its contains all the topics which are related to the ethical hacking
its also be cover the penetration testing and describe the difference between ethical hacker and non ethical hackers
4. Hacking is the act of finding the possible entry points that exist in a
computer system or a computer network and finally entering into them.
Hacking is usually done to gain unauthorized access to a computer
system or a computer network, either to harm the systems or to steal
sensitive information available on the computer
Hacking is usually legal as long as it is being done to find weaknesses in a
computer or network system for testing purpose. This sort of hacking is
what we call Ethical Hacking.
Introduction
5. Hackers
A computer expert who does the act of hacking is called a "Hacker".
Hackers are those who seek knowledge, to understand how systems operate, how they are
designed, and then attempt to play with these systems.
Access computer system or network without authorization.
Breaks the law
Ethical hackers
Performs most of the same activities but with owner’s permission
Employed by companies to perform Penetration Tests
6. Types of Hackers
White Hat Hacker
• Good guys
• Don’t use their skill for illegal purpose
• Computer security experts and help to protect from
Black Hat Hacker
• Bad guys
• Use their skill maliciously for personal gain
• Hack banks, steal credit cards and deface websites
Grey Hat Hacker
• It is a combination of White hat n Black Hat Hackers
• Goal of grey
7. System Hacking
System hacking is defined as the compromise of computer systems and software to access
the target computer and steal or misuse their sensitive information.
Here the malicious hacker exploits the weaknesses in a computer system or network to
gain unauthorized access to its data or take illegal advantage.
Mostly System hacking are authorized and unwanted users are accessing the system
without the permission of the owner are original system users.
8. Vulnerability
A vulnerability is a weakness which can be exploited by a threat actor, such as an
attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a
computer system.
To exploit a vulnerability, an attacker must have at least one applicable tool or
technique that can connect to a system weakness.
. In this frame, vulnerabilities are also known as the attack surface.
9. Virus and Worms
A Viruses are typically attached to an executable file or a word document.
They often spread via P2P file sharing, infected websites, and email attachment downloads.
Once a virus finds its way onto your system, it will remain dormant until the infected host file
or program is activated, which in turn makes the virus active enabling it to run and replicate
on your system
Viruses can be divided according to the method that they use to infect a computer:
File viruses
Boot sector viruses
Macro viruses
Script viruses
10. Worms
They don't need a host program in order for them to run, self-replicate and propagate.
Once a worm has made its way onto your system, usually via a network connection or as a
downloaded file, it can then make multiple copies of itself and spread via the network or
internet connection infecting any inadequately-protected computers and servers on the
network.
Because each subsequent copy of a network worm can also self-replicate, infections can
spread very rapidly via the internet and computer networks.
11. Trojan
A Trojan horse or Trojan is a type of malware that is often disguised as legitimate
software.
Trojans can be employed by cyber-thieves and hackers trying to gain access to users'
systems.
Users are typically tricked by some form of social engineering into loading and
executing Trojans on their systems.
Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive
data, and gain backdoor access to your system. These actions can include:
Deleting data
Blocking data
Modifying data
Copying data
Disrupting the performance of computers or computer networks
12. Backdoors
Backdoor is a term that refers to the access of the software or hardware of a computer
system without being detected.
The backdoor can be created by the developer themselves so that they can quickly and
easily make changes to the code without the need to log in to the system.
a backdoor refers to any method by which authorized and unauthorized users are able to get
around normal security measures and gain high level user access (aka root access) on a
computer system, network, or software application.
Once they're in, cybercriminals can use a backdoor to steal personal and financial data,
install additional malware, and hijack devices.
13. DOS Attacks
A "denial-of-service" attack is characterized by an explicit attempt by attackers to
prevent legitimate users of a service from using that service. Examples include
attempts to "flood" a network, thereby preventing legitimate network traffic
attempts to disrupt connections between two machines, thereby preventing access
to a service
attempts to prevent a particular individual from accessing a service
attempts to disrupt service to a specific system or person
17. Physical Security
Physical security can be defined as the protection and concern regarding information-
related assets storage devices, hard drives, computers, organizations' machines, and
laptops and servers.
The protection is mainly taken care of real-world threats and crimes such as unauthorized
access, natural disasters like fire and flood, a human-made disaster like theft, etc.
This type of security requires physical controls such as locks, protective barriers, in-
penetrable walls and doors, uninterrupted power supply, and or security personnel for
protecting private and sensitive data stored in servers.
18. Objectives of Physical Security
Understand the needs for physical security.
Identify threats to information security that are connected to physical security.
Describe the key physical security considerations for selecting a facility site.
Identify physical security monitoring components.
Understand the importance of fire safety programs.
Describe the components of fire detection and response.
19. Cryptography
Cryptography is the art of converting text into another form for secret transmission and
reception.
It works by converting plain text into cipher text using some encryption algorithm at the
sender’s side and converting ciphertext into plain text at the receiver’s.
Cryptography is used to provide confidentiality, integrity, authenticity and non-repudiation.
20. Here two keys are used, Public key is used for encryption and Private key is used for
decryption
Here one single key is used for encryption and same key is used for decryption. DES and AES are
examples of symmetric key cryptography.
21. Penetration Testing
Penetration testing is aimed at finding vulnerabilities, malicious content, flaws, and
risks. This is done to strengthen the organization’s security system to defend the IT
infrastructure.
Penetration testing is an official procedure that can be deemed helpful and not a
harmful attempt.
It forms part of an ethical hacking process where it specifically focuses only on
penetrating the information system.
While it is helpful in improving cybersecurity strategies, penetration testing should
be performed regularly.
Malicious content is built to discover weak points in the applications, systems or
programs and keep emerging and spreading in the network.
22. A regular pertest may not sort out all security concerns, but it significantly
minimizes the probability of a successful attack.