SlideShare a Scribd company logo

Introduction to Hacking

Download as PPT, PDF
Rishabha Garg
Rishabha Garg

basic but very useful ppt for hacking. feel free to contact me

Technology
1 of 25
INTRODUCTION Introduction To Ethical Hacking & Information Security !
ETHICAL HACKING OUTLINE  Why we need Security  Security & Usability Triangle  Who is Hacker ?  Types of Hackers  Type of attack on a system  Phases of Hacker  Profile of Ethical Hacker  Why ethical hacking is Necessary ?  Specializations  Essential Terminology's.
WHY WE NEED SECURITY • Important part of business is - Now lot of people use computer to store and share there valuable information's. • Security – A state of well – being of information and infrastructures in which the possibility of successful yet undetected theft.
WHAT IS INFORMATION SECURITY  Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.  Term Information Security follows CIA  Confidentiality  Integrity  Availability
 Confidentiality : Assurance that the information is accessible only to those authorized to have access. Confidentiality breaches may occur due to improper data handling or a hacking attempt.  Integrity : The data or resources in term of preventing improper and unauthorized changes. Assurance that Information can be relied upon to be sufficiently accurate for its purpose.  Availability : Assurance that the systems responsible for delivering storing , and processing Information are accessible when required by the authorized users.
SECURITY , FUNCTIONALITY & USABILITY TRIANGLE  Level of security in any system can be defined by the strength of three Components This Triangle represents the Basic relationship between Security, Functionality and usability. You can move the Ball in either of the Direction, which will cause the Intensity of other two sides to decrease. For Example, you can remove all the complicated Security Measures such as Hybrid Passwords, Regular Password Resets, Security Tokens, which will make the System easy to use, however, the Security and Functionality will be reduced.
WHO IS HACKER ?  Intelligent Individuals with excellent Computer Skills, with the Ability to create And explore into the computer’s Software and Hardware.  For some hackers, hacking is a hobby to see how many computers or networks they can compromise.  Some do hacking with Malicious intent behind their escapades, like stealing business data, credit card information, social security numbers, email passwords etc.  Their intention can either be to gain knowledge or to poke around to do illegal things.
TYPES OF HACKERS  Black Hats Technical Levels of Hackers – Good Technical Skills Neophyte- A Newbie in the – Involved in Malicious or field of Computer Security with illegal Activities. almost no knowledge. Script Kiddie- A non-expert  White Hats who uses Tools or Scripts made – Use of Knowledge & skills for by others to Hack into System Defensive purpose, rather with little knowledge about the offensive. concept working behind the tool.  Gray Hats Elite- Also knows as 1337, it is a – Individuals who work on term used to describe the most both the sides – Ethical and technically advanced hackers Malicious. who use cutting edge technology.
TYPE OF ATTACKS ON A SYSTEM  There are several ways an attacker can gain access to a System.  The attacker must be able to exploit a weakness or vulnerability in a system.
PHASES OF HACKER Information Gathering Scanning  Gaining access – Operating System/Application – Network level – Denial of service Maintaining access – Uploading/altering/ downloading programs or data -- Covering Tracks
PROFILE OF ETHICAL HACKER  An Ethical Hacker will follow the same Techniques and Methodologies as a Malicious Hacker, however, in the end, The found vulnerabilities of Security Flaws are either Reported (Responsible Disclosure/Open Disclosure) or Fixed. This is also called Penetration Testing.  The Complete Procedure depends upon the Type of Penetration Testing being conducted, which are primarily of 3 Types:  Black Box Testing – No Previous Knowledge about the Target of Evaluation.  White Box Testing – Full Knowledge about the Target. Purpose is to protect the system or product from insider attacks.  Grey Box Testing – Partial Knowledge is available in this case.
WHY ETHICAL HACKING IS NECESSARY?  Computer Security Expert.  In-depth knowledge about Target Platforms (such as Windows, Unix, Linux, Mac).  In-depth knowledge about networking and related hardware/software.  Knowledge about Programming and Web Applications.  Knowledgeable about computer or system security.
SPECIALIZATIONS  Just like any other Technical Field, Information Security and Hacking is very vast and Individuals generally specialize in single or multiple Domains which primarily are:  Network Security/Attack  Web Application Security/Attack  Exploit Development and Reverse Engineering  Malware Analysis/Development  Cyber Forensics
ESSENTIAL TERMINOLOGY'S  Threat – An action or event which is a potential challenge to Security.  Vulnerability – It is the existence of a Flaw or Error in the Design of the System which can cause undesired results ranging from Compromise of System Security to Service or System Unavailability.  Attack – An action which attempts to violate or challenge the Integrity or Security of a System.  Exploit – A defined way to breach the security of a System or Product using an identified vulnerability.
MODULES FOR WINDOWS HACKING Introduction to Windows Windows - Passwords LM Hashes and NTLM Hashes Syskey Windows Hacking Types of Attacks Tools used for Windows Password Cracking Securing passwords. Privilege Escalation Key loggers Covering Tracks Removing logs
PASSWORD HASHING METHOD
PASSWORD HASHING METHOD
WINDOWS HACKING
Tools used for windows Password Cracking Windows passwords can be cracked by using the following tools:  Ophcrack Live CD and windows installer.  Hiren Boot CD.  ERD commander.  Cain n Able. Etc.
SECURING PASSWORDS
Keyloggers  Keystroke logging (often called key logging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous key logging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis.
TYPES OF KEYLOGGERS
KEY FEATURES OF KEYLOGGERS  Key Strokes Typed  Screenshots  Program Activities  Clipboard  Chat etc.  File Tracking
THANK YOU
Introduction to Hacking

Recommended

Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Jorge Orchilles
 
Intruders
IntrudersIntruders
Intruders
techn
 
Security and Privacy of Machine Learning
Security and Privacy of Machine LearningSecurity and Privacy of Machine Learning
Security and Privacy of Machine Learning
Priyanka Aash
 
Hackers and cyber crimes
Hackers and cyber crimesHackers and cyber crimes
Hackers and cyber crimes
Sweta Kumari Barnwal
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
Dr.Florence Dayana
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgInformation Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Eric Vanderburg
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 

Recommended

Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...
Jorge Orchilles
 
Intruders
IntrudersIntruders
Intruders
techn
 
Security and Privacy of Machine Learning
Security and Privacy of Machine LearningSecurity and Privacy of Machine Learning
Security and Privacy of Machine Learning
Priyanka Aash
 
Hackers and cyber crimes
Hackers and cyber crimesHackers and cyber crimes
Hackers and cyber crimes
Sweta Kumari Barnwal
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
Dr.Florence Dayana
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgInformation Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Eric Vanderburg
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue Divide
MITRE ATT&CK
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
Sahil Kureel
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules Coverage
Sunny Neo
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CK
MITRE ATT&CK
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamWhat is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
MITRE ATT&CK
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
Edureka!
 
Password strength svm
Password strength svmPassword strength svm
Password strength svm
Sunil Rm
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
chauhankapil
 
What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple Examples
CheapSSLsecurity
 
intruders types ,detection & prevention
intruders types ,detection & preventionintruders types ,detection & prevention
intruders types ,detection & prevention
Central University Of Kashmir
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
The New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentThe New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise Assessment
Infocyte
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE - ATT&CKcon
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
Avinash Kumar
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Hash Function
Hash Function Hash Function
Hash Function
ssuserdfb2da
 
Semantic web (Foundation – Architecture – Languages – Tools)
Semantic web (Foundation – Architecture – Languages – Tools)Semantic web (Foundation – Architecture – Languages – Tools)
Semantic web (Foundation – Architecture – Languages – Tools)
Karwan Jacksi
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation ppt
vaishalshah01
 

More Related Content

What's hot

ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue Divide
MITRE ATT&CK
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CK
MITRE ATT&CK
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamWhat is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
MITRE ATT&CK
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
Edureka!
 
Password strength svm
Password strength svmPassword strength svm
Password strength svm
Sunil Rm
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
The New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentThe New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise Assessment
Infocyte
 

What's hot (20)

ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue Divide
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
 
Detection Rules Coverage
Detection Rules CoverageDetection Rules Coverage
Detection Rules Coverage
 
Knowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CKKnowledge for the masses: Storytelling with ATT&CK
Knowledge for the masses: Storytelling with ATT&CK
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red TeamWhat is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
 
Password strength svm
Password strength svmPassword strength svm
Password strength svm
 
Symmetric & Asymmetric Cryptography
Symmetric & Asymmetric CryptographySymmetric & Asymmetric Cryptography
Symmetric & Asymmetric Cryptography
 
What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple Examples
 
intruders types ,detection & prevention
intruders types ,detection & preventionintruders types ,detection & prevention
intruders types ,detection & prevention
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
 
The New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise AssessmentThe New Pentest? Rise of the Compromise Assessment
The New Pentest? Rise of the Compromise Assessment
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
 
Cyber security
Cyber securityCyber security
Cyber security
 
Hash Function
Hash Function Hash Function
Hash Function
 

Viewers also liked

The 10 Principles of Enterprise Architecture
The 10 Principles of Enterprise ArchitectureThe 10 Principles of Enterprise Architecture
The 10 Principles of Enterprise Architecture
Info-Tech Research Group
 

Viewers also liked (14)

Semantic web (Foundation – Architecture – Languages – Tools)
Semantic web (Foundation – Architecture – Languages – Tools)Semantic web (Foundation – Architecture – Languages – Tools)
Semantic web (Foundation – Architecture – Languages – Tools)
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation ppt
 
Chicago Architecture Foundation - Around Chicago in 85 Tours by Jennifer Lucente
Chicago Architecture Foundation - Around Chicago in 85 Tours by Jennifer LucenteChicago Architecture Foundation - Around Chicago in 85 Tours by Jennifer Lucente
Chicago Architecture Foundation - Around Chicago in 85 Tours by Jennifer Lucente
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
The 10 Principles of Enterprise Architecture
The 10 Principles of Enterprise ArchitectureThe 10 Principles of Enterprise Architecture
The 10 Principles of Enterprise Architecture
 
Mr Sergio Arzeni (CFE)- Emerging Trends in SME and Entrepreneurship Finance: ...
Mr Sergio Arzeni (CFE)- Emerging Trends in SME and Entrepreneurship Finance: ...Mr Sergio Arzeni (CFE)- Emerging Trends in SME and Entrepreneurship Finance: ...
Mr Sergio Arzeni (CFE)- Emerging Trends in SME and Entrepreneurship Finance: ...
 
Database Security
Database SecurityDatabase Security
Database Security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hacking
 
How Much and How Your Can Earn on Internet from Contextual Ads, What Content ...
How Much and How Your Can Earn on Internet from Contextual Ads, What Content ...How Much and How Your Can Earn on Internet from Contextual Ads, What Content ...
How Much and How Your Can Earn on Internet from Contextual Ads, What Content ...
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Computer architecture
Computer architectureComputer architecture
Computer architecture
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 

Similar to Introduction to Hacking

CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
VishnuVarma47
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
samprada123
 

Similar to Introduction to Hacking (20)

Ethical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptxEthical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptx
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxEthical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Hacking.pptx
Ethical Hacking.pptxEthical Hacking.pptx
Ethical Hacking.pptx
 
ethical hacking report
ethical hacking report ethical hacking report
ethical hacking report
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptx
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hacking
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
 
Ethical-Hacking-ppt.pptx
Ethical-Hacking-ppt.pptxEthical-Hacking-ppt.pptx
Ethical-Hacking-ppt.pptx
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
 
CSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptxCSE-Ethical-Hacking-ppt.pptx
CSE-Ethical-Hacking-ppt.pptx
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical Hacking
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guide
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Recently uploaded (20)

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Introduction to Hacking

  • 1. INTRODUCTION Introduction To Ethical Hacking & Information Security !
  • 2. ETHICAL HACKING OUTLINE  Why we need Security  Security & Usability Triangle  Who is Hacker ?  Types of Hackers  Type of attack on a system  Phases of Hacker  Profile of Ethical Hacker  Why ethical hacking is Necessary ?  Specializations  Essential Terminology's.
  • 3. WHY WE NEED SECURITY • Important part of business is - Now lot of people use computer to store and share there valuable information's. • Security – A state of well – being of information and infrastructures in which the possibility of successful yet undetected theft.
  • 4. WHAT IS INFORMATION SECURITY  Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.  Term Information Security follows CIA  Confidentiality  Integrity  Availability
  • 5.  Confidentiality : Assurance that the information is accessible only to those authorized to have access. Confidentiality breaches may occur due to improper data handling or a hacking attempt.  Integrity : The data or resources in term of preventing improper and unauthorized changes. Assurance that Information can be relied upon to be sufficiently accurate for its purpose.  Availability : Assurance that the systems responsible for delivering storing , and processing Information are accessible when required by the authorized users.
  • 6. SECURITY , FUNCTIONALITY & USABILITY TRIANGLE  Level of security in any system can be defined by the strength of three Components This Triangle represents the Basic relationship between Security, Functionality and usability. You can move the Ball in either of the Direction, which will cause the Intensity of other two sides to decrease. For Example, you can remove all the complicated Security Measures such as Hybrid Passwords, Regular Password Resets, Security Tokens, which will make the System easy to use, however, the Security and Functionality will be reduced.
  • 7. WHO IS HACKER ?  Intelligent Individuals with excellent Computer Skills, with the Ability to create And explore into the computer’s Software and Hardware.  For some hackers, hacking is a hobby to see how many computers or networks they can compromise.  Some do hacking with Malicious intent behind their escapades, like stealing business data, credit card information, social security numbers, email passwords etc.  Their intention can either be to gain knowledge or to poke around to do illegal things.
  • 8. TYPES OF HACKERS  Black Hats Technical Levels of Hackers – Good Technical Skills Neophyte- A Newbie in the – Involved in Malicious or field of Computer Security with illegal Activities. almost no knowledge. Script Kiddie- A non-expert  White Hats who uses Tools or Scripts made – Use of Knowledge & skills for by others to Hack into System Defensive purpose, rather with little knowledge about the offensive. concept working behind the tool.  Gray Hats Elite- Also knows as 1337, it is a – Individuals who work on term used to describe the most both the sides – Ethical and technically advanced hackers Malicious. who use cutting edge technology.
  • 9. TYPE OF ATTACKS ON A SYSTEM  There are several ways an attacker can gain access to a System.  The attacker must be able to exploit a weakness or vulnerability in a system.
  • 10. PHASES OF HACKER Information Gathering Scanning  Gaining access – Operating System/Application – Network level – Denial of service Maintaining access – Uploading/altering/ downloading programs or data -- Covering Tracks
  • 11. PROFILE OF ETHICAL HACKER  An Ethical Hacker will follow the same Techniques and Methodologies as a Malicious Hacker, however, in the end, The found vulnerabilities of Security Flaws are either Reported (Responsible Disclosure/Open Disclosure) or Fixed. This is also called Penetration Testing.  The Complete Procedure depends upon the Type of Penetration Testing being conducted, which are primarily of 3 Types:  Black Box Testing – No Previous Knowledge about the Target of Evaluation.  White Box Testing – Full Knowledge about the Target. Purpose is to protect the system or product from insider attacks.  Grey Box Testing – Partial Knowledge is available in this case.
  • 12. WHY ETHICAL HACKING IS NECESSARY?  Computer Security Expert.  In-depth knowledge about Target Platforms (such as Windows, Unix, Linux, Mac).  In-depth knowledge about networking and related hardware/software.  Knowledge about Programming and Web Applications.  Knowledgeable about computer or system security.
  • 13. SPECIALIZATIONS  Just like any other Technical Field, Information Security and Hacking is very vast and Individuals generally specialize in single or multiple Domains which primarily are:  Network Security/Attack  Web Application Security/Attack  Exploit Development and Reverse Engineering  Malware Analysis/Development  Cyber Forensics
  • 14. ESSENTIAL TERMINOLOGY'S  Threat – An action or event which is a potential challenge to Security.  Vulnerability – It is the existence of a Flaw or Error in the Design of the System which can cause undesired results ranging from Compromise of System Security to Service or System Unavailability.  Attack – An action which attempts to violate or challenge the Integrity or Security of a System.  Exploit – A defined way to breach the security of a System or Product using an identified vulnerability.
  • 15. MODULES FOR WINDOWS HACKING Introduction to Windows Windows - Passwords LM Hashes and NTLM Hashes Syskey Windows Hacking Types of Attacks Tools used for Windows Password Cracking Securing passwords. Privilege Escalation Key loggers Covering Tracks Removing logs
  • 19. Tools used for windows Password Cracking Windows passwords can be cracked by using the following tools:  Ophcrack Live CD and windows installer.  Hiren Boot CD.  ERD commander.  Cain n Able. Etc.
  • 21. Keyloggers  Keystroke logging (often called key logging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous key logging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis.
  • 23. KEY FEATURES OF KEYLOGGERS  Key Strokes Typed  Screenshots  Program Activities  Clipboard  Chat etc.  File Tracking