Ethical Hacking-1

ETHICAL HACKING
PRESENTATION MADE BY
SHEHROZA
WHAT IS ETHICAL HACKING
 Ethical hacking involves an authorized attempt to

gain unauthorized access to a computer system,
application, or data. Carrying out an ethical hack
involves duplicating the strategies and actions of
malicious attackers. This practice helps to identify
security vulnerabilities which can then be resolved
before a malicious attacker has the opportunity to
exploit them.
sensika
What Are the Key Differences between
Ethical Hacking and Malicious Hacking?
Legality:
Malicious Hacker: Hacking is when you get unauthorized access to a company's network or technology. It is entirely illegal, and anyone proven guilty suffers harsh legal
repercussions.
Ethical Hacker: The firm authorizes and permits ethical hacking, which is completely legal. An agreement protects ethical hackers. In fact, this is one of the highest-paying jobs
available today.
Intent
Malicious Hacker: A hacker targets a network, system, or app to obtain personal information from users and may erase, edit, or remove records from an organization. They seek to
steal your information.
Ethical Hacker: An ethical hacker would gain access to a company's network for the right reasons, such as finding and patching security weaknesses to secure the system, thus
assuring an organization's data protection policies are working as they should. In a nutshell, they safeguard your information.
Training
Malicious Hacker:
A deep understanding of operating systems, a good grasp of network security control, and knowledge of programming languages such as Python, JavaScript, and C are some of
the talents required to be a hacker.
Ethical Hacker:
Ethical hackers are given the same training as hackers. There are courses and certifications you can get to work as an ethical hacker.
Professional Development
Malicious Hacker:
A malicious hacker cannot experience legitimate professional growth. Instead, the individual is always at risk of being apprehended by the authorities.Ethical Hacker - Ethical
hacking is a highly sought-after career with great remuneration. After obtaining your entry-level position, you can apply for more advanced computer security jobs such as senior
penetration tester or network administrator.
CompensationMalicious Hacker: They attempt to gain money by getting personal information illegally and selling it. Ethical Hacker: They are full-time employees and have
access to regular income and employee incentives in exchange for their efforts in securing the firm's data
RESPONSIBILTIES OF A ETHICAL
HACKER
 The responsibilities of an ethical hacker, often known as a white hat hacker or penetration
tester, include a variety of tasks related to cybersecurity. These experts' main responsibility is to
thoroughly probe, evaluate, and promote computer systems, networks, and applications. Their
goal is to detect faults and vulnerabilities in an organization's digital infrastructure by
simulating potential cyber threats and assaults and using approaches similar to those used by
malicious hackers. Ethical hackers work with stakeholders to execute strategic steps targeted at
improving the overall security posture after exposing these vulnerabilities. In order to reduce
the danger of abuse, this may involve fixing vulnerabilities, setting up security settings, or
suggesting extra preventative steps. Additionally, ethical hackers play a critical role in carrying
out security assessments, verifying compliance to cybersecurity standards, and assisting in the
ongoing monitoring of digital assets to find and efficiently address new security risks. Their
duties also include informing stakeholders about cybersecurity best practices, encouraging a
proactive security approach, and playing a crucial role in an organization's defence against
developing cyberthreats.
Shehroza shiraz
ETHICAL HACKING METHODOLOGY
 RECONNAISSANCE :Gathering all the neccecary information about the organization’s

system that one intends to attack. required tools like nmaps and h-ping for this purpose
 SCANNING: Spotting the vulneribilities if any in the target system using tools like
nmap and nexpose
 ENUMERATION: collecting all the information and checking the vulneribilities
 VULNERIBILTY ASSESMENT: Vulnerability assessment is like giving a thorough
checkup to a computer system or network to find potential weaknesses that could be
exploited by cyber attackers
 EXPLOITATION: ethical hackers exploit vulnerabilities with the explicit goal of
demonstrating the potential risks and helping organizations strengthen their security.
 REPORTING: In this phase the ethical hacker document a summary of his entire attack.
The vulneribilites he spotted, the tools he used and the success rate of the attack
COMMON HACKING TECHNIQUES
 Phishing involves sending deceptive emails or messages to trick individuals into revealing sensitive information
like passwords or financial data. These messages often appear legitimate but are actually designed to steal
information. SQL Injection is a technique where attackers manipulate input fields on websites or applications to
execute malicious SQL queries. This can give them unauthorized access to a database, exposing or altering
data.Social engineering relies on psychological manipulation to trick people into divulging confidential
information or performing actions that compromise security. This can include impersonation, pretexting, or baiting
vermeet
 Password cracking involves attempting to guess or crack a user's password through various methods, such as
dictionary attacks, brute force attacks, or rainbow table attacks. A buffer overflow occurs when an attacker exploits
a software vulnerability by sending more data to a program's buffer than it can handle, potentially allowing them to
execute malicious code or crash the system.These techniques are used by hackers to gain unauthorized access,
steal data, or compromise the security of computer systems and networks. It's important to be aware of these
methods to better protect yourself and your systems from potential threats
mujeeb
TOOLS AND SOFTWARE
 Wireshark: Wireshark is a network protocol analyzer (sniffer) that allows security professionals to capture and analyze
network traffic. It can help identify security vulnerabilities, monitor network activity, and troubleshoot network issues.
 Nmap (Network Mapper): Nmap is a powerful open-source tool used for network discovery and security auditing. It
scans networks to identify open ports, services, and potential vulnerabilities on remote hosts. It's commonly used for
network reconnaissance.
 Metasploit: Metasploit is a penetration testing framework that provides tools for developing, testing, and executing
exploits against known vulnerabilities in systems. It's used by ethical hackers and security researchers to assess the
security of systems.
 Burp Suite: Burp Suite is a web application security testing tool used to discover and exploit vulnerabilities in web
applications. It includes features for scanning, crawling, and manipulating web traffic to identify security issues.
 Snort: Snort is an open-source intrusion detection and prevention system (IDS/IPS). It monitors network traffic in real-
time and can alert administrators to suspicious or potentially malicious activity based on predefined rules.
 These tools are valuable for ethical hackers and cybersecurity professionals to assess and enhance the security of
computer systems and networks. Please note that ethical hacking should always be conducted with proper authorization
and in compliance with legal and ethical standards.
Arham
CASE STUDIES
 WannaCry Ransomware Attack Mitigation: In 2017, the WannaCry ransomware

attack affected hundreds of thousands of computers worldwide. Ethical hackers and
security researchers, working together, analyzed the ransomware's code, identified a
kill switch, and activated it. This action halted the ransomware's spread and
prevented further infections, potentially saving countless organizations from data
loss and financial harm.
 Ethical Hackers Expose Exposed Voter Data:In 2017, ethical hackers discovered a
misconfigured database containing sensitive voter data of nearly 200 million
American citizens. The data, which included names, addresses, birthdates, and
more, was publicly accessible. The ethical hackers promptly alerted the authorities,
leading to the database's secure closure and the prevention of potential identity theft
and other cybercrimes.
Basirat Zehra
LIMITATIONS OF ETHICAL
HACKING
 Ethical hackers, while playing a crucial role in improving cybersecurity, have several limitations:
 Authorization Requirements: Ethical hackers must obtain proper authorization to conduct security assessments. Without it, their actions could
be illegal, leading to legal consequences.
 Scope Limitations: Security assessments are often scoped, meaning they may not cover every aspect of an organization's infrastructure. This
limitation could leave potential vulnerabilities undiscovered.
 False Sense of Security: Organizations might become overly reliant on ethical hacking assessments, assuming that they are entirely secure once
vulnerabilities are patched. In reality, new vulnerabilities can emerge at any time.
 Limited Knowledge: Ethical hackers have a finite knowledge base and skill set. They may not be aware of every possible vulnerability or
attack vector, and attackers with different backgrounds and motivations may discover unique vulnerabilities.5. *Resource Constraints:* Ethical
hackers may have limited time and resources for assessments. Comprehensive testing can be challenging, especially in complex environments.
 Limited Perspective: Ethical hackers may not have a deep understanding of an organization's specific business processes, which can limit their
ability to identify vulnerabilities that are unique to the organization's operations.
 Limited Impact Assessment: Ethical hackers may focus primarily on technical vulnerabilities and not assess the overall impact of a breach on
an organization's operations, reputation, or regulatory compliance.
 Coordination Challenges: Coordinating with organizations and stakeholders can be challenging, especially when dealing with multiple teams,
departments, or decision-makers.
 Ethical Hackers are the people who try to get unauthorised access to a computer system for Good cause, i.e. without violating any law of the
Land.
subhash
CHALLENGES FACED BY ETHICAL
HACKER
 Gap in Training Material and Real World Scenarios: In Real-world scenarios,
ethical hackers find it more difficult to compromise the system than in the virtual lab
scenarios in which they learned it.
 Anonymity of Hackers: The ethical hackers tasked to track and hack malicious
hackers find it difficult to crack down anonymity protocols such as TOR & No-Log
VPNs, etc.
 Legal Boundaries: They have to stay within their predefined boundaries while
attempting unauthorised access, they can not afford to cause any damage to the system.
 Low Pay: Roles like Ethical Hacker require an understanding of various technologies,
frameworks, tools & operating systems, yet in developing countries, they are paid less
than an average software engineer. This makes it difficult to continue in this domain.
 Other challenges include the high cost of training materials, expensive certifications,
lack of formal education in ethical hacking, etc

Ethical Hacking-1

Uploaded by

Copyright:

Available Formats

Ethical Hacking-1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ethical Hacking-1

Uploaded by

Copyright:

Available Formats

ETHICAL HACKING

 Ethical hacking involves an authorized attempt to

 RECONNAISSANCE :Gathering all the neccecary information about the organization’s

 WannaCry Ransomware Attack Mitigation: In 2017, the WannaCry ransomware

You might also like