Download - Cyper security & Ethical hacking
![Page 1: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/1.jpg)
Cyper Security & Ethical Hacking
![Page 2: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/2.jpg)
Penetrate Testing
Password Security
![Page 3: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/3.jpg)
Vulnerability is some flaw in our environment that a malicious attacker could use to cause damage in your organization. Vulnerabilities could exist in numerous areas in our environments, including our system design, business operations, installed softwares, and network configurations.
![Page 4: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/4.jpg)
•Input validation errors, such as: • Format string attacks• SQL injection• E-mail injection• Directory traversal• Cross-site scripting in web applications
•Race conditions, such as: • Time-of-check-to-time-of-use bugs• Sym link races
•Privilege-confusion bugs, such as: • Cross-site request forgery in web applications• Click jacking• FTP bounce attack
![Page 5: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/5.jpg)
In 1988 a "worm program" written by a college student shut down about 10 percent of computers connected to the Internet. This was the beginning of the era of cyber attacks.
Today we have about 10,000 incidents of cyber attacks which are reported and the number grows.
Computer Crime – The Beginning
![Page 6: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/6.jpg)
In February, Kevin Mitnick is arrested for a second time. He is charged with stealing 20,000 credit card numbers. He eventually spends four years in jail and on his release his parole conditions demand that he avoid contact with computers and mobile phones.
On November 15, Christopher Pile becomes the first person to be jailed for writing and distributing a computer virus. Mr Pile, who called himself the Black Baron, was sentenced to 18 months in jail.
The US General Accounting Office reveals that US Defense Department computers sustained 250,000 attacks in 1995.
Computer Crime - 1995
![Page 7: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/7.jpg)
Some of the sites which have been compromised
U.S. Department of Commerce
NASA
CIA
Greenpeace
Motorola
UNICEF
Church of Christ …
Some sites which have been rendered ineffective
Yahoo
Microsoft
Amazon …
Why Security?
![Page 8: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/8.jpg)
HackersWhite hat :
Black hat
Grey hat
A white hat hackers breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software. The term "white hat" in Internet slang refers to an ethical hacker.
A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain"
A grey hat hacker is a combination of a black hat and a white hat hacker.
![Page 9: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/9.jpg)
Scanning
Gaining Access
Maintaining Access
Covering Tracks
Clearing Logs
Placing Backdoor
Hackers Steps
![Page 10: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/10.jpg)
Types of hacking
Normal
data transfer
Interruption Interception
Modification Fabrication
![Page 11: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/11.jpg)
How to translate the hackers’ language (2)
Ex)
1 d1d n0t h4ck th1s p4g3, 1t w4s l1k3 th1s wh3n 1 h4ck3d 1n
I did not hack this page, it was like this when I hacked in
![Page 12: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/12.jpg)
Reverse Engineering
Integrated Circuit’s
Binary Software’s
Source Code
Reverse engineering, also called back engineering, is the process of extracting knowledge or design information from anything man-made
![Page 13: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/13.jpg)
An exploit (using something to one’s own knowledge) is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic
What is Exploit :
![Page 14: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/14.jpg)
Exploit Writing
dSploit is a penetration testing suite developed for the Android operating system
![Page 15: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/15.jpg)
Password hashed and stored
Salt added to randomize password & stored on system
Password attacks launched to crack encrypted password
Password Security
Hash
Function
Hashed
Password
Salt
Compare
Password
Client
Password
Server
Stored Password
Hashed
Password
Allow/Deny Access
![Page 16: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/16.jpg)
Spam
Phishing
Virus
Key Loggers(Hardware , Software)
Password
![Page 17: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/17.jpg)
I. Mail.Anonymizer.nameII. FakEmailer.netIII. FakEmailer.infoIV. Deadfake.com
Email Servers
![Page 18: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/18.jpg)
Example PHP Coding For Mail Phishing
![Page 19: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/19.jpg)
SQL Injection
SQL injection takes advantage of the syntax of SQL to inject commands that can read or modify a database, or compromise the meaning of the original query.
![Page 20: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/20.jpg)
SELECT UserList.Username FROM UserList WHERE UserList.Username = 'Username' AND UserList.Password = 'Password'
SELECT UserList.Username FROM UserList WHERE UserList.Username = 'Username' AND UserList.Password = 'Password' AND ‘1’ = ‘1’
Example SQL Code:
Injected Code:
![Page 21: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/21.jpg)
Wireless Hacking
Wireless hacking is made by the Getting the control the Wireless Networks.Wireless Hacking is made by the Password attacks,Modem dialing via proxy servers
![Page 22: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/22.jpg)
• Wired Equivalent Privacy (WEP)• Wi-Fi Protected Access (WPA/WPA2)
Wireless Security Standards
![Page 23: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/23.jpg)
![Page 24: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/24.jpg)
• Netstumbler• inSSIDer• Kismet• Wireshark• Analysers of AirMagnet• Airopeek• KisMac
Wireless Hacking Softwares
![Page 25: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/25.jpg)
Definition:
Attacker spoofs the address of another machine and inserts itself between the attacked machine and the spoofed machine to intercept replies
IP Spoofing – Source Routing
Replies sent back to 10.10.20.30
Spoofed Address10.10.20.30
Attacker10.10.50.50
John10.10.5.5
From Address: 10.10.20.30To Address: 10.10.5.5
• The path a packet may change can vary over time
• To ensure that he stays in the loop the attacker uses source routing to ensure that the packet passes through certain nodes on the network
Attacker intercepts packetsas they go to 10.10.20.30
Server Hacking
![Page 26: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/26.jpg)
Definition:
Attack through which a person can render a system unusable or
significantly slow down the system for legitimate users by
overloading the system so that no one else can use it.
Types:
1. Crashing the system or network
– Send the victim data or packets which will cause system to crash or
reboot.
2. Exhausting the resources by flooding the system or network with
information
– Since all resources are exhausted others are denied access to the
resources
3. Distributed DOS attacks are coordinated denial of service attacks
involving several people and/or machines to launch attacks
Denial of Service (DOS)
Attack
![Page 27: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/27.jpg)
Types:
1. Ping of Death
2. SSPing
3. Land
4. Smurf
5. SYN Flood
6. CPU Hog
7. Win Nuke
8. RPC Locator
9. Jolt2
10. Bubonic
11. Microsoft Incomplete TCP/IP Packet Vulnerability
12. HP Openview Node Manager SNMP DOS Vulneability
13. Netscreen Firewall DOS Vulnerability
14. Checkpoint Firewall DOS Vulnerability
Denial of Service (DOS)
Attack
![Page 28: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/28.jpg)
Threats
A threat is an agent that may want to or definitely can result in harm to the target organization. Threats include organized crime, spyware, malware, adware companies, and disgruntled internal employees who start attacking their employer. Worms and viruses also characterize a threat as they could possibly cause harm in your organization even without a human directing them to do so by infecting machines and causing damage automatically. Threats are usually referred to as “attackers” or “bad guys”.
![Page 29: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/29.jpg)
Virus
![Page 30: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/30.jpg)
![Page 31: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/31.jpg)
Worms
So big
Autorun.inf
Photos.exe
ILOVEYOU
Bootstrap.com
Windows.exe
![Page 32: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/32.jpg)
•Netbus Advance System Care(by Carl-Fredrik Neikter)•Subseven or Sub7(by Mobman)•Back Orifice (Sir Dystic)•Beast•Zeus•Flashback Trojan (Trojan BackDoor.Flashback)•ZeroAccess•Koobface•Vundo
Trojans
![Page 33: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/33.jpg)
• Chat• Email
Attachments• Website
Downloads• Physical Drives• Network Shares
Trojan Attacks
![Page 34: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/34.jpg)
Attacker can
monitor the session
periodically inject commands into session
launch passive and active attacks from the session
Session Hijacking
Bob telnets to Server
Bob authenticates to Server
Bob
Attacker
Server
Die! Hi! I am Bob
![Page 35: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/35.jpg)
Cryptography
Bob AliceEncryptionDecryption
![Page 36: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/36.jpg)
![Page 37: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/37.jpg)
![Page 38: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/38.jpg)
Firewall & Honey bots
![Page 39: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/39.jpg)
Steganography
![Page 40: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/40.jpg)
![Page 41: Cyper security & Ethical hacking](https://reader038.vdocuments.us/reader038/viewer/2022102723/55a8779c1a28ab4e178b45c0/html5/thumbnails/41.jpg)
Penetrate Testing