SlideShare a Scribd company logo

Introduction to Basics of Ethical Hacking and Penetration Testing -Unit No. 1.pptx

Download as PPTX, PDF
A
AshutoshDeshmukh33

Introduction to Basics of Ethical Hacking and Penetration Testing

Data & Analytics
1 of 59
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
414452:Elective – VI (Ethical Hacking and Security) BE IT Unit No. 1: Introduction to Basics of Ethical Hacking and Penetration Testing Prepared By: Mr. Salve B. S
Syllabus Unit No. 1: Introduction to Basics of Ethical Hacking and Penetration Testing. Introduction to basic Terminologies of Ethical Hacking, CIA(confidentiality, Integrity Availability , Types of Hackers , Ethical Hacking Process, Different tools for Ethical Hacking, Introduction to Kali Linux, What Is a Penetration Test, Vulnerability Assessments versus Penetration Test, Types of Penetration Testing: Network Penetration Test, Web Application Penetration Test, Mobile Application Penetration Test, Social Engineering Penetration Test, Physical Penetration Test
Introduction to basic Terminologies of Ethical Hacking • The first known event of hacking had taken place in 1960 at MIT and at the same time, the term "Hacker" was originated. • Ethical Hacking: Hacking is usually legal as long as it is being done to find weaknesses in a computer or network system for testing purpose. • A computer expert who does the act of hacking is called a "Hacker". • Types of Hacking: Website Hacking, Network Hacking, Email Hacking, Ethical Hacking , Password Hacking, Computer Hacking
Introduction to basic Terminologies of Ethical Hacking • Advantages of Hacking: • To recover lost information, especially in case you lost your password. • To perform penetration testing to strengthen computer and network security. • To put adequate preventative measures in place to prevent security breaches. • To have a computer system that prevents malicious hackers from gaining access. Purpose of Hacking: Just for fun, Show-off, Steal important information, Damaging the system, Hampering privacy, Money extortion, System security testing, To break policy compliance
Introduction to basic Terminologies of Ethical Hacking • Advantages of Hacking: • To recover lost information, especially in case you lost your password. • To perform penetration testing to strengthen computer and network security. • To put adequate preventative measures in place to prevent security breaches. • To have a computer system that prevents malicious hackers from gaining access. Purpose of Hacking: Just for fun, Show-off, Steal important information, Damaging the system, Hampering privacy, Money extortion, System security testing, To break policy compliance
Ethical Hacking - Hacker Types Based on their intent of hacking a system: • white hat (Ethical Hackers) • black hat (crackers) • grey hat, • These different terms come from old Spaghetti Westerns, where the bad guy wears a black cowboy hat and the good guy wears a white hat. • Based on what they hack and how they do it: • Miscellaneous Hackers: Red Hat Hackers, Blue Hat Hackers, Elite Hackers,
Famous Hackers Jonathan James Jonathan James was an American hacker, illfamous as the first juvenile sent to prison for cybercrime in United States. He committed suicide in 2008 of a self-inflicted gunshot wound. In 1999, at the age of 16, he gained access to several computers by breaking the password of a server that belonged to NASA and stole the source code of the International Space Station among other sensitive information.
Famous Hackers Ian Murphy Ian Murphy, also known as Captain Zap, at one point of time was having high school students steal computer equipment for him. Ian self proclaims to have been "the first hacker ever convicted of a crime". Ian's career as a master hacker was fabricated in 1986 after he and his unemployed wife decided to form some type of business. He has a long history of computer and Internet frauds. One of his favourite games is to forge Email headers and to send out third-party threat letters.
Famous Hackers Mark Abene He was one of the first hackers to openly debate and defend the positive merits of ethical hacking as a beneficial tool to industry. His expertise spreads across penetration studies, on-site security assessments, secure code reviews, security policy review and generation, systems and network architecture, systems administration and network management, among many others
Famous Hackers Mark Abene He was one of the first hackers to openly debate and defend the positive merits of ethical hacking as a beneficial tool to industry. His expertise spreads across penetration studies, on-site security assessments, secure code reviews, security policy review and generation, systems and network architecture, systems administration and network management, among many others
Ethical Hacking - Terminologies list of important terms used in the field of hacking. 1. Adware: software designed to force pre-chosen ads to display on your system. 2. Attack 3. Back door: hidden entry to a computing device or software that bypasses security 4. Bot : is a program that automates an action 5. Botnet: Known as zombie army, is a group of computers controlled without their owners’ knowledge. 6. Brute force attack: method to gain access to a system or website, combination of usernames and passwords, 7. Buffer Overflow: 8. Clone phishing modification of an existing, legitimate email with a false link to trick the recipient into providing personal information.
Ethical Hacking - Terminologies list of important terms used in the field of hacking. 1. Denial of service attack (DoS): malicious attempt to make a server or a network resource unavailable to users. 2. Firewall: filter designed to keep unwanted intruders outside a computer system or network while allowing safe communication between systems and network. 3. Malware: computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. 4. SQL Injection 5. Threat 6. Trojan 7. Virus 8. Vulnerability − A vulnerability is a weakness which allows a hacker to compromise the
CIA (confidentiality, Integrity Availability) • Designed to guide policies for information security within an organization. Confidentiality Confidentiality refers to protecting information from unauthorized access. Integrity means data are trustworthy, complete, and have not been accidentally altered or modified by an unauthorized user Availability Availability means data are accessible when you need them.
Ethical Hacking Process a Certified Ethical Hacker, the entire process can be categorized into the following six phases.
Ethical Hacking Process 1. Reconnaissance: • The attacker gathers information about a target using active or passive means. • Tools : NMAP, Hping, Maltego, and Google Dorks. 2. Scanning • The attacker begins to actively probe a target machine or network for vulnerabilities that can be exploited. • The tools : Nessus, Nexpose, and NMAP. 3. Gaining Access • The vulnerability is located and you attempt to exploit it in order to enter into the system. • Tool : Metasploit. 4. Maintaining Access • The hacker has already gained access into a system. • The hacker installs some backdoors in order to enter into the system when he needs access in this owned system in future. • Tool: Metasploit
Ethical Hacking Process 5. Clearing Tracks • An unethical activity. • It has to do with the deletion of logs of all the activities. 6. Reporting • To finishing the ethical hacking process. • The Ethical Hacker compiles a report with his findings an • Which the tools used, What is the success rate, vulnerabilities found, and the exploit processes.
Different Tools used for Ethical Hacking NMAP(Network Mapper) : scan large networks, network discovery and security auditing Nmap uses raw IP packets to determine − • what hosts are available on the network, • what services those hosts are offering, • what operating systems they are running on, • what type of firewalls are in use, and other such characteristics.
Different Tools used for Ethical Hacking Metasploit : • exploit tools. • www.metasploit.com. • It comes in two versions − commercial and free edition. • Matasploit can be used with command prompt or with Web UI. Operations − • Conduct basic penetration tests on small networks • Run spot checks on the exploitability of vulnerabilities • Discover the network or import scan data • Browse exploit modules and run individual exploits on hosts
Different Tools used for Ethical Hacking Burp Suit • used for performing security testing of web applications. • It has various tools that work in collaboration to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Different Tools used for Ethical Hacking • Angry IP Scanner: IP address and port scanner. • IP address and port scanner: password recovery tool for Microsoft Operating Systems. • Ettercap: Ethernet Capture. It is a network security tool for Man-in-the-Middle attacks. • EtherPeek: simplifies network analysis in a multiprotocol heterogeneous network environment.
Different Tools used for Ethical Hacking • SuperScan: network administrators to scan TCP ports and resolve hostnames. QualysGuard includes a set of tools that can monitor, detect, and protect your global network. • WebInspect: web application security assessment tool that helps identify known and unknown vulnerabilities within the Web application layer. • Network Stumbler: WiFi scanner and monitoring tool for Windows
Introduction to Kali Linux • Developed by Mati Aharoni and Devon Kearns. • Website: https://www.kali.org/ • OS for network analysts, Penetration testers, • It is for those who work under the umbrella of cybersecurity and analysis
Introduction to Kali Linux
What Is a Penetration Test • A penetration test (pen test) is an authorized simulated attack performed on a computer system to evaluate its security. • Penetration testers use the same tools to find and demonstrate the business impacts of weaknesses in a system. • Penetration tests usually simulate a variety of attacks that could threaten a business. • Benefits: • Find weaknesses in systems • Determine the robustness of controls • Support compliance with data privacy and security regulations
What Is a Penetration Test
What Is a Penetration Test Types of pen tests: 1. pen-box pen test: The hacker will be provided with some information ahead of time regarding the target company’s security info. 2. Closed-box pen test - ‘single-blind’ test, the hacker is given no background information besides the name of the target company. 3. Covert pen test - ‘double-blind’ pen test, this is a situation where almost no one in the company is aware that the pen test is happening, including the IT and security professionals who will be responding to the attack. 4. External pen test - the ethical hacker goes up against the company’s external- facing technology, such as their website and external network servers. 5. Internal pen test - the ethical hacker performs the test from the company’s internal network.
Vulnerability Assessments versus Penetration Test S.No. Penetration Testing Vulnerability Assessments 1. This is meant for critical real-time systems. This is meant for non-critical systems. 2. This is ideal for physical environments and network architecture. This is ideal for lab environments. 3. It is non-intrusive, documentation and environmental review and analysis. Comprehensive analysis and through review of the target system and its environment. 4. It cleans up the system and gives final report. It attempt to mitigate or eliminate the potential vulnerabilities of valuable resources. 5. It gathers targeted information and/or inspect the system. It allocates quantifiable value and significance to the available resources. 6. It tests sensitive data collection. It discovers the potential threats to each resource. 7. It determines the scope of an attack. It makes a directory of assets and resources in a given system.
Types of Penetration Testing The type of penetration testing normally depends on the scope and the organizational wants and requirements
Types of Penetration Testing 1. Black Box Penetration Testing: • Tester has no idea about the systems that he is going to test • To gather information about the target network or system • Not examine any programming codes.
Types of Penetration Testing Advantages of Black Box Penetration Testing: 1. Tester need not necessarily be an expert, as it does not demand specific language knowledge 2. Tester verifies contradictions in the actual system and the specifications 3. Test is generally conducted with the perspective of a user, not the designer Disadvantages of Black Box Penetration Testing: 1. Particularly, these kinds of test cases are difficult to design. 2. Possibly, it is not worth, incase designer has already conducted a test case. 3. It does not conduct everything.
Types of Penetration Testing White Box Penetration Testing • Tester has been provided with whole range of information about the systems and/or network such as Schema, Source code, OS details, IP address, etc. • Examines the code coverage and does data flow testing, path testing, loop testing, etc. • It is also known as structural, glass box, clear box, and open box testing.
Types of Penetration Testing Advantages of White Box Penetration Testing: • It ensures that all independent paths of a module have been exercised. • It ensures that all logical decisions have been verified along with their true and false value. • It discovers the typographical errors and does syntax checking.
Types of Penetration Testing Grey Box Penetration Testing • A tester usually provides partial or limited information about the internal details of the program of a system. • It can be considered as an attack by an external hacker. • who had gained illegitimate access to an organization's network infrastructure documents.
Types of Penetration Testing Advantages of Grey Box Penetration Testing • As the tester does not require the access of source code. • As there is clear difference between a developer and a tester, so there is least risk of personal conflict • You don’t need to provide the internal information about the program functions and other operations
Network Penetration Testing • Network penetration tests should be performed to protect your business from common network-based attacks.
Network Penetration Testing • Physical structure of a system needs to be tested to identify the vulnerability and risk which ensures the security in a network. • A tester identities security flaws in design, implementation, or operation of the respective company/organization’s network. • The devices, which are tested by a tester can be computers, modems, or even remote access devices, etc.
Network Penetration Testing Network penetration tests should be performed to protect your business from common network-based attacks including. • Firewall Misconfiguration And Firewall Bypass • Router Attacks • DNS Level Attacks: • Switching Or Routing Based Attacks • SSH Attacks • Proxy Server Attacks • Unnecessary Open Ports Attacks • Database Attacks • Man In The Middle (MITM) Attacks • FTP/SMTP Based Attacks
Web Application Penetration Testing
Web Application Penetration Testing Tools are used for web application penetration testing: • Astra Security Scan • Acunetix • HackerOne • Burp Suite • Browser’s Developer Tools • NMap • Zenmap • ReconDog • Nikto
Web Application Penetration Testing Benefits of web application penetration testing: 1. It helps you satisfy compliance requirements. 2. It helps you assess your infrastructure. 3. It identifies vulnerabilities. 4. It helps confirm security policies
Web Application Penetration Testing How is penetration testing performed for web applications? 1. Configure your tests. 2. Execute your tests. • External penetration tests that analyse components accessible to hackers via the internet, like web apps or websites • Internal penetration tests that simulate a scenario in which a hacker has access to an application behind your firewalls 3. Analyze your tests
Manual Web Application Penetration Testing 1. Information Gathering 2. Planning Analysis 3. Vulnerability Detection 4. Penetration testing 5. Reporting 6. Analyze your tests
Mobile Application Penetration Testing The importance : 1. It is multi-layered. 2. It’s about securing user data, preserving the app’s integrity, and defending the reputation of businesses Tools Used: 1. Astra Security 2. ZAP (Zed Attack Proxy) 3. Burp Suite 4. Mobile Security Framework (MobSF) 5. Kali Linux NetHunter 6. Data Theorem
Mobile Application Penetration Testing What is Android penetration testing? • Mobile or Android penetration testing aims to detect security vulnerabilities and ensure that mobile applications are not vulnerable to attacks. • Modern Android applications are used for commercial purposes, healthcare, banking, learning, and more. • These mobile applications, apart from holding sensitive information, also contain security vulnerabilities. • Penetration testers and developers can find and fix these vulnerabilities and mitigate security risks.
Mobile Application Penetration Testing Examples of Attack: • In 2021, the payment application Klarna suffered an application flaw that caused users to log in to random accounts of other customers and expose sensitive personal and credit card information. • ParkMobile, the company behind an app for cashless parking across the United States, is still battling a class action lawsuit from a 2021 mobile app data breach that affected 21 million users.
Mobile Application Penetration Testing Android package (APK) file structure
Mobile Application Penetration Testing Android package (APK) file structure: • It contains all the files (code and assets) that are required in order for the Android application to run. • METTA-INF: Contains verification information that is generated when the app is signed. • MANIFEST.MF: Contains a list of names/hashes (usually SHA256 in Base64) for all the files of the APK. • CERT.SF: Contains a list of names/hashes of the corresponding lines in the MANIFEST.MF file. • CERT.RSA: This file contains the public key and the signature of CERT.SF. • Assets: Contains assets that developers bundle with the application, and can be retrieved by the Assets Manager. These assets can be images, videos, documents, databases, etc.
Mobile Application Penetration Testing Android package (APK) file structure: • lib: Contains native libraries with compiled code, for different device architectures. • res: Contains predefined application resources, like XML files that define a state list of colors, user interface layout, fonts, values, etc. • AndroidManifest.xml: A manifest file that describes the application's package name, activities, resources, version, etc. • classes.dex: Contains all the java classes in a dex (Dalvik Executable) file format, to be executed by the Android Runtime. • resources.arsc: Contains precompiled resources. It holds information that will link the code to resources.
Mobile Application Penetration Testing Start with the OWASP Mobile Top Ten to find vulnerabilities: • The Open Web Application Security Project (OWASP) is a nonprofit foundation that provides security tips and methodologies mainly for web applications. • In 2016 OWASP created their latest list of Mobile Top 10 Vulnerabilities. 1. Improper platform usage 2. Insecure data storage 3. Insecure communication 4. Insecure authentication 5. Insufficient cryptography 6. Insecure authorization 7. Poor code quality 8. Code tampering 9. Code tampering 10. Extraneous functionality
Social Engineering Penetration Test • Testing focuses on people and processes and the vulnerabilities associated with them. • To identify weaknesses in a person, group of people, or process and identify vulnerabilities with a clear path to remediation. • Types of Attack: 1. Phishing 2. Vishing 3. Smishing 4. Impersonation 6. Dumpster Diving 7. USB Drops 8. Tailgating
Social Engineering Penetration Test 1. Phishing: It occurs via email and attempts to trick the user in to giving up sensitive information or opening a malicious file that can infect their machine. 2. Vishing: It occurs via phone calls. These phones calls attempt to trick the user into giving up sensitive information. 3. Smishing It occurs via SMS text messages. These text messages have the same intent as phishing. 4. Impersonation It is a method where the attacker attempts to fool a person into believing they are someone else. E.g. this attack would be pretending to be a delivery person. In some cases, delivery personnel have little restrictions and can gain access to secure areas without question.
Social Engineering Penetration Test 5. Dumpster Diving: An attacker goes through not only trash but other items in plain sight, such as sticky notes and calendars, to gain useful information about a person or organization. 6. USB Drops It uses malicious USB’s dropped in common areas throughout a workspace. The USBs typically contain software that, when plugged in, install malicious software that can provide a backdoor into a system or transfer files with common file extensions. 7. Tailgating It is used to bypass physical security measures. You typically see this method used in locations that require a person to scan a key fob to gain entrance.
Social Engineering Penetration Test Methods Used To Perform Social Engineering Attacks: • information gathering, victim selection, and engagement with victims.. • Common social engineering methods are active and passive reconnaissance and open-source intelligence (OSINT). • Active reconnaissance: an attempt to gain information about a target while engaging with the target. • Passive Reconnaissance: Take the help of social media sites like Facebook or LinkedIn. • For example, an attacker could use information of a planned vacation posted on Facebook to know when you’ll be out of town. Once gone, they could search your home for ways to access the company’s network. • Open-Source Intelligence (OSINT): Refers to the type of data that has been collected.
Social Engineering Penetration Test
Social Engineering Penetration Test Steps To Performing A Social Engineering Penetration Test: Step 1: Test Planning And Scoping Step 2: Attack Vector Identification Step 3: Penetration Attempts Step 4: Reporting A typical pen testing report consists of: • An executive summary • A walkthrough of technical risks found • The potential impact of the vulnerabilities found • The remediation options available for each vulnerability found • Your concluding thoughts of the pen test • Vulnerability Elimination Step 5: Closing thoughts
Physical Penetration Test
Physical Penetration Test What is Physical Penetration Test: • An assessment of the physical security controls of an organization. • Physical security controls include locks, fences(a barrier), security guards, cameras, and others. Techniques: • RFID-Cloning • Tailgating – Tailgating simply means using social engineering to try to get an employee to hold the door open for you or just grab the door before it closes • Circumventing access controls : to gain access such as crawling under or over fences, using a metal rod to reach under the door and pull the handle, etc. • Lock Picking
Physical Penetration Test Who conducts penetration testing? “Pen testing is carried out by a covert team of security experts who check an organization’s physical security measures — how they work, whether they work — to keep places, people, and assets safe,”
Thank you…

More Related Content

DOCX
Final report ethical hacking
samprada123
 
PPTX
Cyber Security PPT
ashish kumar
 
PPT
Ethical hacking
Ravi Rajput
 
PDF
Hacking and Ethical Hacking
Masih Karimi
 
PPTX
EthicalHacking.pptx
DrPrabakaranPerumal
 
PPTX
ETHICAL HACKING BY HRITIK JAGE
Hritik Jage
 
PDF
A REVIEW PAPER ON ETHICAL HACKING
Nathan Mathis
 
DOCX
Ethical Hacking
Sanu Subham
 
Final report ethical hacking
samprada123
 
Cyber Security PPT
ashish kumar
 
Ethical hacking
Ravi Rajput
 
Hacking and Ethical Hacking
Masih Karimi
 
EthicalHacking.pptx
DrPrabakaranPerumal
 
ETHICAL HACKING BY HRITIK JAGE
Hritik Jage
 
A REVIEW PAPER ON ETHICAL HACKING
Nathan Mathis
 
Ethical Hacking
Sanu Subham
 

Similar to Introduction to Basics of Ethical Hacking and Penetration Testing -Unit No. 1.pptx (20)

PPTX
Ethical Hacking
Chetanmalviya8
 
DOCX
ethical hacking report
Akhilesh Patel
 
PPTX
Ethical Hacking
Nitheesh Adithyan
 
PPTX
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
FerozaMirajkar1
 
PPTX
Learn Hacking With Gflixacademy
Gaurav Mishra
 
PPTX
ethical hacking
samprada123
 
PPTX
Ethical Hacking
Tharindu Kalubowila
 
DOC
Ethical hacking1
Faheen Ahmed
 
DOCX
Ethical hacking
ANKITA VISHWAKARMA
 
PPTX
Ethical hacking
Samip Shah
 
PPTX
ETHICAL HACKING
miltonnancy
 
PDF
Vulnerability Prevention Using Ethical Hacking.pdf
MithunJV
 
PPTX
Ethical Hacking justvamshi .pptx
vamshimatangi
 
PPTX
Ethical hacking
Institute of Information Security (IIS)
 
PPTX
Ethical hacking : Beginner to advanced
Kavin K
 
PPT
Ethical hacking a licence to hack
Dharmesh Makwana
 
DOCX
Ethical hacking
Rajan Chhangani
 
PPTX
building foundation for ethical hacking.ppt
ShivaniSingha1
 
PDF
Ethical hacking
Mohammad Affan
 
PPTX
GETTING STARTED WITH THE ETHICAL HACKING.pptx
BishalRay8
 
Ethical Hacking
Chetanmalviya8
 
ethical hacking report
Akhilesh Patel
 
Ethical Hacking
Nitheesh Adithyan
 
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
FerozaMirajkar1
 
Learn Hacking With Gflixacademy
Gaurav Mishra
 
ethical hacking
samprada123
 
Ethical Hacking
Tharindu Kalubowila
 
Ethical hacking1
Faheen Ahmed
 
Ethical hacking
ANKITA VISHWAKARMA
 
Ethical hacking
Samip Shah
 
ETHICAL HACKING
miltonnancy
 
Vulnerability Prevention Using Ethical Hacking.pdf
MithunJV
 
Ethical Hacking justvamshi .pptx
vamshimatangi
 
Ethical hacking
Institute of Information Security (IIS)
 
Ethical hacking : Beginner to advanced
Kavin K
 
Ethical hacking a licence to hack
Dharmesh Makwana
 
Ethical hacking
Rajan Chhangani
 
building foundation for ethical hacking.ppt
ShivaniSingha1
 
Ethical hacking
Mohammad Affan
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
BishalRay8
 

Recently uploaded (20)

PPT
Reliability_Chapter_ presentation 1221.5784
abobaker13
 
PPT
Chapter 3 METAL JOINING.pptnnnnnnnnnnnnn
JanakiRaman206018
 
PDF
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
 
PPTX
Introduction-to-Cloud-ComputingFinal.pptx
testnet29393883
 
PDF
Clinical guidelines as a resource for EBP(1).pdf
MashalKhan626345
 
PPTX
Understanding Prototyping in Design and Development
SadiaJanjua2
 
PPTX
Measurement of Afordability for Water Supply and Sanitation in Bangladesh .pptx
akmibrahimbd
 
PPTX
Supervised vs unsupervised machine learning algorithms
agarwal18harsh08
 
PDF
Launch Your Data Science Career in Kochi – 2025
sharafas2563
 
PPTX
DISORDERS OF THE LIVER, GALLBLADDER AND PANCREASE (1).pptx
chepkoitcheruiyot
 
PDF
Mega Projects Data Mega Projects Data
saidsalah8181
 
PPTX
ALIMENTARY AND BILIARY CONDITIONS 3-1.pptx
chepkoitcheruiyot
 
PPTX
Moving the Public Sector (Government) to a Digital Adoption
PaulYoung221210
 
PPTX
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
hshakobe3
 
PPTX
Major-Components-ofNKJNNKNKNKNKronment.pptx
dushyantsharma1221
 
PPTX
Global journeys: estimating international migration
Office for National Statistics
 
PDF
The Rise of Impact Investing- How to Align Profit with Purpose
Harsh Mishra
 
PDF
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
PPTX
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
PDF
Master Databricks SQL with AccentFuture – The Future of Data Warehousing
Accentfuture
 
Reliability_Chapter_ presentation 1221.5784
abobaker13
 
Chapter 3 METAL JOINING.pptnnnnnnnnnnnnn
JanakiRaman206018
 
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
 
Introduction-to-Cloud-ComputingFinal.pptx
testnet29393883
 
Clinical guidelines as a resource for EBP(1).pdf
MashalKhan626345
 
Understanding Prototyping in Design and Development
SadiaJanjua2
 
Measurement of Afordability for Water Supply and Sanitation in Bangladesh .pptx
akmibrahimbd
 
Supervised vs unsupervised machine learning algorithms
agarwal18harsh08
 
Launch Your Data Science Career in Kochi – 2025
sharafas2563
 
DISORDERS OF THE LIVER, GALLBLADDER AND PANCREASE (1).pptx
chepkoitcheruiyot
 
Mega Projects Data Mega Projects Data
saidsalah8181
 
ALIMENTARY AND BILIARY CONDITIONS 3-1.pptx
chepkoitcheruiyot
 
Moving the Public Sector (Government) to a Digital Adoption
PaulYoung221210
 
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
hshakobe3
 
Major-Components-ofNKJNNKNKNKNKronment.pptx
dushyantsharma1221
 
Global journeys: estimating international migration
Office for National Statistics
 
The Rise of Impact Investing- How to Align Profit with Purpose
Harsh Mishra
 
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
Master Databricks SQL with AccentFuture – The Future of Data Warehousing
Accentfuture
 

Introduction to Basics of Ethical Hacking and Penetration Testing -Unit No. 1.pptx

  • 1. 414452:Elective – VI (Ethical Hacking and Security) BE IT Unit No. 1: Introduction to Basics of Ethical Hacking and Penetration Testing Prepared By: Mr. Salve B. S
  • 2. Syllabus Unit No. 1: Introduction to Basics of Ethical Hacking and Penetration Testing. Introduction to basic Terminologies of Ethical Hacking, CIA(confidentiality, Integrity Availability , Types of Hackers , Ethical Hacking Process, Different tools for Ethical Hacking, Introduction to Kali Linux, What Is a Penetration Test, Vulnerability Assessments versus Penetration Test, Types of Penetration Testing: Network Penetration Test, Web Application Penetration Test, Mobile Application Penetration Test, Social Engineering Penetration Test, Physical Penetration Test
  • 3. Introduction to basic Terminologies of Ethical Hacking • The first known event of hacking had taken place in 1960 at MIT and at the same time, the term "Hacker" was originated. • Ethical Hacking: Hacking is usually legal as long as it is being done to find weaknesses in a computer or network system for testing purpose. • A computer expert who does the act of hacking is called a "Hacker". • Types of Hacking: Website Hacking, Network Hacking, Email Hacking, Ethical Hacking , Password Hacking, Computer Hacking
  • 4. Introduction to basic Terminologies of Ethical Hacking • Advantages of Hacking: • To recover lost information, especially in case you lost your password. • To perform penetration testing to strengthen computer and network security. • To put adequate preventative measures in place to prevent security breaches. • To have a computer system that prevents malicious hackers from gaining access. Purpose of Hacking: Just for fun, Show-off, Steal important information, Damaging the system, Hampering privacy, Money extortion, System security testing, To break policy compliance
  • 5. Introduction to basic Terminologies of Ethical Hacking • Advantages of Hacking: • To recover lost information, especially in case you lost your password. • To perform penetration testing to strengthen computer and network security. • To put adequate preventative measures in place to prevent security breaches. • To have a computer system that prevents malicious hackers from gaining access. Purpose of Hacking: Just for fun, Show-off, Steal important information, Damaging the system, Hampering privacy, Money extortion, System security testing, To break policy compliance
  • 6. Ethical Hacking - Hacker Types Based on their intent of hacking a system: • white hat (Ethical Hackers) • black hat (crackers) • grey hat, • These different terms come from old Spaghetti Westerns, where the bad guy wears a black cowboy hat and the good guy wears a white hat. • Based on what they hack and how they do it: • Miscellaneous Hackers: Red Hat Hackers, Blue Hat Hackers, Elite Hackers,
  • 7. Famous Hackers Jonathan James Jonathan James was an American hacker, illfamous as the first juvenile sent to prison for cybercrime in United States. He committed suicide in 2008 of a self-inflicted gunshot wound. In 1999, at the age of 16, he gained access to several computers by breaking the password of a server that belonged to NASA and stole the source code of the International Space Station among other sensitive information.
  • 8. Famous Hackers Ian Murphy Ian Murphy, also known as Captain Zap, at one point of time was having high school students steal computer equipment for him. Ian self proclaims to have been "the first hacker ever convicted of a crime". Ian's career as a master hacker was fabricated in 1986 after he and his unemployed wife decided to form some type of business. He has a long history of computer and Internet frauds. One of his favourite games is to forge Email headers and to send out third-party threat letters.
  • 9. Famous Hackers Mark Abene He was one of the first hackers to openly debate and defend the positive merits of ethical hacking as a beneficial tool to industry. His expertise spreads across penetration studies, on-site security assessments, secure code reviews, security policy review and generation, systems and network architecture, systems administration and network management, among many others
  • 10. Famous Hackers Mark Abene He was one of the first hackers to openly debate and defend the positive merits of ethical hacking as a beneficial tool to industry. His expertise spreads across penetration studies, on-site security assessments, secure code reviews, security policy review and generation, systems and network architecture, systems administration and network management, among many others
  • 11. Ethical Hacking - Terminologies list of important terms used in the field of hacking. 1. Adware: software designed to force pre-chosen ads to display on your system. 2. Attack 3. Back door: hidden entry to a computing device or software that bypasses security 4. Bot : is a program that automates an action 5. Botnet: Known as zombie army, is a group of computers controlled without their owners’ knowledge. 6. Brute force attack: method to gain access to a system or website, combination of usernames and passwords, 7. Buffer Overflow: 8. Clone phishing modification of an existing, legitimate email with a false link to trick the recipient into providing personal information.
  • 12. Ethical Hacking - Terminologies list of important terms used in the field of hacking. 1. Denial of service attack (DoS): malicious attempt to make a server or a network resource unavailable to users. 2. Firewall: filter designed to keep unwanted intruders outside a computer system or network while allowing safe communication between systems and network. 3. Malware: computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. 4. SQL Injection 5. Threat 6. Trojan 7. Virus 8. Vulnerability − A vulnerability is a weakness which allows a hacker to compromise the
  • 13. CIA (confidentiality, Integrity Availability) • Designed to guide policies for information security within an organization. Confidentiality Confidentiality refers to protecting information from unauthorized access. Integrity means data are trustworthy, complete, and have not been accidentally altered or modified by an unauthorized user Availability Availability means data are accessible when you need them.
  • 14. Ethical Hacking Process a Certified Ethical Hacker, the entire process can be categorized into the following six phases.
  • 15. Ethical Hacking Process 1. Reconnaissance: • The attacker gathers information about a target using active or passive means. • Tools : NMAP, Hping, Maltego, and Google Dorks. 2. Scanning • The attacker begins to actively probe a target machine or network for vulnerabilities that can be exploited. • The tools : Nessus, Nexpose, and NMAP. 3. Gaining Access • The vulnerability is located and you attempt to exploit it in order to enter into the system. • Tool : Metasploit. 4. Maintaining Access • The hacker has already gained access into a system. • The hacker installs some backdoors in order to enter into the system when he needs access in this owned system in future. • Tool: Metasploit
  • 16. Ethical Hacking Process 5. Clearing Tracks • An unethical activity. • It has to do with the deletion of logs of all the activities. 6. Reporting • To finishing the ethical hacking process. • The Ethical Hacker compiles a report with his findings an • Which the tools used, What is the success rate, vulnerabilities found, and the exploit processes.
  • 17. Different Tools used for Ethical Hacking NMAP(Network Mapper) : scan large networks, network discovery and security auditing Nmap uses raw IP packets to determine − • what hosts are available on the network, • what services those hosts are offering, • what operating systems they are running on, • what type of firewalls are in use, and other such characteristics.
  • 18. Different Tools used for Ethical Hacking Metasploit : • exploit tools. • www.metasploit.com. • It comes in two versions − commercial and free edition. • Matasploit can be used with command prompt or with Web UI. Operations − • Conduct basic penetration tests on small networks • Run spot checks on the exploitability of vulnerabilities • Discover the network or import scan data • Browse exploit modules and run individual exploits on hosts
  • 19. Different Tools used for Ethical Hacking Burp Suit • used for performing security testing of web applications. • It has various tools that work in collaboration to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
  • 20. Different Tools used for Ethical Hacking • Angry IP Scanner: IP address and port scanner. • IP address and port scanner: password recovery tool for Microsoft Operating Systems. • Ettercap: Ethernet Capture. It is a network security tool for Man-in-the-Middle attacks. • EtherPeek: simplifies network analysis in a multiprotocol heterogeneous network environment.
  • 21. Different Tools used for Ethical Hacking • SuperScan: network administrators to scan TCP ports and resolve hostnames. QualysGuard includes a set of tools that can monitor, detect, and protect your global network. • WebInspect: web application security assessment tool that helps identify known and unknown vulnerabilities within the Web application layer. • Network Stumbler: WiFi scanner and monitoring tool for Windows
  • 22. Introduction to Kali Linux • Developed by Mati Aharoni and Devon Kearns. • Website: https://www.kali.org/ • OS for network analysts, Penetration testers, • It is for those who work under the umbrella of cybersecurity and analysis
  • 24. What Is a Penetration Test • A penetration test (pen test) is an authorized simulated attack performed on a computer system to evaluate its security. • Penetration testers use the same tools to find and demonstrate the business impacts of weaknesses in a system. • Penetration tests usually simulate a variety of attacks that could threaten a business. • Benefits: • Find weaknesses in systems • Determine the robustness of controls • Support compliance with data privacy and security regulations
  • 25. What Is a Penetration Test
  • 26. What Is a Penetration Test Types of pen tests: 1. pen-box pen test: The hacker will be provided with some information ahead of time regarding the target company’s security info. 2. Closed-box pen test - ‘single-blind’ test, the hacker is given no background information besides the name of the target company. 3. Covert pen test - ‘double-blind’ pen test, this is a situation where almost no one in the company is aware that the pen test is happening, including the IT and security professionals who will be responding to the attack. 4. External pen test - the ethical hacker goes up against the company’s external- facing technology, such as their website and external network servers. 5. Internal pen test - the ethical hacker performs the test from the company’s internal network.
  • 27. Vulnerability Assessments versus Penetration Test S.No. Penetration Testing Vulnerability Assessments 1. This is meant for critical real-time systems. This is meant for non-critical systems. 2. This is ideal for physical environments and network architecture. This is ideal for lab environments. 3. It is non-intrusive, documentation and environmental review and analysis. Comprehensive analysis and through review of the target system and its environment. 4. It cleans up the system and gives final report. It attempt to mitigate or eliminate the potential vulnerabilities of valuable resources. 5. It gathers targeted information and/or inspect the system. It allocates quantifiable value and significance to the available resources. 6. It tests sensitive data collection. It discovers the potential threats to each resource. 7. It determines the scope of an attack. It makes a directory of assets and resources in a given system.
  • 28. Types of Penetration Testing The type of penetration testing normally depends on the scope and the organizational wants and requirements
  • 29. Types of Penetration Testing 1. Black Box Penetration Testing: • Tester has no idea about the systems that he is going to test • To gather information about the target network or system • Not examine any programming codes.
  • 30. Types of Penetration Testing Advantages of Black Box Penetration Testing: 1. Tester need not necessarily be an expert, as it does not demand specific language knowledge 2. Tester verifies contradictions in the actual system and the specifications 3. Test is generally conducted with the perspective of a user, not the designer Disadvantages of Black Box Penetration Testing: 1. Particularly, these kinds of test cases are difficult to design. 2. Possibly, it is not worth, incase designer has already conducted a test case. 3. It does not conduct everything.
  • 31. Types of Penetration Testing White Box Penetration Testing • Tester has been provided with whole range of information about the systems and/or network such as Schema, Source code, OS details, IP address, etc. • Examines the code coverage and does data flow testing, path testing, loop testing, etc. • It is also known as structural, glass box, clear box, and open box testing.
  • 32. Types of Penetration Testing Advantages of White Box Penetration Testing: • It ensures that all independent paths of a module have been exercised. • It ensures that all logical decisions have been verified along with their true and false value. • It discovers the typographical errors and does syntax checking.
  • 33. Types of Penetration Testing Grey Box Penetration Testing • A tester usually provides partial or limited information about the internal details of the program of a system. • It can be considered as an attack by an external hacker. • who had gained illegitimate access to an organization's network infrastructure documents.
  • 34. Types of Penetration Testing Advantages of Grey Box Penetration Testing • As the tester does not require the access of source code. • As there is clear difference between a developer and a tester, so there is least risk of personal conflict • You don’t need to provide the internal information about the program functions and other operations
  • 35. Network Penetration Testing • Network penetration tests should be performed to protect your business from common network-based attacks.
  • 36. Network Penetration Testing • Physical structure of a system needs to be tested to identify the vulnerability and risk which ensures the security in a network. • A tester identities security flaws in design, implementation, or operation of the respective company/organization’s network. • The devices, which are tested by a tester can be computers, modems, or even remote access devices, etc.
  • 37. Network Penetration Testing Network penetration tests should be performed to protect your business from common network-based attacks including. • Firewall Misconfiguration And Firewall Bypass • Router Attacks • DNS Level Attacks: • Switching Or Routing Based Attacks • SSH Attacks • Proxy Server Attacks • Unnecessary Open Ports Attacks • Database Attacks • Man In The Middle (MITM) Attacks • FTP/SMTP Based Attacks
  • 39. Web Application Penetration Testing Tools are used for web application penetration testing: • Astra Security Scan • Acunetix • HackerOne • Burp Suite • Browser’s Developer Tools • NMap • Zenmap • ReconDog • Nikto
  • 40. Web Application Penetration Testing Benefits of web application penetration testing: 1. It helps you satisfy compliance requirements. 2. It helps you assess your infrastructure. 3. It identifies vulnerabilities. 4. It helps confirm security policies
  • 41. Web Application Penetration Testing How is penetration testing performed for web applications? 1. Configure your tests. 2. Execute your tests. • External penetration tests that analyse components accessible to hackers via the internet, like web apps or websites • Internal penetration tests that simulate a scenario in which a hacker has access to an application behind your firewalls 3. Analyze your tests
  • 42. Manual Web Application Penetration Testing 1. Information Gathering 2. Planning Analysis 3. Vulnerability Detection 4. Penetration testing 5. Reporting 6. Analyze your tests
  • 43. Mobile Application Penetration Testing The importance : 1. It is multi-layered. 2. It’s about securing user data, preserving the app’s integrity, and defending the reputation of businesses Tools Used: 1. Astra Security 2. ZAP (Zed Attack Proxy) 3. Burp Suite 4. Mobile Security Framework (MobSF) 5. Kali Linux NetHunter 6. Data Theorem
  • 44. Mobile Application Penetration Testing What is Android penetration testing? • Mobile or Android penetration testing aims to detect security vulnerabilities and ensure that mobile applications are not vulnerable to attacks. • Modern Android applications are used for commercial purposes, healthcare, banking, learning, and more. • These mobile applications, apart from holding sensitive information, also contain security vulnerabilities. • Penetration testers and developers can find and fix these vulnerabilities and mitigate security risks.
  • 45. Mobile Application Penetration Testing Examples of Attack: • In 2021, the payment application Klarna suffered an application flaw that caused users to log in to random accounts of other customers and expose sensitive personal and credit card information. • ParkMobile, the company behind an app for cashless parking across the United States, is still battling a class action lawsuit from a 2021 mobile app data breach that affected 21 million users.
  • 46. Mobile Application Penetration Testing Android package (APK) file structure
  • 47. Mobile Application Penetration Testing Android package (APK) file structure: • It contains all the files (code and assets) that are required in order for the Android application to run. • METTA-INF: Contains verification information that is generated when the app is signed. • MANIFEST.MF: Contains a list of names/hashes (usually SHA256 in Base64) for all the files of the APK. • CERT.SF: Contains a list of names/hashes of the corresponding lines in the MANIFEST.MF file. • CERT.RSA: This file contains the public key and the signature of CERT.SF. • Assets: Contains assets that developers bundle with the application, and can be retrieved by the Assets Manager. These assets can be images, videos, documents, databases, etc.
  • 48. Mobile Application Penetration Testing Android package (APK) file structure: • lib: Contains native libraries with compiled code, for different device architectures. • res: Contains predefined application resources, like XML files that define a state list of colors, user interface layout, fonts, values, etc. • AndroidManifest.xml: A manifest file that describes the application's package name, activities, resources, version, etc. • classes.dex: Contains all the java classes in a dex (Dalvik Executable) file format, to be executed by the Android Runtime. • resources.arsc: Contains precompiled resources. It holds information that will link the code to resources.
  • 49. Mobile Application Penetration Testing Start with the OWASP Mobile Top Ten to find vulnerabilities: • The Open Web Application Security Project (OWASP) is a nonprofit foundation that provides security tips and methodologies mainly for web applications. • In 2016 OWASP created their latest list of Mobile Top 10 Vulnerabilities. 1. Improper platform usage 2. Insecure data storage 3. Insecure communication 4. Insecure authentication 5. Insufficient cryptography 6. Insecure authorization 7. Poor code quality 8. Code tampering 9. Code tampering 10. Extraneous functionality
  • 50. Social Engineering Penetration Test • Testing focuses on people and processes and the vulnerabilities associated with them. • To identify weaknesses in a person, group of people, or process and identify vulnerabilities with a clear path to remediation. • Types of Attack: 1. Phishing 2. Vishing 3. Smishing 4. Impersonation 6. Dumpster Diving 7. USB Drops 8. Tailgating
  • 51. Social Engineering Penetration Test 1. Phishing: It occurs via email and attempts to trick the user in to giving up sensitive information or opening a malicious file that can infect their machine. 2. Vishing: It occurs via phone calls. These phones calls attempt to trick the user into giving up sensitive information. 3. Smishing It occurs via SMS text messages. These text messages have the same intent as phishing. 4. Impersonation It is a method where the attacker attempts to fool a person into believing they are someone else. E.g. this attack would be pretending to be a delivery person. In some cases, delivery personnel have little restrictions and can gain access to secure areas without question.
  • 52. Social Engineering Penetration Test 5. Dumpster Diving: An attacker goes through not only trash but other items in plain sight, such as sticky notes and calendars, to gain useful information about a person or organization. 6. USB Drops It uses malicious USB’s dropped in common areas throughout a workspace. The USBs typically contain software that, when plugged in, install malicious software that can provide a backdoor into a system or transfer files with common file extensions. 7. Tailgating It is used to bypass physical security measures. You typically see this method used in locations that require a person to scan a key fob to gain entrance.
  • 53. Social Engineering Penetration Test Methods Used To Perform Social Engineering Attacks: • information gathering, victim selection, and engagement with victims.. • Common social engineering methods are active and passive reconnaissance and open-source intelligence (OSINT). • Active reconnaissance: an attempt to gain information about a target while engaging with the target. • Passive Reconnaissance: Take the help of social media sites like Facebook or LinkedIn. • For example, an attacker could use information of a planned vacation posted on Facebook to know when you’ll be out of town. Once gone, they could search your home for ways to access the company’s network. • Open-Source Intelligence (OSINT): Refers to the type of data that has been collected.
  • 55. Social Engineering Penetration Test Steps To Performing A Social Engineering Penetration Test: Step 1: Test Planning And Scoping Step 2: Attack Vector Identification Step 3: Penetration Attempts Step 4: Reporting A typical pen testing report consists of: • An executive summary • A walkthrough of technical risks found • The potential impact of the vulnerabilities found • The remediation options available for each vulnerability found • Your concluding thoughts of the pen test • Vulnerability Elimination Step 5: Closing thoughts
  • 57. Physical Penetration Test What is Physical Penetration Test: • An assessment of the physical security controls of an organization. • Physical security controls include locks, fences(a barrier), security guards, cameras, and others. Techniques: • RFID-Cloning • Tailgating – Tailgating simply means using social engineering to try to get an employee to hold the door open for you or just grab the door before it closes • Circumventing access controls : to gain access such as crawling under or over fences, using a metal rod to reach under the door and pull the handle, etc. • Lock Picking
  • 58. Physical Penetration Test Who conducts penetration testing? “Pen testing is carried out by a covert team of security experts who check an organization’s physical security measures — how they work, whether they work — to keep places, people, and assets safe,”