SlideShare a Scribd company logo

Ethical hacking at warp speed

Sreejith.D. Menon
Sreejith.D. Menon

A discourse at Kongu Engineering college - Perundurai (Lab/demo contents not included)

Technology
1 of 28
Download to read offline
at warp-speed
 Ethical hacker is a security professional who uses his or her computing capabilities for defensive purposes and to increase the security posture of information systems.  A Phreaker is a hacker who focuses on communication systems to steal calling card numbers, make free phone calls, attack PBXs, and acquire access, illegally, to communication devices. “Phone (line) tapping” is one of her/his skillsets. Originally, the term hacker did not have negative connotations. A hacker was a computer person who was intellectually curious and wanted to learn as much as possible about computer systems. A person who was “hacking” was developing and improving software to increase the performance of computing systems. A cracker was an individual using his or her capabilities for harmful purposes against computer systems. Over time, the terms hacker and cracker both took on the definition of an individual who used offensive skills to attack computer systems. Some other titles explained below…
 A whacker is a novice hacker who attacks Wide Area Networks (WANs) and wireless networks.  A script/kiddie is usually a young individual without programming skills who uses attack software that is freely available on the Internet and from other sources.  Cyber-terrorist is an individual who works for a government or terrorist group that is engaged in sabotage, espionage, financial theft, and attacks on a nation’s critical infrastructure.  Hacktivists have tenets and ethics of their own. They work against what they think as injustice (it may be an organization, individual or a group of individuals/entities).Their activities are completely aligned to the cause for which they hack. Through their “hacktivism”, they gain publicity for their cause and for themselves to help build their reputation. No matter what the justification, breaking into computers and networks is illegal.  White hats (intentionally ethical and/or by profession), Black hats (intentionally malevolent, criminals, “digital/cyber anarchists”), Gray hats (Take risks that are seemingly malicious yet their efforts helps organizations and community to secure themselves. They can sometimes fallback as black hats or by law can be presumed to be so. Sometimes they disguise as white hats too but are actually black hats), Red hats (security consultants), Blue hats (consultants and outside organizations hired to do penetration testing).
Confidentiality ensures information is not disclosed to unauthorized person(s) or process(es). Integrity achieved by • Preventing modification by unauthorized entities. • Preventing unauthorized or unintentional modification by authorized entities • Preserving internal and external consistencies (eg: Total of production servers in each business unit should match the sum accounted for total organization (Internal). Total count of servers should match what are physically present (External). Availability ensures that a system’s authorized users have timely and uninterrupted access to the information in the system.
 Threat - An event or activity that has the potential to cause harm to the information systems or networks.  Vulnerability - A weakness or lack of a safeguard that can be exploited by a threat, causing harm to the information systems or networks; can exist in hardware, operating systems, firmware, applications, and configuration files.  Risk - The potential for harm or loss to an information system or network; the probability that a threat will materialize.  Attack - An action against an information system or network that attempts to violate the system security policy; usually the result of a threat realized Target of Evaluation. An IT product, element, or system designated to have a security evaluation.  Exploit - A means of exploiting a weakness or vulnerability in an IT system to violate the system’s security. When viewing an information system through the eyes of an ethical hacker, system threats, vulnerabilities, risks, attacks, targets of evaluation, and exploits have to be taken into account.
HARDWARE PLATFORM - PC/MACs/PORTABLES/ MOBILE/SERVERS/ MAINFRAMES/WORKSTAT IONS/ IOT/SCADA etc. PROCESSOR/ MICROCONTROLLER / ADAPTER / BUS / PCB/ CIRCUITRY OPERATING SYSTEMS (REAL-TIME OS & OTHERS) / OS INTERNALS/ KERNEL PROGRAMMING / MNEMONICS & ASSEMBLY ETCPROGRAMMING INTERFACES – FRAMEWORKS, LANGUAGES, META PROGRAMMING, DECLARATIVE, STRUCTURAL, PROCEDURAL, OBJECT- ORIENTED,FUNCTIONAL ETC AUTOMATED KITS / FRAMEWORKS
RECONNAISSANCE SCANNING GAINING ACCESSSUSTAINING ACCESS COVERING TRACKS & BACKDOORING
Typical effort time slice (relative timing not precision) Reconnaisance Scanning Acquiring access Maintaining access Backdooring and clearing tracks
Reconnaissance is also known as information-gathering. In this stage we gather information about our attack-target. We can do this either passively or actively. In passive method we will not be intrusive or be directly looking into the (say) the network of the target. Instead we get conduit-tools, that wouldn’t easily trace us back, do it. We probably even may not start off using a tool to hit the network. We could just search about publications done by our target’s owning entity (organization/ individual). Some methods and tools (in computer systems) are listed below…  WHOIS - The Internet Assigned Numbers Authority (IANA) delegates Internet resources to the RIRs; in turn, the RIRs follow their regional policies for further sub-delegation of resources to their customers.Whois is the primary tool used to navigate these databases and query Domain Name Services (DNS). Thus we could search their database for information about target domain. American Registry for Internet Numbers (ARIN): North America RIPE Network Coordination Centre (RIPE NCC): Europe, the Middle East and Central Asia, Asia-Pacific Network Information Centre (APNIC): Asia and the Pacific region, Latin American and Caribbean Internet Address Registry (LACNIC): Latin America and the Caribbean region, African Network Information Centre (AfriNIC): Africa (Example: Searching arin.net for domain info).
 NSlookup:- Nslookup is a program to query Internet domain name servers. It displays information that can be used to identify the target’s Domain Name System (DNS) infrastructure by querying DNS servers for machine name and address information. Nslookup displays information that can be used to diagnose Domain Name System (DNS) infrastructure, helps find additional IP addresses, and can identify the MX record to reveal the IP of the mail server.  Traceroute:- Traceroute can be used to determine what path a packet takes to get to the target computer. Traceroute uses an IP header field called Time to Live (TTL) and shows the path packets travel between two hosts by sending out consecutive packets with ever-increasing TTLs. TTL is a counter that keeps track of each router hop as the packet travels to the target. The TTL field is set by the sender of the datagram, and each router through which a packet passes on the route to its destination reduces the TTL field by one.
 Human-based:- This is a very old and well known and a natural technique in the art of thievery. In many aspects, hacking is nothing but thievery. Notorious hacker Kevin Mitnick (now an acclaimed white-hat) has often used this technique on his victims apart from his technical skills. He is also the author and founder of a social engineering course! The attack or reconnaissance is performed by posing as a legitimate user, important user (like customer), technical support etc.  Computer-based:- Phishing, Fake email and pop-up window attacks are the methods used in this type of social engineering. Phishing is covered in greater detail in https://www.slideshare.net/SreejithDMenon/strategies-to-handle- phishing-attacks  Mobile-based:- While most of the techniques of computer-based are applicable here, it includes, publishing malicious apps (The notorious Blue-whale is a good example), Repackaging legitimate apps, Fake security apps, Using SMS Social engineering has two-faceted aspects. One aspect is about reconnaissance where it is used to gather information about a target. The second aspect is its use in attacking which would fall under “Gaining access”. For brevity the below consolidates both aspects. Social engineering can be…
 The goal of the scanning phase of pretest reconnaissance is to discover open ports and find applications vulnerable to hacking. This is done by pinging individual machines, determining the target’s network ranges, and port scanning individual systems. Therefore, the next steps to gathering information (identifying active machines, discovering open ports and access points, fingerprinting the operating system, and uncovering services on ports) are parts of the scanning phase. Although the tester is still in information gathering mode, scanning is more active than footprinting. Some tasks achieved in this phase (in a computer system) are  Detecting “live” machines on the target network  Discovering services running on targeted server  Identifying which TCP and UDP services are running  Identifying the operating system  Using active and passive fingerprinting
Some tools that are very important and commonly used for scanning (in computer systems and related) are listed below  PING– The venerable ping utility found in most of the operating systems provide a simple solution for network mapping. But the mapping is usually limited to path from the scanning host to the target ones. Ping sweep is a common technique used to scan multiple targets at once.  PATHPING– Combines some features of a traceroute but shows us more statistics per path to a target from host. This way we will know of more than one path to the target and also determine network latency per path.  NMAP – This is one of the most important, powerful and effective tools that we can use when it comes to scanning systems within a network. It does carry the same disadvantages that other tools carry when scanned from outside of a network. Yet it gives us varied options to even just “Ping”. More significant is its use to detect services running in target systems. Network services usually “listen” to ports and there are pre-defined ports for some services. Thus if a port is open we know what service is running in the target system.  HPING – is a network analysis tool that sends packets with non-traditional IP stack parameters. It allows the scanner to gather information from the response packets generated. This is another very powerful tool used for both scanning as well as for attacking. This tool support TCL scripting. It is commonly used for DOS testing.
Some wireless tools (in computer systems and related) that commonly used for scanning are listed below. Note that they have more uses than just scanning.  NetStumbler - NetStumbler displays wireless access points, SSIDs, channels, whether WEP encryption is enabled, and signal strength. NetStumbler can connect with GPS technology to log accurately the precise location of access points.  AirSnort - AirSnort is a wireless LAN (WLAN) tool that cracks WEP encryption keys. AirSnort passively monitors wireless transmissions and automatically computes the encryption key when enough packets have been gathered.  Kismet - Kismet is an 802.11 wireless network detector, sniffer, and intrusion detection system. Kismet identifies networks by passively collecting packets and detecting standard named networks, detects hidden networks, and infers the presence of non-beaconing networks via data traffic.
TCP scanning techniques:-  TCP connect() scanning - Connect() is the most basic and fastest-scanning technique. Connect() is able to scan ports quickly simply by attempting to connect to each port in succession. The biggest disadvantage for attackers is that it is the easiest to detect and can be stopped at the firewall.  TCP SYN (half open) scanning - TCP SYN scanning is often referred to as half-open scanning because, unlike TCP connect(), a full TCP connection is never opened: 1. The scanning machine sends a SYN packet to a target port. 2. If a SYN/ACK is received, it indicates that the port is listening. 3. The scanner breaks the connection by sending an RST (reset) packet. 4. If an RST is received, it indicates that the port is closed. This is harder to trace because fewer sites log incomplete TCP connections, but some packet-filtering firewalls look for SYNs to restricted ports.  TCP SYN/ACK scanning - TCP SYN/ACK is another way to determine whether ports are open or closed. The scanner initially sends a SYN/ACK to the target port. If the port is closed, it assumes the SYN/ACK packet was a mistake and sends an RST. If the port is open, the SYN/ACK packet will be ignored and the port will drop the packet. This is considered a stealth scan, since it isn’t likely to be logged by the target, but many intrusion detection systems may catch it.  TCP FIN scanning - TCP FIN is a stealth scan that works like the TCP SYN/ACK scan. The scanner sends a FIN packet to a port. If the port is closed, it replies with an RST. If the port is open, it ignores the FIN packet. Beware: A Windows machine will send an RST regardless of the state of the port, so this scan is useful only for identifying listening ports on non-Windows machines (or for identifying a Windows OS machine).  Few other type of scanning includes TCP FTP proxy (bounce attack) scanning, RPC scan, IDLE scan, XMAS tree scan.
 Packet sniffing:- It is the process of sniffing traffic in computer networks. It uses techniques like MAC flooding, DNS poisoning, ARP poisoning, DHCP attacks(starvation & rogue), Password sniffing, Spoofing attacks etc.  MAC flooding:- Spam the switch with data packets to interrupt the regular traffic between sender/recipient. The data packets then go hither-thither and is eventually available to the hacker.  DNS poisoning is done by redirecting a DNS server to the wrong domain. (E.g.:- to a wrong website)  ARP poisoning is done by creating fake MAC-IP addresses mapping in ARP table.  DHCP attacks include starvation of DHCP server (by spamming with faked client requests)  Password sniffing gives attack the access to credentials. Sometimes the information needs to be decrypted.  Spoofing attacks are done by faking IP addresses etc. Monitoring telephone or internet conversations with cover intentions. It is sometimes done actively where information is intercepted and can also be manipulated. It is also done passively where traffic is just recorded and intercepted data can be decrypted/decoded and/or read. Sniffing:-
 Session hijacking refers to the exploitation of a valid computer session, where an attacker takes over the session between two computers.  The attacker steals a valid Session ID which is then used to get into the system and snoop the traffic-data.  In TCP session hijacking, an attacker takes over a TCP session live between two different machines.  Since most authentication occurs only at the start of a TCP session, this gains the attacker, access to the machine.  Session hijacking is carried out following below steps  Tracking connection.  Desynch the connection.  Injecting the attacker’ packet. Session hijacking: -
 Cookie poisoning :- Changing data with cookies to steal or manipulate info.  Web server hacks:- Directory traversal, web-cache poisoning, SSH-brute- forcing, web-defacement, HTTP response splitting etc.  Non-validated input :– Manipulating URL and elements to gain unauthorized access to hidden elements, cookies etc.  Cross-site scripting (XSS) :- Injection of malicious scripts that rewrite web content that will eventually be executed by another user, service etc.  Injection flaws :- Vulnerabilities that allow untrusted data to be executed as part of their command.  SQL Injection :- Injection of SQL commands via query strings and form fields to gain access to the backend database.  Denial of Service (DOS) :- Disrupt the services to such extent that the service denies access to even legitimate users.  Broken access control :- Flaw found whereby authentication is bypassed and network is compromised. Web attacks :-
 Broken session management :- When security-sensitive credentials such as passwords and other useful materials are not properly taken care, these types of attacks occur. Attackers compromise credentials through such vulnerabilities.  Broken account management :- Even authentication schemes that are valid are weakened because of vulnerable account management functions including account update, forgotten or lost password recovery or reset, password changes and similar functions.  Cookie snooping :- Using user-cookies to analyze surf habits and sell information to others or attack victim’s web applications.  Hidden manipulation :- Manipulation of hidden fields to manipulate internal state that finally affects calculations or processing in the application. (e.g. Manipulating hidden form field that finally affect how price of a product is finally calculated).  DMZ attacks :- After compromising a web app, the hacker can further leverage the exploit to attack DMZ and gain access to the internal network.  Mal-code execution :- Execution of malicious code or executable by way of tricking the URL redirection or query string parsing. Web attacks :-
Buffer overflow exploitation:-  Injection vector :- The vulnerable point or buffer. It is this what is ultimately exploited to allow the hacker to put malicious content in the target. Attacks can be staged sometimes depending on the “room” available. However once the “stages” are completed, attacker gains more control and can transfer execution to any other part of the memory.  Injected address :- Typically this address is where the CPU’s execution path is transferred to.  Payload :- The injected address redirects the code to the payload which is the “intent” of the hacker. It can be anything from code to spawn a command interpreter to executing anything else the hacker wants. Probably one of the biggest threats of hacking was and is buffer overflow. There are frameworks built nowadays that ease the job of pen-testing. It has many forms like stack overflow, heap overflow, format string problem etc. When data is copied to buffers that are allocated in stack or heap without a check on size, it may result in an overflow. An attacker can effectively overwrite saved EIP in case of stack or neighboring variables in lower heap areas in case of heap overflow. Eventually this leads to a redirection of code to malicious code crafted by the hacker. The pattern of such an attack has a structure and parts as below…
Malwares:-  Virus :- Virus was originally defined as a program that replicates considering the term’s relevance to the biological organism. It would replicate to fill space, it could mutate to remain undetectable and it could subvert the system. Abilities like spreading and stealth gave birth to other forms below and it retained its older status for ever. Older classification also included “file infector”, “disk infector” and so on.  Trojan :- Named after the legendary “Trojan horse” and also called “Troyan”, Trojans could inject itself and hide inside any programs with the motive of stealth and random or timed re-activation.  Worms :- They evolve really fast. They spread. Hence these were named after their ability to move across and pervade networks.  Logic bombs :- Blast based on events or time expiry and so on. Malwares especially backdoors have their history dating back to 1st generation of computing. Malwares could be the ultimate intent of a hacker. The word malware is better term that is an ensemble of Virus, Trojan, Worm, Spyware, Adware, Rootkits, BOTs and anything else that is malicious. Some of them are also very effective means of “hiding”, “camouflaging” or clearing footprints of attacker. Nowadays they do not come independent of each other. They are usually packed together based on the hacker’s intent.
 Rootkits :- These are comparatively younger than the other malwares yet existed as a clear implementation for couple of decades now. It probably had a unclear implementation even during “vacuum tube” times. These “root(kits)” were devised for tricking the “root” users. It would replace the usual supervisor(root)- accessed files but later became more powerful by subverting the kernel itself. They are user-mode sometimes which make them stealthier. They are the most effective support-malware for stealth. The kernel types have seen a great decrease by serious emphasis put by commercial vendors (and others) on “digitally-signed code”. The same solution may be effective for user-mode but just that there are a lot of user-mode code that isn’t ready to pay for the costly certification and we have to keep in mind the open source software. They also provide covert channels for the attacker to get back to the victim as and when needed.  Spyware/Adware :- They spy the user and her/his activities and the latter nags the users with Ads some of which might be leveraged to escalate attacks with phishing etc. Thus they go hand-in-hand mostly.  BOTS & RATS :- RATS or remote administration tools were malwares that would give the attacker a control path to the victim’s system. It does anything from stealing keystrokes to taking screenshots or using the cam.  Key loggers :- Were malwares that would log key strokes and they exist for ever. It is difficult to completely detect them as at some point a software isn’t able to dichotomize legitimate and illegitimate keyboard code scans. Malwares:-
Misc:- Crypto-virology :- The ubiquitous cryptography is exploited by good old virus and is a trouble forever for all anti-hacking software, which are trying to detect such computer-virii. Steganography :- Sometimes called hiding in plain sight, it is the art of hiding data in something else such that it either camouflaged or completely hidden. While mostly used for hiding data within media files (pictures, audio and movie files), it even applies to mixing of data to be hidden inside communication channel packets, hiding in files etc. Technology like “NTFS streams” although holds a different status, such technologies still relates a lot to steganography. Other forms are hidden partition etc. Track-clearing tools :- Tools designed to clear logs, subvert views of logs, delete auditing information etc. comprise the rest. Malwares like rootkit allow the hacker to maintain covert channel which could subvert auditing etc. Hijacking tools can cheat the victim from viewing the reality. Anti-anti-hacking tools :- Everything else that subvert anti-hacking tools. Some are techniques used by other tools to cloak themselves from the anti-hacking tools or efforts.
 Reconnaisance/Scanning :- NSLOOKUP, WHOIS  NC utility :- Using NC to grab banners & other uses for gaining and sustaining access.  NMAP utility:- Using NMAP for stealth scans etc.  Metasploit :-  Exploit/Payload and other commands.  Unleashing the power of meterpreter.  Web hacking :-  Simple SQL injection using OWASP WebGoat.  Simple XSS hack demo using OWASP WebGoat.  Reverse engineering :-  Intro to disassemblers and debuggers.  Sample program with disabled UI/Ollydbg reversing to introduce Nag-screen removal and serial cracking/software security. Lab setup:- • Hyper-V basics • Virtualized Kali Linux (2017). • Windows XP SP3 (MSDN). • Windows 2000 Advanced Server (MSDN). Hacking demos:-
A bunch of things not included in this seminar- what and where to find info….and…
Ethical hacking at warp speed

Recommended

Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingChetanmalviya8
 
Bt33430435
Bt33430435Bt33430435
Bt33430435IJERA Editor
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditingSweta Kumari Barnwal
 
Internship ankita jain
Internship ankita jainInternship ankita jain
Internship ankita jainAnkita Jain
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingViraj Kansara
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimesprincejhulan
 

Recommended

Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingChetanmalviya8
 
Bt33430435
Bt33430435Bt33430435
Bt33430435IJERA Editor
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditingSweta Kumari Barnwal
 
Internship ankita jain
Internship ankita jainInternship ankita jain
Internship ankita jainAnkita Jain
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingViraj Kansara
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimesprincejhulan
 
Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackinganonymousrider
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksAman Gupta
 
Ethical hacking.
Ethical hacking.Ethical hacking.
Ethical hacking.Khushboo Aggarwal
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingMukul Agarwal
 
Intruders
IntrudersIntruders
Intruderstechn
 
Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)CA.Kolluru Narayanarao
 
Hackers and cyber crimes
Hackers and cyber crimesHackers and cyber crimes
Hackers and cyber crimesSweta Kumari Barnwal
 
Unit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesUnit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesSweta Kumari Barnwal
 
Computer security
Computer securityComputer security
Computer securitysruthiKrishnaG
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsyash sawarkar
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensicspranjal dutta
 
Complete notes security
Complete notes securityComplete notes security
Complete notes securityKitkat Emoo
 
computer forensics
computer forensicscomputer forensics
computer forensicsVaibhav Tapse
 
computer forensics
computer forensicscomputer forensics
computer forensicsshivi123456
 
Secure Computer Forensics and its tools
Secure Computer Forensics and its toolsSecure Computer Forensics and its tools
Secure Computer Forensics and its toolsKathirvel Ayyaswamy
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingS Sai Karthik
 
Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking OverviewSubhoneel Datta
 
Honey pots
Honey potsHoney pots
Honey potsDhaivat Zala
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 

More Related Content

What's hot

Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackinganonymousrider
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksAman Gupta
 
Intruders
IntrudersIntruders
Intruderstechn
 
Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)CA.Kolluru Narayanarao
 
Complete notes security
Complete notes securityComplete notes security
Complete notes securityKitkat Emoo
 
computer forensics
computer forensicscomputer forensics
computer forensicsshivi123456
 
Secure Computer Forensics and its tools
Secure Computer Forensics and its toolsSecure Computer Forensics and its tools
Secure Computer Forensics and its toolsKathirvel Ayyaswamy
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 

What's hot (18)

Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hacking
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking Attacks
 
Ethical hacking.
Ethical hacking.Ethical hacking.
Ethical hacking.
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Intruders
IntrudersIntruders
Intruders
 
Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)
 
Hackers and cyber crimes
Hackers and cyber crimesHackers and cyber crimes
Hackers and cyber crimes
 
Unit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesUnit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimes
 
Computer security
Computer securityComputer security
Computer security
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
Complete notes security
Complete notes securityComplete notes security
Complete notes security
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Secure Computer Forensics and its tools
Secure Computer Forensics and its toolsSecure Computer Forensics and its tools
Secure Computer Forensics and its tools
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Similar to Ethical hacking at warp speed

Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking OverviewSubhoneel Datta
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
Ehtical hacking
Ehtical hackingEhtical hacking
Ehtical hackingUday Verma
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingHassanAhmedShaikh1
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPTashish kumar
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introductionjagadeesh katla
 
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...IJERA Editor
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hackingWaseem Rauf
 
Module 3 (scanning)
Module 3 (scanning)Module 3 (scanning)
Module 3 (scanning)Wail Hassan
 
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxDomain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxInfosectrain3
 

Similar to Ethical hacking at warp speed (20)

Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking Overview
 
Honey pots
Honey potsHoney pots
Honey pots
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ehtical hacking
Ehtical hackingEhtical hacking
Ehtical hacking
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPT
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 
Dhams hacking
Dhams hackingDhams hacking
Dhams hacking
 
hacking basics
hacking basicshacking basics
hacking basics
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hacking
 
Module 3 (scanning)
Module 3 (scanning)Module 3 (scanning)
Module 3 (scanning)
 
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxDomain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
 
ACTIVITY1 FCS.pptx
ACTIVITY1 FCS.pptxACTIVITY1 FCS.pptx
ACTIVITY1 FCS.pptx
 

Recently uploaded

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 

Recently uploaded (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Ethical hacking at warp speed

  • 2.  Ethical hacker is a security professional who uses his or her computing capabilities for defensive purposes and to increase the security posture of information systems.  A Phreaker is a hacker who focuses on communication systems to steal calling card numbers, make free phone calls, attack PBXs, and acquire access, illegally, to communication devices. “Phone (line) tapping” is one of her/his skillsets. Originally, the term hacker did not have negative connotations. A hacker was a computer person who was intellectually curious and wanted to learn as much as possible about computer systems. A person who was “hacking” was developing and improving software to increase the performance of computing systems. A cracker was an individual using his or her capabilities for harmful purposes against computer systems. Over time, the terms hacker and cracker both took on the definition of an individual who used offensive skills to attack computer systems. Some other titles explained below…
  • 3.  A whacker is a novice hacker who attacks Wide Area Networks (WANs) and wireless networks.  A script/kiddie is usually a young individual without programming skills who uses attack software that is freely available on the Internet and from other sources.  Cyber-terrorist is an individual who works for a government or terrorist group that is engaged in sabotage, espionage, financial theft, and attacks on a nation’s critical infrastructure.  Hacktivists have tenets and ethics of their own. They work against what they think as injustice (it may be an organization, individual or a group of individuals/entities).Their activities are completely aligned to the cause for which they hack. Through their “hacktivism”, they gain publicity for their cause and for themselves to help build their reputation. No matter what the justification, breaking into computers and networks is illegal.  White hats (intentionally ethical and/or by profession), Black hats (intentionally malevolent, criminals, “digital/cyber anarchists”), Gray hats (Take risks that are seemingly malicious yet their efforts helps organizations and community to secure themselves. They can sometimes fallback as black hats or by law can be presumed to be so. Sometimes they disguise as white hats too but are actually black hats), Red hats (security consultants), Blue hats (consultants and outside organizations hired to do penetration testing).
  • 4. Confidentiality ensures information is not disclosed to unauthorized person(s) or process(es). Integrity achieved by • Preventing modification by unauthorized entities. • Preventing unauthorized or unintentional modification by authorized entities • Preserving internal and external consistencies (eg: Total of production servers in each business unit should match the sum accounted for total organization (Internal). Total count of servers should match what are physically present (External). Availability ensures that a system’s authorized users have timely and uninterrupted access to the information in the system.
  • 5.  Threat - An event or activity that has the potential to cause harm to the information systems or networks.  Vulnerability - A weakness or lack of a safeguard that can be exploited by a threat, causing harm to the information systems or networks; can exist in hardware, operating systems, firmware, applications, and configuration files.  Risk - The potential for harm or loss to an information system or network; the probability that a threat will materialize.  Attack - An action against an information system or network that attempts to violate the system security policy; usually the result of a threat realized Target of Evaluation. An IT product, element, or system designated to have a security evaluation.  Exploit - A means of exploiting a weakness or vulnerability in an IT system to violate the system’s security. When viewing an information system through the eyes of an ethical hacker, system threats, vulnerabilities, risks, attacks, targets of evaluation, and exploits have to be taken into account.
  • 6. HARDWARE PLATFORM - PC/MACs/PORTABLES/ MOBILE/SERVERS/ MAINFRAMES/WORKSTAT IONS/ IOT/SCADA etc. PROCESSOR/ MICROCONTROLLER / ADAPTER / BUS / PCB/ CIRCUITRY OPERATING SYSTEMS (REAL-TIME OS & OTHERS) / OS INTERNALS/ KERNEL PROGRAMMING / MNEMONICS & ASSEMBLY ETCPROGRAMMING INTERFACES – FRAMEWORKS, LANGUAGES, META PROGRAMMING, DECLARATIVE, STRUCTURAL, PROCEDURAL, OBJECT- ORIENTED,FUNCTIONAL ETC AUTOMATED KITS / FRAMEWORKS
  • 8. Typical effort time slice (relative timing not precision) Reconnaisance Scanning Acquiring access Maintaining access Backdooring and clearing tracks
  • 9.
  • 10. Reconnaissance is also known as information-gathering. In this stage we gather information about our attack-target. We can do this either passively or actively. In passive method we will not be intrusive or be directly looking into the (say) the network of the target. Instead we get conduit-tools, that wouldn’t easily trace us back, do it. We probably even may not start off using a tool to hit the network. We could just search about publications done by our target’s owning entity (organization/ individual). Some methods and tools (in computer systems) are listed below…  WHOIS - The Internet Assigned Numbers Authority (IANA) delegates Internet resources to the RIRs; in turn, the RIRs follow their regional policies for further sub-delegation of resources to their customers.Whois is the primary tool used to navigate these databases and query Domain Name Services (DNS). Thus we could search their database for information about target domain. American Registry for Internet Numbers (ARIN): North America RIPE Network Coordination Centre (RIPE NCC): Europe, the Middle East and Central Asia, Asia-Pacific Network Information Centre (APNIC): Asia and the Pacific region, Latin American and Caribbean Internet Address Registry (LACNIC): Latin America and the Caribbean region, African Network Information Centre (AfriNIC): Africa (Example: Searching arin.net for domain info).
  • 11.  NSlookup:- Nslookup is a program to query Internet domain name servers. It displays information that can be used to identify the target’s Domain Name System (DNS) infrastructure by querying DNS servers for machine name and address information. Nslookup displays information that can be used to diagnose Domain Name System (DNS) infrastructure, helps find additional IP addresses, and can identify the MX record to reveal the IP of the mail server.  Traceroute:- Traceroute can be used to determine what path a packet takes to get to the target computer. Traceroute uses an IP header field called Time to Live (TTL) and shows the path packets travel between two hosts by sending out consecutive packets with ever-increasing TTLs. TTL is a counter that keeps track of each router hop as the packet travels to the target. The TTL field is set by the sender of the datagram, and each router through which a packet passes on the route to its destination reduces the TTL field by one.
  • 12.
  • 13.  Human-based:- This is a very old and well known and a natural technique in the art of thievery. In many aspects, hacking is nothing but thievery. Notorious hacker Kevin Mitnick (now an acclaimed white-hat) has often used this technique on his victims apart from his technical skills. He is also the author and founder of a social engineering course! The attack or reconnaissance is performed by posing as a legitimate user, important user (like customer), technical support etc.  Computer-based:- Phishing, Fake email and pop-up window attacks are the methods used in this type of social engineering. Phishing is covered in greater detail in https://www.slideshare.net/SreejithDMenon/strategies-to-handle- phishing-attacks  Mobile-based:- While most of the techniques of computer-based are applicable here, it includes, publishing malicious apps (The notorious Blue-whale is a good example), Repackaging legitimate apps, Fake security apps, Using SMS Social engineering has two-faceted aspects. One aspect is about reconnaissance where it is used to gather information about a target. The second aspect is its use in attacking which would fall under “Gaining access”. For brevity the below consolidates both aspects. Social engineering can be…
  • 14.  The goal of the scanning phase of pretest reconnaissance is to discover open ports and find applications vulnerable to hacking. This is done by pinging individual machines, determining the target’s network ranges, and port scanning individual systems. Therefore, the next steps to gathering information (identifying active machines, discovering open ports and access points, fingerprinting the operating system, and uncovering services on ports) are parts of the scanning phase. Although the tester is still in information gathering mode, scanning is more active than footprinting. Some tasks achieved in this phase (in a computer system) are  Detecting “live” machines on the target network  Discovering services running on targeted server  Identifying which TCP and UDP services are running  Identifying the operating system  Using active and passive fingerprinting
  • 15. Some tools that are very important and commonly used for scanning (in computer systems and related) are listed below  PING– The venerable ping utility found in most of the operating systems provide a simple solution for network mapping. But the mapping is usually limited to path from the scanning host to the target ones. Ping sweep is a common technique used to scan multiple targets at once.  PATHPING– Combines some features of a traceroute but shows us more statistics per path to a target from host. This way we will know of more than one path to the target and also determine network latency per path.  NMAP – This is one of the most important, powerful and effective tools that we can use when it comes to scanning systems within a network. It does carry the same disadvantages that other tools carry when scanned from outside of a network. Yet it gives us varied options to even just “Ping”. More significant is its use to detect services running in target systems. Network services usually “listen” to ports and there are pre-defined ports for some services. Thus if a port is open we know what service is running in the target system.  HPING – is a network analysis tool that sends packets with non-traditional IP stack parameters. It allows the scanner to gather information from the response packets generated. This is another very powerful tool used for both scanning as well as for attacking. This tool support TCL scripting. It is commonly used for DOS testing.
  • 16. Some wireless tools (in computer systems and related) that commonly used for scanning are listed below. Note that they have more uses than just scanning.  NetStumbler - NetStumbler displays wireless access points, SSIDs, channels, whether WEP encryption is enabled, and signal strength. NetStumbler can connect with GPS technology to log accurately the precise location of access points.  AirSnort - AirSnort is a wireless LAN (WLAN) tool that cracks WEP encryption keys. AirSnort passively monitors wireless transmissions and automatically computes the encryption key when enough packets have been gathered.  Kismet - Kismet is an 802.11 wireless network detector, sniffer, and intrusion detection system. Kismet identifies networks by passively collecting packets and detecting standard named networks, detects hidden networks, and infers the presence of non-beaconing networks via data traffic.
  • 17. TCP scanning techniques:-  TCP connect() scanning - Connect() is the most basic and fastest-scanning technique. Connect() is able to scan ports quickly simply by attempting to connect to each port in succession. The biggest disadvantage for attackers is that it is the easiest to detect and can be stopped at the firewall.  TCP SYN (half open) scanning - TCP SYN scanning is often referred to as half-open scanning because, unlike TCP connect(), a full TCP connection is never opened: 1. The scanning machine sends a SYN packet to a target port. 2. If a SYN/ACK is received, it indicates that the port is listening. 3. The scanner breaks the connection by sending an RST (reset) packet. 4. If an RST is received, it indicates that the port is closed. This is harder to trace because fewer sites log incomplete TCP connections, but some packet-filtering firewalls look for SYNs to restricted ports.  TCP SYN/ACK scanning - TCP SYN/ACK is another way to determine whether ports are open or closed. The scanner initially sends a SYN/ACK to the target port. If the port is closed, it assumes the SYN/ACK packet was a mistake and sends an RST. If the port is open, the SYN/ACK packet will be ignored and the port will drop the packet. This is considered a stealth scan, since it isn’t likely to be logged by the target, but many intrusion detection systems may catch it.  TCP FIN scanning - TCP FIN is a stealth scan that works like the TCP SYN/ACK scan. The scanner sends a FIN packet to a port. If the port is closed, it replies with an RST. If the port is open, it ignores the FIN packet. Beware: A Windows machine will send an RST regardless of the state of the port, so this scan is useful only for identifying listening ports on non-Windows machines (or for identifying a Windows OS machine).  Few other type of scanning includes TCP FTP proxy (bounce attack) scanning, RPC scan, IDLE scan, XMAS tree scan.
  • 18.  Packet sniffing:- It is the process of sniffing traffic in computer networks. It uses techniques like MAC flooding, DNS poisoning, ARP poisoning, DHCP attacks(starvation & rogue), Password sniffing, Spoofing attacks etc.  MAC flooding:- Spam the switch with data packets to interrupt the regular traffic between sender/recipient. The data packets then go hither-thither and is eventually available to the hacker.  DNS poisoning is done by redirecting a DNS server to the wrong domain. (E.g.:- to a wrong website)  ARP poisoning is done by creating fake MAC-IP addresses mapping in ARP table.  DHCP attacks include starvation of DHCP server (by spamming with faked client requests)  Password sniffing gives attack the access to credentials. Sometimes the information needs to be decrypted.  Spoofing attacks are done by faking IP addresses etc. Monitoring telephone or internet conversations with cover intentions. It is sometimes done actively where information is intercepted and can also be manipulated. It is also done passively where traffic is just recorded and intercepted data can be decrypted/decoded and/or read. Sniffing:-
  • 19.  Session hijacking refers to the exploitation of a valid computer session, where an attacker takes over the session between two computers.  The attacker steals a valid Session ID which is then used to get into the system and snoop the traffic-data.  In TCP session hijacking, an attacker takes over a TCP session live between two different machines.  Since most authentication occurs only at the start of a TCP session, this gains the attacker, access to the machine.  Session hijacking is carried out following below steps  Tracking connection.  Desynch the connection.  Injecting the attacker’ packet. Session hijacking: -
  • 20.  Cookie poisoning :- Changing data with cookies to steal or manipulate info.  Web server hacks:- Directory traversal, web-cache poisoning, SSH-brute- forcing, web-defacement, HTTP response splitting etc.  Non-validated input :– Manipulating URL and elements to gain unauthorized access to hidden elements, cookies etc.  Cross-site scripting (XSS) :- Injection of malicious scripts that rewrite web content that will eventually be executed by another user, service etc.  Injection flaws :- Vulnerabilities that allow untrusted data to be executed as part of their command.  SQL Injection :- Injection of SQL commands via query strings and form fields to gain access to the backend database.  Denial of Service (DOS) :- Disrupt the services to such extent that the service denies access to even legitimate users.  Broken access control :- Flaw found whereby authentication is bypassed and network is compromised. Web attacks :-
  • 21.  Broken session management :- When security-sensitive credentials such as passwords and other useful materials are not properly taken care, these types of attacks occur. Attackers compromise credentials through such vulnerabilities.  Broken account management :- Even authentication schemes that are valid are weakened because of vulnerable account management functions including account update, forgotten or lost password recovery or reset, password changes and similar functions.  Cookie snooping :- Using user-cookies to analyze surf habits and sell information to others or attack victim’s web applications.  Hidden manipulation :- Manipulation of hidden fields to manipulate internal state that finally affects calculations or processing in the application. (e.g. Manipulating hidden form field that finally affect how price of a product is finally calculated).  DMZ attacks :- After compromising a web app, the hacker can further leverage the exploit to attack DMZ and gain access to the internal network.  Mal-code execution :- Execution of malicious code or executable by way of tricking the URL redirection or query string parsing. Web attacks :-
  • 22. Buffer overflow exploitation:-  Injection vector :- The vulnerable point or buffer. It is this what is ultimately exploited to allow the hacker to put malicious content in the target. Attacks can be staged sometimes depending on the “room” available. However once the “stages” are completed, attacker gains more control and can transfer execution to any other part of the memory.  Injected address :- Typically this address is where the CPU’s execution path is transferred to.  Payload :- The injected address redirects the code to the payload which is the “intent” of the hacker. It can be anything from code to spawn a command interpreter to executing anything else the hacker wants. Probably one of the biggest threats of hacking was and is buffer overflow. There are frameworks built nowadays that ease the job of pen-testing. It has many forms like stack overflow, heap overflow, format string problem etc. When data is copied to buffers that are allocated in stack or heap without a check on size, it may result in an overflow. An attacker can effectively overwrite saved EIP in case of stack or neighboring variables in lower heap areas in case of heap overflow. Eventually this leads to a redirection of code to malicious code crafted by the hacker. The pattern of such an attack has a structure and parts as below…
  • 23. Malwares:-  Virus :- Virus was originally defined as a program that replicates considering the term’s relevance to the biological organism. It would replicate to fill space, it could mutate to remain undetectable and it could subvert the system. Abilities like spreading and stealth gave birth to other forms below and it retained its older status for ever. Older classification also included “file infector”, “disk infector” and so on.  Trojan :- Named after the legendary “Trojan horse” and also called “Troyan”, Trojans could inject itself and hide inside any programs with the motive of stealth and random or timed re-activation.  Worms :- They evolve really fast. They spread. Hence these were named after their ability to move across and pervade networks.  Logic bombs :- Blast based on events or time expiry and so on. Malwares especially backdoors have their history dating back to 1st generation of computing. Malwares could be the ultimate intent of a hacker. The word malware is better term that is an ensemble of Virus, Trojan, Worm, Spyware, Adware, Rootkits, BOTs and anything else that is malicious. Some of them are also very effective means of “hiding”, “camouflaging” or clearing footprints of attacker. Nowadays they do not come independent of each other. They are usually packed together based on the hacker’s intent.
  • 24.  Rootkits :- These are comparatively younger than the other malwares yet existed as a clear implementation for couple of decades now. It probably had a unclear implementation even during “vacuum tube” times. These “root(kits)” were devised for tricking the “root” users. It would replace the usual supervisor(root)- accessed files but later became more powerful by subverting the kernel itself. They are user-mode sometimes which make them stealthier. They are the most effective support-malware for stealth. The kernel types have seen a great decrease by serious emphasis put by commercial vendors (and others) on “digitally-signed code”. The same solution may be effective for user-mode but just that there are a lot of user-mode code that isn’t ready to pay for the costly certification and we have to keep in mind the open source software. They also provide covert channels for the attacker to get back to the victim as and when needed.  Spyware/Adware :- They spy the user and her/his activities and the latter nags the users with Ads some of which might be leveraged to escalate attacks with phishing etc. Thus they go hand-in-hand mostly.  BOTS & RATS :- RATS or remote administration tools were malwares that would give the attacker a control path to the victim’s system. It does anything from stealing keystrokes to taking screenshots or using the cam.  Key loggers :- Were malwares that would log key strokes and they exist for ever. It is difficult to completely detect them as at some point a software isn’t able to dichotomize legitimate and illegitimate keyboard code scans. Malwares:-
  • 25. Misc:- Crypto-virology :- The ubiquitous cryptography is exploited by good old virus and is a trouble forever for all anti-hacking software, which are trying to detect such computer-virii. Steganography :- Sometimes called hiding in plain sight, it is the art of hiding data in something else such that it either camouflaged or completely hidden. While mostly used for hiding data within media files (pictures, audio and movie files), it even applies to mixing of data to be hidden inside communication channel packets, hiding in files etc. Technology like “NTFS streams” although holds a different status, such technologies still relates a lot to steganography. Other forms are hidden partition etc. Track-clearing tools :- Tools designed to clear logs, subvert views of logs, delete auditing information etc. comprise the rest. Malwares like rootkit allow the hacker to maintain covert channel which could subvert auditing etc. Hijacking tools can cheat the victim from viewing the reality. Anti-anti-hacking tools :- Everything else that subvert anti-hacking tools. Some are techniques used by other tools to cloak themselves from the anti-hacking tools or efforts.
  • 26.  Reconnaisance/Scanning :- NSLOOKUP, WHOIS  NC utility :- Using NC to grab banners & other uses for gaining and sustaining access.  NMAP utility:- Using NMAP for stealth scans etc.  Metasploit :-  Exploit/Payload and other commands.  Unleashing the power of meterpreter.  Web hacking :-  Simple SQL injection using OWASP WebGoat.  Simple XSS hack demo using OWASP WebGoat.  Reverse engineering :-  Intro to disassemblers and debuggers.  Sample program with disabled UI/Ollydbg reversing to introduce Nag-screen removal and serial cracking/software security. Lab setup:- • Hyper-V basics • Virtualized Kali Linux (2017). • Windows XP SP3 (MSDN). • Windows 2000 Advanced Server (MSDN). Hacking demos:-
  • 27. A bunch of things not included in this seminar- what and where to find info….and…