Introduction:
In the fast-evolving digital age of the 21st century, cybersecurity has emerged as a paramount concern for governments, businesses, and individuals. The Workshop on Cybersecurity is a comprehensive and immersive event designed to address the challenges posed by cyber threats and equip participants with the knowledge and tools to safeguard their digital assets. This workshop, to be held over five days, seeks to empower attendees with the latest insights and practices in cyber defense, fostering a culture of resilience and proactive security measures.
Day 1: Understanding the Cyber Landscape
The workshop commences with a deep dive into the complex cyber landscape that defines modern society. Distinguished experts from the cybersecurity field will present an overview of the ever-changing cyber ecosystem, highlighting its interconnectedness and vulnerabilities. Participants will gain valuable insights into the roles of governments, corporations, and individuals in shaping the cyber landscape.
Key topics covered will include the global impact of cyberattacks, the importance of international collaboration in countering cyber threats, and the significance of public-private partnerships. This foundational knowledge will serve as the basis for the subsequent discussions on cyber defense strategies.
Day 2: Unraveling Cyber Threats and Attack Vectors
Day two focuses on understanding the multitude of cyber threats and attack vectors that can target individuals and organizations. Renowned cybersecurity researchers will present real-life case studies of recent cyber incidents, ranging from nation-state-sponsored attacks to financially motivated hacking campaigns. Participants will gain a comprehensive understanding of the tactics employed by threat actors and the motivations behind their actions.
Through interactive sessions, attendees will be immersed in simulated cyber-attack scenarios, enabling them to identify and mitigate potential threats effectively. The day will emphasize the need for a proactive and adaptive approach to cybersecurity, as well as the importance of threat intelligence sharing to bolster collective defense capabilities.
Day 3: Building Robust Cyber Defense Strategies
Day three delves into the development and implementation of robust cyber defense strategies. Experts in the field will introduce participants to cutting-edge tools and technologies that can effectively detect, prevent, and respond to cyber threats. Topics covered will include advanced threat hunting techniques, next-generation firewalls, intrusion detection systems, and incident response best practices.
Participants will engage in practical workshops, enabling them to apply the newly acquired knowledge and skills to real-world scenarios. Emphasis will be placed on the importance of continuous monitoring, vulnerability management, and the establishment of an agile security infrastructure capable of adapting to emerging
2. Introduction
Mehedi Hasan
Masters of Information System Security
Bangladesh University of Professionals (BUP),
Email: mehedi0001@yahoo.com
Cell Phone : 01713000056
Working Area: Electronics and Industrial Security.
Job Experience: 15 Years (Multinational Company)
• Brother International Singapore (Full Time)
• Law Enforcement & Intelligence
• Bangladesh Computer Council (Guest Trainer)
• BPATC (Guest Trainer)
• Tracer Electrocom (Consultant)
Professional Training: Singapore, Indonesia, Malaysia,
Vietnam, Thailand, Nepal and India.
7. Why Information Security
• Cyber Criminals weapon:
PC/Mobile phones are becoming a primary tool of cyber
criminal & terrorist.
• Academic ravel:
Decreasing level of skill set of professionals. Cyber-
criminals are becoming the master’s of international
Cooperation.
• Updating Technology:
Increasing use of complex computer infrastructure and
network elements.
8. Types of Cyber crime
CHILD PORNOGRAPHY
The Internet is being highly used by its abusers to reach
and abuse children sexually, worldwide. As more homes
have access to internet, more children would be using the
internet and more are the chances of falling victim to the
aggression of Pedophiles.
How Do They Operate
How do they operate Pedophiles use false identity to trap
the children , Pedophiles connect children in various chat
rooms which are used by children to interact with other
children.
9. Types of Cyber crime
DENIAL OF SERVICE ATTACKS :
This is an act by the criminals who floods the bandwidth of the
victims network or fills his E-mail box with spam mail depriving
him of the service he is entitled to access or provide. Many
DOS attacks, such as the ping of death and Tear drop attacks.
VIRUS DISSMINITION : Malicious software that attaches itself
to other software. VIRUS , WORMS, TROJAN HORSE ,WEB
JACKING, E-MAIL BOMBING etc.
COMPUTER VANDALISM :
Damaging or destroying data rather than stealing or misusing
them is called cyber vandalism. These are program that attach
themselves to a file and then circulate.
10. Types of Cyber crime
CYBER TERRORISM
Terrorist attacks on the Internet is by
distributed denial of service attacks, hate
websites and hate E-mails , attacks on service
network etc.
SOFTWARE PIRACY
Theft of software through the illegal copying of
genuine programs or the counterfeiting and
distribution of products intended to pass for
the original.
12. Who is a Hacker
He is not a Hacker
He is a Hacker
•Think outside the box.
•Wants to test his limits.
•Wants to try things that are not in the manual.
•Has unlimited curiosity.
•Discover s unknown features about technology.
•Dedicated to knowledge
•Believes in stretching the limits.
•Highly creative.
• Not a Criminal
• Not someone who is good on Microsoft word, excel.
13. Who is Hacker
Hacker Cracker
Lots of Knowledge & Experience Lots of Knowledge & Experience
Good person Bad person
Strong Ethics Poor Ethics
No Crime Involved with crime
Like to fights against criminal They are criminal
15. Steps Of Hackers
•Step 1: Information Gathering/Network reconnaissance.
•Step 2: Identify Loophole.
•Step 3: Actual Hack.
•Step 4: Escape without a trace.
Hacking into computer, is just like breaking into a house
17. What will we learn?
• Not teach you how to become a criminal
• Teach you to think like a computer hacker.
• Teach you how computer criminals work.
• Teach you to implement solutions &
countermeasures against criminals.
• Prepare you to fight cyber criminals.
• Techniques to protect yourself.
18. The Anatomy of IP Addresses
• Every system connected to a network has a
unique internet protocol (IP) address
associated with itself.
• An IP address acts as the unique identity of a
computer at which if can be contacted.
• If I wan to connect to your computer, then I
need to know your computer's IP address.
• All data sent or received by a system will be
addressed from or to its IP address.
19. The Anatomy of IP Addresses
Class Range
A 0.0.0.0 to 126.255.255.255
B 128.0.0.0 to 191.255.255.255
C 192.0.0.0 to 223.255.255.255
D 224.0.0.0 to 239.255.255.255
E 240.0.0.0 to 255.255.255.255
20. How to find a remote system’s IP address
www.getnotify.com
21. How to find a remote system’s IP address
www.didtheyreadit.com
22. How to find a remote system’s IP address
www.politemail.com
23. How to find a remote system’s IP address
www.readnotify.com
24. How to find a remote system’s IP address
Email header analysis
25. How to find a remote system’s IP address
EmailtrakerPro
26. How to find a remote system’s IP address
By sending link to victim
27. How to find a remote system’s IP address
www.whatismyipaddress.com
28. How to find a remote system’s IP address
Internet Chat: netstat -n
50. IP Address
Types of Proxy Servers: Socks and http
HTTP Proxy Server:
Http Proxy server allow you to bypass filtering mechanism & access
blocked control. User sends HTTP request to proxy server, who then
reads the host header in the HTTP request, connects to the target
server and transmits back whatever data the server sends back.
Usually works with only HTTP apps. For example,
www.anonymizer.com
53. People Hacking
Whatever you do online, you are leaving a trace behind on some
website, server of system in some part of the world or other.
People hacking is the technique of searching the entire internet
looking for private information about some individual. The
information that you can find out is the following.
• Contact Addresses.
•Date of Birth.
•Email Address.
•Contact Number.
•Place of Work.
•Satellite Photos.
•Work History.
58. Port Scanning
Port Number Type of Service
21 FTP
23 Telnet
25 SMTP
53 DNS
80 HTTP
110 POP3
443 SSL/HTTPS
513 Rlogin
59. Email Spoofing
Email Spoofing is the art of sending a spoofed email from
somebody else’s email account.
www.anonymizer.in/fake-mailer/
60. SMS Spoofing
SMS Spoofing is the art of sending a spoofed SMS from
somebody else’s mobile phone.
http://www.spranked.com
http://www.phonytext.com
61. Virus
A computer virus is a program or piece of code that is loaded
onto your computer without your knowledge and runs against
your wishes. Viruses can also replicate themselves.
Vital Information Resources Under Siege
62. Trojans
Trojans are RATs or Remote Administration tools that
give an attacker remote control or remote to the
victim’s computer
NETBUS, BACK ORRIFICE, SUB7, GIRLFRIEND and WIN BACKDOOR.
70. How PIN is Compromised
Its obtaining debit card information by
unauthorized individual.
Shoulder surfing or using use of a
miniature camera.
Video surveillance
Hidden video camera
Overhead cell phone camera
Remotely positioned cameras
PIN pad overlay
71. How PIN is Compromised
• Choose your ATM machines carefully
• Prefer ATMs near Bank
• Don´t let anyone distract or assist you
• Cancel your card immediately if it is lost
• Check the card slot carefully
• Ensure that there are no hidden cameras
• Shield your hand when you enter in your PIN
• Ensure that no one is peeking or shoulder surfing
while you are entering PIN.
• Avoid using ATMs in isolated locations
• Always prefer ATM machines near Bank Branch.
72. Windows Hacking
The SAM File
Windows login Passwords
The typical Structure of the SAM file is like the following:
Username: UserID: LM_Hash: NTLM_hash
For Example:
Mehedi Hasan
423nfkdfkjio34lkerirelkfnm.z,dmworulkadj.,sdJDSAHREIRs
(Note: UserID 500 is for admin, 501 is for guest and 1000+ for
standard user)
(Note: LM Hash has been disabled in windows vista, windows
7 onwards. Instead of the LM Hash, blank will be displayed.)
73. Windows Hacking
Online Attack : Cain and Able
Dumps password hashes from the SAM file requires admin access
http://www.oxid.it
76. DOS Attack
TYPES OF DOS ATTACKS
Application Specific DOS Attacks: Instead of attacking the entire system,
it is possible for a criminal to DOS attack only specific applications on
the victim system. For example, the criminal can DOS atack only the
FTP, HTTP or SQL application by flooding any of them with infinite
requests, hence bringing them down.
82. Low Orbit lon Cannon (LOIC)
It is an open source network stress tool. But can also be used as
a dDOS attack application.
It tries to bring down a server by flooding the victim with infinite
number of TCP or UDP packets. If a lot of people run LOIC
against the same victim simultaneously then it becomes a
distributed VOS Attack.
For example, the anonymous hacker group were using IRC
channels and online forums to inform all their supporters about
which computer to attack using LOIC on a specific day.
Http://cisko.fr/
87. Hacking Password with google
• intitle:index.of ws_ftp.ini
• "index of/" "ws_ftp.ini" "parent directory“
• "cache:www.abc.com/ws_ftp.ini“
• intitle:index.of config.php
• site:pastebin.com intext:@gmail.com | @yahoo.com
• filetype:log intext:password | pass | pw
• Index of //file name
88. Digital forensic
• Forensic & Digital forensic:
• Forensics is the application of science to solve a legal
problem
• Digital Forensics is a part of forensic science (in relation to
computer crime) focusing on the recovery and investigation
of material (essentially data) found in digital devices.
In a word, It is recovery Science
93. Countermeasure
• Password Changing policy.
• Don’t use simple password. (apni123, apni789,
apni111, 123456, 098765, 0171300056, apni00056,
apniabc)
• Don’t click on un trusted link.
• Spoofing email (Lottery, Girlfriend/boyfriend, Job)
• Remove unknown friend social media.
• Use Antivirus.
•Use strong password.
• Do not give your device to un trusted people.
94. • Avoid sharing personal details such as email-ID, Passwords,
Bank information, on telephone.
• Do not click on spam emails, directly delete them.
• Regularly scan computer and external portable devices for
viruses.
• Turn off the file sharing when you are working in the network.
• Always check a website name in the browser before entering
your private information.
• Always sign out from your account when you are working in
the internet café.
• Protect your computer and its hard disk with password.
• Always ask guidance from expert incase of doubt.
Countermeasure
95. •Install firewalls, pop up blocker
• uninstall unnecessary software & apps
• Use secure connection.
• Set secure password and do not writ that
anywhere
• Use virtual keyboard for banking transaction.
Conclusion