PD
Uploaded byPankaj Dubey
PPTX, PDF854 views

Hacking and Penetration Testing - a beginners guide

The document provides a comprehensive overview of hacking, cyber security, and penetration testing, highlighting the significance of vulnerability assessment in protecting systems from cyber crimes. It distinguishes between different types of hackers, such as black hat and white hat, and introduces concepts like ethical hacking and digital forensics. Additionally, it discusses various cyber threats, techniques used for attacks, and the importance of continuous learning in the field of cybersecurity.

Embed presentation

Downloaded 27 times
HACKING & CYBER SECURITY PANKAJ DUBEY Sr. QA Engineer pankajdubeyk@gmail.com http://PRELRIK.COM http://youtube.com/c/prelrik VULNERABILITY ASSESSMENT & PENETRATION TESTING a beginner’s guide to ... hacking & penetration testing
● 500 hrs of video uploaded on YouTube ● 3.3million Facebook posts ● 448,800 tweets ● 65972 photos are uploaded on Instagram ● 29 million whatsapp messages are sent Report credit - cuencatechlife ● 1440 wordpress posts are published 60 Seconds on Internet
Cyber crimes ** Hacking is the major reason behind cyber crimes ** ● Unauthorized access in computer or network ● Spreading malwares or viruses to harm the system ● Data manipulation or Data theft ● Cyber espionage or spying ● Child pornography ● Committing fraud “Offences that are committed against individuals or groups of individuals with a criminal motive by using computer, mobile or any digital medium are called cyber crimes.” “To solve and investigate the cyber crimes, Digital forensics comes into the picture.”
Cyber Security “Cyber security is the concept of securing the computers, networks and Data from any unauthorized access or activity” ** Penetration Testing is the best countermeasure to defend against cyber crimes ** ● Countermeasures taken to prevent your network, application or system from being hacked is cyber security. ● Cybersecurity experts have deep knowledge of how Network, computer, applications, Database and website works ● They use their skills to shield the services against any cyber attacks “To solve and investigate the cyber crimes, Digital forensics comes into the picture.”
Motives behind cyber attack Disrupting business reputation Data Manipulation Data theft Identity theft Financial frauds Cyber espionage Cyber terrorism Propaganda spreading Spreading religious tensions
Networks Information gathering Spoofing & tricking Session hijacking or MIM DOS (Denial of service) DNS and ARP poisoning Sniffing and Eavesdropping Application Field validations Authentication and authorization attacks SQL injection Cryptographic attacks Security Misconfiguration Broken session management Host Footprinting Malware attacks Password attacks Backdoor attacks Physical security threats Denial of service (DoS or DDos) Security threat types
What is hacking? “Gaining an unauthorized access in computer, network or Database to do malicious activity is called hacking” All hackers aren’t bad people. ● Hacking is illegal if done in an unauthorized manner or without any pre approval ● Even human nature have many vulnerabilities that can be exploited to gain confidential information and that’s called social Engineering. ● An illegal hacking is performed by black hat hackers
What is Ethical hacking? “If hacking is done with a pre approval by authorized admin then it’s called ethical hacking.” ● Ethical hacking is legal if done with an authorized admin approval ● The reason of performing ethical hacking is to find and fix the security vulnerabilities so that system can be defended against any cyber attack. ● Ethical hacking is performed by white hat hackers CEH or Certified Ethical Hacker (CEH) is a qualification obtained by assessing the security of computer systems, using penetration testing techniques.
Result - Blocked Iran's Nuclear Program ● It disrupted the operations of Siemens centrifuges in nuclear power plants, making them spin at uneven speeds "My opinion is that the Mossad is involved, but that the leading force is not Israel. The leading force behind Stuxnet is the cyber superpower – there is only one; and that's the United States." - Kevin Hogan, Senior Director of Security Response at Symantec The great example - stuxnet
Result - 200,000 computers were infected across 150 countries ● The WannaCry ransomware attack was a May 2017 worldwide cyberattack by the WannaCry ransomware cryptoworm ● It targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency The great example - wannacry
types of - hackers BLACK HAT - They use hacking skills for destructive and malicious activities. WHITE HAT - They use hacking skill to defend against any sort of cyber attack. GRAY HAT - They use hacking skills for both offensive and defensive purposes.
Elite hackers: Elite hacker are the most skilled hackers. Script kiddie : They are unskilled hacker who breaks into computer systems by using automated tools Neophyte: Someone who is new to hacking and has no knowledge of hacking or how technology works Hacktivist: A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message. Nation state hackers: Intelligence agencies and cyber warfare operatives of nation states. The types of - hackers Blue hat hackers: A blue hat hacker is someone outside computer security consulting firms who is used to security test a system prior to its launch.
VAPT - vulnerability assessment & Penetration Testing “A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.” Vulnerability assessment is done to : ● Identify the weakness in system ● Measure the effectiveness against any attack NETWORK VULNERABILITY ASSESSMENT TOOLS ● Nmap ● OpenVAS ● Wireshark ● Metasploit ● MBSA (Microsoft baseline security analyzer) WEB VULNERABILITY ASSESSMENT TOOLS ● OWASP ZAP ● Acunetix ● Burp suite ● Nikto ● sqlmap
VAPT - a sample report
Active Assessment Using a network scanner to find hosts, services and vulnerabilities. Passive Assessment A technique used to sniff the network to find hosts, services and vulnerabilities. vulnerability assessment types Internal Assessment A technique used to assess internal infrastructure. External Assessment A technique used by krackers to assess from outside to find the vulnerability. Wireless network Assessment Assessing wireless network to penetrate in network. Host based Assessment Determines the vulnerability in a specific server or computer. Application & DB Assessing an application, website or database for any misconfiguration. Physical security Assessment Assessing the physical security to reach out to network or computer. Network Assessment Assessing network to find the network vulnerabilities.
Penetration Testing or Security Testing ● Pen testers are usually certified white hat hackers or LPTs (licensed pen testers) ● Pen testers reports that how a vulnerability can be exploited ● Pen testers also report that how to patch the issue in properly documented report “Pen testing is the process of finding and reporting security vulnerabilities in network, computer or application in order to secure it with any sort of attacks.” A penetration test, also known as a pen test, is an authorized simulated attack on a computer system that looks for security weaknesses, potentially gaining access to the system's features and data.
ETHICAL HACKING “Ethical hacking focuses on using all techniques to find and exploit the vulnerabilities.” Main target is to break in the system Ethical hacking is an offensive measure PEN TESTING “Pen testing focuses on finding all vulnerabilities in the network, computer or application.” Main target is to defend the system against any threat Pen testing is defensive measure Ethical hacking vs Penetration Testing
types of - pen testers BLACK HAT - With no prior knowledge of network, computer or application that needs to be tested. WHITE HAT - With complete knowledge of network, computer or application that needs to be tested. GRAY HAT - With limited knowledge of network, computer or application that needs to be tested.
Technical skills In depth knowledge of operating systems In depth knowledge of servers In depth knowledge of Networks In depth knowledge of hacking tools and technologies Should be an expert in exploiting the vulnerabilities Behavioural skills Ability to learn quickly Awareness of law of the land Target company's code of conduct and policies Should be quick to find the loopholes in Should update themselves with new technologies and tools Skills required for - hackers / pen testers
Network services Penetration testing can be performed on Application test Web services test Web site test Wireless network test Database test Social engineering
● Planning & preparation ● Choosing methods ● Information gathering Pre attack phase ● Penetrating parameter ● Acquiring target ● Execution, implementation, retracting Attack phase ● Reporting ● Cleanup ● Artifact destruction Post attack phase pen testing / hacking phases
1. Footprinting 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Clearing tracks Gathering preliminary information before attacks Scanning the target system or network to find the open ports The term refers to when an attacker gains the access in NETWORK, SYSTEM or APPLICATION In this phase attacker tries to remains the control of network or application This is the final phase of hacking, where attacker delete all the evidences and logs pen testing / hacking phases
Cross site scripting (xss) SQL Injection Session hijacking Parameter manipulation Buffer Overflow Denial of service Weak authentication and session management Security misconfiguration Computer security threats
Malwares ransomware SQL injection software which is specifically designed to disrupt, damage, or gain authorized access to a computer system. Ex - virus, worms, spywares, backdoors It blocks access to data or system if unless a ransom is paid. Ex - wannacry Injection is a code injection technique to hack into database using website client end. D-DoS Distributed denial of service attack makes a system resource unresponsive to actual intended users. Security threats (1/2)
Pharming Wireless network Botnets Pharming is a cyber attack intended to redirect a website's traffic to another, fake site. User attacks on the wireless network to gain access in an organization’s or individual’s network Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allow the attacker access to the device and its connection Phishing Trojans Phishing is a technique used to get a person in confidence and to get confidential detail or do fraud Trojan horse is a type of virus that looks like a legitimate software and once user installs it, it passes on the control to hackers Security threats (2/2)
Hack Value To evaluate the outcome for hacking something Back door Process of bypassing security and front gate and entering in the system from backdoor Zero Day Attack Hacking the application before patch is released Def CON They organize hackers conference Important hacking terminologies Trojans a Trojan horse, or Trojan, is any malicious computer program which misleads users of its true intent
Important hacking terminologies - BOTNET “ A network of private computers infected with malicious software and controlled by a master computer as a group without the owner's knowledge. “ ● It can be simulated to do Denial of Service attack. As each computer has different IP and that can not be blocked.
Important hacking terminologies - Social Engineering ● It’s a type of confidence trick for the purpose of information gathering, fraud, or system access. ● Human behaviour also have some vulnerabilities and hackers never hesitate exploiting that vulnerability. “Social Engineering is an art of convincing a person to reveal confidential information.” ● Eavesdropping ● Shoulder surfing ● Dumpster diving ● Baiting ● Phishing ● Spear phishing Social Engineering techniques
“Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It has over 600 pre installed applications for hacking, penetration testing and digital forensics.” ● It is maintained and funded by Offensive Security Ltd. ● The earlier version of Kali Linux was known as BackTrack ● Kali Linux is developed using a secure environment with only a small number of trusted people Important hacking terminologies - KALI LINUX
“Deep web is the hidden part of World Wide Web, which is not indexed by standard search engines and not accessible with usual web browsers” ● There is no censorship on contents available on Deep web ● The usual search engine for deep web is Duck Duck go ● The usual domains on deep web ends with .onion instead of .com ● The sites on deep web can only be accessed using TOR network Important hacking terminologies - Dark Web
Important hacking terminologies - TOR “Tor is free software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router" ● TOR stands for The Onion Router ● TOR is a browser to access dark web ● TOR makes it very hard to trace back the user Tor is handy, but it's far from perfect. Don't think just because you're using Tor that you're perfectly anonymous. Someone like the NSA can tell if you're a Tor user and that makes them more likely to target you.
Important hacking terminologies - DOXING “Doxing is a hacking practice where hacker searches the private information posted on publicly accessible sites” Searching for private or identifying information about a particular individual on the Internet, typically with malicious intent. ● Name ● Contact details ● Date of Birth ● Your pet name ● Your favourite food
Important hacking terminologies - STEGANOGRAPHY “Steganography is a technique of hiding an object (file, image or video) behind another image, audio or video” ● Steganography is combination of greek words ‘steganos’ and ‘graphein’ meaning ‘concealing’ and ‘writing’ ● A virus can also be hidden behind an image known as trojan ● It is almost undetectable until special softwares are used ● If you have original image and suspicious steganographic image then you can detect it by comparing the size of files.
Important hacking terminologies - SPOOFING Ex - instead of facebook.com you can trick someone by sending a link of faceb00k.com, where if target enters the ID, password and you can write a code to get that detail. ● An email can be spoofed (site - www.emkei.cz) ● A call can be spoofed (site - www.crazycall.net) ● An SMS can be spoofed (site - www.spoofsms.com) ● IP can be spoofed ● DNS can be spoofed “Spoofing is a technique to trick someone to get confidential information or access ”
Important hacking terminologies - SQL INJECTION ● It is the most common hacking technique to bypass the user authentication for weak sites ● Developers should sanitize the user fields and should not trust what user types in the input field “Sql injection is a code injection technique in the user fields to hack into the database.”
hacking - CAREER & CERTIFICATION ● The International Council of Electronic Commerce Consultants (EC-Council) ● The EC-Council is headquartered in Albuquerque, New Mexico. ● Its best-known certification is the Certified Ethical Hacker
Footprinting and Reconnaissance Network scanning Enumeration Viruses and malwares Sniffing Social Engineering Session hijacking Denial of service SQL Injection System hacking Website hacking Network hacking Web Server hacking Wifi Hacking Mobile hacking what needs to be learnt - for hackers and Pen testers (...learn in next videos ) Steganography and Cryptography Spoofing / Phishing Social Engineering

More Related Content

PDF
Social Engineering Basics
byLuke Rusten
 
PPTX
Social engineering hacking attack
byPankaj Dubey
 
PPTX
Social engineering
byAbdelhamid Limami
 
PPT
Social Engineering | #ARMSec2015
byHovhannes Aghajanyan
 
PDF
Social engineering
byankushmohanty
 
PPTX
Social engineering presentation
bypooja_doshi
 
PPTX
Social Engineering,social engeineering techniques,social engineering protecti...
byABHAY PATHAK
 
PPTX
Social engineering
byMaulik Kotak
 
Social Engineering Basics
byLuke Rusten
 
Social engineering hacking attack
byPankaj Dubey
 
Social engineering
byAbdelhamid Limami
 
Social Engineering | #ARMSec2015
byHovhannes Aghajanyan
 
Social engineering
byankushmohanty
 
Social engineering presentation
bypooja_doshi
 
Social Engineering,social engeineering techniques,social engineering protecti...
byABHAY PATHAK
 
Social engineering
byMaulik Kotak
 

What's hot

PDF
What is Social Engineering? An illustrated presentation.
byPratum
 
PPTX
Social engineering-Attack of the Human Behavior
byJames Krusic
 
PPT
Social Engineering: "The Cyber-Con"
byabercius24
 
PPTX
Social engineering
byAlexander Zhuravlev
 
PDF
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
byPratum
 
PDF
Social engineering
byRobert Hood
 
PDF
Social Engineering: the Bad, Better, and Best Incident Response Plans
byRob Ragan
 
PPTX
Social engineering
byVîñàý Pãtêl
 
PPTX
social engineering
byRavi Patel
 
PDF
Social Engineering
byWilliam Gregorian
 
PPTX
Social Engineering - Human aspects of industrial and economic espionage
byMarin Ivezic
 
PDF
Social Engineering
byPaul Devassy, CPP
 
PPTX
MHTA Social Engineering Presentation - 050917
byEvan Francen
 
PPTX
Social Engineering Techniques
byNeelu Tripathy
 
PPTX
Social engineering: A Human Hacking Framework
byJahangirnagar University
 
PPSX
Social Engineering - Are You Protecting Your Data Enough?
byJamRivera1
 
PPTX
Presentation of Social Engineering - The Art of Human Hacking
bymsaksida
 
PPTX
Social engineering
byVishal Kumar
 
PPTX
Social engineering tales
byAhmed Musaad
 
PPT
Social engineering for security attacks
bymasoud khademi
 
What is Social Engineering? An illustrated presentation.
byPratum
 
Social engineering-Attack of the Human Behavior
byJames Krusic
 
Social Engineering: "The Cyber-Con"
byabercius24
 
Social engineering
byAlexander Zhuravlev
 
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
byPratum
 
Social engineering
byRobert Hood
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
byRob Ragan
 
Social engineering
byVîñàý Pãtêl
 
social engineering
byRavi Patel
 
Social Engineering
byWilliam Gregorian
 
Social Engineering - Human aspects of industrial and economic espionage
byMarin Ivezic
 
Social Engineering
byPaul Devassy, CPP
 
MHTA Social Engineering Presentation - 050917
byEvan Francen
 
Social Engineering Techniques
byNeelu Tripathy
 
Social engineering: A Human Hacking Framework
byJahangirnagar University
 
Social Engineering - Are You Protecting Your Data Enough?
byJamRivera1
 
Presentation of Social Engineering - The Art of Human Hacking
bymsaksida
 
Social engineering
byVishal Kumar
 
Social engineering tales
byAhmed Musaad
 
Social engineering for security attacks
bymasoud khademi
 

Similar to Hacking and Penetration Testing - a beginners guide

PPTX
UNIT 1-Ethical-Hacking-ppt (2).pptx ethical data
byYazhiniSharmi
 
DOCX
ethical hacking report
byAkhilesh Patel
 
PPTX
Ethical hacking
byInstitute of Information Security (IIS)
 
PPTX
NETWORK PENETRATION TESTING
byEr Vivek Rana
 
PPTX
Hacking
byVipinYadav257
 
PPTX
Cse ethical hacking ppt
byshreya_omar
 
PPTX
Introduction of ethical hacking.........
byAalyanAbid
 
PPTX
Ethical hacking
byPrabhat kumar Suman
 
PPTX
Session on Cyber security and Ethical Hacking.pptx
byVicky Tyagi
 
PPTX
Offensive Security basics part 1
bywharpreet
 
PPTX
Ethical Hacking & Network Security
byLokender Yadav
 
PPTX
Ethical hacking
byAnumadil1
 
PDF
ISACA Ethical Hacking Presentation 10/2011
byXavier Mertens
 
DOCX
Ethical hacking
byNitheesh Adithyan
 
PPTX
GEC-LIE Chapter-3.-Lesson-5-Hacking.pptx
byAnjieVillarba1
 
PPTX
GETTING STARTED WITH THE ETHICAL HACKING.pptx
byBishalRay8
 
PPTX
Ethical Hacking
byChetanmalviya8
 
PPTX
Ethical Hacking
byBharat Sabne
 
PPTX
Hacking.pptx
byYogesh Chauhan
 
PDF
Bar Camp 11 Oct09 Hacking
byBarcamp Kerala
 
UNIT 1-Ethical-Hacking-ppt (2).pptx ethical data
byYazhiniSharmi
 
ethical hacking report
byAkhilesh Patel
 
Ethical hacking
byInstitute of Information Security (IIS)
 
NETWORK PENETRATION TESTING
byEr Vivek Rana
 
Hacking
byVipinYadav257
 
Cse ethical hacking ppt
byshreya_omar
 
Introduction of ethical hacking.........
byAalyanAbid
 
Ethical hacking
byPrabhat kumar Suman
 
Session on Cyber security and Ethical Hacking.pptx
byVicky Tyagi
 
Offensive Security basics part 1
bywharpreet
 
Ethical Hacking & Network Security
byLokender Yadav
 
Ethical hacking
byAnumadil1
 
ISACA Ethical Hacking Presentation 10/2011
byXavier Mertens
 
Ethical hacking
byNitheesh Adithyan
 
GEC-LIE Chapter-3.-Lesson-5-Hacking.pptx
byAnjieVillarba1
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
byBishalRay8
 
Ethical Hacking
byChetanmalviya8
 
Ethical Hacking
byBharat Sabne
 
Hacking.pptx
byYogesh Chauhan
 
Bar Camp 11 Oct09 Hacking
byBarcamp Kerala
 

Recently uploaded

PPTX
Magnet-AXIOM_overview_tool_cyber_tool.pptx
byashishtjoseph
 
PDF
Cloud-Based Underwriting Software for Insurance
byInsurance Tech Services
 
PDF
Anchore Enterprise Q4 2025 Release Webinar
byAnchore
 
PPTX
Modern Claims Automation Solutions for Operational Agility
byInsurance Tech Services
 
PDF
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
PPTX
application security presentation 2 by harman
byharmanideapad
 
PDF
API_SECURITY CONSULTANCY SERVICES IN USA
bydavidjohansen1597
 
PPTX
Why Your Business Needs Snowflake Consulting_ From Data Silos to AI-Ready Cloud
byChetu
 
PPTX
AI Clinic Management Software for Otolaryngology Clinics Bringing Precision, ...
byEasy Clinic
 
PPTX
Deep Dive into Durable Functions, presented at Cloudbrew 2025
byJoonas Westlin
 
PDF
Ch2 -ENG.pdf COMPUTER ARCHITECTURE L2 INFO
byrogase8895
 
PPTX
The Future of Surgical Practice How AI is Transforming Diagnostics, Schedulin...
byEasy Clinic
 
PDF
Red Hat Summit 2025 - Triton GPU Kernel programming.pdf
bySanjeev Rampal
 
PDF
Dokky Suite v.2.0.4 - Dokky AI infographic
byScriptNet Solutions
 
PDF
Imed Eddine Bouchoucha | computer engineer | software Architect
byImed Bouchoucha
 
PDF
PeopleSoft Lift and Shift to Oracle Cloud Infrastructure.pdf
byAstuteBusiness
 
PDF
Here’s the case study that shows how companies lose ₹2–6 Cr annually due to m...
bysiddhantdazzlo
 
PDF
Influence Without Power - Why Empathy is Your Best Friend.pdf
bySuzanne Lagerweij
 
PDF
Digitizing Banquet Management_ Why It Matters for Modern Hotels.pdf
byHotelogix
 
PDF
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
Magnet-AXIOM_overview_tool_cyber_tool.pptx
byashishtjoseph
 
Cloud-Based Underwriting Software for Insurance
byInsurance Tech Services
 
Anchore Enterprise Q4 2025 Release Webinar
byAnchore
 
Modern Claims Automation Solutions for Operational Agility
byInsurance Tech Services
 
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
application security presentation 2 by harman
byharmanideapad
 
API_SECURITY CONSULTANCY SERVICES IN USA
bydavidjohansen1597
 
Why Your Business Needs Snowflake Consulting_ From Data Silos to AI-Ready Cloud
byChetu
 
AI Clinic Management Software for Otolaryngology Clinics Bringing Precision, ...
byEasy Clinic
 
Deep Dive into Durable Functions, presented at Cloudbrew 2025
byJoonas Westlin
 
Ch2 -ENG.pdf COMPUTER ARCHITECTURE L2 INFO
byrogase8895
 
The Future of Surgical Practice How AI is Transforming Diagnostics, Schedulin...
byEasy Clinic
 
Red Hat Summit 2025 - Triton GPU Kernel programming.pdf
bySanjeev Rampal
 
Dokky Suite v.2.0.4 - Dokky AI infographic
byScriptNet Solutions
 
Imed Eddine Bouchoucha | computer engineer | software Architect
byImed Bouchoucha
 
PeopleSoft Lift and Shift to Oracle Cloud Infrastructure.pdf
byAstuteBusiness
 
Here’s the case study that shows how companies lose ₹2–6 Cr annually due to m...
bysiddhantdazzlo
 
Influence Without Power - Why Empathy is Your Best Friend.pdf
bySuzanne Lagerweij
 
Digitizing Banquet Management_ Why It Matters for Modern Hotels.pdf
byHotelogix
 
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 

Hacking and Penetration Testing - a beginners guide

  • 1.
    HACKING & CYBERSECURITY PANKAJ DUBEY Sr. QA Engineer pankajdubeyk@gmail.com http://PRELRIK.COM http://youtube.com/c/prelrik VULNERABILITY ASSESSMENT & PENETRATION TESTING a beginner’s guide to ... hacking & penetration testing
  • 2.
    ● 500 hrsof video uploaded on YouTube ● 3.3million Facebook posts ● 448,800 tweets ● 65972 photos are uploaded on Instagram ● 29 million whatsapp messages are sent Report credit - cuencatechlife ● 1440 wordpress posts are published 60 Seconds on Internet
  • 3.
    Cyber crimes ** Hackingis the major reason behind cyber crimes ** ● Unauthorized access in computer or network ● Spreading malwares or viruses to harm the system ● Data manipulation or Data theft ● Cyber espionage or spying ● Child pornography ● Committing fraud “Offences that are committed against individuals or groups of individuals with a criminal motive by using computer, mobile or any digital medium are called cyber crimes.” “To solve and investigate the cyber crimes, Digital forensics comes into the picture.”
  • 4.
    Cyber Security “Cyber securityis the concept of securing the computers, networks and Data from any unauthorized access or activity” ** Penetration Testing is the best countermeasure to defend against cyber crimes ** ● Countermeasures taken to prevent your network, application or system from being hacked is cyber security. ● Cybersecurity experts have deep knowledge of how Network, computer, applications, Database and website works ● They use their skills to shield the services against any cyber attacks “To solve and investigate the cyber crimes, Digital forensics comes into the picture.”
  • 5.
    Motives behind cyberattack Disrupting business reputation Data Manipulation Data theft Identity theft Financial frauds Cyber espionage Cyber terrorism Propaganda spreading Spreading religious tensions
  • 6.
    Networks Information gathering Spoofing &tricking Session hijacking or MIM DOS (Denial of service) DNS and ARP poisoning Sniffing and Eavesdropping Application Field validations Authentication and authorization attacks SQL injection Cryptographic attacks Security Misconfiguration Broken session management Host Footprinting Malware attacks Password attacks Backdoor attacks Physical security threats Denial of service (DoS or DDos) Security threat types
  • 7.
    What is hacking? “Gainingan unauthorized access in computer, network or Database to do malicious activity is called hacking” All hackers aren’t bad people. ● Hacking is illegal if done in an unauthorized manner or without any pre approval ● Even human nature have many vulnerabilities that can be exploited to gain confidential information and that’s called social Engineering. ● An illegal hacking is performed by black hat hackers
  • 8.
    What is Ethicalhacking? “If hacking is done with a pre approval by authorized admin then it’s called ethical hacking.” ● Ethical hacking is legal if done with an authorized admin approval ● The reason of performing ethical hacking is to find and fix the security vulnerabilities so that system can be defended against any cyber attack. ● Ethical hacking is performed by white hat hackers CEH or Certified Ethical Hacker (CEH) is a qualification obtained by assessing the security of computer systems, using penetration testing techniques.
  • 9.
    Result - BlockedIran's Nuclear Program ● It disrupted the operations of Siemens centrifuges in nuclear power plants, making them spin at uneven speeds "My opinion is that the Mossad is involved, but that the leading force is not Israel. The leading force behind Stuxnet is the cyber superpower – there is only one; and that's the United States." - Kevin Hogan, Senior Director of Security Response at Symantec The great example - stuxnet
  • 10.
    Result - 200,000computers were infected across 150 countries ● The WannaCry ransomware attack was a May 2017 worldwide cyberattack by the WannaCry ransomware cryptoworm ● It targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency The great example - wannacry
  • 11.
    types of -hackers BLACK HAT - They use hacking skills for destructive and malicious activities. WHITE HAT - They use hacking skill to defend against any sort of cyber attack. GRAY HAT - They use hacking skills for both offensive and defensive purposes.
  • 12.
    Elite hackers: Elitehacker are the most skilled hackers. Script kiddie : They are unskilled hacker who breaks into computer systems by using automated tools Neophyte: Someone who is new to hacking and has no knowledge of hacking or how technology works Hacktivist: A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message. Nation state hackers: Intelligence agencies and cyber warfare operatives of nation states. The types of - hackers Blue hat hackers: A blue hat hacker is someone outside computer security consulting firms who is used to security test a system prior to its launch.
  • 13.
    VAPT - vulnerabilityassessment & Penetration Testing “A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.” Vulnerability assessment is done to : ● Identify the weakness in system ● Measure the effectiveness against any attack NETWORK VULNERABILITY ASSESSMENT TOOLS ● Nmap ● OpenVAS ● Wireshark ● Metasploit ● MBSA (Microsoft baseline security analyzer) WEB VULNERABILITY ASSESSMENT TOOLS ● OWASP ZAP ● Acunetix ● Burp suite ● Nikto ● sqlmap
  • 14.
    VAPT - asample report
  • 15.
    Active Assessment Using anetwork scanner to find hosts, services and vulnerabilities. Passive Assessment A technique used to sniff the network to find hosts, services and vulnerabilities. vulnerability assessment types Internal Assessment A technique used to assess internal infrastructure. External Assessment A technique used by krackers to assess from outside to find the vulnerability. Wireless network Assessment Assessing wireless network to penetrate in network. Host based Assessment Determines the vulnerability in a specific server or computer. Application & DB Assessing an application, website or database for any misconfiguration. Physical security Assessment Assessing the physical security to reach out to network or computer. Network Assessment Assessing network to find the network vulnerabilities.
  • 16.
    Penetration Testing orSecurity Testing ● Pen testers are usually certified white hat hackers or LPTs (licensed pen testers) ● Pen testers reports that how a vulnerability can be exploited ● Pen testers also report that how to patch the issue in properly documented report “Pen testing is the process of finding and reporting security vulnerabilities in network, computer or application in order to secure it with any sort of attacks.” A penetration test, also known as a pen test, is an authorized simulated attack on a computer system that looks for security weaknesses, potentially gaining access to the system's features and data.
  • 17.
    ETHICAL HACKING “Ethical hackingfocuses on using all techniques to find and exploit the vulnerabilities.” Main target is to break in the system Ethical hacking is an offensive measure PEN TESTING “Pen testing focuses on finding all vulnerabilities in the network, computer or application.” Main target is to defend the system against any threat Pen testing is defensive measure Ethical hacking vs Penetration Testing
  • 18.
    types of -pen testers BLACK HAT - With no prior knowledge of network, computer or application that needs to be tested. WHITE HAT - With complete knowledge of network, computer or application that needs to be tested. GRAY HAT - With limited knowledge of network, computer or application that needs to be tested.
  • 19.
    Technical skills In depthknowledge of operating systems In depth knowledge of servers In depth knowledge of Networks In depth knowledge of hacking tools and technologies Should be an expert in exploiting the vulnerabilities Behavioural skills Ability to learn quickly Awareness of law of the land Target company's code of conduct and policies Should be quick to find the loopholes in Should update themselves with new technologies and tools Skills required for - hackers / pen testers
  • 20.
    Network services Penetration testingcan be performed on Application test Web services test Web site test Wireless network test Database test Social engineering
  • 21.
    ● Planning &preparation ● Choosing methods ● Information gathering Pre attack phase ● Penetrating parameter ● Acquiring target ● Execution, implementation, retracting Attack phase ● Reporting ● Cleanup ● Artifact destruction Post attack phase pen testing / hacking phases
  • 22.
    1. Footprinting 2. Scanning 3.Gaining Access 4. Maintaining Access 5. Clearing tracks Gathering preliminary information before attacks Scanning the target system or network to find the open ports The term refers to when an attacker gains the access in NETWORK, SYSTEM or APPLICATION In this phase attacker tries to remains the control of network or application This is the final phase of hacking, where attacker delete all the evidences and logs pen testing / hacking phases
  • 23.
    Cross site scripting(xss) SQL Injection Session hijacking Parameter manipulation Buffer Overflow Denial of service Weak authentication and session management Security misconfiguration Computer security threats
  • 24.
    Malwares ransomware SQL injection software whichis specifically designed to disrupt, damage, or gain authorized access to a computer system. Ex - virus, worms, spywares, backdoors It blocks access to data or system if unless a ransom is paid. Ex - wannacry Injection is a code injection technique to hack into database using website client end. D-DoS Distributed denial of service attack makes a system resource unresponsive to actual intended users. Security threats (1/2)
  • 25.
    Pharming Wireless network Botnets Pharming isa cyber attack intended to redirect a website's traffic to another, fake site. User attacks on the wireless network to gain access in an organization’s or individual’s network Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allow the attacker access to the device and its connection Phishing Trojans Phishing is a technique used to get a person in confidence and to get confidential detail or do fraud Trojan horse is a type of virus that looks like a legitimate software and once user installs it, it passes on the control to hackers Security threats (2/2)
  • 26.
    Hack Value To evaluatethe outcome for hacking something Back door Process of bypassing security and front gate and entering in the system from backdoor Zero Day Attack Hacking the application before patch is released Def CON They organize hackers conference Important hacking terminologies Trojans a Trojan horse, or Trojan, is any malicious computer program which misleads users of its true intent
  • 27.
    Important hacking terminologies- BOTNET “ A network of private computers infected with malicious software and controlled by a master computer as a group without the owner's knowledge. “ ● It can be simulated to do Denial of Service attack. As each computer has different IP and that can not be blocked.
  • 28.
    Important hacking terminologies- Social Engineering ● It’s a type of confidence trick for the purpose of information gathering, fraud, or system access. ● Human behaviour also have some vulnerabilities and hackers never hesitate exploiting that vulnerability. “Social Engineering is an art of convincing a person to reveal confidential information.” ● Eavesdropping ● Shoulder surfing ● Dumpster diving ● Baiting ● Phishing ● Spear phishing Social Engineering techniques
  • 29.
    “Kali Linux isa Linux distribution designed for digital forensics and penetration testing. It has over 600 pre installed applications for hacking, penetration testing and digital forensics.” ● It is maintained and funded by Offensive Security Ltd. ● The earlier version of Kali Linux was known as BackTrack ● Kali Linux is developed using a secure environment with only a small number of trusted people Important hacking terminologies - KALI LINUX
  • 30.
    “Deep web isthe hidden part of World Wide Web, which is not indexed by standard search engines and not accessible with usual web browsers” ● There is no censorship on contents available on Deep web ● The usual search engine for deep web is Duck Duck go ● The usual domains on deep web ends with .onion instead of .com ● The sites on deep web can only be accessed using TOR network Important hacking terminologies - Dark Web
  • 31.
    Important hacking terminologies- TOR “Tor is free software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router" ● TOR stands for The Onion Router ● TOR is a browser to access dark web ● TOR makes it very hard to trace back the user Tor is handy, but it's far from perfect. Don't think just because you're using Tor that you're perfectly anonymous. Someone like the NSA can tell if you're a Tor user and that makes them more likely to target you.
  • 32.
    Important hacking terminologies- DOXING “Doxing is a hacking practice where hacker searches the private information posted on publicly accessible sites” Searching for private or identifying information about a particular individual on the Internet, typically with malicious intent. ● Name ● Contact details ● Date of Birth ● Your pet name ● Your favourite food
  • 33.
    Important hacking terminologies- STEGANOGRAPHY “Steganography is a technique of hiding an object (file, image or video) behind another image, audio or video” ● Steganography is combination of greek words ‘steganos’ and ‘graphein’ meaning ‘concealing’ and ‘writing’ ● A virus can also be hidden behind an image known as trojan ● It is almost undetectable until special softwares are used ● If you have original image and suspicious steganographic image then you can detect it by comparing the size of files.
  • 34.
    Important hacking terminologies- SPOOFING Ex - instead of facebook.com you can trick someone by sending a link of faceb00k.com, where if target enters the ID, password and you can write a code to get that detail. ● An email can be spoofed (site - www.emkei.cz) ● A call can be spoofed (site - www.crazycall.net) ● An SMS can be spoofed (site - www.spoofsms.com) ● IP can be spoofed ● DNS can be spoofed “Spoofing is a technique to trick someone to get confidential information or access ”
  • 35.
    Important hacking terminologies- SQL INJECTION ● It is the most common hacking technique to bypass the user authentication for weak sites ● Developers should sanitize the user fields and should not trust what user types in the input field “Sql injection is a code injection technique in the user fields to hack into the database.”
  • 36.
    hacking - CAREER & CERTIFICATION ●The International Council of Electronic Commerce Consultants (EC-Council) ● The EC-Council is headquartered in Albuquerque, New Mexico. ● Its best-known certification is the Certified Ethical Hacker
  • 37.
    Footprinting and Reconnaissance Networkscanning Enumeration Viruses and malwares Sniffing Social Engineering Session hijacking Denial of service SQL Injection System hacking Website hacking Network hacking Web Server hacking Wifi Hacking Mobile hacking what needs to be learnt - for hackers and Pen testers (...learn in next videos ) Steganography and Cryptography Spoofing / Phishing Social Engineering