SlideShare a Scribd company logo

Ethical Hacking: Safeguarding Systems through Responsible Security Testing

Download as PPT, PDF
C
champubhaiya8

The document provides an overview of ethical hacking, emphasizing its legality, professional standards, and processes involved such as preparation, footprinting, enumeration, and vulnerability identification. It discusses the importance of ethical hacking in identifying weaknesses in systems to protect against external threats, citing various statistics and types of attacks faced by organizations. Additionally, it details methodologies for exploiting vulnerabilities and stresses the need for thorough reporting post-assessment.

Education
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# !@ Ethical Hacking
2 # !@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Reporting
3 # !@ Ethical Hacking Conforming to accepted professional standards of conduct What is Ethical Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good Guys Black-hat – Bad guys
4 # !@ What is Ethical Hacking  It is Legal  Permission is obtained from the target  Part of an overall security program  Identify vulnerabilities visible from Internet at particular point of time  Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
5 # !@ Why – Ethical Hacking January - 2024 Jan 01, 2024 to Jan 30, 2024 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Defacement Statistics for Indian Websites
6 # !@ Why – Ethical Hacking Total Number of Incidents
7 # !@ Why – Ethical Hacking
8 # !@ Why – Ethical Hacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
9 # !@ Ethical Hacking - Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
10 # !@ Preparation  Identification of Targets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
11 # !@ Footprinting Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
12 # !@ Enumeration & Fingerprinting  Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
13 # !@ Identification of Vulnerabilities Vulnerabilities  Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
14 # !@ Identification of Vulnerabilities Methods  Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
15 # !@ Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
16 # !@ Attack – Exploit the vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
17 # !@ Attack – Exploit the vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
18 # !@ Attack – Exploit the vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
19 # !@ Attack – Exploit the vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
20 # !@ Reporting  Methodology  Exploited Conditions & Vulnerabilities that could not be exploited  Proof for Exploits - Trophies  Practical Security solutions
21 # !@ THANKYOU

More Related Content

Similar to Ethical Hacking: Safeguarding Systems through Responsible Security Testing (20)

PPT
Ethical hacking-ppt-download4575
Gopal Rathod
 
PPTX
ethical hacking
Neelima Bawa
 
PPTX
Presentation1
Abhishek Malhotra
 
PPT
Ethical Hacking
Rohan Raj
 
PPTX
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
PPT
Ethical hacking
Sourabh Badve
 
PPTX
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
PPT
Introduction to ceh
Hemant Mittal
 
PPT
Ethical Hacking
Keith Brooks
 
PDF
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
PPTX
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
AlfredObia1
 
PPT
Hackers Cracker Network Intruder
Erdo Deshiant Garnaby
 
PPTX
Ethical hacking
Prabhat kumar Suman
 
PDF
Lec_11_Introduction to Cyber Security.pdf
MohammedAdel426426
 
PPTX
Hacking - penetration tools
JenishChauhan4
 
PPT
How to become Hackers .
Greater Noida Institute Of Technology
 
PDF
Ethical hacking
Khairi Aiman
 
PDF
Lecture26 cc-security1
Ankit Gupta
 
PPTX
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
Shivam Sahu
 
PPT
The Role of Security and Penetration Testers
yasirabdullah15
 
Ethical hacking-ppt-download4575
Gopal Rathod
 
ethical hacking
Neelima Bawa
 
Presentation1
Abhishek Malhotra
 
Ethical Hacking
Rohan Raj
 
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
Ethical hacking
Sourabh Badve
 
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
Introduction to ceh
Hemant Mittal
 
Ethical Hacking
Keith Brooks
 
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
AlfredObia1
 
Hackers Cracker Network Intruder
Erdo Deshiant Garnaby
 
Ethical hacking
Prabhat kumar Suman
 
Lec_11_Introduction to Cyber Security.pdf
MohammedAdel426426
 
Hacking - penetration tools
JenishChauhan4
 
How to become Hackers .
Greater Noida Institute Of Technology
 
Ethical hacking
Khairi Aiman
 
Lecture26 cc-security1
Ankit Gupta
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
Shivam Sahu
 
The Role of Security and Penetration Testers
yasirabdullah15
 

Recently uploaded (20)

PDF
Generative AI: it's STILL not a robot (CIJ Summer 2025)
Paul Bradshaw
 
PPTX
Quarter1-English3-W4-Identifying Elements of the Story
FLORRACHELSANTOS
 
PDF
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - GLOBAL SUCCESS - CẢ NĂM - NĂM 2024 (VOCABULARY, ...
Nguyen Thanh Tu Collection
 
PDF
community health nursing question paper 2.pdf
Prince kumar
 
PDF
ARAL_Orientation_Day-2-Sessions_ARAL-Readung ARAL-Mathematics ARAL-Sciencev2.pdf
JoelVilloso1
 
PPTX
Unit 2 COMMERCIAL BANKING, Corporate banking.pptx
AnubalaSuresh1
 
PPTX
PATIENT ASSIGNMENTS AND NURSING CARE RESPONSIBILITIES.pptx
PRADEEP ABOTHU
 
PPSX
HEALTH ASSESSMENT (Community Health Nursing) - GNM 1st Year
Priyanshu Anand
 
PPTX
Views on Education of Indian Thinkers Mahatma Gandhi.pptx
ShrutiMahanta1
 
PPT
Talk on Critical Theory, Part One, Philosophy of Social Sciences
Soraj Hongladarom
 
PDF
The Constitution Review Committee (CRC) has released an updated schedule for ...
nservice241
 
PDF
Chapter-V-DED-Entrepreneurship: Institutions Facilitating Entrepreneurship
Dayanand Huded
 
PDF
CONCURSO DE POESIA “POETUFAS – PASSOS SUAVES PELO VERSO.pdf
Colégio Santa Teresinha
 
PPTX
A PPT on Alfred Lord Tennyson's Ulysses.
Beena E S
 
PPTX
How to Create a PDF Report in Odoo 18 - Odoo Slides
Celine George
 
PPTX
Mathematics 5 - Time Measurement: Time Zone
menchreo
 
PPTX
How to Manage Large Scrollbar in Odoo 18 POS
Celine George
 
PPTX
grade 5 lesson ENGLISH 5_Q1_PPT_WEEK3.pptx
SireQuinn
 
PDF
SSHS-2025-PKLP_Quarter-1-Dr.-Kerby-Alvarez.pdf
AishahSangcopan1
 
PPTX
HYDROCEPHALUS: NURSING MANAGEMENT .pptx
PRADEEP ABOTHU
 
Generative AI: it's STILL not a robot (CIJ Summer 2025)
Paul Bradshaw
 
Quarter1-English3-W4-Identifying Elements of the Story
FLORRACHELSANTOS
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 - GLOBAL SUCCESS - CẢ NĂM - NĂM 2024 (VOCABULARY, ...
Nguyen Thanh Tu Collection
 
community health nursing question paper 2.pdf
Prince kumar
 
ARAL_Orientation_Day-2-Sessions_ARAL-Readung ARAL-Mathematics ARAL-Sciencev2.pdf
JoelVilloso1
 
Unit 2 COMMERCIAL BANKING, Corporate banking.pptx
AnubalaSuresh1
 
PATIENT ASSIGNMENTS AND NURSING CARE RESPONSIBILITIES.pptx
PRADEEP ABOTHU
 
HEALTH ASSESSMENT (Community Health Nursing) - GNM 1st Year
Priyanshu Anand
 
Views on Education of Indian Thinkers Mahatma Gandhi.pptx
ShrutiMahanta1
 
Talk on Critical Theory, Part One, Philosophy of Social Sciences
Soraj Hongladarom
 
The Constitution Review Committee (CRC) has released an updated schedule for ...
nservice241
 
Chapter-V-DED-Entrepreneurship: Institutions Facilitating Entrepreneurship
Dayanand Huded
 
CONCURSO DE POESIA “POETUFAS – PASSOS SUAVES PELO VERSO.pdf
Colégio Santa Teresinha
 
A PPT on Alfred Lord Tennyson's Ulysses.
Beena E S
 
How to Create a PDF Report in Odoo 18 - Odoo Slides
Celine George
 
Mathematics 5 - Time Measurement: Time Zone
menchreo
 
How to Manage Large Scrollbar in Odoo 18 POS
Celine George
 
grade 5 lesson ENGLISH 5_Q1_PPT_WEEK3.pptx
SireQuinn
 
SSHS-2025-PKLP_Quarter-1-Dr.-Kerby-Alvarez.pdf
AishahSangcopan1
 
HYDROCEPHALUS: NURSING MANAGEMENT .pptx
PRADEEP ABOTHU
 

Ethical Hacking: Safeguarding Systems through Responsible Security Testing

  • 2. 2 # !@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Reporting
  • 3. 3 # !@ Ethical Hacking Conforming to accepted professional standards of conduct What is Ethical Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good Guys Black-hat – Bad guys
  • 4. 4 # !@ What is Ethical Hacking  It is Legal  Permission is obtained from the target  Part of an overall security program  Identify vulnerabilities visible from Internet at particular point of time  Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
  • 5. 5 # !@ Why – Ethical Hacking January - 2024 Jan 01, 2024 to Jan 30, 2024 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Defacement Statistics for Indian Websites
  • 6. 6 # !@ Why – Ethical Hacking Total Number of Incidents
  • 8. 8 # !@ Why – Ethical Hacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
  • 9. 9 # !@ Ethical Hacking - Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
  • 10. 10 # !@ Preparation  Identification of Targets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
  • 11. 11 # !@ Footprinting Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
  • 12. 12 # !@ Enumeration & Fingerprinting  Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
  • 13. 13 # !@ Identification of Vulnerabilities Vulnerabilities  Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
  • 14. 14 # !@ Identification of Vulnerabilities Methods  Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
  • 15. 15 # !@ Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
  • 16. 16 # !@ Attack – Exploit the vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
  • 17. 17 # !@ Attack – Exploit the vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
  • 18. 18 # !@ Attack – Exploit the vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
  • 19. 19 # !@ Attack – Exploit the vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
  • 20. 20 # !@ Reporting  Methodology  Exploited Conditions & Vulnerabilities that could not be exploited  Proof for Exploits - Trophies  Practical Security solutions