Introduction to ethical
hacking
         Module 01
• Sun Tzu states in the Art of War, “If you know yourself but not the enemy, for
  every victory gained, you will also suffer a defeat.”
• System administrators and security professionals must guard their
  infrastructure against exploits by knowing the enemy—the malicious
  hacker(s)—who seeks to use the same infrastructure for illegal
  activities.
Information Security
• Information Security refers to the protection or safeguarding of
  information systems that use store and transmit information from
  unauthorized access disclosure alteration and destruction.
• Information is a critical asset that must be secured.
• Information security is the state of the well being of information and
  infrastructure in which the possibility of theft tampering or disruption
  of information services is kept loe
Elements of Information security
• Five Major Elements
   •   Confidentiality
   •   Integrity
   •   Availability
   •   Authenticity
   •   Non-repudiation
                   • Confidentiality is the assurance that the information is accessible only to
 Confidentiality     authorized. Confidentiality breaches may occur due to improper data handling
                     or a hacking attempt. Confidentiality controls include data classification, data
                     encryption, and proper disposal of equipment (such as DVDs, USB drives, and
                     Blu-ray discs).
                   • Integrity is the trustworthiness of data or resources in the prevention of improper and
    Integrity
                     unauthorized changes—the assurance that information is sufficiently accurate for its
                     purpose. Measures to maintain data integrity may include a checksum (a number
                     produced by a mathematical function to verify that a given block of data is not
                     changed) and access control (which ensures that only authorized people can update,
                     add, or delete data).
                   • Availability is the assurance that the systems responsible for delivering, storing,
  Availability       and processing information are accessible when required by authorized users.
                     Measures to maintain data availability can include disk arrays for redundant
                     systems and clustered machines, antivirus software to combat malware, and
                     distributed denial-of-service (DDoS) prevention systems.
                   • Authenticity refers to the characteristic of communication, documents, or any
                     data that ensures the quality of being genuine or uncorrupted. The major role of
  Authenticity       authentication is to confirm that a user is genuine. Controls such as biometrics,
                     smart cards, and digital certificates ensure the authenticity of data, transactions,
                     communications, and documents
                   • Non-repudiation is a way to guarantee that the sender of a message cannot
Non-Repudiation      later deny having sent the message and that the recipient cannot deny having
                     received the message. Individuals and organizations use digital signatures to
                     ensure non-repudiation.
Motives, Goals and objectives of Information
Security attacks
• Attackers generally have motives (goals), and objectives behind their
  information security attacks.
• A motive originates out of the notion that a target system stores or
  processes something valuable, which leads to the threat of an attack
  on the system.
• The purpose of the attack may be to disrupt the target organization’s
  business operations, to steal valuable information for the sake of
  curiosity, or even to exact revenge.
• Attacks = Motive (Goal) + Method + Vulnerability
Motives behind information security attacks
• Disrupt business continuity
• Perform information theft
• Manipulating data
• Create fear and chaos by disrupting critical infrastructures
• Bring financial loss to the target
Classification of Attacks
• Passive Attacks
   • Passive attacks involve intercepting and monitoring network traffic and data
     flow on the target network and do not tamper with the data.
   • These attacks are very difficult to detect as the attacker has no active interaction
     with the target system or network.
   • Examples of passive attacks: Foot printing ,Sniffing and eavesdropping
• Active Attacks
   • Active attacks tamper with the data in transit or disrupt communication or
     services between the systems to bypass or break into secured systems.
   • Attackers launch attacks on the target system or network by sending traffic
     actively that can be detected
   • Examples of Active Attacks: Denial of Service Attacks, spoofing attacks, replay
     attacks
Classification of Attacks
• Close-in Attacks
   • Close-in attacks are performed when the attacker is in close physical proximity with the target
     system or network.
   • The main goal of performing this type of attack is to gather or modify information or disrupt its
     access.
   • For example, an attacker might shoulder surf user credentials. Attackers gain close proximity
     through surreptitious entry, open access, or both.
   • Examples of close-in attacks: oSocial engineering (Eavesdropping, shoulder surfing, dumpster
     diving, and other methods)
• Insider Attacks
   • Insider attacks are performed by trusted persons who have physical access to the critical assets of
     the target.
   • An insider attack involves using privileged access to violate rules or intentionally cause a threat to
     the organization’s information or information systems.
   • Examples: eavesdropping and wiretapping, Planting keyloggers
Classification of Attacks
• Distribution Attacks
   • Distribution attacks occur when attackers tamper with hardware or software
     prior to installation.
   • Attackers tamper the hardware or software at its source or when it is in
     transit.
   • Examples of distribution attacks include backdoors created by software or
     hardware vendors at the time of manufacture.
Cyber Kill chain
• CyberKillchain is an efficient and effective way of illustrating how an
  adversary can attack the target organization.
• This Model helps organizations understand the various possible
  threats at every stage of an attack and develop the necessary
  countermeasures to defend against such attacks.
Cyber Kill chain Methodology
What is Hacking?
• Hacking in the field of computer security refers to exploiting system
  vulnerabilities and compromising security controls to gain unauthorized
  or inappropriate access to system resources.
• It involves a modifying system or application features to achieve a goal
  outside its creator’s original purpose.
• Hacking can be done to steal, pilfer, or redistribute intellectual property,
  thus leading to business loss.
• The motive behind hacking could be to steal critical information or
  services, for thrill, intellectual challenge, curiosity, experiment,
  knowledge, financial gain, prestige, power, peer recognition, vengeance
  and vindictiveness, among other reasons.
Who is a Hacker?
• A hacker is a person who breaks into a system or network without
  authorization to destroy, steal sensitive data, or perform malicious
  attacks. A hacker is an intelligent individual with excellent computer
  skills, along with the ability to create and explore the computer’s
  software and hardware.
  Hacker Types
                                      White                                                                         Suicide                                 Script                                 Cyber
Black Hats:                                                                Gray Hats:
                                      Hats:                                                                        Hackers:                                Kiddies:                              Terrorists:
                                          White hats or penetration
                                       testers are individuals who use                                                Suicide hackers are individuals
                                                                             Gray hats are the individuals who
                                      their hacking skills for defensive                                              who aim to bring down critical
                                                                                  work both offensively and                                                     Script kiddies are unskilled
   Black hats are individuals who       purposes. These days, almost                                                 infrastructure for a “cause” and
                                                                             defensively at various times. Gray                                                 hackers who compromise              Cyber terrorists are individuals
       use their extraordinary         every organization has security                                              are not worried about facing jail
                                                                               hats might help hackers to find                                              systems by running scripts, tools,        with a wide range of skills,
    computing skills for illegal or   analysts who are knowledgeable                                                    terms or any other kind of
                                                                             various vulnerabilities in a system                                             and software developed by real        motivated by religious or political
      malicious purposes. This        about hacking countermeasures,                                                punishment. Suicide hackers are
                                                                                or network and, at the same                                                   hackers. They usually focus on        beliefs, to create fear of large-
     category of hacker is often        which can secure its network                                                 similar to suicide bombers who
                                                                               time, help vendors to improve                                                   the quantity rather than the          scale disruption of computer
   involved in criminal activities.   and information systems against                                                 sacrifice their life for an attack
                                                                              products (software or hardware)                                                quality of the attacks that they                  networks.
  They are also known as crackers.      malicious attacks. They have                                                and are thus not concerned with
                                                                                 by checking limitations and                                                              initiate.
                                         permission from the system                                                     the consequences of their
                                                                                 making them more secure.
                                                    owner.                                                                        actions.
Hacking Phases
What is Ethical Hacking?
• Ethical hacking is the practice of employing computer and network
  skills in order to assist organizations in testing their network security
  for possible loopholes and vulnerabilities.
• White Hats (also known as security analysts or ethical hackers) are the
  individuals or experts who perform ethical hacking.
• Nowadays, most organizations (such as private companies,
  universities, and government organizations) are hiring White Hats to
  assist them in enhancing their cybersecurity.
Reasons why organizations Need ethical
hackers
• To prevent hackers from gaining access to the organization’s
  information systems
• To uncover vulnerabilities in systems and explore their potential as a
  risk
• To analyze and strengthen an organization’s security posture,
  including policies, network protection infrastructure, and end-user
  practices
• To provide adequate preventive measures in order to avoid security
  breaches
• To help safeguard the customer data
Ethical hacker Evaluation
1. What can an attacker see on the target system?
2. What can an Intruder do with that information
3. Are the attackers attempts being noticed on the target system?
Skills of an Ethical Hacker
Technical Skills
   • In-depth knowledge of major operating environments, such as Windows, Unix, Linux,
     and Macintosh
   • In-depth knowledge of networking concepts, technologies, and related hardware and
     software
   • A computer expert adept at technical domains o The knowledge of security areas and
     related issues o High technical knowledge of how to launch sophisticated attacks
• Non-Technical Skills
   • The ability to quickly learn and adapt new technologies
   • A strong work ethic and good problem solving and communication skills
   • Commitment to an organization’s security policies o An awareness of local standards
     and laws
Information Security Controls
• Information security controls prevent the occurrence of unwanted
  events and reduce risk to the organization’s information assets.
• The basic security concepts critical to information on the Internet are
  confidentiality, integrity, and availability; the concepts related to the
  persons accessing the information are authentication, authorization,
  and non-repudiation.
• Information is the greatest asset of an organization. It must be
  secured using various policies, creating awareness, employing security
  mechanisms, or by other means.
Information Assurance (IA)
• IA refers to the assurance of the integrity, availability, confidentiality,
  and authenticity of information and information systems during the
  usage, processing, storage, and transmission of information.
• Security experts accomplish information assurance with the help of
  physical, technical, and administrative controls.
• Information Assurance and Information Risk Management (IRM)
  ensure that only authorized personnel access and use information.
• This helps in achieving information security and business continuity.
What is Risk?
• Risk refers to the degree of uncertainty or expectation of potential
  damage that an adverse event may cause to the system or its resources,
  under specified conditions.
• Alternatively, risk can also be:
   • The probability of the occurrence of a threat or an event that will damage,
     cause loss to, or have other negative impacts on the organization, either from
     internal or external liabilities.
• The product of the likelihood that an event will occur and the impact
  that the event might have on an information technology asset.
• The relation between Risk, Threats, Vulnerabilities, and Impact is as
  follows: RISK = Threats x Vulnerabilities x Impact
Risk Management
• Risk management is the process of identifying, assessing, responding
  to, and implementing the activities that control how the organization
  manages the potential effects of risk.
• It has a prominent place throughout the security life cycle and is a
  continuous and ever-increasing complex process.
Risk Management Objectives
• Identify potential risks—this is the main objective of risk
  management  Identify the impact of risks and help the organization
  develop better risk management strategies and plans
• Prioritize the risks, depending on the impact or severity of the risk,
  and use established risk management methods, tools, and techniques
  to assist in this task
• Understand and analyze the risks and report identified risk events. 
  Control the risk and mitigate its effect.  Create awareness among the
  security staff and develop strategies and plans for lasting risk
  management strategies.
Risk Management Phases
         Risk Tracking and Review
         • Requires a tracking and review       Risk Identification
           structure to ensure effective        • Its main aim is to identify the
           identification and assessment
           of the risks as well as the use of     risks—including the sources,
           appropriate controls and               causes, and consequences of
           responses.                             the internal and external risks
         • The review phase evaluates the         affecting the security of the
                                                  organization before they cause
           performance of the                     harm.
           implemented risk management
           strategies.
         Risk Treatment                         Risk Assessment
         • The purpose of this step is to       • Risk assessment is an ongoing
           identify treatments for the risks      iterative process that assigns
           that fall outside the                  priorities for risk mitigation and
           department’s risk tolerance and        implementation plans, which in
           provide an understanding of            turn help to determine the
           the level of risk with controls        quantitative and qualitative
           and treatments.                        value of risk.
Cyber threat intelligence
• Cyber threat intelligence, usually known as CTI, is the collection and
  analysis of information about threats and adversaries and the drawing
  up of patterns that provide an ability to make knowledgeable
  decisions for preparedness, prevention, and response actions against
  various cyberattacks.
• It is the process of recognizing or discovering any “unknown threats”
  that an organization may face so that necessary defense mechanisms
  can be applied to avoid such occurrences. It involves collecting,
  researching, and analyzing trends and technical developments in the
  field of cyber threats (including cybercrime, hacktivism, and
  espionage).
Types of Threat Intelligence
• Strategic Threat Intelligence Strategic threat intelligence provides high-level
  information regarding cybersecurity posture, threats, details about the financial
  impact of various cyber activities, attack trends, and the impact of high-level business
  decisions.
• Tactical Threat Intelligence. It provides information related to the TTPs used by threat
  actors (attackers) to perform attacks.
   • It helps the cybersecurity professionals understand how the adversaries are expected to perform
     their attack on the organization, identify the information leakage from the organization, and
     assess the technical capabilities and goals of the attackers along with the attack vectors.
• Operational Threat Intelligence :Operational threat intelligence provides information
  about specific threats against the organization.
   • It provides contextual information about security events and incidents that help defenders
     disclose potential risks, provide greater insight into attacker methodologies, identify past
     malicious activities, and perform investigations on malicious activity in a more efficient way.
Incident Management
• Incident management is a set of defined processes to identify,
  analyze, prioritize, and resolve security incidents to restore the system
  to normal service operations as soon as possible, and prevent
  recurrence of the incident.
• Incident management includes the following:
   •   Vulnerability analysis
   •   Artifact analysis
   •   Security awareness training
   •   Intrusion detection
   •    Public or technology monitoring
Role of AI and ML in cyber security
• Using AI and ML in cybersecurity helps to identify new exploits and
  weaknesses, which can be easily analyzed to mitigate further attacks.
  It reduces the pressure on security professionals and alerts them
  whenever an action is needed.
• AI and ML is used in:
    • Phishing detection and prevention
    • Threat detection
    • Behaviour analysis
Information Security Laws and Standards
• Laws are a system of rules and guidelines that are enforced by a
  particular country or community to govern behavior. A Standard is a
  “document established by consensus and approved by a recognized
  body that provides, for common and repeated use, rules, guidelines,
  or characteristics for activities or their results, aimed at the
  achievement of the optimum degree of order in a given context.” This
  section deals with the various laws and standards dealing with
  information security in different countries. Payment
Information Security Laws and Standards
• Laws are a system of rules and guidelines that are enforced by a
  particular country or community to govern behavior
• Standard is a document established by consensus and approved by
  reconised body that provides for common and repeated use, rules ,
  guidelines or characteristics for activities or their resultsaimed at the
  achievement of the optimum degree
• Payment card Industry Data Security Standard(PCI DSS)
• ISO 2700
• Health Insurance Portability and Accountability Act (HIPPA)
• General Data Proctection Regulation GDPR
• Different countires have also insitututed various cyber laws i.e
  Australia, United Kingdom, China, Canada Singapore just to mention a
  few.