KEMBAR78
Ethical Hacking Lec 1 | PDF | Security | Computer Security
0% found this document useful (0 votes)
61 views66 pages

Ethical Hacking Lec 1

The document discusses the fundamentals of hacking, ethical hacking, and cybersecurity, emphasizing that anyone can learn to hack and the importance of thinking like a hacker to defend against attacks. It also highlights significant cybersecurity incidents, types of hackers, and the legal implications of hacking activities. Additionally, it outlines the stages of ethical hacking and the methodologies used in penetration testing.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
61 views66 pages

Ethical Hacking Lec 1

The document discusses the fundamentals of hacking, ethical hacking, and cybersecurity, emphasizing that anyone can learn to hack and the importance of thinking like a hacker to defend against attacks. It also highlights significant cybersecurity incidents, types of hackers, and the legal implications of hacking activities. Additionally, it outlines the stages of ethical hacking and the methodologies used in penetration testing.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 66

To be hacker

• everyone can learn how to hack.


• there is no one way of learning how to hack.
• As you sit now, you can count on that possibility that a new way to
protect or attack a device or a network has already been created
• To be a hacker, you have to be like an ethical hacker
• To beat a hacker, you need to think like one
CrowdStrike Update Causes Windows Blue
Screen Issue
• 2024, CrowdStrike updated its Windows protection system
called FALCON.
• However, this update caused the appearance of the blue screen on
Windows systems
• other systems like Linux or Mac were not affected
• The results, stop airports, airplane, hospitals, trains
National Security Agency
Yahoo hacked
Swift network hacked
SONY hacked
Linkedin hacked
Telegram
whatsAPP
UBER
WannaCrypt
200,000 device on 150 country infected
Cambridge Analytica case, Facebook and User
Privacy
• 87 M user infected about
gathering information using
third party application
NotPetya ransomware
• NotPetya was not designed to
make money for its creators.
Instead, it was a destructive
wiper
Equifax company
• In 2017, credit reporting
agency Equifax experienced a data
breach:
• Incident: Theft of personal and
financial data.
• Nature: Breach of the credit
agency’s database.
• Target: Exploiting a vulnerability in
a web application.
• Affected: Approximately 325.7
million U.S. consumers
Core object of security
Core object of the security
Countermeasures , Security Controls ,
Safeguards
Countermeasures , Security Controls ,
Safeguards
Countermeasures, Security Controls,
Safeguards
Threats types
definitions
• Hack or attack: is an unauthorized intrusion into a computer system or
network.
• Targeted Attack: attack concentrate on specific object
• Ethical hacking: is a cybersecurity professional who uses hacking
techniques with permission to identify and help fix security
vulnerabilities.
• Hacker: is an individual who uses their technical skills to gain
unauthorized access to computer systems or networks.
• Threat is a potential event
• Vulnerability: weakness
• Exposure: Accessibility
• Exploit: act of attacking
Hacking system
• Vulnerability: is a flaw in software or hardware that could be
exploited by attackers.
• Vulnerability Assessment: basic idea about security level
• Vulnerability Researcher: Track down vulnerabilities
• Zero-days: are considered more dangerous than known
vulnerabilities because there are fewer countermeasures available
• Payload: contains the arbitrary code used to exploit the systems
• Malware: malicious code inserted to any system
• C&C: central for control the bots or zombies
warfare
How to be professional security
Technical skills Others skills
Skills on operating system such as Able to self learning
Windows, Linux
networks Use the logical solutions
Write scripts with any language Company policy
Concepts on cyber security Knowledge with cyber security
rules in your country
Ethical Hacking in a Nutshell
• Skills needed to be a security tester
– Knowledge of network and computer technology

– Ability to communicate with management and IT


personnel
– An understanding of the laws in your location

– Ability to use necessary tools


Hacking and ethical hacking
Ethical Hacking Hacking
legal and have permission illegal scanning
Object: protect the OS from Objects: destruction
attacks and destruction
Close any vulnerability or Discover the vulnerability and
open ports exploit it
Type of operating system
Methods of hack OS
History of Operating System
Operating
system structure
Operating system component
Operating system
virtualization
• Physical machine
• Virtual machine in the physical machine
• VMware
• Virtual box
• Virtual machine resources
• Bios any virtual machine has build-in bios
• Memory take from the physical memory
• Hard as a file on the physical machine able to extended
virtualization
Arrange hack Windows OS
Type of ethical hacking
• Internal
• User
• USB
• Computers, telephone or any device connect to network
• Network devices such as printer, router switches
• External
• Externat such as email, website, cracked programs
• Download email attachment
The attack objects
Weak points on the system
MAC operating system
• MAC system is divided into two
types:
• The classic version, introduced
in 1984.
• Founded by Steve Jobs under the
company name Next Inc. in 1985.
• The system is considered Unix-like.
• It is built on the old Mach kernel.
• It utilizes many BSD programs.
Linux operating system
Monitor the internet
• 854 M internet users
Evading the 5eys • Great firewall of china GFW
• First uses 1997
• More than 10ths forbidden website
• More than one method uses to
forbidden
• Evading the forbidden using VPN,
Tor
Filter depend on IP address, messages,
address
Best country for cyber security
Stages of Ethical Hacking
Reconnaissance & Footprinting
Scanning
• Port scanning, Network scanning, Vulnerability scanning, Banner
Grabbing and using Proxies
• Discover Live Hosts, Open Ports, OS and System Arch, Services
running, Vulnerabilities in live hosts
Gaining access
• [Attacker will use spoofing, sniffing techniques and exploit
tools such as metasploit , angler to gain access , Using Social
Engineering as Deployment method is the preferred here.
Later he can reconfigure the system , crash the system or
killing some process. ]
Enumeration means collect data from inside the system
once you made active connection with it , he will try to
enumerate services and ports such as Netbios , snmp , ldap ,
ntp ,smtp and dns
Maintain access
• Maintain access
[patch holes and create backdoors]
• Attackers my prevent the system from being owned by other
attackers by securing their exclusive access with Backdoors, Rootkits,
or Trojan
• Attackers can upload, download, or manipulate data, application, and
configurations on the owned system
Clearing tracks
• (clean logs and delete traces) [Destroy evidences
from log files, steganography, tunneling ]
• Attackers always cover tracks to hide their
identity
• Destroy evidences from log files, steganography,
tunneling
System Hacking Goals
• Gaining Access - uses information gathered to exploit the system
• Escalating Privileges - granting the account you've hacked admin or
pivoting to an admin account
• Executing Applications - putting back doors into the system so that
you can maintain access
• Hiding Files - making sure the files you leave behind are not
discoverable
• Covering Tracks - cleaning up everything else (log files, etc.)
• clearev - meterpreter shell command to clear log files
• Clear MRU (Most Recently Used) list in Windows
attack groups
• Red Team - pen test team that is doing the attacking
• Blue Team - pen test team that is doing the defending
• Purple Team - pen test team that is doing both attacking and
defending
Hackers Group
Type of hat hacking
• White Hat: ethical hackers
• Black Hat: hackers that seek to
perform malicious activities
• Gray Hat: hackers that perform
good or bad activities but do
not have the permission of the
organization they are hacking
against.
Penetration-Testing Methodologies
• White box model
– Tester is told about network topology and technology
– Tester is permitted to interview IT personnel and company employees
• Makes tester’s job a little easier
• Black box model
– Staff does not know about the test
– Tester is not given details about technologies used
• Burden is on tester to find details
– Tests security personnel’s ability to detect an attack
Penetration-Testing Methodologies white
box

A sample floor plan


Penetration-Testing Methodologies
• Gray box model
– Hybrid of the white and black box models
– Company gives tester partial information (e.g., OSs are used, but
no network diagrams)
Worse Password
Website to test your password
Statistics about internet
What You Can Do Legally
• Laws involving technology change as rapidly as
technology itself
– Keep abreast of what’s happening in your area

• Find out what is legal for you locally

– Be aware of what is allowed and what you should


not or cannot do
• Laws vary from state to state and country to
country
Laws of the Land
• Some hacking tools on your computer might be illegal
– Contact local law enforcement agencies before installing
hacking tools
• Laws are written to protect society
– Written words are open to interpretation

• Governments is getting more serious about cybercrime


punishment
Is Port Scanning Legal?
• Some States deem it legal
– Not always the case

– Be prudent before using penetration-testing tools

• Federal government does not see it as a violation


– Allows each state to address it separately

• Research State laws

• Read your ISP’s “Acceptable Use Policy”


Is Port Scanning Legal?
• IRC “bot”
– Program that sends automatic responses to users
– Gives the appearance of a person being present
What You Cannot Do Legally
• Illegal actions:
– Accessing a computer without permission

– Destroying data without permission

– Copying information without permission

– Installing worms or viruses

– Denying users access to network resources

• Be careful your actions do not prevent client’s


employees from doing their jobs
Get It in Writing
• Using a contract is good business
– May be useful in court
• Books on working as an independent contractor
– The Computer Consultant’s Guide by Janet Ruhl
– Getting Started in Computer Consulting by Peter Meyer
• Internet can also be a helpful resource
– Free modifiable templates
• Have an attorney read your contract before signing

You might also like