Hackingpresentation

Hacking

What I s Hack ing

   Computer hacking is when someone modifies computer hardware or software in a way that alters the creator's original intent.

Commun i t i e s o f Hacke r

HackerPhreaksCrackers

Script kiddies

• Hackers are Intelligent Computer Professionals.

• Motive/Intent –• To gain in-depth knowledge of a system,

what’s happening at the backend, behind the screen.

• To find possible security vulnerabilities in a system.

• They create security awareness by sharing knowledge. It’s a team work.

Hacker?

Types of Hacker

Types of Hacker

Whi te Ha t

• A white hat is the hero or good guy, especially in computing slang, where it refers to an ethical hacker or Penetration tester who focuses on securing and protecting IT systems.

• White Hat Hackers, also known as Ethical Hackers

Types of Hacker

B l a c k H a t

• A black hat is the villain or bad guy. It refers to a hacker that breaks into networks or computers, or creates computer viruses. Black Hat Hackers (also called "crackers") who are specialized in unauthorized penetration of information systems.

• They may use computers to attack systems for profit, for fun, or for political motivations or as a part of a social cause.

Types o f Hacker

Grey Hat• A grey hat, in the hacking community,

refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not.

• They are a hybrid between white and black hat hackers.

• They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological

Fa m o u s H a c ke r s i n H i s t o r y

Ian Murphy Kevin Mitnick Johan Helsinguis

Mark AbeneLinus Torvalds Robert Morris

• An Individuals who break into computers with malicious intent.

• Motive/Intent –• To seek unauthorized access into a

system and cause damage or destroy or reveal confidential information.

• To compromise the system to deny services to legitimate users for troubling, harassing them or for taking revenge.

• Effects- Can cause financial losses & image/reputation damages,

defamation in the society for individuals or organizations

Crackers /At tackers

Phreaks?

• Phreaks – These are persons who use computer devices and software to break into phone networks.

• Motive/Intention- To find loopholes in security in phone network and to make phone calls at free of cost!!!

• Effects- You may have to big amount of phone bills, for doing nothing!!!

Scr ip t K idd ies

• Script Kiddies – These are persons not having technical skills to hack computers.

• Motive/Intention- They use the available information about known

• vulnerabilities to break into remote systems.

• It’s an act performed for a fun or out of curiosity.

Mal ic ious Hacker St ra teg ies

Reconnaissance

Scanning

Attack

1

2

3

Reconnaissance

Sacnn ing

Scanning is the process of finding out open/close ports,vulnerabilities in remote system, server & networks.• Scanning will reveal• IP addresses• Operating systems• Services running on each computer.• Services running on each computer.

Types o f Scann ing

• Port Scanning• Network Scanning• Vulnerability Scanning

Por t Scann ing

• Port Scanning is one of the most popular technique attacker use todiscover the service they break into.• All machines connected to a LAN or connected to Internet via amodem run many services that listen at well-known and not so wellknownports.• There are 1 to 65535 ports are available in the computer.• By port scanning the attacker finds which ports are available .

Network Scann ing

Understand IP Addresses and related information about the computer network systems

Vulnerab i l i ty Scann ing

Understand the exiting weakness

Top 10 Vu lnerab i l i t ies1. SQL Injection 2. Cross Site Scripting (XSS)3. Malicious File Execution4. Insecure Direct Object Reference5. Cross Site Request Forgery (CSRF)6. Information Leakage and Improper

Error Handling7. Broken Authentication and Session

Management8. Insecure Cryptographic Storage9. Insecure Communications10. Failure to Restrict URL Access

Example Of SQL Injection