First Section Second Section Third Section

Hacking World

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost

Khajeh Nasir Toosi University of Technology

June 2, 2021

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Overview

1 First Section
5 Biggest Computer Hacks in History

2 Second Section
Types of Hackers

3 Third Section
Common Hacking Techniques

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

5 Biggest Computer Hacks in History

Computer Hacks

Operation Shady RAT

Department Of Defense Hack
Melissa Virus
Comodo Hack
Playstation Network Hack

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

5 Biggest Computer Hacks in History

Operation Shady RAT

These attacks began in 2006, which is Named RAT for its

utilization of remote access tools that allow computers to be
controlled. This Chinese hacker, has succeeded in stealing
intellectual property from at least 70 organizations across 14
countries. Those victimized include the United Nations, worldwide
businesses, the World Anti-Doping Agency, the International
Olympic Committee, etc.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

5 Biggest Computer Hacks in History

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

5 Biggest Computer Hacks in History

Department Of Defense Hack

In 1999, Jonathan James committed a series of intrusions into

various systems. James later admitted to authorities that he had
installed an unauthorized backdoor in a computer server in Dulles,
Virginia, which he used to install a sniffer that allowed him to
intercept over three thousand messages passing to and from DTRA
employees, along with numerous usernames and passwords of other
DTRA employees, including at least 10 on official military
computers.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

5 Biggest Computer Hacks in History

Melissa Virus

The first inclusive computer virus that made the world’s population
realize that their computers weren’t always safe!
Melissa was created in 1999 by a programmer with too much idle
time on his hands. David L. Smith disguised his virus as a simple
Microsoft Word program, and he sent it to countless unsuspecting
recipients. Mellisa then resents itself to the first 50 people from
each infected computer’s address book.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

5 Biggest Computer Hacks in History

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

5 Biggest Computer Hacks in History

Comodo Hack

Everyone who uses a computer is familiar with those reassuring

security certificates that let you know that you’ve arrived at a
secure site, but they aren’t always what they seem. Comodo, a
company that provides those certificates, was hacked in 2011 by an
Iranian programmer. He could create fake Yahoo and Google
Sign-in.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

5 Biggest Computer Hacks in History

Playstation Network Hack

In 2011, a hacker accessed the Play Station Network system, which

resulted in the loss of data and personal information for about 77
million users. The company had to shut down for 20 days and lost
an estimated 171 million dollars.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Types of Hackers

Introducing Hackers

Various Types of Hackers:

1 White Hat Hackers
2 Black Hat Hackers 
3 Gray Hat Hackers Stealing Data

4 Script Kiddie Harming the Systems

Intruding Systems

5 State Sponsored Hackers
6 Red Hat Hackers
7 ...

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Types of Hackers

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Types of Hackers

White Hat Hackers

Who are they?

Certificated Ethical Testers! They hack systems from the loopholes
in the cybersecurity of the organization. The purpose of this
hacking is to test the level of cybersecurity in their organization.

Motives and Aims

Helping businesses, Weak points and security gaps identifying.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Types of Hackers

Black Hat Hackers

Who are they?

Computer experts but with the wrong intention! It makes sense
that those intentions make the hacker a criminal.

Motives and Aims

Hack into organization’s networks like stealing bank data

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Types of Hackers

Gray Hat Hackers

Who are they?

If the intention is for personal gain then the hacker is considered to
be a gray hat hacker.

Motives and Aims

They enjoy experimenting with systems to find loopholes, crack
defenses, and generally find a fun hacking experience.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Hacking Techniques and How to prevent them?

Hacking Techniques:
1 SQL injection attack
2 Denial of
Service/Distributed
Denial of Service
(DoS/DDoS)

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

SQL injection attack

SQL injection is a web security vulnerability that allows an attacker

to interfere with the queries that an application makes to its
database. It generally allows an attacker to view data that they are
not normally able to retrieve. This might include data belonging to
other users, or any other data that the application itself is able to
access. In many cases, an attacker can modify or delete this data
and cause persistent changes to the application’s content or
behavior.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

SQL injection examples

Retrieving hidden data, where you can modify an SQL query

to return additional results.
Subverting application logic, where you can change a query to
interfere with the application’s logic.
UNION attacks, where you can retrieve data from different
database tables.
Examining the database, where you can extract information
about the version and structure of the database.
Blind SQL injection, where the results of a query you control
are not returned in the application’s responses.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

How to prevent SQL injection?

Most instances of SQL injection can be prevented by using

parameterized queries (also known as prepared statements) instead
of string concatenation within the query.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

SQL Code

Example (The following code is vulnerable to SQL injection

because the user input is concatenated directly into the query:)
String query = "SELECT * FROM products WHERE
category = ’"+ input + "’";
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery(query);

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

SQL Code

Example (This code can be easily rewritten in a way that prevents

the user input from interfering with the query structure:)
PreparedStatement statement =
connection.prepareStatement("SELECT * FROM products
WHERE category = ?");
statement.setString(1, input);
ResultSet resultSet = statement.executeQuery();

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

SQL injection attack

Parameterized queries can be used for any situation where

untrusted input appears as data within the query, including the
WHERE clause and values in an INSERT or UPDATE statement.
They can’t be used to handle untrusted input in other parts of the
query. Application functionality that places untrusted data into
those parts of the query will need to take a different approach,
such as white-listing permitted input values, or using different logic
to deliver the required behavior.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Denial of Service/Distributed Denial of Service

(DoS/DDoS)

A distributed denial-of-service (DDoS) attack is a malicious

attempt to disrupt the normal traffic of a targeted server, service
or network by overwhelming the target or its surrounding
infrastructure with a flood of Internet traffic.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

How does a DDoS attack work?

Networks of Internet-connected machines are behind these DDOS

attacks. These networks consist of computers and other devices
(such as IoT devices)which have been infected with malware,
allowing them to be controlled remotely by an attacker. These
individual devices refer to bots (or zombies) so a group of bots is
called a botnet. When a botnet is established, the attacker can
direct an attack by sending remote instructions to each bot.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Hacking Activity (Ping of Death)

ping <IP address> –t 65500

“ping” sends the data packets to the victim
“-t” means the data packets should be sent until the program
is stopped
“-l” specifies the data load to be sent to the victim

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Defending Against DDoS Attacks

Know regular traffic.

Build defensive posture during peacetime, steered by executive
team’s risk assessment guidelines.
Eliminate political obstacles and organizational barriers that
might impair SecOps agility.
Include cybersecurity in business continuity, disaster recovery,
and emergency response planning.
Consider implementing a Zero Trust security model.
Engage your upstream providers to prepare and address risks.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Conclusion

Keen individuals can learn and adapt to them immediately. The

intent behind hacking is what sets the hackers apart. The
knowledge is used for harming individuals or governments or for
personal gain which makes hackers dangerous. The intensity and
type of attack are dependent on the hackers ’ability to find the
loophole and penetrate the security system.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

Final Notes

It’s important to have a solid strategy and to always be on your

guard. You need to give this thought year-round, not just during
cyber security month.

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

References

https://www.computersciencedegreehub.com/lists/5-biggest-
computer-hacks-history/
https://www.jigsawacademy.com/blogs/cyber-
security/different-types-of-hackers/Black-Hat-Hackers
https://portswigger.net/web-security/sql-injection
https://www.cloudflare.com/learning/ddos/what-is-a-ddos-
attack/

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World
First Section Second Section Third Section

Common Hacking Techniques

The End
Thank you for listening to us
In case of having any questions, contact us via:

[email protected]

[email protected]

[email protected]

Alireza Sherkat Avval, Seyed Ali Toliat, Alireza Honardoost KNTU

Introduction to Hacking World