parag presentation on ethical hacking
DESCRIPTION
This is the brief description on Ethical Hacking. You can surely download it & do ask me if any queries regarding any topic , will answer it soon as possible...TRANSCRIPT
Seminar Report on
ldquo ETHICAL ndash HACKING rdquoSubmitted
BY
Mr - ldquo Parag S Kosarkar ldquo
Semester Section ldquo ndash 6 th ARoll No - 41
23 FEB 2012 - 13
Department of Computer Technology PART TIME DEGREE PROGRAM
YESHWANTRAO CHAVAN COLLEGE OF
ENGINEERING Nagpur
(An Autonomous Institution Affiliated to Rashtrasant Tukadoji Maharaj Nagpur University)
Presenting Seminar On
Ethical hacking - also known as penetration testing or intrusion testing or red teaming has become a major concern for businesses and governments
Companies are worried about the possibility of being ldquohackedrdquo and potential customers are worried about maintaining control of personal information
Necessity of computer security professionals to break into the systems of the organisation
Ethical hackers employ the same tools and techniques as the intruders
They neither damage the target systems nor steal information
The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them
INTRODUCTION -
FAMOUS HACKERS IN HISTORY -
IAN MURPHY KEVIN MITNICK
LINUS TORVALDS
MARK ABENE
ROBERT MORRIS
JOHAN HELSINGUIS
=
SQL Injection Keylogging Tabnapping Phishing RAT ndash Remote Administration
Tools or Trojans Cookie Stealing What Precautions can be done
to Avoid being Hacked
Contents to be Explained -
Comman Phases of Hacking-
An ethical hacker follows processes similar to those of a
malicious hacker The steps to gain and maintain entry into a
computer system are similar no matter what the hackerrsquos
intentions are There are five phases that hackers generally
follow in hacking a system
Phase 1 ndash Recognise System
Phase 2 ndash Scanning Process
Phase 3 - Gaining Access
Phase 4 - Maintaining Access
Phase 5 - Covering Tracks
What is Hacking Hacking refers to an array of activities which area done to intrude some one elsersquos Personal Information space so as to use it for malicious unwanted purpose
What is Cracking Cracking is almost the same as hacking because they
both get into the peoples server amp accounts illegally
But a cracker destroys the information amp software that it gets into which can cause System Down
Proffesional Criminals or Crackers - Make a living by breaking into the systems and
selling the information
Hacker amp Ethical Hacker -
Hacker can Access computer system or network information without their permission
Breaks the LAWS can go to Prison
Ethical Hacker does the same but with the legal permission
Employed by companies to perform penetration tests Quick ndash Heal Hires Hackers
What you can do Legally
As an Ethical hacker be aware of what is allowed amp what is not
Laws involving technologies are changing according to the Techology changes
Some hacking tools on your computer might be illegal to possess
IS PORT ndash Scanning Legal Government does not see to it as violation It is Legal As noninvasive or non destructible in Nature Mostly port 8080 80 amp 443 are Open
What is SQL ndash INJECTION
SQL ndash Injection is one of the popular web application hacking method using injection attack an unauthorized person can access the Database of the website Attacker can extract the data from Database
What hacker can do with the SQL injection attack ByPassing Logins Accessing secret data Modifying content of website Shutting down the My SQL server Google Dorking Example inurlindexphpid= inurlgalaryphpid=
Checking the Vulnerability -
Now lets us check the vulnerability of Target ndash Website to check the vulnerability add the (lsquo) at the end of the url and hit enter
Eg - httpwwwanywebsitecomindexphpid=2rsquo
If the page remains same or do not gives any message saying hellip
ldquo Error 404 ndash page not found then its Ok rdquo
What is a KeyloggerA keylogger is a piece of malicious software usually
called spyware or malware that records every keystroke you make on a keyboard Keyloggers can be installed without your knowledge or consent when you visit a Web site or read an e-mail install a program or perform other activities Once installed the keylogger records all your keystrokes and then e-mails the information and other data to the computer hacker
How Keyloggers are Constructed
The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor
This can be achieved using video surveillance a hardware bug in the keyboard wiring or the computer itself intercepting inputoutput substituting the keyboard driver using a filter driver in the keyboard stack intercepting kernel functions by any means possible (substituting addresses in system tables splicing function code etc) intercepting DLL functions in user mode and requesting information from the keyboard using standard documented methods
Keyloggers can be divided into two categories keylogging devices and keylogging software Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself The keylogging software category is made up of dedicated programs designed to track and log keystrokes
MP3 music files
E-mail attachments
Clicking on deceptive popndashups
P2P networks
AVI files (ie YouTube or other videos)
A legitimate Web site link picture or story that was malfaced
Downloaded games or any other PC tools or programs
Faked malicious Web sites that impersonate popular sites (sites such as Google eBay Amazon Yahoo banks) or anti-virus programs
KEYLOGGERrsquoS Can Be Spread Using -
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
Presenting Seminar On
Ethical hacking - also known as penetration testing or intrusion testing or red teaming has become a major concern for businesses and governments
Companies are worried about the possibility of being ldquohackedrdquo and potential customers are worried about maintaining control of personal information
Necessity of computer security professionals to break into the systems of the organisation
Ethical hackers employ the same tools and techniques as the intruders
They neither damage the target systems nor steal information
The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them
INTRODUCTION -
FAMOUS HACKERS IN HISTORY -
IAN MURPHY KEVIN MITNICK
LINUS TORVALDS
MARK ABENE
ROBERT MORRIS
JOHAN HELSINGUIS
=
SQL Injection Keylogging Tabnapping Phishing RAT ndash Remote Administration
Tools or Trojans Cookie Stealing What Precautions can be done
to Avoid being Hacked
Contents to be Explained -
Comman Phases of Hacking-
An ethical hacker follows processes similar to those of a
malicious hacker The steps to gain and maintain entry into a
computer system are similar no matter what the hackerrsquos
intentions are There are five phases that hackers generally
follow in hacking a system
Phase 1 ndash Recognise System
Phase 2 ndash Scanning Process
Phase 3 - Gaining Access
Phase 4 - Maintaining Access
Phase 5 - Covering Tracks
What is Hacking Hacking refers to an array of activities which area done to intrude some one elsersquos Personal Information space so as to use it for malicious unwanted purpose
What is Cracking Cracking is almost the same as hacking because they
both get into the peoples server amp accounts illegally
But a cracker destroys the information amp software that it gets into which can cause System Down
Proffesional Criminals or Crackers - Make a living by breaking into the systems and
selling the information
Hacker amp Ethical Hacker -
Hacker can Access computer system or network information without their permission
Breaks the LAWS can go to Prison
Ethical Hacker does the same but with the legal permission
Employed by companies to perform penetration tests Quick ndash Heal Hires Hackers
What you can do Legally
As an Ethical hacker be aware of what is allowed amp what is not
Laws involving technologies are changing according to the Techology changes
Some hacking tools on your computer might be illegal to possess
IS PORT ndash Scanning Legal Government does not see to it as violation It is Legal As noninvasive or non destructible in Nature Mostly port 8080 80 amp 443 are Open
What is SQL ndash INJECTION
SQL ndash Injection is one of the popular web application hacking method using injection attack an unauthorized person can access the Database of the website Attacker can extract the data from Database
What hacker can do with the SQL injection attack ByPassing Logins Accessing secret data Modifying content of website Shutting down the My SQL server Google Dorking Example inurlindexphpid= inurlgalaryphpid=
Checking the Vulnerability -
Now lets us check the vulnerability of Target ndash Website to check the vulnerability add the (lsquo) at the end of the url and hit enter
Eg - httpwwwanywebsitecomindexphpid=2rsquo
If the page remains same or do not gives any message saying hellip
ldquo Error 404 ndash page not found then its Ok rdquo
What is a KeyloggerA keylogger is a piece of malicious software usually
called spyware or malware that records every keystroke you make on a keyboard Keyloggers can be installed without your knowledge or consent when you visit a Web site or read an e-mail install a program or perform other activities Once installed the keylogger records all your keystrokes and then e-mails the information and other data to the computer hacker
How Keyloggers are Constructed
The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor
This can be achieved using video surveillance a hardware bug in the keyboard wiring or the computer itself intercepting inputoutput substituting the keyboard driver using a filter driver in the keyboard stack intercepting kernel functions by any means possible (substituting addresses in system tables splicing function code etc) intercepting DLL functions in user mode and requesting information from the keyboard using standard documented methods
Keyloggers can be divided into two categories keylogging devices and keylogging software Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself The keylogging software category is made up of dedicated programs designed to track and log keystrokes
MP3 music files
E-mail attachments
Clicking on deceptive popndashups
P2P networks
AVI files (ie YouTube or other videos)
A legitimate Web site link picture or story that was malfaced
Downloaded games or any other PC tools or programs
Faked malicious Web sites that impersonate popular sites (sites such as Google eBay Amazon Yahoo banks) or anti-virus programs
KEYLOGGERrsquoS Can Be Spread Using -
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
Ethical hacking - also known as penetration testing or intrusion testing or red teaming has become a major concern for businesses and governments
Companies are worried about the possibility of being ldquohackedrdquo and potential customers are worried about maintaining control of personal information
Necessity of computer security professionals to break into the systems of the organisation
Ethical hackers employ the same tools and techniques as the intruders
They neither damage the target systems nor steal information
The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them
INTRODUCTION -
FAMOUS HACKERS IN HISTORY -
IAN MURPHY KEVIN MITNICK
LINUS TORVALDS
MARK ABENE
ROBERT MORRIS
JOHAN HELSINGUIS
=
SQL Injection Keylogging Tabnapping Phishing RAT ndash Remote Administration
Tools or Trojans Cookie Stealing What Precautions can be done
to Avoid being Hacked
Contents to be Explained -
Comman Phases of Hacking-
An ethical hacker follows processes similar to those of a
malicious hacker The steps to gain and maintain entry into a
computer system are similar no matter what the hackerrsquos
intentions are There are five phases that hackers generally
follow in hacking a system
Phase 1 ndash Recognise System
Phase 2 ndash Scanning Process
Phase 3 - Gaining Access
Phase 4 - Maintaining Access
Phase 5 - Covering Tracks
What is Hacking Hacking refers to an array of activities which area done to intrude some one elsersquos Personal Information space so as to use it for malicious unwanted purpose
What is Cracking Cracking is almost the same as hacking because they
both get into the peoples server amp accounts illegally
But a cracker destroys the information amp software that it gets into which can cause System Down
Proffesional Criminals or Crackers - Make a living by breaking into the systems and
selling the information
Hacker amp Ethical Hacker -
Hacker can Access computer system or network information without their permission
Breaks the LAWS can go to Prison
Ethical Hacker does the same but with the legal permission
Employed by companies to perform penetration tests Quick ndash Heal Hires Hackers
What you can do Legally
As an Ethical hacker be aware of what is allowed amp what is not
Laws involving technologies are changing according to the Techology changes
Some hacking tools on your computer might be illegal to possess
IS PORT ndash Scanning Legal Government does not see to it as violation It is Legal As noninvasive or non destructible in Nature Mostly port 8080 80 amp 443 are Open
What is SQL ndash INJECTION
SQL ndash Injection is one of the popular web application hacking method using injection attack an unauthorized person can access the Database of the website Attacker can extract the data from Database
What hacker can do with the SQL injection attack ByPassing Logins Accessing secret data Modifying content of website Shutting down the My SQL server Google Dorking Example inurlindexphpid= inurlgalaryphpid=
Checking the Vulnerability -
Now lets us check the vulnerability of Target ndash Website to check the vulnerability add the (lsquo) at the end of the url and hit enter
Eg - httpwwwanywebsitecomindexphpid=2rsquo
If the page remains same or do not gives any message saying hellip
ldquo Error 404 ndash page not found then its Ok rdquo
What is a KeyloggerA keylogger is a piece of malicious software usually
called spyware or malware that records every keystroke you make on a keyboard Keyloggers can be installed without your knowledge or consent when you visit a Web site or read an e-mail install a program or perform other activities Once installed the keylogger records all your keystrokes and then e-mails the information and other data to the computer hacker
How Keyloggers are Constructed
The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor
This can be achieved using video surveillance a hardware bug in the keyboard wiring or the computer itself intercepting inputoutput substituting the keyboard driver using a filter driver in the keyboard stack intercepting kernel functions by any means possible (substituting addresses in system tables splicing function code etc) intercepting DLL functions in user mode and requesting information from the keyboard using standard documented methods
Keyloggers can be divided into two categories keylogging devices and keylogging software Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself The keylogging software category is made up of dedicated programs designed to track and log keystrokes
MP3 music files
E-mail attachments
Clicking on deceptive popndashups
P2P networks
AVI files (ie YouTube or other videos)
A legitimate Web site link picture or story that was malfaced
Downloaded games or any other PC tools or programs
Faked malicious Web sites that impersonate popular sites (sites such as Google eBay Amazon Yahoo banks) or anti-virus programs
KEYLOGGERrsquoS Can Be Spread Using -
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
FAMOUS HACKERS IN HISTORY -
IAN MURPHY KEVIN MITNICK
LINUS TORVALDS
MARK ABENE
ROBERT MORRIS
JOHAN HELSINGUIS
=
SQL Injection Keylogging Tabnapping Phishing RAT ndash Remote Administration
Tools or Trojans Cookie Stealing What Precautions can be done
to Avoid being Hacked
Contents to be Explained -
Comman Phases of Hacking-
An ethical hacker follows processes similar to those of a
malicious hacker The steps to gain and maintain entry into a
computer system are similar no matter what the hackerrsquos
intentions are There are five phases that hackers generally
follow in hacking a system
Phase 1 ndash Recognise System
Phase 2 ndash Scanning Process
Phase 3 - Gaining Access
Phase 4 - Maintaining Access
Phase 5 - Covering Tracks
What is Hacking Hacking refers to an array of activities which area done to intrude some one elsersquos Personal Information space so as to use it for malicious unwanted purpose
What is Cracking Cracking is almost the same as hacking because they
both get into the peoples server amp accounts illegally
But a cracker destroys the information amp software that it gets into which can cause System Down
Proffesional Criminals or Crackers - Make a living by breaking into the systems and
selling the information
Hacker amp Ethical Hacker -
Hacker can Access computer system or network information without their permission
Breaks the LAWS can go to Prison
Ethical Hacker does the same but with the legal permission
Employed by companies to perform penetration tests Quick ndash Heal Hires Hackers
What you can do Legally
As an Ethical hacker be aware of what is allowed amp what is not
Laws involving technologies are changing according to the Techology changes
Some hacking tools on your computer might be illegal to possess
IS PORT ndash Scanning Legal Government does not see to it as violation It is Legal As noninvasive or non destructible in Nature Mostly port 8080 80 amp 443 are Open
What is SQL ndash INJECTION
SQL ndash Injection is one of the popular web application hacking method using injection attack an unauthorized person can access the Database of the website Attacker can extract the data from Database
What hacker can do with the SQL injection attack ByPassing Logins Accessing secret data Modifying content of website Shutting down the My SQL server Google Dorking Example inurlindexphpid= inurlgalaryphpid=
Checking the Vulnerability -
Now lets us check the vulnerability of Target ndash Website to check the vulnerability add the (lsquo) at the end of the url and hit enter
Eg - httpwwwanywebsitecomindexphpid=2rsquo
If the page remains same or do not gives any message saying hellip
ldquo Error 404 ndash page not found then its Ok rdquo
What is a KeyloggerA keylogger is a piece of malicious software usually
called spyware or malware that records every keystroke you make on a keyboard Keyloggers can be installed without your knowledge or consent when you visit a Web site or read an e-mail install a program or perform other activities Once installed the keylogger records all your keystrokes and then e-mails the information and other data to the computer hacker
How Keyloggers are Constructed
The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor
This can be achieved using video surveillance a hardware bug in the keyboard wiring or the computer itself intercepting inputoutput substituting the keyboard driver using a filter driver in the keyboard stack intercepting kernel functions by any means possible (substituting addresses in system tables splicing function code etc) intercepting DLL functions in user mode and requesting information from the keyboard using standard documented methods
Keyloggers can be divided into two categories keylogging devices and keylogging software Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself The keylogging software category is made up of dedicated programs designed to track and log keystrokes
MP3 music files
E-mail attachments
Clicking on deceptive popndashups
P2P networks
AVI files (ie YouTube or other videos)
A legitimate Web site link picture or story that was malfaced
Downloaded games or any other PC tools or programs
Faked malicious Web sites that impersonate popular sites (sites such as Google eBay Amazon Yahoo banks) or anti-virus programs
KEYLOGGERrsquoS Can Be Spread Using -
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
=
SQL Injection Keylogging Tabnapping Phishing RAT ndash Remote Administration
Tools or Trojans Cookie Stealing What Precautions can be done
to Avoid being Hacked
Contents to be Explained -
Comman Phases of Hacking-
An ethical hacker follows processes similar to those of a
malicious hacker The steps to gain and maintain entry into a
computer system are similar no matter what the hackerrsquos
intentions are There are five phases that hackers generally
follow in hacking a system
Phase 1 ndash Recognise System
Phase 2 ndash Scanning Process
Phase 3 - Gaining Access
Phase 4 - Maintaining Access
Phase 5 - Covering Tracks
What is Hacking Hacking refers to an array of activities which area done to intrude some one elsersquos Personal Information space so as to use it for malicious unwanted purpose
What is Cracking Cracking is almost the same as hacking because they
both get into the peoples server amp accounts illegally
But a cracker destroys the information amp software that it gets into which can cause System Down
Proffesional Criminals or Crackers - Make a living by breaking into the systems and
selling the information
Hacker amp Ethical Hacker -
Hacker can Access computer system or network information without their permission
Breaks the LAWS can go to Prison
Ethical Hacker does the same but with the legal permission
Employed by companies to perform penetration tests Quick ndash Heal Hires Hackers
What you can do Legally
As an Ethical hacker be aware of what is allowed amp what is not
Laws involving technologies are changing according to the Techology changes
Some hacking tools on your computer might be illegal to possess
IS PORT ndash Scanning Legal Government does not see to it as violation It is Legal As noninvasive or non destructible in Nature Mostly port 8080 80 amp 443 are Open
What is SQL ndash INJECTION
SQL ndash Injection is one of the popular web application hacking method using injection attack an unauthorized person can access the Database of the website Attacker can extract the data from Database
What hacker can do with the SQL injection attack ByPassing Logins Accessing secret data Modifying content of website Shutting down the My SQL server Google Dorking Example inurlindexphpid= inurlgalaryphpid=
Checking the Vulnerability -
Now lets us check the vulnerability of Target ndash Website to check the vulnerability add the (lsquo) at the end of the url and hit enter
Eg - httpwwwanywebsitecomindexphpid=2rsquo
If the page remains same or do not gives any message saying hellip
ldquo Error 404 ndash page not found then its Ok rdquo
What is a KeyloggerA keylogger is a piece of malicious software usually
called spyware or malware that records every keystroke you make on a keyboard Keyloggers can be installed without your knowledge or consent when you visit a Web site or read an e-mail install a program or perform other activities Once installed the keylogger records all your keystrokes and then e-mails the information and other data to the computer hacker
How Keyloggers are Constructed
The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor
This can be achieved using video surveillance a hardware bug in the keyboard wiring or the computer itself intercepting inputoutput substituting the keyboard driver using a filter driver in the keyboard stack intercepting kernel functions by any means possible (substituting addresses in system tables splicing function code etc) intercepting DLL functions in user mode and requesting information from the keyboard using standard documented methods
Keyloggers can be divided into two categories keylogging devices and keylogging software Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself The keylogging software category is made up of dedicated programs designed to track and log keystrokes
MP3 music files
E-mail attachments
Clicking on deceptive popndashups
P2P networks
AVI files (ie YouTube or other videos)
A legitimate Web site link picture or story that was malfaced
Downloaded games or any other PC tools or programs
Faked malicious Web sites that impersonate popular sites (sites such as Google eBay Amazon Yahoo banks) or anti-virus programs
KEYLOGGERrsquoS Can Be Spread Using -
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
Comman Phases of Hacking-
An ethical hacker follows processes similar to those of a
malicious hacker The steps to gain and maintain entry into a
computer system are similar no matter what the hackerrsquos
intentions are There are five phases that hackers generally
follow in hacking a system
Phase 1 ndash Recognise System
Phase 2 ndash Scanning Process
Phase 3 - Gaining Access
Phase 4 - Maintaining Access
Phase 5 - Covering Tracks
What is Hacking Hacking refers to an array of activities which area done to intrude some one elsersquos Personal Information space so as to use it for malicious unwanted purpose
What is Cracking Cracking is almost the same as hacking because they
both get into the peoples server amp accounts illegally
But a cracker destroys the information amp software that it gets into which can cause System Down
Proffesional Criminals or Crackers - Make a living by breaking into the systems and
selling the information
Hacker amp Ethical Hacker -
Hacker can Access computer system or network information without their permission
Breaks the LAWS can go to Prison
Ethical Hacker does the same but with the legal permission
Employed by companies to perform penetration tests Quick ndash Heal Hires Hackers
What you can do Legally
As an Ethical hacker be aware of what is allowed amp what is not
Laws involving technologies are changing according to the Techology changes
Some hacking tools on your computer might be illegal to possess
IS PORT ndash Scanning Legal Government does not see to it as violation It is Legal As noninvasive or non destructible in Nature Mostly port 8080 80 amp 443 are Open
What is SQL ndash INJECTION
SQL ndash Injection is one of the popular web application hacking method using injection attack an unauthorized person can access the Database of the website Attacker can extract the data from Database
What hacker can do with the SQL injection attack ByPassing Logins Accessing secret data Modifying content of website Shutting down the My SQL server Google Dorking Example inurlindexphpid= inurlgalaryphpid=
Checking the Vulnerability -
Now lets us check the vulnerability of Target ndash Website to check the vulnerability add the (lsquo) at the end of the url and hit enter
Eg - httpwwwanywebsitecomindexphpid=2rsquo
If the page remains same or do not gives any message saying hellip
ldquo Error 404 ndash page not found then its Ok rdquo
What is a KeyloggerA keylogger is a piece of malicious software usually
called spyware or malware that records every keystroke you make on a keyboard Keyloggers can be installed without your knowledge or consent when you visit a Web site or read an e-mail install a program or perform other activities Once installed the keylogger records all your keystrokes and then e-mails the information and other data to the computer hacker
How Keyloggers are Constructed
The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor
This can be achieved using video surveillance a hardware bug in the keyboard wiring or the computer itself intercepting inputoutput substituting the keyboard driver using a filter driver in the keyboard stack intercepting kernel functions by any means possible (substituting addresses in system tables splicing function code etc) intercepting DLL functions in user mode and requesting information from the keyboard using standard documented methods
Keyloggers can be divided into two categories keylogging devices and keylogging software Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself The keylogging software category is made up of dedicated programs designed to track and log keystrokes
MP3 music files
E-mail attachments
Clicking on deceptive popndashups
P2P networks
AVI files (ie YouTube or other videos)
A legitimate Web site link picture or story that was malfaced
Downloaded games or any other PC tools or programs
Faked malicious Web sites that impersonate popular sites (sites such as Google eBay Amazon Yahoo banks) or anti-virus programs
KEYLOGGERrsquoS Can Be Spread Using -
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
What is Hacking Hacking refers to an array of activities which area done to intrude some one elsersquos Personal Information space so as to use it for malicious unwanted purpose
What is Cracking Cracking is almost the same as hacking because they
both get into the peoples server amp accounts illegally
But a cracker destroys the information amp software that it gets into which can cause System Down
Proffesional Criminals or Crackers - Make a living by breaking into the systems and
selling the information
Hacker amp Ethical Hacker -
Hacker can Access computer system or network information without their permission
Breaks the LAWS can go to Prison
Ethical Hacker does the same but with the legal permission
Employed by companies to perform penetration tests Quick ndash Heal Hires Hackers
What you can do Legally
As an Ethical hacker be aware of what is allowed amp what is not
Laws involving technologies are changing according to the Techology changes
Some hacking tools on your computer might be illegal to possess
IS PORT ndash Scanning Legal Government does not see to it as violation It is Legal As noninvasive or non destructible in Nature Mostly port 8080 80 amp 443 are Open
What is SQL ndash INJECTION
SQL ndash Injection is one of the popular web application hacking method using injection attack an unauthorized person can access the Database of the website Attacker can extract the data from Database
What hacker can do with the SQL injection attack ByPassing Logins Accessing secret data Modifying content of website Shutting down the My SQL server Google Dorking Example inurlindexphpid= inurlgalaryphpid=
Checking the Vulnerability -
Now lets us check the vulnerability of Target ndash Website to check the vulnerability add the (lsquo) at the end of the url and hit enter
Eg - httpwwwanywebsitecomindexphpid=2rsquo
If the page remains same or do not gives any message saying hellip
ldquo Error 404 ndash page not found then its Ok rdquo
What is a KeyloggerA keylogger is a piece of malicious software usually
called spyware or malware that records every keystroke you make on a keyboard Keyloggers can be installed without your knowledge or consent when you visit a Web site or read an e-mail install a program or perform other activities Once installed the keylogger records all your keystrokes and then e-mails the information and other data to the computer hacker
How Keyloggers are Constructed
The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor
This can be achieved using video surveillance a hardware bug in the keyboard wiring or the computer itself intercepting inputoutput substituting the keyboard driver using a filter driver in the keyboard stack intercepting kernel functions by any means possible (substituting addresses in system tables splicing function code etc) intercepting DLL functions in user mode and requesting information from the keyboard using standard documented methods
Keyloggers can be divided into two categories keylogging devices and keylogging software Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself The keylogging software category is made up of dedicated programs designed to track and log keystrokes
MP3 music files
E-mail attachments
Clicking on deceptive popndashups
P2P networks
AVI files (ie YouTube or other videos)
A legitimate Web site link picture or story that was malfaced
Downloaded games or any other PC tools or programs
Faked malicious Web sites that impersonate popular sites (sites such as Google eBay Amazon Yahoo banks) or anti-virus programs
KEYLOGGERrsquoS Can Be Spread Using -
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
Proffesional Criminals or Crackers - Make a living by breaking into the systems and
selling the information
Hacker amp Ethical Hacker -
Hacker can Access computer system or network information without their permission
Breaks the LAWS can go to Prison
Ethical Hacker does the same but with the legal permission
Employed by companies to perform penetration tests Quick ndash Heal Hires Hackers
What you can do Legally
As an Ethical hacker be aware of what is allowed amp what is not
Laws involving technologies are changing according to the Techology changes
Some hacking tools on your computer might be illegal to possess
IS PORT ndash Scanning Legal Government does not see to it as violation It is Legal As noninvasive or non destructible in Nature Mostly port 8080 80 amp 443 are Open
What is SQL ndash INJECTION
SQL ndash Injection is one of the popular web application hacking method using injection attack an unauthorized person can access the Database of the website Attacker can extract the data from Database
What hacker can do with the SQL injection attack ByPassing Logins Accessing secret data Modifying content of website Shutting down the My SQL server Google Dorking Example inurlindexphpid= inurlgalaryphpid=
Checking the Vulnerability -
Now lets us check the vulnerability of Target ndash Website to check the vulnerability add the (lsquo) at the end of the url and hit enter
Eg - httpwwwanywebsitecomindexphpid=2rsquo
If the page remains same or do not gives any message saying hellip
ldquo Error 404 ndash page not found then its Ok rdquo
What is a KeyloggerA keylogger is a piece of malicious software usually
called spyware or malware that records every keystroke you make on a keyboard Keyloggers can be installed without your knowledge or consent when you visit a Web site or read an e-mail install a program or perform other activities Once installed the keylogger records all your keystrokes and then e-mails the information and other data to the computer hacker
How Keyloggers are Constructed
The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor
This can be achieved using video surveillance a hardware bug in the keyboard wiring or the computer itself intercepting inputoutput substituting the keyboard driver using a filter driver in the keyboard stack intercepting kernel functions by any means possible (substituting addresses in system tables splicing function code etc) intercepting DLL functions in user mode and requesting information from the keyboard using standard documented methods
Keyloggers can be divided into two categories keylogging devices and keylogging software Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself The keylogging software category is made up of dedicated programs designed to track and log keystrokes
MP3 music files
E-mail attachments
Clicking on deceptive popndashups
P2P networks
AVI files (ie YouTube or other videos)
A legitimate Web site link picture or story that was malfaced
Downloaded games or any other PC tools or programs
Faked malicious Web sites that impersonate popular sites (sites such as Google eBay Amazon Yahoo banks) or anti-virus programs
KEYLOGGERrsquoS Can Be Spread Using -
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
What you can do Legally
As an Ethical hacker be aware of what is allowed amp what is not
Laws involving technologies are changing according to the Techology changes
Some hacking tools on your computer might be illegal to possess
IS PORT ndash Scanning Legal Government does not see to it as violation It is Legal As noninvasive or non destructible in Nature Mostly port 8080 80 amp 443 are Open
What is SQL ndash INJECTION
SQL ndash Injection is one of the popular web application hacking method using injection attack an unauthorized person can access the Database of the website Attacker can extract the data from Database
What hacker can do with the SQL injection attack ByPassing Logins Accessing secret data Modifying content of website Shutting down the My SQL server Google Dorking Example inurlindexphpid= inurlgalaryphpid=
Checking the Vulnerability -
Now lets us check the vulnerability of Target ndash Website to check the vulnerability add the (lsquo) at the end of the url and hit enter
Eg - httpwwwanywebsitecomindexphpid=2rsquo
If the page remains same or do not gives any message saying hellip
ldquo Error 404 ndash page not found then its Ok rdquo
What is a KeyloggerA keylogger is a piece of malicious software usually
called spyware or malware that records every keystroke you make on a keyboard Keyloggers can be installed without your knowledge or consent when you visit a Web site or read an e-mail install a program or perform other activities Once installed the keylogger records all your keystrokes and then e-mails the information and other data to the computer hacker
How Keyloggers are Constructed
The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor
This can be achieved using video surveillance a hardware bug in the keyboard wiring or the computer itself intercepting inputoutput substituting the keyboard driver using a filter driver in the keyboard stack intercepting kernel functions by any means possible (substituting addresses in system tables splicing function code etc) intercepting DLL functions in user mode and requesting information from the keyboard using standard documented methods
Keyloggers can be divided into two categories keylogging devices and keylogging software Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself The keylogging software category is made up of dedicated programs designed to track and log keystrokes
MP3 music files
E-mail attachments
Clicking on deceptive popndashups
P2P networks
AVI files (ie YouTube or other videos)
A legitimate Web site link picture or story that was malfaced
Downloaded games or any other PC tools or programs
Faked malicious Web sites that impersonate popular sites (sites such as Google eBay Amazon Yahoo banks) or anti-virus programs
KEYLOGGERrsquoS Can Be Spread Using -
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
What is SQL ndash INJECTION
SQL ndash Injection is one of the popular web application hacking method using injection attack an unauthorized person can access the Database of the website Attacker can extract the data from Database
What hacker can do with the SQL injection attack ByPassing Logins Accessing secret data Modifying content of website Shutting down the My SQL server Google Dorking Example inurlindexphpid= inurlgalaryphpid=
Checking the Vulnerability -
Now lets us check the vulnerability of Target ndash Website to check the vulnerability add the (lsquo) at the end of the url and hit enter
Eg - httpwwwanywebsitecomindexphpid=2rsquo
If the page remains same or do not gives any message saying hellip
ldquo Error 404 ndash page not found then its Ok rdquo
What is a KeyloggerA keylogger is a piece of malicious software usually
called spyware or malware that records every keystroke you make on a keyboard Keyloggers can be installed without your knowledge or consent when you visit a Web site or read an e-mail install a program or perform other activities Once installed the keylogger records all your keystrokes and then e-mails the information and other data to the computer hacker
How Keyloggers are Constructed
The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor
This can be achieved using video surveillance a hardware bug in the keyboard wiring or the computer itself intercepting inputoutput substituting the keyboard driver using a filter driver in the keyboard stack intercepting kernel functions by any means possible (substituting addresses in system tables splicing function code etc) intercepting DLL functions in user mode and requesting information from the keyboard using standard documented methods
Keyloggers can be divided into two categories keylogging devices and keylogging software Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself The keylogging software category is made up of dedicated programs designed to track and log keystrokes
MP3 music files
E-mail attachments
Clicking on deceptive popndashups
P2P networks
AVI files (ie YouTube or other videos)
A legitimate Web site link picture or story that was malfaced
Downloaded games or any other PC tools or programs
Faked malicious Web sites that impersonate popular sites (sites such as Google eBay Amazon Yahoo banks) or anti-virus programs
KEYLOGGERrsquoS Can Be Spread Using -
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
Checking the Vulnerability -
Now lets us check the vulnerability of Target ndash Website to check the vulnerability add the (lsquo) at the end of the url and hit enter
Eg - httpwwwanywebsitecomindexphpid=2rsquo
If the page remains same or do not gives any message saying hellip
ldquo Error 404 ndash page not found then its Ok rdquo
What is a KeyloggerA keylogger is a piece of malicious software usually
called spyware or malware that records every keystroke you make on a keyboard Keyloggers can be installed without your knowledge or consent when you visit a Web site or read an e-mail install a program or perform other activities Once installed the keylogger records all your keystrokes and then e-mails the information and other data to the computer hacker
How Keyloggers are Constructed
The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor
This can be achieved using video surveillance a hardware bug in the keyboard wiring or the computer itself intercepting inputoutput substituting the keyboard driver using a filter driver in the keyboard stack intercepting kernel functions by any means possible (substituting addresses in system tables splicing function code etc) intercepting DLL functions in user mode and requesting information from the keyboard using standard documented methods
Keyloggers can be divided into two categories keylogging devices and keylogging software Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself The keylogging software category is made up of dedicated programs designed to track and log keystrokes
MP3 music files
E-mail attachments
Clicking on deceptive popndashups
P2P networks
AVI files (ie YouTube or other videos)
A legitimate Web site link picture or story that was malfaced
Downloaded games or any other PC tools or programs
Faked malicious Web sites that impersonate popular sites (sites such as Google eBay Amazon Yahoo banks) or anti-virus programs
KEYLOGGERrsquoS Can Be Spread Using -
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
What is a KeyloggerA keylogger is a piece of malicious software usually
called spyware or malware that records every keystroke you make on a keyboard Keyloggers can be installed without your knowledge or consent when you visit a Web site or read an e-mail install a program or perform other activities Once installed the keylogger records all your keystrokes and then e-mails the information and other data to the computer hacker
How Keyloggers are Constructed
The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor
This can be achieved using video surveillance a hardware bug in the keyboard wiring or the computer itself intercepting inputoutput substituting the keyboard driver using a filter driver in the keyboard stack intercepting kernel functions by any means possible (substituting addresses in system tables splicing function code etc) intercepting DLL functions in user mode and requesting information from the keyboard using standard documented methods
Keyloggers can be divided into two categories keylogging devices and keylogging software Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself The keylogging software category is made up of dedicated programs designed to track and log keystrokes
MP3 music files
E-mail attachments
Clicking on deceptive popndashups
P2P networks
AVI files (ie YouTube or other videos)
A legitimate Web site link picture or story that was malfaced
Downloaded games or any other PC tools or programs
Faked malicious Web sites that impersonate popular sites (sites such as Google eBay Amazon Yahoo banks) or anti-virus programs
KEYLOGGERrsquoS Can Be Spread Using -
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
How Keyloggers are Constructed
The main idea behind keyloggers is to get in between any two links in the chain of events between when a key is pressed and when information about that keystroke is displayed on the monitor
This can be achieved using video surveillance a hardware bug in the keyboard wiring or the computer itself intercepting inputoutput substituting the keyboard driver using a filter driver in the keyboard stack intercepting kernel functions by any means possible (substituting addresses in system tables splicing function code etc) intercepting DLL functions in user mode and requesting information from the keyboard using standard documented methods
Keyloggers can be divided into two categories keylogging devices and keylogging software Keyloggers that fall into the first category are usually small devices that can be fixed to the keyboard or placed within a cable or the computer itself The keylogging software category is made up of dedicated programs designed to track and log keystrokes
MP3 music files
E-mail attachments
Clicking on deceptive popndashups
P2P networks
AVI files (ie YouTube or other videos)
A legitimate Web site link picture or story that was malfaced
Downloaded games or any other PC tools or programs
Faked malicious Web sites that impersonate popular sites (sites such as Google eBay Amazon Yahoo banks) or anti-virus programs
KEYLOGGERrsquoS Can Be Spread Using -
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
MP3 music files
E-mail attachments
Clicking on deceptive popndashups
P2P networks
AVI files (ie YouTube or other videos)
A legitimate Web site link picture or story that was malfaced
Downloaded games or any other PC tools or programs
Faked malicious Web sites that impersonate popular sites (sites such as Google eBay Amazon Yahoo banks) or anti-virus programs
KEYLOGGERrsquoS Can Be Spread Using -
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
TABNAPPING
From the combination of tab and kidnapping - could be used by clever phishers to dupe users into giving up passwords by secretly changing already-open browser tabs All of the major browsers on Windows and Mac OS X are vulnerable to the attack
Because most people keep multiple tabs open often for long periods and because they trust that the contents and label of a tab are immutable tabnapping could become the next big thing in identity theft
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
What is PHISHING
Suppose you check your e-mail one day and find a message from your bank Youve gotten e-mail from them before but this one seems suspicious especially since it threatens to close your account if you dont reply immediately What do you do
PHISHING a method of online identity theft In addition to stealing personal and financial data phishers can infect computers with viruses and convince people to participate unwittingly in money laundering
Most people associate phishing with e-mail messages that spoof or mimic banks credit card companies or other business like Amazon and eBay
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
Planning - Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business They often use the same mass-mailing and address collection techniques as spammers
Setup - Once they know which business to spoof and who their victims are phishers create methods for delivering the message and collecting the data Most often this involves e-mail addressesand a Web page
Attack - This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source
Collection - Phishers record the information victims enter into Web pages or popup windows
Since most people wont reveal their bank account credit card number or password to just anyone phishers have to take extra steps to trick their victims into giving up this information This kind of deceptive attempt to get information is called ldquo Social - Engineering ldquo
Phishers often use real company logos and copy legitimate e-mail messages replacing the links with ones that direct the victim to a fraudulent page
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
In olden days making a Trojan was a job of master programmer but now a days several Trojan building tools are available
It provides an attacker with nearly unlimited access to host computer along with Screen Capture File management shell control and device drivers control
RAT is used to remotely connect and manage single or multiple computers
RATs uses reverse connections to connect remote system and hence are more likely to remain undetected They can hide and Server or Master and Slave
A Trojan generally has two parts Clientaster So a server side is installed on a remote host and the attacker manipulates it with client software
REMOTE ADMINISTRATION TOOLS ndash RATrsquos
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
ldquo Whatrsquos COOKIE ndash STEALING rdquo
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
Cookies are small files that stored on users computer by websites when a user visits them
The stored Cookies are used by the web server to identify and authenticate the user For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies Both are matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account This is called as ldquo Side - Jacking rdquoThe best thing about this is that we need not no the victims id or password all we need is the victims cookie
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
How be ldquoSAFE rdquo from Being HACKED hellip
Always browse sites on a secure https connectionFacebook has setting for it
Always use good and reputed antivirus softwareIf possible use Internet Security Suites of thoseTo stay safe online too
Use FIREWALLS such as comodo sygate zone ndash alarm sunbelt
Never save password on your pc or on internet cafeacutersquos
Use a good password manager that secures your password lnline and logs in for you automatically Eg Lastpass
Always clear all private and temp data using a cleaner soft to leave no traces and remove tracking cookies Eg ccleaner
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
Some Steps in Social Networking which can make you SURF ndash SAFLY hellip In ldquo FACEBOOK amp GMAIL rdquo Do following settings
Login in to your Account
Goto settings their click on security tab gt their edit gt
Click onto Browse Facebook on a secure connection (https) when possible
Also check on Login Notifications This makes whenever you Log In it will send you an message to your ldquo Number amp Mail ldquo that your account is being logged in by some1 if U are not then take action on it with login details given
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
REFRENCES - Paragkosarkarblogspotcom Desitechtk Learnhackingathomecom Gprshubcom Indiahaxtk
Sohellip What You Wanna be HACKER or CRACKER Choice is Your lsquos
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-
Thank ndash You
Presented By - PARAG S KOSARKAR
- Slide 1
- Slide 2
- Slide 3
- Slide 4
- Slide 5
- Slide 6
- Slide 7
- Slide 8
- Slide 9
- Slide 10
- Slide 11
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- Slide 17
- Slide 18
- Slide 19
- Slide 20
- Slide 21
- Slide 22
- Slide 23
- Slide 24
-