Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Edureka

CYBERSECURITY CERTIFICATION COURSE www.edureka.co/cybersecurity-certification-training

Foot-printing and Reconnaissance
Networking Fundamentals
Cryptography
Scanning and Enumeration
Agenda
Penetration
Malware

Goals of Computer Security
Denial of Service Attacks
Web Application Hacking
Agenda
Wireless Attacking
Detection Evasion
Programming Attacks

Early Days of Hacking
The first instance of hacking dates back to 1960’s and it all began in MIT with the Model rail road club.
(1960)
:
A person who delights in having an intimate understanding of the
internal workings of a system, computers and computer networks in
particular.

The First Computer Worm
Robert Tappan Morris is an American computer scientist and entrepreneur. He is best known for
creating the Morris Worm in 1988, considered the first computer worm on the Internet
(1980)
: An individual who gains access with malicious intent in their mind.

Hacking in Popular Culture
Hacking has been prevalent since then in a lot of popular movies and tv series. This has been useful for spreading awareness.

Reasons People Hack
Hacking has been prevalent since then in a lot of popular movies and tv series. This has
been useful for spreading awareness.
Some Times Just for Fun

Reasons People Hack
On the morning of the dedication of the William H. Gates Building, the internet kiosks in
the lobby which normally ran Windows XP were changed to temporarily boot linux. The
screens displayed a welcome message from Tux the Linux penguin
To make a political point

Reasons People Hack
Students at MIT turned the façade of a building into a Tetris game board just to see if
they could take on this daunting task.
For the Challenge

Reasons People Hack
Sometimes, its better to hack so that you know what’s wrong with a system and
fix it before someone with malicious intentions gets knowledge of it.
To get there before the bad guys

Types of Hackers
White Hat Hacker Grey Hat Hacker Black Hat Hacker

Skills Necessary
Computing
• Basic understanding of
operating systems
•Understanding of basic software
systems
•Grasp on CLI commands
Networking
•Cables, Systems, Switches
•Networking Architecture
•Understanding of different
networking protocols
Life Skills
•Ability to think out of the box
•Ability to accept failure and move
on
•Perseverance

Skills Necessary
Tools
•How to use a lot of tools
•Networking
•Security
Networking
•How to capture packets from a
network
•TCP/IP in detail
•Understanding how protocols
interact
Methods
•How to use gathered information
•Getting the best out of your
resources

Defacing
A website defacement is an attack on a website that changes
the visual appearance of the site or a webpage. These are
typically the work of system crackers, who break into a web
server and replace the hosted website with one of their own.

Buffer Overflow
U A E I O S T D
Buffer Overflow
When a piece of data is being transferred over a network, it isn’t immediately written to memory but rather
stored on the RAM which has a set buffer size. This can be easily exploited by bombarding the target with data
causing the buffer to overflow.

Denial of Service

What is Penetration Testing?
Vulnerability Assessment
Penetration testing, also called pen testing or ethical
hacking, is the practice of testing a computer system,
network or web application to find security vulnerabilities
that an attacker could exploit.

Goals
Assessing the weakness in an
organisation’s security posture
Understanding Risk
Positions better
Accessing systems to find
weaknesses before external
exploits

Results
Report
Create a detailed report
Suggest fixes to the bugs

Scope
How big is the sandbox? Restricted/No-touch? Scope of Contract

What is Footprinting?
Footprinting is a part of reconnaissance process which is used for gathering possible information about a target
computer system or network. Footprinting could be both passive and active. Reviewing a company’s website is an
example of passive footprinting, whereas attempting to gain access to sensitive information through social
engineering is an example of active information gathering.

Wayback Machine – Archive.org

Netcraft

Hostname Resolution
Domain Name Service
DNS is a necessity because IP addresses are hard to
remember which makes mnemonics a necessity in this case
DNS
• Easier to remember
• Reference for IP

Finding Network Ranges
192.168.54.32
IP Address
255.255.255.0
Subnet Mask
Finding the network range for a relevant scan is very necessary as scanning for vulnerabilities is a time
consuming task

Using Google for Reconnaissance

Google Hacking
Google is a valuable resource when it comes to information gathering, Knowing how to use google to target the
things you are looking for is a useful skill as an ethical hacker

History of the Internet
Advanced research project agency commissioned a network in 1968 and the first internet
connection was in 1969

OSI an TCP/IP Model
Application
Presentation
Session
Transport
Network
Datalink
Physical
Application
Transport
Internet
Link

Addressing: Unicast

Addressing: Broadcast

Addressing: Multicast

What is Wireshark?

What is DHCP?
DHCP
CLIENT
DHCP
SERVER
DISCOVER
OFFER
REQUEST
ACKNOWLEDGE

Why use DHCP?
A computer, or any other device that connects to a network (local or internet), must be properly configured to communicate on that network.
Since DHCP allows that configuration to happen automatically, it's used in almost every device that connects to a network including computers,
switches, smartphones, gaming consoles, etc.

Address Resolution Protocol
192.168.1.31
192.168.1.33192.168.1.32 192.168.1.34
Who is 192.168.1.33?

ARP isn’t reliable
192.168.1.31
Hey that’s me. Here have my MAC address
too so that we can communicate more easily
in future
192.168.1.33
Well….that’s easily exploitable! I could just lie.

Liars…liars everywhere
192.168.1.31
192.168.1.33
192.168.1.32

What is Cryptography?
Message
1034259
1034259
110340082
E
110340082
D 1034259 Or Error
Cybersecurity refers to a set of techniques used to protect the integrity of networks,
programs and data from attack, damage or unauthorized access

History of Cryptography
The Caesar cipher is one of the earliest known and simplest ciphers. It is a type of substitution cipher in which each letter in the plaintext is
'shifted' a certain number of places down the alphabet.

Enigma Cipher
The Enigma cipher was a field cipher used by the Germans during World War II. The Enigma is one of the better known historical encryption
machines, and it actually refers to a range of similar cipher machines

Digital Encryption Standard
The Data Encryption Standard (DES) is a symmetric-key
block cipher published by the National Institute of
Standards and Technology (NIST). DES is an
implementation of a Feistel Cipher

Triple DES
In cryptography, Triple DES (3DES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies
the DES cipher algorithm three times to each data block.

Advanced Encryption Standard
The Advanced Encryption Standard, also known by its original name
Rijndael, is a specification for the encryption of electronic data
established by the U.S. National Institute of Standards and Technology in
2001

What is a Certificate?
A Digital Certificate is an electronic "password" that allows a person, organizaion to exchange data securely
over the Internet using the public key infrastructure (PKI). Digital Certificate is also known as a public key
certificate or identity certificate.

Who can issue a Digital Certificate?

What is Hashing?
Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string.
Hashing is used to index and retrieve items in a database because it is faster to find the item using the shorter hashed key than to find it using
the original value.

History of SSL

TLS
TLS is a cryptographic protocol that provides end-to-end communications security over networks and is widely used for internet communications
and online transactions. It is an IETF standard intended to prevent eavesdropping, tampering and message forgery

Bitlocker

What is Scanning?
Network scanning refers to the use of a computer network to gather information regarding computing systems. Network scanning is mainly used
for security assessment, system maintenance, and also for performing attacks by hackers.

NMAP
Nmap is a free and open-source security scanner, originally written by Gordon Lyon, used to discover hosts and services on a computer network,
thus building a "map" of the network.

What is IDS
An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is
discovered. While anomaly detection and reporting is the primary function, some intrusion detection systems are capable of taking actions when
malicious activity or anomalous traffic is detected, including blocking traffic sent from suspicious IP addresses.

Why evade IDS
Intrusion detection system evasion techniques are modifications made to attacks in order to prevent detection by an intrusion detection system
(IDS). Almost all published evasion techniques modify network attacks. The 1998 paper Insertion, Evasion, and Denial of Service: Eluding Network
Intrusion Detection popularized IDS evasion, and discussed both evasion techniques and areas where the correct interpretation was ambiguous
depending on the targeted computer system.

Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Edureka

More Related Content

What's hot (20)

Similar to Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Edureka (20)

More from Edureka! (20)

Recently uploaded (20)

Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Edureka