Virtualisasi Hacking
0 likes532 views
This document discusses information security and hacking. It covers topics like security architecture, secure operating systems, hackers who access systems by circumventing security, and the hacker subculture. It provides advice for learning skills like programming and using Unix. It also outlines the typical steps hackers take like reconnaissance, scanning systems to find vulnerabilities, gaining access, maintaining access, and covering their tracks. Specific hacking techniques like sniffing, spoofing, man-in-the-middle attacks, and denial of service attacks are mentioned along with defenses against them. Virtual machines and their use by attackers is briefly discussed. Contact details are provided at the end.
![ Alice sends a message to Bob, which is intercepted by
Mallory:
Alice "Hi Bob, it's Alice. Give me your key"--> Mallory Bob
Mallory relays this message to Bob; Bob cannot tell it is not
really from Alice:
Alice Mallory "Hi Bob, it's Alice. Give me your key"--> Bob
Bob responds with his encryption key:
Alice Mallory <--[Bob's_key] Bob
Mallory replaces Bob's key with her own, and relays this to
Alice, claiming that it is Bob's key:
Alice <--[Mallory's_key] Mallory Bob
Alice encrypts a message with what she believes to be Bob's
key, thinking that only Bob can read it:
Alice "Meet me at the bus stop!"[encryptedwith Mallory's key]-->
Mallory Bob
Alive Bob
Mallory](https://image.slidesharecdn.com/hackingvirtualisasi-111225115016-phpapp01/85/Virtualisasi-Hacking-16-320.jpg)
Virtualisasi Hacking
- 2. a branch of computer technology known as information security as applied to computers and networks Security by design Security architecture Hardware mechanisms that protect computers and data Secure operating systems Secure coding Capabilities and access control lists
- 3. computing Hacker (computersecurity) or cracker, who accesses a computersystem by circumventing its security system Hacker (programmer subculture), who shares an anti- authoritarian approach to software development now associatedwith the free software movemen Hacker (hobbyist), who makes innovative customizations or combinations of retail electronic and computer equipment
- 4. Skills Style Attitude Status Ethics
- 5. Learn how to program Get one of the open-source Unixes and learn to use and run it Learn how to use the World Wide Web If you don't have functional English, learn it!!
- 6. The world is full of fascinating problems waiting to be solved. No problem should ever have to be solved twice. Boredom and drudgery are evil. Freedom is good. Attitudeis no substitutefor competence.
- 7. Write open-sourcesoftware Help test and debug open-source software Publish useful information Help keep the infrastructure working Serve the hacker culture itself
- 9. Reconnaissance hackersfirst perform routine and detailed reconnaissance. Methods of reconnaissance include Dumpster Diving, Social Engineering, Google Searching & Google Hacking, and work their way up to more insidious methods such as infiltrating youremployees environmentsfrom coffee shops to simply walking in and setting up in a cubicle and asking a lot of questions.
- 10. Scanning can reveal vulnerabilities that create a hit list, or triage list, for hackers to work through. Typically, hackers perform port scans and port mapping, while attempting to discover what services and versions of services are actively available on any open or available ports.
- 11. Gaining Access Open ports can lead to a hacker gaining direct access to services and possibly to internal network connections. Whether the hacker is successful attacking an internal system has much to do with how vulnerable the specific system is, which is related to system configurations and architecture.
- 12. Maintain Access Hackers may choose to continue attacking and exploiting the target system, or to explore deeper into the target network and look for more systems and services Hackers can continue to sniff your network looking for more information to use againstyou.
- 13. Covering Tracks Most hackers will attempt to cover their footprints and tracks as carefully as possible. Gaining root level access and administrative access is a big part of covering one’s tracks as the hacker can remove log entries and do so as a privileged administrator as opposed to an unknown hacker.
- 15. Attacking Sniffing Arp Spoofing DNS Spoofing Man In The Middle Attack Defend Tunelling Arp Static Packet sniffer comes in two categories: Active sniffers Passive sniffers.
- 16. Alice sends a message to Bob, which is intercepted by Mallory: Alice "Hi Bob, it's Alice. Give me your key"--> Mallory Bob Mallory relays this message to Bob; Bob cannot tell it is not really from Alice: Alice Mallory "Hi Bob, it's Alice. Give me your key"--> Bob Bob responds with his encryption key: Alice Mallory <--[Bob's_key] Bob Mallory replaces Bob's key with her own, and relays this to Alice, claiming that it is Bob's key: Alice <--[Mallory's_key] Mallory Bob Alice encrypts a message with what she believes to be Bob's key, thinking that only Bob can read it: Alice "Meet me at the bus stop!"[encryptedwith Mallory's key]--> Mallory Bob Alive Bob Mallory
- 17. Attacking DDOS (Distributed Denial of Service Attacks) Defend Firewall/IDS Disableservices by default.
- 18. LOGICAL VIEW OF ATTACK NET Attacker Master Victim Slave SlaveSlave SlaveSlave ControlTraffic Attack Traffic
- 19. Attacking Vulnerability Exploit Defend Firewall Path Software Close Service/Port If Not Use
- 20. Attacking ByPass Pasword login Defend Lock Bios Disable other Bootable
- 21. Attacking Session Hijacking Session Sidejacking Defend Don’t Use “Remeber me” While Login Tunelling (https/ssh) TCP session hijackingis when a hacker takes over a TCP session between two machines
- 22. VirtualBOX
- 23. Virtual Network Only 2 Method for Configuration Netwroking Virtual Bridge Host-Only Adapter N Na b b a b b A = Real B = Virtual N = LAN
- 24. Virtual OS for Attacker Attack From Linux OS Attack From Windows OS
- 25. Web : www.tlab.co.id Mail: karuwak@tlab.co.id Web : www.techno-os.net Mail: karuwak@techno-os.net Company Community karuwak@gmail.com