2. Why InfoSec???
Nobody is perfect.
World is digitalized.
We are “System
engineers,Programmers,Database
administrators,Web developers”
At least we are “users”
3. Sniffing
Sniffer:computer software or computer
hardware that can intercept and log traffic
passing over a network or part of a network.
Depending on the network structure (hub or
switch).
4. Spoofing
Is a situation in which one person or program
successfully masquerades as another by
falsifying data and thereby gaining an
illegitimate advantage.
“URL spoofing and phishing,Dns spoofing,Arp
spoofing,MITM,E-mail address spoofing,Ip
spoofing,Mac Spoofing”
5. E-mail spoofing
Describes e-mail activity in which the sender
address and other parts of the e-mail header
are altered to appear as though the e-mail
originated from a different source.
6. DNS spoofing
Is the art of making a DNS entry to point to an
another IP than it would be supposed to point
to.
DNS Cache Poisoning.
DNS ID Spoofing.
Birthday Paradox.
7. ARP spoofing
Faking the ARP message.
Associates the attacker's MAC address with
the IP address of another machine.
Any traffic meant for that IP address would be
mistakenly sent to the attacker.
8. Phishing
Attempting to acquire sensitive information
such as usernames, passwords and credit
card details by masquerading as a
trustworthy entity.
often directs users to enter details at a fake
website whose look and feel are almost
identical to the legitimate one.
9. IP spoofing
The creation of IP packets with a spoofed
source IP address with the purpose of
concealing the identity of another machine.
10. MAC Spoofing
ifconfig eth0 down hw ether
00:00:00:00:00:00
Allows the bypassing of access control lists on
servers or routers,
11. MITM
Attack in which the attacker makes
independent connections with the victims and
relays messages between them, making them
believe that they are talking directly to each
other.
12. Session hijacking
Refers to the exploitation of a valid computer
session to gain unauthorized access to
information or services in a computer system.
13. Dos attacks
Is an attempt to make a computer resource
unavailable to its intended users.
prevent an Internet site or service from
functioning efficiently or at all, temporarily or
indefinitely.
saturating the target (victim) machine with
external communications requests, such that
it cannot respond to legitimate traffic.
14. Dos attacks (cont)
ICMP flood (Smurf attack”Reflected
attack”,Ping flood,Ping of death).
SYN flood.
login/logout.
Distributed attack.
Prevented by (switches,routers,firewall,ips).
15. Buffer overflow
Is an anomaly where a process stores data in
a buffer outside the memory the programmer
set aside for it.
1-overflow an input field, command-line
argument, or input buffer.
2-overflow the current return address on the
stack with address of the exploit code loaded
in step 3.
3-write a simple set of code for the next space
in the stack that includes attacker commands.
16. Exploits
Apiece of software, a chunk of data, or
sequence of commands that take advantage
of a bug, glitch or vulnerability in order to
cause unintended or unanticipated behavior
to occur on computer software, hardware, or
something electronic.
Metasploit.
Coreimpact.
17. SQL injection
Is a code injection technique that exploits a
security vulnerability occurring in the
database layer of an application. The
vulnerability is present when user input is
either incorrectly filtered for string literal
escape characters
“select * from `users` where `username` =
'$userName' and `password` = '$password'”
What if user has entered his username as:
' + 1 = 1.
Query where clause will be true, which will
authenticate user in.