Abstract image of a woman sitting on books and studying on a laptop

unit-1.pptx

Download as PPTX, PDF
Srinivas Kanakala, profile picture
Srinivas Kanakala

This document provides an overview of the topic of ethical hacking. It is divided into six units that cover concepts like footprinting, scanning networks, enumeration, system hacking, password cracking, malware threats, sniffing, social engineering, and session hijacking. It defines ethical hacking as hacking performed by white hat hackers to find security vulnerabilities and prevent attacks from black hat hackers. In comparison, unethical or black hat hacking is done illegally and maliciously by cybercriminals. The document also distinguishes between the surface web, deep web, and dark web, with the dark web requiring special software and protocols to access anonymously.

Software
1 of 45
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
ETHICAL HACKING BY DR. V. PRASHANTHI Senior Assistant Professor Dept-CSE-CYS,DS and AI&DS
UNIT- I:  Introduction to Ethical Hacking: Hacking, Ethical Hacking, Difference between the Ethical Hacking and Unethical Hacking. Types of Hackers, Three parts of the web.  Foot printing: Objectives of Foot Printing, Understanding Foot Printing concepts, Types of Foot printing, Foot Printing through search engines, advanced Hacking techniques, Web services and social networking sites. Understanding Web site Foot printing, E-mail Foot printing and Competitive Intelligence. Understanding Whois, DNS and Network Foot printing
UNIT – II  Foot printing Tools: Foot printing through Social Engineering, Understanding different Foot Printing Tools-MALTEGO, RECON-NG and FOCA and Counter Measures.  Scanning Networks: Overview of network scanning, understanding various scanning tools-NMAP, ZEN MAP, angryip.org, PacketBuilder2.0, checking for live systems, Scanning tools for mobile, Overview of scanning pen testing.
UNIT – III  Enumeration: What is enumeration? Understanding different techniques of enumeration-SNMP, LDAP, NTP, and DNS.  Vulnerability analysis: Vulnerability research, Vulnerability classification, what is vulnerability assessment-Nessus professional ,GFI languard, Openvas, Retina CS, Qualys free scan, Nitko, Microsoft base line security analiser, automated vulnerable detection system, types of vulnerability assessments, Exploit database, Types of vulnerability tools, Characteristics of a good vulnerability assessment solution, Choosing a vulnerability tool, Criteria for choosing a vulnerability assessment tool, Best practices for selecting vulnerability tools.
UNIT – IV  System Hacking: Overview of CEH Hacking methodology, understanding different techniques to gain access to the system, privilege escalation techniques,  overview of different types of rootkits, techniques to hide the evidence of compromise, system hacking penetration testing.  Password cracking: Types of password attacks, online tools to search default passwords: default password.info, ZTE default usernames and passwords,  `Active online attack: Trojan/spyware/keyloggers, Password relevance tools.
UNIT – V  Malware threats: How hackers use Trojans, common ports used by trojans, trojan horse construction kit, RIG exploit kit, command shell trojan, remote access trojan, Study of spyrix.com, flaticon.com and anti-trojan software.  Sniffing: sniffing concepts, sniffing tools-Wireshark tool, oxid.it, Sniffer detection techniques: PING and DNS methods.  Social Engineering: Understanding social engineering concepts, Social Engineering Techniques, Insider Threats, Impersonation on Social Networking Sites, Identity Theft, and countermeasures
UNIT – VI  Session Hijacking: Understanding Session Hijacking Concepts, Application-Level Session Hijacking, Network Level Session Hijacking, overview of Session Hijacking Tools, Understanding Countermeasures and Penetration Testing.  SQL Injection: SQL Injection Concepts, Types of SQL Injection, SQL Injection Methodology SQL Injection Tools, Evasion Techniques and Countermeasure.
Rapid Growth Of Internet-Cyber Crime Increased
CYBER CRIMES  Email : Mahesh bank  Mobile : Covid-19  Cloud : Amazon cloud ( DDoS attack)  Ransomware: North American land developer was hit (151,000 employees at risk)  Credential stuffing : Zoom (500,000 usernames and passwords di)  App: Bahubali-2 cinema booking.
ONLINE FRAUDS  Purchase fraud  Job fraud  Insurance fraud  Admission fraud  Fake website fraud  Investment fraud  Matrimonial fraud  Loan fraud.
unit-1.pptx
HACKING  Exploiting weakness in a computer system to gain unauthorized access to obtain information.
Hacking Hacking is the act of compromising digital devices and networks through unauthorized access to an account or computer system. Hacking is not always a malicious act, but it is most commonly associated with illegal activity and data theft by cyber criminals. Hacking refers to the misuse of devices like computers, smartphones, tablets, and networks to cause damage to or corrupt systems, gather information on users, steal data and documents, or disrupt data-related activity.
HACKER  They are powerful skilled individuals who break into the system by bypassing the security measures to achieve a goal.  A person who performs hacking is called a hacker.
Types of Hackers
Black hat Hacker
Grey Hat Hacker
White Hat Hacker
Types of Hackers
Types of Hackers
Green hat hacker  A green hat hacker is someone who is new to the hacking world but is intently focused on increasing their cyberattack skills.  They primarily focus on gaining knowledge on how to perform cyberattacks on the same level as their black hat counterparts.  Their main intent is to eventually evolve into a full-fledged hacker, so they spend their time looking for learning opportunities from more experienced hackers.  Motives: To learn how to become an experienced hacker
Blue hat hackers  Blue hat hackers are hired by organizations to bug-test a new software or system network before it’s released. Their role is to find loopholes or security vulnerabilities in the new software and remedy them before it launches.  Motives: To identify vulnerabilities in new organizational software before it’s released
Red Hat Government-Hired Hackers  Red hat hackers are hired by government agencies to spot vulnerabilities in security systems, with a specific focus on finding and disarming black hat hackers.  They’re known to be particularly ruthless in their hunt for black hat criminals, and typically use any means possible to take them down. This often looks like using the same tactics as black hat hackers and using them against them— using the same malware, viruses and other strategies to compromise their machines from the inside out.
Ethical Hacking  Ethical Hacking is performed by White Hat Hackers to find the security vulnerabilities of the system and prevent the Black Hat hackers from illegally infiltrating and stealing data from any system.  The big organizations perform ethical hacking to test the cybersecurity level and identify the weak points.  Ethical hacking is performed as per the rules and regulations set by the legal authorities.
Unethical Hacking  Unethical Hacking or Black Hat hacking is performed by cybercriminals with the false intention of stealing sensitive data, money, and access the restricted networks and systems.  Such type of hacking is practiced to disrupt official website networks and infiltrate communication between two or more parties.  Unethical hacking is hacking done by violating the rules and regulations set by the legal authorities.
Difference between Ethical & unethical Hacking S. No. Hacking Ethical Hacking 1. Steal valuable information of company and individual for illegal activity Hack system to reduce vulnerabilities of company’s system 2. Illegal practice and considered a crime Legal practice, authorized by the company or individual 3. Such types of hackers are called black-hat hackers Such types of hackers are called white-hat hackers 4. Such hackers try to access restricted networks through illegal practices and reduce the security of data. Such hackers create firewalls and security protocols. 5. They work for themselves for dirty money. They work with different government agencies and big tech companies.
Parts of Web The web is divided into three categories, which are  The Surface Web,  Deep Web, and  Dark Web
Parts of Web
unit-1.pptx
Surface Web:  The surface web is the normal web that is everyone knows and it is visible for all users who use the internet.  The websites on the surface web are mostly indexed or promoted by search engines. Google, Bing, Yahoo, etc.  All these are the search engines where users come and search the content accordingly his/her needs.  The user can open websites and collect information. But the interesting thing is that on the surface web have only 4% of the content is only available for the general public in the entire ocean of the web.  The internet is a huge and vast amount of information but the big amount of people don’t know. And they think only what they see only this is the internet nothing else.
The deep web  The deep web is the secret web that is not visible for the normal user only who has access and who is authorized can access and use the information.  It is a group of many different websites or many pages but they are not indexed by search engines.  It is used to storing most personal information like Cloud storage, any Organization’s Personal Data, and Military Data, etc.
unit-1.pptx
Deep web  Simple examples of deep web content include financial data, social security databases, email inboxes, social media, medical documentation, legal files, blog posts that are pending review and web page redesigns that are in progress.  The dark web technically speaking, is a subsection of the deep web  More than 200,000 websites exist on the deep web.  The volume of public data on the deep web is 400 to 500 times greater than that of surface web.  The deep web hosts approximately 7,500 terabytes of data, compared to the 19 terabytes hosted on the surface web.
The dark web  The dark web also known as the darknet, it is an encrypted part of the internet that isn’t indexed by search engines like Google, Bing, Yahoo, etc. The dark web is a subdirectory of the deep web.
Dark web  Dark web pages need special software such as the Tor browser with the appropriate decryption key, in addition to access rights and understanding of the place to find the content.  The Dark Web is composed of Networks and may only be accessed with special software (based on the network you would like to connect to, together with TOR Network employing the TOR proxy and proxy ) and specifically configured network settings, which means you properly and anonymously connect with the Network.
Dark Web  The content on the dark web has the potential to be more dangerous, this content is usually walled off from regular users.  However, it is entirely possible for regular users to accidentally come across harmful content while browsing the deep web, which is much more easily accessible.
unit-1.pptx
Hacking Phases The following are the five phases of hacking: - 1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Clearing Tracks
1. Reconnaissance Reconnaissance is an initial preparing phase for the attacker to get ready for an attack by gathering the information about the target before launching an attack using different tools and techniques. Emp details, Ip address, domain names, sub domain names, location, etc
Types of Reconnaissance Passive Reconnaissance, the hacker is acquiring the information about target without interacting the target directly. An example of passive reconnaissance is public or social media searching for gaining information about the target. Active Reconnaissance is gaining information by acquiring the target directly. Examples of active reconnaissance are via calls, emails, help desk or technical departments.
2. Scanning  Scanning phase is a pre-attack phase.  In this phase, attacker scans the network by information acquired during the initial phase of reconnaissance.  Scanning tools include Scanners such as Port scanners, Network mappers, client tools such as ping, as well as vulnerabilities scanner.  During the scanning phase, attacker finally fetches the information of ports including port status, operating system information, device type, live machines, and other information depending upon scanning.
3. Gaining Access  Gaining access phase of hacking is the point where the hacker gets the control over an operating system, application or computer network.  Techniques include password cracking, denial of service, session hijacking or buffer overflow and others are used to gain unauthorized access.  After accessing the system; the attacker escalates the privileges to obtain complete control over services and process and compromise the connected intermediate systems.
4. Maintaining Access / Escalation of Privileges  Maintaining access phase is the point when an attacker is trying to maintain the access, ownership & control over the compromised systems.  Similarly, attacker prevents the owner from being owned by any other hacker. They use Backdoors, Rootkits or Trojans to retain their ownership.  In this phase, an attacker may steal information by uploading the information to the remote server, download any file on the resident system, and manipulate the data and configuration.  To compromise other systems, the attacker uses this compromised system to launch attacks.
5. Clearing Tracks  An attacker must hide his identity by covering the tracks. Covering tracks are those activities which are carried out to hide the malicious activities.  Covering track is most required for an attacker to fulfill their intentions by continuing the access to the compromised system, remain undetected & gain what they want, remain unnoticed and wipe all evidence that indicates his identity.  To manipulate the identity and evidence, the attacker overwrites the system, application, and other related logs to avoid suspicion.
unit-1.pptx

More Related Content

PPTX
https://www.slideshare.net/slideshow/chapter-1-ob-38248150/38248150
MubashirHussain792093
 
PPTX
Hacking.pptx
Yogesh Chauhan
 
PPTX
Engineering report ca2_Kritakbiswas.pptx
prosunghosh7
 
PPTX
CSE-Ethical-Hacking-ppt.pptx
AnshumaanTiwari2
 
PPTX
Cse ethical hacking ppt
shreya_omar
 
PPTX
CSE-Ethical-Hacking-ppt.pptx
VishnuVarma47
 
PPTX
Ethical hacking 2016
arohan6
 
PPTX
Ethical hacking
arohan6
 
https://www.slideshare.net/slideshow/chapter-1-ob-38248150/38248150
MubashirHussain792093
 
Hacking.pptx
Yogesh Chauhan
 
Engineering report ca2_Kritakbiswas.pptx
prosunghosh7
 
CSE-Ethical-Hacking-ppt.pptx
AnshumaanTiwari2
 
Cse ethical hacking ppt
shreya_omar
 
CSE-Ethical-Hacking-ppt.pptx
VishnuVarma47
 
Ethical hacking 2016
arohan6
 
Ethical hacking
arohan6
 

Similar to unit-1.pptx (20)

PPTX
Ethical hacking
arohan6
 
PPTX
GEC-LIE Chapter-3.-Lesson-5-Hacking.pptx
AnjieVillarba1
 
PPTX
Ethical-Hacking-ppt.pptx
MaheshDhope1
 
PPTX
Hacking
VipinYadav257
 
PPTX
Presentation on ethical hacking
Sunny Sundeep
 
DOCX
ethical hacking report
Akhilesh Patel
 
PPTX
Introduction ethical hacking
Vishal Kumar
 
PPTX
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
PDF
Ethical Hacking And Hacking Attacks
Aman Gupta
 
RTF
Hacking and its types
Rishab Gupta
 
PPTX
Ethical hacking
Vishesh Singhal
 
ODP
Ethical hacking ppt
himanshujoshi238
 
PPTX
Ethical Hacking.pptx
MadhuKumar114889
 
PPTX
Dhams hacking
dharmesh ram
 
PPTX
hacking basics
dharmesh ram
 
PPT
Introduction To Ethical Hacking
Akshay Kale
 
PDF
Ethical Hacking Module 1 Notes by Hackopedia
Hackopedia Utkarsh Thakur
 
PPTX
13-5-2025 a13-5-2025 a13-5-2025 a13-5-2025 a.pptx
FutureTechnologies3
 
PPTX
Hacking and Penetration Testing - a beginners guide
Pankaj Dubey
 
PPTX
N.vinodh
vinodhkn
 
Ethical hacking
arohan6
 
GEC-LIE Chapter-3.-Lesson-5-Hacking.pptx
AnjieVillarba1
 
Ethical-Hacking-ppt.pptx
MaheshDhope1
 
Hacking
VipinYadav257
 
Presentation on ethical hacking
Sunny Sundeep
 
ethical hacking report
Akhilesh Patel
 
Introduction ethical hacking
Vishal Kumar
 
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
Ethical Hacking And Hacking Attacks
Aman Gupta
 
Hacking and its types
Rishab Gupta
 
Ethical hacking
Vishesh Singhal
 
Ethical hacking ppt
himanshujoshi238
 
Ethical Hacking.pptx
MadhuKumar114889
 
Dhams hacking
dharmesh ram
 
hacking basics
dharmesh ram
 
Introduction To Ethical Hacking
Akshay Kale
 
Ethical Hacking Module 1 Notes by Hackopedia
Hackopedia Utkarsh Thakur
 
13-5-2025 a13-5-2025 a13-5-2025 a13-5-2025 a.pptx
FutureTechnologies3
 
Hacking and Penetration Testing - a beginners guide
Pankaj Dubey
 
N.vinodh
vinodhkn
 
Ad

More from Srinivas Kanakala (20)

PPTX
EXERCISE 2: Importance of visualizations Principles of communicating data, Pr...
Srinivas Kanakala
 
PPTX
cyber security unit introduction to privacy
Srinivas Kanakala
 
PPTX
620054032-20220209112111-PPT06-Probabilistic-Reasoning.pptx
Srinivas Kanakala
 
PPT
IPR Unit 3 Copyrights and Geographical indications -.ppt
Srinivas Kanakala
 
PPTX
Forensics Analysis of Email cyber forensics
Srinivas Kanakala
 
PPTX
cyber forensics, of email analysis using
Srinivas Kanakala
 
DOCX
list of Scopus journals to publish papers
Srinivas Kanakala
 
DOCX
international conferences names and link
Srinivas Kanakala
 
PPTX
introduction to cyber forensics, digital
Srinivas Kanakala
 
PPTX
Cyberspace and the Law & Cyber Forensics
Srinivas Kanakala
 
PPTX
Cyber Security Concepts, layers of security,
Srinivas Kanakala
 
PPTX
UNIT 1 INTELLIGENT AGENTS ARTIFICIAL INTELIGENCE
Srinivas Kanakala
 
PPTX
FOUNDATIONS OF ARTIFICIAL INTELIGENCE BASICS
Srinivas Kanakala
 
PPTX
MALWARE ANALYSIS USING DEEP LEARNING PRE
Srinivas Kanakala
 
PPTX
System Logs Anomaly Detection Using Deep Learning
Srinivas Kanakala
 
PDF
RM IPR R22 SYLLABUS REESEARCH METHODOLOGY HELPS FOR WRITING ARTICILES
Srinivas Kanakala
 
PDF
Computer Network Security and Cyber Ethics ( PDFDrive ).pdf
Srinivas Kanakala
 
PDF
Cyber Crime Investigations ( PDFDrive ).pdf
Srinivas Kanakala
 
PPTX
Software Estimation: Components of Software Estimations, Estimation methods...
Srinivas Kanakala
 
PPTX
FLOWCHARTS.pptx
Srinivas Kanakala
 
EXERCISE 2: Importance of visualizations Principles of communicating data, Pr...
Srinivas Kanakala
 
cyber security unit introduction to privacy
Srinivas Kanakala
 
620054032-20220209112111-PPT06-Probabilistic-Reasoning.pptx
Srinivas Kanakala
 
IPR Unit 3 Copyrights and Geographical indications -.ppt
Srinivas Kanakala
 
Forensics Analysis of Email cyber forensics
Srinivas Kanakala
 
cyber forensics, of email analysis using
Srinivas Kanakala
 
list of Scopus journals to publish papers
Srinivas Kanakala
 
international conferences names and link
Srinivas Kanakala
 
introduction to cyber forensics, digital
Srinivas Kanakala
 
Cyberspace and the Law & Cyber Forensics
Srinivas Kanakala
 
Cyber Security Concepts, layers of security,
Srinivas Kanakala
 
UNIT 1 INTELLIGENT AGENTS ARTIFICIAL INTELIGENCE
Srinivas Kanakala
 
FOUNDATIONS OF ARTIFICIAL INTELIGENCE BASICS
Srinivas Kanakala
 
MALWARE ANALYSIS USING DEEP LEARNING PRE
Srinivas Kanakala
 
System Logs Anomaly Detection Using Deep Learning
Srinivas Kanakala
 
RM IPR R22 SYLLABUS REESEARCH METHODOLOGY HELPS FOR WRITING ARTICILES
Srinivas Kanakala
 
Computer Network Security and Cyber Ethics ( PDFDrive ).pdf
Srinivas Kanakala
 
Cyber Crime Investigations ( PDFDrive ).pdf
Srinivas Kanakala
 
Software Estimation: Components of Software Estimations, Estimation methods...
Srinivas Kanakala
 
FLOWCHARTS.pptx
Srinivas Kanakala
 
Ad

Recently uploaded (20)

PDF
AI/ML Infra Meetup | Beyond S3's Basics: Architecting for AI-Native Data Access
Alluxio, Inc.
 
PDF
EaseUS PDF Editor Pro 6.2.0.2 Crack with License Key 2025
halimaanam8
 
PDF
Wondershare Recoverit Full Crack New Version (Latest 2025)
hashmi66g66
 
PPTX
most interesting chapter in the world ppt
sreyashmuppana
 
PPTX
MLforCyber_MLDataSetsandFeatures_Presentation.pptx
AaryaNaik8
 
PPTX
How to Odoo 19 Installation on Ubuntu - CandidRoot
CandidRoot Solutions Private Limited
 
PDF
Top 10 Software Development Trends to Watch in 2025 🚀.pdf
KodekX
 
PDF
BoxLang Dynamic AWS Lambda - Japan Edition
Ortus Solutions, Corp
 
PDF
The Dynamic Duo Transforming Financial Accounting Systems Through Modern Expe...
Triforce Global
 
PDF
Microsoft Office 365 Crack Download Free
wasibhadar
 
PDF
Guide to Food Delivery App Development.pdf
Lilac infotech
 
PDF
Visual explanation of Dijkstra's Algorithm using Python
Universidad Nacional de Ingenieria
 
PPTX
Lecture 5 Software Requirement Engineering
Huda Nasir
 
PPTX
Airline CRS | Airline CRS Systems | CRS System
yugababu033
 
PPTX
Matchmaking for JVMs: How to Pick the Perfect GC Partner
Tier1 app
 
PDF
Multiverse AI Review 2025: Access All TOP AI Model-Versions!
Moshiur Rahman Jisan
 
PPTX
Introduction to Windows Operating System
ssuser1028f8
 
PPTX
GSA Content Generator Crack (2025 Latest)
halimaanam8
 
PPTX
4Seller: The All-in-One Multi-Channel E-Commerce Management Platform for Glob...
4Seller Multi-channel Ecommerce Tool
 
PDF
Ableton Live Suite for MacOS Crack Full Download (Latest 2025)
hashmi66g66
 
AI/ML Infra Meetup | Beyond S3's Basics: Architecting for AI-Native Data Access
Alluxio, Inc.
 
EaseUS PDF Editor Pro 6.2.0.2 Crack with License Key 2025
halimaanam8
 
Wondershare Recoverit Full Crack New Version (Latest 2025)
hashmi66g66
 
most interesting chapter in the world ppt
sreyashmuppana
 
MLforCyber_MLDataSetsandFeatures_Presentation.pptx
AaryaNaik8
 
How to Odoo 19 Installation on Ubuntu - CandidRoot
CandidRoot Solutions Private Limited
 
Top 10 Software Development Trends to Watch in 2025 🚀.pdf
KodekX
 
BoxLang Dynamic AWS Lambda - Japan Edition
Ortus Solutions, Corp
 
The Dynamic Duo Transforming Financial Accounting Systems Through Modern Expe...
Triforce Global
 
Microsoft Office 365 Crack Download Free
wasibhadar
 
Guide to Food Delivery App Development.pdf
Lilac infotech
 
Visual explanation of Dijkstra's Algorithm using Python
Universidad Nacional de Ingenieria
 
Lecture 5 Software Requirement Engineering
Huda Nasir
 
Airline CRS | Airline CRS Systems | CRS System
yugababu033
 
Matchmaking for JVMs: How to Pick the Perfect GC Partner
Tier1 app
 
Multiverse AI Review 2025: Access All TOP AI Model-Versions!
Moshiur Rahman Jisan
 
Introduction to Windows Operating System
ssuser1028f8
 
GSA Content Generator Crack (2025 Latest)
halimaanam8
 
4Seller: The All-in-One Multi-Channel E-Commerce Management Platform for Glob...
4Seller Multi-channel Ecommerce Tool
 
Ableton Live Suite for MacOS Crack Full Download (Latest 2025)
hashmi66g66
 

unit-1.pptx

  • 1. ETHICAL HACKING BY DR. V. PRASHANTHI Senior Assistant Professor Dept-CSE-CYS,DS and AI&DS
  • 2. UNIT- I:  Introduction to Ethical Hacking: Hacking, Ethical Hacking, Difference between the Ethical Hacking and Unethical Hacking. Types of Hackers, Three parts of the web.  Foot printing: Objectives of Foot Printing, Understanding Foot Printing concepts, Types of Foot printing, Foot Printing through search engines, advanced Hacking techniques, Web services and social networking sites. Understanding Web site Foot printing, E-mail Foot printing and Competitive Intelligence. Understanding Whois, DNS and Network Foot printing
  • 3. UNIT – II  Foot printing Tools: Foot printing through Social Engineering, Understanding different Foot Printing Tools-MALTEGO, RECON-NG and FOCA and Counter Measures.  Scanning Networks: Overview of network scanning, understanding various scanning tools-NMAP, ZEN MAP, angryip.org, PacketBuilder2.0, checking for live systems, Scanning tools for mobile, Overview of scanning pen testing.
  • 4. UNIT – III  Enumeration: What is enumeration? Understanding different techniques of enumeration-SNMP, LDAP, NTP, and DNS.  Vulnerability analysis: Vulnerability research, Vulnerability classification, what is vulnerability assessment-Nessus professional ,GFI languard, Openvas, Retina CS, Qualys free scan, Nitko, Microsoft base line security analiser, automated vulnerable detection system, types of vulnerability assessments, Exploit database, Types of vulnerability tools, Characteristics of a good vulnerability assessment solution, Choosing a vulnerability tool, Criteria for choosing a vulnerability assessment tool, Best practices for selecting vulnerability tools.
  • 5. UNIT – IV  System Hacking: Overview of CEH Hacking methodology, understanding different techniques to gain access to the system, privilege escalation techniques,  overview of different types of rootkits, techniques to hide the evidence of compromise, system hacking penetration testing.  Password cracking: Types of password attacks, online tools to search default passwords: default password.info, ZTE default usernames and passwords,  `Active online attack: Trojan/spyware/keyloggers, Password relevance tools.
  • 6. UNIT – V  Malware threats: How hackers use Trojans, common ports used by trojans, trojan horse construction kit, RIG exploit kit, command shell trojan, remote access trojan, Study of spyrix.com, flaticon.com and anti-trojan software.  Sniffing: sniffing concepts, sniffing tools-Wireshark tool, oxid.it, Sniffer detection techniques: PING and DNS methods.  Social Engineering: Understanding social engineering concepts, Social Engineering Techniques, Insider Threats, Impersonation on Social Networking Sites, Identity Theft, and countermeasures
  • 7. UNIT – VI  Session Hijacking: Understanding Session Hijacking Concepts, Application-Level Session Hijacking, Network Level Session Hijacking, overview of Session Hijacking Tools, Understanding Countermeasures and Penetration Testing.  SQL Injection: SQL Injection Concepts, Types of SQL Injection, SQL Injection Methodology SQL Injection Tools, Evasion Techniques and Countermeasure.
  • 8. Rapid Growth Of Internet-Cyber Crime Increased
  • 9. CYBER CRIMES  Email : Mahesh bank  Mobile : Covid-19  Cloud : Amazon cloud ( DDoS attack)  Ransomware: North American land developer was hit (151,000 employees at risk)  Credential stuffing : Zoom (500,000 usernames and passwords di)  App: Bahubali-2 cinema booking.
  • 10. ONLINE FRAUDS  Purchase fraud  Job fraud  Insurance fraud  Admission fraud  Fake website fraud  Investment fraud  Matrimonial fraud  Loan fraud.
  • 12. HACKING  Exploiting weakness in a computer system to gain unauthorized access to obtain information.
  • 13. Hacking Hacking is the act of compromising digital devices and networks through unauthorized access to an account or computer system. Hacking is not always a malicious act, but it is most commonly associated with illegal activity and data theft by cyber criminals. Hacking refers to the misuse of devices like computers, smartphones, tablets, and networks to cause damage to or corrupt systems, gather information on users, steal data and documents, or disrupt data-related activity.
  • 14. HACKER  They are powerful skilled individuals who break into the system by bypassing the security measures to achieve a goal.  A person who performs hacking is called a hacker.
  • 21. Green hat hacker  A green hat hacker is someone who is new to the hacking world but is intently focused on increasing their cyberattack skills.  They primarily focus on gaining knowledge on how to perform cyberattacks on the same level as their black hat counterparts.  Their main intent is to eventually evolve into a full-fledged hacker, so they spend their time looking for learning opportunities from more experienced hackers.  Motives: To learn how to become an experienced hacker
  • 22. Blue hat hackers  Blue hat hackers are hired by organizations to bug-test a new software or system network before it’s released. Their role is to find loopholes or security vulnerabilities in the new software and remedy them before it launches.  Motives: To identify vulnerabilities in new organizational software before it’s released
  • 23. Red Hat Government-Hired Hackers  Red hat hackers are hired by government agencies to spot vulnerabilities in security systems, with a specific focus on finding and disarming black hat hackers.  They’re known to be particularly ruthless in their hunt for black hat criminals, and typically use any means possible to take them down. This often looks like using the same tactics as black hat hackers and using them against them— using the same malware, viruses and other strategies to compromise their machines from the inside out.
  • 24. Ethical Hacking  Ethical Hacking is performed by White Hat Hackers to find the security vulnerabilities of the system and prevent the Black Hat hackers from illegally infiltrating and stealing data from any system.  The big organizations perform ethical hacking to test the cybersecurity level and identify the weak points.  Ethical hacking is performed as per the rules and regulations set by the legal authorities.
  • 25. Unethical Hacking  Unethical Hacking or Black Hat hacking is performed by cybercriminals with the false intention of stealing sensitive data, money, and access the restricted networks and systems.  Such type of hacking is practiced to disrupt official website networks and infiltrate communication between two or more parties.  Unethical hacking is hacking done by violating the rules and regulations set by the legal authorities.
  • 26. Difference between Ethical & unethical Hacking S. No. Hacking Ethical Hacking 1. Steal valuable information of company and individual for illegal activity Hack system to reduce vulnerabilities of company’s system 2. Illegal practice and considered a crime Legal practice, authorized by the company or individual 3. Such types of hackers are called black-hat hackers Such types of hackers are called white-hat hackers 4. Such hackers try to access restricted networks through illegal practices and reduce the security of data. Such hackers create firewalls and security protocols. 5. They work for themselves for dirty money. They work with different government agencies and big tech companies.
  • 27. Parts of Web The web is divided into three categories, which are  The Surface Web,  Deep Web, and  Dark Web
  • 30. Surface Web:  The surface web is the normal web that is everyone knows and it is visible for all users who use the internet.  The websites on the surface web are mostly indexed or promoted by search engines. Google, Bing, Yahoo, etc.  All these are the search engines where users come and search the content accordingly his/her needs.  The user can open websites and collect information. But the interesting thing is that on the surface web have only 4% of the content is only available for the general public in the entire ocean of the web.  The internet is a huge and vast amount of information but the big amount of people don’t know. And they think only what they see only this is the internet nothing else.
  • 31. The deep web  The deep web is the secret web that is not visible for the normal user only who has access and who is authorized can access and use the information.  It is a group of many different websites or many pages but they are not indexed by search engines.  It is used to storing most personal information like Cloud storage, any Organization’s Personal Data, and Military Data, etc.
  • 33. Deep web  Simple examples of deep web content include financial data, social security databases, email inboxes, social media, medical documentation, legal files, blog posts that are pending review and web page redesigns that are in progress.  The dark web technically speaking, is a subsection of the deep web  More than 200,000 websites exist on the deep web.  The volume of public data on the deep web is 400 to 500 times greater than that of surface web.  The deep web hosts approximately 7,500 terabytes of data, compared to the 19 terabytes hosted on the surface web.
  • 34. The dark web  The dark web also known as the darknet, it is an encrypted part of the internet that isn’t indexed by search engines like Google, Bing, Yahoo, etc. The dark web is a subdirectory of the deep web.
  • 35. Dark web  Dark web pages need special software such as the Tor browser with the appropriate decryption key, in addition to access rights and understanding of the place to find the content.  The Dark Web is composed of Networks and may only be accessed with special software (based on the network you would like to connect to, together with TOR Network employing the TOR proxy and proxy ) and specifically configured network settings, which means you properly and anonymously connect with the Network.
  • 36. Dark Web  The content on the dark web has the potential to be more dangerous, this content is usually walled off from regular users.  However, it is entirely possible for regular users to accidentally come across harmful content while browsing the deep web, which is much more easily accessible.
  • 38. Hacking Phases The following are the five phases of hacking: - 1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Clearing Tracks
  • 39. 1. Reconnaissance Reconnaissance is an initial preparing phase for the attacker to get ready for an attack by gathering the information about the target before launching an attack using different tools and techniques. Emp details, Ip address, domain names, sub domain names, location, etc
  • 40. Types of Reconnaissance Passive Reconnaissance, the hacker is acquiring the information about target without interacting the target directly. An example of passive reconnaissance is public or social media searching for gaining information about the target. Active Reconnaissance is gaining information by acquiring the target directly. Examples of active reconnaissance are via calls, emails, help desk or technical departments.
  • 41. 2. Scanning  Scanning phase is a pre-attack phase.  In this phase, attacker scans the network by information acquired during the initial phase of reconnaissance.  Scanning tools include Scanners such as Port scanners, Network mappers, client tools such as ping, as well as vulnerabilities scanner.  During the scanning phase, attacker finally fetches the information of ports including port status, operating system information, device type, live machines, and other information depending upon scanning.
  • 42. 3. Gaining Access  Gaining access phase of hacking is the point where the hacker gets the control over an operating system, application or computer network.  Techniques include password cracking, denial of service, session hijacking or buffer overflow and others are used to gain unauthorized access.  After accessing the system; the attacker escalates the privileges to obtain complete control over services and process and compromise the connected intermediate systems.
  • 43. 4. Maintaining Access / Escalation of Privileges  Maintaining access phase is the point when an attacker is trying to maintain the access, ownership & control over the compromised systems.  Similarly, attacker prevents the owner from being owned by any other hacker. They use Backdoors, Rootkits or Trojans to retain their ownership.  In this phase, an attacker may steal information by uploading the information to the remote server, download any file on the resident system, and manipulate the data and configuration.  To compromise other systems, the attacker uses this compromised system to launch attacks.
  • 44. 5. Clearing Tracks  An attacker must hide his identity by covering the tracks. Covering tracks are those activities which are carried out to hide the malicious activities.  Covering track is most required for an attacker to fulfill their intentions by continuing the access to the compromised system, remain undetected & gain what they want, remain unnoticed and wipe all evidence that indicates his identity.  To manipulate the identity and evidence, the attacker overwrites the system, application, and other related logs to avoid suspicion.