EthicalHacking.pptx

ETHICAL HACKING
Dr P PRABAKARAN
Assistant Professor
Department of Computer Applications
School of Computing Sciences
Vels Institute of Science Technology and Advanced Studies, Chennai

ETHICAL HACKING OVERVIEW & VULNERABILITIES
UNDERSTANDING THE IMPORTANCE OF SECURITY
Definition of Ethical Hacking
Hacking is defined as an illegal use of the other’s computer system or
the network resources.
Ethical hacking is an authorized practice of detecting vulnerabilities in
an application, system, or organization’s infrastructure and bypassing
system security to identify potential data breaches and threats in a
network.

Importance of Security
 Evaluation of password strength.
 Ensuring security settings, privilege levels, and database
administration through exploit testing.
 Protection from denial-of-service attacks.
 The evaluation of anti-intrusion features and network security.
 Preventing the interception of data communication channels.

Impact on society of ethical Hacking
Hackers are having very measurable impact on the society. They are
attracting more and younger generation.
Several fields in computing where hackers made measurable impact
on society I have tried to look into different ways how we can make
ethical hacking safe and ethical.

CONCEPT OF ETHICAL HACKING
Hacking is the process of identifying and exploiting weakness in a
system or a network to gain unauthorized access to data and system
resources. It can also be defined as an unauthorized intrusion into
the information systems/networks by an attacker by compromising
the security.
Example of Hacking: Exploiting the weakness of default password to
gain access to the data stored inside the system.

HACKER TYPES
A person who finds and exploits vulnerabilities in a network or a
computer system is called a hacker.
 White Hat
 Black Hat
 Grey Hat
 Script Newbies
 Hacktivists
 Phreakers

HACKER TYPES
White Hat
Ethical Hackers are also called White Hat hackers. This hacker type
gains access to a system to identify its weaknesses and evaluate
vulnerabilities in the system.

HACKER TYPES
Black Hat
Black Hat hackers are also called “crackers.” This hacker type gains
unauthorized access to computer and network systems for personal
gain. Stealing data and violating privacy rights are the intentions of
this hacker.

HACKER TYPES
Grey Hat
Grey Hat hackers are at the borderline between White Hat and Black Hat
hackers. These hackers break into computer or network systems without
authorization to identify vulnerabilities, but presents these weaknesses to the
owner of the system.

HACKER TYPES
Script Newbies
Newbie hackers are new programmers or non-skilled personnel who use
various hacking tools made by other hackers to gain access to network or
computer systems.

ESSENTIAL TERMINOLOGIES - THREAT
Threat
An environment or situation that could lead to a potential breach of security.
Ethical hackers look for and prioritize threats when performing a security
analysis. Malicious hackers and their use of software and hacking techniques
are themselves threats to an organization’s information security.

Adware
Adware is a piece of software that is designed to force display of pre-selected
ads on a system.
Back door
Back door is another often used ethical hacking terminology which refers to a
hidden entry point into a software or application that by passes the standard
security measures like login and authentication.

Bot
A bot refers to a computer program that is designed to automate certain tasks
that are repeated, but faster and for a sustained long period of time than a
human would.
Botnet
A botnet is a collection of computers that are controlled remotely or through a
malware without the knowledge of the user.

DDoS
DDoS, which means distributed denial of service, is an ethical hacking terminology
used to refer to a DoS attack that is achieved through a botnet. Which means that
multiple compromised systems are used to attack a single server, so that it receives
overwhelming requests from various locations simultaneously.
Remote
A remote attack is where an attack is carried out by sending an exploit over a
network to exploit security vulnerabilities in another machine without obtaining
previous access to the vulnerable machine.

ESSENTIAL TERMINOLOGIES - ATTACK
Attack
An attack occurs when a system is compromised based on a vulnerability. Many
attacks are perpetuated via an exploit.
Ethical hackers use tools to find systems that may be vulnerable to an exploit
because of the operating system, network configuration, or applications
installed on the systems, and to prevent an attack.

Types of Attack
Outside attacks Inside attacks
Encryption Active attack
Eavesdropping Attack Brute force attack
Ransomware Firewall
Remote Access Tool (RAT) Passive attacks
Spyware

Types of Attack
Passive attacks
Passive attacks breach the confidentiality of the data of a system without
impacting the system’s state.
Inside attacks
Inside attacks are launched by an authorized user from inside a network.

Types of Attack
Outside attacks
Outside attacks are conducted by an attacker without network authorization
Asynchronous attacks
This Hacking Terminology is used when Attacks take advantage of dynamic system
actions especially by exploiting an ability to manipulate the timing of those actions.
Active attack
This Hacking Terminology has used when a form of attack in which data is actually
modified, corrupted, or destroyed.

Phases of an Attack
Reconnaissance Scanning
Gaining access Maintaining access
Covering tracks

Reconnaissance
In the reconnaissance phase, which is the planning phase, an attacker gathers
as much information as possible about the target. Plain old research may be
the first activity in this phase.
Scanning
During the scanning phase, the attacker tries to identify specific vulnerabilities.
Vulnerability scanners are the most widely used tools. Port scanners are used
to recognize listening ports that provide clues to the types of services that are
running.

Gaining access
Gaining access is usually the goal of an attacker. However, keep in mind that
this is not always the case.
Maintaining access
Once an attacker has successfully gained access, they need to maintain access
through installing a backdoor or a rootkit. So as not to be detected, the
attacker also removes any evidence of their breech by changing the log files.

Covering tracks
Be aware that an attacker will erase all evidence of their presence. Tools such
as Netcat or other trojans can be used to erase the evidence from log files.
Other options include steganography, hiding data in other data, and tunneling.

ESSENTIAL TERMINOLOGIES – VULNERABILITIES
The existence of a software flaw, logic design, or implementation error that can
lead to an unexpected and undesirable event executing bad or damaging
instructions to the system.
Exploit code is written to target a vulnerability and cause a fault in the system
in order to retrieve valuable data.

ESSENTIAL TERMINOLOGIES – VULNERABILITIES
Hacking experts follow four key protocol concepts
1. Stay legal. Obtain proper approval before accessing and performing a security
assessment.
2. Define the scope. Determine the scope of the assessment so that the ethical
hacker’s work remains legal and within the organization’s approved boundaries.
3. Report vulnerabilities. Notify the organization of all vulnerabilities
discovered during the assessment. Provide remediation advice for resolving these
vulnerabilities.

TARGET OF EVALUATION
Target of Evaluation (TOE) A system, program, or network that is the subject of
a security analysis or attack. Ethical hackers are usually concerned with high-
value TOEs, systems that contain sensitive information such as account
numbers, passwords, Social Security numbers, or other confidential data.
It is the goal of the ethical hacker to test hacking tools against the high-value
TOEs to determine the vulnerabilities and patch them to protect against
exploits and exposure of sensitive data.

EXPLOIT
A piece of software or technology that takes advantage of a bug, glitch, or
vulnerability, leading to unauthorized access, privilege escalation, or denial of
service on a computer system. Malicious hackers are looking for exploits in
computer systems to open the door to an initial attack.

PHASES OF HACKING
There are mainly 5 phases in hacking. Not necessarily a hacker has to follow
these 5 steps in a sequential manner. It’s a stepwise process and when followed
yields a better result.

PHASES OF HACKING
Reconnaissance
This is the first step of Hacking. It is also called as Foot printing and information
gathering Phase. This is the preparatory phase where we collect as much
information as possible about the target. We usually collect information about
three groups,
 Network
 Host
 People involved

PHASES OF HACKING
Scanning
Three types of scanning are involved:
Port scanning: This phase involves scanning the target for the information like
open ports, Live systems, various services running on the host.
Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities
which can be exploited. Usually done with help of automated tools
Network Mapping: Finding the topology of network, routers, firewalls servers if
any, and host information and drawing a network diagram with the available
information. This map may serve as a valuable piece of information throughout
the hacking process.

PHASES OF HACKING
Gaining Access
This phase is where an attacker breaks into the system/network using various
tools or methods. After entering into a system, he has to increase his privilege
to administrator level so he can install an application he needs or modify data
or hide data.
Maintaining Access
Hacker may just hack the system to show it was vulnerable or he can be so
mischievous that he wants to maintain or persist the connection in the
background without the knowledge of the user.

PHASES OF HACKING
Clearing Track
No thief wants to get caught. An intelligent hacker always clears all
evidence so that in the later point of time, no one will find any
traces leading to him.
This involves modifying/corrupting/deleting the values of Logs,
modifying registry values and uninstalling all applications he used
and deleting all folders he created.

FOOTPRINTING & PORT SCANNING
Definition of Foot Printing
The act of gathering information about a targeted system and
creating a network and systems map of an organization is known as
Foot printing. It falls in the preparatory pre-attack phase, where all
the details regarding an organization’s network architecture,
application types, and physical location of the target system are
collected.

Types of Footprinting
 Active Footprinting
 Passive Footprinting

Active Footprinting
When the hacker tries to perform footprinting by getting directly in touch
with the targeted system, it is known as Active Footprinting.
Passive Footprinting
On the other hand, when the attacker gathers information about the
target system through openly available sources, it is known as Passive
Footprinting. There are many such sources available on the internet from
where hackers can get the necessary information about the organizations
or individuals.

Objectives of Footprinting
 To know security posture.
 thus, To reduce focus area.
 Identify vulnerabilities.
 also, Draw network map.

Use of Footprinting
Get overview of security posture
Find vulnerabilities
Specify attack area
Create network map

Use of Footprinting
Identifying the assessment goals,
Gathering information about the target,
Analyzing this information, and
Reporting your findings.

Use of Footprinting
 Identifying the assessment goals,
 Gathering information about the target,
 Analyzing this information, and
 Reporting your findings.

TOOLS USED FOR THE RECONNAISSANCE PHASE
RECONNAISSANCE
One strategy that hackers use when attacking a system is to gather
relevant information about the target. This step is called
reconnaissance.
Reconnaissance is the initial step in a cyber-kill chain. The Recon step
involves research, identification and selection of targets and attempts
to identify vulnerabilities in the target network.

PORT SCANNING
Port scanning is one of the most popular forms of
reconnaissance ahead of a hack, helping attackers determine
which ports are most susceptible. Port scanning can lead to a
hacker entering your network or stealing proprietary data.

INTRODUCTION TO PORT SCANNING
 Ping Scan
 SYN Scan
 Vanilla Scan
 XMAS Scan

Ping Scan
Ping scans are one of the most basic port scanning techniques. In ping
scans, a scanner sends several Internet Control Message Protocol (ICMP)
requests to different servers in an attempt to elicit a response.
SYN Scan
SYN scans, or half-open scans, determine whether a port is open and is
receiving information. Scanners can do this by initiating a TCP connection
with the target port in the form of a SYN (request to connect) message.

Port Scanning Techniques
Port scanning techniques are a valuable part of any cybersecurity
professional’s toolkit. Ethical hackers and penetration testers
frequently use port scanning techniques to locate vulnerabilities in a
network that malicious hackers can use to gain access. Port scanning
is a fundamental part of the pre-attack phase of a penetration test.

PORT SWEEPING
Port sweeping is regarded by certain systems experts to be different
from port scanning. They point out that port scanning is executed
through the searching of a single host for open ports. However, they
state that port sweeping is executed through the searching of
multiple hosts in order to target just one specific open port.

USING PORT SCANNING TOOLS
A port scanner, is a software application used in cybersecurity and IT
industries to scan networks, hosts, or IP addresses looking for open
ports, closed ports, or filtered ports.
Port scanners are among the top cybersecurity tools used by
researchers, security teams, and ethical hackers to diagnose network
issues, audit networks, run penetration testing, and perform
vulnerability scanning tasks.

Tools of Port Scanning
 TCP Port Scanner
 Nmap
 Netcat
 Port Authority
 Advanced Port Scanner
 Network Scanner by MiTeC

PING SWEEPS
Ping Sweep is a technique used to identify if the hosts are alive in the
networks using their IP addresses. The Ping Sweep method is used to
ping many hosts at once.
For example, if there is a network with network ID 192.10.0.0/24 then
it is very simple to identify the total number of hosts there by ping
sweeping this network.

SCRIPTING
There is no single language developed for hackers, and no buddy can
develop in the feature too.
There is a reason for that. Hackers can’t limit themselves to a
particular technology; It is their job to work with pretty much
anything people use.

Common scripting languages for hackers
 Bash or Shell Script
 JAVA Script
 VB Script
 PowerShell Script
 PHP Script
 RUBY

INTRODUCTION TO ENUMERATION
Definition of Enumeration
Enumeration is defined as the process of extracting user names,
machine names, network resources, shares and services from a
system. In this phase, the attacker creates an active connection to the
system and performs directed queries to gain more information
about the target.

Types of Enumeration
 Windows Enumeration
 NetBIOS Enumeration
 LDAP Enumeration
 SNMP Enumeration
 Linux/UNIX Enumeration

WINDOWS ENUMERATION
Windows operating systems are enumerated using this type of
enumeration. The attacker uses tools from Sysinternals to achieve
this. This is the most basic enumeration happening, and the hackers
attack desktop workstations. This means that the confidentiality of
the files is no longer maintained.

NetBIOS Enumeration
NetBIOS stands for Network Basic Input Output System. It was initially
developed as an application to give access to LAN resources by the
client's software to a third party.
LDAP Enumeration
LDAP stands for Lightweight Directory Access Protocol. As the full
name suggests, it is an internet protocol to access directory services.

SNMP Enumeration
SNMP stands for Simple Network Management Protocol. It runs on
User Datagram Protocol (UDP), and is an application-layer protocol.

LINUX/UNIX ENUMERATION
Hackers who need to enumerate a target host whose operating
system is Linux/UNIX use this type of enumeration. It works in the
same way as others and collects various sensitive data.

Techniques used for Enumeration
 User names can be extracted using email IDs
 Information can be retrieved using the default password.
 Active Directory using brute force
 Using SNMP, extract user names.
 Windows user groups can be extracted
 Utilizing DNS Zone transfer, more data

VARIOUS METHODS OF PASSWORD CRACKING
Password attacks are one of the most common forms of corporate
and personal data breach. A password attack is simply when a hacker
trys to steal the password.
Hackers know that many passwords are poorly designed, so password
attacks will remain a method of attack as long as passwords are being
used.

Protect yourself from password attacks with the information below
 Phishing
 Man-in-the-Middle Attack
 Brute Force Attack
 Dictionary Attack
 Credential Stuffing
 Keyloggers

UNDERSTANDING SNIFFERS
Sniffing
In its simplest form, sniffing is the act of intercepting and monitoring
traffic on a network. This can be done using software that captures all
data packets passing through a given network interface or by using
hardware devices explicitly designed for this purpose.

Types of Sniffing Attacks
Passive Sniffing
Active Sniffing

Passive Sniffing
In a passive sniffing attack, the hacker monitors traffic passing
through a network without interfering in any way. This type of attack
can be beneficial for gathering information about targets on a
network and the types of data they are transmitting.

Active Sniffing
Active sniffing is a type of attack that involves sending crafted packets
to one or more targets on a network to extract sensitive data. By
using specially crafted packets, attackers can often bypass security
measures that would otherwise protect data from being intercepted.

COMPREHENDING
Phases of Ethical Hacking
 Reconnaissance
 Scanning
 Network Mapping
 Port Scanning
 Gaining Access
 Maintaining Access
 Clearing Tracks

SYSTEM HACKING
ASPECT OF REMOTE PASSWORD GUESSING
Online password cracking is attacking a computer system through an
interface that it presents to its legitimate users by attempting to
guess the login credentials.
The primary advantage of Online Password Cracking is that an
attacker does not need special privileges to initiate the attack.

SYSTEM HACKING
ROLE OF EAVESDROPPING
An eavesdropping attack occurs when cybercriminals steal
information sent or received by a user over an unsecured network. It
is also known as a “sniffing attack” and can come in different forms.

SYSTEM HACKING
Effects of eavesdropping attacks
 Privacy loss
 Identity theft
 Financial loss

SYSTEM HACKING
Privacy loss
Every company has confidential information that can damage its
reputation if the data is made public. Eavesdropping attacks allow
criminals to obtain vital business information, ideas, and
conversations exchanged within a target organization, thus
encroaching on its privacy.

SYSTEM HACKING
Identity theft
Attackers can listen to any employees’ private conversation to get
login credentials and use them to access restricted storage devices.
The individuals don’t only lose their identity but cause their
organization harm as well.

SYSTEM HACKING
Financial loss:
Cybercriminals who have confidential data can access vital business
applications anytime. They can threaten to expose the information
unless the victim pays a high price or sell it to competitors. They
earn while the information’s owners lose money.

SYSTEM HACKING

SYSTEM HACKING
Prevent an eavesdropping attacks
 Military-grade encryption
 Spread mindfulness
 Organization division
 Keep away from obscure connections
 Update and fix programming
 Actual security
 Protecting

SYSTEM HACKING
 Phishing
 Man-in-the-Middle Attack
 Brute Force Attack
 Dictionary Attack
 Credential Stuffing
 Keyloggers

SYSTEM HACKING
Phishing
Phishing is when a hacker posing as a trustworthy party sends you a
fraudulent email, hoping you will reveal your personal information
voluntarily.
Sometimes they lead you to fake "reset your password" screens;

SYSTEM HACKING
Man-in-the-Middle Attack
Man-in-the middle (MitM) attacks are when a hacker or
compromised system sits in between two uncompromised people or
systems and deciphers the information they're passing to each other,
including passwords.

SYSTEM HACKING
Brute Force Attack
If a password is equivalent to using a key to open a door, a brute
force attack is using a battering ram. A hacker can try 2.18 trillion
password/username combinations in 22 seconds, and if your
password is simple, your account could be in the crosshairs.

SYSTEM HACKING
Dictionary Attack
A type of brute force attack, dictionary attacks rely on our habit of
picking "basic" words as our password, the most common of which
hackers have collated into "cracking dictionaries." More
sophisticated dictionary attacks incorporate words that are
personally important to you, like a birthplace, child's name, or pet's
name.

SYSTEM HACKING
Credential Stuffing
If you've suffered a hack in the past, you know that your old
passwords were likely leaked onto a disreputable website. Credential
stuffing takes advantage of accounts that never had their passwords
changed after an account break-in.

SYSTEM HACKING
Keyloggers
Keyloggers are a type of malicious software designed to track every
keystroke and report it back to a hacker. Typically, a user will
download the software believing it to be legitimate, only for it to
install a keylogger without notice.

SYSTEM HACKING
KEYSTROKE LOGGERS
A keylogger is an insidious form of spyware. We enter sensitive data
onto our keyboard, believing nobody is watching. In fact, keylogging
software is hard at work logging everything that we type.
Keyloggers are activity-monitoring software programs that give
hackers access to our personal data.

SYSTEM HACKING
KEYSTROKE LOGGERS
Types of keyloggers
 Hardware
 Software

SYSTEM HACKING
KEYSTROKE LOGGERS
Hardware Keyloggers
Some keyloggers are hardware devices embedded within your
internal PC hardware. They also come as a form of a plug placed
between the CPU box and keyboard cable in an inconspicuous
manner.

SYSTEM HACKING
KEYSTROKE LOGGERS
Software Keyloggers
The second type of keyloggers are software that can be easily
installed on victims’ devices. While this software is a type of
malware, it is “good” malware, wherein it doesn’t harm its host.

WEB APPLICATION VULNERABILITIES
A website vulnerability is a software code flaw/ bug, system
misconfiguration, or some other weakness in the website/ web
application or its components and processes.
Authentication: Verifying that a user is (or at least appears to
be) the person they say
they are.
Authorization: Granting a user access to a specific resource, or
permission to perform a
particular action.

Security vulnerabilities as per OWASP are
➢ SQL Injection
➢ Cross Site Scripting
➢ Broken Authentication and Session Management
➢ Insecure Direct Object References
➢ Cross Site Request Forgery
➢ Security Misconfiguration
➢ Insecure Cryptographic Storage

SQL Injection
Injection is a security vulnerability that allows an attacker to
alter backend SQL statements by manipulating the user
supplied data.
Cross Site Scripting
XSS vulnerabilities target scripts embedded in a page that are
executed on the client side i.e. user browser rather than at the
server side.

Broken Authentication and Session Management
The websites usually create a session cookie and session ID for
each valid session, and these cookies contain sensitive data like
username, password, etc.
Insecure Direct Object References
It occurs when a developer exposes a reference to an internal
implementation object, such as a file, directory, or database key
as in URL or as a FORM parameter.

Cross Site Request Forgery
Cross Site Request Forgery is a forged request came from the
cross site.
Security Misconfiguration
Security Configuration must be defined and deployed for the
application, frameworks, application server, web server,
database server, and platform.

Insecure Cryptographic Storage
Insecure Cryptographic storage is a common vulnerability
which exists when the sensitive data is not stored securely.
Failure to restrict URL Access
Web applications check URL access rights before rendering
protected links and buttons.
Applications need to perform similar access control checks each
time these pages are accessed.

Insufficient Transport Layer Protection
Deals with information exchange between the user (client) and
the server (application).
Applications frequently transmit sensitive information like
authentication details, credit card information, and session
tokens over a network.
Unvalidated Redirects and Forwards
The web application uses few methods to redirect and forward
users to other pages for an intended purpose.

APPLICATION CODING ERRORS
Single Page Applications (SPAs)

Traditional Web Applications

Setting Up For Testing Web Applications

SQL INJECTION INTO BACK-END DATABASES
SQL is a standardized language used to access and manipulate
databases to build customizable data views for each user.
SQL queries are used to execute commands, such as data
retrieval, updates, and record removal.

Types of SQL Injections
➢ In-band SQLi
➢ Inferential (Blind) SQLi
➢ Out-of-band SQLi

In-band SQLi
The attacker uses the same channel of communication to launch
their attacks and to gather their results.
Inferential (Blind) SQLi
The attacker sends data payloads to the server and observes the
response and behavior of the server to learn more about its
structure.

Out-of-band SQLi
The attacker can only carry out this form of attack when certain
features are enabled on the database server used by the web
application.
This form of attack is primarily used as an alternative to the in-
band and inferential SQLi techniques.

CROSS-SITE SCRIPTING
Cross site scripting (XSS) is an attack in which an attacker
injects malicious executable scripts into the code of a trusted
application or website. Attackers often initiate an XSS attack by
sending a malicious link to a user and enticing the user to click
it. If the app or website lacks proper data sanitization

CROSS-SITE SCRIPTING
Types of cross site scripting approaches
Stored XSS
Reflected XSS
DOM-based XSS

CROSS-SITE REQUEST FORGING
Cross-site request forgery (also known as CSRF) is a web
security vulnerability that allows an attacker to induce users to
perform actions that they do not intend to perform.
It allows an attacker to partly circumvent the same origin policy,
which is designed to prevent different websites from interfering
with each other.

Impact of a CSRF attack
In a successful CSRF attack, the attacker causes the victim user
to carry out an action unintentionally.
Construct a CSRF attack
Manually creating the HTML needed for a CSRF exploit can be
cumbersome, particularly where the desired request contains a
large number of parameters, or there are other quirks in the
request.

Preventing CSRF attacks
The most robust way to defend against CSRF attacks is to include a
CSRF token within relevant requests.
The token should be:
➢ Unpredictable with high entropy, as for session tokens in general.
➢ Tied to the user's session.
➢ Strictly validated in every case before the relevant action is
executed.

AUTHENTICATION BYPASS
Applications and software require credentials to access the
system, such as email, username, and password.
some reasons that allow hackers to bypass authentication.
➢ Many default servers and applications come with unsecured
folders or data.
➢ Administrators fail to secure data and servers.
➢ Users do not reset default passwords.

WEB SERVICES AND RELATED FLAWS
A Web Server is defined as an application that responds to web
page requests submitted by various users over the Internet
using the HTTP (Hypertext Transfer Protocol).
The Web Server basically constitutes the interface between
users and web based applications and databases.

Types of Web Server attack
 DOS attack
 Website Defacement
 Directory Traversal
 Misconfiguration attacks
 Phishing Attack

DOS attack
An attacker may cause a denial of service attack by sending
numerous service request packets overwhelming the servicing
capability of the web server, or he may try to exploit a
programming error in the application causing a DOS attack.

Website Defacement
SQL injection attacks are used to deface the website. When an
attacker finds out that input fields are not sanitized properly, he
can add SQL strings to maliciously craft a query which is
executed by the web browser.
Directory Traversal
This is vulnerability where an attacker is able to access beyond
the web root directory from the application.

Misconfiguration attacks
If unnecessary services are enabled or default configuration files are
used, verbose/error information is not masked; an attacker can
compromise the web server through various attacks like password
cracking, Error-based SQL injection, Command Injection, etc.
Phishing Attack
An attacker may redirect the victim to malicious websites by
sending him/her a malicious link by email which looks authentic,
but redirects him/her to malicious web page thereby stealing their
data.

PROTECTIVE HTTP HEADERS
HTTP security headers are a fundamental part of website
security. Upon implementation, they protect you against the
types of attacks that your site is most likely to come across.
These headers protect against XSS, code injection, clickjacking,
etc.
Websites that use security headers are said to be hardened
against security threats.

Types of Security Headers
➢ Content-Security-Policy (CSP)
➢ Strict-Transport-Security Header (HSTS)
➢ X-Content-Type-Options
➢ X-Frame-Options
➢ Referrer-Policy

Content-Security-Policy (CSP)
A content security policy (CSP) helps to protect a website and
the site visitors from Cross Site Scripting (XSS) attacks and from
data injection attacks.
Strict-Transport-Security Header (HSTS)
The Strict-Transport-Security Header is also called the HTTP
Strict Transport Security header (HSTS).
Many websites only have a 301 redirect from HTTP to HTTPS.

X-Content-Type-Options
This security header stops certain kinds of exploits that can happen,
for example, through malicious user-generated content.
X-Frame-Options
The X-Frame-Options security header helps stop click-jacking
attacks.
The X-Frame-Options header works by preventing a web page from
being rendered within an iframe.

Referrer-Policy
The purpose of a Referrer-Policy header is to allow a website
publisher to control what information is sent when a site visitor
clicks a link to visit another website.
When a site visitor clicks a link and lands on another site, the
visitor’s browser provides information about what web page
sent that visit.

UNDERSTANDING SESSION HIJACKING
Session hijacking is as the term suggests. A user in a session can
be hijacked by an attacker and lose control of the session
altogether, where their personal data can easily be stolen.
After a user starts a session such as logging into a banking
website, an attacker can hijack it.

UNDERSTANDING SESSION HIJACKING
Prevention of Session hijacking
➢ Session hijacking can be protected by taking preventive measures
on the client side.
➢ Software Updating, End Point Security will be a key from a user
side.
➢ Having Biometric authentication for every user session can
prevent attacks.
➢ End to End encryption can be done between the user browser
and web server using secure HTTP or SSL.
➢ We can have the session value stored in the session cookie.

PHASES INVOLVED IN SESSION HIJACKING
Session hijacking refers to an attack on a user session by a
hacker.
The session is live when we log into any service. The best use
case is when we log in to our web application, say banking
application, to do some financial transaction.

Methods of session hijacking
➢ Session Fixation
➢ Session Side Jacking
➢ Cross Site Scripting
➢ Malware
➢ Brute Force

Session Fixation
➢ The hacker or attacker already has information about the
session ID of the user.
➢ The hacker would have sent the email containing the Session
ID.
➢ Attacker has to wait for the user to login.

Session Side Jacking
➢ Hacker uses the packet sniffing technique to find the network
traffic between two
parties.
➢ Hacker then steals the session cookie.
➢ Most possible attacks happen in Unsecured Wi-Fi Spots.

Cross Site Scripting
➢ Attacker sends the user a running code to get a copy of the
cookie.
➢ For the user, these seem trustworthy as it is the server
information.
➢ Typically, the hacker uses client-side script, such as
JavaScript.

Malware
➢ Unwanted programs to steal the browser cookie files
➢ Performed without a user knowledge to obtain file or
memory contents of the
user’s computer or the server
➢ Hacker creates a client browser temporary local storage
called as Cookie Jar.

Brute Force
➢ Hacker uses key generation algorithms to get the session ID.
➢ Algorithm recognizes the sequential keys.
➢ Maximizes the predictable sessions and accesses the user's
active session.
➢ Entropy is compromised using Brute Force and hacker is
successful in stealing the
information.

TYPES OF SESSION HIJACKING
➢ Cross-Site Scripting (XSS)
➢ Session Side-Jacking aka Session Sniffing
➢ Session Fixation
➢ Predictable Session IDs and Brute Force
➢ Man in the Browser

Cross-Site Scripting (XSS)
Cross-site scripting (XSS) is one of the biggest risks and most
popular approaches for session hijacking.
XSS occurs when the attacker finds vulnerabilities in the target
server or application and takes advantage by injecting client-
side scripts onto the webpage.

Session Side-Jacking aka Session Sniffing
Session side-jacking, also known as session sniffing, is a more
active type of hijacking attack. In this case, attackers will use
packet sniffing like Wireshark or Kismet to monitor network
traffic and steal session cookies after authentication.

Session Fixation
Session fixation occurs when attackers can set a user’s session
ID.
This type of attack requires a vulnerability in the target website
that allows session IDs to be set via URLs or forms.

Predictable Session IDs and Brute Force
Many websites follow a pattern for issuing session IDs, and in
some cases, it may be as simple as making it the user’s IP
address.
In these cases, attackers can monitor the session IDs that get
issued to determine the pattern.

Man in the Browser
A man in the browser attack, also known as a man in the middle
or malware attack, first requires attackers to infect a user’s
computer with malware.

SESSION HIJACKING TOOLS
Session hijacking is a type of attack where a malicious actor
takes over a user's session on a network in order to obtain
sensitive information.
Some of the most common types of session hijacking are IP
spoofing and man-in-the-middle attacks.
IP spoofing involves a hacker disguising his or her IP address as
a legitimate IP address on a network.

Tools of Session Hijacking
Burp Suite Ettercap
OWASP ZAP BetterCAP
netool toolkit WebSploit Framework
Sslstrip JHijack
Cookie Cadger CookieCatcher
Hamster Firesheep

Ettercap
Ettercap is a comprehensive suite for man in the middle attacks.
It features sniffing of live connections, content filtering on the
fly and many other interesting tricks.
It supports active and passive dissection of many protocols and
includes many features for network and host analysis.

BetterCAP
bettercap is a powerful, easily extensible and portable
framework written in Go which aims to offer to security
researchers, red teamers and reverse engineers an easy to use,
all-in-one solution with all the features they might possibly
need for performing reconnaissance and attacking WiFi
networks, Bluetooth Low Energy devices, wireless HID devices
and IPv4/IPv6 networks.

JHijack
A Java Hijacking tool for web application session security
assessment. A simple Java Fuzzer that can mainly be used for
numeric session hijacking and parameter enumeration.
Firesheep
A Firefox extension that demonstrates HTTP session hijacking
attacks.

INTRODUCTION TO CRYPTOGRAPHY
Cryptography is the practice and study of techniques for securing
communication and data in the presence of adversaries.
Cryptography is the science of using mathematics to encrypt and
decrypt data.
Cryptanalysts are also called attackers.
Cryptology embraces both cryptography and cryptanalysis.

Types of Cryptography
➢ Symmetric Key Cryptography
➢ Asymmetric Key Cryptography
➢ Hash Functions

Symmetric Key Cryptography
Also known as Secret Key Cryptography or Conventional
Cryptography, Symmetric Key Cryptography is an encryption
system in which the sender and receiver of a message share a
single, common key that is used to encrypt and decrypt the
message.

Asymmetric Key Cryptography
Asymmetric cryptography, also known as Public-key cryptography,
refers to a cryptographic algorithm which requires two separate
keys, one of which is private and one of which is public.

Hash functions
A cryptographic hash function is a hash function that takes an
arbitrary block of data and returns a fixed-size bit string, the
cryptographic hash value, such that any (accidental or intentional)
change to the data will change the hash value.

Elements of Cryptography
Cryptography involves constructing and analyzing protocols that
prevent third parties from reading private messages. A
cryptographic system, shortened as cryptosystem, refers to a
computer system that employs cryptography.

PRIVATE-KEY ENCRYPTION
Private key encryption is the form of encryption where only a
single private key can encrypt and decrypt information.
The private key may be stolen or leaked. Key management
requires prevention of these risks and necessitates changing the
encryption key often, and appropriately distributing the key.
A private key is a secret number that is used in cryptography and
cryptocurrency.

PUBLIC-KEY ENCRYPTION
Asymmetric is a form of Cryptosystem in which encryption and
decryption are performed using different keys-Public key (known
to everyone) and Private key (Secret key). This is known as Public
Key Encryption.

Components of Public Key Encryption
Plain Text
This is the message which is readable or understandable. This
message is given to the Encryption algorithm as an input.
Cipher Text
The cipher text is produced as an output of Encryption algorithm.
We cannot simply understand this message.

Encryption Algorithm
The encryption algorithm is used to convert plain text into cipher
text.
Decryption Algorithm
It accepts the cipher text as input and the matching key (Private
Key or Public key) and produces the original plain text
Public and Private Key
One key either Private key (Secret key) or Public Key (known to
everyone) is used for encryption and other is used for decryption.

Applications of the Public Key Encryption
Encryption/Decryption
Digital signature
Key exchange

CRYPTOGRAPHIC HASH FUNCTIONS
A hash function is a unique identifier for any given piece of
content.
It’s also a process that takes plaintext data of any size and converts
it into a unique ciphertext of a specific length.

CRYPTOGRAPHIC HASH FUNCTIONS
Properties of Cryptographic hash functions
Non-reversibility, or one-way function. A good hash should
make it very hard to reconstruct the original password from the
output or hash.
Diffusion, or avalanche effect. A change in just one bit of the
original password should result in change to half the bits of its
hash. In other words, when a password is changed slightly, the
output of enciphered text should change significantly and
unpredictably.

DIGITAL SIGNATURE AND CERTIFICATE
A digital signature is a mathematical technique used to validate
the authenticity and integrity of a message, software or digital
document.
It's the digital equivalent of a handwritten signature or stamped
seal, but it offers far more inherent security.
A digital signature is intended to solve the problem of tampering
and impersonation in digital communications.

APPLICATIONS OF CRYPTOGRAPHY
Cryptography is the method of transmitting secured data and
communications via few codes so that only the destined person
knows about the actual information that is transmitted.
This form of process intercepts unauthorized accessibility for the
data.
So, in clear the name itself indicates that “crypt” refers to “hidden”
to “writing”.

➢ Digital Currency
➢ E-commerce
➢ Military Operations
➢ Reliability in Transmission
➢ Authentication of Identity

Digital Currency
A much-known application of cryptography is digital currency
wherein cryptocurrencies are traded over the internet. Top
cryptocurrencies like Bitcoin, Ethereum, and Ripple have been
developed and traded over time.

E-commerce
With the current pandemic shackling us to our homes, the rise of e-
commerce has been tremendous.
Military Operations
The applications of cryptography in the military are well-known.
Military operations have also derived great use from cryptography for
a long time. Used for encrypting military communication channels,
military encryption devices convert the real communication characters
so that the enemies cannot come to know about their upcoming plans.

Reliability in Transmission
A conventional approach that allows reliability is to carry out a
checksum of the communicated information and then
communicate the corresponding checksum in an encrypted
format.

Authentication of Identity
Cryptography is strongly linked to the approach of using
passwords, and innovative systems probably make use of strong
cryptographic methods together with the physical methods of
individuals and collective secrets offering highly reliable
verification of identity.

STEGANOGRAPHY
Steganography is the practice of hiding a secret message inside of
(or even on top of)something that is not secret. That something
can be just about anything you want.
These days, many examples of steganography involve embedding a
secret piece of text inside of a picture. Or hiding a secret message
or script inside of a Word or Excel document.

STEGANOGRAPHY
Types of Steganography
Text Steganography
There is steganography in text files, which entails secretly storing
information. In this method, the hidden data is encoded into the letter
of each word.
Image Steganography
The second type of steganography is image steganography, which
entails concealing data by using an image of a different object as a
cover. Pixel intensities are the key to data concealment in image
steganography.

BIOMETRIC AUTHENTICATION
Biometric authentication refers to the security procedure that
involves the use of unique biological characteristics of individuals
such as retinas, irises, voices, facial characteristics, and
fingerprints in order to verify people are who they claim to be.

Fingerprint scanners
Fingerprint scanners — the most common form of biometric
authentication method — scan the swirls and ridges unique to
every person’s fingertips.
Current technological advances have resulted in scanners that go
beyond fingerprint ridges to scan for vascular patterns.

Facial recognition
Like the fingerprint scanner, facial recognition technology scans a
face based on approved and stored parameters and
measurements. These parameters are collectively called face
prints.

Voice recognition
This version of scanning technologies focuses on vocal
characteristics to distinguish one person from another.
A voice is captured to a database, and several data points are
recorded as parameters for a voiceprint.

Eye scanners
Eye scanners include retina and iris scanners. A retina scanner
projects a bright light at an eye to highlight blood vessel patterns
that a scanner can read.
These readings are compared to the information saved in the
database.

NETWORK-BASED ATTACKS
Network-based attacks are attacks designed to compromise
network security by either eavesdropping on or intercepting and
manipulating network traffic.
These may be active attacks, wherein the hacker manipulates
network activity in real-time; or passive attacks, wherein the
attacker sees network activity but does not attempt to modify it.

Kinds of network attacks
Sniffing
A sniffing attack involves an attacker getting into the network
data-stream and reading, monitoring or capturing full packets of
data flowing between a client and a server.
A hacker intercepting a network packet containing unencrypted
information can cause severe damage to the organization or entity
that owns the data.

Eavesdropping
Eavesdropping attacks are similar to sniffing attacks, except that
they are usually passive, easier to carry out and may not involve
full packets of data.
They involve an attacker listening to information flowing between
networks to get private information, and often target one-on-one
communication.

Spoofing
Spoofing refers to a malicious actor pretending to be a legitimate
entity or someone s/he is not. In the context of network security, it
usually means “a computer spoofing an IP address, Address
Resolution Protocol (ARP), or Domain Name System (DNS)server”.

Denial-of-Service
Denial-of-Service (DoS) attacks block or disrupt an organization or
business’s ability to use its own resources such as network
bandwidth, system resources (CPU, memory), and application
resources (web server, DNS server).

DNS AND EMAIL SECURITY
The term DNS security refers to the protection measures that
involve the DNS protocol.
DNS (Domain Name System) has not been created using a
security-by-design approach.

EthicalHacking.pptx

More Related Content

Similar to EthicalHacking.pptx (20)

More from DrPrabakaranPerumal (11)

Recently uploaded (20)

EthicalHacking.pptx