SlideShare a Scribd company logo

Practical White Hat Hacker Training - Introduction to Cyber Security

PRISMA CSI, profile picture
PRISMA CSI

This document provides an overview of PRISMA, a cyber security consultancy firm. It discusses PRISMA's penetration testing and training services. It also covers topics related to penetration testing like methodologies, career paths in cyber security, and certifications. The document is intended to introduce PRISMA's services and activities to potential clients or training participants.

Education
1 of 55
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
www.prismacsi.com © All Rights Reserved. 11 Practical White Hat Hacker Training #1 Introduction This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
www.prismacsi.com © All Rights Reserved. 22 Introduction
www.prismacsi.com © All Rights Reserved. 33 PRISMA : Overview • Cyber security consultancy to over 100 companies in a period of over 5 years • Over 300 penetration testing projects • More than 50 training projects • The organizers and founders of some of the most important teams and activities in the country • Octosec • Canyoupwnme • Hacktrick Cyber Security Conference • Game of Pwners CTF • Hacker Camp
www.prismacsi.com © All Rights Reserved. 44 • Penetration Testing Services • Cyber Security Training • Consultancy services • Research and Development • Cyber Army Infrastructure Systems PRISMA : Activities
www.prismacsi.com © All Rights Reserved. 55 • Network Penetration Test • Web Application Penetration Test • Mobile Application Penetration Test • Banking Regulation and Supervision Agency (BRSA) Compliant Penetration Test • Distributed Denial-of-Service (DDoS) Test • Load and Stress Test • Social EngineeringTest • SCADA Penetration Test • Red Team Penetration Test • APT Attack Simulation • Mail Gateway Security Test • Physical Penetration Test Penetration Tests
www.prismacsi.com © All Rights Reserved. 66 • Practical White Hat Hacker Training • Network Penetration Test Training • Wireless Network Penetration Test Training • Mobile Application Security Training • Web Application Security Training • Advanced Penetration Test Training • DoS & DDoS Attacks and Protection Training • Vulnerability Management Training • Secure Software Development Training • Linux System Hardening Training • Basic Linux Training Trainings
www.prismacsi.com © All Rights Reserved. 77 • Source Code Analysis • Product / Project Consultancy • Vulnerability Management • HR - Recruitment Processes Technical Competence Analysis Consultancy
www.prismacsi.com © All Rights Reserved. 88 Let’s get to know a little about each other… Introduction
www.prismacsi.com © All Rights Reserved. 99 Topics
www.prismacsi.com © All Rights Reserved. 1010 Cyber Security Basics Appendix: Basic Network Information Appendix: Basic Linux Information Passive Information Collection Active Information Collection Vulnerability Discovery Post Exploitation Stage Exploit Stage Network Based Attacks Password Cracking Attacks Agenda
www.prismacsi.com © All Rights Reserved. 1111 Web Application Security Wireless Network Security IPS / IDS / WAF Evasion Techniques Social Engineering Agenda
www.prismacsi.com © All Rights Reserved. 1212 Cyber Security Basics
www.prismacsi.com © All Rights Reserved. 1313 Information Security There are 3 important criteria for information security; • Confidentiality • Integrity • Availability Availability Confidentiality Integrity Security Model
www.prismacsi.com © All Rights Reserved. 1414 Confidentiality • Information should only be accessible to the person or system that is allowed to access it. • Information being able to be read, written and changed by persons other than the targeted endangers this principle. • Important events experienced in the past.
www.prismacsi.com © All Rights Reserved. 1515 Integrity • Consistent transmission of information from the source to the targeted point without any change in its original form. • Partial corruption or partial altering of the original information means that its integrity has been compromised • Important events experienced in the past.
www.prismacsi.com © All Rights Reserved. 1616 Availibility • Information should be accessible and available whenever it is required by an authorized person or system. • DoS , DDoS attacks endanger this principle. • Important events experienced in the past.
www.prismacsi.com © All Rights Reserved. 1717 The Hacking Concept Hacking has more than one meaning; • Use of systems / hardware / software in ways other than the originally intended • Producing a solution for a problem can also be called hacking • Software Piracy = Media language
www.prismacsi.com © All Rights Reserved. 1818 Then who is a hacker? • According to MIT a hacker is any person working on information systems. • Computer Hacker • General description: a person who performs hacks • What’s a hack?
www.prismacsi.com © All Rights Reserved. 1919 Concepts • Penetration Test, Pentest Attempt by hackers to infiltrate targeted systems using various tools and techniques, thereafter reporting all identified vulnerabilities in detail. • Pentester, Penetration Test expert The person who implements/applies the concept of penetration testing and develops themsselves in the field of cyber security. Keeps track of current techniques and researches carried out by hackers hence stays up to date.
www.prismacsi.com © All Rights Reserved. 2020 Concepts • Hacker • White Hat Hacker • Black Hat Hacker • Grey Hat Hacker • Script Kiddie • Cracker
www.prismacsi.com © All Rights Reserved. 2121 General Information on Penetration Testing • Areas • Network Penetration Testing • Web Application Penetration Testing • Mobile Application Penetration Testing • Critical Infrastructure Systems Penetration Testing • DDoS and Load Tests • Risk Analysis • Vulnerability Scanning
www.prismacsi.com © All Rights Reserved. 2222 Types of Penetration Tests • Black Box • Grey Box • White Box
www.prismacsi.com © All Rights Reserved. 2323 Penetration Tests VULNERABILITY SCANNING VS PENETRATION TESTING
www.prismacsi.com © All Rights Reserved. 2424 Cyber Killchain Privilege Escalation Covering Footprints Exploitation Vulnerability Discovery Information Gathering
www.prismacsi.com © All Rights Reserved. 2525 Penetration Test Methodologies • OWASP • Web Security Tests • Mobile Application Security Tests • IoT Security Tests • OSSTMM • Open Source Security Testing Methodology Manual • Pentest-Standard
www.prismacsi.com © All Rights Reserved. 2626 Penetration Test Methodologies • OWASP – Web Application Penetration Testing
www.prismacsi.com © All Rights Reserved. 2727 Penetration Test Methodologies • OSSTMM - http://www.isecom.org/mirror/OSSTMM.3.pdf
www.prismacsi.com © All Rights Reserved. 2828 Penetration Test Report • Tools Used • Discovered devices • Topology • Vulnerabilities • Exploitation methods • Reachable endpoint • Risks • Defense methods • Attack combinations
www.prismacsi.com © All Rights Reserved. 2929 Career in Cyber Security • Offensive • Penetration Testing Expert • Network Penetration Testing Expert • Web Application Penetration Testing Expert • Mobile Application Penetration Testing Expert • Exploit Development • Malware Development
www.prismacsi.com © All Rights Reserved. 3030 Career in Cyber Security • Defensive • SOC – Security Operation Center – Analyst • Forensics Expert • System Security Expert • Vulnerability Management Specialist • Software Security Expert • Malware Analyst
www.prismacsi.com © All Rights Reserved. 3131 Certification Programs • CEH – Certified Ethical Hacker • TSE White Hat Hacker • OSCP – Offensive Security Certified Professional • OSCE – Offensive Security Certified Expert • GWAPT – GIAC Web Application Penetration Tester • GPEN – GIAC Penetration Tester
www.prismacsi.com © All Rights Reserved. 3232 Types of Cyber Attacks by Country • Turkey • Russia • America • Germany • China
www.prismacsi.com © All Rights Reserved. 3333 Turkey • Fraud attacks • Using and writing of malware • Social engineering attacks
www.prismacsi.com © All Rights Reserved. 3434 Russia • Writing and spreading of exploit kits • Malware • Banking attacks • ATM attacks
www.prismacsi.com © All Rights Reserved. 3535 Germany • Exploit Kit / 0day development • Malware • Underground activities • Hackers meeting point • Chaos Computer Club
www.prismacsi.com © All Rights Reserved. 3636 America • Software development • Technology development • APT / 0day development • Cyber war activities • Case of Stuxnet
www.prismacsi.com © All Rights Reserved. 3737 China • Malicious software • Automated software • Nationalist hacker groups • APT / 0day / Exploit development • Cyber war activities
www.prismacsi.com © All Rights Reserved. 3838 Chronology 2010 2018 China's largest search engine Baidu hacked. 2010 DDoS attack affects internet access. 2013 Russia halts Internet access in Estonia 2007 Morris Worm goes online 1998 1998 After the attacks in Gaza, Israel suffered cyber attacks, 5 million websites were hacked. 2009 Stuxnet is out in the wild. 2010 Wannacry paralyzes life all over the world. 2017
www.prismacsi.com © All Rights Reserved. 3939 News https://securityintelligence.com/are-ransomware-attacks-rising-or-falling/
www.prismacsi.com © All Rights Reserved. 4040 Cyber Attacker Profile • Hacker • Target-oriented cyber attack • Government / State-backed cyber attack • Religion / Racial sympathy • Ego satisfaction • Competitors and unfair competition oriented attacks • Cyberterrorism
www.prismacsi.com © All Rights Reserved. 4141 Cyber Attacker Profile • Untrained staff (risk of involuntary attacks) • A fired person X • Insider
www.prismacsi.com © All Rights Reserved. 4242 Cyber Attacker Profile • Malware attacks • If it is target based an APT may be the most likely attacker. • Any malware can affect your systems in some way. • These malware can include a system into a botnet.
www.prismacsi.com © All Rights Reserved. 4343 Cyber Attack Losses • In the past only prestige was lost. • Changing the interface of pages (Defacement) • Today financial loss is the most common form of loss. • After Denial-of-Service attacks companies may experience a service outage or interruption.
www.prismacsi.com © All Rights Reserved. 4444 Some Cyber Security Defense Mechanisms • Security Firewalls • Antivirus • SSL • Intrusion Detection System (IDS) • Intrusion Prevention Systems (IPS) • Security Information and Event Management (SIEM) • Content Filter
www.prismacsi.com © All Rights Reserved. 4545 Some Cyber Security Defense Mechanisms • Web Application Firewall (WAF) • Data Leakage Prevention (DLP) • Advanced Cyber Threat Detection (APT Protection) • Deep Packet Inspection (DPI) • Security Operations Center (SOC)
www.prismacsi.com © All Rights Reserved. 4646 Basic Terminologies • Cryptology. • Password science. • Steganography • Science of hiding data in plain sight. • Encoding • The process of converting data into a different format.. • Base64
www.prismacsi.com © All Rights Reserved. 4747 Terminology • Hash • It is data converted into a unique form. • Data length is fixed. (MD5 32 character) • MD5 • SHA512 • Hash Cracking Attacks • Unidirectional • Wordlist • Rainbow Table
www.prismacsi.com © All Rights Reserved. 4848 Basic Terminologies • Base64 - Encoding • PRISMA -> UFJJU01B • PRISMACSI -> UFJJU01BQ1NJ • UFJJU01B -> PRISMA • UFJJU01BQ1NJ –> PRISMACSI • MD5 • PRISMA -> c636499e580a2d1c4d96af7aacb67ec3 • PRISMACSI -> be92422ae4a6ebba10d743a6213b9793
www.prismacsi.com © All Rights Reserved. 4949 Anonymity Why the need? • They want to hide their personal data. • They want to hide their identity. • They want to hide site preferences. • They have adopted the concept of free internet.
www.prismacsi.com © All Rights Reserved. 5050 Anonymity Communication • Whatsapp • Telegram • Signal • IRC • Jabber
www.prismacsi.com © All Rights Reserved. 5151 Anonymity Deep Web • Underground • Deepweb • Darkweb Area where hackers share information.
www.prismacsi.com © All Rights Reserved. 5252 Anonymity Deep Web • Chaos Network • DN42 • Freenet • Anonet • Tor
www.prismacsi.com © All Rights Reserved. 5353 Demo Practice
www.prismacsi.com © All Rights Reserved. 5454 Questions ?
www.prismacsi.com © All Rights Reserved. 5555 www.prismacsi.com info@prismacsi.com 0 850 303 85 35 /prismacsi Contacts

More Related Content

PDF
Practical White Hat Hacker Training - Post Exploitation
PRISMA CSI
 
PDF
Practical White Hat Hacker Training - Vulnerability Detection
PRISMA CSI
 
PDF
Practical White Hat Hacker Training - Exploitation
PRISMA CSI
 
PDF
Practical White Hat Hacker Training - Active Information Gathering
PRISMA CSI
 
PDF
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CanSecWest
 
PDF
Web security for developers
Sunny Neo
 
PDF
CSW2017 chuanda ding_state of windows application security
CanSecWest
 
PDF
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
Andrew Morris
 
Practical White Hat Hacker Training - Post Exploitation
PRISMA CSI
 
Practical White Hat Hacker Training - Vulnerability Detection
PRISMA CSI
 
Practical White Hat Hacker Training - Exploitation
PRISMA CSI
 
Practical White Hat Hacker Training - Active Information Gathering
PRISMA CSI
 
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CanSecWest
 
Web security for developers
Sunny Neo
 
CSW2017 chuanda ding_state of windows application security
CanSecWest
 
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
Andrew Morris
 

What's hot (20)

PDF
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CanSecWest
 
PDF
CMS Hacking Tricks - DerbyCon 4 - 2014
Greg Foss
 
PDF
No Easy Breach DerbyCon 2016
Matthew Dunwoody
 
PDF
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
CanSecWest
 
PDF
Infosecurity.be 2019: What are relevant open source security tools you should...
B.A.
 
PDF
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
CODE BLUE
 
PDF
Wi-Fi Hotspot Attacks
Greg Foss
 
PDF
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
Michael Gough
 
PDF
Introduction to red team operations
Sunny Neo
 
PDF
Attacker's Perspective of Active Directory
Sunny Neo
 
PPTX
External to DA, the OS X Way
Stephan Borosh
 
PDF
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Shakacon
 
PDF
Shamoon
Shakacon
 
PPT
Nomura UCCSC 2009
dnomura
 
PPTX
Lateral Movement - Phreaknik 2016
Xavier Ashe
 
PDF
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest
 
PDF
Anatomy of a Cloud Hack
NotSoSecure Global Services
 
PDF
Coporate Espionage
UTD Computer Security Group
 
PDF
Sigma and YARA Rules
Lionel Faleiro
 
PPTX
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Andrew Morris
 
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CanSecWest
 
CMS Hacking Tricks - DerbyCon 4 - 2014
Greg Foss
 
No Easy Breach DerbyCon 2016
Matthew Dunwoody
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
CanSecWest
 
Infosecurity.be 2019: What are relevant open source security tools you should...
B.A.
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
CODE BLUE
 
Wi-Fi Hotspot Attacks
Greg Foss
 
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
Michael Gough
 
Introduction to red team operations
Sunny Neo
 
Attacker's Perspective of Active Directory
Sunny Neo
 
External to DA, the OS X Way
Stephan Borosh
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Shakacon
 
Shamoon
Shakacon
 
Nomura UCCSC 2009
dnomura
 
Lateral Movement - Phreaknik 2016
Xavier Ashe
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest
 
Anatomy of a Cloud Hack
NotSoSecure Global Services
 
Coporate Espionage
UTD Computer Security Group
 
Sigma and YARA Rules
Lionel Faleiro
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Andrew Morris
 

Similar to Practical White Hat Hacker Training - Introduction to Cyber Security (20)

PPT
Hackers Cracker Network Intruder
Erdo Deshiant Garnaby
 
PPTX
Hacking and Penetration Testing - a beginners guide
Pankaj Dubey
 
PPT
How to become Hackers .
Greater Noida Institute Of Technology
 
PPT
Hacking Presentation
Animesh Behera
 
PPT
Introduction to hackers
Harsh Sharma
 
PDF
Real life hacking101
Florent Batard
 
PPT
Hackers
Mohamed Boudchiche
 
PPTX
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
PDF
Bar Camp 11 Oct09 Hacking
Barcamp Kerala
 
PPT
Ethi mini1 - ethical hacking
Being Uniq Sonu
 
PPT
001.itsecurity bcp v1
Mohammad Ashfaqur Rahman
 
PPT
Hackers
Alvaro Cipriano
 
PPT
Hackers
yozusaki
 
PPT
Hackers
guesta04f59b
 
PPT
Unit-2 ICS.ppt
20ME1A4607YANAMADALA
 
PPT
ETHICAL HACKING
Sweta Leena Panda
 
PPTX
It security the condensed version
Brian Pichman
 
PPTX
CyberSecurity and Importance of cybersecurity
Home
 
PPTX
Cyber crime &_info_security
Er Mahendra Yadav
 
PPTX
Ethical hacking
Rishabha Garg
 
Hackers Cracker Network Intruder
Erdo Deshiant Garnaby
 
Hacking and Penetration Testing - a beginners guide
Pankaj Dubey
 
How to become Hackers .
Greater Noida Institute Of Technology
 
Hacking Presentation
Animesh Behera
 
Introduction to hackers
Harsh Sharma
 
Real life hacking101
Florent Batard
 
Hackers
Mohamed Boudchiche
 
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
Bar Camp 11 Oct09 Hacking
Barcamp Kerala
 
Ethi mini1 - ethical hacking
Being Uniq Sonu
 
001.itsecurity bcp v1
Mohammad Ashfaqur Rahman
 
Hackers
Alvaro Cipriano
 
Hackers
yozusaki
 
Hackers
guesta04f59b
 
Unit-2 ICS.ppt
20ME1A4607YANAMADALA
 
ETHICAL HACKING
Sweta Leena Panda
 
It security the condensed version
Brian Pichman
 
CyberSecurity and Importance of cybersecurity
Home
 
Cyber crime &_info_security
Er Mahendra Yadav
 
Ethical hacking
Rishabha Garg
 

More from PRISMA CSI (12)

PDF
Sysmon ile Log Toplama
PRISMA CSI
 
PDF
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
PRISMA CSI
 
PDF
Beyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma Saldırıları
PRISMA CSI
 
PDF
Sızma Testi Metodolojileri
PRISMA CSI
 
PDF
Sızma (Penetrasyon) Testi Nedir?
PRISMA CSI
 
PDF
Beyaz Şapkalı Hacker CEH Eğitimi - Post Exploit Aşaması
PRISMA CSI
 
PDF
Beyaz Şapkalı Hacker CEH Eğitimi - Zafiyet Keşfi
PRISMA CSI
 
PDF
Beyaz Şapkalı Hacker CEH Eğitimi - Exploit Aşaması
PRISMA CSI
 
PDF
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi Toplama
PRISMA CSI
 
PDF
Beyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik Temelleri
PRISMA CSI
 
PDF
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
PRISMA CSI
 
PDF
Kaynak Kod Analiz Süreci
PRISMA CSI
 
Sysmon ile Log Toplama
PRISMA CSI
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
PRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Parola Kırma Saldırıları
PRISMA CSI
 
Sızma Testi Metodolojileri
PRISMA CSI
 
Sızma (Penetrasyon) Testi Nedir?
PRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Post Exploit Aşaması
PRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Zafiyet Keşfi
PRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Exploit Aşaması
PRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Aktif Bilgi Toplama
PRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Siber Güvenlik Temelleri
PRISMA CSI
 
Beyaz Şapkalı Hacker CEH Eğitimi - Pasif Bilgi Toplama (OSINT)
PRISMA CSI
 
Kaynak Kod Analiz Süreci
PRISMA CSI
 

Recently uploaded (20)

PDF
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
BÀI TẬP BỔ TRỢ 4 KỸ NĂNG TIẾNG ANH 9 GLOBAL SUCCESS - CẢ NĂM - BÁM SÁT FORM Đ...
Nguyen Thanh Tu Collection
 
Pre independence Education in Inndia.pdf
goofy5603
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Lesson notes of climatology university.
sgladness67
 
Institutional Correction lecture only . . .
limvtheghins
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 

Practical White Hat Hacker Training - Introduction to Cyber Security

  • 1. www.prismacsi.com © All Rights Reserved. 11 Practical White Hat Hacker Training #1 Introduction This document can be shared or used by quoted and used for commercial purposes, but can not be changed. Detailed information is available at https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.
  • 2. www.prismacsi.com © All Rights Reserved. 22 Introduction
  • 3. www.prismacsi.com © All Rights Reserved. 33 PRISMA : Overview • Cyber security consultancy to over 100 companies in a period of over 5 years • Over 300 penetration testing projects • More than 50 training projects • The organizers and founders of some of the most important teams and activities in the country • Octosec • Canyoupwnme • Hacktrick Cyber Security Conference • Game of Pwners CTF • Hacker Camp
  • 4. www.prismacsi.com © All Rights Reserved. 44 • Penetration Testing Services • Cyber Security Training • Consultancy services • Research and Development • Cyber Army Infrastructure Systems PRISMA : Activities
  • 5. www.prismacsi.com © All Rights Reserved. 55 • Network Penetration Test • Web Application Penetration Test • Mobile Application Penetration Test • Banking Regulation and Supervision Agency (BRSA) Compliant Penetration Test • Distributed Denial-of-Service (DDoS) Test • Load and Stress Test • Social EngineeringTest • SCADA Penetration Test • Red Team Penetration Test • APT Attack Simulation • Mail Gateway Security Test • Physical Penetration Test Penetration Tests
  • 6. www.prismacsi.com © All Rights Reserved. 66 • Practical White Hat Hacker Training • Network Penetration Test Training • Wireless Network Penetration Test Training • Mobile Application Security Training • Web Application Security Training • Advanced Penetration Test Training • DoS & DDoS Attacks and Protection Training • Vulnerability Management Training • Secure Software Development Training • Linux System Hardening Training • Basic Linux Training Trainings
  • 7. www.prismacsi.com © All Rights Reserved. 77 • Source Code Analysis • Product / Project Consultancy • Vulnerability Management • HR - Recruitment Processes Technical Competence Analysis Consultancy
  • 8. www.prismacsi.com © All Rights Reserved. 88 Let’s get to know a little about each other… Introduction
  • 9. www.prismacsi.com © All Rights Reserved. 99 Topics
  • 10. www.prismacsi.com © All Rights Reserved. 1010 Cyber Security Basics Appendix: Basic Network Information Appendix: Basic Linux Information Passive Information Collection Active Information Collection Vulnerability Discovery Post Exploitation Stage Exploit Stage Network Based Attacks Password Cracking Attacks Agenda
  • 11. www.prismacsi.com © All Rights Reserved. 1111 Web Application Security Wireless Network Security IPS / IDS / WAF Evasion Techniques Social Engineering Agenda
  • 12. www.prismacsi.com © All Rights Reserved. 1212 Cyber Security Basics
  • 13. www.prismacsi.com © All Rights Reserved. 1313 Information Security There are 3 important criteria for information security; • Confidentiality • Integrity • Availability Availability Confidentiality Integrity Security Model
  • 14. www.prismacsi.com © All Rights Reserved. 1414 Confidentiality • Information should only be accessible to the person or system that is allowed to access it. • Information being able to be read, written and changed by persons other than the targeted endangers this principle. • Important events experienced in the past.
  • 15. www.prismacsi.com © All Rights Reserved. 1515 Integrity • Consistent transmission of information from the source to the targeted point without any change in its original form. • Partial corruption or partial altering of the original information means that its integrity has been compromised • Important events experienced in the past.
  • 16. www.prismacsi.com © All Rights Reserved. 1616 Availibility • Information should be accessible and available whenever it is required by an authorized person or system. • DoS , DDoS attacks endanger this principle. • Important events experienced in the past.
  • 17. www.prismacsi.com © All Rights Reserved. 1717 The Hacking Concept Hacking has more than one meaning; • Use of systems / hardware / software in ways other than the originally intended • Producing a solution for a problem can also be called hacking • Software Piracy = Media language
  • 18. www.prismacsi.com © All Rights Reserved. 1818 Then who is a hacker? • According to MIT a hacker is any person working on information systems. • Computer Hacker • General description: a person who performs hacks • What’s a hack?
  • 19. www.prismacsi.com © All Rights Reserved. 1919 Concepts • Penetration Test, Pentest Attempt by hackers to infiltrate targeted systems using various tools and techniques, thereafter reporting all identified vulnerabilities in detail. • Pentester, Penetration Test expert The person who implements/applies the concept of penetration testing and develops themsselves in the field of cyber security. Keeps track of current techniques and researches carried out by hackers hence stays up to date.
  • 20. www.prismacsi.com © All Rights Reserved. 2020 Concepts • Hacker • White Hat Hacker • Black Hat Hacker • Grey Hat Hacker • Script Kiddie • Cracker
  • 21. www.prismacsi.com © All Rights Reserved. 2121 General Information on Penetration Testing • Areas • Network Penetration Testing • Web Application Penetration Testing • Mobile Application Penetration Testing • Critical Infrastructure Systems Penetration Testing • DDoS and Load Tests • Risk Analysis • Vulnerability Scanning
  • 22. www.prismacsi.com © All Rights Reserved. 2222 Types of Penetration Tests • Black Box • Grey Box • White Box
  • 23. www.prismacsi.com © All Rights Reserved. 2323 Penetration Tests VULNERABILITY SCANNING VS PENETRATION TESTING
  • 24. www.prismacsi.com © All Rights Reserved. 2424 Cyber Killchain Privilege Escalation Covering Footprints Exploitation Vulnerability Discovery Information Gathering
  • 25. www.prismacsi.com © All Rights Reserved. 2525 Penetration Test Methodologies • OWASP • Web Security Tests • Mobile Application Security Tests • IoT Security Tests • OSSTMM • Open Source Security Testing Methodology Manual • Pentest-Standard
  • 26. www.prismacsi.com © All Rights Reserved. 2626 Penetration Test Methodologies • OWASP – Web Application Penetration Testing
  • 27. www.prismacsi.com © All Rights Reserved. 2727 Penetration Test Methodologies • OSSTMM - http://www.isecom.org/mirror/OSSTMM.3.pdf
  • 28. www.prismacsi.com © All Rights Reserved. 2828 Penetration Test Report • Tools Used • Discovered devices • Topology • Vulnerabilities • Exploitation methods • Reachable endpoint • Risks • Defense methods • Attack combinations
  • 29. www.prismacsi.com © All Rights Reserved. 2929 Career in Cyber Security • Offensive • Penetration Testing Expert • Network Penetration Testing Expert • Web Application Penetration Testing Expert • Mobile Application Penetration Testing Expert • Exploit Development • Malware Development
  • 30. www.prismacsi.com © All Rights Reserved. 3030 Career in Cyber Security • Defensive • SOC – Security Operation Center – Analyst • Forensics Expert • System Security Expert • Vulnerability Management Specialist • Software Security Expert • Malware Analyst
  • 31. www.prismacsi.com © All Rights Reserved. 3131 Certification Programs • CEH – Certified Ethical Hacker • TSE White Hat Hacker • OSCP – Offensive Security Certified Professional • OSCE – Offensive Security Certified Expert • GWAPT – GIAC Web Application Penetration Tester • GPEN – GIAC Penetration Tester
  • 32. www.prismacsi.com © All Rights Reserved. 3232 Types of Cyber Attacks by Country • Turkey • Russia • America • Germany • China
  • 33. www.prismacsi.com © All Rights Reserved. 3333 Turkey • Fraud attacks • Using and writing of malware • Social engineering attacks
  • 34. www.prismacsi.com © All Rights Reserved. 3434 Russia • Writing and spreading of exploit kits • Malware • Banking attacks • ATM attacks
  • 35. www.prismacsi.com © All Rights Reserved. 3535 Germany • Exploit Kit / 0day development • Malware • Underground activities • Hackers meeting point • Chaos Computer Club
  • 36. www.prismacsi.com © All Rights Reserved. 3636 America • Software development • Technology development • APT / 0day development • Cyber war activities • Case of Stuxnet
  • 37. www.prismacsi.com © All Rights Reserved. 3737 China • Malicious software • Automated software • Nationalist hacker groups • APT / 0day / Exploit development • Cyber war activities
  • 38. www.prismacsi.com © All Rights Reserved. 3838 Chronology 2010 2018 China's largest search engine Baidu hacked. 2010 DDoS attack affects internet access. 2013 Russia halts Internet access in Estonia 2007 Morris Worm goes online 1998 1998 After the attacks in Gaza, Israel suffered cyber attacks, 5 million websites were hacked. 2009 Stuxnet is out in the wild. 2010 Wannacry paralyzes life all over the world. 2017
  • 39. www.prismacsi.com © All Rights Reserved. 3939 News https://securityintelligence.com/are-ransomware-attacks-rising-or-falling/
  • 40. www.prismacsi.com © All Rights Reserved. 4040 Cyber Attacker Profile • Hacker • Target-oriented cyber attack • Government / State-backed cyber attack • Religion / Racial sympathy • Ego satisfaction • Competitors and unfair competition oriented attacks • Cyberterrorism
  • 41. www.prismacsi.com © All Rights Reserved. 4141 Cyber Attacker Profile • Untrained staff (risk of involuntary attacks) • A fired person X • Insider
  • 42. www.prismacsi.com © All Rights Reserved. 4242 Cyber Attacker Profile • Malware attacks • If it is target based an APT may be the most likely attacker. • Any malware can affect your systems in some way. • These malware can include a system into a botnet.
  • 43. www.prismacsi.com © All Rights Reserved. 4343 Cyber Attack Losses • In the past only prestige was lost. • Changing the interface of pages (Defacement) • Today financial loss is the most common form of loss. • After Denial-of-Service attacks companies may experience a service outage or interruption.
  • 44. www.prismacsi.com © All Rights Reserved. 4444 Some Cyber Security Defense Mechanisms • Security Firewalls • Antivirus • SSL • Intrusion Detection System (IDS) • Intrusion Prevention Systems (IPS) • Security Information and Event Management (SIEM) • Content Filter
  • 45. www.prismacsi.com © All Rights Reserved. 4545 Some Cyber Security Defense Mechanisms • Web Application Firewall (WAF) • Data Leakage Prevention (DLP) • Advanced Cyber Threat Detection (APT Protection) • Deep Packet Inspection (DPI) • Security Operations Center (SOC)
  • 46. www.prismacsi.com © All Rights Reserved. 4646 Basic Terminologies • Cryptology. • Password science. • Steganography • Science of hiding data in plain sight. • Encoding • The process of converting data into a different format.. • Base64
  • 47. www.prismacsi.com © All Rights Reserved. 4747 Terminology • Hash • It is data converted into a unique form. • Data length is fixed. (MD5 32 character) • MD5 • SHA512 • Hash Cracking Attacks • Unidirectional • Wordlist • Rainbow Table
  • 48. www.prismacsi.com © All Rights Reserved. 4848 Basic Terminologies • Base64 - Encoding • PRISMA -> UFJJU01B • PRISMACSI -> UFJJU01BQ1NJ • UFJJU01B -> PRISMA • UFJJU01BQ1NJ –> PRISMACSI • MD5 • PRISMA -> c636499e580a2d1c4d96af7aacb67ec3 • PRISMACSI -> be92422ae4a6ebba10d743a6213b9793
  • 49. www.prismacsi.com © All Rights Reserved. 4949 Anonymity Why the need? • They want to hide their personal data. • They want to hide their identity. • They want to hide site preferences. • They have adopted the concept of free internet.
  • 50. www.prismacsi.com © All Rights Reserved. 5050 Anonymity Communication • Whatsapp • Telegram • Signal • IRC • Jabber
  • 51. www.prismacsi.com © All Rights Reserved. 5151 Anonymity Deep Web • Underground • Deepweb • Darkweb Area where hackers share information.
  • 52. www.prismacsi.com © All Rights Reserved. 5252 Anonymity Deep Web • Chaos Network • DN42 • Freenet • Anonet • Tor
  • 53. www.prismacsi.com © All Rights Reserved. 5353 Demo Practice
  • 54. www.prismacsi.com © All Rights Reserved. 5454 Questions ?
  • 55. www.prismacsi.com © All Rights Reserved. 5555 www.prismacsi.com info@prismacsi.com 0 850 303 85 35 /prismacsi Contacts