Scribd
Upload
228 views

Introduction To Ethical Hacking

This document provides an introduction to ethical hacking, including: 1. Defining ethical hacking as hacking performed by companies or individuals to help identify potential threats by bypassing security and searching for weaknesses. 2. Describing the role of an ethical hacker as someone who uses hacking skills legitimately to find and fix vulnerabilities before criminals can exploit them. 3. Outlining the typical system hacking cycle that hackers use, including reconnaissance, scanning, gaining access, maintaining access, and covering tracks.

Uploaded by

Jeff Maynard
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
228 views

Introduction To Ethical Hacking

This document provides an introduction to ethical hacking, including: 1. Defining ethical hacking as hacking performed by companies or individuals to help identify potential threats by bypassing security and searching for weaknesses. 2. Describing the role of an ethical hacker as someone who uses hacking skills legitimately to find and fix vulnerabilities before criminals can exploit them. 3. Outlining the typical system hacking cycle that hackers use, including reconnaissance, scanning, gaining access, maintaining access, and covering tracks.

Uploaded by

Jeff Maynard
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 35

DFS5023

ETHICAL
HACKING
Chapter 1
INTRODUCTION TO
ETHICAL HACKING
about
this topic
This topic exposes the basic idea
of hacking activity. This
includes cyber laws applied in the
US and Malaysia.
learning
outcome
1.1 Understand ethical hacking
1.2 Explain type of hackers
1.3 Describe the rules of ethical
     hacking
1.1
Understand ethical
hacking
A day in the life of an ethical hacker video
Ethical hacking

Hacking performed by a company


or individual to help identify
potential threats on a computer or
network.

An ethical hacker attempts to bypass system


security and search for any weak points that
could be exploited by malicious hackers.
ethical
hacker
An ethical hacker (also known as a white hat hacker) is
the ultimate security professional.
Know how to find and exploit vulnerabilities and
weaknesses in various systems
Ethical hacker uses those skills in a legitimate, lawful
manner to try to find vulnerabilities and fix them
before the bad guys can get there and try to break in.
ethical
hacker job
They break into systems legally and ethically.
Scanning ports and seeking vulnerabilities
examine patch installations and make sure that they
cannot be exploited.
engage in social engineering concepts like dumpster
diving
will attempt to evade IDS (Intrusion Detection
systems), IPS (Intrusion Prevention systems), honeypots,
and firewalls
Sniffing networks, bypassing and cracking wireless
encryption, and hijacking web servers and web
applications.
ethical
hacker job
Certified Ethical Hacking (CEH) video
ethical
hacking
terminologies:

a. Threat
b. Exploit
c. Vulnerability
d. Target of Evaluation (toe)
e. Attack
f. Remote
threat!
Anything that has the potential to cause
serious harm to a computer system.
A threat is something that may or may
not happen, but has the potential to
cause serious damage.
Threats can lead to attacks on computer
systems, networks and more.
exploit!
An exploit is a general term for any
method used by hackers to gain
unauthorized access to computers, the act
itself of a hacking attack, or a hole in a
system's security that opens a system to an
attack.
exploit!
A piece of software or technology that takes advantage
of a bug, glitch, or vulnerability, leading to
unauthorized access, privilege escalation, or denial of
service on a computer system. Malicious hackers are
looking for exploits in computer systems to open the
door to an initial attack. 
Most exploits are small strings of computer code that,
when executed on a system, expose vulnerability. 
Experienced hackers create their own exploits, but it is
not necessary to have any programming skills to be an
ethical hacker as many hacking software programs
have ready-made exploits that can be launched
against a computer system or network.
An exploit is a defined way to breach the security of an
IT system through a vulnerability.
vulnerability

The existence of a software flaw, logic design, or


implementation error that can lead to an
unexpected and undesirable event executing bad
or damaging instructions to the system.
 Exploit code is written to target a vulnerability and
cause a fault in the system in order to retrieve
valuable data. 
Target of
Evaluation
(toe)
A system, program, or network that is the subject of a
security analysis or attack. 
Ethical hackers are usually concerned with high-value
TOEs, systems that contain sensitive information such
as account numbers, passwords, Social Security
numbers, or other confidential data. 
It is the goal of the ethical hacker to test hacking tools
against the high-value TOEs to determine the
vulnerabilities and patch them to protect against
exploits and exposure of sensitive data..
Attack
An attack occurs when a system is
compromised based on a vulnerability.
Many attacks are perpetuated via an
exploit. 
Ethical hackers use tools to find systems
that may be vulnerable to an exploit
because of the operating system,
network configuration, or applications
installed on the systems, and to prevent
an attack.
Remote
The exploit is sent over a network and exploits
security vulnerabilities without any prior access
to the vulnerable system. 
Hacking attacks against corporate computer
systems or networks initiated from the outside
world are considered remote. 
Most people think of this type of attack when
they hear the term hacker, but in reality most
attacks are in the next category.
system
hacking
cycle
system hacking
cycle
 This is the primary phase
where the Hacker tries to
1.0 collect as much information as
Reconnaissance possible about the target. It
includes Identifying the Target,
finding out the target's IP
Address Range, Network, DNS
records, etc.
It involves taking the information
discovered during reconnaissance and
using it to examine the network. 
Tools that a hacker may employ during
the scanning phase can include
2.0
Scanning dialers, port scanners, network
mappers, sweepers, and vulnerability
scanners. 
Hackers are seeking any information
that can help them perpetrate attack
such as computer names, IP addresses,
and user accounts.
After scanning, the hacker designs the
blueprint of the network of the target with the
help of data collected during Phase 1 and
Phase 2. 
This is the phase where the real hacking takes
place. Vulnerabilities discovered during the
3.0 reconnaissance and scanning phase are now
Gaining exploited to gain access. 
Access  The method of connection the hacker uses for
an exploit can be a local area network (LAN,
either wired or wireless), local access to a PC,
the Internet, or offline.
Examples include stack based buffer overflows,
denial of service (DoS), and session hijacking. 
4.0 Gaining Access 
Once a hacker has gained access, they want to keep that
access for future exploitation and attacks. 
Sometimes, hackers harden the system from other
hackers or security personnel by securing their exclusive
access with backdoors, rootkits, and Trojans. 
Once the hacker owns the system, they can use it as a
base to launch additional attacks. 
In this case, the owned system is sometimes referred to
as a zombie system.
5.0 Covering Tracks 
Once hackers have been able to gain and maintain
access, they cover their tracks to avoid detection by
security personnel, to continue to use the owned system,
to remove evidence of hacking, or to avoid legal action.
Hackers try to remove all traces of the attack, such as log
files or intrusion detection system (IDS) alarms. 
Examples of activities during this phase of the attack
include steganography, the use of tunneling protocols,
and altering log files.
1.2
Explain
type of
hackers
crackers and hackers
while hackers build things, crackers
break things. Cracker is the name given
to hackers who break into computers
for criminal gain; whereas, hackers can
also be internet security experts hired
to find vulnerabilities in systems. 
types of
hacker
testing
types
a. White box
b. Black box
c. Gray box
Full knowledge test :

White the team has as much


knowledge –

box network and


computing resources
to be evaluate 
Partial knowledge test:

grey
has knowledge that
might be
relevant to a specific

box type of attack by a


person internal
to the organization
black Zero knowledge test :

box no information
skills required to be an
ethical hacker
Infosec
Routers
Communication & report writing
Knowledge of threat sources
Project manager
Problem mngmt
Network protocols
Firewall 
career ethical hacker
ways to conduct
ethical hacking

Step 1: Formulating Your Plan


Step 2: Do Some Recon
Step 3: Launch the Attack
Step 4: Evaluate the Results

reading
legal implications
of hacking

You might also like