Ethical Hacking
Jun 29, 2015
What is Hacking?
Hacking is accessing unauthorized data by any method
other than the direct method.
Hacking is accessing unauthorized data by any method
other than the direct method.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
• Hacking is accessing unauthorized data by any method
other than the direct method.
HACKINg
• In 1988 a "worm program" written by a college student shut down about 10 percent of computers connected to the Internet. This was the beginning of the era of cyber attacks.
• Today we have about 10,000 incidents of cyber attacks which are reported and the number grows.
• A 16-year-old music student called Richard Pryce, better known by the hacker alias Datastream Cowboy, is arrested and charged with breaking into hundreds of computers including those at the Griffiths Air Force base, NASA and the Korean Atomic Research Institute. His online mentor, "Kuji", is never found.
• Also this year, a group directed by Russian hackers broke into the computers of Citibank and transferred more than $10 million from customers' accounts. Eventually, Citibank recovered all but $400,000 of the pilfered money.
BEGInNIng
WhY?
In this era, where world depends on technology and huge amount of data worth a lot of money stored in computers and hacking is all about accessing data for…
• The number of exploits gets minimized when the number of weaknesses are reduced.
• The functionality of the system gets minimized.
• Moving towards security means moving away from functionality and ease of use.
THE TRIANGLE
SECURITY
FUNCTIONALITY EASE OF USE
• Hacking includes the following types of activity:• Hacker (programmer subculture), activity within the computer programmer subculture• Hacker (computer security), to access computer networks, legally or otherwise• Computer crime
HACKING
TRY
NEXT
YES
NOSuccess
?
TRY...
TRY...
TRY...
UNT
ILL
YOU GE
T SUCC
ESS!!!
Can Hacking be Ethical ?
HACKING
• Coders: These are the one who revise the methods and create tools that are available in the market. These are the Real Hackers.
• Admins: They uses the tools and exploits prepared by the coders. They do not develop their own techniques.
• Script kiddies: They are the guys who take advantage of the Hacking tools and documentation available for free on the Internet but don’t have any knowledge of what’s going on behind the scenes.
TYPE
TYPE
• Threat – An action or event that might prejudice security. A threat is a potential violation of security. • Vulnerability – Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system. • Target of Evaluation – An IT system, product, or component that is identified/subjected as requiring security evaluation. • Attack – An assault on system security that derives from an intelligent threat. An attack is any action that attempts to or violates security. • Exploit – A defined way to breach the security of an IT system through vulnerability.
TERMINOLOGY
MODE
• Over the Internet• Over LAN• Locally• Offline• Theft• Deception
• Phishing• Key Loggers • RAT • Whatsapp Hacking• Wifi Hacking –Through Kali Linux• Email Bombing• SMS Bombing
For
BEGINNERs
SQL
INJECTIOn
• Let's say that the original purpose of the code was to create an SQL statement to select a user with a given user id.
• If there is nothing to prevent a user from entering "wrong" input, the user can enter some "smart" input like this:
“1=1”
The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true.
XSS
• Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. • XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
REQUIREMENTS
• Hypertext Markup Language (HTML) is the basics for creating web pages and other information that can be displayed in a web browser. So if you don't know HTML you should first learn it.
• JavaScript:Learning java script. Will help you understand the basics of Cross Site Scripting.
• PHP/SQL:Majority of web applications are written using PHP and MySQL.So it is a must to learn PHP.
• C & C++:More than 60 % of the exploits you will find on the web are written in C & C ++, Learning C & C++ will help you understand about Buffer overflows, Stack overflow etc, So learning C and C ++ is must for every hacker/Pen tester.
REQUIREMENTS
• Assembly:Learning assembly will help you in Writing/understanding Shell codes , Will Help you in Reverse Engineering applications and software's
• Python:It is a very powerful high level language , Its Easy to learn and code, most of the tools and scripts for automation are written in Python . Knowing Python socket programming will help you a lot in Exploit writing
• Ruby:It is an another language which is used to write scripts, tools. Metasploit Frame Work is written in Ruby. so learning ruby will help you understand the in and outs of msf.
• Bash:Learning Bash is very Useful in writing small scripts for automation.
Thank You
Related Documents
