TWINCLING Society

Ethical Hacking

19th ofAugust, 2006 Hyderabad, India

TWINCLING Society

We appreciate

Outline

Know your enemy History and Trends Anatomy of a hack System Hacking Sniffers Denial of Service Buffer Overflows Social Engineering

TWINCLING Society

Know your enemy

Sun Tzu says in the 'Art of War',

TWINCLING Society

If you know yourself but not the enemy, for every victory gained, you will suffer defeat. If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Know your enemy

Hacker (n) refers to a person who enjoys learning the details of computer systems and stretch their capabilities. Hacking (v) describes the rapid development of new programs or reverse engineering of already existing software to make the code better and efficient. Cracker refers to a person who uses his hacking skills for offensive purposes. Phreak a hacker variant with an interest in telephones and telephone systems. Hactivism refers to an act of hacking in order to communicate a politically or socially motivated message. An Internet enabled way to practice civil disobedience and protest.

TWINCLING Society

Know you enemy

Ethical Hacker refers to security professional who apply their hacking skills for defensive purposes on behalf of its owners. Ethical Hacking is also known as penetration testing, intrusion testing, red teaming Ethical hacker looks for the following four basic questions: What information/locations/systems can an intruder gain access? What can an intruder see on the target? What can an intruder do with available information? Does anyone at the target system notice the attempts?

TWINCLING Society

Know your enemy

Hacker Classes

Ethical hacker classes

Script Kiddie Black hats White hats Grey hats

Former Black hats White hats Consulting firms

TWINCLING Society

Know your enemy

TWINCLING Society

Information Security = C I A ( Confidentiality, Integrity, Authentication ) It remains a fact however, that gaining unauthorized access is a crime, no matter what the intent.

History / Trends in Hacking Culture

TWINCLING Society

Anatomy of a hack

TWINCLING Society

Anatomy of a hack (Reconnaissance)

Refers to a preparatory phase where an attacker seeks to gather as much information as possible about the target of evaluation prior to launching an attack. Passive reconnaissance involves monitoring network data for patterns and clues. Active reconnaissance involves probing the network for Accessible hosts Open ports Location of routers Operating system details (if possible services)

TWINCLING Society

Anatomy of a hack (Reconnaissance)

Footprinting is a blueprinting of the security profile of an organization, undertaken in a methodological manner. Scanning refers to a pre-attack phase when the hacker scans the network with a specific information gathered during footprinting. Enumeration involves active connections to systems and directed queries

TWINCLING Society

Anatomy of a hack (Scanning)

This stage of a hack can be considered to be a logical extension of active reconnaissance Get a single point of entry to launch an attack and could be point of exploit when vulnerability of the system is detected. Objectives of port scanning. Open ports Host operating system Software or service versions Vulnerable software versions

TWINCLING Society

Anatomy of a hack (Gaining Access)

Gaining access refers to the true attack phase. The exploit can occur over a LAN, locally, Internet, offline, as a deception or theft.

TWINCLING Society

System Hacking Sniffers Social Engineering Denial of Service Session Hijacking Buffer Overflows Rootkits

Hacking Web servers Web application vulnerabilities Web based password cracking SQL injection Hacking Wireless networks Virus and Worms Evading IDS, firewalls, Honeypots Cryptography

Maintaining Access

Maintaining access refers to the phase when the attacker tries to retain his 'ownership' of the system. Install tools such as

TWINCLING Society

Rootkits. Trojans and its backdoors. Backdoors.

Covering Tracks

Covering tracks refers to remove the evidence of his presence and activities. Techniques include:

TWINCLING Society

Tunnelling. Altering/Clearing log files. Disabling auditing

System Hacking

Remote password guessing Privilege escalation. Password cracking

TWINCLING Society

Dictionary and Brute force attack Social engineering and Shoulder sniffing Dumpster Diving

Key loggers Hiding files Steganography

Sniffers

Sniffers refer to monitoring data like.

Network data. Operating system data. Spoofing. Man in the Middle. Through compromising physical security Using a Trojan Horse. ARP spoofing. DNS spoofing

TWINCLING Society

Passive Sniffers

Active Sniffing

Denial of Service

An attack with which an attacker renders a system unusable or significantly slowdown the system. Methods include:

TWINCLING Society

Flood a network.

Bandwidth/Throughput attacks. Protocol attacks. Software Vulnerability attacks.

Disrupt connections between two machines. Prevent a particular individual from accessing a service.

TWINCLING Society

Buffer Overflows

Social Engineering

It is an art of using influence and persuasion to deceive people for the purpose of obtaining information or to perform some action. Even with all firewalls, authentication processes, VPN, companies are still wide open to attacks. Humans are the weakest link in the security chain. It is the hardest form of attack to defend against.

TWINCLING Society

Summary / Take home

There is no single set of methodology that can be adopted for ethical hacking. The terms of reference used for various phases in the anatomy of a hack may differ, but the essence is the same. Hacking is not for everyone (there is not half-way) It takes an objective mind, a lot of free time, and dedication to keep up with things. NEVER use the knowledge for offensive purposes.

TWINCLING Society

Resources

BlackHat http://www.blackhat.com/ Astalavista http://www.astalavista.com/ CERT Coordination Center http://www.cert.org/ Neohapsis http://www.neohapsis.com/ PacketStorm http://packetstormsecurity.org/ SecurityFocus http://www.securityfocus.com/ SecurityDocs http://www.securitydocs.com/ FoundStone http://www.foundstone.com/

TWINCLING Society

Books

TWINCLING Society

Book cover pasted here size is 5cm x 7cm

Books

TWINCLING Society

Book cover pasted here size is 5cm x 7cm

Special thanks

TWINCLING Society

AppLabs Technologies Pvt. Ltd. http://www.applabs.com/

AppLabs is a global IT services company specializing in software testing and development services. It is the preferred partner for third-party validation.

Special thanks

TWINCLING Society

CommVault Systems (India) Pvt. Ltd. http://www.commvault.com/

CommVault is a Storage Management, Backup and Disaster Recovery company incorporated in USA with its Global Development Centre in Hyderabad, AP.

About us

TWINCLING Society

Charter Legal

Promote, Develop and Showcase Open Source software.

Registered not for profit Society under A.P. Societies Reg Act, 2001.

Management

Governed by Society By-Laws. Led by 7-member board of directors.

About us ...

TWINCLING Society

website

www.twincling.org

mailing list

groups.yahoo.com/group/twincling

forum (software --> twincling)

http://www.nabble.com/twincling-f15741.html

About us ...

TWINCLING Society

irc

#twincling

helpline
+91-99496 50605 +91-99499 91585

more info

Mr. Kumar S. N. - Public Relations & Strategic Alliances