Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Ethical Hacking

No description
by

Faham Usman

on 16 June 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Ethical Hacking

Information Security
Ethical Hacking
Awareness Campaign
Agenda
Salim is your Cyber Security Advisor.
Aims at promoting, building and ensuring a safer & secure cyber environment and culture in the UAE.
About aeCERT
One of the initiatives of the UAE Telecommunications Regulatory Authority.
aeCERT is the United Arab Emirates Computer Emergency Response Team.
About aeCERT
Elements of Security
Security Challenges
Hacker’s Classification
Effects of Hacking
Phases of Ethical Hacking
Security Risks
Security Testing Methodology
Ethical Hacking
Hacktivism
Pros and Cons of Ethical Hacking
aeCERT
Salim (aeCERT)
@salim_aecert
For more information
www.aecert.ae
info@aecert.ae
Questions
Terminologies
Terminologies
Terminologies
Security Risks
Security Challenges
Hacking News
Hacking News
Hacking News
Hacking News
Internet Threats
Timeline of Data Breaches in 2013
Data Breach
Mobile Malware
Hacker Attacks
1 – Operating System Attacks
2 – Application-level Attacks
3 – Misconfiguration Attacks
4 - Shrink Wrap Code Attacks
Hacking Techniques

Identify Theft
Social Engineering
Through Phone Calls
Exploiting Helpdesks
Real-world Example: Etisalat & DU Phone Recharge Scam
Public Wifi Sniffing
Cross-Site Scripting
Cookie/Session Poisoning
SQL Injection
Buffer Overflow
APT Attack
Dumpster Diving
Man In The Middle (MITM)
Through Browser
Social Network Scams
Online Scams
Traditional & Online Money Transfer Fraud: Money Mule
Near Field Communications (NFC)
Bluetooth Hack
Rogue App
Fake Application Download
DDoS Attack
Ping of Death
BYOD
Steal a Thumbprint to Unlock Phone
Password Cracking
Why Do People Hack?
Effects of Hacking
Impact of Hacking on Business
Hacker’s Classification
Hacktivism
Definitions
Emulating the Attack
Security Testing
Types of Security Tests
Vulnerability Assessments
Penetration Test (Pen-Test)
Red Teams
Ethical Hacking
Ethical Hacking
Skills of an Ethical Hacker
Why Do We Need Ethical Hacking
Pros and Cons of Ethical Hacking
Scope and Limitations
Scope and Limitations
Phases of Ethical Hacking
Testing Methodology
Testing Methodology: Planning
Testing Methodology: Information Gathering
Testing Methodology: Footprinting
Information Gathering Methodology
Reconnaissance
Passive Reconnaissance
Active Reconnaissance
Desired Information
Desired Information
Collecting Public Information
Internet Presence
Search Engine -
Google is Your Friend
Googgling for Passwords
Simple Start
File Type Searches: Databases
Internal URL
Network Reconnaissance
Network Reconnaissance
Network Reconnaissance: Sources
Understanding Whois, ARIN Lookup
Types of DNS Records
Whois
What OS? Netcraft.com
Testing Methodology: Scanning
Testing Methodology: Scanning
Types of Scanning
Types of Scanning
Scanning Objectives
Checking for Live Host
Ping Sweeps
Nmap – Target Specification
TCP Ping Sweep
TCP Sweep Traffic Captured
SYN Ping Sweep
Port Scanning
Port Scan Types
Scanning
Scanning
Nmap – TCP Full Connect Scan
Nmap – TCP SYN Scan
Nmap – UDP Scan
Nmap – More Stealth Scans
Advanced Probing Techniques
Advanced Probing Techniques II
SuperScan
Testing Methodology: Enumeration
Techniques of Enumeration
SNMP Enumeration
SNScan
Testing Methodology: Vulnerability Assessment
Vulnerability Assessment
Vulnerability Assessment
Nessus
Nessus
Testing Methodology: Exploitation
Testing Methodology: Exploitation
Exploitation Types
Exploitation Types
Exploits
Gaining Access
Escalating Privileges
Testing Methodology: Maintaining Access
Testing Methodology: Covering Tracks
Testing Methodology: Covering Tracks
Disabling Auditing
Clearing the Event Log
Creating Backdoors
Testing Methodology: Reporting
Vulnerability Research
Vulnerability Research Websites
The Controversy of Hacking Books and Classes
The Dual Nature of Tools
Security testing includes vulnerability scanning, ethical hacking, and penetration testing.
Are designed to just find the holes
Usually take less time than penetration testing
Done at a higher level
Examine the vulnerability state and current security posture (a “snapshot” in time)
Often done as part of a regular accreditation process
Find and exploit the holes (if this can be done safely)
May use compromised systems to target other systems (secondary exploitation)
Examine the risk if vulnerabilities are exploited, used to demonstrate the worst case scenario
Usually take longer and require more skill to perform safely
Set amount of Time and Money
Hands-on test of security
Again may be done with or without the co-operation of the subject; however, more impact and believable when done in secrecy. Often conducted by a red team, controlled by a white team
Protection from possible external attacks
Scope
Limitations
Planning Stage
Target information that aids in attacks
Target information that aids in attacks
Search engines and newsgroups can be good sources.

Might find names of people working at the target, email addresses, what systems/software they are using, etc

Some Google examples from “GoogleDorks”

http://johnny.ihackstuff.com/googledorks/
Many juicy items can be found:
Network reconnaissance focuses on the IP realm.
There are lots of different sources for information depending on what you are looking for.
For domain names and IP addresses:
The following list describes the common DNS record types and their use:
To determine what the target network look like logically using tools like traceroute and Cheops network mapping tool

To discover the open ports which are active and running in order to exploit them

To discover which operating system is in use in order to exploit known vulnerabilities

To determine what known/unknown vulnerabilities exist on a target network
ICMP Scanning
First step is to see what systems are up and running
Time can be wasted on scanning down hosts or ones that do not exist
Usually a ping sweep tool will send an ICMP ECHO message and expect to receive an ICMP ECHO_REPLY message
Some firewalls block ICMP, thus TCP with different flags (SYN, ACK, etc.) can be used or the UDP protocol can be used
Firewalls and IDS will detect ICMP sweeps but may not detect sweeps using other protocols
Packet filtering firewalls are more apt to allow some of the more esoteric scans through because they assume there is already an ongoing dialog taking place.
Decoy source IP address: adds “noise” packets to clutter or distract IDS
In this scan it seems as though Clone25, Birch, and Cold are performing a scan when in fact it is only Clone25.
The objective of enumeration is to identify user accounts, system accounts, machine names, network resources, shares and services for potential use in hacking the target system.

Enumeration involves active connections thus it can be logged.
Simple Network Management Protocol is used to manage and monitor the hardware devices connected to a network
The SNMP architecture includes
NMS (Network Management System)
SNMP Agents
Managed devices
SNMP uses UDP port 161 to communicate and it’s a clear text protocol which could provide valuable information to an intruder
SNMP Traps let you know that something significant has happened at the agent's end:
It can be a reboot or
Failure of an interface
SNMPUtil is a tool which lets you enumerate NT users via SNMP protocol
Insecure configuration
Weak passwords
Unpatched vulnerabilities in services, Operating systems, applications
Possible vulnerabilities in services, operating systems
Insecure programming
Weak access control
Exploit the Vulnerabilities
Enough data has been gathered at this point to make an informed attempt to access the target

Techniques
If only user-level access was obtained in the last step, the attacker will now seek to gain complete control of the system

Techniques
Once hackers have gained access, they want to keep that access for future exploitation and attacks.
Sometimes, hackers harden the system from other hackers or security personnel by securing their exclusive access with backdoors, root kits, and trojans.
Once the hackers own the system, they can use it as a base to launch additional attacks.
In this case, the owned system is sometimes referred to as a zombie system
After the successful intrusion, first thing an intruder do after gaining administrator privileges is to disable the auditing.

Various tools are used in this regard to disable the auditing. In Windows 2008 Resource Kit's auditpol.exe tool can disable auditing using the command line.
After the successful intrusion, first thing an attacker does is to cover his track by clearing the logs in the event viewer.

Elsave is a tool which is used to clear the event log.
Vulnerability research is extremely valuable and essential because it trains our next generation of computer security experts.

In vulnerability research, the ability to break a system is a prerequisite for designing a more secure system.

It can be classified based on:
Severity level (low, medium, or high)
Exploit (local or remote)
Can be used by the good guys and the bad guys alike.

May have increased the number of scripted (tool-based) attacks.
Full transcript