ADVANCE COMPUTER

NETWORKING

Topic: ETHICAL HACKING

Syed Mubbashir Mahmood
 The Early Days of Hacking

• The Early Days of Hacking As the story goes, the earliest hackers were a group
of people who were passionate and curious about new technology.
• In the 1970s the target was the mainframes that were present on college
campuses and corporate environments.
• Later, in the 1980s the PC became the newest piece of technology, with
hackers moving to this environment.
• In the 1990s the Internet was made accessible to the public and systems
became interconnected. Increase rage of targets for hackers.
• Since 2000, smartphones, tablets, Bluetooth, and other technologies have
been added to the devices and technologies that hackers target
Hacking Vs Ethical Hacking
 Ethical Hacker

• Ethical hackers are employed to test the security of an organization.

• They use the same skills and tactics as a hacker, but with permission from
the system owner to carry out their attack against the system.
• Additionally, an ethical hacker does not reveal the weaknesses of an
evaluated system to anyone other than the system owner.
• As an ethical hacker, you need to be aware of the law and how it affects
what you will do.
Hacker Classes
• Hacktivism is any action that an attacker uses to push or
promote a political agenda.
• Hacktivism is motivated by revenge, Political or Social
reasons
• Targets of hacktivists have included government
agencies and large corporations.
Effect of Hacking on Organization
Hackers Terminology
 Forms of Ethical Hacking

• Black Box A type of testing in which the

pen tester has little or no knowledge of
the target.
• Gray Box A form of testing where the
knowledge given to the testing party is
limited.
• White Box A form of testing in which
the information given to the tester is
complete.
 Ethical Hacker Objective
Ethical Hacker concepts in mind when performing the tasks and responsibilities:
 The Hacking Process

• Reconnaissance- Reconnaissance means to

collect information without interacting with
victim. It involves collecting information from
public records, social networking sites, etc.
• Scanning- Next comes Scanning the system.
Scanning also means to collect information but
active information. For e.g.. Pinging on the
system, checking the ports, services, etc.
• Gaining Access- Then according to
information gathered from the above two
phases, we plan and implement our attack.
• Maintaining Access- After gaining the
access, the next step is to maintain the
access. It's very important so that if the
victim even switch off or restart the system,
connection is not lost. So, it's necessary to
migrate the process or create a backdoor to
maintain the access using different
techniques.
• Clearing tracks- The final step is to clean all
traces which indicate the attackers presence
so that all logs or tracks are cleared as this is
an evidence of attacker's presence.
 Ethical Hacking vs. Penetration Testing

Penetration Testing Ethical Hacking

A narrow term which focuses on performing A comprehensive term in which penetration

cyber security assessment on IT systems testing is only one feature

A tester needs to have a good knowledge An ethical hacker needs to possess a

and skills only in the specific area for which comprehensive knowledge of various
he conducts pen testing programming and hardware techniques

Anyone who is familiar with penetration Usually is required an obligatory

testing can perform pen tests certification of ethical hacking

Access is required to a wide range of

Access is required only to those systems on
computer systems throughout an IT
which the pen testing will be conducted
infrastructure
Top Attack Vectors
 Summary

• Companies hire ethical hackers to perform penetration tests

Penetration tests discover vulnerabilities in a network
Security tests are performed by a team of people with varied skills

• Ethical Hacking test models

White box
Black box
Gray box