SlideShare une entreprise Scribd logo

Hacking by Pratyush Gupta

Télécharger en tant que PPTX, PDF
Tenet Systems Pvt Ltd
Tenet Systems Pvt Ltd

Hacking is a term used to refer to activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks.

Technologie
1  sur  29
Copyright © technoKrats Tenet Systems Pvt. Ltd. An ISO 9001:2008 Certified Company
What is Hacking? Hacking is a term used to refer to activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks.
Copyright © technoKrats A Brief History of Hacking • 1980s - Cyberspace coined -414 arrested -Two hacker groups formed -2600 published • 1990s -National Crackdown on hackers -Kevin Mitnick arrested -Microsoft’s NT operating system infiltrated
Copyright © technoKrats A Brief History of Hacking • 2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others. • 2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account.
Copyright © technoKrats Famous Hackers in History Ian Murphy Kevin Mitnick Johan Helsinguis Linus Torvalds Mark Abene Robert Morris
The Hacker Attitude  Boredom and drudgery are evil. Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work  Freedom is good Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by  Becoming a hacker will take intelligence, practice, dedication, and hard work.
Basic Hacking Skills  Learn how to program. This, of course, is the fundamental hacking skill. If you don't know any computer languages, you cant do hacking.  Get one of the open-source Unix's and learn to use and run it The single most important step any newbie can take towards acquiring hacker skills is to get a copy of Linux or one of the BSD-Unix’s, install it on a personal machine, and run it.  Learn how to use the World Wide Web and write HTML. To be worthwhile, your page must have content -- it must be interesting and/or useful to other hackers.
Preparation For Hacking  When you start hacking the first thing you need to do is: to make sure the victim will not find out your real identity.  So hide your IP by masking it or using a anonymous proxy server. This is only effective when the victim has no knowledge about computers and internet. Organizations like the F.B.I, C.I.A and such will find you in no time, so beware !  The best thing to do is using a dialup connection that has a variable IP address. Be smart, when you signup for a internet dialup connection use a fake name and address.  When hacking never leave traces of your hacking attempts, clear log files and make sure you are not monitored. So use a good firewall that keeps out retaliation hacking attempts of your victim.
IP Addresses  Every system connected to a network has a unique Internet Protocol (IP) Address which acts as its identity on that network.  An IP Address is a 32-bit address which is divided into four fields of 8-bits each. For Example, 203.94.35.12  All data sent or received by a system will be addressed from or to the system.  An attacker’s first step is to find out the IP Address of the target system.
IP Addresses: Finding out an IP Address  A remote IP Address can easily be found out by any of the following methods: Through Instant Messaging Software Through Internet Relay Chat Through Your website
Finding an IP Address via Instant Messengers If you are chatting on messengers like MSN, YAHOO etc. then the following indirect connection exists between your system and your friend’s system: Your System------Chat Server---- Friend’s System Friend’s System---------Chat Server------- Your System Thus in this case, you first have to establish a direct connection with your friend’s computer by either sending him a file or by using the call feature. Then, goto MSDOS or the command line and type: C:>netstat -n This command will give you the IP Address of your friend’s computer.
Finding an IP Address via Instant Messengers Countermeasures Do not accept File transfers or calls from unknown people Chat online only after logging on through a Proxy Server. A Proxy Server acts as a buffer between you and the un-trusted network known as the Internet, to protecting your identity. Case: Your System-----Proxy------Chat Server------Friend’s System Some good Proxy Servers are: Wingate (For Windows Platform) Squid (For Unix Platforms)
Finding an IP Address via your website  One can easily log the IP Addresses of all visitors to their website by using simply JAVA applets or JavaScript code. Countermeasures  One should surf the Internet through a Proxy Server.  One can also make use of the many Free Anonymous Surfing Proxy Services. For Example, www.anonymizer.com
IP Addresses: Dangers & Concerns Dangers & Concerns  DOS Attacks  Disconnect from the Internet  Trojans Exploitation  Geographical Information  File Sharing Exploits
Copyright © technoKrats TYPES OF HACKING
Various Types of Attacks There are an endless number of attacks, which a system administrator has to protect his system from. However, the most common ones are:  Denial of Services attacks (DOS Attacks)  Threat from Sniffing and Key Logging  Trojan Attacks  IP Spoofing  Buffer Overflows
Denial of Services (DOS) Attacks DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system. In other words, a DOS attack is one in which you clog up so much memory on the target system that it cannot serve legitimate users. There are many types of Denial of Services Attacks or DOS Attacks.
DOS Attacks: Ping of Death Attack The maximum packet size allowed to be transmitted by TCPIP on a network is 65 536 bytes. In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCPIP, is sent to the target system. As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs. This attack can easily be executed by the ‘ping’ command as follows: ping -l 65540 hostname
DOS Attacks: SMURF Attacks  In SMURF Attacks, a huge number of Ping Requests are sent to the Target system, using Spoofed IP Addresses from within the target network.  Due to infinite loops thus generated and due to the large number of Ping Requests, the target system will crash, restart or hang up.
Threats from Sniffers and Key Loggers  Sniffers: capture all data packets being sent across the network in the raw form. Commonly Used for:  Traffic Monitoring  Network Trouble shooting  Gathering Information on Attacker.  For stealing company Secrets and sensitive data.  Commonly Available Sniffers  tcpdump  Ethereal  Dsniff
Threats from Key Loggers  Key loggers: Record all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker.  Countermeasures  Periodic Detection practices should be made mandatory. A Typical Key Logger automatically loads itself into the memory, each time the computer boots.  Thus, the start up script of the Key Logger should be removed.
Trojan Attacks  Trojans: act as a RAT or Remote Administration Tool, which allow remote control and remote access to the attacker. Working: 1. The Server Part of the Trojan is installed on the target system through trickery or disguise. 2. This server part listens on a predefined port for connections. 3. The attacker connects to this Server Part using the Client part of the Trojan on the predefined port number. 4. Once this is done, the attacker has complete control over the target system.
Trojan Attacks: Detection and Countermeasures  Detection & Countermeasures  Port Scan your own system regularly.  If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed.  One can remove a Trojan using any normal Anti-Virus Software.
INTERNET APPLICATION SECURITY Copyright © technoKrats
Copyright © technoKrats Internet Application Hacking Statistics • WHID (Web Hacking Incident Database) annual report for 2012 67% percent of the attacks in 2012 were "for profit" motivated. And it targeted the Web- Applications. • Acunetix, a leading vendor of web application security solutions, revealed that on average 70% of websites are at serious and immediate risk of being hacked. Every 1500 lines of code has one security vulnerability. (IBM LABS) • Most popular attacks are against web server ( incident.org) • 3 out of 4 websites are Vulnerable to attack. (Gartner Report)
General Hacking Methods A typical attacker works in the following manner: 1. Identify the target system. 2. Gathering Information on the target system. 3. Finding a possible loophole in the target system. 4. Exploiting this loophole using exploit code. 5. Removing all traces from the log files and escaping without a trace.
Copyright © technoKrats Why Vulnerable? • Poor Web Application coding • Insecure deployment of web application • Insufficient input validation • No web traffic filtering • Web application attributes are not guarded well.
Copyright © technoKrats (Hacking Techniques) • Brute Force A Brute Force attack is an automated process of trial and error used to guess a person's username, password, credit-card number or cryptographic key  Cross-site Scripting Cross-site Scripting (XSS) is an attack technique that forces a web site to echo attacker-supplied executable code, which loads in a user's browser.  SQL Injection SQL Injection is an attack technique used to exploit web sites that construct SQL statements from user-supplied input.  XPath Injection XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.
Tenet Systems Pvt. Ltd. 42, N K Guin Lane, Serampore, Hooghly – 712201, India. Call: +919830158077 or +1-850-745-0414 Web: http://tenetsystems.net Copyright © technoKrats Thank you for your time! technoKrats 43, N K Guin Lane, Serampore, Hooghly – 712201, India. Call: +919830158077 or +1-850-745-0414 Web: http://technokrats.in

Recommandé

Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking PresentationAnimesh Behera
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRishabha Garg
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewSam Bowne
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its DefenceGreater Noida Institute Of Technology
 
Web Security
Web SecurityWeb Security
Web SecurityBharath Manoharan
 
Network Attacks and Countermeasures
Network Attacks and CountermeasuresNetwork Attacks and Countermeasures
Network Attacks and Countermeasureskaranwayne
 

Recommandé

Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking PresentationAnimesh Behera
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRishabha Garg
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewSam Bowne
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its DefenceGreater Noida Institute Of Technology
 
Web Security
Web SecurityWeb Security
Web SecurityBharath Manoharan
 
Network Attacks and Countermeasures
Network Attacks and CountermeasuresNetwork Attacks and Countermeasures
Network Attacks and Countermeasureskaranwayne
 
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsCeh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsVi Tính Hoàng Nam
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hackingVi Tính Hoàng Nam
 
Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.JasminJaman1
 
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNorth Texas Chapter of the ISSA
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksSam Bowne
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Securitypadmeshagrekar
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksInformation Technology
 
Network Security
Network SecurityNetwork Security
Network SecurityVIKAS SINGH BHADOURIA
 
Hacking
HackingHacking
HackingAnil Shrivastav
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingaashish2cool4u
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingSahil Rai
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHackingAve Nawsh
 
Information-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptxInformation-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptxanbersattar
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...wajug
 
Hacking
HackingHacking
HackingKaran Poshattiwar
 
Computer Security Hacking
Computer Security HackingComputer Security Hacking
Computer Security HackingErdo Deshiant Garnaby
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingsxkkjbzq2k
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
31.ppt
31.ppt31.ppt
31.pptssuserec53e73
 

Contenu connexe

Tendances

Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsCeh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsVi Tính Hoàng Nam
 
Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.JasminJaman1
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksSam Bowne
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Securitypadmeshagrekar
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksInformation Technology
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingSahil Rai
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHackingAve Nawsh
 
Information-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptxInformation-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptxanbersattar
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...wajug
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 

Tendances (19)

Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsCeh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoors
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hacking
 
Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.
 
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer Attacks
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Security
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
 
Network Security
Network SecurityNetwork Security
Network Security
 
Hacking
HackingHacking
Hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hacking
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Information-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptxInformation-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptx
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
 
Hacking
HackingHacking
Hacking
 
Computer Security Hacking
Computer Security HackingComputer Security Hacking
Computer Security Hacking
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 

Similaire à Hacking by Pratyush Gupta

Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingsxkkjbzq2k
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTDHRUV562167
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicpiyushkamble6
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptJatinRajput67
 
Cyper security & Ethical hacking
Cyper security & Ethical hackingCyper security & Ethical hacking
Cyper security & Ethical hackingCmano Kar
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfLucaMartins7
 

Similaire à Hacking by Pratyush Gupta (20)

Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hacking
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
31.ppt
31.ppt31.ppt
31.ppt
 
31.ppt
31.ppt31.ppt
31.ppt
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Hack the hack
Hack the hackHack the hack
Hack the hack
 
hacking
hackinghacking
hacking
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Hacking intro
Hacking introHacking intro
Hacking intro
 
Hacking
HackingHacking
Hacking
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.ppt
 
Cyper security & Ethical hacking
Cyper security & Ethical hackingCyper security & Ethical hacking
Cyper security & Ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdf
 

Plus de Tenet Systems Pvt Ltd

Prayas session slums and dwellers by arindam nag
Prayas session slums and dwellers by arindam nagPrayas session slums and dwellers by arindam nag
Prayas session slums and dwellers by arindam nagTenet Systems Pvt Ltd
 
Prayas session mma by samarjit sinha
Prayas session mma by samarjit sinhaPrayas session mma by samarjit sinha
Prayas session mma by samarjit sinhaTenet Systems Pvt Ltd
 
Prayas session cgi & cga by – soumalya nandy
Prayas session cgi & cga by – soumalya nandyPrayas session cgi & cga by – soumalya nandy
Prayas session cgi & cga by – soumalya nandyTenet Systems Pvt Ltd
 
Team-Prayas Session by Arindam Chatterjee and Debashish Saha
Team-Prayas Session by Arindam Chatterjee and Debashish SahaTeam-Prayas Session by Arindam Chatterjee and Debashish Saha
Team-Prayas Session by Arindam Chatterjee and Debashish SahaTenet Systems Pvt Ltd
 
Drums of India-Prayas Session by Sumit Sarkar - 8th July, 2015
Drums of India-Prayas Session by Sumit Sarkar - 8th July, 2015Drums of India-Prayas Session by Sumit Sarkar - 8th July, 2015
Drums of India-Prayas Session by Sumit Sarkar - 8th July, 2015Tenet Systems Pvt Ltd
 
Business etiquette by Anshu Kumar Sah
Business etiquette by Anshu Kumar SahBusiness etiquette by Anshu Kumar Sah
Business etiquette by Anshu Kumar SahTenet Systems Pvt Ltd
 
Hrithik Roshan - love of a fan in the form of a PPT presentation
Hrithik Roshan - love of a fan in the form of a PPT presentationHrithik Roshan - love of a fan in the form of a PPT presentation
Hrithik Roshan - love of a fan in the form of a PPT presentationTenet Systems Pvt Ltd
 
Prayas session - Li-fi by Pratyush Gupta
Prayas session - Li-fi by Pratyush Gupta Prayas session - Li-fi by Pratyush Gupta
Prayas session - Li-fi by Pratyush GuptaTenet Systems Pvt Ltd
 
Prayas session - Ghosts!! by Arindam Chatterjee
Prayas session - Ghosts!! by Arindam ChatterjeePrayas session - Ghosts!! by Arindam Chatterjee
Prayas session - Ghosts!! by Arindam ChatterjeeTenet Systems Pvt Ltd
 
Prayas Incredible villages!! by Shahban Rahaman
Prayas Incredible villages!! by Shahban RahamanPrayas Incredible villages!! by Shahban Rahaman
Prayas Incredible villages!! by Shahban RahamanTenet Systems Pvt Ltd
 
Prayas: Amazing Facts about Tea by Piyali De
Prayas: Amazing Facts about Tea by Piyali DePrayas: Amazing Facts about Tea by Piyali De
Prayas: Amazing Facts about Tea by Piyali DeTenet Systems Pvt Ltd
 
Prayas: Hey I didn’t knew that…!! by Somdeb Karmakar
Prayas: Hey I didn’t knew that…!! by Somdeb Karmakar Prayas: Hey I didn’t knew that…!! by Somdeb Karmakar
Prayas: Hey I didn’t knew that…!! by Somdeb Karmakar Tenet Systems Pvt Ltd
 
Prayas session: 14 mysterious places in India
Prayas session: 14 mysterious places in IndiaPrayas session: 14 mysterious places in India
Prayas session: 14 mysterious places in IndiaTenet Systems Pvt Ltd
 
Prayas Session Sujata Chiney- Cerbral Palsy - The Untold Pain
Prayas Session Sujata Chiney- Cerbral Palsy - The Untold PainPrayas Session Sujata Chiney- Cerbral Palsy - The Untold Pain
Prayas Session Sujata Chiney- Cerbral Palsy - The Untold PainTenet Systems Pvt Ltd
 

Plus de Tenet Systems Pvt Ltd (20)

Prayas session slums and dwellers by arindam nag
Prayas session slums and dwellers by arindam nagPrayas session slums and dwellers by arindam nag
Prayas session slums and dwellers by arindam nag
 
Prayas session mma by samarjit sinha
Prayas session mma by samarjit sinhaPrayas session mma by samarjit sinha
Prayas session mma by samarjit sinha
 
A tribute to APJ Abdul Kalam
A tribute to APJ Abdul KalamA tribute to APJ Abdul Kalam
A tribute to APJ Abdul Kalam
 
Prayas session cgi & cga by – soumalya nandy
Prayas session cgi & cga by – soumalya nandyPrayas session cgi & cga by – soumalya nandy
Prayas session cgi & cga by – soumalya nandy
 
Team-Prayas Session by Arindam Chatterjee and Debashish Saha
Team-Prayas Session by Arindam Chatterjee and Debashish SahaTeam-Prayas Session by Arindam Chatterjee and Debashish Saha
Team-Prayas Session by Arindam Chatterjee and Debashish Saha
 
Drums of India-Prayas Session by Sumit Sarkar - 8th July, 2015
Drums of India-Prayas Session by Sumit Sarkar - 8th July, 2015Drums of India-Prayas Session by Sumit Sarkar - 8th July, 2015
Drums of India-Prayas Session by Sumit Sarkar - 8th July, 2015
 
Business etiquette by Anshu Kumar Sah
Business etiquette by Anshu Kumar SahBusiness etiquette by Anshu Kumar Sah
Business etiquette by Anshu Kumar Sah
 
Hrithik Roshan - love of a fan in the form of a PPT presentation
Hrithik Roshan - love of a fan in the form of a PPT presentationHrithik Roshan - love of a fan in the form of a PPT presentation
Hrithik Roshan - love of a fan in the form of a PPT presentation
 
Prayas session - Li-fi by Pratyush Gupta
Prayas session - Li-fi by Pratyush Gupta Prayas session - Li-fi by Pratyush Gupta
Prayas session - Li-fi by Pratyush Gupta
 
Prayas session - Ghosts!! by Arindam Chatterjee
Prayas session - Ghosts!! by Arindam ChatterjeePrayas session - Ghosts!! by Arindam Chatterjee
Prayas session - Ghosts!! by Arindam Chatterjee
 
Prayas Incredible villages!! by Shahban Rahaman
Prayas Incredible villages!! by Shahban RahamanPrayas Incredible villages!! by Shahban Rahaman
Prayas Incredible villages!! by Shahban Rahaman
 
Prayas: Amazing Facts about Tea by Piyali De
Prayas: Amazing Facts about Tea by Piyali DePrayas: Amazing Facts about Tea by Piyali De
Prayas: Amazing Facts about Tea by Piyali De
 
Prayas: Hey I didn’t knew that…!! by Somdeb Karmakar
Prayas: Hey I didn’t knew that…!! by Somdeb Karmakar Prayas: Hey I didn’t knew that…!! by Somdeb Karmakar
Prayas: Hey I didn’t knew that…!! by Somdeb Karmakar
 
Prayas on Prayas 06 th of May
Prayas on Prayas 06 th of MayPrayas on Prayas 06 th of May
Prayas on Prayas 06 th of May
 
Techniques of Technology
Techniques of TechnologyTechniques of Technology
Techniques of Technology
 
Prayas sessin : Trip to Sikkim
Prayas sessin : Trip to SikkimPrayas sessin : Trip to Sikkim
Prayas sessin : Trip to Sikkim
 
Prayas on SEO & SEM
Prayas on SEO & SEMPrayas on SEO & SEM
Prayas on SEO & SEM
 
Prayas ; Letter Writing- Lost Art
Prayas ; Letter Writing- Lost ArtPrayas ; Letter Writing- Lost Art
Prayas ; Letter Writing- Lost Art
 
Prayas session: 14 mysterious places in India
Prayas session: 14 mysterious places in IndiaPrayas session: 14 mysterious places in India
Prayas session: 14 mysterious places in India
 
Prayas Session Sujata Chiney- Cerbral Palsy - The Untold Pain
Prayas Session Sujata Chiney- Cerbral Palsy - The Untold PainPrayas Session Sujata Chiney- Cerbral Palsy - The Untold Pain
Prayas Session Sujata Chiney- Cerbral Palsy - The Untold Pain
 

Dernier

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Dernier (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Hacking by Pratyush Gupta

  • 1. Copyright © technoKrats Tenet Systems Pvt. Ltd. An ISO 9001:2008 Certified Company
  • 2. What is Hacking? Hacking is a term used to refer to activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks.
  • 3. Copyright © technoKrats A Brief History of Hacking • 1980s - Cyberspace coined -414 arrested -Two hacker groups formed -2600 published • 1990s -National Crackdown on hackers -Kevin Mitnick arrested -Microsoft’s NT operating system infiltrated
  • 4. Copyright © technoKrats A Brief History of Hacking • 2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others. • 2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account.
  • 5. Copyright © technoKrats Famous Hackers in History Ian Murphy Kevin Mitnick Johan Helsinguis Linus Torvalds Mark Abene Robert Morris
  • 6. The Hacker Attitude  Boredom and drudgery are evil. Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work  Freedom is good Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by  Becoming a hacker will take intelligence, practice, dedication, and hard work.
  • 7. Basic Hacking Skills  Learn how to program. This, of course, is the fundamental hacking skill. If you don't know any computer languages, you cant do hacking.  Get one of the open-source Unix's and learn to use and run it The single most important step any newbie can take towards acquiring hacker skills is to get a copy of Linux or one of the BSD-Unix’s, install it on a personal machine, and run it.  Learn how to use the World Wide Web and write HTML. To be worthwhile, your page must have content -- it must be interesting and/or useful to other hackers.
  • 8. Preparation For Hacking  When you start hacking the first thing you need to do is: to make sure the victim will not find out your real identity.  So hide your IP by masking it or using a anonymous proxy server. This is only effective when the victim has no knowledge about computers and internet. Organizations like the F.B.I, C.I.A and such will find you in no time, so beware !  The best thing to do is using a dialup connection that has a variable IP address. Be smart, when you signup for a internet dialup connection use a fake name and address.  When hacking never leave traces of your hacking attempts, clear log files and make sure you are not monitored. So use a good firewall that keeps out retaliation hacking attempts of your victim.
  • 9. IP Addresses  Every system connected to a network has a unique Internet Protocol (IP) Address which acts as its identity on that network.  An IP Address is a 32-bit address which is divided into four fields of 8-bits each. For Example, 203.94.35.12  All data sent or received by a system will be addressed from or to the system.  An attacker’s first step is to find out the IP Address of the target system.
  • 10. IP Addresses: Finding out an IP Address  A remote IP Address can easily be found out by any of the following methods: Through Instant Messaging Software Through Internet Relay Chat Through Your website
  • 11. Finding an IP Address via Instant Messengers If you are chatting on messengers like MSN, YAHOO etc. then the following indirect connection exists between your system and your friend’s system: Your System------Chat Server---- Friend’s System Friend’s System---------Chat Server------- Your System Thus in this case, you first have to establish a direct connection with your friend’s computer by either sending him a file or by using the call feature. Then, goto MSDOS or the command line and type: C:>netstat -n This command will give you the IP Address of your friend’s computer.
  • 12. Finding an IP Address via Instant Messengers Countermeasures Do not accept File transfers or calls from unknown people Chat online only after logging on through a Proxy Server. A Proxy Server acts as a buffer between you and the un-trusted network known as the Internet, to protecting your identity. Case: Your System-----Proxy------Chat Server------Friend’s System Some good Proxy Servers are: Wingate (For Windows Platform) Squid (For Unix Platforms)
  • 13. Finding an IP Address via your website  One can easily log the IP Addresses of all visitors to their website by using simply JAVA applets or JavaScript code. Countermeasures  One should surf the Internet through a Proxy Server.  One can also make use of the many Free Anonymous Surfing Proxy Services. For Example, www.anonymizer.com
  • 14. IP Addresses: Dangers & Concerns Dangers & Concerns  DOS Attacks  Disconnect from the Internet  Trojans Exploitation  Geographical Information  File Sharing Exploits
  • 15. Copyright © technoKrats TYPES OF HACKING
  • 16. Various Types of Attacks There are an endless number of attacks, which a system administrator has to protect his system from. However, the most common ones are:  Denial of Services attacks (DOS Attacks)  Threat from Sniffing and Key Logging  Trojan Attacks  IP Spoofing  Buffer Overflows
  • 17. Denial of Services (DOS) Attacks DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system. In other words, a DOS attack is one in which you clog up so much memory on the target system that it cannot serve legitimate users. There are many types of Denial of Services Attacks or DOS Attacks.
  • 18. DOS Attacks: Ping of Death Attack The maximum packet size allowed to be transmitted by TCPIP on a network is 65 536 bytes. In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCPIP, is sent to the target system. As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs. This attack can easily be executed by the ‘ping’ command as follows: ping -l 65540 hostname
  • 19. DOS Attacks: SMURF Attacks  In SMURF Attacks, a huge number of Ping Requests are sent to the Target system, using Spoofed IP Addresses from within the target network.  Due to infinite loops thus generated and due to the large number of Ping Requests, the target system will crash, restart or hang up.
  • 20. Threats from Sniffers and Key Loggers  Sniffers: capture all data packets being sent across the network in the raw form. Commonly Used for:  Traffic Monitoring  Network Trouble shooting  Gathering Information on Attacker.  For stealing company Secrets and sensitive data.  Commonly Available Sniffers  tcpdump  Ethereal  Dsniff
  • 21. Threats from Key Loggers  Key loggers: Record all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker.  Countermeasures  Periodic Detection practices should be made mandatory. A Typical Key Logger automatically loads itself into the memory, each time the computer boots.  Thus, the start up script of the Key Logger should be removed.
  • 22. Trojan Attacks  Trojans: act as a RAT or Remote Administration Tool, which allow remote control and remote access to the attacker. Working: 1. The Server Part of the Trojan is installed on the target system through trickery or disguise. 2. This server part listens on a predefined port for connections. 3. The attacker connects to this Server Part using the Client part of the Trojan on the predefined port number. 4. Once this is done, the attacker has complete control over the target system.
  • 23. Trojan Attacks: Detection and Countermeasures  Detection & Countermeasures  Port Scan your own system regularly.  If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed.  One can remove a Trojan using any normal Anti-Virus Software.
  • 24. INTERNET APPLICATION SECURITY Copyright © technoKrats
  • 25. Copyright © technoKrats Internet Application Hacking Statistics • WHID (Web Hacking Incident Database) annual report for 2012 67% percent of the attacks in 2012 were "for profit" motivated. And it targeted the Web- Applications. • Acunetix, a leading vendor of web application security solutions, revealed that on average 70% of websites are at serious and immediate risk of being hacked. Every 1500 lines of code has one security vulnerability. (IBM LABS) • Most popular attacks are against web server ( incident.org) • 3 out of 4 websites are Vulnerable to attack. (Gartner Report)
  • 26. General Hacking Methods A typical attacker works in the following manner: 1. Identify the target system. 2. Gathering Information on the target system. 3. Finding a possible loophole in the target system. 4. Exploiting this loophole using exploit code. 5. Removing all traces from the log files and escaping without a trace.
  • 27. Copyright © technoKrats Why Vulnerable? • Poor Web Application coding • Insecure deployment of web application • Insufficient input validation • No web traffic filtering • Web application attributes are not guarded well.
  • 28. Copyright © technoKrats (Hacking Techniques) • Brute Force A Brute Force attack is an automated process of trial and error used to guess a person's username, password, credit-card number or cryptographic key  Cross-site Scripting Cross-site Scripting (XSS) is an attack technique that forces a web site to echo attacker-supplied executable code, which loads in a user's browser.  SQL Injection SQL Injection is an attack technique used to exploit web sites that construct SQL statements from user-supplied input.  XPath Injection XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.
  • 29. Tenet Systems Pvt. Ltd. 42, N K Guin Lane, Serampore, Hooghly – 712201, India. Call: +919830158077 or +1-850-745-0414 Web: http://tenetsystems.net Copyright © technoKrats Thank you for your time! technoKrats 43, N K Guin Lane, Serampore, Hooghly – 712201, India. Call: +919830158077 or +1-850-745-0414 Web: http://technokrats.in