This action might not be possible to undo. Are you sure you want to continue?
Regina DeLisse Hartley, Ph.D. Caldwell Community College & Technical Institute
Old School Hackers: History of Hacking Ec-Council: Certified Ethical Hacker Learning Competencies Teaching Resources: Ethical Hacking Textbooks Hacking Tools Hacker Challenge Websites Additional Web Sites Questions and Answers
Old School Hackers: History of Hacking
make and sell blue boxes. future founders of Apple Computer. . discovers a toy whistle inside Cap'n Crunch cereal gives 2600hertz signal. such as Legion of Doom (US). Steve Wozniak and Steve Jobs. 1983: Kids' Games Movie "War Games" introduces public to hacking.PREHISTORY 1960s: The Dawn of Hacking Original meaning of the word "hack" started at MIT. witty or inspired way of doing almost anything. meant elegant. Chaos Computer Club (Germany). THE GOLDEN AGE (1980-1991) 1980: Hacker Message Boards and Groups Hacking groups form. and can access AT&T's longdistance switching system. hacks were programming shortcuts ELDER DAYS (1970-1979) 1970s: Phone Phreaks and Cap'n Crunch: One phreak. Draper builds a "blue box" used with whistle allows phreaks to make free calls. John Draper (aka "Cap'n Crunch").
. 1989: The Germans . jamming phone lines. online 'zine Phrack. crime to break into computer systems. the KGB and Kevin Mitnick. Jr. first person convicted under law against gaining access to interstate network for criminal purposes. online warfare.THE GREAT HACKER WAR Legion of Doom vs Masters of Deception. Morris. publishes Hacker's Manifesto. computers. launches self-replicating worm on ARPAnet. Kevin Mitnick convicted. CRACKDOWN (19861994) 1986: Congress passes Computer Fraud and Abuse Act. sold information to Soviet KGB.S. Hacker "The Mentor“ arrested. German Hackers arrested for breaking into U. . 1984: Hacker 'Zines Hacker magazine 2600 publication. 1988: The Morris Worm Robert T.
sptimes.1993: Why Buy a Car When You Can Hack One? Radio station call-in contest. hacker-fugitive Kevin Poulsen and friends crack phone. www. (www. Oct 1998 teenager hacks into Bell Atlantic phone system.com. www.000 credit card numbers. leader. 1995: Russian Hackers Siphon $10 million from Citibank. www.ubc. 1999 hackers attack Pentagon.net. www. $20.tlc.discovery.ca/.000 cash. Vladimir Levin. MIT.slais. charged with stealing 20. Poulsen now a freelance journalist covering computer crime. they allegedly get two Porsches. blackmail threats followed by 8 million credit card numbers stolen. First Def Con hacking conference in Las Vegas ZERO TOLERANCE (19941998) 1995: The Mitnick Takedown: Arrested again. 1999: E-commerce company attacked. FBI web sites.blackhat.h2k2.com) . vacation trips. disabled communication at airport disables runway lights.info.
Ec-Council: Certified Ethical Hacker .
HDFC Bank. Microsoft Corporation. Verizon. British Telecom. Fedex. Supreme Court of the Philippines. PFIZER. Fleet International. Canon. Ministry of Defense. US Embassy. Cingular Wireless. US Air Force Reserve. Dunlop.EC-Council has certified IT professionals from the following organizations as CEH: Novell. Hewlett Packard. Tucson Electric Power Company. Cisco. UK. Singapore Police Force . US Department of Defense. University of Memphis. MCI. KPMG. United Nations. Columbia Daily Tribune. Trusecure. Worldcom. Johnson & Johnson. Check Point Software. Nortel Networks. Marriott Hotel.
UPS. Deutsche Bank . Fujitsu. New York City Dept Of IT & Telecom – DoITT. US Military.S. IBM Global Services.) PriceWaterhouseCoopers. Schering. Philips Electronics. United States Marine Corps. Kodak. SAP. Ontario Provincial Police. Harris Corporation. Quantum Research. Bell Canada. American Express. EDS. Accenture. Reserve Bank of India. Army. Wipro. SAIC. FBI. Xerox. Bank One. U. Citibank Corporation. Coca-Cola Corporation.(Cont. US Air Force. SONY. Boehringer Ingelheim.
there is also a dark side: criminal hackers. Originally.Hackers are here. . 1. the term was defined as: HACKER noun. Where are you? The explosive growth of the Internet has brought many good things…As with most technological advances. 2. A person who enjoys learning the details of computer systems and how to stretch their capabilities…. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming. The term “hacker” has a dual usage in the computer industry today.
have their own networks called “zoos”. bored in school. Do not have malicious intent. predominantly white and male. programming background and write code but won’t use it themselves. but do have lack of concern for privacy and proprietary information. Coders and Virus Writers: See themselves as an elite. They believe the Internet was designed to be an open system.tlc.com) . Script Kiddies or Cyber-Punks: Between 12-30. get caught due to bragging online. (www. intent is to vandalize or disrupt systems.What is a Hacker? Old School Hackers: 1960s style Stanford or MIT hackers. leave it to others to release their code into “The Wild” or Internet.discovery. Professional Criminals or Crackers: Make a living by breaking into systems and selling the information.
.What is Ethical Hacking? Ethical hacking – defined “methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems’ operating environments. computer security has become a major concern for businesses and governments. In their search for a way to approach the problem.” With the growth of the Internet. organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems.
Ethical hackers typically have very strong programming and computer networking skills. These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors. They are also adept at installing and maintaining systems that use the more popular operating systems (e. . they must be completely trustworthy..g.Who are Ethical Hackers? “One of the best ways to evaluate the intruder threat is to have an independent computer security professionals attempt to break their computer systems” Successful ethical hackers possess a variety of skills. Linux or Windows 2000) used on target systems. First and foremost.
and money are you willing to expend to obtain adequate protection? . effort.What do Ethical Hackers do? An ethical hacker’s evaluation of a system’s security seeks answers to these basic questions: • What can an intruder see on the target systems? • What can an intruder do with that information? • Does anyone at the target notice the intruder’s at tempts or successes? • What are you trying to protect? • What are you trying to protect against? • How much time.
000 to $45. Some ranges from $15.000 per assignment. the hiring of ethical hackers is on the rise with most of them working with top consulting firms. In the United States.000 per annum. an ethical hacker can make upwards of $120. Freelance ethical hackers can expect to make $10. .000 for a standalone ethical hack.How much do Ethical Hackers get Paid? Globally.
eccouncil.595 ($2.infosecacademy.580 training only) (Source: www.org) .Certified Ethical Hacker (C|EH) Training InfoSec Academy http://www.com • Five-day Certified Ethical Hacker (C|EH) Training Camp Certification Training Program • (C|EH) examination • C|EH Certified Ethical Hacker Training Camp (5-Day Package)$3.
Learning Competencies .
and access control lists Microsoft: skills in operation.Required Skills of an Ethical Hacker Routers: knowledge of routers.com) . Linux: knowledge of Linux/Unix. and operation of intrusion detection systems. Project Management: knowledge of leading. configuration and management. how they function and can be manipulated. configuration. and controlling a penetration testing team. and services. (Source: http://www. Mainframes Network Protocols: TCP/IP. Firewalls: configurations. planning. organizing. security setting.examcram. routing protocols.
examcram.com) .Modes of Ethical Hacking Insider attack Outsider attack Stolen equipment attack Physical entry Bypassed authentication attack (wireless access points) Social engineering attack (Source: http://www.
(Source: www. So that attacker cannot be detected or penalized. used for spoofing IP. hides files. can include social engineering.eccouncil. once attacker gains access makes sure he/she can get back in. • Maintaining access – creates backdoor through use of Trojans. • Covering tracks – deletes files. • Gaining access – attacker exploits vulnerabilities to get inside system. • Scanning – searches for open ports (port scan) probes target for vulnerabilities.Anatomy of an attack: • Reconnaissance – attacker gathers information. and erases log files.org) .
eccouncil.org) . will hack for different reasons. depends on situation. destructive “crackers” • White hats – skills used for defensive security analysts • Gray hats – offensively and defensively. Hacker classes • Black hats – highly skilled. Hactivism – hacking for social and political cause. Ethical hackers – determine what attackers can gain access to. what they will do with the information. (Source: www. and can they be detected. malicious.
Teaching Resources: Ethical Hacking Textbooks .
eccouncil.Ec-Council Certified Ethical Hacker www.org ISBN 0-9729362-1-1 .
Ec-Council Topics Covered Introduction to Ethical Hacking Footprinting Scanning Enumeration System Hacking Trojans and Backdoors Sniffers Denial of Service Social Engineering Session Hijacking Hacking Web Servers .
Ec-Council (Cont.) Web Application Vulnerabilities Web Based Password Cracking Techniques SQL Injection Hacking Wireless Networks Viruses Novell Hacking Linux Hacking Evading IDS. Firewalls and Honeypots Buffer Overflows Cryptography .
examcram.Certified Ethical Hacker Exam Prep http://www.com ISBN 0-7897-3531-8 .
Certified Ethical Hacker Exam Prep The Business Aspects of Penetration Testing The Technical Foundations of Hacking Footprinting and Scanning Enumeration and System Hacking Linux and automated Security Assessment Tools Trojans and Backdoors Sniffers. Session Hyjacking. and Denial of Service .
Firewalls. and Attacks IDS.Certified Ethical Hacker Exam Prep (Cont. and Honeypots Buffer Overflows. and Worms Cryptographic Attacks and Defenses Physical Security and Social Engineering . and Database Attacks Wireless Technologies. Security. Web Applications. Viruses.) Web Server Hacking.
Security Maintenance 6.Hands-On Information Security Lab Manual. Network Security Tools and Technologies 5.com/ ISBN 0-619-21631-X . File System Security and Cryptography 8. Computer Forensics http://www. Operating System Vulnerabilities and Resolutions 4. Second Edition 1. Scanning and Enumeration 3. Information Security Management 7.course. Footprinting 2.
Hacking Tools: Footprinting and Reconnaissance .
) http://www.com/ .allwhois.Whois (cont.
Whois (cont.) .
Sam Spade .
Sam Spade (Cont.) .
Nslookup Options .
Ping Options .
Hacking Tools: Scanning and Enumeration .
) .SuperScan (Cont.
Hacking Tools: System Hacking .
Password Cracking with LOphtcrack .
Hacking Tools: Trojans and Backdoors .
Game Creates Backdoor for NetBus .
Hacking Tools: Sniffers .
Spoofing a MAC address Original Configuration .
Spoofed Mac .
Hacking Tools: Web Based Password Cracking .
Cain and Abel .
Cain and Abel (Cont.) .
) .Cain and Abel (Cont.
Hacking Tools: Covering Tracks .
ClearLogs (Cont.) .
Hacking Tools: Google Hacking and SQL Injection .
Google Hacking .
Google Cheat Sheet .
This is one of the most dangerous vulnerabilities on the web.SQL Injection Allows a remote attacker to execute arbitrary database commands Relies on poorly formed database queries and insufficient input validation Often facilitated. . but does not rely on unhandled exceptions and ODBC error messages Impact: MASSIVE.
Common Database Query .
Problem: Unvalidated Input .
Piggybacking Queries with UNION .
Hacker Challenge Websites .
org http://www.hackthissite.Hackthissite.org .
Answers revealed in code .
de/challenge/ .hackits.Hackits http://www.
Additional Web Sites .
Legion of Ethical Hacking .
) .Legion of Ethical Hacking (Cont.
org/ .hackerhighschool.Hacker Highschool http://www.
Hacker Highschool .
SANS Institute .
Questions & Answers .