• Use Antivirus.
•Use strong password.
• Do not give your device to un trusted people.

94. • Avoid sharing personal details such as email-ID, Passwords,
Bank information, on telephone.
• Do not click on spam emails, directly delete them.
• Regularly scan computer and external portable devices for
viruses.
• Turn off the file sharing when you are working in the network.
• Always check a website name in the browser before entering
your private information.
• Always sign out from your account when you are working in
the internet café.
• Protect your computer and its hard disk with password.
• Always ask guidance from expert incase of doubt.
Countermeasure

95. •Install firewalls, pop up blocker
• uninstall unnecessary software & apps
• Use secure connection.
• Set secure password and do not writ that
anywhere
• Use virtual keyboard for banking transaction.
Conclusion

96. .