ETHICAL HACKING

BY
Madhu Dadi
WHO IS A
HACKER ?
 Hacker
 Access computer System or network without
authorization
 Breaks the law

 Ethical Hackers
 Performs the same activities with the Owner’s
Permission
 Employed the companies to perform the Penetration
Tests
 NEED FOR ETHICAL HACKING
• ’To catch a thief you have to
think like a thief”
• Helps in closing the open
holes in the system network
• Provides security to banking
and financial establishments
• Prevents website
defacements
• An evolving
technique
WHAT IS THE NEED FOR ETHICAL HACKING?
Protection from possible External Attacks
Social
Engineering

Automated
Organizationa Attacks
l Attacks

Restricte
d Data

Accidental Breaches in
Security
Denial of
Viruses, Trojan Horses, Service (DoS)
and Worms
 TYPES OF HACKERS
▶ White Hat
▶ Good Guys
▶ Don’t use their Skill for illegal purpose
▶ Computer Security experts and help to protect from Black Hats

▶ Black Hat
▶ Bad Guys
▶ Use the skill for malicious purpose
▶ Hack banks, websites, credit cards

▶ Grey Hat
▶ Combination of black hat and white hat
Hacking Process

Escalating Footprinting
privilege,
Covering (information
Tracks, and gathering)
Creating
Backdoors

Attack and
Gaining Scanning
Access

Enumerations
TYPES OF ATTACKING
MODES
• Brute force attack
• Social engineering/cyber fraud
• Denial-of-Service(DoS)
• Malware attacks
• SQL Injection
• Phishing attack
• MITM attack
• Cross Site Scripting (XSS)
BRUTE FORCE ATTACK

The brute force attack will use a

specially designed software to go
through hundreds of thousands of
different words, combinations of
words and numbers to try to crack
your password
SOCIAL ENGINEERING

Social engineering is the

term used for a broad
malicious
range of activities
accomplished
through interactions. uses
human
psychological manipulation
It to
trick users into making security
mistakes or giving away
sensitive information.
PHISHING ATTACK
Phishing is a type of social
engineering attack often used to
steal user data, including login
credentials and credit card
numbers. It occurs when an
attacker, masquerading as a
trusted entity, dupes a victim into
opening an email, instant
message, or text message.
MALWARE
ATTACKS
Malware attack is a type of
cyberattack in which malware
or malicious software performs
activities on the victim's
computer system, usually
without his/her knowledge
SQL
INJECTION
SQL injection, also known as
SQLI, is a common attack vector
that uses malicious SQL code for
backend database manipulation
to access information that was
not intended to be displayed.
MITM ATTACK
A man in the middle (MITM)
attack is a general term for when
a perpetrator positions himself in
a conversation between a user
and an application—either to
eavesdrop or to impersonate one
of the parties, making it appear as
if a normal exchange of
information is underway.
CROSS SITE SCRIPTING (XSS)

Cross site scripting (XSS) is a

common attack vector that
injects malicious code into a
vulnerable web application. XSS
differs from other web attack
vectors (e.g., SQL injections), in
that it does not directly target the
application itself. Instead, the
users of the web application are
the ones at risk.
WHAT SHOULD YOU DO AFTER HACKED?

Step #1: Immediately Change Your Passwords

Step #2: Quickly Assess the Situation (& Assume the Worst)
Step #3: Go Back & Set Up 2-Factor Authentication
Step #4: Contact people who can help
Step #5: Monitor Your Accounts Closely for the Next Month
Required Skills of an Ethical Hacker

• Thinking outside the box

• Strong Coding Skills
• Networking
• Operating Systems
• Social Engineering Skills 
• Cryptography Skills
 Learnings & Certifications
• https://www.eccouncil.org/
• https://www.pentesteracademy.com/
• https://www.sans.org/cyberaces/
• https://www.hackthissite.org/