Ethical Hacking and Digital

Forensics
 Module Detailed Content Hours

1 Introduction to Ethical Hacking 6

Steps of ethical hacking, Demonstration of Routing

Protocols using Cisco Packet
Tracer. Information gathering, reconnaissance, scanning,
vulnerability assessment,
Open VAS, Nessus, System hacking: Password cracking,
penetration testing, Social
engineering attacks, Malware threats, hacking wireless
networks (WEP, WPA,
WPA- 2),

Hacking? Who is Hacker?

● There are various breaches, and the art of exploring these breaches is 1. White Hat (Good Guy)
termed as hacking. 2. Black Hat (Bad Guy)
● In the digital world there are different types of hackers. Bad Guy try to compromise your computers, while ethical hackers
● It is hard to outline an exact profile since hackers are human like rest (good Guy) try to protect your computers against illicit entry
of us.
● They are unique individuals
● The hackers are not equal
● Each hacker has different motives, methods and skills
● It is not necessary that all hackers are antisocial or teenagers.
Types of Hackers
Classification of Hackers
On the basis of knowledge
1. Coders ● Script kiddies
2. Admins ● White hat
3. Script Kiddies ● Black hat
● Gray hat
On the basis of Activities
● Green hat
1. White hat (performs ethical hacking) = penetration testing or ethical hackers ● Red hat
2. Black Hat (unethical hacking) = security crackers or unethical hackers ● Hacktivists
3. Grey Hat (white hat hackers + black hat hackers) ● Cyber Terrorists

I. Steps of ethical hacking

1 Performing Reconnaissance
2 Scanning and enumeration
3 Gaining Access
4 Maintaining access and placing backdoor
5 governing tracks or clearing logs
 1. Reconnaissance Information gathering (Reconnaissance)
● This is the first phase where the Hacker tries to collect information ● Information gathering is a crucial phase in ethical hacking that
about the target. involves collecting as much data as possible about a target system,
● It may include Identifying the Target, finding out the target’s IP network, or organization.
Address Range, Network, DNS records, etc. ● This phase allows ethical hackers to identify vulnerabilities and
● He may do so by using a search engine like maltego, researching plan their penetration testing strategies effectively.
the target say a website (checking links, jobs, job titles, email, ● Information gathering can be broadly classified into two
news, etc.), or a tool like HTTPTrack to download the entire categories: Passive Reconnaissance and Active Reconnaissance.
website for later enumeration, the hacker is able to determine the
following: Staff names, positions, and email addresses.

A. Passive Reconnaissance B. Active Reconnaissance

● Passive reconnaissance involves collecting information without directly interacting with
the target. ● Active reconnaissance involves interacting directly with the target.
● This method minimizes detection risk and offers insights into the external environment of
the target.
● It involves probing the network to discover individual hosts, IP
● Example: Social Engineering and Dumpster diving addresses & services on the network.
Techniques: ● It can be riskier, as it may alert the target to potential security efforts.
● Open source Intelligence (OSINT): Maltego, Shodan, Google dorking, and WHOIS ● This method involves additional risk of detection than passive
queries. reconnaissance activity and typically referred to as rattling the
● Domain Information: Looking up domain registration details using WHOIS databases
● Network Mapping: To discover network details indirectly, such as focused scans on public doorknobs
IP blocks. Tool: Netcraft, BuiltWith.
● Social Engineering: Gathering information through interactions with employees or people
associated with the target. E.g. phishing, pretexting, or baiting.
● Public Records: Searching for incident reports, legal documents, and breach disclosures.
B. Active Reconnaissance
● Web Application Scanning: Assessing web applications to
Techniques:
● Network Scanning: To identify active devices, open ports, and services discover vulnerabilities like SQL injection, XSS, etc.
running on those devices.
Tool: Nmap, Angry IP Scanner Tool: Burp Suite, OWASP ZAP

● Footprinting: Gathering as much information as possible about the target's

network architecture. ● DNS Interrogation : Using DNS queries to identify
Tool: DNS queries, ping sweeps, and traceroutes.
network infrastructure, including MX records, NS
● Vulnerability Scanning: Identifying vulnerabilities within discovered records, and subdomains. Tool: dig, nslookup
services and systems.
Tool : Nessus, OpenVAS, Nikto.

2. Scanning and enumeration

● The steps involved in scanning are intelligent system port
● The information discovered during reconnaissance is involved in this scanning, which is used to determine open ports & vulnerable
services
phase by taking & using it to examine the network.
● To discover system vulnerabilities, the attacker uses different
● Scanning refers to techniques used by ethical hackers to discover live automated tools.
hosts, open ports, and services running on targeted systems.
● The scrutinizing phase is always called “enumeration” in the
hacking world. The objective behind this step is to identify
● This phase helps in creating a detailed inventory of resources in the
a. The valid user accounts or groups
target network and identifying vulnerabilities that may be exploited. b. Network resources and/or shared resources
● c. OS and different applications that are running on the OS.
 Scanning
Scanning
● This phase includes the usage of tools like dialers, port scanners, network
● Tools that a hacker may employ ● Hackers seek any information that can
mappers, sweepers, and vulnerability scanners to scan data.
during the scanning phase include: help them perpetrate an attack on a
● Hackers are now probably seeking any information that can help them
perpetrate attacks such as computer names, IP addresses, and user accounts. 1. Dialers target
● Now that the hacker has some basic information, the hacker now moves to 2. Port Scanners 1. Computer names
the next phase and begins to test the network for other avenues of attacks. 2. OS
3. ICMP scanners
● The hacker decides to use a couple of methods for this end to help map the
4. Ping Sweeps 3. Installed software
network (i.e. Kali Linux, Maltego and find an email to contact to see what
email server is being used). 5. Network mappers 4. IP addresses
● The hacker looks for an automated email if possible or based on the 6. SNMP sweepers 5. User accounts
information gathered he may decide to email HR with an inquiry about a job
7. Vulnerability scanners
posting.

3. Gaining Access
Scanning
Types of Scanning ● The real hacking take place in this phase
1. Network Scanning: Ping Sweep
● To obtain access, susceptibilities discovered during the
2. Port Scanning: TCP Port Scan, SYN Scan (Half Open Scan), UDP Scan reconnaissance and scanning phase are now misused
3. Vulnerability Scanning: Passive Vulnerability Scanning (Monitors network ● Owning the system is also known as “gaining access” in the
traffic without disrupting services ), Active Vulnerability Scanning (Nessus, hacker world
OpenVAS) ● The hacker can use simple techniques to cause irreversible
4. Web Application Scanning: SAST (Fortify), DAST (Burpsuit, OWASP damage to the target system in this stage during a real security
ZAP), IAST (Veracode) break.
 4. Maintaining Access
● Weakness exposed during the reconnaissance and scanning
● Once a hacker has gained access, they want to keep that access for
phase are now abused to obtain access to the target system
future exploitation and attacks. Once the hacker owns the system,
● The hacking attack can be distributed to the target system they can use it as a base to launch additional attacks.
via a local area network, either wired or wireless; local ● In this case, the owned system is sometimes referred to as a zombie
access to computer; the Internet; or offline. system.
● Example: Stack based buffer overflow, DoS, session capture or ● Now that the hacker has multiple email accounts, the hacker begins
hijacking to test the accounts on the domain.
● The hacker from this point creates a new administrator account for
themselves based on the naming structure and tries and blends in.

5. Clearing Tracks (so no one can reach them)

● As a precaution, the hacker begins to look for and identify
● Prior to the attack, the attacker would change their MAC address and run the
accounts that have not been used for a long time.
attacking machine through at least one VPN to help cover their identity.
● The hacker assumes that these accounts are likely either
They will not deliver a direct attack or any scanning technique that would be
forgotten or not used so they change the password and elevate deemed “noisy”.
privileges to an administrator as a secondary account in order to ● Once access is gained and privileges have been escalated, the hacker seeks to
maintain access to the network. cover their tracks.
● The hacker may also send out emails to other users with an ● This includes clearing out Sent emails, clearing server logs, temp files, etc.
exploited file such as a PDF with a reverse shell in order to ● The hacker will also look for indications of the email provider alerting the
user or possible unauthorized logins under their account.
extend their possible access.
Most of the time is spent on the Reconnaissance process. Time spend gets
reduced in upcoming phases.
 Demonstration of Routing Protocols using Cisco Packet
● Automated tools and scripts are used to remove the all evidences
Tracer
of an attack from the system.
● Hacker removes and destroys the evidences such as log files, Cisco = The leading in Networking
intrusion detection or system alarms that may reveal any signs of
tampering. ● An innovative and powerful networking simulation
● It helps hackers not to face the legal trials. tool used for practice, discovery and troubleshooting
● Helps to understand networks practically
Enroll and Download the Cisco Packet Tracer from netacad.com

1. Implement Routing Information (RIP) protocol packet tracer Ethical Hackers

2. Open Shortest Path First (OSPF) Routing Protocol using Cisco packet
tracer 1. Need of Ethical hackers
2. Advantages and Limitations of Ethical hackers
3. Technical skills of an ethical hacker
4. Tools Related to ethical hacking
1. Need of Ethical hackers
● Ethical hackers develop many tools and methods and quality
● Ethical hackers perform risk assessments assurance tester to eliminate all the system's vulnerabilities.
● Ethical hackers test systems for security-related issues ● In an organization, ethical hacking can identify the weakness of
● Ethical hackers simulate real-world attacks to test the your software security. Using the hacker's perspective, you can
effectiveness of defenses. look at your security and fix any anomalies before making a
● Ethical hacking is used to secure important data from enemies. problem in the company's success.
● Hackers can think from an attacker's perspective and find the
potential entry point and fix them before any attacks.
● Ethical hacking helps us learn new skills used in many roles
like software developer, risk management, quality assurance
tester, and network defender.

Advantages of Ethical Hacking : Disadvantages of Ethical Hacking :

● This may corrupt the files or data of an organization.
● This helps to fight against cyber terrorism and to fight against ● They might use information gained for malicious use. Subsequently,
national security breaches. trustful programmers are expected to have achievement in this
● This helps to take preventive action against hackers. framework.
● This helps to build a system that prevents any kinds of penetration ● By hiring such professionals will increase costs to the company.
by hackers. ● This technique can harm someone’s privacy.
● This offers security to banking and financial establishments. ● It hampers system operation
● This helps to identify and close the open holes in a computer
system or network
 Tools Related to ethical hacking
Technical skills of an ethical hacker

1. Penetration Testing Skills

2. Computer Networking Skills
3. Programming Skills
4. Database management systems (DBMS) Skills
5. Linux Skills
6. Cryptography
7. Wireless Network Understanding
Vulnerability Assessment (VAS)
● It seeks to identify vulnerabilities that can be leveraged by an
● A vulnerability scanning is done to understand areas that are attacker to compromise the system and to employ tools and
prone to an attack by the invader before they exploit the techniques that ensure that data confidentiality, integrity, and
system. availability are achieved.
● The above measures not only protect data and guard against
data leakage but also help meet security requirements and ● This systematic review assists organizations in identifying
strengthen risk management. security issues like cross-site scripting (XSS) and SQL
injection before they can be leveraged.
● A vulnerability assessment is a procedure that is employed in
an information system to determine and rate potential risks.
A vulnerability can be defined in two ways:
Vulnerability Assessment (VAS)
● Vulnerability assessment is a systematic approach used in ethical hacking to identify,
quantify, and prioritize vulnerabilities in systems, networks, and applications.
1. A bug in code or a flaw in software design that can be
Phases of VAS
exploited to cause harm. Exploitation may occur via an
1. Planning Types of VAS:
authenticated or unauthenticated attacker. 2. Discovery: Information Gathering, Scanning 1. Network VAS
2. A gap in security procedures or a weakness in internal controls 3. Analysis: Vulnerability Identification, Validation 2. Web Application VAS
4. Reporting: Documentation, Presentation 3. Database VAS
that when exploited results in a security breach. 5. Prioritization, Implementation of fixes 4. Host-based VAS

Importance of Vulnerability Assessments ● Enhancing Security Posture: Periodic evaluations enhance

security by making provisions of security to cater for
● Preventing Data Breaches: Directing single and emerging threats.
exclusive attention to every risk in line with time and
noticing the recurrent threats so as to treat them before
they bring about expensive security invasions. ● Cost-Effective Security: This solution lowers the expensive
costs associated with security incidents that occur when the
● Ensuring Regulatory Compliance: Conformity to the vulnerabilities are not tended to as soon as they are identified.
laws and evasion of the law.

● Managing Risks: Risk priority and risk control to

improve the general shareholder’s risk evaluation.
Phases of Vulnerability Assessment (VAS) ● Analysis: Analyze scan information to identify imperatives and
● Planning and Scoping: Identify the parameters, aims and determine their potential vulnerability.
objectives and target system of the assessment.
● Reporting: Record exploits, their consequences and rank
● Discovery: Collect general information about the system: hosts, suggestions for insurance.
ports, and software, etc. Collect it with using specialized software ● Remediation: Apply remedies, modify settings and work on the
and through manual assessment. fortification of the architecture.
● Scanning: Make a scan to each host in order to detect open ports, ● Follow-Up: Ensure fix and verify that fix is correct & look for
mistakes or problems in configurations. new vulnerability.

Types of Vulnerability Assessment (VAS)

● Network Vulnerability Assessment: Evaluates the security of
networks with the aim of attainable protection against oncoming
and existing network complexity.
● Host Vulnerability Assessment: Conducts analysis on the servers
● Application Scan Vulnerability Assessment: Scans application
and host systems so as to expose and contain backend attacks.
code for application level vulnerabilities in frontend and
backend automated tools.

● Database Vulnerability Assessment: Provides for the prevention

of unauthorized access of data within the database in terms of
confidentiality, integrity and availability.
Open VAS Nessus
● OpenVAS (Open Vulnerability Assessment Scanner) is a powerful ● Nessus is one of the most widely used vulnerability
open-source vulnerability scanner and vulnerability management
platform.
assessment tools developed by Tenable, Inc.
● It is used extensively by security professionals to identify and ● It is designed to help security professionals identify and
assess vulnerabilities in operating systems, network devices, and remediate vulnerabilities in systems, networks, and
applications. applications.
● OpenVAS is part of the Greenbone Vulnerability Management ● Nessus provides a comprehensive set of features for scanning
solution, which provides a comprehensive suite of tools for
and managing security vulnerabilities
security assessment, including scanning, reporting, and managing
vulnerabilities.

Types of Password Cracking Techniques:

System hacking: Password cracking 1. Brute Force Attacks
2. Dictionary Attacks
● Password cracking is a method used in system hacking to 3. Hybrid Attacks
gain access to systems or accounts by decrypting stored 4. Rainbow Table Attacks
5. Social Engineering
passwords or guessing them through various techniques.
Tools for Password Cracking:
a. John the Ripper
● It helps organizations identify weak passwords that could be b. Hashcat
c. Cain & Abel
exploited by attackers. d. Aircrack-ng
e. Hydra
Penetration Testing Phases of Penetration Testing
Phases Tool Name
● Penetration Testing (often abbreviated as pen testing) is an authorized,
simulated cyber attack conducted on a computer system, network, or Planning identifying vulnerabilities
web application to evaluate its security.
Reconnaissance (Active, Passive) WHOIS lookups, DNS queries, social
Purpose & Goals to make Penetration Testing: engineering, network scanning, Maltego, Recon-ng
1. To identify security weaknesses before they can be exploited by Scanning (Vulnerability, Port) Nessus, OpenVAS, Nmap, Nikto
attackers.
2. To test the effectiveness of existing security controls and policies. Gaining & Maintaining Access SQL injection or Cross-Site Scripting (XSS)
3. To provide recommendations for remediation and improvement.
4. To help organizations comply with regulatory requirements related to Reporting Prepare a detailed report outlining the
cybersecurity. vulnerabilities discovered
Follow-Up For validation purpose

Vulnerability Assessment vs Penetration Testing Social Engineering Attacks

Parameters Vulnerability Assessment Penetration Testing ● Social engineering attacks are a type of malicious manipulation that exploit human
psychology to deceive individuals into divulging confidential information or performing
Objective Identification and evaluation of potential Real world attacks are simulated to exploit
vulnerabilities vulnerabilities
actions that compromise security
● Technique to influence and deceive people
Methodology Usage of manual techniques and automated Ethical hackers are involved who attempt to ● To gain sensitive information or unauthorized access privileges by building trust
systems to scan systems exploit vulnerabilities relationship with insiders
Scope Various aspects of the system are covered Target specific vulnerabilities and attack
● Exploit natural tendency of people to trust social engineers’ word rather than exploiting
vectors computer security holes
● It usually uses telecommunications or Internet to do something that is against the
Frequency Conducted regularly as part of an ongoing Less frequent and is performed when needed security practices and /or policies of the organization
strategy
Steps involved
Focus Gives a broader perspective of potential issues Gives deeper insight into the impact of 1. Foot Printing
exploiting vulnerabilities 2. Trust Establishment
Approach Proactive approach which helps prevent Reactive approach which assess the
3. Psychological Manipulation
potential issues effectiveness of existing security measures 4. clear te
Social Engineering

Social Engineering Social Engineering

● Social engineering involves gathering secret information as well as unauthorized access of network.
● Classification of social engineering.
2. Computer Based Social Engineering.
1. Human Based 2. Computer Based.
- sensitive or confidential information is collected by using computer
1. Human –Based social engineering. /Internet.
- Impersonating an employee or valid user. (organization having various branch) 1. Fake E-mail : Attacker sends fake email to no of users. victim find it legitimate
mail.
- Projecting an important member of the organization. (CEO/Manager)

- Using third person : An attacker pretends to have permission from authorized user to access the system. 2. E-mail Attachment. (malicious code is attached )
- Calling technical support .(Technical Support staff)
3. Pop up windows. – special offers.
- Shoulder surfing (login id/password)

- Dumpster Diving
 ► Shortly after the deadline for the demands had passed, Guardians of
Peace began leaking unreleased films to social media. In addition to
Case study: Social Engineering unreleased content, they also leaked personal information about
► The Sony Pictures Hack employees of Sony Pictures including their families, inter-office
► On Monday, November 24, 2014, many of Sony Picture’s employees began to e-mails, salary information, and more.
see skulls appearing on their computer screens with software rendering their
machines inoperable. It was quickly discovered that many of Sony’s official ► Guardians of Peace then demanded that Sony stop production on its
Twitter accounts had been compromised as well. A group identifying upcoming film, The Interview. This film, a comedy produced and
themselves as the Guardians of Peace took credit for the hack and began to
issue demands. They claimed that they were in possession of over 100 directed by Seth Rogan and Evan Goldberg, had a plot to
terabytes of stolen data and would start releasing it if their demands were not assassinate North Korean leader Kim Jong-un. The group then
met.
threatened attacks on movie theaters that were intending to screen
► Unfortunately for Sony, the e-mail, outlining the demands of the group, was the film. Eventually, after much public out-cry and theater chains
missed, likely caught up in a spam filter or the daily barrage of messages we
are all used to receiving. opting not to screen the film, Sony scrapped the film’s premiere
and release.

► Though it seems that the main aim was to take down the film, the
information leak may be deemed as more disastrous to Sony. Emails MALWARE THREAT
showing that female actors Amy Adams and Jennifer Lawrence were paid
less than their male co-stars were revealed amongst other embarrassing and What is Malware?
racist private emails from producers and (then) Sony Executive Amy
Pascal. The Interview was eventually released digitally, for free. Malware is malicious software that enables the attacker to have full or
limited control over the target system. Malware can damage, modify,
► The fallout for this hack continued with multiple government agencies
becoming involved. An investigation on whether North Korea itself had
and/or steal information from the system.
purported the hack was launched. Additionally many organizations such as There are various types of malware, such as viruses, Trojans, worms,
Color of Change called for the firing of Amy Pascal who was eventually
dismissed.
rootkits, spyware, and ransomware.
► A caveat to the hack, however, is that the gender pay debate quickly Malware might enter the system through emails, file transfers,
became a mainstream conversation. installation of random third-party software, and non usage of quality
antivirus software.
What is Malware Attack?

● A malware attack is a cyberattack where malware performs or

executes unauthorized actions on a user’s system.
● Even criminal organizations, state actors, and well-known
businesses have been accused of or caught deploying malware.
● If the impact of a malware attack is severe, it ends up being
mainstream news, just like other cyberattacks.

Malware can be classified as Spywares

● Viruses and worms ● Type of Malware…..
● Trojan horses ● Spyware is software that aims to gather information about a person or
organization without their knowledge and that may send such information
● Rootkits to another entity without the consumer's consent, or that asserts control
over a computer without the consumer's knowledge.
● Backdoors
● Spyware ● Secretly installed and monitors
● Botnets ● Collect PI of victim
● Keystroke loggers ● Change computer settings
● Antispyware can be used to avoid it.
Examples of spyware 5. Virus and Worms
● 007 spy ● A computer virus is a malware program that, when executed,
● Spector pro replicates by inserting copies of itself (possibly modified) into other
● eBlaster computer programs, data files, or the boot sector of the hard drive;
when this replication succeeds, the affected areas are then said to be
● Remote spy "infected".
● flexispy
● It is a type of malware that damages software and data, and spreads
between computers. Viruses can cause operational issues, data loss,
and leakage.

Virus spread through

● The internet
● A stand alone PC
● Local networks
Some typical virus actions Worms
● Display a message to prompt an action ● It is a type of malware that replicates itself and spreads across
● Delete files in the system networks.
● Scramble data on a hard disk ● Worms exploit security vulnerabilities in a computer's operating
● Cause erratic screen behavior system to gain access.
● Halt the system ● Once inside, they can perform malicious actions like stealing
● Replicate themselves to propagate further harm data, deleting files, and overloading networks.
 Difference between virus and worm
Types of viruses
● Boot sector viruses: MBR
● Program viruses: executable files
● Multipartite viruses: combination of two
● Stealth viruses
● Polymorphic viruses
● Macroviruses
● Active X and Java contrl

Boot sector viruses

● A boot sector virus is a computer virus that infects a storage device's ● The propagation of boot sector viruses has become very rare since
master boot record (MBR). the decline of floppy disks. Also, present-day operating systems
● It is not mandatory that a boot sector virus successfully boot the include boot-sector safeguards that make it difficult for boot
victim's PC to infect it. sector viruses to infect them.
● As a result, even non-bootable media can trigger the spread of boot
sector viruses.
● These viruses copy their infected code either to the floppy disk's boot
sector or to the hard disk's partition table. During start-up, the virus
gets loaded to the computer's memory. As soon as the virus is saved
to the memory, it infects the non-infected disks used by the system.
Program viruses Multipartite viruses
● A multipartite virus is a fast-moving virus that uses file infectors or
● A program virus becomes active when the program file (usually boot infectors to attack the boot sector and executable files
with extensions .BIN, .COM, .EXE, .OVL, .DRV) carrying the simultaneously.
virus is opened. ● Most viruses either affect the boot sector, the system or the program
● Once active, the virus will make copies of itself and will infect files.
other programs on the computer. ● The multipartite virus can affect both the boot sector and the program
files at the same time, thus causing more damage than any other kind of
virus.

● A multipartite virus infects computer systems multiple times and at

different times. In order for it to be eradicated, the entire virus Stealth viruses
must be removed from the system. ● A stealth virus is a hidden computer virus that attacks operating
● A multipartite virus is also known as a hybrid virus system processes and averts typical anti-virus or anti-malware scans.
Stealth viruses hide in files, partitions and boot sectors and are adept
● When the boot sector is infected, simply turning on the computer at deliberately avoiding detection.
will trigger a boot sector virus because it latches on to the hard
drive that contains the data that is needed to start the computer. Stealth virus eradication requires advanced anti-virus software or a
Once the virus has been triggered, destructive payloads are clean system reboot.
launched throughout the program files.
Polymorphic viruses
Macro viruses
● A polymorphic virus is a complicated computer virus that affects data
types and functions. ● A macro virus is a computer virus that "infects" a Microsoft Word or
● It is a self-encrypted virus designed to avoid detection by a scanner. similar application and causes a sequence of actions to be performed
automatically when the application is started or something else
● Upon infection, the polymorphic virus duplicates itself by creating triggers it.
usable, slightly modified, copies of itself.
● Polymorphism, in computing terms, means that a single definition can
be used with varying amounts of data. In order for scanners to detect
this type of virus, brute-force programs must be written to combat and
detect the polymorphic virus with novel variant configurations.

Active X and Java control Trojan horses and Backdoors

● ActiveX and Java were created for web page designers to incorporate a ● A Trojan horse, or Trojan, in computing is generally a
wide array of impressive effects on web pages, giving movement and non-self-replicating type of malware program containing malicious
added dimension to the previously "flat" web pages. code that, when executed, carries out actions determined by the nature
● To operate properly, these ActiveX controls and Java applets need to of the Trojan, typically causing loss or theft of data, and possible
gain access to your hard disk. Insufficient memory and bandwidth system harm.
problems necessitate this approach. Although this desktop access
provides a wealth of beneficial applications of these controls and
applets, malicious code developers have the same access. They are
now using it to read and delete or corrupt files, access RAM, and even
access files on computers attached via a LAN.
 Trojan Malware
● It is a type of malware that typically gets hidden as an The following are the various types of Trojans:
attachment in an email or a free-to-download file, then
transfers onto the user’s device. ● Remote Access Trojans: These Trojans allow hackers to gain
● Once downloaded, the malicious code will execute the task remote access to systems through covert channels without the user’s
the attacker designed it for, such as gain backdoor access to knowledge.
corporate systems, spy on users’ online activity, or steal ● Data Sending Trojans: These Trojans steal data from systems and
sensitive data. transmit it to the attacker.
● Destructive Trojans: As the name suggests, these Trojans destroy
● Indications of a Trojan being active on a device include
files and services.
unusual activity such as computer settings being changed ● Security Software Disabler Trojans: These Trojans can disable
unexpectedly. system firewalls and antiviruses to prevent the detection of other
malicious files being downloaded and executed.

Examples of threats by trojans Backdoors

● Erase, overwrite or corrupt data on a computer
● Help to spread other malware such as viruses- dropper trojan
● Deactivate or interface with antivirus and firewall programs
● A backdoor in a computer system is a method of bypassing
normal authentication, securing unauthorized remote access to a
● Allow remote access to your computer- remote access trojan computer, obtaining access to plaintext, and so on, while
● Upload and download files attempting to remain undetected.
● Gather E-mail address and use for spam ● Also called a trapdoor. An undocumented way of gaining access to
● Log keystrokes to steal information – pwds, CC numbers a program, online service or an entire computer system.
● Copy fake links to false websites
● The backdoor is written by the programmer who creates the code
● slowdown, restart or shutdown the system for the program. It is often only known by the programmer. A
● Disable task manager backdoor is a potential security risk.
● Disable the control panel
Functions of backdoors Examples of Backdoor trojans

Allows an attacker to
● Back Orifice : for remote system administration
● create, delete, rename, copy or edit any file
● Execute commands to change system settings ● Bifrost : can infect Win95 through Vista, execute arbitrary
code
● Alter the windows registry
● Run, control and terminate applications ● SAP backdoors : infects SAP business objects
● Install arbitrary software and parasites ● Onapsis Bizploit: Onapsis Bizploit is an SAP penetration
● Control computer hardware devices, testing framework to assist security professionals in the
discovery, exploration, vulnerability assessment and
● Shutdown or restart computer exploitation phases of specialized SAP security assessment

Malware Detection and Removal:

How to protect from Trojan Horses and backdoors
The following is how you can detect malware-infected systems or
networks. These are the signs that you need to look for:
● Stay away from suspect websites/ links ● Extremely slow and unresponsive system
● Undeletable files
● Random folders or shortcuts inside folders
● Surf on the web cautiously : avoid P2P networks ● Issues while shutting down due to certain running files or
programs
● Install antivirus/ Trojan remover software ● Change in default settings of the PC
 Hacking wireless networks
● Unnecessary running services or programs use up the
processing power of the CPU ● A wireless network is a set of two or more devices connected with each
other via radio waves within a limited space range.
● Reboot issues ● The devices in a wireless network have the freedom to be in motion, but
● Auto shutdown be in connection with the network and share data with other devices in
● Unnecessary traffic patterns or traffic to destinations the network.
you never targeted ● One of the most crucial point that they are so spread is that their
● Similar malware alerts by the antivirus on the network. installation cost is very cheap and fast than the wire networks.
● Wireless networks are widely used and it is quite easy to set them up.
They use IEEE 802.11 standards.
● A wireless router is the most important device in a wireless network that
connects the users with the Internet.

● In a wireless network, we have Access Points which are

extensions of wireless ranges that behave as logical switches.
● Although wireless networks offer great flexibility, they have their
security problems.
● A hacker can sniff the network packets without having to be in the
same building where the network is located.
● As wireless networks communicate through radio waves, a hacker can
easily sniff the network from a nearby location.
● Most attackers use network sniffing to find the SSID and hack a
wireless network.
● When our wireless cards are converted in sniffing modes, they are
called monitor mode.

Kismet Kismet

● Kismet is a powerful tool for wireless sniffing that is found in Kali

distribution. It can also be downloaded from its official webpage −
https://www.kismetwireless.net
● Kismet is a sniffer, WIDS, and wardriving tool for Wi-Fi, Bluetooth,
Zigbee, RF, and more, which runs on Linux and macOS.
● Kismet can be run on a wide range of hardware, from the very small
to large servers, depending on the amount of traffic you plan to
capture.
 Capturing Data
Start the Kismet

NetStumbler ● Netstumbler has integrated support for a GPS unit.

● With this support, Netstumbler displays GPS coordinate information
● Tool for Windows that facilitates detection of Wireless LANs using
next to the information about each discovered network, which can be
the 802.11b, 802.11a and 802.11g WLAN standards.
useful for finding specific networks again after having sorted out
● It runs on Microsoft Windows operating systems from Windows 2000
collected data.
to Windows XP.
● Netstumbler has become one of the most popular programs for The program is commonly used for:
wardriving and wireless reconnaissance, although it has a ● Verifying network configurations
disadvantage. ● Finding locations with poor coverage in a WLAN
● It can be detected easily by most intrusion detection system, because ● Detecting causes of wireless interference
it actively probes a network to collect information. ● Detecting unauthorized ("rogue") access points
● Aiming directional antennas for long-haul WLAN links
NetStumbler
Wired Equivalent Privacy(WEP)
● The WEP protocol's flaw is that it makes use of a fixed encryption
● Wired Equivalent Privacy (WEP) is a security protocol that was key. Hence, if a hacker gets their hands on the key, they can quickly
invented to secure wireless networks and keep them private. decrypt all data packets sent across the network.
● It utilizes encryption at the data link layer which forbids ●
unauthorized access to the network.
● The key is used to encrypt the packets before transmission begins.
An integrity check mechanism checks that the packets are not
altered after transmission.

WEP
Effects of WEP (Wired Equivalent Privacy)
● Wired Equivalent Privacy (WEP) is a security protocol for wireless
● Unauthorized Access:
networks that provides data confidentiality comparable to a
● Network Disruption traditional wired network.
● Increased Risk of Malware and Viruses ● It was introduced in 1999.
● Legal Implications ● It provides wireless security through the use of an encryption key.
● It uses an old encryption method that is Rivest Cipher 4 (RC4).
● It uses a 40-bit key and 24-bit random number.
Characteristics of WEP
● Flaws and Insecurity: WEP suffered from severe design flaws,
● Encryption Algorithm: WEP uses the stream cipher RC4 leading to its widespread insecurity. A 2001 disclosure exposed
for confidentiality. The encryption key can be either 40 bits these vulnerabilities, rendering WEP ineffective for protecting
(WEP-40) or 104 bits (WEP-104). Wi-Fi networks.

● Initialization Vector (IV): WEP concatenates the

encryption key with a 24-bit IV to form the complete RC4 ● Deprecation: In 2003, the Wi-Fi Alliance replaced WEP with
key. The IV helps prevent a repetition of key streams. Wi-Fi Protected Access (WPA), and later with WPA2 (based on
the 802.11i standard). Both WEP-40 and WEP-104 were
deprecated in favor of stronger security protocols.
● Checksum for Integrity: WEP uses the CRC-32 checksum
to verify data integrity.

Wifi Protected Access (WPA) Characterstics of WPA

● Stronger Encryption: WPA uses the Advanced Encryption
Standard (AES) encryption algorithm, which is more secure than
● It is a security protocol that is used in securing wireless the previous Wired Equivalent Privacy (WEP) protocol.
networks and is designed to replace the WEP protocol. ● Dynamic Keying: WPA uses Temporal Key Integrity Protocol
(TKIP) to provide dynamic keying for every packet transmitted,
● It was developed by the Wi-Fi Alliance in 2003. making it harder for attackers to intercept and decrypt data.
● It was designed to replace the WEP protocol and it uses ● Authentication: WPA provides authentication using the Extensible
Rivest Cipher 4 (RC4) and Temporal Key Integrity Protocol Authentication Protocol (EAP), which allows for more robust and
flexible authentication mechanisms, such as digital certificates or
(TKIP) for encryption. The WPA key is a 256-bit key.
smart cards.
● Improved Key Management: WPA uses a 4-way handshake
process to establish keys and prevent replay attacks.
 Difference between WEP and WPA
● Backward Compatibility: WPA is backward compatible with devices
that support WEP, allowing for an easy upgrade path.
● Message Integrity: WPA uses Message Integrity Check (MIC) to
ensure that the data transmitted over the wireless network has not been
tampered with.
● Improved Network Management: WPA provides improved network
management capabilities, including support for multiple SSIDs,
allowing different network policies to be applied to different groups of
users.
● Stronger Passwords: WPA supports the use of passwords with a
minimum length of 8 characters, making it harder for attackers to guess
the password.
● WPA2: WPA2 is an updated version of WPA that provides even
stronger security features, including support for AES-CCMP
encryption and pre-shared keys.
 WPA2
Researchers discovered a flaw in WPA similar to older weaknesses in
WEP and the limitations of the message integrity code hash function, ● WPA2 replaced WPA. WPA2, which requires testing and certification by
the Wi-Fi Alliance, implemented the mandatory elements of IEEE
named Michael, that is used to retrieve the keystream from short
802.11i.
packets to use for re-injection and spoofing. ● Particularly, it included mandatory support for CCMP(Counter Mode
CBC-MAC Protocol), an AES(Advanced Encryption Standard) based
encryption mode.
● Certification began in September 2004.
● WPA2 certification is mandatory for all new devices to bear the Wi-Fi
trademark from March 13, 2006.

Limitation of WPA2
● WPA2 still has security flaws.
● WPA2 employs the Block Chaining Message Authentication Code ● The risk of unwanted access to the company wireless network is
Protocol (CCMP), a Counter Mode Cypher. the main one among those weaknesses.
● The Advanced Encryption Standard (AES) algorithm, which ● This occurs when an attack vector on specific Wi-Fi Protected
verifies the authenticity and integrity of messages, forms the Setup (WPS) access points is compromised.
foundation of the CCMP protocol. ● To deter such threats, it is advised that WPS be turned off for every
● Compared to the original Temporal Key Integrity Protocol (TKIP) WPA2 attack vector access point.
used by WPA, CCMP is more robust and dependable. ● Threat actors can use downgrade attacks to target more
vulnerabilities in WPA2.