its contains all the topics which are related to the ethical hacking its also be cover the penetration testing and describe the difference between ethical hacker and non ethical hackers

4.  Hacking is the act of finding the possible entry points that exist in a
computer system or a computer network and finally entering into them.
Hacking is usually done to gain unauthorized access to a computer
system or a computer network, either to harm the systems or to steal
sensitive information available on the computer
 Hacking is usually legal as long as it is being done to find weaknesses in a
computer or network system for testing purpose. This sort of hacking is
what we call Ethical Hacking.
Introduction

5. Hackers
 A computer expert who does the act of hacking is called a "Hacker".
 Hackers are those who seek knowledge, to understand how systems operate, how they are
designed, and then attempt to play with these systems.
 Access computer system or network without authorization.
 Breaks the law
Ethical hackers
 Performs most of the same activities but with owner’s permission
 Employed by companies to perform Penetration Tests

6. Types of Hackers
 White Hat Hacker
• Good guys
• Don’t use their skill for illegal purpose
• Computer security experts and help to protect from
 Black Hat Hacker
• Bad guys
• Use their skill maliciously for personal gain
• Hack banks, steal credit cards and deface websites
 Grey Hat Hacker
• It is a combination of White hat n Black Hat Hackers
• Goal of grey

7. System Hacking
 System hacking is defined as the compromise of computer systems and software to access
the target computer and steal or misuse their sensitive information.
 Here the malicious hacker exploits the weaknesses in a computer system or network to
gain unauthorized access to its data or take illegal advantage.
 Mostly System hacking are authorized and unwanted users are accessing the system
without the permission of the owner are original system users.

8. Vulnerability
 A vulnerability is a weakness which can be exploited by a threat actor, such as an
attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a
computer system.
 To exploit a vulnerability, an attacker must have at least one applicable tool or
technique that can connect to a system weakness.
 . In this frame, vulnerabilities are also known as the attack surface.

9. Virus and Worms
 A Viruses are typically attached to an executable file or a word document.
 They often spread via P2P file sharing, infected websites, and email attachment downloads.
 Once a virus finds its way onto your system, it will remain dormant until the infected host file
or program is activated, which in turn makes the virus active enabling it to run and replicate
on your system
 Viruses can be divided according to the method that they use to infect a computer:
 File viruses
 Boot sector viruses
 Macro viruses
 Script viruses

10. Worms
 They don't need a host program in order for them to run, self-replicate and propagate.
 Once a worm has made its way onto your system, usually via a network connection or as a
downloaded file, it can then make multiple copies of itself and spread via the network or
internet connection infecting any inadequately-protected computers and servers on the
network.
 Because each subsequent copy of a network worm can also self-replicate, infections can
spread very rapidly via the internet and computer networks.

11. Trojan
 A Trojan horse or Trojan is a type of malware that is often disguised as legitimate
software.
 Trojans can be employed by cyber-thieves and hackers trying to gain access to users'
systems.
 Users are typically tricked by some form of social engineering into loading and
executing Trojans on their systems.
 Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive
data, and gain backdoor access to your system. These actions can include:
 Deleting data
 Blocking data
 Modifying data
 Copying data
 Disrupting the performance of computers or computer networks

12. Backdoors
 Backdoor is a term that refers to the access of the software or hardware of a computer
system without being detected.
 The backdoor can be created by the developer themselves so that they can quickly and
easily make changes to the code without the need to log in to the system.
 a backdoor refers to any method by which authorized and unauthorized users are able to get
around normal security measures and gain high level user access (aka root access) on a
computer system, network, or software application.
 Once they're in, cybercriminals can use a backdoor to steal personal and financial data,
install additional malware, and hijack devices.

13. DOS Attacks
A "denial-of-service" attack is characterized by an explicit attempt by attackers to
prevent legitimate users of a service from using that service. Examples include
 attempts to "flood" a network, thereby preventing legitimate network traffic
 attempts to disrupt connections between two machines, thereby preventing access
to a service
 attempts to prevent a particular individual from accessing a service
 attempts to disrupt service to a specific system or person

15. Distribution of attack techniques: April 2013

17. Physical Security
 Physical security can be defined as the protection and concern regarding information-
related assets storage devices, hard drives, computers, organizations' machines, and
laptops and servers.
 The protection is mainly taken care of real-world threats and crimes such as unauthorized
access, natural disasters like fire and flood, a human-made disaster like theft, etc.
 This type of security requires physical controls such as locks, protective barriers, in-
penetrable walls and doors, uninterrupted power supply, and or security personnel for
protecting private and sensitive data stored in servers.

18. Objectives of Physical Security
 Understand the needs for physical security.
 Identify threats to information security that are connected to physical security.
 Describe the key physical security considerations for selecting a facility site.
 Identify physical security monitoring components.
 Understand the importance of fire safety programs.
 Describe the components of fire detection and response.

19. Cryptography
 Cryptography is the art of converting text into another form for secret transmission and
reception.
 It works by converting plain text into cipher text using some encryption algorithm at the
sender’s side and converting ciphertext into plain text at the receiver’s.
 Cryptography is used to provide confidentiality, integrity, authenticity and non-repudiation.

20. Here two keys are used, Public key is used for encryption and Private key is used for
decryption
Here one single key is used for encryption and same key is used for decryption. DES and AES are
examples of symmetric key cryptography.

21. Penetration Testing
 Penetration testing is aimed at finding vulnerabilities, malicious content, flaws, and
risks. This is done to strengthen the organization’s security system to defend the IT
infrastructure.
 Penetration testing is an official procedure that can be deemed helpful and not a
harmful attempt.
 It forms part of an ethical hacking process where it specifically focuses only on
penetrating the information system.
 While it is helpful in improving cybersecurity strategies, penetration testing should
be performed regularly.
 Malicious content is built to discover weak points in the applications, systems or
programs and keep emerging and spreading in the network.

22.  A regular pertest may not sort out all security concerns, but it significantly
minimizes the probability of a successful attack.

23. Steps used by hacker