SlideShare a Scribd company logo

324515851-Ethical-Hacking-Ppt-Download4575.ppt

Download as PPT, PDF
S
ssuserde23af

ASAS

Business
1 of 21
# !@ Ethical Hacking
2 # !@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting
3 # !@ Ethical Hacking Conforming to accepted professional standards of conduct What is Ethical Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good Guys Black-hat – Bad guys
4 # !@ What is Ethical Hacking  It is Legal  Permission is obtained from the target  Part of an overall security program  Identify vulnerabilities visible from Internet at particular point of time  Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
5 # !@ Why – Ethical Hacking Source: CERT-India January - 2005 June 01, 2004 to Dec.31, 2004 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Defacement Statistics for Indian Websites
6 # !@ Why – Ethical Hacking Source: CERT/CC Total Number of Incidents Incidents
7 # !@ Why – Ethical Hacking Source: US - CERT
8 # !@ Why – Ethical Hacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
9 # !@ Ethical Hacking - Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
10 # !@ Preparation  Identification of Targets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
11 # !@ Footprinting Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
12 # !@ Enumeration & Fingerprinting  Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
13 # !@ Identification of Vulnerabilities Vulnerabilities  Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
14 # !@ Identification of Vulnerabilities Methods  Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
15 # !@ Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
16 # !@ Attack – Exploit the vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
17 # !@ Attack – Exploit the vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
18 # !@ Attack – Exploit the vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
19 # !@ Attack – Exploit the vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
20 # !@ Reporting  Methodology  Exploited Conditions & Vulnerabilities that could not be exploited  Proof for Exploits - Trophies  Practical Security solutions
21 # !@ Ethical Hacking - Commandments  Working Ethically  Trustworthiness  Misuse for personal gain  Respecting Privacy  Not Crashing the Systems

Recommended

Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testingchampubhaiya8
 
Ethical h
Ethical hEthical h
Ethical hkawsarahmedchoudhuryzzz
 
Ethical h
Ethical hEthical h
Ethical hDr. Salman Iqbal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingsumanth1201
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingkawsarahmedchoudhuryzzz
 
Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Gopal Rathod
 
Presentation1
Presentation1Presentation1
Presentation1Abhishek Malhotra
 
ethical hacking
ethical hackingethical hacking
ethical hackingNeelima Bawa
 

Recommended

Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testingchampubhaiya8
 
Ethical h
Ethical hEthical h
Ethical hkawsarahmedchoudhuryzzz
 
Ethical h
Ethical hEthical h
Ethical hDr. Salman Iqbal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingsumanth1201
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingkawsarahmedchoudhuryzzz
 
Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Gopal Rathod
 
Presentation1
Presentation1Presentation1
Presentation1Abhishek Malhotra
 
ethical hacking
ethical hackingethical hacking
ethical hackingNeelima Bawa
 
Chapter 2
Chapter 2Chapter 2
Chapter 2shahhardik27
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING Sweta Leena Panda
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingjustyogesh
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingMeghal Murkute
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRavi Rajput
 
CyberIgnite.pdf
CyberIgnite.pdfCyberIgnite.pdf
CyberIgnite.pdfGDSCPUP
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRohan Raj
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingViraj Kansara
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingshahhardik27
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingshahhardik27
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdf
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdfpdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdf
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdftehkotak4
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
Introduction to ceh
Introduction to cehIntroduction to ceh
Introduction to cehHemant Mittal
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking PresentationAnimesh Behera
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptxssuserde23af
 
Ch1-201ASasASAsaSAsasaSAsaSAsaaa0_CISA.ppt
Ch1-201ASasASAsaSAsasaSAsaSAsaaa0_CISA.pptCh1-201ASasASAsaSAsasaSAsaSAsaaa0_CISA.ppt
Ch1-201ASasASAsaSAsasaSAsaSAsaaa0_CISA.pptssuserde23af
 

More Related Content

Similar to 324515851-Ethical-Hacking-Ppt-Download4575.ppt

Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingjustyogesh
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
CyberIgnite.pdf
CyberIgnite.pdfCyberIgnite.pdf
CyberIgnite.pdfGDSCPUP
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRohan Raj
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdf
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdfpdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdf
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdftehkotak4
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 

Similar to 324515851-Ethical-Hacking-Ppt-Download4575.ppt (20)

Chapter 2
Chapter 2Chapter 2
Chapter 2
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
CyberIgnite.pdf
CyberIgnite.pdfCyberIgnite.pdf
CyberIgnite.pdf
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdf
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdfpdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdf
pdfcoffee.com_modul-1-intro-to-network-security-pdf-free.pdf
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
Introduction to ceh
Introduction to cehIntroduction to ceh
Introduction to ceh
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
 

More from ssuserde23af

538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptxssuserde23af
 
Ch1-201ASasASAsaSAsasaSAsaSAsaaa0_CISA.ppt
Ch1-201ASasASAsaSAsasaSAsaSAsaaa0_CISA.pptCh1-201ASasASAsaSAsasaSAsaSAsaaa0_CISA.ppt
Ch1-201ASasASAsaSAsasaSAsaSAsaaa0_CISA.pptssuserde23af
 
Advanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptAdvanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.pptssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.pptssuserde23af
 
chsadsadasdasdasdasdsadsadsadsadsadasda10.ppt
chsadsadasdasdasdasdsadsadsadsadsadasda10.pptchsadsadasdasdasdasdsadsadsadsadsadasda10.ppt
chsadsadasdasdasdasdsadsadsadsadsadasda10.pptssuserde23af
 

More from ssuserde23af (6)

538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
 
Ch1-201ASasASAsaSAsasaSAsaSAsaaa0_CISA.ppt
Ch1-201ASasASAsaSAsasaSAsaSAsaaa0_CISA.pptCh1-201ASasASAsaSAsasaSAsaSAsaaa0_CISA.ppt
Ch1-201ASasASAsaSAsasaSAsaSAsaaa0_CISA.ppt
 
Advanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptAdvanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).ppt
 
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt
 
chsadsadasdasdasdasdsadsadsadsadsadasda10.ppt
chsadsadasdasdasdasdsadsadsadsadsadasda10.pptchsadsadasdasdasdasdsadsadsadsadsadasda10.ppt
chsadsadasdasdasdasdsadsadsadsadsadasda10.ppt
 

Recently uploaded

Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 

Recently uploaded (20)

Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 

324515851-Ethical-Hacking-Ppt-Download4575.ppt

  • 2. 2 # !@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting
  • 3. 3 # !@ Ethical Hacking Conforming to accepted professional standards of conduct What is Ethical Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good Guys Black-hat – Bad guys
  • 4. 4 # !@ What is Ethical Hacking  It is Legal  Permission is obtained from the target  Part of an overall security program  Identify vulnerabilities visible from Internet at particular point of time  Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
  • 5. 5 # !@ Why – Ethical Hacking Source: CERT-India January - 2005 June 01, 2004 to Dec.31, 2004 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Defacement Statistics for Indian Websites
  • 6. 6 # !@ Why – Ethical Hacking Source: CERT/CC Total Number of Incidents Incidents
  • 7. 7 # !@ Why – Ethical Hacking Source: US - CERT
  • 8. 8 # !@ Why – Ethical Hacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
  • 9. 9 # !@ Ethical Hacking - Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
  • 10. 10 # !@ Preparation  Identification of Targets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
  • 11. 11 # !@ Footprinting Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
  • 12. 12 # !@ Enumeration & Fingerprinting  Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
  • 13. 13 # !@ Identification of Vulnerabilities Vulnerabilities  Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
  • 14. 14 # !@ Identification of Vulnerabilities Methods  Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
  • 15. 15 # !@ Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
  • 16. 16 # !@ Attack – Exploit the vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
  • 17. 17 # !@ Attack – Exploit the vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
  • 18. 18 # !@ Attack – Exploit the vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
  • 19. 19 # !@ Attack – Exploit the vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
  • 20. 20 # !@ Reporting  Methodology  Exploited Conditions & Vulnerabilities that could not be exploited  Proof for Exploits - Trophies  Practical Security solutions
  • 21. 21 # !@ Ethical Hacking - Commandments  Working Ethically  Trustworthiness  Misuse for personal gain  Respecting Privacy  Not Crashing the Systems