SlideShare une entreprise Scribd logo

Black hat hackers

Télécharger en tant que PPTX, PDF
Santosh Kumar
Santosh Kumar
TechnologieActualités & Politique
1  sur  30
BLACK HAT HACKERS Rajitha.B 09131A1276 Information Technology 14-03-2013 1
OUTLINE • Introduction • History • Famous Hackers • Types of Hackers • Black Hat Hackers • Pre-Hacking stage • Domains affected by Hacking • Types of attacks • Detection and counter measures • SQL Injection • Pros and cons • Conclusion • References 14-03-2013 2
Introduction Hacking refers to an array of activities which are done to intrude someone else‟s personal information space so as to use it for malicious, unwanted purposes. Hacking is a term used for activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks. 14-03-2013 3
History  1980s - Cyberspace coined -414 arrested -Two hacker groups formed -2600 published  1990s -National Crackdown on hackers -Kevin Mitnick arrested 14-03-2013 4
Cont.…  2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others.  2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account. 14-03-2013 5
Famous Hackers 14-03-2013 6
Types of hackers  White hat hacker(The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert.)  Black hat hacker(illegal or bad )  Grey hat hacker(A grey hat in the hacking community refers to a skilled hacker whose activities fall somewhere between white and black hat hackers) 14-03-2013 7
Black Hat Hackers  A "black hat hacker” is a hacker who violates computer security for little reason beyond maliciousness or for personal gain.  Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. 14-03-2013 8
Pre-hacking stage Part 1: Targeting The hacker determines what network to break into during this phase. The target may be of particular interest to the hacker, either politically or personally, or it may be picked at random. Part 2: Research and Information Gathering It is in this stage that the hacker will visit or contact the target in some way in hopes of finding out vital information that will help them to access the system. 14-03-2013 9
Cont.… Part 3: Finishing The Attack This is the stage when the hacker will invade the primary target that he/she was planning to attack or steal from. 14-03-2013 10
Domains affected by hacking  Mobile hacking  Email hacking  Data stealing  Injecting virus and Trojans  Man -in-middle attacks  Internet applications 14-03-2013 11
TYPES OF ATTACKS  Denial of Services attacks  Threat from Sniffing and Key Logging  Trojan Attacks 14-03-2013 12
Denial of Services (DOS) Attacks DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system. In other words, a DOS attack is one in which clogging up so much memory on the target system that it cannot serve legitimate users. 14-03-2013 13
DOS Attacks: Ping of Death Attack The maximum packet size allowed to be transmitted by TCPIP on a network is 65 536 bytes. In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCPIP, is sent to the target system. As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs. 14-03-2013 14
sniffers and Key loggers Sniffers: capture all data packets being sent across the network. Commonly Used for: Traffic Monitoring Network Trouble shooting Gathering Information on Attacker. For stealing company Secrets and sensitive data. Commonly Available Sniffers • tcpdump • DSniff 14-03-2013 15
Threats from key loggers Key loggers: Records all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker. Countermeasures  Periodic Detection practices should be made mandatory. A Typical Key Logger automatically loads itself into the memory, each time the computer boots.  Thus, the start up script of the Key Logger should be removed. 14-03-2013 16
Trojan Attacks Trojans: act as a RAT or Remote Administration Tool, which allow remote control and remote access to the attacker. Working: 1.The Server Part of the Trojan is installed on the target system through trickery or disguise. 2.This server part listens on a predefined port for connections. 3.The attacker connects to this Server Part using the Client part of the Trojan on the predefined port number. 4.Once this is done, the attacker has complete control over the target system. 14-03-2013 17
Trojan Attacks : Detection and counter measures Detection & Countermeasures Scan your own system regularly. If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed. One can remove a Trojan using any normal Anti-Virus Software 14-03-2013 18
SQL injection  SQL injection is a technique often used to attack data driven applications.  This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed SQL command to the database.  string literal escape characters embedded in SQL statements like („ or * ) etc.  SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. 14-03-2013 19
Structure of SQL Injection 14-03-2013 20
How SQL Injection is performed?  when user input is not filtered for escape characters and is then passed into a SQL statement. The following line of code: statement = "SELECT * FROM users WHERE name = '" + userName + "';" For example: For example, setting the "userName" variable as: ' or '1'='1 ' or '1'='1' -- ' ' or '1'='1' ({ ' ' or '1'='1' /* ' 14-03-2013 21
Cont.….  The above username „1=1‟ is always true and can even delete the tables. SELECT * FROM users WHERE name = ''OR '1'='1'; Example: Step 1: Figure out how the application handles bad inputs • Email address is taken for the SQL injection hacker@programmerinterview.com' • The extra quote is added to the above email address. 14-03-2013 22
Cont.… The SQL statement as follows:  SELECT data FROM table WHERE Email input = hacker@programmerinterview.com”;  The query is injected as: SELECT data FROM table WHERE Email input = 'Y'; UPDATE table SET email = 'hacker@ymail.com' WHERE email = 'joe@ymail.com'; 14-03-2013 23
Cont.…  The hacker enters into the database and drops the tables .  Insertion of any other data in table can be done. 14-03-2013 24
SQL Injection 14-03-2013 25
SQL Injection Prevention  Encrypt sensitive data.  Access the database using an account with the least privileges necessary.  Install the database using an account with the least privileges necessary.  Ensure that data is valid. 14-03-2013 26
Pros and cons Pros • Increases computer security –when a hacker is hired he can be given a specific job or way to hack into the system. This can give company insight of possible back doors or openings into the company‟s security. Cons • The hacker can break into the system and steal information. • If the hacker is inexperience he can leave harmful programs and delete the information. 14-03-2013 27
Conclusion  Hacking may be defined as legal or illegal, ethical or unethical but useful for finding out possible back doors or openings into the computer security. 14-03-2013 28
References http://www.blackhatlibrary.net/Main_Page http://prezi.com/sxnobhzvsenq/hacking- and-cracking-pros-and-cons http://www.cybercure.in/hacking/ http://en.wikipedia.org/wiki/Hacker_(compu ter_security) http://en.wikipedia.org/wiki/The_Hacker_Cr ackdown Cyber cure customized e-book http://www.blackhat.com/presentations/bh- usa-04/bh-us-04-hotchkies/bh-us-04- hotchkies.pdf http://crypto.stanford.edu/cs142/lectures/1 6-sql-inj.pdf 14-03-2013 29
Thank you 14-03-2013 30

Recommandé

Evaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping
Evaluating and Enhancing Security Maturity through MITRE ATT&CK MappingEvaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping
Evaluating and Enhancing Security Maturity through MITRE ATT&CK MappingMITRE ATT&CK
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingGoutham Shetty
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 

Recommandé

Evaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping
Evaluating and Enhancing Security Maturity through MITRE ATT&CK MappingEvaluating and Enhancing Security Maturity through MITRE ATT&CK Mapping
Evaluating and Enhancing Security Maturity through MITRE ATT&CK MappingMITRE ATT&CK
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingGoutham Shetty
 
Offensive OSINT
Offensive OSINTOffensive OSINT
Offensive OSINTChristian Martorella
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dossadhana21297
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Mark Arena
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Ethical hacking - Footprinting.pptx
Ethical hacking - Footprinting.pptxEthical hacking - Footprinting.pptx
Ethical hacking - Footprinting.pptxNargis Parveen
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptSanjay Kumar
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack pptOECLIB Odisha Electronics Control Library
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingTharindu Kalubowila
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1anilinvns
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolschrizjohn896
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testingecmee
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNamrata Raiyani
 
Hacking
HackingHacking
HackingAsma Khan
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentationSuryansh Srivastava
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 

Contenu connexe

Tendances

Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Mark Arena
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Ethical hacking - Footprinting.pptx
Ethical hacking - Footprinting.pptxEthical hacking - Footprinting.pptx
Ethical hacking - Footprinting.pptxNargis Parveen
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtNitin Bisht
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1anilinvns
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolschrizjohn896
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testingecmee
 
System hacking
System hackingSystem hacking
System hackingCAS
 

Tendances (20)

Dos n d dos
Dos n d dosDos n d dos
Dos n d dos
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)
 
Ethical hacking - Footprinting.pptx
Ethical hacking - Footprinting.pptxEthical hacking - Footprinting.pptx
Ethical hacking - Footprinting.pptx
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
Destributed denial of service attack ppt
Destributed denial of service attack pptDestributed denial of service attack ppt
Destributed denial of service attack ppt
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
Cyber forensic 1
Cyber forensic 1Cyber forensic 1
Cyber forensic 1
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Hacking
HackingHacking
Hacking
 
System hacking
System hackingSystem hacking
System hacking
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 

En vedette

Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingNeel Kamal
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Gohsuke Takama
 
Hacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksHacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksSrikanth VNV
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
How To Become A Successful Hacker In Only 10 Years
How To Become A Successful Hacker In Only 10 YearsHow To Become A Successful Hacker In Only 10 Years
How To Become A Successful Hacker In Only 10 Yearsluke_bkk
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern timesjeshin jose
 
Mobile operating system ppt
Mobile operating system pptMobile operating system ppt
Mobile operating system pptSantosh Kumar
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingjustyogesh
 
SecurityGateway for Email Servers - Feature Overview
SecurityGateway for Email Servers - Feature OverviewSecurityGateway for Email Servers - Feature Overview
SecurityGateway for Email Servers - Feature OverviewAlt-N Technologies
 

En vedette (20)

Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016
 
Hacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksHacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer Networks
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
How To Become A Successful Hacker In Only 10 Years
How To Become A Successful Hacker In Only 10 YearsHow To Become A Successful Hacker In Only 10 Years
How To Become A Successful Hacker In Only 10 Years
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
 
Mobile operating system ppt
Mobile operating system pptMobile operating system ppt
Mobile operating system ppt
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber security
Cyber securityCyber security
Cyber security
 
M commerce ppt
M commerce pptM commerce ppt
M commerce ppt
 
Hackers
HackersHackers
Hackers
 
Network security
Network securityNetwork security
Network security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
SecurityGateway for Email Servers - Feature Overview
SecurityGateway for Email Servers - Feature OverviewSecurityGateway for Email Servers - Feature Overview
SecurityGateway for Email Servers - Feature Overview
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 

Similaire à Black hat hackers

CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)SHUBHA CHATURVEDI
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
VTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesVTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesJayanth Dwijesh H P
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
Ethical_Hacking_ppt
Ethical_Hacking_pptEthical_Hacking_ppt
Ethical_Hacking_pptNarayanan
 
Security challenges of cloud computing
Security challenges of cloud computingSecurity challenges of cloud computing
Security challenges of cloud computingMd. Hasibur Rashid
 
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfSujanTimalsina5
 
ThreatModeling.ppt
ThreatModeling.pptThreatModeling.ppt
ThreatModeling.ppttashon2
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Komal Mehfooz
 
Ddos- distributed denial of service
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service laxmi chandolia
 

Similaire à Black hat hackers (20)

CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurity
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)Types of attack -Part3 (Malware Part -2)
Types of attack -Part3 (Malware Part -2)
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
VTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notesVTU network security(10 ec832) unit 6 notes
VTU network security(10 ec832) unit 6 notes
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Aw36294299
Aw36294299Aw36294299
Aw36294299
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
 
basic knowhow hacking
basic knowhow hackingbasic knowhow hacking
basic knowhow hacking
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 
Ethical_Hacking_ppt
Ethical_Hacking_pptEthical_Hacking_ppt
Ethical_Hacking_ppt
 
Security challenges of cloud computing
Security challenges of cloud computingSecurity challenges of cloud computing
Security challenges of cloud computing
 
System Security
System SecuritySystem Security
System Security
 
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
 
ThreatModeling.ppt
ThreatModeling.pptThreatModeling.ppt
ThreatModeling.ppt
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz)
 
Ddos- distributed denial of service
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service
 

Plus de Santosh Kumar

human computer interface
human computer interfacehuman computer interface
human computer interfaceSantosh Kumar
 
Software technologies in defence ppt
Software technologies in defence pptSoftware technologies in defence ppt
Software technologies in defence pptSantosh Kumar
 
Holographic memory systems
Holographic memory systemsHolographic memory systems
Holographic memory systemsSantosh Kumar
 
motion sensing technology
motion sensing technologymotion sensing technology
motion sensing technologySantosh Kumar
 
Face recognition ppt
Face recognition pptFace recognition ppt
Face recognition pptSantosh Kumar
 

Plus de Santosh Kumar (6)

human computer interface
human computer interfacehuman computer interface
human computer interface
 
Bit torrent ppt
Bit torrent pptBit torrent ppt
Bit torrent ppt
 
Software technologies in defence ppt
Software technologies in defence pptSoftware technologies in defence ppt
Software technologies in defence ppt
 
Holographic memory systems
Holographic memory systemsHolographic memory systems
Holographic memory systems
 
motion sensing technology
motion sensing technologymotion sensing technology
motion sensing technology
 
Face recognition ppt
Face recognition pptFace recognition ppt
Face recognition ppt
 

Dernier

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Dernier (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Black hat hackers

  • 2. OUTLINE • Introduction • History • Famous Hackers • Types of Hackers • Black Hat Hackers • Pre-Hacking stage • Domains affected by Hacking • Types of attacks • Detection and counter measures • SQL Injection • Pros and cons • Conclusion • References 14-03-2013 2
  • 3. Introduction Hacking refers to an array of activities which are done to intrude someone else‟s personal information space so as to use it for malicious, unwanted purposes. Hacking is a term used for activities aimed at exploiting security flaws to obtain critical information for gaining access to secured networks. 14-03-2013 3
  • 4. History  1980s - Cyberspace coined -414 arrested -Two hacker groups formed -2600 published  1990s -National Crackdown on hackers -Kevin Mitnick arrested 14-03-2013 4
  • 5. Cont.…  2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others.  2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account. 14-03-2013 5
  • 7. Types of hackers  White hat hacker(The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert.)  Black hat hacker(illegal or bad )  Grey hat hacker(A grey hat in the hacking community refers to a skilled hacker whose activities fall somewhere between white and black hat hackers) 14-03-2013 7
  • 8. Black Hat Hackers  A "black hat hacker” is a hacker who violates computer security for little reason beyond maliciousness or for personal gain.  Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. 14-03-2013 8
  • 9. Pre-hacking stage Part 1: Targeting The hacker determines what network to break into during this phase. The target may be of particular interest to the hacker, either politically or personally, or it may be picked at random. Part 2: Research and Information Gathering It is in this stage that the hacker will visit or contact the target in some way in hopes of finding out vital information that will help them to access the system. 14-03-2013 9
  • 10. Cont.… Part 3: Finishing The Attack This is the stage when the hacker will invade the primary target that he/she was planning to attack or steal from. 14-03-2013 10
  • 11. Domains affected by hacking  Mobile hacking  Email hacking  Data stealing  Injecting virus and Trojans  Man -in-middle attacks  Internet applications 14-03-2013 11
  • 12. TYPES OF ATTACKS  Denial of Services attacks  Threat from Sniffing and Key Logging  Trojan Attacks 14-03-2013 12
  • 13. Denial of Services (DOS) Attacks DOS Attacks are aimed at denying valid, legitimate Internet and Network users access to the services offered by the target system. In other words, a DOS attack is one in which clogging up so much memory on the target system that it cannot serve legitimate users. 14-03-2013 13
  • 14. DOS Attacks: Ping of Death Attack The maximum packet size allowed to be transmitted by TCPIP on a network is 65 536 bytes. In the Ping of Death Attack, a packet having a size greater than this maximum size allowed by TCPIP, is sent to the target system. As soon as the target system receives a packet exceeding the allowable size, then it crashes, reboots or hangs. 14-03-2013 14
  • 15. sniffers and Key loggers Sniffers: capture all data packets being sent across the network. Commonly Used for: Traffic Monitoring Network Trouble shooting Gathering Information on Attacker. For stealing company Secrets and sensitive data. Commonly Available Sniffers • tcpdump • DSniff 14-03-2013 15
  • 16. Threats from key loggers Key loggers: Records all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker. Countermeasures  Periodic Detection practices should be made mandatory. A Typical Key Logger automatically loads itself into the memory, each time the computer boots.  Thus, the start up script of the Key Logger should be removed. 14-03-2013 16
  • 17. Trojan Attacks Trojans: act as a RAT or Remote Administration Tool, which allow remote control and remote access to the attacker. Working: 1.The Server Part of the Trojan is installed on the target system through trickery or disguise. 2.This server part listens on a predefined port for connections. 3.The attacker connects to this Server Part using the Client part of the Trojan on the predefined port number. 4.Once this is done, the attacker has complete control over the target system. 14-03-2013 17
  • 18. Trojan Attacks : Detection and counter measures Detection & Countermeasures Scan your own system regularly. If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed. One can remove a Trojan using any normal Anti-Virus Software 14-03-2013 18
  • 19. SQL injection  SQL injection is a technique often used to attack data driven applications.  This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed SQL command to the database.  string literal escape characters embedded in SQL statements like („ or * ) etc.  SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. 14-03-2013 19
  • 20. Structure of SQL Injection 14-03-2013 20
  • 21. How SQL Injection is performed?  when user input is not filtered for escape characters and is then passed into a SQL statement. The following line of code: statement = "SELECT * FROM users WHERE name = '" + userName + "';" For example: For example, setting the "userName" variable as: ' or '1'='1 ' or '1'='1' -- ' ' or '1'='1' ({ ' ' or '1'='1' /* ' 14-03-2013 21
  • 22. Cont.….  The above username „1=1‟ is always true and can even delete the tables. SELECT * FROM users WHERE name = ''OR '1'='1'; Example: Step 1: Figure out how the application handles bad inputs • Email address is taken for the SQL injection hacker@programmerinterview.com' • The extra quote is added to the above email address. 14-03-2013 22
  • 23. Cont.… The SQL statement as follows:  SELECT data FROM table WHERE Email input = hacker@programmerinterview.com”;  The query is injected as: SELECT data FROM table WHERE Email input = 'Y'; UPDATE table SET email = 'hacker@ymail.com' WHERE email = 'joe@ymail.com'; 14-03-2013 23
  • 24. Cont.…  The hacker enters into the database and drops the tables .  Insertion of any other data in table can be done. 14-03-2013 24
  • 26. SQL Injection Prevention  Encrypt sensitive data.  Access the database using an account with the least privileges necessary.  Install the database using an account with the least privileges necessary.  Ensure that data is valid. 14-03-2013 26
  • 27. Pros and cons Pros • Increases computer security –when a hacker is hired he can be given a specific job or way to hack into the system. This can give company insight of possible back doors or openings into the company‟s security. Cons • The hacker can break into the system and steal information. • If the hacker is inexperience he can leave harmful programs and delete the information. 14-03-2013 27
  • 28. Conclusion  Hacking may be defined as legal or illegal, ethical or unethical but useful for finding out possible back doors or openings into the computer security. 14-03-2013 28