An Introduction to the Basics

Slides:



Advertisements
Similar presentations
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Advertisements

Introduction to Ethical Hacking, Ethics, and Legality.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
Forces that Have Brought the world to it’s knees over the centuries.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Resources. Overview Problem Report WebCT Faculty & Student Support Searching.
Chapter 1 Introduction. Art of War  If you know the enemy and know yourself, you need not fear the result of a hundred battles.  If you know yourself.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Authorization and Policy. Is principal P permitted to perform action A on object O? – Authorization system will provide yes/no answer Authorization.
The Business of Penetration Testing
Penetration Testing.
Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.
13Computer Intrusions Dr. John P. Abraham Professor UTPA.
GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.
Network Security Kevin Diep. Outline The five phrases of network penetration How to prevent exploitations and network vulnerability Ethical issues behind.
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
CIS 450 – Network Security Chapter 3 – Information Gathering.
COEN 350 Security Threats. Network Based Exploits Phases of an Attack  Reconnaissance  Scanning  Gaining Access  Expanding Access  Covering Tracks.
End-to-End Methodology. Testing Phases  Reconnaissance  Mapping  Discovery  Exploitation  Repeat…  Report.
Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.
DIYTP Assessing a System - Basics  Why?  Vulnerabilities  What to look at:  The six ‘P’s  Patch  Ports  Protect  Policies  Probe  Physical.
Information Systems Security Operations Security Domain #9.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.
Network Monitor By Zhenhong Zhao. What is the Network Monitor? The Network Monitor is a tool that gets information off of the host on the LAN. – Enumerating.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
Module 3 – Information Gathering  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification.
SIM404. Question Source: Demotivation To prevent this.!
COEN 250 Security Threats. Network Based Exploits Phases of an Attack Reconnaissance Scanning Gaining Access Expanding Access Covering Tracks.
Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability.
Mantra – Security Framework Free and Open Source Browser based Security Framework.
Ethical Hacking License to hack. OVERVIEW Ethical Hacking ? Why do ethical hackers hack? Ethical Hacking - Process Reporting Keeping It Legal.
Module 6 – Penetration  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Footprinting and Scanning
Computer Security By Duncan Hall.
JMU GenCyber Boot Camp Summer, Introduction to Reconnaissance Information gathering – Social engineering – Physical break-in – Dumpster diving Scanning.
Web Security Introduction to Ethical Hacking, Ethics, and Legality.
Footprinting. Traditional Hacking The traditional way to hack into a system the steps include: Footprint: Get a big picture of what the network is Scan.
Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.
Filip Chytrý Everyone of you in here can help us improve online security....
 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.
Modern information gathering Dave van Stein 9 april 2009.
Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.
WHAT IS FOOTPRINTING?. FOOTPRINTING  Active  Passive - Passive footprinting is a method in which the attacker never makes any contact with the target.
1 NETWORKS Lecture Review – Last Lecture Computer Crimes Typical Vulnerabilities Typical Attack Protocols.
September 19, 2016 Steve Konecny CFE, CIRA, CEH, CRISC Hands on Hacking.
Penetration Testing Reconnaissance 2
Hacking Windows.
Chapter 15: The Internet and Your Job Search
Topic 5 Penetration Testing 滲透測試
ETHICAL HACKING WHAT EXACTLY IS ETHICAL HACKING ? By : Bijay Acharya
Footprinting and Scanning
Backdoor Attacks.
Foot Printing / Scanning Tools Lect 4 – NETW 4006
Footprinting and Scanning
Metasploit assignment
Exploiting Metasploitable
2018 Latest Eccouncil Exam Questions Answers - Eccouncil Dumps PDF
ما الذي يريد صاحب العمل أن يعرفه؟
Learning objectives By the end of this unit you should: Explain
Acknowledgement Content from the book:
A Glimpse Into a Few Current Tech Projects
How hackers do it Ron Woerner Security Administrator CSG Systems, Inc.
The Internet: Encryption & Public Keys
Intrusion.
Ethical Hacker Pro IT Fundamentals Pro
Presentation transcript:

An Introduction to the Basics Pre An Introduction to the Basics

Modes of Ethical Hacking Insider attack Outsider attack Stolen equipment attack Physical entry Bypassed authentication attack Social engineering attack

The Attacker’s Process

The Attacker’s Process Performing Reconnaissance Scanning and enumeration Gaining access Escalation of privilege Maintaining access Covering tracks and placing backdoors

Performing Reconnaissance Systematic attempt to locate, gather, identify, and record information about the target. First step is passive information gathering.

Passive Info Gathering Google is your friend!!! Corporate Web Site Job Listings WHOIS/DNS/nslookup Analog/Digital Surveillance Public Records Dumpster Diving for Fun and Profit Social Engineering

Wikto and Spud http://www.security-database.com/toolswatch/

http://serversniff.com visual ip trace http://centralops.net

Macrosoft E-mail Spider Goog-mail.py

Nifty Google Search Stuff http://www.google.com/help/basics.html http://www.google.com/help/operators.html http://johnny.ihackstuff.com/ghdb/ MySQL Dumps mysql dump filetype:sql RedHat Config Files # kickstart filetype:cfg Allinurl: tsweb site:.edu

Scanning and Enumeration Considered the second pre-attack phase. Scanning is the active step of attempting to connect to systems to elicit a response. Enumeration is used to gather more in-depth information about the target, such as open shares and user account information.

http://techtionary.com/

http://www.irongeek.com - nmap tutorials

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.