Bsc IT 6th Sem
Dr. Gopal Krishna Sharma
Assistant Professor(Computer Science
Emerging Technologies and Innovation in IT
Topic :- Type of Hacking and System Hacking Techniques
Welcome to the presentation on Types of Hacking
Hacking refers to unauthorized access to computer systems or
networks for malicious purposes
There are various types of hacking that can be classified based on
the motive, technique, target, etc.
Black hat hacking
Black hat hackers are malicious hackers, sometimes called crackers. Black hats lack ethics,
sometimes violate laws, and break into computer systems with malicious intent, and they may
violate the confidentiality, integrity, or availability of an organization's systems and data.
One of the most famous black hat hackers is Kevin Mitnick, who, at one point, was the most
wanted cybercriminal in the world. As a black hat hacker, he hacked into over 40 major
corporations, including IBM and Motorola, and even the US National Defense warning system.
Black hat hacker break into secure network to destroy data or make the network unusable for
those who are authorized to use the network.
Black-hat hackers use various techniques such as phishing, social engineering, malware, etc. to
gain access to sensitive data or cause damage to the system
White hat Hacking
White hat hacking, also known as ethical hacking , is the practice of using hacking skills and
techniques for ethical and legal purposes. White hat hackers are experts in computer security
and use their skills to identify vulnerabilities in computer systems or networks.
White Hat Hackers are also known as ethical hackers or penetration testers, and they use their
skills and knowledge to help organizations protect their systems from malicious attacks.
White Hat Hacking involves a variety of techniques such as vulnerability scanning, penetration
testing, and social engineering testing.
White Hat Hacking is an important part of cybersecurity and is used by businesses,
governments, and other organizations to improve their security and protect their sensitive
Grey-hat hacking is a combination of ethical and black-hat hacking
Grey-hat hackers usually hack into a system without the owner's permission but
don't intend to cause damage or steal sensitive data
Grey-hat hackers often notify the owner about the vulnerabilities they found and
ask for payment in return for fixing them
Blue hat hacking
Blue hat hacking is a type of computer security testing that is performed by individuals who are
not part of the organization that owns the system or network being tested.
No desire for learning, just hack for revenge.
Unlike white hat hackers, who are authorized by the organization to perform security testing,
and black hat hackers, who are unauthorized and carry out malicious activities, blue hat hackers
are invited to test the security of a system or network by the organization that owns it.
Overall, blue hat hacking can help organizations improve their cybersecurity defenses and
prevent potential security breaches by identifying vulnerabilities and weaknesses in their
systems and networks.
Ethical hacking, also known as white-hat hacking, is a legal and authorized process of identifying
vulnerabilities in computer systems or networks
Ethical hackers use the same techniques and tools as malicious hackers but with the owner's
The goal of ethical hacking is to improve the security of the system by finding and fixing
Ethical hacking involves an authorized attempt to gain unauthorized access to a computer
system, application, or data. Carrying out an ethical hack involves duplicating strategies and
actions of malicious attackers.
Ethical hacking should always be done with the intention of improving the security of the system
or network being tested. It should never be done with malicious intent or with the goal of causing
harm or damage to the target.
System Hacking Technique
System hacking is the process of exploiting vulnerabilities in computer systems to gain
unauthorized access or control over them.
It is a malicious activity that is often carried out by cybercriminals or hackers with the
intention of stealing sensitive data, spreading malware, or causing damage to the system.
To prevent system hacking, it is important to follow best practices for computer and
This includes regularly updating software and operating systems with the latest security
patches, using strong and unique passwords, implementing multi-factor authentication,
and limiting access to sensitive data.
Password cracking -: Hackers use various methods to crack passwords, such as brute-
force attacks, dictionary attacks, and social engineering attacks to guess or steal
Network scanning -: This technique involves scanning a network to identify potential
vulnerabilities that can be exploited, such as open ports or outdated software.
Exploiting software vulnerabilities-: Hackers can exploit known or unknown
vulnerabilities in software to gain unauthorized access or control of a system.
Backdoor entry-: Hackers can create backdoors, such as hidden accounts or software
vulnerabilities, to gain unauthorized access to a system.
Man-in-the-middle (MitM) attacks-: Hackers can intercept and modify communication
between two parties, such as a user and a server, to steal information or carry out
DDoS, or Distributed Denial of Service, hacking is a type of cyber attack in which multiple
compromised computer systems are used to target a single system or network with a flood
of traffic or requests, overwhelming the targeted system and rendering it unusable.
DDoS attacks can be carried out using a variety of methods, including botnets,
amplification attacks, and application-layer attacks.
Botnets are networks of computers infected with malware that can be controlled remotely
by a hacker, while amplification attacks use third-party servers to amplify traffic directed
towards the target.
DDoS attacks can be financially motivated, politically motivated, or simply carried out as a
form of malicious vandalism.
They can cause serious damage to businesses and organizations, resulting in downtime,
lost revenue, and damage to reputation.
DNS spoofing, also known as DNS cache poisoning, is a type of cyber attack in which a hacker
sends false information to a Domain Name System (DNS) resolver, redirecting users to a
fraudulent website instead of the intended website.
DNS spoofing is often carried out by manipulating DNS caches or exploiting vulnerabilities in
Once a DNS resolver has been compromised, it can return false information to users who
request the IP address of a particular website.
It is also important to keep DNS software and systems up to date with the latest security
patches to prevent known vulnerabilities from being exploited.
Phishing is a technique used by hackers to obtain sensitive information such as login
credentials, credit card details, etc.
Hackers send fake emails or messages that appear to be from a legitimate source, asking the
recipient to provide their personal information
Phishing is one of the most common techniques used by black-hat hackers to gain access to a
system or network
Online version of activist.
To raise voice for a political or social cause.
Hacktivism is a type of hacking where the hacker has a political or social agenda.
Hacktivists usually target government or corporate websites to protest against their actions or
The goal of hacktivism is to create awareness about a particular issue or to cause disruption to
the target's operations.
Ex – Anonymous group .
SQL injection hacking
SQL injection is a type of cyber attack that targets databases and web applications that use SQL
(Structured Query Language) to interact with the database.
SQL injection attacks can be used to steal sensitive data, modify or delete data, and gain
unauthorized access to applications or systems.
Attackers can use SQL injection to bypass authentication measures and gain administrative
access to web applications.
The attacker injects malicious SQL statements into the application's input fields, allowing them
to execute unauthorized commands on the database.
SQL injection attacks can be carried out using a variety of techniques, including manipulating
input fields, modifying URL parameters, and exploiting vulnerabilities in web application code.
The remit of a social engineering attack is to get someone to do something that benefits a
cybercriminal. For example, trick a person into revealing financial details that are then used to
carry out fraud.
Social engineering is the tactic of manipulating, influencing, or deceiving a victim in order to
gain control over a computer system, or to steal personal and financial information.
It uses psychological manipulation to trick users into making security mistakes or giving away
Ransomware is a type of malware that encrypts files and demands payment in exchange for the
Common types of ransomware include file-encrypting, lockscreen, and MBR ransomware.
Ransomware can spread through phishing emails, malicious downloads, and software
Ransomware attacks can have severe consequences, including financial loss and reputational
Example - One example of a Ransomware attack is the Wanna Cry Ransomware attack that
occurred in May 2017. It affected more than 200,000 computers across 150 countries, including
healthcare systems, government agencies, and businesses.
Definition of XSS: Begin by defining what cross-site scripting is and it is a type of web
application vulnerability that allows attackers to inject malicious code into a website and
potentially compromise the data of users who visit the site.