Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ethical hacking PPT Download

95,161 views

Published on

  • Hello! Get Your Professional Job-Winning Resume Here - Check our website! https://vk.cc/818RFv
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hello! Get Your Professional Job-Winning Resume Here - Check our website! https://vk.cc/818RFv
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • It would be great if the file format is actually PPT not PDF coz I would like to add some topics to this presentation and I also noticed some redundant words(grouo of words). But still indeed a great presentation.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hello Everyone, I saw this ads couple weeks ago when I was actually seeking for a hacker to rectify the problem I had on my place of work. background check was to be conducted last week and I had a minor embarrassing DUI records that I wanted to erase. I seek the help of Dmitry Sklyarov (spyprohackersklyarov@gmail.com) and he did a very professional and neat job. I can guarantee and vouch for him with my life that he is the most trustworthy professional hacker that you will ever meet. After he give me a price quotation, I told him I could not afford the price and he was so considerate to bring the price lower to the amount I never expect, I was so surprise by his level of professionalism and customer service. This God sent hacker saved my job. That is why I am just another satisfied customer who is eager to create this ads for others to believe they really do there work. Try him and thank me later.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Nice !! Download 100 % Free Ebooks, PPts, Study Notes, Novels, etc @ https://www.ThesisScientist.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Ethical hacking PPT Download

  1. 1. Ethical Hacking
  2. 2. Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting
  3. 3. What is Ethical Hacking Ethical Hacking Conforming to accepted professional standards of conduct <ul><li>Process of breaking into systems for: </li></ul><ul><li>Personal or Commercial Gains </li></ul><ul><li>Malicious Intent – Causing sever damage to Information & Assets </li></ul>Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good Guys Black-hat – Bad guys
  4. 4. What is Ethical Hacking <ul><li>It is Legal </li></ul><ul><li>Permission is obtained from the target </li></ul><ul><li>Part of an overall security program </li></ul><ul><li>Identify vulnerabilities visible from Internet at particular point of time </li></ul><ul><li>Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner </li></ul>
  5. 5. Why – Ethical Hacking Source: CERT-India January - 2005 Defacement Statistics for Indian Websites 1131 Total 13 other 2 .edu 2 .nic.in 3 .info 13 .ac.in 48 .co.in 12 .biz 39 .net 53 .org 24 .gov.in 922 .com No of Defacements Domains June 01, 2004 to Dec.31, 2004
  6. 6. Why – Ethical Hacking Source: CERT/CC Total Number of Incidents Incidents
  7. 7. Why – Ethical Hacking Source: US - CERT
  8. 8. Why – Ethical Hacking Protection from possible External Attacks Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data
  9. 9. Ethical Hacking - Process <ul><li>Preparation </li></ul><ul><li>Footprinting </li></ul><ul><li>Enumeration & Fingerprinting </li></ul><ul><li>Identification of Vulnerabilities </li></ul><ul><li>Attack – Exploit the Vulnerabilities </li></ul>
  10. 10. Preparation <ul><li>Identification of Targets – company websites, mail servers, extranets, etc. </li></ul><ul><li>Signing of Contract </li></ul><ul><ul><li>Agreement on protection against any legal issues </li></ul></ul><ul><ul><li>Contracts to clearly specifies the limits and dangers of the test </li></ul></ul><ul><ul><li>Specifics on Denial of Service Tests, Social Engineering, etc. </li></ul></ul><ul><ul><li>Time window for Attacks </li></ul></ul><ul><ul><li>Total time for the testing </li></ul></ul><ul><ul><li>Prior Knowledge of the systems </li></ul></ul><ul><ul><li>Key people who are made aware of the testing </li></ul></ul>
  11. 11. Footprinting <ul><li>Collecting as much information about the target </li></ul><ul><li>DNS Servers </li></ul><ul><li>IP Ranges </li></ul><ul><li>Administrative Contacts </li></ul><ul><li>Problems revealed by administrators </li></ul><ul><li>Information Sources </li></ul><ul><li>Search engines </li></ul><ul><li>Forums </li></ul><ul><li>Databases – whois, ripe, arin, apnic </li></ul><ul><li>Tools – PING, whois, Traceroute, DIG, nslookup, sam spade </li></ul>
  12. 12. Enumeration & Fingerprinting <ul><li>Specific targets determined </li></ul><ul><li>Identification of Services / open ports </li></ul><ul><li>Operating System Enumeration </li></ul><ul><li>Methods </li></ul><ul><li>Banner grabbing </li></ul><ul><li>Responses to various protocol (ICMP &TCP) commands </li></ul><ul><li>Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. </li></ul><ul><li>Tools </li></ul><ul><li>Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner </li></ul>
  13. 13. Identification of Vulnerabilities <ul><li>Vulnerabilities </li></ul><ul><li>Insecure Configuration </li></ul><ul><li>Weak passwords </li></ul><ul><li>Unpatched vulnerabilities in services, Operating systems, applications </li></ul><ul><li>Possible Vulnerabilities in Services, Operating Systems </li></ul><ul><li>Insecure programming </li></ul><ul><li>Weak Access Control </li></ul>
  14. 14. Identification of Vulnerabilities <ul><li>Methods </li></ul><ul><li>Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites </li></ul><ul><li>Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic </li></ul><ul><li>Insecure Programming – SQL Injection, Listening to Traffic </li></ul><ul><li>Weak Access Control – Using the Application Logic, SQL Injection </li></ul>
  15. 15. Identification of Vulnerabilities <ul><li>Tools </li></ul><ul><li>Vulnerability Scanners - Nessus, ISS, SARA, SAINT </li></ul><ul><li>Listening to Traffic – Ethercap, tcpdump </li></ul><ul><li>Password Crackers – John the ripper, LC4, Pwdump </li></ul><ul><li>Intercepting Web Traffic – Achilles, Whisker, Legion </li></ul><ul><li>Websites </li></ul><ul><li>Common Vulnerabilities & Exposures – http://cve.mitre.org </li></ul><ul><li>Bugtraq – www.securityfocus.com </li></ul><ul><li>Other Vendor Websites </li></ul>
  16. 16. Attack – Exploit the vulnerabilities <ul><li>Obtain as much information (trophies) from the Target Asset </li></ul><ul><li>Gaining Normal Access </li></ul><ul><li>Escalation of privileges </li></ul><ul><li>Obtaining access to other connected systems </li></ul><ul><li>Last Ditch Effort – Denial of Service </li></ul>
  17. 17. Attack – Exploit the vulnerabilities <ul><li>Network Infrastructure Attacks </li></ul><ul><li>Connecting to the network through modem </li></ul><ul><li>Weaknesses in TCP / IP, NetBIOS </li></ul><ul><li>Flooding the network to cause DOS </li></ul><ul><li>Operating System Attacks </li></ul><ul><li>Attacking Authentication Systems </li></ul><ul><li>Exploiting Protocol Implementations </li></ul><ul><li>Exploiting Insecure configuration </li></ul><ul><li>Breaking File-System Security </li></ul>
  18. 18. Attack – Exploit the vulnerabilities <ul><li>Application Specific Attacks </li></ul><ul><li>Exploiting implementations of HTTP, SMTP protocols </li></ul><ul><li>Gaining access to application Databases </li></ul><ul><li>SQL Injection </li></ul><ul><li>Spamming </li></ul>
  19. 19. Attack – Exploit the vulnerabilities <ul><li>Exploits </li></ul><ul><li>Free exploits from Hacker Websites </li></ul><ul><li>Customised free exploits </li></ul><ul><li>Internally Developed </li></ul><ul><li>Tools – Nessus, Metasploit Framework, </li></ul>
  20. 20. Reporting <ul><li>Methodology </li></ul><ul><li>Exploited Conditions & Vulnerabilities that could not be exploited </li></ul><ul><li>Proof for Exploits - Trophies </li></ul><ul><li>Practical Security solutions </li></ul>
  21. 21. Ethical Hacking - Commandments <ul><li>Working Ethically </li></ul><ul><ul><li>Trustworthiness </li></ul></ul><ul><ul><li>Misuse for personal gain </li></ul></ul><ul><li>Respecting Privacy </li></ul><ul><li>Not Crashing the Systems </li></ul>

×