1 / 222

Ethical Hacker

Ethical Hacker Course <br>Altamatyu Center For Global Language

amgedahned
Download Presentation

Ethical Hacker

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Certified EthicalHacking

  2. CertifiedEthicalHacking -Introduction -Footprinting andReconnaissaince -ScanningNetworks -Enumeration

  3. CertifiedEthicalHacking -SystemHacking -TrojansBackdoors+ -VirusesWorms+ -Sniffer

  4. CertifiedEthicalHacking -SocialEngineering -Denial ofSevices -Sessionhijacking -HackingWebServers -HackingWebApps

  5. CertifiedEthicalHacking -SQLInjection -WirelessHacking -EvadingIDS,Firewalls,Honeypots -BufferOverflow -Cryptography -PenTesting

  6. Introduction-CEH -Nolegaladvice • The legal framework is not very clear aboutwhat is actually lawful or not • Be authorized in advance by those in power. • Demonstrate and highlight how you can access the data without accessing it. • In Italy, use a document created with the help of Indemnity of Legal possibly -Itmaybeillegal tomakePenTestonpropia network • No prior authorization • Access to sensitive data -Mostareunsuccessful Hack -ExpansiveExam

  7. Introduction-CEH -Current Situation • News Suglia cyber attacks • Criminal activities -AnonymousActivities -Cyber Terrorism -Companiesmustnecessarilyhaveandimplement securitypolicies • Management of utilities • Access Management • Authentication and security levels • Delegation: rules for delegation • Authoritative sources of data

  8. Introduction-CEH -Overviewoflegislation • ComputerMisuseAct1990(UK) • CANspamAct(2003) -InItaly • Law48/2008:EuropeanConventionon Cybercrime. • Law196/2003 • DPS(DocumentSecurity) • Measuresofprotectioncommissioner27/11/2008 • TheIndemnity

  9. Introduction-CEH -Terminology • Hacking • Hackers • Black Box Testing • White Box Testing • GrayBoxTesting • Security • Vulnerability • Exploit / Proofof concept • Zero Day • Vulnerability Scan • Penetration Test

  10. Introduction-CEH -Originthreats • Withinthecompany a. Licensedphysicalaccess b. Loginsviathenetwork c. Directors d. Employees • Outsidethecompany a. ExternalConsultants b. ExternalCollaborators c. Itsaffiliates,subsidiariesofcompany d. Externalmaintenance,visitors,etc..

  11. Introduction-CEH -WhoisaHacker?(1/2) • BlackHats /Crackers/Malicious Individualswithhigh computerskillsused formaliciousactivityor destructive • WhiteHats /EthicalHacker/pentester Individuals with expertise in the field ofcomputer hackingwhouse theirknowledgeto improvethesafety ofthe environment and are often identified with the term Security Analyst

  12. Introduction-CEH -WhoisaHacker?(2/2) • GrayHats Individualswith highcomputerskills used,asappropriate,bothfor business "offensive", and "defensive" • SuicideHecker Individualsthat use their computer skills tocreate inefficiencies in companiesvictimsorcritical infrastructure,notcaringifpossible iripercussioni of legal they face. •Hactvism / Script Kiddie / Phreak / Red Team

  13. Introduction-CEH -HowdoesaHacker?(1/3) • Step 1: Patrol a. Research information about the victim b. Connections on a large scale for possible points of attack c. Looking for any information aboutcustomers,employees, networks, systems employed, etc.. • Step 2: Scanning a. Port Scan b. Networks scan c. Extract useful information onwhich versions and service

  14. Introduction-CEH -HowdoesaHacker?(2/3) • Step 3:Obtain access a. Exploit b. WeakPassword c. BufferOverflow d. Denialofservice • Step 2:Maintain access a. Keylogger b. Backdoor c. Rootkits d. Trojan/ Worm

  15. Introduction-CEH -WhydoyouneedtheEthicalhacking? • Vulnerability Testing and Security Audit does not ensure that our infrastructure is safe • Need to implement defense strategies takingadvantage of targeted Pentest • The Ethical Hacking is necessaryin order toanticipate the moves of any malicious people who would compromiseour systems

  16. Introduction-CEH -BenefitsEthicalHacking? • Risk Assessment • Auditing • Mitigate fraud • Best Practies • Good infrastructure management

  17. Introduction-CEH -BenefitsEthicalHacking • RiskAssessment • Auditing • Mitigatefraud • BestPracties • Goodinfrastructuremanagement -Disadvantages EthicalHacking • Despitetheintentionsofcompaniesinhiringexternalpeople totesttheirsystems,doesnotguaranteethatthisleadstoa positivecontributioninraisingthelevelofsecurityofthe company. • An EthicalHackercanonlyhelptounderstandthelevels ofsecurityinplaceinthecompany.Itwillbethelatter thatmustbeputinplacepropercountermeasures

  18. Introduction-CEH -WhatisanEthicalHackers? • Sniffing out Vulenaribilità • Verify the effectiveness of the strategies implemented safety • Head found in any vulnerbilità systems and network • Test the ability to access sensitive data

  19. Introduction-CEH -Thetriangleofsafety, functionality,easeofuse Safety Functionality Ease of use

  20. Introduction-CEH IntroductionVirtual Lab+Linux

  21. Introduction-CEH Questions?

  22. Footprinting and Reconnaissaince - CEH -Informationgathering -RatingSizeofattack -Exposure

  23. Footprinting and Reconnaissaince - CEH -Informationgathering • Searchtechnicalinformation a. Registered domains b. IP range used c. Services Provided • AdditionalInformation a. ITadministratorsof groups,forums,etc.. b. Instrumentsused,andsoftwareversions c. Hardwaredevicesandtechnologies

  24. Footprinting and Reconnaissaince - CEH -AttackSurface • Discoverthemachinesandservicesused • Discoveranyopenwirelessnetworks • Othertypesof networkaccess: a. Waiting Rooms b. Chiosci c. Shared networks • Abilitytouse intheattackmalware

  25. Footprinting and Reconnaissaince - CEH -Exposure • Check for services found and the cars reach: a. Exploit for the optional field b. Potential for abuse services • Organize the information collected • Create a plan of attack a. An attack can 'beperformed usingmore' weaknesses in a coordinated manner • Testing diving the posture (position) before the attack

  26. Footprinting and Reconnaissaince - CEH -Footprinting • Delimit thescopeof attack a. DNS / WHOIS b. Internic c. Physical location d. RF (Wi-Fi, Bluetooth) monitoring - WarDriving • Analysis Traceroute • Mirroring the site of the target company • Trackingemail communications • Using Google Hacking • NessusScan • Nikto Scan

  27. Footprinting and Reconnaissaince - CEH • Analysis ofDNS records a. IP Assigned b. MX Record c. etc. .. • Sniffing out the company's website a. Public or restricted WebSite • Search information via search engines (eg google, bing, yahoo, etc..), Job sites, financial services, etc.. • Research staffonSocial Networks, Chat services, etc.. • Physicallocation of the office -Perimeterattack

  28. Footprinting and Reconnaissaince - CEH • Identification devices routers, firewalls, etc.. es. # traceroute 10.10.10.10 traceroute to 10.10.10.10,64 hops max,52 byte packets 1 10.10.10.1 (10.10.10.1)1.427 ms 1.160 ms 0956 ms 2 10.10.10.3 (10.10.10.3)33,266ms 34.849 ms 33,298 ms 3 * * * * ... • By correlating the information obtained it is possible to draw the network topology • Traceroute Tools a. VisualRouteTrace (http://viualroute.visualware.com) b. VisualIPTrace(http://www.visualiptrace.com) c. vTrace(http://vtrace.pl) -AnalysisTraceroute

  29. Footprinting and Reconnaissaince - CEH -Mirroringthecorporatewebsite • Createacopyoftheentiresiteazinedaleinordertoobtain information on the structure as CSS, images, flash files, video, html code, etc.. • Website mirroring tools: a. Wget (http://www.gnu.org) b. BlackWidow (http://softbytelabs.com) c. WinWSD (http://winwsd.uw.hu) d. etc..

  30. Footprinting and Reconnaissaince - CEH -Trackingemailcommunications • The Tracking ofEmail is a valid method for monitorand spy on the emails sent to recipients a. When an email has been read or received b. Possibility to send email destructive c. Phishing attack d. Find the endpoints of e-mail communication e. Tracking ofdocuments, etc. • E-mails Tracking tool: a. Trout (http://www.foundstone.com) b. 3d Visual Trace Route (http://www.3dsnmp.com) c. etc..

  31. Footprinting and Reconnaissaince - CEH -UsingGoogleHacking(1/2) • What a hacker can do with the techniques of Google Hacking a. Find errors that contain sensitive information b. File containing password c. Warnings or safety vulenrabilità d. Pages containing the login form e. Pages containing data regarding the configuration or network vulnerabilities • Examples of some operators used for advanced searches of google: a. [Cache:] - shows the version of the site that is cached by google b. [Inurl:] - restricts the search of the given string only if present in the URL c. [Intitle:] - narrows the search to documents that contain the specified string in the title d. etc ...

  32. Footprinting and Reconnaissaince - CEH -Using GoogleHacking(2/2) • GoogleHacking Tool: a. MetaGoofil (http://www.edge-security.com) b. SiteDigger (http://www.foundstone.com) c. GoogleHacks(http://code.google.com)d. GMapCatcher (http://code. Google.com) e. Goolink Scanner (http://www.ghacks. Net) f. etc ...

  33. Footprinting and Reconnaissaince - CEH -Nessus Scan • Nessus isa tool thatallows offind andpossibly identify theservices exposed by a particularserver Picture of nessus • Nessus Site (http://www.tenable.com/products/nessus)

  34. Footprinting and Reconnaissaince - CEH • Nikto isa toolthatallows ofIdentify a webserverand makecrowling ofthe sites configured in it. • Nikto is in degrees also identify any known vulnerabilities presenton that webserver on thebasis of its own internal DB Picture of Nikto • Nikto Site (http://www.cirt.net/nikto2) - NiktoScan

  35. Footprinting and Reconnaissaince - CEH -CountermeasuresFootprinting(1/2) • Secure destruction of documents • Configuring Router / IDS a. Reject any suspicious traffic b. Identify patterns of footprinting c. Close access to the ports that are not strictly necessary for the provisionof theservice and filter any unused protocols from their applications. • Configure the web server sothat it does not provide useful information • Perform tests to verify footprinting countermeasures

  36. Footprinting and Reconnaissaince - CEH -CountermeasuresFootprinting(2/2) • Removal of any sensitive data on the DMZ • Prevention of spider and loading of copies cache (robots.txt) • Split - DNS • Honeypot

  37. Footprinting and Reconnaissaince - CEH Questions?

  38. Scanning-CEH -CEH scanning methodology -Types of Scan -Firewalking -3 way handshake -ClosingSessions -Scanning techniques -War Dialing -Scan tool

  39. Scanning-CEH - CEH scanning methodology 1) Check the Live systems 2) Check open ports on the system 3) Identify the types of services and versions 4) Vulnerability Scanning 5) Design diagram network 6) Using Proxy

  40. Scanning - CEH -TypesofScan • Networkscanning a. ICMPscanning b. PingSweepscanning • Portscanning a. Checkopenportsonasystem • Vulnerabilityscaning a. Identificationofservices b. Identifyingversionsofapplications c. IdentificationApplications

  41. Scanning - CEH -Firewalking • Identifies the ACL (Access Control Lists) configured on the Firewall • It uses the TTL (Time ToLive) of apackage to find "hop" • Forwarding packets tothe open services a. Icmp_time_exceded b. Drop Package • It is not necessaryto reach the destination

  42. Scanning - CEH -3wayhandshake Computer3-way Computer SYN =1, SEQ # 10 SYN =1, ACK = 1 ACK # 11 ACK = 1, SEQ # 11 Time Time A B

  43. Scanning - CEH -Chiusirasessions Computer Computer Computer Computer A B A B FYN, ACK RTD FIN ACK, ACK ACK Time Time

  44. Scanning - CEH -Scanningtechniques • TCP Connect Scan • Stealth Scan • XMAS Scan • SYN / ACK / FIN Scan • NULL Scan • IDLE Scan • UDP Scan

  45. Scanning - CEH -TCP ConnectScan • Indicates whether theport isopen only aftercompletingthreeway handshake - Sequence packages: SYN SYN, ACK, ACK, RST • TCP Connect scan uses a RST packet to terminate the communication

  46. Scanning - CEH -Stealth Scan • Used to bypass firewall rules, logging mechanisms or hide their activities as normal traffic SYN SYN RT DRTD OpenDoor Closed Door SYN,ACK

  47. Scanning - CEH -XMAS Scan • forge a packet with the URG, ACK, RST, SYN and FYN settati • The FIN flag works only for systems that have implemented the TCP stack according to RFC 793 • Often does not work for some systems Microsoft Windows FIN, URG, PUSH FIN, URG, PUSH None RTD OpenDoor Closed Door reply

  48. Scanning - CEH -NULLScan • The FIN flag works only for systems that have implemented the TCP stack according to RFC 793 • Often does not work for some systems Microsoft Windows No Flags settati No Flags settati None RST, ACK OpenDoor Closed Door reply

  49. Scanning - CEH -FIN Scan • Send packets with the FIN flag set • The FIN flag works only for systems that have implemented the TCP stack according to RFC 793 • Often does not work for some systems Microsoft Windows FIN FIN None RST, ACK OpenDoor Closed Door reply

  50. Scanning - CEH -IdleScan • To verify an open door just send a SYN packet • The target responds with SYN, ACK, RST if it is open or closed if • A PC receives a response to SYN, ACK, it did not send any request will respond with RST • Each RTD is not required ignored • Each packet on the network contains a number of "fragment identification" (IPID) • The Idle scan + is a scanning technique that spoofed packets are sent to check the status of the ports on a target.

More Related