SlideShare a Scribd company logo

Offensive Security basics part 2

Download as PPTX, PDF
W
wharpreet

This document outlines an introductory session on offensive security for beginners, focusing on reconnaissance and scanning phases essential for ethical hacking. It distinguishes between active and passive reconnaissance methods, discusses techniques for footprinting and IP address management, and highlights the foundational skills required to be an effective hacker. Additionally, it provides quick fixes and tools such as nmap and VPNs for protecting one's identity and securing systems.

Software
Related topics:
Information Security
1 of 28
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Cover the Basics: Part 2 February 4, 2018
Audience ● Beginners in OffSec ● Students
Objective Objective of this session is to give a starting point to people like me who want to explore the world of Offensive Security. This session is not for people who just want to learn hacking (aka Black Hat hacking)
Topics ● Phase 1 | Reconnaissance ● Phase 2 | Scanning ● Phase 3 | Gaining Access ● Phase 4 | Maintaining Access ● Phase 5 | Covering Tracks / Reporting
Phase 1 | Reconnaissance
Supposedly - Abraham Lincoln If I had four hours to chop down a tree, I’d spend the first two hours sharpening the axe
Reconnaissance ● Active Reconnaissance In this process, you directly interact with the computer system to gain information. This information can be relevant and accurate. But there is a risk of getting detected if you are planning active reconnaissance without permission. If you are detected, then system admin can take severe action against you and trail your subsequent activities. ● Passive Reconnaissance In this process, you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target systems.
Footprinting Tools and tricks to get the information about the computer, IP and mac address, related user and system. ● Passive Footprinting Reviewing a company’s website is an example of passive footprinting. ● Active Footprinting Whereas attempting to gain access to sensitive information through social engineering is an example of active information gathering.
Footprinting
Domain Name Information
Domain Name Information (whois.domaintools.com)
Quick Fix - Domain Name Information It's always recommended to keep your domain name profile a private one which should hide the above-mentioned information from potential hackers.
Finding IP Address
FindingHostingCompany
Quick Fix - IP Information If a computer system or network is linked with the Internet directly, then you cannot hide the IP address and the related information such as the hosting company, its location, ISP, etc. If you have a server containing very sensitive data, then it is recommended to keep it behind a secure proxy so that hackers cannot get the exact details of your actual server. This way, it will be difficult for any potential hacker to reach your server directly. Another effective way of hiding your system IP and ultimately all the associated information is to go through a Virtual Private Network (VPN). If you configure a VPN, then the whole traffic routes through the VPN network, so your true IP address assigned by your ISP is always hidden.
History of the Website
Quick Fix - History of the Website Though there are some advantages of keeping your website in an archive database, but if you do not like anybody to see how your website progressed through different stages, then you can request archive.org to delete the history of your website.
Fingerprinting The term OS fingerprinting in Ethical Hacking refers to any method used to determine what operating system is running on a remote computer. ● Passive Footprinting Passive fingerprinting is based on sniffer traces from the remote system. Based on the sniffer traces (such as Wireshark) of the packets, you can determine the operating system of the remote host. ● Active Footprinting Active fingerprinting is accomplished by sending specially crafted packets to a target machine and then noting down its response and analyzing the gathered information to determine the target OS.
nmap Host Scan (nmap -O -v)
Quick Fix - nmap host scan You can hide your main system behind a secure proxy server or a VPN so that your complete identity is safe and ultimately your main system remains safe.
nmap Port Scan (nmap -sT -p 80)
Quick Fix - nmap port scan It is always recommended to check and close all the unwanted ports to safeguard the system from malicious attacks.
Ping Sweep A ping sweep is a network scanning technique that you can use to determine which IP address from a range of IP addresses map to live hosts. Ping Sweep is also known as ICMP sweep. You can use fping command for ping sweep. This command is a ping- like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up.
Quick Fix - ping sweep To disable ping sweeps on a network, you can block ICMP ECHO requests from outside sources. This can be done using the following command which will create a firewall rule in iptable. iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
Prerequisites to be an effective hacker
The Fundamental Skills ● Basic Computer Skills ● Networking Skills ● Linux Skills ● Wireshark / Tcpdump (sniffing) ● Virtualization / Cloud ● Security Concepts & Technologies ● Wireless Technologies
The Intermediate Skills ● Scripting ● Database Skills ● Web Applications ● Forensics ● Advanced TCP/IP ● Cryptography ● Reverse Engineering ● IoT The Intangible Skills ● Think Creatively ● Problem-Solving Skills ● Persistence
© Harpreet Singh Wadhwa Harpreet Singh Wadhwa https://www.meetup.com/offsecblr https://twitter.com/wharpreet Mailto: saviour@offsecblr.com

More Related Content

PPTX
Offensive Security basics part 1
wharpreet
 
PPTX
Introduction to ethical hacking
HassanAhmedShaikh1
 
PDF
Honeypots for Active Defense
Greg Foss
 
PPTX
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Splunk
 
PDF
Threat Hunting with Splunk
Splunk
 
PDF
Enabling effective hunt teaming and incident response
jeffmcjunkin
 
PPT
Hacking step (Methodology)
Greater Noida Institute Of Technology
 
PPTX
vodQA(Pune) 2018 - QAing the security way
vodQA
 
Offensive Security basics part 1
wharpreet
 
Introduction to ethical hacking
HassanAhmedShaikh1
 
Honeypots for Active Defense
Greg Foss
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Splunk
 
Threat Hunting with Splunk
Splunk
 
Enabling effective hunt teaming and incident response
jeffmcjunkin
 
Hacking step (Methodology)
Greater Noida Institute Of Technology
 
vodQA(Pune) 2018 - QAing the security way
vodQA
 

What's hot (20)

PDF
QAing the security way!
Amit Gundiyal
 
PPTX
Threat Hunting with Splunk Hands-on
Splunk
 
PDF
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
North Texas Chapter of the ISSA
 
PPTX
Presentation1
Abhishek Malhotra
 
PDF
Threat Hunting Workshop
Splunk
 
PPTX
Web hacking 1.0
Q Fadlan
 
PDF
Hacking from the Inside
Claranet UK
 
PDF
Advanced Threats and Lateral Movement Detection
Greg Foss
 
PPTX
Hunting before a Known Incident
EndgameInc
 
PDF
Honeycon2016-honeypot updates for public
Julia Yu-Chin Cheng
 
PPTX
Abstract Tools for Effective Threat Hunting
chrissanders88
 
PPTX
Penetration Testing
Mayank Singh
 
PDF
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE - ATT&CKcon
 
PPT
Ethical Hacking
Harshit Upadhyay
 
PPTX
Threat Hunting with Splunk
Splunk
 
PDF
No Easy Breach DerbyCon 2016
Matthew Dunwoody
 
PDF
Threat hunting workshop
Megan Shippy
 
PPTX
Login cat tekmonks - v4
Rohit Kapoor
 
PPTX
Honeypots and honeynets
Rasool Irfan
 
PDF
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
Rod Soto
 
QAing the security way!
Amit Gundiyal
 
Threat Hunting with Splunk Hands-on
Splunk
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
North Texas Chapter of the ISSA
 
Presentation1
Abhishek Malhotra
 
Threat Hunting Workshop
Splunk
 
Web hacking 1.0
Q Fadlan
 
Hacking from the Inside
Claranet UK
 
Advanced Threats and Lateral Movement Detection
Greg Foss
 
Hunting before a Known Incident
EndgameInc
 
Honeycon2016-honeypot updates for public
Julia Yu-Chin Cheng
 
Abstract Tools for Effective Threat Hunting
chrissanders88
 
Penetration Testing
Mayank Singh
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE - ATT&CKcon
 
Ethical Hacking
Harshit Upadhyay
 
Threat Hunting with Splunk
Splunk
 
No Easy Breach DerbyCon 2016
Matthew Dunwoody
 
Threat hunting workshop
Megan Shippy
 
Login cat tekmonks - v4
Rohit Kapoor
 
Honeypots and honeynets
Rasool Irfan
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
Rod Soto
 
Ad

Similar to Offensive Security basics part 2 (20)

PPT
Hacking tutorial
MSA Technosoft
 
PPT
Hacking
Roshan Chaudhary
 
PPT
Hacking
rameswara reddy venkat
 
PPT
Hacking In Detail
Greater Noida Institute Of Technology
 
PPT
Hacking 1224807880385377-9
Geoff Pesimo
 
PPT
Hacking Presentation
Animesh Behera
 
PPT
Hacking
Sweta Leena Panda
 
PPT
Hacking Fundamentals - Jen Johnson , Miria Grunick
amiable_indian
 
PDF
What is ethical hacking and complete cyber security presentation on this file
AyushSrivastava673855
 
PPTX
hacking
ADAIKKAPPANS1
 
PPTX
Hacking - penetration tools
JenishChauhan4
 
PPTX
2. Footprinting and scanning and its sequence.pptx
RohitAhuja58
 
PPTX
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
PPT
Ethical hacking is a based on computer hacking
sxkkjbzq2k
 
PPT
Ethical Hacking
shahhardik27
 
PPT
Ethical hacking
shahhardik27
 
PPT
cyber forensics Footprinting and Scanning.ppt
mcjaya2024
 
PPT
Reconnaissance
maroti164
 
PPTX
Phases of penetration testing
Abdul Rahman
 
PPTX
lecture5.pptxJHKGJFHDGTFGYIUOIUIPIOIPUOHIYGUYFGIH
Abodahab
 
Hacking tutorial
MSA Technosoft
 
Hacking
Roshan Chaudhary
 
Hacking
rameswara reddy venkat
 
Hacking In Detail
Greater Noida Institute Of Technology
 
Hacking 1224807880385377-9
Geoff Pesimo
 
Hacking Presentation
Animesh Behera
 
Hacking
Sweta Leena Panda
 
Hacking Fundamentals - Jen Johnson , Miria Grunick
amiable_indian
 
What is ethical hacking and complete cyber security presentation on this file
AyushSrivastava673855
 
hacking
ADAIKKAPPANS1
 
Hacking - penetration tools
JenishChauhan4
 
2. Footprinting and scanning and its sequence.pptx
RohitAhuja58
 
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
Ethical hacking is a based on computer hacking
sxkkjbzq2k
 
Ethical Hacking
shahhardik27
 
Ethical hacking
shahhardik27
 
cyber forensics Footprinting and Scanning.ppt
mcjaya2024
 
Reconnaissance
maroti164
 
Phases of penetration testing
Abdul Rahman
 
lecture5.pptxJHKGJFHDGTFGYIUOIUIPIOIPUOHIYGUYFGIH
Abodahab
 
Ad

Recently uploaded (20)

PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Introduction Database Management System for Course Database
ReinertYosua
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
AI in Product Development-omnex systems
omnex systems
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Introduction to Artificial Intelligence
lohedi9363
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
System and Network Administraation Chapter 3
jaramharo
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 

Offensive Security basics part 2

  • 1. Cover the Basics: Part 2 February 4, 2018
  • 2. Audience ● Beginners in OffSec ● Students
  • 3. Objective Objective of this session is to give a starting point to people like me who want to explore the world of Offensive Security. This session is not for people who just want to learn hacking (aka Black Hat hacking)
  • 4. Topics ● Phase 1 | Reconnaissance ● Phase 2 | Scanning ● Phase 3 | Gaining Access ● Phase 4 | Maintaining Access ● Phase 5 | Covering Tracks / Reporting
  • 5. Phase 1 | Reconnaissance
  • 6. Supposedly - Abraham Lincoln If I had four hours to chop down a tree, I’d spend the first two hours sharpening the axe
  • 7. Reconnaissance ● Active Reconnaissance In this process, you directly interact with the computer system to gain information. This information can be relevant and accurate. But there is a risk of getting detected if you are planning active reconnaissance without permission. If you are detected, then system admin can take severe action against you and trail your subsequent activities. ● Passive Reconnaissance In this process, you will not be directly connected to a computer system. This process is used to gather essential information without ever interacting with the target systems.
  • 8. Footprinting Tools and tricks to get the information about the computer, IP and mac address, related user and system. ● Passive Footprinting Reviewing a company’s website is an example of passive footprinting. ● Active Footprinting Whereas attempting to gain access to sensitive information through social engineering is an example of active information gathering.
  • 11. Domain Name Information (whois.domaintools.com)
  • 12. Quick Fix - Domain Name Information It's always recommended to keep your domain name profile a private one which should hide the above-mentioned information from potential hackers.
  • 15. Quick Fix - IP Information If a computer system or network is linked with the Internet directly, then you cannot hide the IP address and the related information such as the hosting company, its location, ISP, etc. If you have a server containing very sensitive data, then it is recommended to keep it behind a secure proxy so that hackers cannot get the exact details of your actual server. This way, it will be difficult for any potential hacker to reach your server directly. Another effective way of hiding your system IP and ultimately all the associated information is to go through a Virtual Private Network (VPN). If you configure a VPN, then the whole traffic routes through the VPN network, so your true IP address assigned by your ISP is always hidden.
  • 16. History of the Website
  • 17. Quick Fix - History of the Website Though there are some advantages of keeping your website in an archive database, but if you do not like anybody to see how your website progressed through different stages, then you can request archive.org to delete the history of your website.
  • 18. Fingerprinting The term OS fingerprinting in Ethical Hacking refers to any method used to determine what operating system is running on a remote computer. ● Passive Footprinting Passive fingerprinting is based on sniffer traces from the remote system. Based on the sniffer traces (such as Wireshark) of the packets, you can determine the operating system of the remote host. ● Active Footprinting Active fingerprinting is accomplished by sending specially crafted packets to a target machine and then noting down its response and analyzing the gathered information to determine the target OS.
  • 19. nmap Host Scan (nmap -O -v)
  • 20. Quick Fix - nmap host scan You can hide your main system behind a secure proxy server or a VPN so that your complete identity is safe and ultimately your main system remains safe.
  • 21. nmap Port Scan (nmap -sT -p 80)
  • 22. Quick Fix - nmap port scan It is always recommended to check and close all the unwanted ports to safeguard the system from malicious attacks.
  • 23. Ping Sweep A ping sweep is a network scanning technique that you can use to determine which IP address from a range of IP addresses map to live hosts. Ping Sweep is also known as ICMP sweep. You can use fping command for ping sweep. This command is a ping- like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up.
  • 24. Quick Fix - ping sweep To disable ping sweeps on a network, you can block ICMP ECHO requests from outside sources. This can be done using the following command which will create a firewall rule in iptable. iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
  • 25. Prerequisites to be an effective hacker
  • 26. The Fundamental Skills ● Basic Computer Skills ● Networking Skills ● Linux Skills ● Wireshark / Tcpdump (sniffing) ● Virtualization / Cloud ● Security Concepts & Technologies ● Wireless Technologies
  • 27. The Intermediate Skills ● Scripting ● Database Skills ● Web Applications ● Forensics ● Advanced TCP/IP ● Cryptography ● Reverse Engineering ● IoT The Intangible Skills ● Think Creatively ● Problem-Solving Skills ● Persistence
  • 28. © Harpreet Singh Wadhwa Harpreet Singh Wadhwa https://www.meetup.com/offsecblr https://twitter.com/wharpreet Mailto: saviour@offsecblr.com