|
Introduction to Ethical Hacking
Information security overview 
Today’s numbers
|
• Worldwide, there are 4.72 billion internet users
• 92.8% of the people are browsing through a mobile device
• The average person spends 6 hours and 56 minutes per day on the Internet
• There are more than 1.86 billion websites online.
|
 |
Data is the world's most valuable resource today
|
|
• Hackers attack every 39 seconds
• 70 million phones are lost or stolen every year
• Cybercrime costs $3.5 billion for US businesses in 2021
• 26 smart objects are located near every human on earth
|
|
| |
|
Today’s context
•More and more businesses incline to rely on IT
•The complexity of IT systems increases
•The number of cybernetic attacks rises
|
|
Threats and consequences are present into the same context!
|
| |
|
• Data leakage
• Vulnerable websites
• Malware attacks (ransomware)
• Unauthorized access
• Social engineering attacks (phishing)
• Advanced Persistent Threats
|
 |
• Monetary loss
• Wasted resources/reduced productivity
• Company image damaged and litigation
|
What does IT Security mean?
|
• Confidentiality
Access to information in order to know the basis
• Integrity
Data not altered by accident or in an unauthorized way
• Availability
Uninterrupted access to information
• Authenticity
The quality of data, communication or document being genuine
• Non-Repudiation
Guarantee that the sender of a message cannot later deny having sent the message and
the recipient cannot deny having received the message
|
 |
|
|
Hacking concepts
RISK = Vulnerability * Probability * Impact
|
Terms
|
 |
• Hack Value
something worth doing/hacking
• Vulnerability
a weakness, design or implementation error that can lead to an unexpected event compromising the security of the system
• Exploit
a breach of the IT system security through vulnerabilities
• Payload
part of the exploit code that performs intended malicious action
• Zero-Day Attack
an attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability
• Bot
a software application that can be controlled remotely to execute or automate predefined tasks
Hacker types
|
 |
|
• White hats – security analysts or ethical hackers
• Grey hats – individuals who work both as black and white, depending on their interest
• Black hats – they perform malicious or destructive activities, also known as crackers
• Suicide Hackers – individuals who not worried about facing jail but who are rather interested in accomplishing their goal
• Script Kiddies – unskilled hackers who run scripts and tools developed by others, without understanding how they work
• Cyber Terrorists and Organised Crime - motivated by financial gains or political beliefs, they can create a large scals attacks
• State Sponsored Hackers – individuals employed by the government
• Hacktivists – individuals who promote their political agenda or beliefs
|
Elements of Information security
Attacks = Motive (Goal) + Method (Vector) + Vulnerability
Attacks are comprised of the motive, method and vulnerability. Here are some examples:
|
Motives (Goal)
•Disrupting business continuity
•Information theft and manipulating data
•Financial loss of the target
•Personal or Financial Gain
•Revenge
•Propagating religious or political beliefs
•State or military objectives
|
|
 |
|
Method (Vector)
•Cloud computing
•Viruses and Worms,Botnets
•Ransomware
•Mobile Threats
•Phishing
•Web Application Threats
•IoT Threats
|
Vulnerabilities
There are many types of vulnerabilities that hackers can exploit:
•Network Vulnerabilitie
These are issues with a network’s hardware or software that expose it to possible intrusion by an outside party
•Operating System Vulnerabilities
These are vulnerabilities within a particular operating system that hackers may exploit to gain access to an asset the OS is installed on—or to cause damage
•Human Vulnerabilitie
The weakest link in many cybersecurity architectures is the human element
•Process Vulnerabilities
Some vulnerabilities can be created by specific process controls (or a lack thereof)
Information Gathering
Perspectives of the target
Which are the targets that an attack can point to?
|
• System view
Technologies, devices, operating systems
• Logical/Functional view
Devices/system purposes (presentation website, ERP,
etc.)
• Physical view
Headquarters, equipment locations
• Temporal view
Working days and hours
|
|
 |
|
• Social View
Data about the employees
• Lifecycle view
The steps of a business process
• Consequence view
If an event triggers another event (what happens if you enter in their
building without authorization – do they call the police?)
|
Information about the Target
Where can information about the target be found?
| |
|
|
•Company’s name
•Company’s website
•Geographical location
•The name of some employees
•IP addresses
•Internet Search using search engines
•Public database interrogation: Whois, DNS
•Social Networks: Facebook/Meta, Linkedin,
Twitter, etc.
•Social engineering
|
 |
Other sources
• Google, Yahoo, and Bing are targeted at US and EU users, locations and data, just as Baidu targets the Chinese audience
• Operators should learn to leverage all search engines and their regional varieties.
• Focused data: most non-US search tools collect and store data primarily or exclusively from their region or country. You may find data on Yandex, but not on google.com (or even google.ru)
• Language selectivity: international search engines must offer the ability to search in the native language(s). Furthermore, queries conducted in non-Latin character sets may yield more results.
Scanning, Enumeration
Network scanning, enumeration concepts
Network Scanning
- Active system identification, open ports, services, firewall rules, etc.
- Network Layer analyze (network scanning)/ system (port scanning)
Enumeration
- Determine user accounts, shared folders, etc.
- Direct interrogation: active connections
|
|
|
 |
|
Activities that implies target interaction
- Many request in order to obtain different types of information
- Live hosts, Open ports, Running service’s version
- Operating system, Network shares, Local users
- Depends on where you are scanning from (outside vs inside the network)
|
Scanning tools
• ARP Ping - Determines only targets in local network (LAN)
• TCP Connect - Simple and fast method that creates complete TCP connections
• OS Fingerprinting
Passive fingerprinting: Analyses the packets that are captured by a machine - Low precision
Active fingerprinting: Send packets to the target to see how it react - High precision
• Banner Grabbing - Many services “present themselves” when we connect
Spidering concepts
|
• The first step in the process of attacking an application is gathering and examining some key information about it to
gain a better understanding of what you are up against
• The mapping exercise begins by enumerating the application’s content and functionality in order to understand what the application does and how it behaves
• Much of this functionality is easy to identify, but some of it may be hidden, requiring a degree of guesswork and luck to discover
|
|
• Types of spidering:
Automated: using tools (Burp, Paros Proxy, etc.)
User directed: both manual and automated
|
 |
System Hacking
Concepts
Exploitation is a piece of programmed software or script which can allow hackers to take control over a system, exploiting its vulnerabilities.
Exploit = Payload + Vulnerability
• Payload - the code to be executed after the vulnerability is activated, written as Assembly Language (ASM)
• Is platform dependent - special exploits for Windows, others for Linux, Android, Mac OS, etc
• Different types of payloads
• executes a command or program on remote system
• download/Upload a file from a URL and execute
• add user to system accounts
• shell – provide an interactive shell (Bind shell vs Reverse shell)
Cracking passwords
•The passwords are the most used in the authentication mechanism
•The passwords are vulnerable to some types of attacks
•Identity theft represents momentary the “computer crime” with the highest rate of growth
•When a user inserts a password, its hash is computed and compared with the one stored in the database
•If those two values are the same, the user is then authenticated
•Salting – the insertion of a random value in hashes’ computing process - increased level of security
•The salt value is stored together with the hash value in the database
•If two users have the same passwords, those will be represented as different encrypted values in the database (due to the different salt)
Types of Password attacks
What’s the difference between online and offline password attacks?
The difference between offline and online password attacks could be the thing that prevents your account from being hacked and your organization from being breached
• Online
Brute force
Easy to be detected
• Offline
Implies gaining the hash values stored locally or transmitted through the network
Requires system access
Network sniffing - Using tools that identify the network packages received and transmitted and can be copied offline and inspected
to be easily identified by hackers
Malware Threats
Malware concepts
• Malware typically consists of code developed by cyberattackers, designed to cause extensive damage to data and systems or to gain unauthorized access to a network.
• Malware is typically delivered in the form of a link or file over email and requires the user to click on the link or open the file to execute the malware
• Malware has actually been a threat to individuals and organizations since the early 1970s when the Creeper virus first appeared. Since then, the world has been under attack from hundreds of thousands of different malware variants, all with the intent of causing the most disruption and damage as possible.
Malicious programs concepts
Malicious programs
• There are three categories: Trojans and rootkits, Viruses, Worms
• A computer virus can contaminate other files
• However, viruses can infect outside machines only with assistance of computer users
Malware testing
http://www.virustotal.com
|
|
|
• A service that analyses suspicious files and facilities the quick detection of viruses, worms, Trojans and all kinds of malware detected
• Free and independent service
• Uses multiple antivirus engines (57 at this moment, but the number is continually increasing)
|
Potentially malicious actions may include:
• Attempts to open, view, delete, modify files
• Attempts to format disk drives, etc.
• Modification of system settings (start-up, etc.)
• Initiation of network communication, etc.
|
 |
Monitoring and Detection of Internet Worms
• Speed is a crucial aspect here:
SQL Slammer worm, appeared in January 2003 and infected more than 90% of vulnerable computers in the internet within 10 minutes; Successful worm attack typically lasts several days infecting hundreds of thousands of computers (Code Red, Nimda, Blaster, etc.);
• Aim: early detection |
Countermeasures
|
• Install antivirus software that detects and remove infections as they appear.
• Pay attention to the instructions while downloading files or any programs from the Internet.
• Update the antivirus software as often as possible.
|
|
• Schedule regular scans for all drives.
• Integrates with the operating system of the host computer and monitors program behaviour in real-time for malicious actions.
• Blocks potentially malicious actions before they affect the system
|
 |
Sniffing and Session Hijacking
Sniffing concept
•A packet sniffer represents a system with a network interface card that operates in promiscuous/monitor mode and capture network packets in real time
|
•Used for:
Troubleshooting problems (including the security ones) and network analysis
Network logging for future analysis (forensics)
Hacking tool for username and password interception
|
 |
Sniffing tools
|
These are the well known tools that can be used for sniffing and also you can see the operating systems where can be used:
|
|
tcpdump (http://www.tcpdump.org)
• Unix platform
• Command line utility
WinDump (http://www.winpcap.org/windump/)
• tcpdump Windows version
Ethereal / Wireshark (http://www.wireshark.org/)
• Has a graphical interface
|
 |
Session hijacking
Concept
• Exploitation of a valid computer session to gain unauthorized access to information or services in a computer system over TCP/UDP protocols
|
Methods
• Session fixation
where the attacker sets a user's session id to one known to him, for example by sending the user an email with a link
that contains a particular session id. The attacker now only has to wait until the user logs in
• Session sidejacking
where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie
• Cross-site scripting
where the attacker tricks the user's computer into running code which is treated as trustworthy because it appears to
belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations
• Malware and unwanted programs
can use browser hijacking to steal a browser's cookie files without a user's knowledge, and then perform actions (like
installing Android apps) without the user's knowledge
• Brute-forcing session information (Ex. Telnet, or cookie values over HTTP(S))
|
| |
 |
| |
|
|
+ 34 951 16 49 00
