Uploaded bychampubhaiya8
PPT, PDF24 views

Ethical Hacking: Safeguarding Systems through Responsible Security Testing

The document provides an overview of ethical hacking, emphasizing its legality, professional standards, and processes involved such as preparation, footprinting, enumeration, and vulnerability identification. It discusses the importance of ethical hacking in identifying weaknesses in systems to protect against external threats, citing various statistics and types of attacks faced by organizations. Additionally, it details methodologies for exploiting vulnerabilities and stresses the need for thorough reporting post-assessment.

Embed presentation

Download to read offline
# !@ Ethical Hacking
2 # !@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Reporting
3 # !@ Ethical Hacking Conforming to accepted professional standards of conduct What is Ethical Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good Guys Black-hat – Bad guys
4 # !@ What is Ethical Hacking  It is Legal  Permission is obtained from the target  Part of an overall security program  Identify vulnerabilities visible from Internet at particular point of time  Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
5 # !@ Why – Ethical Hacking January - 2024 Jan 01, 2024 to Jan 30, 2024 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Defacement Statistics for Indian Websites
6 # !@ Why – Ethical Hacking Total Number of Incidents
7 # !@ Why – Ethical Hacking
8 # !@ Why – Ethical Hacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
9 # !@ Ethical Hacking - Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
10 # !@ Preparation  Identification of Targets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
11 # !@ Footprinting Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
12 # !@ Enumeration & Fingerprinting  Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
13 # !@ Identification of Vulnerabilities Vulnerabilities  Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
14 # !@ Identification of Vulnerabilities Methods  Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
15 # !@ Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
16 # !@ Attack – Exploit the vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
17 # !@ Attack – Exploit the vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
18 # !@ Attack – Exploit the vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
19 # !@ Attack – Exploit the vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
20 # !@ Reporting  Methodology  Exploited Conditions & Vulnerabilities that could not be exploited  Proof for Exploits - Trophies  Practical Security solutions
21 # !@ THANKYOU

More Related Content

PPT
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
byssuserde23af
 
PPT
324515851-Ethical-Hacking-Ppt-Download4575.ppt
byssuserde23af
 
PPT
324515851-Ethical-Hacking-Ppt-Download4575.ppt
byssuserde23af
 
PPT
Ethical hacking by shivam
byShivam Ðreamchazer
 
PPT
Ethical h
byDr. Salman Iqbal
 
PPT
Ethical hacking
bysumanth1201
 
PPT
Ethical hacking
bykawsarahmedchoudhuryzzz
 
PPT
Ethical h
bykawsarahmedchoudhuryzzz
 
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
byssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
byssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
byssuserde23af
 
Ethical hacking by shivam
byShivam Ðreamchazer
 
Ethical h
byDr. Salman Iqbal
 
Ethical hacking
bysumanth1201
 
Ethical hacking
bykawsarahmedchoudhuryzzz
 
Ethical h
bykawsarahmedchoudhuryzzz
 

Similar to Ethical Hacking: Safeguarding Systems through Responsible Security Testing

PPT
Ethical hacking-ppt-download4575
byGopal Rathod
 
PPTX
Ethical Hacking basics ppt, all types hacking
bydevakiashi
 
PPT
Lect1_3.pptjjjjedediodheiohdioeipojihiohi
byzmulani8
 
PPTX
ethical hacking
byNeelima Bawa
 
PPTX
Presentation1
byAbhishek Malhotra
 
PPT
Ethical Hacking
byRohan Raj
 
PPTX
Ethical hacking/ Penetration Testing
byANURAG CHAKRABORTY
 
PPT
Ethical hacking
bySourabh Badve
 
PPTX
Inetsecurity.in Ethical Hacking presentation
byJoshua Prince
 
PPT
Introduction to ceh
byHemant Mittal
 
PPT
Ethical Hacking
byKeith Brooks
 
PDF
ISACA Ethical Hacking Presentation 10/2011
byXavier Mertens
 
PPTX
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
byAlfredObia1
 
PPT
Hackers Cracker Network Intruder
byErdo Deshiant Garnaby
 
PPTX
Ethical hacking
byPrabhat kumar Suman
 
PDF
Lec_11_Introduction to Cyber Security.pdf
byMohammedAdel426426
 
PPTX
Hacking - penetration tools
byJenishChauhan4
 
PPT
How to become Hackers .
byGreater Noida Institute Of Technology
 
PDF
Ethical hacking
byKhairi Aiman
 
PPTX
ethical_hacking_presentation.pptx .
byrealkingakash147
 
Ethical hacking-ppt-download4575
byGopal Rathod
 
Ethical Hacking basics ppt, all types hacking
bydevakiashi
 
Lect1_3.pptjjjjedediodheiohdioeipojihiohi
byzmulani8
 
ethical hacking
byNeelima Bawa
 
Presentation1
byAbhishek Malhotra
 
Ethical Hacking
byRohan Raj
 
Ethical hacking/ Penetration Testing
byANURAG CHAKRABORTY
 
Ethical hacking
bySourabh Badve
 
Inetsecurity.in Ethical Hacking presentation
byJoshua Prince
 
Introduction to ceh
byHemant Mittal
 
Ethical Hacking
byKeith Brooks
 
ISACA Ethical Hacking Presentation 10/2011
byXavier Mertens
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
byAlfredObia1
 
Hackers Cracker Network Intruder
byErdo Deshiant Garnaby
 
Ethical hacking
byPrabhat kumar Suman
 
Lec_11_Introduction to Cyber Security.pdf
byMohammedAdel426426
 
Hacking - penetration tools
byJenishChauhan4
 
How to become Hackers .
byGreater Noida Institute Of Technology
 
Ethical hacking
byKhairi Aiman
 
ethical_hacking_presentation.pptx .
byrealkingakash147
 

Recently uploaded

PPTX
Emminent personalities from agriculture sciences.pptx
byconvey2vivek
 
PPTX
Unit 6- Heme Catabolism.pptx............
byAkanksha Kotangale
 
PPTX
PLAY-IMPORTANCE OF PLAY,FUNCTIONS OF PLAY AND TYPES
byBHUVANESHWARI BADIGER
 
PDF
The bronze sculptures of the Chola dynasty
byPrachiSontakke5
 
PPTX
Duplication of Records in Odoo 18.1 Studio
byCeline George
 
PPTX
What is Scheduled Actions in Odoo 18
byCeline George
 
PPTX
Pharmaceutical Engineering (sem-3) unit 3-2
bypayalpilaji
 
DOCX
ANATOMY NOTES- Dr. Sudhadevi Sadanandan
byDr. Sudhadevi Sadanandan
 
PDF
2025 Caribbean Examinations Council CSEC Merit List
byCaribbean Examinations Council
 
PPTX
(2) Physiology (Cell Structure). pptx
byaryanhaniarshi
 
PDF
Masking and Lithography Techniques in Microelectronics
byGS Virdi
 
PPTX
Tablets & Liquid orals Industrial pharmacy-I UNIT-2, B. Pharam V Semester PPT
byARUN KUMAR
 
PPTX
Correlation Analysis (Biostatistics)ppt.
byKajal Kashyap
 
PDF
Keratometer /ppt/pdf/notespdf/kerato.pdf
byAnmol Singh
 
PPTX
NMR Spectroscopy M.Pharm 1st Semester, Pharmacy
bySaurabh Dubey
 
PDF
Statement-by-UK-PhD-cohort-to-the-Ghana-High-Commission-and-the-media.docx1_.pdf
bynservice241
 
PDF
Ion Implantation Techniques in VLSI Technology
byGS Virdi
 
PDF
Determining the Sample Population updated version.pdf
byThelma Villaflores
 
PPTX
Pharmaceutical Engineering (Sem-3) unit 2-1.pptx
bypayalpilaji
 
PPTX
Everything You Need to Know About Actions in Odoo 18
byCeline George
 
Emminent personalities from agriculture sciences.pptx
byconvey2vivek
 
Unit 6- Heme Catabolism.pptx............
byAkanksha Kotangale
 
PLAY-IMPORTANCE OF PLAY,FUNCTIONS OF PLAY AND TYPES
byBHUVANESHWARI BADIGER
 
The bronze sculptures of the Chola dynasty
byPrachiSontakke5
 
Duplication of Records in Odoo 18.1 Studio
byCeline George
 
What is Scheduled Actions in Odoo 18
byCeline George
 
Pharmaceutical Engineering (sem-3) unit 3-2
bypayalpilaji
 
ANATOMY NOTES- Dr. Sudhadevi Sadanandan
byDr. Sudhadevi Sadanandan
 
2025 Caribbean Examinations Council CSEC Merit List
byCaribbean Examinations Council
 
(2) Physiology (Cell Structure). pptx
byaryanhaniarshi
 
Masking and Lithography Techniques in Microelectronics
byGS Virdi
 
Tablets & Liquid orals Industrial pharmacy-I UNIT-2, B. Pharam V Semester PPT
byARUN KUMAR
 
Correlation Analysis (Biostatistics)ppt.
byKajal Kashyap
 
Keratometer /ppt/pdf/notespdf/kerato.pdf
byAnmol Singh
 
NMR Spectroscopy M.Pharm 1st Semester, Pharmacy
bySaurabh Dubey
 
Statement-by-UK-PhD-cohort-to-the-Ghana-High-Commission-and-the-media.docx1_.pdf
bynservice241
 
Ion Implantation Techniques in VLSI Technology
byGS Virdi
 
Determining the Sample Population updated version.pdf
byThelma Villaflores
 
Pharmaceutical Engineering (Sem-3) unit 2-1.pptx
bypayalpilaji
 
Everything You Need to Know About Actions in Odoo 18
byCeline George
 

Ethical Hacking: Safeguarding Systems through Responsible Security Testing

  • 1.
  • 2.
    2 # !@ Ethical Hacking -? Why – Ethical Hacking ? Ethical Hacking - Process Reporting
  • 3.
    3 # !@ Ethical Hacking Conforming to acceptedprofessional standards of conduct What is Ethical Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good Guys Black-hat – Bad guys
  • 4.
    4 # !@ What is EthicalHacking  It is Legal  Permission is obtained from the target  Part of an overall security program  Identify vulnerabilities visible from Internet at particular point of time  Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
  • 5.
    5 # !@ Why – EthicalHacking January - 2024 Jan 01, 2024 to Jan 30, 2024 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Defacement Statistics for Indian Websites
  • 6.
    6 # !@ Why – EthicalHacking Total Number of Incidents
  • 7.
  • 8.
    8 # !@ Why – EthicalHacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
  • 9.
    9 # !@ Ethical Hacking -Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
  • 10.
    10 # !@ Preparation  Identification ofTargets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
  • 11.
    11 # !@ Footprinting Collecting as muchinformation about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
  • 12.
    12 # !@ Enumeration & Fingerprinting Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
  • 13.
    13 # !@ Identification of Vulnerabilities Vulnerabilities Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
  • 14.
    14 # !@ Identification of Vulnerabilities Methods Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
  • 15.
    15 # !@ Identification of Vulnerabilities Tools VulnerabilityScanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
  • 16.
    16 # !@ Attack – Exploitthe vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
  • 17.
    17 # !@ Attack – Exploitthe vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
  • 18.
    18 # !@ Attack – Exploitthe vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
  • 19.
    19 # !@ Attack – Exploitthe vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
  • 20.
    20 # !@ Reporting  Methodology  ExploitedConditions & Vulnerabilities that could not be exploited  Proof for Exploits - Trophies  Practical Security solutions
  • 21.