SlideShare a Scribd company logo

Ethical Hacking

Download as PPTX, PDF
S
Sylvain Martinez

Ethical hacking involves performing authorized security testing and vulnerability assessments to evaluate an organization's security posture and help protect against cyber threats. It generally follows steps of reconnaissance, scanning systems to identify vulnerabilities, gaining access if possible, maintaining or escalating that access, and covering tracks. Ethical hackers have permission and work within legal bounds, using their skills to strengthen security rather than enable harm. The document discusses definitions, common techniques, tools used at each step, and how ethical hackers differ from malicious hackers by operating openly to help rather than secretly to enable illegal acts.

Related slideshows

Insights Into Modern Day Threat Protection
Insights Into Modern Day Threat ProtectionInsights Into Modern Day Threat Protection
Insights Into Modern Day Threat Protection
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
 
Modern Red Teaming - subverting mature defenses on a budget
Modern Red Teaming - subverting mature defenses on a budgetModern Red Teaming - subverting mature defenses on a budget
Modern Red Teaming - subverting mature defenses on a budget
 
1 of 11
Ethical Hacking SANJAY POONYTH, CISM
What is it all about?  Assets (data) – Vulnerabilities – Threats  C I A – Holy Trinity of Security  Are you breaking the law? Computer Misuse and Cybercrime Act 2003 - DPA/GDPR 2017 HIPAA (Health Insurance -1996), Homeland Security Act (2002) – 4 new acts in 2015 (Breach Notification & Cybersecurity)  Do you have written permission of the owner?
Ethical Hacking
Some definitions!  Defensive or Offensive Posture  White Hats vs Black Hats (Gray Hats?)  Red Teams vs Blue Teams (Purple Teams?)  White box vs Black box (Gray Box?)  Hacktivists, Suicide Hackers, State sponsored Hackers!  Security Audit vs Vulnerability Scanning vs Penetration Testing
Ethical Hacking - General Steps  Reconnaissance (Footprinting)  Scanning & Enumeration  Gaining Access  Maintaining/Escalating Access  Covering Tracks Written Authorisation !!!
Reconnaissance - Scanning - Gaining Access - Maintaining/Escalating Access - Covering Tracks  Passive vs Active (website or people Search, try to go inside the company)  Where is your data (Website, facebook, Linkedin, WhatsApps, Twitter,….)  Dumpster diving (Shredders, Bins,…)  Social Engineering  Professional Tools for data collection  Ask for it!
 OSI Model – Know your layers  TCP handshake (Sync, Sync/Ack,…)  Ping Sweep, Network/Asset Mapping, Packet Manipulation  Open Ports, Vulnerability Scanning, Scanning behind the firewall  Is scanning legal or illegal? Reconnaissance - Scanning - Gaining Access - Maintaining/Escalating Access - Covering Tracks
 Deploy attacks against uncovered vulnerabilities  DOS & DDOS  Phishing attacks  Password cracks  SQL injection  Buffer overflows  Wireless Attacks  Mobile Attacks  Malware attacks  + hundreds more…….targeted at CIA or each layer of the OSI model  Hacking the Human OS ! Reconnaissance - Scanning - Gaining Access - Maintaining/Escalating Access - Covering Tracks
 Ensure a way back into compromised machine or system  Trojans, Rootkits, Back doors, Zombies,  Placing a sniffer for specific monitoring.  Escalating Privileges (gaining Administrative Access)  Have you been Hacked? https://www.shodan.io/, https://haveibeenpwned.com/, Reconnaissance - Scanning - Gaining Access - Maintaining/Escalating Access - Covering Tracks
Reconnaissance - Scanning - Gaining Access - Maintaining/Escalating Access - Covering Tracks  Conceal Success and Avoid Detection  Delete or Modify Logs  Hide Files  Do Ethical Hackers fix vulnerabilities?  Do penetration Testers exploit vulnerabilities (a DDOS attack that will bring down the company’s network)?
Illegal Acts!  Impersonation  Fake Profile on Facebook  Scanning of public IP’s  Truth in Caller ID

More Related Content

Ethical Hacking

  • 2. What is it all about?  Assets (data) – Vulnerabilities – Threats  C I A – Holy Trinity of Security  Are you breaking the law? Computer Misuse and Cybercrime Act 2003 - DPA/GDPR 2017 HIPAA (Health Insurance -1996), Homeland Security Act (2002) – 4 new acts in 2015 (Breach Notification & Cybersecurity)  Do you have written permission of the owner?
  • 4. Some definitions!  Defensive or Offensive Posture  White Hats vs Black Hats (Gray Hats?)  Red Teams vs Blue Teams (Purple Teams?)  White box vs Black box (Gray Box?)  Hacktivists, Suicide Hackers, State sponsored Hackers!  Security Audit vs Vulnerability Scanning vs Penetration Testing
  • 5. Ethical Hacking - General Steps  Reconnaissance (Footprinting)  Scanning & Enumeration  Gaining Access  Maintaining/Escalating Access  Covering Tracks Written Authorisation !!!
  • 6. Reconnaissance - Scanning - Gaining Access - Maintaining/Escalating Access - Covering Tracks  Passive vs Active (website or people Search, try to go inside the company)  Where is your data (Website, facebook, Linkedin, WhatsApps, Twitter,….)  Dumpster diving (Shredders, Bins,…)  Social Engineering  Professional Tools for data collection  Ask for it!
  • 7.  OSI Model – Know your layers  TCP handshake (Sync, Sync/Ack,…)  Ping Sweep, Network/Asset Mapping, Packet Manipulation  Open Ports, Vulnerability Scanning, Scanning behind the firewall  Is scanning legal or illegal? Reconnaissance - Scanning - Gaining Access - Maintaining/Escalating Access - Covering Tracks
  • 8.  Deploy attacks against uncovered vulnerabilities  DOS & DDOS  Phishing attacks  Password cracks  SQL injection  Buffer overflows  Wireless Attacks  Mobile Attacks  Malware attacks  + hundreds more…….targeted at CIA or each layer of the OSI model  Hacking the Human OS ! Reconnaissance - Scanning - Gaining Access - Maintaining/Escalating Access - Covering Tracks
  • 9.  Ensure a way back into compromised machine or system  Trojans, Rootkits, Back doors, Zombies,  Placing a sniffer for specific monitoring.  Escalating Privileges (gaining Administrative Access)  Have you been Hacked? https://www.shodan.io/, https://haveibeenpwned.com/, Reconnaissance - Scanning - Gaining Access - Maintaining/Escalating Access - Covering Tracks
  • 10. Reconnaissance - Scanning - Gaining Access - Maintaining/Escalating Access - Covering Tracks  Conceal Success and Avoid Detection  Delete or Modify Logs  Hide Files  Do Ethical Hackers fix vulnerabilities?  Do penetration Testers exploit vulnerabilities (a DDOS attack that will bring down the company’s network)?
  • 11. Illegal Acts!  Impersonation  Fake Profile on Facebook  Scanning of public IP’s  Truth in Caller ID