Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ethical Hacking KaaShiv InfoTech For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com.

Published byMarybeth Black Modified over 9 years ago

Similar presentations

Presentation on theme: "Ethical Hacking KaaShiv InfoTech For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com."— Presentation transcript:

1 Ethical Hacking KaaShiv InfoTech For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com www.kaashivinfotech.com

2 Philosophy “How often have I said to you that when you have eliminated the impossible, whatever remains, however improbable, must be the truth? “ Or a modern variation: "If you eliminate the impossible, whatever remains, however improbable, must be the truth." www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

3 Anonymous As for the literal operation of Anonymous, becoming part of it is as simple as going onto its Internet Relay Chat forums and typing away. The real-life people involved in Anonymous could be behind their laptops anywhere, from an Internet café in Malaysia to a Michigan suburb. Anonymous appears to have no spokesperson or leader. One could participate for a minute or a day in a chat room, and then never go back again. Anonymous is the future form of Internet-based social activism. They laud the "hactivists" for their actions. For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com www.kaashivinfotech.com

4 Underground Toolkit Arms Hackers For Java Flaw By Antone Gonsalves, CRN March 29, 2012 3:57 PM ET A software toolkit popular among cyber-criminals has been updated to include malicious code targeting a critical Java vulnerability that experts say many Internet users have yet to patch. A patch for the Java bug was released in February, but based on the Java patching behavior of 28 million Internet users, Rapid7 estimates that from 60 percent to 80 percent of computers running Java are vulnerable. The bug affects all operating systems, including Windows, starting with XP, Ubuntu and Mac OS X. In general, up to 60 percent of Java installations are never updated to the latest version, according to Rapid7. For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com www.kaashivinfotech.com

5 PROTECTED COMPUTER -CIVIL PENALTY Protected Computer Cases.--In the case of an offense involving unlawfully accessing, or exceeding authorized access to, a "protected computer" as defined in 18 U.S.C. § 1030(e)(2), actual loss includes the following pecuniary harm, regardless of whether such pecuniary harm was reasonably foreseeable: reasonable costs to the victim of conducting a damage assessment, and restoring the system and data to their condition prior to the offense, and any lost revenue due to interruption of service. (B) Gain.--The court shall use the gain that resulted from the offense as an alternative measure of loss only if there is a loss but it reasonably cannot be determined. For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com www.kaashivinfotech.com

6 Why Do People Hack To make security stronger ( Ethical Hacking ) To make security stronger ( Ethical Hacking ) Just for fun. Just for fun. Show off. Show off. Hack other systems secretly. Hack other systems secretly. Notify many people their thought. Notify many people their thought. Steal important information. Steal important information. Destroy enemy’s computer network during the war. Destroy enemy’s computer network during the war. For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com www.kaashivinfotech.com

7 What is Ethical Hacking Hacking Process of breaking into systems for:  Personal or Commercial Gains  Malicious Intent – Causing sever damage to Information & Assets Conforming to accepted professional standards of conduct For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com www.kaashivinfotech.com

8 Types of Hackers White Hat Hackers: White Hat Hackers: A White Hat who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. A White Hat who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. Black Hat Hackers: Black Hat Hackers: A Black Hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat. A Black Hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat.hat For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com www.kaashivinfotech.com

9 Why Can’t We Defend Against Hackers? There are many unknown security hole Hackers need to know only one security hole to hack the system Admin need to know all security holes to defend the system www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

10 Why Do We Need Ethical Hacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com www.kaashivinfotech.com

11 Ethical Hacking - Commandments Working Ethically Trustworthiness Misuse for personal gain Respecting Privacy Not Crashing the Systems www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

12 What do hackers do after hacking ? Patch security hole. The other hackers can’t intrude. Clear logs and hide themselves. Install rootkit ( backdoor ) The hacker who hacked the system can use the system later. It contains trojan virus, and so on Install irc related program. identd, irc, bitchx, eggdrop, bnc For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com www.kaashivinfotech.com

13 What do hackers do after hacking? Install scanner program mscan, sscan, nmap Install exploit program Install denial of service program Use all of installed programs silently www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

14 Basic Knowledge Required The basic knowledge that an Ethical Hacker should have about different fields, is as follows: The basic knowledge that an Ethical Hacker should have about different fields, is as follows: Should have basic knowledge of ethical and permissible issues Should have basic knowledge of ethical and permissible issues Should have primary level knowledge of session hijacking Should have primary level knowledge of session hijacking Should know about hacking wireless networks Should know about hacking wireless networks Should know how to handle virus and worms Should know how to handle virus and worms Should have the basic knowledge of cryptography Should have the basic knowledge of cryptography Should have the basic knowledge of accounts administration Should have the basic knowledge of accounts administration For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com www.kaashivinfotech.com

15 Denial of Service If an attacker is unsuccessful in gaining access, they may use readily available exploit code to disable a target as a last resort If an attacker is unsuccessful in gaining access, they may use readily available exploit code to disable a target as a last resort Techniques Techniques SYN flood SYN flood ICMP techniques ICMP techniques Identical SYN requests Identical SYN requests Overlapping fragment/offset bugs Overlapping fragment/offset bugs Out of bounds TCP options (OOB) Out of bounds TCP options (OOB) DDoS DDoS For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com www.kaashivinfotech.com

16 How Can We Protect The System? Patch security hole often Patch security hole often Encrypt important data Encrypt important data Ex) pgp, ssh Ex) pgp, ssh Do not run unused daemon Do not run unused daemon Remove unused setuid/setgid program Remove unused setuid/setgid program Setup loghost Setup loghost Backup the system often Backup the system often Setup firewall Setup firewall Setup IDS Setup IDS Ex) snort Ex) snort For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com www.kaashivinfotech.com

17 What should do after hacked? Shutdown the system Or turn off the system Separate the system from network Restore the system with the backup Or reinstall all programs Connect the system to the network www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

18 Ethical Hacking - Process 1.Preparation 2.Foot Printing 3.Enumeration & Fingerprinting 4.Identification of Vulnerabilities 5.Attack – Exploit the Vulnerabilities 6.Gaining Access 7.Escalating Privilege 8.Covering Tracks 9.Creating Back Doors www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

19 1.Preparation Identification of Targets – company websites, mail servers, extranets, etc. Signing of Contract Agreement on protection against any legal issues Specifics on Denial of Service Tests, Social Engineering, etc. Time window for Attacks Total time for the testing Prior Knowledge of the systems Key people who are made aware of the testing. www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

20 2.Footprinting Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources Search engines Forums Databases – whois, ripe, arin, apnic. www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

21 3.Enumeration & Fingerprinting Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner Specific targets determined Identification of Services / open ports Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands Tools Nmap, FScan www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

22 4.Identification of Vulnerabilities Vulnerabilities Insecure Configuration Weak passwords Unpatched vulnerabilities in services, Operating systems, applications Possible Vulnerabilities in Services, Operating Systems Insecure programming Weak Access Control www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

23 4.Identification of Vulnerabilities Methods Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic Insecure Programming – SQL Injection, Listening to Traffic Weak Access Control – Using the Application Logic, SQL Injection www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

24 4.Identification of Vulnerabilities Tools: Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

25 5.Attack – Exploit the Vulnerabilities Obtain as much information (trophies) from the Target Asset Gaining Normal Access Escalation of privileges Obtaining access to other connected systems Last Ditch Effort – Denial of Service www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

26 5.Attack – Exploit the Vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

27 5.Attack – Exploit the Vulnerabilities Application Specific Attacks Exploiting implementations of HTTP, SMTP protocols Gaining access to application Databases SQL Injection Spamming www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

28 6. Gaining access: Enough data has been gathered at this point to make an informed attempt to access the target Techniques Password eavesdropping File share brute forcing Password file grab Buffer overflows www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

29 7. Escalating Privileges If only user-level access was obtained in the last step, the attacker will now seek to gain complete control of the system Techniques Password cracking Known exploits www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

30 8. Covering Tracks Once total ownership of the target is secured, hiding this fact from system administrators becomes paramount, lest they quickly end the romp. Techniques Clear logs Hide tools www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

31 9. Creating Back Doors Trap doors will be laid in various parts of the system to ensure that privileged access is easily regained at the whim of the intruder Trap doors will be laid in various parts of the system to ensure that privileged access is easily regained at the whim of the intruder Techniques Techniques Create rogue user accounts Create rogue user accounts Schedule batch jobs Schedule batch jobs Infect startup files Infect startup files Plant remote control services Plant remote control services Install monitoring mechanisms Install monitoring mechanisms Replace apps with trojans Replace apps with trojans www.kaashivinfotech.com For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

32

33 www.kaashivinfotech.com Thank you For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com. Fill the form and send it to kaashiv.info@gmail.com

Download ppt "Ethical Hacking KaaShiv InfoTech For Inplant Training / Internship, please download the "Inplant training registration form" from our website www.kaashivinfotech.com."

Similar presentations

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Introduction to Ethical Hacking, Ethics, and Legality.

Introduction to Ethical Hacking, Ethics, and Legality.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
What is hacking? Taeho Oh

What is hacking? Taeho Oh
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Ethical Hacking Adapted from Zephyr Gauray’s slides found here: And from Achyut Paudel’s.

Ethical Hacking Adapted from Zephyr Gauray’s slides found here: And from Achyut Paudel’s.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
ETHICAL HACKING ETHICAL HACKING A LICENCE TO HACK Submitted By: Usha Kalkal M.Tech(1 st Sem) Information technology.

ETHICAL HACKING ETHICAL HACKING A LICENCE TO HACK Submitted By: Usha Kalkal M.Tech(1 st Sem) Information technology.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Similar presentations

Ads by Google