Abstract image of a woman sitting on books and studying on a laptop

Ethical Hacking.pptx

Download as PPTX, PDF
M
MadhuKumar114889

This document discusses ethical hacking, which involves using the same techniques as malicious hackers but within legal and ethical boundaries to test an organization's security. It defines different types of hackers such as black hat, white hat, and grey hat hackers. It then covers the key steps and methods in ethical hacking like reconnaissance, scanning, gaining access, maintaining access, and clearing tracks. It also discusses common attack types like brute force attacks, social engineering, denial of service attacks, and SQL injection. The document emphasizes that ethical hacking is important to identify vulnerabilities, prevent attacks, and strengthen an organization's security. It lists necessary skills for ethical hackers and password cracking tools like Hashcat that support algorithms like MD4, MD5, SHA1, and

Business
1 of 29
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
ETHICAL HACKING BY Madhu Dadi
WHO IS A HACKER ? • A security hacker is someone who seeks to breach defenses and exploit weaknesses in a computer system or network • A person who enjoys learning details of a programming language or system • A person who enjoys actually the programming rather than doing just theorizing about it • A person capable of appreciating someone else's hacking • A person who picks up programming quickly • A person who is an expert at a particular programming language or system
TYPES OF HACKERS Black Hat Hacker Grey Hat Hacker White Hat Hacker
Black-Hat Hacker • A black hat hackers or crackers are individuals with resorting to malicious or extraordinary computing skills, destructive activities. • That is black hat hackers use their knowledge and skill for their own personal gains probably by hurting others.
White-Hat Hacker • White hat hackers are those individuals professing hacker skills and using them for defensive purposes. • This means that the white hat hackers use their knowledge and skill for the good of others and for the common good.
Grey-Hat Hacker • These are individuals who work both offensively and defensively at various times. • We cannot predict their behavior. • Sometimes they use their skills for the common good while in some other times he uses them for their personal gains.
WHAT IS ethical hacking Ethical hacking also known as penetration testing, involves the same tools, tricks, and techniques that hackers, but with one major difference that Ethical hacking is legal. • Independent computer security Professionals breaking into the computer systems. • Neither damage the target systems nor steal information. • Evaluate target systems security and report back to owners about the vulnerabilities found.
• Reconnaissance • Scanning & Enumeration • Gaining access • Maintaining access • Clearing tracks Methodologies of hacking
RECONNAISSANCE The literal meaning of the word reconnaissance means a preliminary survey to gain information. This is also known as foot-printing. This is the first stage in the methodology of hacking
SCANNING & ENUMERATION Scanning is the second phase in the hacking methodology in which the hacker tries to make a blue print of the target network. The blue print includes the IP addresses of the target network which are live, the services which are running on those system and so on.
GAINING ACCESS This is the actual hacking phase in which the hacker gains access to the system. The hacker will make use of all the information he collected in the pre-attacking phases. Usually the main hindrance to gaining access to a system is the passwords.
MAINTAINING ACCESS Now the hacker is inside the system by some means by password guessing or exploiting some of it’s vulnerabilities. This means that he is now in a position to upload some files and download some of them. The next aim will be to make an easier path to get in when he comes the next time.
CLEARING TRACKS Now we come to the final step in the hacking. There is a saying that “everybody knows a good hacker but nobody knows a great hacker”. This means that a good hacker can always clear tracks or any record that they may be present in the network to prove that he was here.
TYPES OF ATTACKING MODES • Brute force attack • Social engineering/cyber fraud • Denial-of-Service(DoS) • Malware attacks • SQL Injection • Phishing attack • MITM attack • Cross Site Scripting (XSS)
BRUTE FORCE ATTACK The brute force attack will use a specially designed software to go through hundreds of thousands of different words, combinations of words and numbers to try to crack your password
SOCIAL ENGINEERING Social engineering is the term used for a broad range of malicious activities human accomplished through interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
DENIAL-OF-SERVICE(DOS) A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
Malware attack is a type of cyberattack in which malware or malicious software performs activities on the victim's computer system, usually without his/her knowledge MALWARE ATTACKS
SQL INJECTION SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed.
PHISHING ATTACK Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
MITM ATTACK A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.
CROSS SITE SCRIPTING (XSS) Cross site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. XSS differs from other web attack vectors (e.g., SQL injections), in that it does not directly target the application itself. Instead, the users of the web application are the ones at risk.
WHAT IS THE NEED FOR ETHICAL HACKING? Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
NEED FOR ETHICAL HACKING • ’To catch a thief you have to think like a thief” • Helps in closing the open holes in the system network • Provides security to banking and financial establishments • Prevents website defacements • An evolving technique
Required Skills of an Ethical Hacker • Microsoft: skills in operation, configuration and management. • Linux: knowledge of Linux/Unix; security setting, configuration, and services. • Firewalls: configurations, and operation of intrusion detection systems. • Routers: knowledge of routers, routing protocols, and access control lists • Mainframes • Network Protocols: TCP/IP; how they function and can be manipulated. • Project Management: leading, planning, organizing, and controlling a penetration testing team.
Hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. Features of Hashcat. • World's fastest password cracker • World's first and only in-kernel rule engine • Free • Open-Source (MIT License) • Multi-OS (Linux, Windows and macOS)
What is Hashing Algorithm? A hashing algorithm is a cryptographic hash function. It is a mathematical algorithm that maps data of arbitrary size to a hash of a fixed size. It’s designed to be a one-way function, infeasible to invert.
1.It should be fast to compute the hash value for any kind of data 2.It should be impossible to regenerate a message from its hash value (brute force attack as the only option) 3.It should avoid hash collisions; each message has its own hash. 4.Every change to a message, even the smallest one, should change the hash value. It should be completely different. It’s called the avalanche effect
SOME OF THE HASHING ALGORITHM THAT HASHCAT CAN BREAK • MD4 • MD5 • Half MD5 • SHA1 • SHA2-224 • SHA2-256

More Related Content

PPTX
Ethical hacking : Its methodologies and tools
chrizjohn896
 
DOCX
Ethical hacking
Nitheesh Adithyan
 
PPTX
Ethical Hacking
Nitheesh Adithyan
 
PPTX
Ethical hacking
Anumadil1
 
PPTX
Ethical Hacking.pptx
achint20
 
PPTX
Ethical hacking
Ritwick Mukherjee
 
PPTX
Ethical hacking
AKSHAY KHATRI
 
PPTX
Ethical hacking
Institute of Information Security (IIS)
 
Ethical hacking : Its methodologies and tools
chrizjohn896
 
Ethical hacking
Nitheesh Adithyan
 
Ethical Hacking
Nitheesh Adithyan
 
Ethical hacking
Anumadil1
 
Ethical Hacking.pptx
achint20
 
Ethical hacking
Ritwick Mukherjee
 
Ethical hacking
AKSHAY KHATRI
 
Ethical hacking
Institute of Information Security (IIS)
 

Similar to Ethical Hacking.pptx (20)

PPTX
Cse ethical hacking ppt
shreya_omar
 
PPTX
Ethical Hacking - Copy.pptx
MadhuKumar114889
 
RTF
Hacking and its types
Rishab Gupta
 
PPTX
CSE-Ethical-Hacking-ppt.pptx
VishnuVarma47
 
PPTX
ethical hacking
samprada123
 
PPT
Hacking
Paidi Dinesh
 
PPTX
CSE-Ethical-Hacking-ppt.pptx
AnshumaanTiwari2
 
PPTX
Ethical Hacking.pptx Hacker Presentation
sahilhussain2006bth
 
PDF
UNIT - I in Engineering Subjects Ethical Hacking Subject
philipsmohan
 
PPTX
GEC-LIE Chapter-3.-Lesson-5-Hacking.pptx
AnjieVillarba1
 
PPTX
Engineering report ca2_Kritakbiswas.pptx
prosunghosh7
 
PPTX
Jshsh jyaya uuha b8avba usbsusbus sjsjjk.pptx
atulkumaratulkumar18
 
PPTX
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
GovandJamalSaeed
 
PPTX
my new HACKING
BABATUNDE OLANREWAJU GEORGE
 
PPTX
Ethical hacking
VipinYadav257
 
PPTX
Hacking
VipinYadav257
 
PPTX
sourabh_sipPPT.pptx
SourabhRuhil4
 
DOCX
Ethical hacking.
Khushboo Aggarwal
 
PPTX
Hacking.pptx
Yogesh Chauhan
 
PPTX
Ethical Hacking
Aditya Vikram Singhania
 
Cse ethical hacking ppt
shreya_omar
 
Ethical Hacking - Copy.pptx
MadhuKumar114889
 
Hacking and its types
Rishab Gupta
 
CSE-Ethical-Hacking-ppt.pptx
VishnuVarma47
 
ethical hacking
samprada123
 
Hacking
Paidi Dinesh
 
CSE-Ethical-Hacking-ppt.pptx
AnshumaanTiwari2
 
Ethical Hacking.pptx Hacker Presentation
sahilhussain2006bth
 
UNIT - I in Engineering Subjects Ethical Hacking Subject
philipsmohan
 
GEC-LIE Chapter-3.-Lesson-5-Hacking.pptx
AnjieVillarba1
 
Engineering report ca2_Kritakbiswas.pptx
prosunghosh7
 
Jshsh jyaya uuha b8avba usbsusbus sjsjjk.pptx
atulkumaratulkumar18
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
GovandJamalSaeed
 
my new HACKING
BABATUNDE OLANREWAJU GEORGE
 
Ethical hacking
VipinYadav257
 
Hacking
VipinYadav257
 
sourabh_sipPPT.pptx
SourabhRuhil4
 
Ethical hacking.
Khushboo Aggarwal
 
Hacking.pptx
Yogesh Chauhan
 
Ethical Hacking
Aditya Vikram Singhania
 

Recently uploaded (20)

PDF
IFRS Green Book_Part B for professional pdf
andargie2015
 
PPTX
Understanding Procurement Strategies.pptx Your score increases as you pick a ...
ssuser886aa1
 
PDF
Cross-Cultural Leadership Practices in Education (www.kiu.ac.ug)
publication11
 
PPTX
Market and Demand Analysis.pptx for Management students
DrKavitaRani2
 
PPT
BCG内部幻灯片撰写. slide template BCG.slide template
d746tpyhkt
 
PPTX
IMM marketing mix of four ps give fjcb jjb
aruntambralli3813
 
PDF
533158074-Saudi-Arabia-Companies-List-Contact.pdf
Shaik Abubakr Siddiqui
 
PPTX
basic introduction to research chapter 1.pptx
sangeethanagaraj8
 
PPTX
chapter 2 entrepreneurship full lecture ppt
annejo20
 
PDF
France's Top 5 Promising EdTech Companies to Watch in 2025.pdf
educationexcellencem
 
PDF
Engaging Stakeholders in Policy Discussions: A Legal Framework (www.kiu.ac.ug)
publication11
 
PDF
Pink Cute Simple Group Project Presentation.pdf
francesloreen01
 
PDF
Highest-Paid CEO in 2025_ You Won’t Believe Who Tops the List.pdf
Visionary CIOs
 
PDF
Second Hand Fashion Call to Action March 2025
agatadrynko
 
PDF
The Future of Marketing: AI, Funnels & MBA Careers | My Annual IIM Lucknow Talk
Amit Haralalka
 
PDF
How to run a consulting project from scratch
P&CO
 
PDF
Sustainable Digital Finance in Asia_FINAL_22.pdf
deafajriatatarizqaja
 
DOCX
Handbook of entrepreneurship- Chapter 7- Types of business organisations
DrSubinKMohan
 
PDF
dataZense for Data Analytics unleashed features
Chainsys SEO
 
PPTX
Supply Chain under WAR (Managing Supply Chain Amid Political Conflict).pptx
Mohamed Abu Rahal
 
IFRS Green Book_Part B for professional pdf
andargie2015
 
Understanding Procurement Strategies.pptx Your score increases as you pick a ...
ssuser886aa1
 
Cross-Cultural Leadership Practices in Education (www.kiu.ac.ug)
publication11
 
Market and Demand Analysis.pptx for Management students
DrKavitaRani2
 
BCG内部幻灯片撰写. slide template BCG.slide template
d746tpyhkt
 
IMM marketing mix of four ps give fjcb jjb
aruntambralli3813
 
533158074-Saudi-Arabia-Companies-List-Contact.pdf
Shaik Abubakr Siddiqui
 
basic introduction to research chapter 1.pptx
sangeethanagaraj8
 
chapter 2 entrepreneurship full lecture ppt
annejo20
 
France's Top 5 Promising EdTech Companies to Watch in 2025.pdf
educationexcellencem
 
Engaging Stakeholders in Policy Discussions: A Legal Framework (www.kiu.ac.ug)
publication11
 
Pink Cute Simple Group Project Presentation.pdf
francesloreen01
 
Highest-Paid CEO in 2025_ You Won’t Believe Who Tops the List.pdf
Visionary CIOs
 
Second Hand Fashion Call to Action March 2025
agatadrynko
 
The Future of Marketing: AI, Funnels & MBA Careers | My Annual IIM Lucknow Talk
Amit Haralalka
 
How to run a consulting project from scratch
P&CO
 
Sustainable Digital Finance in Asia_FINAL_22.pdf
deafajriatatarizqaja
 
Handbook of entrepreneurship- Chapter 7- Types of business organisations
DrSubinKMohan
 
dataZense for Data Analytics unleashed features
Chainsys SEO
 
Supply Chain under WAR (Managing Supply Chain Amid Political Conflict).pptx
Mohamed Abu Rahal
 

Ethical Hacking.pptx

  • 2. WHO IS A HACKER ? • A security hacker is someone who seeks to breach defenses and exploit weaknesses in a computer system or network • A person who enjoys learning details of a programming language or system • A person who enjoys actually the programming rather than doing just theorizing about it • A person capable of appreciating someone else's hacking • A person who picks up programming quickly • A person who is an expert at a particular programming language or system
  • 3. TYPES OF HACKERS Black Hat Hacker Grey Hat Hacker White Hat Hacker
  • 4. Black-Hat Hacker • A black hat hackers or crackers are individuals with resorting to malicious or extraordinary computing skills, destructive activities. • That is black hat hackers use their knowledge and skill for their own personal gains probably by hurting others.
  • 5. White-Hat Hacker • White hat hackers are those individuals professing hacker skills and using them for defensive purposes. • This means that the white hat hackers use their knowledge and skill for the good of others and for the common good.
  • 6. Grey-Hat Hacker • These are individuals who work both offensively and defensively at various times. • We cannot predict their behavior. • Sometimes they use their skills for the common good while in some other times he uses them for their personal gains.
  • 7. WHAT IS ethical hacking Ethical hacking also known as penetration testing, involves the same tools, tricks, and techniques that hackers, but with one major difference that Ethical hacking is legal. • Independent computer security Professionals breaking into the computer systems. • Neither damage the target systems nor steal information. • Evaluate target systems security and report back to owners about the vulnerabilities found.
  • 8. • Reconnaissance • Scanning & Enumeration • Gaining access • Maintaining access • Clearing tracks Methodologies of hacking
  • 9. RECONNAISSANCE The literal meaning of the word reconnaissance means a preliminary survey to gain information. This is also known as foot-printing. This is the first stage in the methodology of hacking
  • 10. SCANNING & ENUMERATION Scanning is the second phase in the hacking methodology in which the hacker tries to make a blue print of the target network. The blue print includes the IP addresses of the target network which are live, the services which are running on those system and so on.
  • 11. GAINING ACCESS This is the actual hacking phase in which the hacker gains access to the system. The hacker will make use of all the information he collected in the pre-attacking phases. Usually the main hindrance to gaining access to a system is the passwords.
  • 12. MAINTAINING ACCESS Now the hacker is inside the system by some means by password guessing or exploiting some of it’s vulnerabilities. This means that he is now in a position to upload some files and download some of them. The next aim will be to make an easier path to get in when he comes the next time.
  • 13. CLEARING TRACKS Now we come to the final step in the hacking. There is a saying that “everybody knows a good hacker but nobody knows a great hacker”. This means that a good hacker can always clear tracks or any record that they may be present in the network to prove that he was here.
  • 14. TYPES OF ATTACKING MODES • Brute force attack • Social engineering/cyber fraud • Denial-of-Service(DoS) • Malware attacks • SQL Injection • Phishing attack • MITM attack • Cross Site Scripting (XSS)
  • 15. BRUTE FORCE ATTACK The brute force attack will use a specially designed software to go through hundreds of thousands of different words, combinations of words and numbers to try to crack your password
  • 16. SOCIAL ENGINEERING Social engineering is the term used for a broad range of malicious activities human accomplished through interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
  • 17. DENIAL-OF-SERVICE(DOS) A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
  • 18. Malware attack is a type of cyberattack in which malware or malicious software performs activities on the victim's computer system, usually without his/her knowledge MALWARE ATTACKS
  • 19. SQL INJECTION SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed.
  • 20. PHISHING ATTACK Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
  • 21. MITM ATTACK A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.
  • 22. CROSS SITE SCRIPTING (XSS) Cross site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. XSS differs from other web attack vectors (e.g., SQL injections), in that it does not directly target the application itself. Instead, the users of the web application are the ones at risk.
  • 23. WHAT IS THE NEED FOR ETHICAL HACKING? Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
  • 24. NEED FOR ETHICAL HACKING • ’To catch a thief you have to think like a thief” • Helps in closing the open holes in the system network • Provides security to banking and financial establishments • Prevents website defacements • An evolving technique
  • 25. Required Skills of an Ethical Hacker • Microsoft: skills in operation, configuration and management. • Linux: knowledge of Linux/Unix; security setting, configuration, and services. • Firewalls: configurations, and operation of intrusion detection systems. • Routers: knowledge of routers, routing protocols, and access control lists • Mainframes • Network Protocols: TCP/IP; how they function and can be manipulated. • Project Management: leading, planning, organizing, and controlling a penetration testing team.
  • 26. Hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. Features of Hashcat. • World's fastest password cracker • World's first and only in-kernel rule engine • Free • Open-Source (MIT License) • Multi-OS (Linux, Windows and macOS)
  • 27. What is Hashing Algorithm? A hashing algorithm is a cryptographic hash function. It is a mathematical algorithm that maps data of arbitrary size to a hash of a fixed size. It’s designed to be a one-way function, infeasible to invert.
  • 28. 1.It should be fast to compute the hash value for any kind of data 2.It should be impossible to regenerate a message from its hash value (brute force attack as the only option) 3.It should avoid hash collisions; each message has its own hash. 4.Every change to a message, even the smallest one, should change the hash value. It should be completely different. It’s called the avalanche effect
  • 29. SOME OF THE HASHING ALGORITHM THAT HASHCAT CAN BREAK • MD4 • MD5 • Half MD5 • SHA1 • SHA2-224 • SHA2-256