Professional Documents
Culture Documents
Ethical Hacking: 19 Ofaugust, 2006 Hyderabad, India
Ethical Hacking: 19 Ofaugust, 2006 Hyderabad, India
Ethical Hacking
TWINCLING Society
We appreciate
Outline
Know your enemy History and Trends Anatomy of a hack System Hacking Sniffers Denial of Service Buffer Overflows Social Engineering
TWINCLING Society
TWINCLING Society
If you know yourself but not the enemy, for every victory gained, you will suffer defeat. If you know the enemy and know yourself, you need not fear the result of a hundred battles.
Hacker (n) refers to a person who enjoys learning the details of computer systems and stretch their capabilities. Hacking (v) describes the rapid development of new programs or reverse engineering of already existing software to make the code better and efficient. Cracker refers to a person who uses his hacking skills for offensive purposes. Phreak a hacker variant with an interest in telephones and telephone systems. Hactivism refers to an act of hacking in order to communicate a politically or socially motivated message. An Internet enabled way to practice civil disobedience and protest.
TWINCLING Society
Ethical Hacker refers to security professional who apply their hacking skills for defensive purposes on behalf of its owners. Ethical Hacking is also known as penetration testing, intrusion testing, red teaming Ethical hacker looks for the following four basic questions: What information/locations/systems can an intruder gain access? What can an intruder see on the target? What can an intruder do with available information? Does anyone at the target system notice the attempts?
TWINCLING Society
Hacker Classes
TWINCLING Society
TWINCLING Society
Information Security = C I A ( Confidentiality, Integrity, Authentication ) It remains a fact however, that gaining unauthorized access is a crime, no matter what the intent.
TWINCLING Society
Anatomy of a hack
TWINCLING Society
Refers to a preparatory phase where an attacker seeks to gather as much information as possible about the target of evaluation prior to launching an attack. Passive reconnaissance involves monitoring network data for patterns and clues. Active reconnaissance involves probing the network for Accessible hosts Open ports Location of routers Operating system details (if possible services)
TWINCLING Society
Footprinting is a blueprinting of the security profile of an organization, undertaken in a methodological manner. Scanning refers to a pre-attack phase when the hacker scans the network with a specific information gathered during footprinting. Enumeration involves active connections to systems and directed queries
TWINCLING Society
This stage of a hack can be considered to be a logical extension of active reconnaissance Get a single point of entry to launch an attack and could be point of exploit when vulnerability of the system is detected. Objectives of port scanning. Open ports Host operating system Software or service versions Vulnerable software versions
TWINCLING Society
Gaining access refers to the true attack phase. The exploit can occur over a LAN, locally, Internet, offline, as a deception or theft.
TWINCLING Society
System Hacking Sniffers Social Engineering Denial of Service Session Hijacking Buffer Overflows Rootkits
Hacking Web servers Web application vulnerabilities Web based password cracking SQL injection Hacking Wireless networks Virus and Worms Evading IDS, firewalls, Honeypots Cryptography
Maintaining Access
Maintaining access refers to the phase when the attacker tries to retain his 'ownership' of the system. Install tools such as
TWINCLING Society
Covering Tracks
Covering tracks refers to remove the evidence of his presence and activities. Techniques include:
TWINCLING Society
System Hacking
TWINCLING Society
Dictionary and Brute force attack Social engineering and Shoulder sniffing Dumpster Diving
Sniffers
Network data. Operating system data. Spoofing. Man in the Middle. Through compromising physical security Using a Trojan Horse. ARP spoofing. DNS spoofing
TWINCLING Society
Passive Sniffers
Active Sniffing
Denial of Service
An attack with which an attacker renders a system unusable or significantly slowdown the system. Methods include:
TWINCLING Society
Flood a network.
Disrupt connections between two machines. Prevent a particular individual from accessing a service.
TWINCLING Society
Buffer Overflows
Social Engineering
It is an art of using influence and persuasion to deceive people for the purpose of obtaining information or to perform some action. Even with all firewalls, authentication processes, VPN, companies are still wide open to attacks. Humans are the weakest link in the security chain. It is the hardest form of attack to defend against.
TWINCLING Society
There is no single set of methodology that can be adopted for ethical hacking. The terms of reference used for various phases in the anatomy of a hack may differ, but the essence is the same. Hacking is not for everyone (there is not half-way) It takes an objective mind, a lot of free time, and dedication to keep up with things. NEVER use the knowledge for offensive purposes.
TWINCLING Society
Resources
BlackHat http://www.blackhat.com/ Astalavista http://www.astalavista.com/ CERT Coordination Center http://www.cert.org/ Neohapsis http://www.neohapsis.com/ PacketStorm http://packetstormsecurity.org/ SecurityFocus http://www.securityfocus.com/ SecurityDocs http://www.securitydocs.com/ FoundStone http://www.foundstone.com/
TWINCLING Society
Books
TWINCLING Society
Books
TWINCLING Society
Special thanks
TWINCLING Society
Special thanks
TWINCLING Society
About us
TWINCLING Society
Charter Legal
Management
About us ...
TWINCLING Society
website
www.twincling.org
mailing list
groups.yahoo.com/group/twincling
http://www.nabble.com/twincling-f15741.html
About us ...
TWINCLING Society
irc
#twincling
helpline
+91-99496 50605 +91-99499 91585
more info