Session Flow

Why Security ?
Why Attacks ?
Hacking – Introduction
Communities of Hackers
Types of Hackers
Malicious Hacker Strategies
Ethical Hacker Strategies
Steps for conducting Ethical Hacking.
Importance of Vulnerability Research.
Vulnerability Research References.
Conclusion
All Copyrights © Reserved By Techdefence
Pvt. Ltd.
 Why Security? (Continue)

Let us have a look at chart of increased Cyber Crime ration in

different countries of the world.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Why Security? (Continue)

Graph for “Trend of Attacks” in last 3 years.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Why Attacks?

Hacker’s motivation behind attacks.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Why Attacks? (Continue)
Hactivism : Hacktivism (a portmanteau of hack and activism) is the use of
computers and computer networks to promote political ends, chiefly free
speech, human rights, and information ethics.
Cyber Warfare : U.S. government security expert Richard A. Clarke, in his
book Cyber War (May 2010), defines “Cyber Warfare" as "actions by a
nation-state to penetrate another nation's computers or networks for the
purposes of causing damage or disruption."
Cyber Espionage : Cyber espionage is the act or practice of obtaining
secrets (sensitive, proprietary or classified information) from individuals,
competitors, rivals, groups, governments and enemies also for military,
political, or economic advantage using illegal exploitation methods on
internet, networks, software and or computers.
Cyber Crime :Cybercrime is criminal activity committed with computers
and/or over a network or the Internet.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Why Attacks? (Continue)

Generally Targeted Sectors and Ratio

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Why Attacks? (Continue)

Generally Detected Vulnerabilities and Ratio

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Hacking - Introduction

Hacking is the art of finding a weakness in an established system and

exploiting it.

People call it as an “Anti-Social Activity”.

But, It says that there are always exists more than one way to solve the
problem.

The terms Hacker and Hacking are being misinterpreted and

misunderstood with negative sidelines.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Communities of Hackers
Hackers

Crackers

Phreaks

Script Kiddies

Hacktivists

State Sponsored Hackers

Cyber Terrorists
All Copyrights © Reserved By Techdefence
Pvt. Ltd.
 Hackers – Who are they?

Hackers are Intelligent Computer Professionals and thinks at least one

step ahead of developers.

Motive/Intent –
– To gain in-depth knowledge of a system, what’s happening at the
backend, behind the screen.

– To find possible security vulnerabilities in a system.

– They create security awareness by sharing knowledge. It’s a team

work.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Crackers/Attackers

An Individuals who break into computers with malicious intent.

Motive/Intent –
– To seek unauthorized access into a system and cause damage or
destroy or reveal confidential information.

– To compromise the system to deny services to legitimate users for

troubling, harassing them or for taking revenge.

Effects-
– Can cause financial losses & image/reputation damages, defamation in
the society for individuals or organizations.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Phreaks

Phreaks – These are persons who use computer devices and software to
break into phone networks.

Motive/Intent-
– To find loopholes in security in phone network and to make phone
calls at free of cost!!!

Effects-
– You may have to big amount of phone bills, for doing nothing!!!

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Script Kiddies

Script Kiddies – These are persons not having technical skills to hack
computers.

Motive/Intent-
– They use the available information about known vulnerabilities to
break into remote systems.

– It’s an act performed for a fun or out of curiosity.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Hacktivists

Hacktivists – These are some hacker activists which are motivated by

politics.

Motive/Intent-
– They may wish to expose wrongdoing, or exact revenge, or simply
harass their target for their own entertainment.

– It’s an revengeful act, so these community is dangerous.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 State Sponsored Hackers
State Sponsored Hackers – These are the persons hired by Government in
order to ensure that there are no security holes in their infrastructure.

Motive/Intent-
– To test the computer infrastructure of government.

– Sometimes, they are encouraged in infiltrating the system to poke

around secret files or gain access to classified materials about the next
big weapon being developed in nations identified as threats to our
way of life.

Effects-
– These sort of hackers may poke around some secret files, pretending it
as a purpose of testing and may share or leak such files to the outside
world.
All Copyrights © Reserved By Techdefence
Pvt. Ltd.
 Cyber Terrorists

Cyber Terrorists – These hackers, generally motivated by religious beliefs,

attempt to create fear and chaos by disrupting critical infrastructures.

Motive/Intent-
– Cyber Terrorists ultimate motivation is to spread fear, terror and
commit murder.

Effects-
– Cyber terrorists are by far the most dangerous, with a wide range of
skills and goals.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
Type of Hackers

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Types of Hackers
White Hat Hackers – They use their knowledge and skill set for good,
constructive intents. They find out new security loopholes and their
solutions.
– E.g.- LIKE ME.. ;) As I’m Doing It Right Now ( I Hope So!!! :-P)

Grey Hat Hackers – They fall in between White Hat and Black Hat. They
sometimes do legal activities and sometimes illegal activities.

Black Hat – They use their knowledge and skill set for illegal activities,
destructive intents.
– E.g.- to gain money (online robbery), to take revenge. Disgruntled
– Employees is the best example of Black Hats. Attackers (Black Hat
– Hackers) are not at all concerned with security professionals (White
– Hat hackers). Actually these hackers are Bad Guys!!!

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Malicious Hacker Strategies

Information Gathering
— This is the primary phase where the hacker tries to collect as much
information as possible about the target.
— It includes identifying the targets, finding out the target’s IP address
range, network, domain name registration records of the target ,mail
server records, DNS records , etc.

Scanning and Enumeration

— This makes up the base of hacking! This is where planning for attack
actually begins!
— After Information Gathering ,an attacker scans the target for services
running, open ports, firewall detection, finding out vulnerabilities,
operating system detection, etc.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Malicious Hacker Strategies

Gaining Access
— After Scanning & Enumeration, the hackers designs the blueprint of
the network of the target with the help of stuffs collected during
phases 1 and 2.
— Now the attacker executes the attack based on the vulnerabilities
which were identified during scanning.
— After the successful attack, he gets access to the target network.

Maintaining Access
— After Gaining an Access, the attacker escalates the privileges to
root/admin and uploads a piece of code(usually called as backdoor) on
the target network so that he always maintain the gained access and
can connect to target anytime.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Malicious Hacker Strategies

Clearing Tracks
— To avoid getting traced and caught, hacker clears all the tracks by
clearing all kinds of logs and anything related stuff which may later
reflect his presence.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Ethical Hacker Strategies

“The one who can hack it, can only secure it”
“If you want to catch criminal then you’ll have to think like criminal”

What to protect?
How to protect?
Against whom?
How much resources needed?

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Ethical Hacker Strategies

Understand Client Requirements for Security / Vulnerability Testing.

In Preparation Phase, EH will sign an NDA with the client.
Internal / External Testing.
Conduct Network Security Audits/ VAPT.
Risk Assessment & Mitigation
Documenting Auditing Reports as per Standards.
Submitting Developer as well as remediation reports.
Implement remediation for found vulnerabilities.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Vulnerability Research

Vulnerability research is process of finding vulnerabilities, threats &

loopholes in Server/ System /Network.
Includes Vulnerability Assessment & Penetration Testing.
Vulnerability notes can be search on internet via Number, CVE.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Vulnerability Research References

Common Vulnerability database is available at http://cve.mitre.org/

National Vulnerability Database is available at http://web.nvd.nist.gov/

US – CERT also publishes CVD on http://www.us-cert.gov

– 1. Contains Alerts which can be helpful to administrator.
– 2. It doesn’t contain solutions.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Vulnerability Research References
TechDefence Labs also provides Security Advisories -
http://www.techdefencelabs.com/security-advisories.html

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Vulnerability Research References
Indian CERT also published advisory notes, incident notes & defacement statistics.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Vulnerability Research References
Secunia also published Vulnerability Notes , Advisories.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Vulnerability Research References
High-Tech Bridge, Switzerland - https://www.htbridge.com

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Vulnerability Research References
Open Source Vulnerability Database - http://osvdb.org/

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
 Conclusion

Security is important because prevention is better than cure.

Community of Hackers.

Security Involves five phases.

Ethical Hacking involves Conducting Security Audits, Vulnerability

Assessment & Penetration testing

Vulnerability Research is process of discovering different vulnerabilities in

technology & applications.

All Copyrights © Reserved By Techdefence

Pvt. Ltd.
Thank You !!