" Ethical Hacking"
•
“Fixing the system by compromising
it”•
•Ethical hacking, also known as penetration testing,
intrusion testing used to find loopholes (Leakage) in an IT system and break into it. “Hacking
for Information Security”
•
To
ensure the protection and privacy of personally identifiable and/or sensitive
information.
•
The
state of security on the internet is poor and the progress toward increased
protection is slow.
•White hat – ethical hacker and penetration taster ( focuses
on IT security )
•Black hat – Villain hacker , Hacks for illegal uses , making
viruses and Trojans.
•Gray hat – hybrid between white and black hat
•Vulnerability
scanner
•Packet
sniffer
•Spoofing
attack (Phishing)
•Trojan
horses
•Viruses
•Worms
•Key
loggers
•A vulnerability
scanner is a computer program designed to assess computers,
computer systems, networks or applications for weaknesses.
•By different injections like SQL , after scanning the database
hackers get information like passwords , user ids etc. from it.
•By sending malicious code of malware to a server by http req.,
hacker gain a server level access. &get id and passwords. Or by bypassing common id & passwords. E.g. admin'or'0'=‘0
•This works on low security servers where SQL data is injected by http request.
• password
cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system.
•The
purpose of password cracking is to help a user to recover a forgotten password . But it is mostly use for hacking or accessing
illegally a system.
•It
is a computer program or a piece of computer hardware that
can intercept and log traffic passing over a
digital network or part of a network.
•It can captures the packets of data which are flows through the network.
•So it is used for getting data in between two systems.
- Spoofing attack
(Phishing)
•Phishing is
the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a
trustworthy entity in an electronic communication.
• A Trojan
horse, or Trojan, is a non-self-replicating type
of malware which appears to perform a desirable function but instead
facilitates unauthorized access to the user's computer system.
• A computer
virus is a computer program that can replicate itself and
spread from one computer to another.
It used to
refer to other types of malware, including but not limited
to adware and spyware programs that do not have a
reproductive ability.
• It
uses a computer network to spread itself, relying on security
failures on the target computer to access it. It does not need to attach itself to an
existing program.
.
•Two
types : hardware & software
•Software
key loggers records all keystrokes and sends it to specific location by a
spyware program.
•Hardware
key loggers are attached between keyboard and CPU.
.
"How Hacking Works ?"
•method
1: Drive-by attack
•method
2: Opportunistic attack
•method
3: Targeted or “Sniper” attack
- method 1.1: Drive-by attack-1
• Hacker inserts an image/sound file/animation in a legitimate webpage.
• That contains a malicious script which is run when the webpage is loaded into a user’s unpatched/unsecure web browser
• The script installs some type of virus on the user’s machine, potentially uploading confidential information to the hacker’s computer or allowing the hacker backdoor access to the user’s computer.
- method 1.2: Drive-by attack-2
• Hacker designs a webpage that looks identical to some other legitimate page but contains a malicious script (mini-program)
• User clicks on the link, the seemingly legitimate page opens and the script runs and installs some type of virus on the user’s machine potentially uploading confidential information to the hacker’s computer or allowing the hacker backdoor access to the user's computer.
- method 1.3: Drive-by attack-3
• Hacker
sends out hundreds/thousands of emails spoofing the sender’s name so that the
email seems to come from a legitimate source.
•The
recipient of the email is requested to click on a seemingly legitimate webpage
link in the email
•The
target webpage contains a malicious script which, runs for hacking process.
- method 1.4: Drive-by attack-4
• It is
same like method 3 but in this method hacker sends different attachments
containing virus or malware scripts.
•After
opening attachments it runs the malware scripts or virus process.
- method 2 : Opportunistic attack
• The
hacker will scan a range of internet address to see which ones respond.
•After
response , it list may then be read by another piece of software called a
“vulnerability scanner” to test each of the devices to see if they are
susceptible to known attack methods using known weaknesses in the operating
system or running programs.
- method 3 : "sniper" attack
• These are calculated attempts to extract data from an organization sometimes for financial reward, sometimes for bragging rights and sometimes for a cause.
•Examples of this type of hack would be to steal credit/debit card numbers, personal details such as Social Security numbers, passport or ID details or even social networking website logins.
•For Army security & in cyber crime investigation this hacking is done.
what can hacker do ?
•Steal Your Number
•Take Your Information
•Rob Your Money
•Give the System a Virus
•Spy on
You
•Access
Your Mails
How to prevent hacking ?
•Perform
required software updates for your operating system and web browser. ( A
system that hasn't been updated recently has flaws in it that can be taken
advantage of by hackers.)
•Install
a firewall on your computer.
•Change
your passwords every month.
•Install
anti-spyware/adware & antivirus programs onto your system.
•Delete
emails from unknown sources.
•Avoid
Scam/Spammy Websites
•Clear
the Cookies!
•Don’t
use Generic Usernames
•Use
Strong Passwords!
Applications
•Cyber
crime investigation
•Secure
software development
•Penetration
testing
•Vulnerability
assessment
for any queries please contact me : mayurbhimani11@gmail.com
.jpg)
