SlideShare ist ein Scribd-Unternehmen logo

unit-1.pptx

Als PPTX, PDF herunterladen
Srinivas Kanakala
Srinivas Kanakala

ethical hacking

Software
1 von 45
ETHICAL HACKING BY DR. V. PRASHANTHI Senior Assistant Professor Dept-CSE-CYS,DS and AI&DS
UNIT- I:  Introduction to Ethical Hacking: Hacking, Ethical Hacking, Difference between the Ethical Hacking and Unethical Hacking. Types of Hackers, Three parts of the web.  Foot printing: Objectives of Foot Printing, Understanding Foot Printing concepts, Types of Foot printing, Foot Printing through search engines, advanced Hacking techniques, Web services and social networking sites. Understanding Web site Foot printing, E-mail Foot printing and Competitive Intelligence. Understanding Whois, DNS and Network Foot printing
UNIT – II  Foot printing Tools: Foot printing through Social Engineering, Understanding different Foot Printing Tools-MALTEGO, RECON-NG and FOCA and Counter Measures.  Scanning Networks: Overview of network scanning, understanding various scanning tools-NMAP, ZEN MAP, angryip.org, PacketBuilder2.0, checking for live systems, Scanning tools for mobile, Overview of scanning pen testing.
UNIT – III  Enumeration: What is enumeration? Understanding different techniques of enumeration-SNMP, LDAP, NTP, and DNS.  Vulnerability analysis: Vulnerability research, Vulnerability classification, what is vulnerability assessment-Nessus professional ,GFI languard, Openvas, Retina CS, Qualys free scan, Nitko, Microsoft base line security analiser, automated vulnerable detection system, types of vulnerability assessments, Exploit database, Types of vulnerability tools, Characteristics of a good vulnerability assessment solution, Choosing a vulnerability tool, Criteria for choosing a vulnerability assessment tool, Best practices for selecting vulnerability tools.
UNIT – IV  System Hacking: Overview of CEH Hacking methodology, understanding different techniques to gain access to the system, privilege escalation techniques,  overview of different types of rootkits, techniques to hide the evidence of compromise, system hacking penetration testing.  Password cracking: Types of password attacks, online tools to search default passwords: default password.info, ZTE default usernames and passwords,  `Active online attack: Trojan/spyware/keyloggers, Password relevance tools.
UNIT – V  Malware threats: How hackers use Trojans, common ports used by trojans, trojan horse construction kit, RIG exploit kit, command shell trojan, remote access trojan, Study of spyrix.com, flaticon.com and anti-trojan software.  Sniffing: sniffing concepts, sniffing tools-Wireshark tool, oxid.it, Sniffer detection techniques: PING and DNS methods.  Social Engineering: Understanding social engineering concepts, Social Engineering Techniques, Insider Threats, Impersonation on Social Networking Sites, Identity Theft, and countermeasures
UNIT – VI  Session Hijacking: Understanding Session Hijacking Concepts, Application-Level Session Hijacking, Network Level Session Hijacking, overview of Session Hijacking Tools, Understanding Countermeasures and Penetration Testing.  SQL Injection: SQL Injection Concepts, Types of SQL Injection, SQL Injection Methodology SQL Injection Tools, Evasion Techniques and Countermeasure.
Rapid Growth Of Internet-Cyber Crime Increased
CYBER CRIMES  Email : Mahesh bank  Mobile : Covid-19  Cloud : Amazon cloud ( DDoS attack)  Ransomware: North American land developer was hit (151,000 employees at risk)  Credential stuffing : Zoom (500,000 usernames and passwords di)  App: Bahubali-2 cinema booking.
ONLINE FRAUDS  Purchase fraud  Job fraud  Insurance fraud  Admission fraud  Fake website fraud  Investment fraud  Matrimonial fraud  Loan fraud.
HACKING  Exploiting weakness in a computer system to gain unauthorized access to obtain information.
Hacking Hacking is the act of compromising digital devices and networks through unauthorized access to an account or computer system. Hacking is not always a malicious act, but it is most commonly associated with illegal activity and data theft by cyber criminals. Hacking refers to the misuse of devices like computers, smartphones, tablets, and networks to cause damage to or corrupt systems, gather information on users, steal data and documents, or disrupt data-related activity.
HACKER  They are powerful skilled individuals who break into the system by bypassing the security measures to achieve a goal.  A person who performs hacking is called a hacker.
Types of Hackers
Black hat Hacker
Grey Hat Hacker
White Hat Hacker
Types of Hackers
Types of Hackers
Green hat hacker  A green hat hacker is someone who is new to the hacking world but is intently focused on increasing their cyberattack skills.  They primarily focus on gaining knowledge on how to perform cyberattacks on the same level as their black hat counterparts.  Their main intent is to eventually evolve into a full-fledged hacker, so they spend their time looking for learning opportunities from more experienced hackers.  Motives: To learn how to become an experienced hacker
Blue hat hackers  Blue hat hackers are hired by organizations to bug-test a new software or system network before it’s released. Their role is to find loopholes or security vulnerabilities in the new software and remedy them before it launches.  Motives: To identify vulnerabilities in new organizational software before it’s released
Red Hat Government-Hired Hackers  Red hat hackers are hired by government agencies to spot vulnerabilities in security systems, with a specific focus on finding and disarming black hat hackers.  They’re known to be particularly ruthless in their hunt for black hat criminals, and typically use any means possible to take them down. This often looks like using the same tactics as black hat hackers and using them against them— using the same malware, viruses and other strategies to compromise their machines from the inside out.
Ethical Hacking  Ethical Hacking is performed by White Hat Hackers to find the security vulnerabilities of the system and prevent the Black Hat hackers from illegally infiltrating and stealing data from any system.  The big organizations perform ethical hacking to test the cybersecurity level and identify the weak points.  Ethical hacking is performed as per the rules and regulations set by the legal authorities.
Unethical Hacking  Unethical Hacking or Black Hat hacking is performed by cybercriminals with the false intention of stealing sensitive data, money, and access the restricted networks and systems.  Such type of hacking is practiced to disrupt official website networks and infiltrate communication between two or more parties.  Unethical hacking is hacking done by violating the rules and regulations set by the legal authorities.
Difference between Ethical & unethical Hacking S. No. Hacking Ethical Hacking 1. Steal valuable information of company and individual for illegal activity Hack system to reduce vulnerabilities of company’s system 2. Illegal practice and considered a crime Legal practice, authorized by the company or individual 3. Such types of hackers are called black-hat hackers Such types of hackers are called white-hat hackers 4. Such hackers try to access restricted networks through illegal practices and reduce the security of data. Such hackers create firewalls and security protocols. 5. They work for themselves for dirty money. They work with different government agencies and big tech companies.
Parts of Web The web is divided into three categories, which are  The Surface Web,  Deep Web, and  Dark Web
Parts of Web
Surface Web:  The surface web is the normal web that is everyone knows and it is visible for all users who use the internet.  The websites on the surface web are mostly indexed or promoted by search engines. Google, Bing, Yahoo, etc.  All these are the search engines where users come and search the content accordingly his/her needs.  The user can open websites and collect information. But the interesting thing is that on the surface web have only 4% of the content is only available for the general public in the entire ocean of the web.  The internet is a huge and vast amount of information but the big amount of people don’t know. And they think only what they see only this is the internet nothing else.
The deep web  The deep web is the secret web that is not visible for the normal user only who has access and who is authorized can access and use the information.  It is a group of many different websites or many pages but they are not indexed by search engines.  It is used to storing most personal information like Cloud storage, any Organization’s Personal Data, and Military Data, etc.
Deep web  Simple examples of deep web content include financial data, social security databases, email inboxes, social media, medical documentation, legal files, blog posts that are pending review and web page redesigns that are in progress.  The dark web technically speaking, is a subsection of the deep web  More than 200,000 websites exist on the deep web.  The volume of public data on the deep web is 400 to 500 times greater than that of surface web.  The deep web hosts approximately 7,500 terabytes of data, compared to the 19 terabytes hosted on the surface web.
The dark web  The dark web also known as the darknet, it is an encrypted part of the internet that isn’t indexed by search engines like Google, Bing, Yahoo, etc. The dark web is a subdirectory of the deep web.
Dark web  Dark web pages need special software such as the Tor browser with the appropriate decryption key, in addition to access rights and understanding of the place to find the content.  The Dark Web is composed of Networks and may only be accessed with special software (based on the network you would like to connect to, together with TOR Network employing the TOR proxy and proxy ) and specifically configured network settings, which means you properly and anonymously connect with the Network.
Dark Web  The content on the dark web has the potential to be more dangerous, this content is usually walled off from regular users.  However, it is entirely possible for regular users to accidentally come across harmful content while browsing the deep web, which is much more easily accessible.
Hacking Phases The following are the five phases of hacking: - 1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Clearing Tracks
1. Reconnaissance Reconnaissance is an initial preparing phase for the attacker to get ready for an attack by gathering the information about the target before launching an attack using different tools and techniques. Emp details, Ip address, domain names, sub domain names, location, etc
Types of Reconnaissance Passive Reconnaissance, the hacker is acquiring the information about target without interacting the target directly. An example of passive reconnaissance is public or social media searching for gaining information about the target. Active Reconnaissance is gaining information by acquiring the target directly. Examples of active reconnaissance are via calls, emails, help desk or technical departments.
2. Scanning  Scanning phase is a pre-attack phase.  In this phase, attacker scans the network by information acquired during the initial phase of reconnaissance.  Scanning tools include Scanners such as Port scanners, Network mappers, client tools such as ping, as well as vulnerabilities scanner.  During the scanning phase, attacker finally fetches the information of ports including port status, operating system information, device type, live machines, and other information depending upon scanning.
3. Gaining Access  Gaining access phase of hacking is the point where the hacker gets the control over an operating system, application or computer network.  Techniques include password cracking, denial of service, session hijacking or buffer overflow and others are used to gain unauthorized access.  After accessing the system; the attacker escalates the privileges to obtain complete control over services and process and compromise the connected intermediate systems.
4. Maintaining Access / Escalation of Privileges  Maintaining access phase is the point when an attacker is trying to maintain the access, ownership & control over the compromised systems.  Similarly, attacker prevents the owner from being owned by any other hacker. They use Backdoors, Rootkits or Trojans to retain their ownership.  In this phase, an attacker may steal information by uploading the information to the remote server, download any file on the resident system, and manipulate the data and configuration.  To compromise other systems, the attacker uses this compromised system to launch attacks.
5. Clearing Tracks  An attacker must hide his identity by covering the tracks. Covering tracks are those activities which are carried out to hide the malicious activities.  Covering track is most required for an attacker to fulfill their intentions by continuing the access to the compromised system, remain undetected & gain what they want, remain unnoticed and wipe all evidence that indicates his identity.  To manipulate the identity and evidence, the attacker overwrites the system, application, and other related logs to avoid suspicion.
unit-1.pptx

Empfohlen

Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksAman Gupta
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityMuhammad Hamza
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat IntelligenceMarlabs
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxprosunghosh7
 
module 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptxmodule 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptxGautam708801
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Hacking
HackingHacking
Hackingpranav patade
 

Empfohlen

Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksAman Gupta
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityMuhammad Hamza
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat IntelligenceMarlabs
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxprosunghosh7
 
module 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptxmodule 3 Cyber Risks and Incident Management.pptx
module 3 Cyber Risks and Incident Management.pptxGautam708801
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Hacking
HackingHacking
Hackingpranav patade
 
HACKING
HACKINGHACKING
HACKINGShubham Agrawal
 
Unit-2 ICS.ppt
Unit-2 ICS.pptUnit-2 ICS.ppt
Unit-2 ICS.ppt20ME1A4607YANAMADALA
 
Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking OverviewSubhoneel Datta
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesKlaus Drosch
 
Cyber Crime.ppt
Cyber Crime.pptCyber Crime.ppt
Cyber Crime.pptTanviModi14
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Shawon Raffi
 
Ehtical hacking
Ehtical hackingEhtical hacking
Ehtical hackingUday Verma
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingijtsrd
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodcharvill
 
Ethical Hacking (basics)
Ethical Hacking (basics)Ethical Hacking (basics)
Ethical Hacking (basics)DeepHaria4
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Nicholas Davis
 
Ethical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptxEthical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptxNargis Parveen
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeSumit Dutta
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRitwick Mukherjee
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
my new HACKING
my new HACKINGmy new HACKING
my new HACKINGBABATUNDE OLANREWAJU GEORGE
 
What is cybersecurity about?
What is cybersecurity about?What is cybersecurity about?
What is cybersecurity about?Daniel Agudo Garcia
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingCSITiaesprime
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingzing12345
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingMd Mudassir
 
FLOWCHARTS.pptx
FLOWCHARTS.pptxFLOWCHARTS.pptx
FLOWCHARTS.pptxSrinivas Kanakala
 
Minor project ppt (1).pptx
Minor project ppt (1).pptxMinor project ppt (1).pptx
Minor project ppt (1).pptxSrinivas Kanakala
 

Weitere ähnliche Inhalte

Ähnlich wie unit-1.pptx

Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking OverviewSubhoneel Datta
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesKlaus Drosch
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Shawon Raffi
 
Ehtical hacking
Ehtical hackingEhtical hacking
Ehtical hackingUday Verma
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingijtsrd
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodcharvill
 
Ethical Hacking (basics)
Ethical Hacking (basics)Ethical Hacking (basics)
Ethical Hacking (basics)DeepHaria4
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Nicholas Davis
 
Ethical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptxEthical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptxNargis Parveen
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingCSITiaesprime
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingzing12345
 

Ähnlich wie unit-1.pptx (20)

HACKING
HACKINGHACKING
HACKING
 
Unit-2 ICS.ppt
Unit-2 ICS.pptUnit-2 ICS.ppt
Unit-2 ICS.ppt
 
Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking Overview
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniques
 
Cyber Crime.ppt
Cyber Crime.pptCyber Crime.ppt
Cyber Crime.ppt
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
 
Ehtical hacking
Ehtical hackingEhtical hacking
Ehtical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd period
 
Ethical Hacking (basics)
Ethical Hacking (basics)Ethical Hacking (basics)
Ethical Hacking (basics)
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy
 
Ethical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptxEthical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptx
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
 
my new HACKING
my new HACKINGmy new HACKING
my new HACKING
 
What is cybersecurity about?
What is cybersecurity about?What is cybersecurity about?
What is cybersecurity about?
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testing
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Mehr von Srinivas Kanakala

UNIT-1-SQE-Dr.K.Srinivas-CSE.pptx
UNIT-1-SQE-Dr.K.Srinivas-CSE.pptxUNIT-1-SQE-Dr.K.Srinivas-CSE.pptx
UNIT-1-SQE-Dr.K.Srinivas-CSE.pptxSrinivas Kanakala
 
griet paper pblished(13-9-2021).pdf
griet paper pblished(13-9-2021).pdfgriet paper pblished(13-9-2021).pdf
griet paper pblished(13-9-2021).pdfSrinivas Kanakala
 
Turkey music( june 2021).pdf
Turkey music( june 2021).pdfTurkey music( june 2021).pdf
Turkey music( june 2021).pdfSrinivas Kanakala
 

Mehr von Srinivas Kanakala (13)

FLOWCHARTS.pptx
FLOWCHARTS.pptxFLOWCHARTS.pptx
FLOWCHARTS.pptx
 
Minor project ppt (1).pptx
Minor project ppt (1).pptxMinor project ppt (1).pptx
Minor project ppt (1).pptx
 
system hacking.pptx
system hacking.pptxsystem hacking.pptx
system hacking.pptx
 
RDBMS WIT &WIL.pptx
RDBMS WIT &WIL.pptxRDBMS WIT &WIL.pptx
RDBMS WIT &WIL.pptx
 
UNIT-1-SQE-Dr.K.Srinivas-CSE.pptx
UNIT-1-SQE-Dr.K.Srinivas-CSE.pptxUNIT-1-SQE-Dr.K.Srinivas-CSE.pptx
UNIT-1-SQE-Dr.K.Srinivas-CSE.pptx
 
JAVA PROGRAMMING (1).pptx
JAVA PROGRAMMING (1).pptxJAVA PROGRAMMING (1).pptx
JAVA PROGRAMMING (1).pptx
 
InTERNET Border patrol.pptx
InTERNET Border patrol.pptxInTERNET Border patrol.pptx
InTERNET Border patrol.pptx
 
BHARADWAJ.pptx
BHARADWAJ.pptxBHARADWAJ.pptx
BHARADWAJ.pptx
 
vaagdevi paper.pdf
vaagdevi paper.pdfvaagdevi paper.pdf
vaagdevi paper.pdf
 
griet paper pblished(13-9-2021).pdf
griet paper pblished(13-9-2021).pdfgriet paper pblished(13-9-2021).pdf
griet paper pblished(13-9-2021).pdf
 
ijatcse21932020.pdf
ijatcse21932020.pdfijatcse21932020.pdf
ijatcse21932020.pdf
 
Turkey music( june 2021).pdf
Turkey music( june 2021).pdfTurkey music( june 2021).pdf
Turkey music( june 2021).pdf
 
patent_vpr.pdf
patent_vpr.pdfpatent_vpr.pdf
patent_vpr.pdf
 

Kürzlich hochgeladen

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 

Kürzlich hochgeladen (20)

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 

unit-1.pptx

  • 1. ETHICAL HACKING BY DR. V. PRASHANTHI Senior Assistant Professor Dept-CSE-CYS,DS and AI&DS
  • 2. UNIT- I:  Introduction to Ethical Hacking: Hacking, Ethical Hacking, Difference between the Ethical Hacking and Unethical Hacking. Types of Hackers, Three parts of the web.  Foot printing: Objectives of Foot Printing, Understanding Foot Printing concepts, Types of Foot printing, Foot Printing through search engines, advanced Hacking techniques, Web services and social networking sites. Understanding Web site Foot printing, E-mail Foot printing and Competitive Intelligence. Understanding Whois, DNS and Network Foot printing
  • 3. UNIT – II  Foot printing Tools: Foot printing through Social Engineering, Understanding different Foot Printing Tools-MALTEGO, RECON-NG and FOCA and Counter Measures.  Scanning Networks: Overview of network scanning, understanding various scanning tools-NMAP, ZEN MAP, angryip.org, PacketBuilder2.0, checking for live systems, Scanning tools for mobile, Overview of scanning pen testing.
  • 4. UNIT – III  Enumeration: What is enumeration? Understanding different techniques of enumeration-SNMP, LDAP, NTP, and DNS.  Vulnerability analysis: Vulnerability research, Vulnerability classification, what is vulnerability assessment-Nessus professional ,GFI languard, Openvas, Retina CS, Qualys free scan, Nitko, Microsoft base line security analiser, automated vulnerable detection system, types of vulnerability assessments, Exploit database, Types of vulnerability tools, Characteristics of a good vulnerability assessment solution, Choosing a vulnerability tool, Criteria for choosing a vulnerability assessment tool, Best practices for selecting vulnerability tools.
  • 5. UNIT – IV  System Hacking: Overview of CEH Hacking methodology, understanding different techniques to gain access to the system, privilege escalation techniques,  overview of different types of rootkits, techniques to hide the evidence of compromise, system hacking penetration testing.  Password cracking: Types of password attacks, online tools to search default passwords: default password.info, ZTE default usernames and passwords,  `Active online attack: Trojan/spyware/keyloggers, Password relevance tools.
  • 6. UNIT – V  Malware threats: How hackers use Trojans, common ports used by trojans, trojan horse construction kit, RIG exploit kit, command shell trojan, remote access trojan, Study of spyrix.com, flaticon.com and anti-trojan software.  Sniffing: sniffing concepts, sniffing tools-Wireshark tool, oxid.it, Sniffer detection techniques: PING and DNS methods.  Social Engineering: Understanding social engineering concepts, Social Engineering Techniques, Insider Threats, Impersonation on Social Networking Sites, Identity Theft, and countermeasures
  • 7. UNIT – VI  Session Hijacking: Understanding Session Hijacking Concepts, Application-Level Session Hijacking, Network Level Session Hijacking, overview of Session Hijacking Tools, Understanding Countermeasures and Penetration Testing.  SQL Injection: SQL Injection Concepts, Types of SQL Injection, SQL Injection Methodology SQL Injection Tools, Evasion Techniques and Countermeasure.
  • 8. Rapid Growth Of Internet-Cyber Crime Increased
  • 9. CYBER CRIMES  Email : Mahesh bank  Mobile : Covid-19  Cloud : Amazon cloud ( DDoS attack)  Ransomware: North American land developer was hit (151,000 employees at risk)  Credential stuffing : Zoom (500,000 usernames and passwords di)  App: Bahubali-2 cinema booking.
  • 10. ONLINE FRAUDS  Purchase fraud  Job fraud  Insurance fraud  Admission fraud  Fake website fraud  Investment fraud  Matrimonial fraud  Loan fraud.
  • 11.
  • 12. HACKING  Exploiting weakness in a computer system to gain unauthorized access to obtain information.
  • 13. Hacking Hacking is the act of compromising digital devices and networks through unauthorized access to an account or computer system. Hacking is not always a malicious act, but it is most commonly associated with illegal activity and data theft by cyber criminals. Hacking refers to the misuse of devices like computers, smartphones, tablets, and networks to cause damage to or corrupt systems, gather information on users, steal data and documents, or disrupt data-related activity.
  • 14. HACKER  They are powerful skilled individuals who break into the system by bypassing the security measures to achieve a goal.  A person who performs hacking is called a hacker.
  • 21. Green hat hacker  A green hat hacker is someone who is new to the hacking world but is intently focused on increasing their cyberattack skills.  They primarily focus on gaining knowledge on how to perform cyberattacks on the same level as their black hat counterparts.  Their main intent is to eventually evolve into a full-fledged hacker, so they spend their time looking for learning opportunities from more experienced hackers.  Motives: To learn how to become an experienced hacker
  • 22. Blue hat hackers  Blue hat hackers are hired by organizations to bug-test a new software or system network before it’s released. Their role is to find loopholes or security vulnerabilities in the new software and remedy them before it launches.  Motives: To identify vulnerabilities in new organizational software before it’s released
  • 23. Red Hat Government-Hired Hackers  Red hat hackers are hired by government agencies to spot vulnerabilities in security systems, with a specific focus on finding and disarming black hat hackers.  They’re known to be particularly ruthless in their hunt for black hat criminals, and typically use any means possible to take them down. This often looks like using the same tactics as black hat hackers and using them against them— using the same malware, viruses and other strategies to compromise their machines from the inside out.
  • 24. Ethical Hacking  Ethical Hacking is performed by White Hat Hackers to find the security vulnerabilities of the system and prevent the Black Hat hackers from illegally infiltrating and stealing data from any system.  The big organizations perform ethical hacking to test the cybersecurity level and identify the weak points.  Ethical hacking is performed as per the rules and regulations set by the legal authorities.
  • 25. Unethical Hacking  Unethical Hacking or Black Hat hacking is performed by cybercriminals with the false intention of stealing sensitive data, money, and access the restricted networks and systems.  Such type of hacking is practiced to disrupt official website networks and infiltrate communication between two or more parties.  Unethical hacking is hacking done by violating the rules and regulations set by the legal authorities.
  • 26. Difference between Ethical & unethical Hacking S. No. Hacking Ethical Hacking 1. Steal valuable information of company and individual for illegal activity Hack system to reduce vulnerabilities of company’s system 2. Illegal practice and considered a crime Legal practice, authorized by the company or individual 3. Such types of hackers are called black-hat hackers Such types of hackers are called white-hat hackers 4. Such hackers try to access restricted networks through illegal practices and reduce the security of data. Such hackers create firewalls and security protocols. 5. They work for themselves for dirty money. They work with different government agencies and big tech companies.
  • 27. Parts of Web The web is divided into three categories, which are  The Surface Web,  Deep Web, and  Dark Web
  • 29.
  • 30. Surface Web:  The surface web is the normal web that is everyone knows and it is visible for all users who use the internet.  The websites on the surface web are mostly indexed or promoted by search engines. Google, Bing, Yahoo, etc.  All these are the search engines where users come and search the content accordingly his/her needs.  The user can open websites and collect information. But the interesting thing is that on the surface web have only 4% of the content is only available for the general public in the entire ocean of the web.  The internet is a huge and vast amount of information but the big amount of people don’t know. And they think only what they see only this is the internet nothing else.
  • 31. The deep web  The deep web is the secret web that is not visible for the normal user only who has access and who is authorized can access and use the information.  It is a group of many different websites or many pages but they are not indexed by search engines.  It is used to storing most personal information like Cloud storage, any Organization’s Personal Data, and Military Data, etc.
  • 32.
  • 33. Deep web  Simple examples of deep web content include financial data, social security databases, email inboxes, social media, medical documentation, legal files, blog posts that are pending review and web page redesigns that are in progress.  The dark web technically speaking, is a subsection of the deep web  More than 200,000 websites exist on the deep web.  The volume of public data on the deep web is 400 to 500 times greater than that of surface web.  The deep web hosts approximately 7,500 terabytes of data, compared to the 19 terabytes hosted on the surface web.
  • 34. The dark web  The dark web also known as the darknet, it is an encrypted part of the internet that isn’t indexed by search engines like Google, Bing, Yahoo, etc. The dark web is a subdirectory of the deep web.
  • 35. Dark web  Dark web pages need special software such as the Tor browser with the appropriate decryption key, in addition to access rights and understanding of the place to find the content.  The Dark Web is composed of Networks and may only be accessed with special software (based on the network you would like to connect to, together with TOR Network employing the TOR proxy and proxy ) and specifically configured network settings, which means you properly and anonymously connect with the Network.
  • 36. Dark Web  The content on the dark web has the potential to be more dangerous, this content is usually walled off from regular users.  However, it is entirely possible for regular users to accidentally come across harmful content while browsing the deep web, which is much more easily accessible.
  • 37.
  • 38. Hacking Phases The following are the five phases of hacking: - 1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Clearing Tracks
  • 39. 1. Reconnaissance Reconnaissance is an initial preparing phase for the attacker to get ready for an attack by gathering the information about the target before launching an attack using different tools and techniques. Emp details, Ip address, domain names, sub domain names, location, etc
  • 40. Types of Reconnaissance Passive Reconnaissance, the hacker is acquiring the information about target without interacting the target directly. An example of passive reconnaissance is public or social media searching for gaining information about the target. Active Reconnaissance is gaining information by acquiring the target directly. Examples of active reconnaissance are via calls, emails, help desk or technical departments.
  • 41. 2. Scanning  Scanning phase is a pre-attack phase.  In this phase, attacker scans the network by information acquired during the initial phase of reconnaissance.  Scanning tools include Scanners such as Port scanners, Network mappers, client tools such as ping, as well as vulnerabilities scanner.  During the scanning phase, attacker finally fetches the information of ports including port status, operating system information, device type, live machines, and other information depending upon scanning.
  • 42. 3. Gaining Access  Gaining access phase of hacking is the point where the hacker gets the control over an operating system, application or computer network.  Techniques include password cracking, denial of service, session hijacking or buffer overflow and others are used to gain unauthorized access.  After accessing the system; the attacker escalates the privileges to obtain complete control over services and process and compromise the connected intermediate systems.
  • 43. 4. Maintaining Access / Escalation of Privileges  Maintaining access phase is the point when an attacker is trying to maintain the access, ownership & control over the compromised systems.  Similarly, attacker prevents the owner from being owned by any other hacker. They use Backdoors, Rootkits or Trojans to retain their ownership.  In this phase, an attacker may steal information by uploading the information to the remote server, download any file on the resident system, and manipulate the data and configuration.  To compromise other systems, the attacker uses this compromised system to launch attacks.
  • 44. 5. Clearing Tracks  An attacker must hide his identity by covering the tracks. Covering tracks are those activities which are carried out to hide the malicious activities.  Covering track is most required for an attacker to fulfill their intentions by continuing the access to the compromised system, remain undetected & gain what they want, remain unnoticed and wipe all evidence that indicates his identity.  To manipulate the identity and evidence, the attacker overwrites the system, application, and other related logs to avoid suspicion.