Ethical Hacking
Download as PPTX, PDF0 likes571 views
The document discusses the history and nature of hacking, starting from early incidents like the 1988 worm program to notable contemporary cases like Citibank's cyber attack. It outlines different types of hackers, their roles, and attacks such as SQL injection and cross-site scripting, highlighting the importance of security, vulnerabilities, and terminology in cybersecurity. Additionally, it lists essential programming languages and skills necessary for aspiring hackers and pen testers.
Ethical Hacking
- 2. • Hacking is accessing unauthorized data by any method other than the direct method. H A C K I N g
- 3. • In 1988 a "worm program" written by a college student shut down about 10 percent of computers connected to the Internet. This was the beginning of the era of cyber attacks. • Today we have about 10,000 incidents of cyber attacks which are reported and the number grows. • A 16-year-old music student called Richard Pryce, better known by the hacker alias Datastream Cowboy, is arrested and charged with breaking into hundreds of computers including those at the Griffiths Air Force base, NASA and the Korean Atomic Research Institute. His online mentor, "Kuji", is never found. • Also this year, a group directed by Russian hackers broke into the computers of Citibank and transferred more than $10 million from customers' accounts. Eventually, Citibank recovered all but $400,000 of the pilfered money. B E G I n N I n g
- 4. W h Y ? In this era, where world depends on technology and huge amount of data worth a lot of money stored in computers and hacking is all about accessing data for…
- 6. • The number of exploits gets minimized when the number of weaknesses are reduced. • The functionality of the system gets minimized. • Moving towards security means moving away from functionality and ease of use. THE T R I A N G L E SECURITY FUNCTIONALITY EASE OF USE
- 7. • Hacking includes the following types of activity: • Hacker (programmer subculture), activity within the computer programmer subculture • Hacker (computer security), to access computer networks, legally or otherwise • Computer crime H A C K I N G TRY NEXT YES NO Success ?
- 8. Can Hacking be Ethical ? H A C K I N G
- 9. • Coders: These are the one who revise the methods and create tools that are available in the market. These are the Real Hackers. • Admins: They uses the tools and exploits prepared by the coders. They do not develop their own techniques. • Script kiddies: They are the guys who take advantage of the Hacking tools and documentation available for free on the Internet but don’t have any knowledge of what’s going on behind the scenes. T Y P E
- 10. T Y P E
- 11. • Threat – An action or event that might prejudice security. A threat is a potential violation of security. • Vulnerability – Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system. • Target of Evaluation – An IT system, product, or component that is identified/subjected as requiring security evaluation. • Attack – An assault on system security that derives from an intelligent threat. An attack is any action that attempts to or violates security. • Exploit – A defined way to breach the security of an IT system through vulnerability. T E R M I N O L O G Y
- 14. M O D E • Over the Internet • Over LAN • Locally • Offline • Theft • Deception
- 15. • Phishing • Key Loggers • RAT • Whatsapp Hacking • Wifi Hacking –Through Kali Linux • Email Bombing • SMS Bombing For B E G I N N E R s
- 16. SQL I N J E C T I O n • Let's say that the original purpose of the code was to create an SQL statement to select a user with a given user id. • If there is nothing to prevent a user from entering "wrong" input, the user can enter some "smart" input like this: “1=1” The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true.
- 17. X S S • Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. • XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
- 18. R E Q U I R E M E N T S • Hypertext Markup Language (HTML) is the basics for creating web pages and other information that can be displayed in a web browser. So if you don't know HTML you should first learn it. • JavaScript:Learning java script. Will help you understand the basics of Cross Site Scripting. • PHP/SQL:Majority of web applications are written using PHP and MySQL.So it is a must to learn PHP. • C & C++:More than 60 % of the exploits you will find on the web are written in C & C ++, Learning C & C++ will help you understand about Buffer overflows, Stack overflow etc, So learning C and C ++ is must for every hacker/Pen tester.
- 19. R E Q U I R E M E N T S • Assembly:Learning assembly will help you in Writing/understanding Shell codes , Will Help you in Reverse Engineering applications and software's • Python:It is a very powerful high level language , Its Easy to learn and code, most of the tools and scripts for automation are written in Python . Knowing Python socket programming will help you a lot in Exploit writing • Ruby:It is an another language which is used to write scripts, tools. Metasploit Frame Work is written in Ruby. so learning ruby will help you understand the in and outs of msf. • Bash:Learning Bash is very Useful in writing small scripts for automation.
- 20. Thank You