the basics of ethical hacking

BASICS

OF

ETHICAL HACKING

By Vamshi TG

1. Refers to the of working with computers

into computer systems

.

2

3

In the year 1990 in the US a hacker named KEVINPOULSEN had hacked all the phone lines in the LA City.

It was announced on the radio station that the102nd caller who would call in the contest hosted by thechannel would receive a PORSCHE as a gift and Kevinhacked all the phone lines in the city to secure hisvictory.

A bad idea, but what an idea!4

VLADIMIR LEVIN, a big time hacker of his time,managed to penetrate banking network ofCitigroup and transferred around $10 millioninto his bank accounts in the UK, Germany,Finland, Holland, Israel and other places in theyear 1995.

It was a daring feat, indeed. He was laterarrested by the Interpol but only after he hadsuccessfully committed the big time forgery.

5

On November 24, 2014, a hacker group which identified itself by thename "Guardians of Peace" (GOP) leaked a release of confidentialdata from the film studio Sony pictures.

The data included personal information about Sony Picturesemployees and their families, e-mails between employees,information about executive salaries at the company, copies ofthen-unreleased Sony films, and other information.

6

7

Hacking is a casual hobby for some hackers

Some are obsessive about gaining notoriety or defeating computer systems, and some have criminal intentions.

To steal important Information of an organization and to transmit it to the open internet

To brag about their skills.

8

Quote about hackers

9

10

It is the process of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers.

It is also known as •PENETRATION TESTING•INTRUSION TESTING•RED TEAMING

11

12

13

•Individual professing hacker skills andusing them for defensive purposes

• Also known as security analysts

14

•Individuals with extraordinary computing skills, resorting to malicious or destructive activities

• Also know as crackers.

15

Individuals who work both offensively and defensively at various times.

BLACK GRAY WHITE

SUICIDE HACKERS

Individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing

jail terms or any other punishment

SCRIPT KIDDIES

An unskilled who compromises system

by running scripts, tools and software developed by real

hackers.

CYBER TERRORISTS

Individuals with wide range of skills

motivated by religious or political beliefs to create fear by large scale disruption of

computer networks

16

17

•To prevent hackers from gaining access to information breaches

•To fight against terrorism and national security breaches

•To build a system that avoids hackers from penetrating

•To test if organization’s security settings are in fact secure

18

• Has in-depth knowledge of major operating environments , such as Windows, Unix & Linux

Platform Knowledge

• Has in-depth knowledge of Networking Concepts, technologies and related hardware and software

Network Knowledge

• Should be a computer expert adept at technical domains

Computer

Expert

• Has knowledge of security areas and related issues

Security

Knowledge

1. Is a method of examining the weakness and vulnerabilities of Computer and Network Security.

2. It helps to measure the effectiveness of System Security or ineffectiveness of the Sytem Security

.

20

What information/locations/systems can an attacker gain access?

What can an attacker see on the target?

What can an attacker do with available information?

Does anyone at the target system notice the attempts?

.

22

By conducting penetration tests, an ethical hacker looks to answer the following four basic questions :

23

24

Phase-1• RECONNAISSANCE

Phase-2• SCANNING

Phase-3• GAINING ACCESS

Phase-4• MAINTAINING ACCESS

Phase-5• COVERING TRACKS

•This is the stage in which the hacker collects information about the company which the personal is going to hack.

• This is one of the pre-attacking phases.

•Reconnaissance refers to the preparatory phase where an attacker learns about all of the possible attack vectors that can be used in their plan.

•It refers to scan for all the open as well as closed ports

•Tries to make a blue print of the target network.

•The blue print includes the ip addresses of the target network which are live, the services which are running on those system and so on.

•It can be gained at OS level ,system level or even network level

•From normal access hacker can even proceed with privilege escalation

•It often includes password cracking ,DoS attack etc.

It is where the hacker strives to retain its control over target with backdoors or Trojans

•To avoid being exposed or caught ,a good hacker will

leave no impressions of his presence.

•So he attempts to overwrite the system and application

logs

30

Thank You