Introduction to hacking

Introduction to Ethical Hacking

By Nitish Mehta (Illuminative works)

Illuminative works2

What we do ?

Illuminative Works

Illuminative works3

Services we Provide

ILLUMINAITVE WORKS

SERVICES

PHP and Framework

s

Ruby On Rails SEO

APPILCATION DEVELOPME

NT

Illuminative works4

Php and It’s Frameworks

ILLUMINAITVE WORKS

services

PHP and Frameworks

Wordpress

Magento

Joomla Zend

ILLUMINAITVE WORKS

SERVICES

PHP and Framewor

ks

Ruby On Rails SEO

APPILCATION DEVELOPME

NT

TRAINING

ONLINE OFFLINE

Illuminative works6

Types of training

TRAINING

Courses ONLINE

Webinars Blogs Webca

st

Workshops

Illuminative works7

Workshop and training on

Application development

•Mobile Application development•Facebook application development •Twitter application development

Ethical Hacking

•Ethical Hacking level -1•Hack the Hacker (method to trackback to hacker)•HACKERS ON CHARITY (Coming soon )

Website development

•Php •Wordpress •Joomla

Electronics and communication

•Electric Circuit and PCB designing.•Advanced 8051 Architecture, Programming & Interfacing

Illuminative works8

How can you learn from us?

Series of Webinars.

Watch webcast.

Blogs

Workshop

Hack with hackers

Illuminative works9

What we will discuss today ?

1. Understanding hacker objectives

2. Outlining the differences between ethical

hackers and malicious hackers/crackers

3. Examining the ethical hacking processes.

4. Starting the ethical hacking process

Illuminative works10

Who are Hackers ? Recently, hacker has taken on a new meaning

— who maliciously breaks into systems for personal

gain.

Technically, these criminals are crackers They modify, delete, and steal critical information,

often making other people miserable The good-guy (white-hat) hackers don’t like

being in the same category as the bad-guy (black-hat) hackers.

Illuminative works11

Types of Hacker People Categorize Hacker into many different

ways But everyone agrees that there is 3 basic

type of hacker

Black Hat• Individual with

extraordinary computing skills

• Does destructive work always

White Hat• Individual

Professional Hacker

• Used for Defensive Purpose

Grey Hat• They work for

defensive and offensive at their own will

Illuminative works12

Types of Ethical Hacker

Former Black Hats

•Reformed crackers•First Hand Experienced •Less credibility

White Hats

•Independent security Consultants (can be group too)•Claim to be knowledgeable about black hat activities

Consulting Firms

•Part of ICT firms.•Certified professionals. •Good credibility.

Illuminative works13

Steps of Hacking

Information Gathering

&Scanning

System Hacking

Plant Rootkits and Backdoors

Covering Tracks

Illuminative works14

Information Gathering Is used to gather information as much as hacker

can for the target

It is also know as ratting the door knob.

By information that a hacker has gathered he/she can know what type of attack to use.

This is basic and important step in hacking

More knowledge in this step will make other upcoming step easy.

Illuminative works15

Scanning Scanning refers to pre attack phase where a

hacker scan the network to find / gather information about network

Scanning includes Network scan Port scan Venerability scan , ect

A Hacker can get some high venerability which can give access easily.

Illuminative works16

System Hacking Also know as gaining access The venerability that has been found during

Information Gathering and scanning is been exploited here

There can be many exploits with different level of threats

Some of the threats that we are going to discuss are Sql Injection XXS cross site scripting LFI , RFI

Illuminative works17

Backdoor and rootkits It is also called as maintaining access. This is done so a hacker can have all type of

access for next time without bypassing or breaking the security

For this many stuffs are used Trojans Backdoors ,rootkits Shells , ect

Illuminative works18

Covering Tracks This is smallest and most important part in

Hacking If this is not done then a Hacker can easily get

track back. This is step were hacker removes all his/her identity

or tracks History files :

sh : .sh_history csh : .history ksh : .sh_history bash: .bash_history zsh : .history

Backup Files : dead.letter, *.bak, *~

Illuminative works19

What does Ethical Hacker do ? They basically ask themselves following

question What does a hacker/ cracker sees in the target ?

Information gathering Scanning

What can he do with that vulnerability ? Gaining Access Maintaining it System hacking

Has anyone already noticed the vulnerability ? Maintaining Access Footprinting

Illuminative works20

What is vulnerability Research ? Discovering and designing vulnerability in any

system is called vulnerability. It can be classified in two ways

Threat Level Low Medium High

Exploit Range Local Remote

Illuminative works21

Why a Ethical hacker need to have vulnerability ?

To identify correct network vulnerability

Protect network form being attack

To get information that helps to prevent

security problems

To gather information about virus/ worms/

Trojan

To find weakness in n/w and inform it to admin

To know how to recover from such attacks

Illuminative works22

From were you can research ? There are several websites from where you

can stay up dated and can research

Mine favourite are Packet storm : www.packetstormsecurity.com Security focus: www.securityfocus.com SANS internet storm : http://isc.sans.edu Security magazine : www.securitymagazine.com Exploit-db: www.exploit-db.com

Illuminative works23

How can you conduct Ethical Hacking ?Talk to your client on the needs of testing

Prepare NDA document and ask them to sign them

Prepare a team of Ethical Hacker and create a schedule for testing

Conduct the test

Analyze the result and prepare the report

Deliver the report to the client

Illuminative works24

Process of Ethical Hacking

Illuminative works25

How many times we should do ? Make sure your systems are secure. New hacker exploits and security

vulnerabilities are regularly uncovered At any time , everything can change

Software upgrades Adding computer systems Applying patches.

Thus regularly testing should be done.

Illuminative works26

Future webinar dates 2-2-12 •Information Gathering & Scanning Methodologies- NitishMehta

16-12-12  •Google Hacking – Nitish Mehta

6-1-13  •SQL injection attacks -Nitish Mehta / Naveen Badoni

20-1-13  •Facebook and Email Hacking- Arif Ali Khan 

2-2-13 •Social Engineering-Arif Ali Khan / Nitish Mehta

Illuminative works27

Q/A Round

Thank YouNitish Mehta

(Illuminative works –CEO and Founder)[email protected]

Facebook.com/illuminativeworks