wilfridus bambang wilfridus bambang@gmail com n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Ethical Hacking PowerPoint Presentation
Download Presentation
Ethical Hacking

Loading in 2 Seconds...

play fullscreen
1 / 65

Ethical Hacking - PowerPoint PPT Presentation


  • 195 Views
  • Uploaded on

Wilfridus Bambang ( wilfridus.bambang@gmail.com). Ethical Hacking. Overview. Old School Hackers: History of Hacking Ec -Council: Certified Ethical Hacker Learning Competencies Hacking Tools Hacker Challenge Websites Additional Web Sites. Old School Hackers: History of Hacking .

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Ethical Hacking' - locke


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
wilfridus bambang wilfridus bambang@gmail com
WilfridusBambang

(wilfridus.bambang@gmail.com)

Ethical Hacking

overview
Overview
  • Old School Hackers: History of Hacking
  • Ec-Council: Certified Ethical Hacker
  • Learning Competencies
  • Hacking Tools
  • Hacker Challenge Websites
  • Additional Web Sites
history of hacking
History of Hacking

PREHISTORY

  • 1960s: The Dawn of HackingOriginal meaning of the word "hack" started at MIT; meant elegant, witty or inspired way of doing almost anything; hacks were programming shortcuts

ELDER DAYS (1970-1979)

  • 1970s: Phone Phreaks and Cap'n Crunch: One phreak, John Draper (aka "Cap'n Crunch"), discovers a toy whistle inside Cap'n Crunch cereal gives 2600-hertz signal, and can access AT&T's long-distance switching system.

THE GOLDEN AGE (1980-1991)

  • 1980: Hacker Message Boards and GroupsHacking groups form; such as Legion of Doom (US), Chaos Computer Club (Germany).
  • 1983: Kids' GamesMovie "War Games" introduces public to hacking.
history of hacking cont
History of Hacking (cont.)

THE GREAT HACKER WAR

  • Legion of Doomvs Masters of Deception; online warfare; jamming phone lines.
  • 1984: Hacker 'Zines’ Hacker magazine 2600 publication;

CRACKDOWN (1986-1994)

  • 1986: Congress passes Computer Fraud and Abuse Act; crime to break into computer systems.
  • 1988: The Morris WormRobert T. Morris, Jr., launches self-replicating worm on ARPAnet.
  • 1989: Hacker "The Mentor“ arrested; publishes Hacker's Manifesto.
    • Kevin Mitnick convicted; first person convicted under law.
history of hacking cont1
History of Hacking (cont.)
  • 1993: Radio station call-in contest; hacker-fugitive Kevin Poulsen and friends crack phone; they allegedly get two Porsches, $20,000 cash, vacation trips.
  • First Def Con hacking conference in Las Vegas

ZERO TOLERANCE (1994-1998)

  • 1995: The Mitnick Takedown: Arrested again; charged with stealing 20,000 credit card numbers.
  • 1995: Russian Hackers Siphon $10 million from Citibank;
  • Oct 1998 teenager hacks into Bell Atlantic phone system;
  • 1999 hackers attack Pentagon, MIT, FBI web sites.
ec council has certified it professionals from the following organizations as ceh
EC-Council has certified IT professionals from the following organizations as CEH:

Novell, Canon, Hewlett Packard, US Air Force Reserve, US Embassy, Verizon, PFIZER, HDFC Bank, University of Memphis, Microsoft Corporation, Worldcom, Trusecure, US Department of Defense, Fedex, Dunlop, British Telecom, Cisco, Supreme Court of the Philippines, United Nations, Ministry of Defense, UK, Nortel Networks, MCI, Check Point Software, KPMG, Fleet International, Cingular Wireless, Columbia Daily Tribune, Johnson & Johnson, Marriott Hotel, Tucson Electric Power Company, Singapore Police Force

slide9
(Cont.)

PriceWaterhouseCoopers, SAP, Coca-Cola Corporation, Quantum Research, US Military, IBM Global Services, UPS, American Express, FBI, Citibank Corporation, Boehringer Ingelheim, Wipro, New York City Dept Of IT & Telecom – DoITT, United States Marine Corps, Reserve Bank of India, US Air Force, EDS, Bell Canada, SONY, Kodak, Ontario Provincial Police, Harris Corporation, Xerox, Philips Electronics, U.S. Army, Schering, Accenture, Bank One, SAIC, Fujitsu, Deutsche Bank

hackers are here where are you
Hackers are here. Where are you?
  • The explosive growth of the Internet has brought many good things…As with most technological advances, there is also a dark side: criminal hackers.
  • The term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as:
  • HACKER noun. 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities…. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.
what is a hacker
What is a Hacker?
  • Old School Hackers: 1960s style Stanford or MIT hackers. Do not have malicious intent, but do have lack of concern for privacy and proprietary information. They believe the Internet was designed to be an open system.
  • Script Kiddies or Cyber-Punks: Between 12-30; predominantly white and male; bored in school; get caught due to bragging online; intent is to vandalize or disrupt systems.
  • Professional Criminals or Crackers: Make a living by breaking into systems and selling the information.
  • Coders and Virus Writers: See themselves as an elite; programming background and write code but won’t use it themselves; have their own networks called “zoos”; leave it to others to release their code into “The Wild” or Internet. (www.tlc.discovery.com)
what is ethical hacking
What is Ethical Hacking?
  • Ethical hacking – defined “methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems’ operating environments.”
  • With the growth of the Internet, computer security has become a major concern for businesses and governments.
  • In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems.
how much do ethical hackers get paid
How much do Ethical Hackers get Paid?
  • Globally, the hiring of ethical hackers is on the rise with most of them working with top consulting firms.
  • In the United States, an ethical hacker can make upwards of $120,000 per annum.
  • Freelance ethical hackers can expect to make $10,000 per assignment.
  • Some ranges from $15,000 to

$45,000 for a standalone ethical

hack.

certified ethical hacker c eh training
Certified Ethical Hacker (C|EH) Training
  • InfoSec Academy
  • http://www.infosecacademy.com
    • Five-dayCertified Ethical Hacker (C|EH) Training Camp Certification Training Program
    • (C|EH) examination
    • C|EH Certified Ethical

Hacker Training Camp(5-Day Package)$3,595($2,580 training only)

(Source: www.eccouncil.org)

modes of ethical hacking
Modes of Ethical Hacking
  • Insider attack
  • Outsider attack
  • Stolen equipment attack
  • Physical entry
  • Bypassed authentication attack (wireless access points)
  • Social engineering attack

(Source: http://www.examcram.com)

anatomy of an attack
Anatomy of an attack:
  • Reconnaissance
    • attacker gathers information; can include social engineering.
  • Scanning
    • searches for open ports (port scan) probes target for vulnerabilities.
  • Gaining access
    • attacker exploits vulnerabilities to get inside system; used for spoofing IP.
  • Maintaining access
    • creates backdoor through use of Trojans; once attacker gains access makes sure he/she can get back in.
  • Covering tracks
    • deletes files, hides files, and erases log files. So that attacker cannot be detected or penalized.

(Source: www.eccouncil.org)

ec council topics covered
Ec-Council Topics Covered
  • Introduction to Ethical Hacking
  • Footprinting
  • Scanning
  • Enumeration
  • System Hacking
  • Trojans and Backdoors
  • Sniffers
  • Denial of Service
  • Social Engineering
  • Session Hijacking
  • Hacking Web Servers
ec council cont
Ec-Council (Cont.)
  • Web Application Vulnerabilities
  • Web Based Password Cracking Techniques
  • SQL Injection
  • Hacking Wireless Networks
  • Viruses
  • Novell Hacking
  • Linux Hacking
  • Evading IDS, Firewalls and Honeypots
  • Buffer Overflows
  • Cryptography
sql injection
SQL Injection
  • Allows a remote attacker to

execute arbitrary database

commands

  • Relies on poorly formed database queries and insufficient input validation
  • Often facilitated, but does not rely on unhandled

exceptions and ODBC error messages

  • Impact: MASSIVE. This is one of the most dangerous vulnerabilities on the web.
hackthissite org
Hackthissite.org

http://www.hackthissite.org

hackits
Hackits

http://www.hackits.de/challenge/

hacker highschool
Hacker Highschool

http://www.hackerhighschool.org/

references
References
  • CEH v6 Modul Course, 2008.
  • Hartley, Regina DeLisse., Ethical Hacking for Educators, Caldwell Community College & Technical Institute, 2006