Lecture 2

Cybercrime and Ethical hacking

Dr. Satyajit Das

Assistant Professor
Data Science
Computer Science and Engineering
IIT Palakkad
1
Different Cybercrimes
• Privacy violation
• Computer fraud
• Identity theft
• Sharing copyrighted files/information
• Electronic money laundering
• ATM fraud
• DoS Attack
• Spam

2
What is hacking?
• The activity of identifying the weaknesses in the threat model of a
computing ecosystem to exploit the security and gain access to
personal/enterprise data
• Ethical hacker
• Cracker
• Grey hat
• Advanced

3
Common threats
• Virus
• Trojans
• Worms
• Spywre
• Key loggers
• Adware
• Denial of Service Attacks (Dos)
• Distributed DoS Attack
• Phishing
• …

4
Ethical Hacking
• Ethical hacking is a subset of cybersecurity. It refers to the process of testing
the system against potential security breaches or data threats and repairing
the flaws before any cyber attack happens. Ethical hacking involves finding
vulnerabilities and weak points that cybercriminals can exploit.

5
Ethical Hacking
• Pen Testing
• A method that many Companies/Govt bodies follow to minimize the
security breaches.
• A controlled way to let professionals hack own system to expose the
loopholes
• Types
• Black Box
• Grey Box
• White Box
• External Pen Test
• Internal Pen Test

6
Few terminologies
• Attack - An attack is an action that is done on a computing eco system to get its access and
extract sensitive data
• Adware - Adware is software designed to force pre-chosen ads to display on your system
• Back door - A back door, or trap door, is a hidden entry to a computing device or software
that bypasses security measures, such as logins and password protections
• Bot - A bot is a program that automates an action so that it can be done repeatedly at a
much higher rate for a more sustained period than a human operator could do it. For
example, sending HTTP, FTP or Telnet at a higher rate or calling script to create objects at a
higher rate.
• Botnet - A botnet, also known as zombie army, is a group of computers controlled without
their owners’ knowledge. Botnets are used to send spam or make denial of service attacks
• Brute force attack - A brute force attack is an automated and the simplest kind of method
to gain access to a system or website. It tries different combination of usernames and
passwords, over and over again, until it gets in
• Buffer overflow - Buffer Overflow is a flaw that occurs when more data is written to a
block of memory, or buffer, than the buffer is allocated to hold
https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_terminologies.htm
7
Few terminologies
• Clone phishing − Clone phishing is the modification of an existing, legitimate email with a false link
to trick the recipient into providing personal information
• Cracker − A cracker is one who modifies the software to access the features which are considered
undesirable by the person cracking the software, especially copy protection features.
• Denial of service attack (DoS) − A denial of service (DoS) attack is a malicious attempt to make a
server or a network resource unavailable to users, usually by temporarily interrupting or
suspending the services of a host connected to the Internet.
• DDoS − Distributed denial of service attack.
• Exploit Kit − An exploit kit is software system designed to run on web servers, with the purpose of
identifying software vulnerabilities in client machines communicating with it and exploiting
discovered vulnerabilities to upload and execute malicious code on the client.
• Exploit − Exploit is a piece of software, a chunk of data, or a sequence of commands that takes
advantage of a bug or vulnerability to compromise the security of a computer or network system.
• Firewall − A firewall is a filter designed to keep unwanted intruders outside a computer system or
network while allowing safe communication between systems and users on the inside of the
firewall.

https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_terminologies.htm
8
Few terminologies
• Keystroke logging − Keystroke logging is the process of tracking the keys which are pressed
on a computer (and which touchscreen points are used). It is simply the map of a
computer/human interface. It is used by gray and black hat hackers to record login IDs and
passwords. Keyloggers are usually secreted onto a device using a Trojan delivered by a
phishing email.
• Logic bomb − A virus secreted into a system that triggers a malicious action when certain
conditions are met. The most common version is the time bomb.
• Malware − Malware is an umbrella term used to refer to a variety of forms of hostile or
intrusive software, including computer viruses, worms, Trojan horses, ransomware,
spyware, adware, scareware, and other malicious programs.
• Master Program − A master program is the program a black hat hacker uses to remotely
transmit commands to infected zombie drones, normally to carry out Denial of Service
attacks or spam attacks.
• Phishing − Phishing is an e-mail fraud method in which the perpetrator sends out
legitimate-looking emails, in an attempt to gather personal and financial information from
recipients.

https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_terminologies.htm
9
Few terminologies
• Social engineering − Social engineering implies deceiving someone with the purpose of acquiring sensitive
and personal information, like credit card details or user names and passwords.
• Spam − A Spam is simply an unsolicited email, also known as junk email, sent to a large number of recipients
without their consent.
• Spoofing − Spoofing is a technique used to gain unauthorized access to computers, whereby the intruder
sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
• Spyware − Spyware is software that aims to gather information about a person or organization without their
knowledge and that may send such information to another entity without the consumer's consent, or that
asserts control over a computer without the consumer's knowledge.
• SQL Injection − SQL injection is an SQL code injection technique, used to attack data-driven applications, in
which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database
contents to the attacker).
• Threat − A threat is a possible danger that can exploit an existing bug or vulnerability to compromise the
security of a computer or network system.
• Trojan − A Trojan, or Trojan Horse, is a malicious program disguised to look like a valid program, making it
difficult to distinguish from programs that are supposed to be there designed with an intention to destroy
files, alter information, steal passwords or other information.
• Virus − A virus is a malicious program or a piece of code which is capable of copying itself and typically has a
detrimental effect, such as corrupting the system or destroying data.
https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_terminologies.htm
10
Attack vectors
• A means by which hackers can gain access to a computing ecosystem with
malicious intent
• Enables to exploit vulnerabilities
• Pentesters and RedTeamers try to identify attack vectors
• The result is threat modeling

11
Different Attack Vectors
• Compromised credentials
• Stolen/weak credentials
• Social Engineering & Phishing
• Poor/Missing Encryption
• Web Attacks
• Man in the Middle attacks
• Malwares and Trojans
• Brute force attacks
• Zero day vulnerabilities

12
Cybersecurity
• Cyber security is the practice to defend internet-connected systems, such as
hardware, software, programs, and data from damage, malicious attacks, or
unauthorized access. It helps prevent cybercriminals from gaining access to
data, systems, or networks. Cyber security is a broad subject that includes
many security mechanisms, such as data security, ethical hacking, and digital
forensics.

13
Cybersecurity
• Cloud Security
• Data Security
• Application Security
• Identity Management
• Information Security
• Mobile Security
• Endpoint Security
• Network Security

14
Networking Essentials

15
Networking Basics
• IP Address
• MAC Address
• TCP, UDP
• Common ports and protocols
• OSI Model
• Subnetting

16
Common ports and protocols
Protocol TCP/UDP Port Number Description
File Transfer Protocol (FTP) TCP 20/21 FTP is one of the most commonly used file transfer protocols on
(RFC 959) the Internet and within private networks. An FTP server can
easily be set up with little networking knowledge and provides
the ability to easily relocate files from one system to another.
FTP control is handled on TCP port 21 and its data transfer can
use TCP port 20 as well as dynamic ports depending on the
specific configuration.
Secure Shell (SSH) TCP 22 SSH is the primary method used to manage network devices
(RFC 4250-4256) securely at the command level. It is typically used as a secure
alternative to Telnet which does not support secure
connections.
Telnet TCP 23 Telnet is the primary method used to manage network devices
(RFC 854) at the command level. Unlike SSH which provides a secure
connection, Telnet does not, it simply provides a basic
unsecured connection. Many lower level network devices
support Telnet and not SSH as it required some additional
processing. Caution should be used when connecting to a
device using Telnet over a public network as the login
credentials will be transmitted in the clear.
Simple Mail Transfer Protocol TCP 25 SMTP is used for two primary functions, it is used to transfer
(SMTP) mail (email) from source to destination between mail servers
(RFC 5321) and it is used by end users to send email to a mail system.

17
Common ports and protocols
Domain Name System (DNS) TCP/UDP 53 The DNS is used widely on the public internet and on private
(RFC 1034-1035) networks to translate domain names into IP addresses, typically for
network routing. DNS is hieratical with main root servers that contain
databases that list the managers of high level Top Level Domains
(TLD) (such as .com). These different TLD managers then contain
information for the second level domains that are typically used by
individual users (for example, cisco.com). A DNS server can also be
set up within a private network to private naming services between
the hosts of the internal network without being part of the global
system.
Dynamic Host Configuration UDP 67/68 DHCP is used on networks that do not use static IP address
Protocol (DHCP) assignment (almost all of them). A DHCP server can be set up by an
(RFC 2131) administrator or engineer with a poll of addresses that are available
for assignment. When a client device is turned on it can request an IP
address from the local DHCP server, if there is an available address in
the pool it can be assigned to the device. This assignment is not
permanent and expires at a configurable interval; if an address
renewal is not requested and the lease expires the address will be
put back into the poll for assignment.
Trivial File Transfer Protocol UDP 69 TFTP offers a method of file transfer without the session
(TFTP) establishment requirements that FTP uses. Because TFTP uses UDP
(RFC 1350) instead of TCP it has no way of ensuring the file has been properly
transferred, the end device must be able to check the file to ensure
proper transfer. TFTP is typically used by devices to upgrade software
and firmware; this includes Cisco and other network vendors’
equipment.
18
 Common ports and protocols
Hypertext Transfer Protocol (HTTP) TCP 80 HTTP is one of the most commonly used protocols on most networks. HTTP
(RFC 2616) is the main protocol that is used by web browsers and is thus used by any
client that uses files located on these servers.
Post Office Protocol (POP) version TCP 110 POP version 3 is one of the two main protocols used to retrieve mail from a
3 server. POP was designed to be very simple by allowing a client to retrieve
(RFC 1939) the complete contents of a server mailbox and then deleting the contents
from the server.
Network Time Protocol (NTP) UDP 123 One of the most overlooked protocols is NTP. NTP is used to synchronize
(RFC 5905) the devices on the Internet. Even most modern operating systems support
NTP as a basis for keeping an accurate clock. The use of NTP is vital on
networking systems as it provides an ability to easily interrelate troubles
from one device to another as the clocks are precisely accurate.
NetBIOS TCP/UDP 137/138/139 NetBIOS itself is not a protocol but is typically used in combination with IP
(RFC 1001-1002) with the NetBIOS over TCP/IP (NBT) protocol. NBT has long been the central
protocol used to interconnect Microsoft Windows machines.
Internet Message Access Protocol TCP 143 IMAP version3 is the second of the main protocols used to retrieve mail
(IMAP) from a server. While POP has wider support, IMAP supports a wider array
(RFC 3501) of remote mailbox operations which can be helpful to users.
Simple Network Management TCP/UDP 161/162 SNMP is used by network administrators as a method of network
Protocol (SNMP) management. SNMP has a number of different abilities including the ability
(RFC 1901-1908, 3411-3418) to monitor, configure and control network devices. SNMP traps can also be
configured on network devices to notify a central server when specific
actions are occurring. Typically, these are configured to be used when an
alerting condition is happening. In this situation, the device will send a trap
to network management stating that an event has occurred and that the
device should be looked at further for a source to the event.

19
Common ports and protocols
Border Gateway Protocol TCP 179 BGP version 4 is widely used on the public internet and by
(BGP) Internet Service Providers (ISP) to maintain very large routing
(RFC 4271) tables and traffic processing. BGP is one of the few protocols
that have been designed to deal with the astronomically large
routing tables that must exist on the public Internet.
Lightweight Directory Access TCP/UDP 389 LDAP provides a mechanism of accessing and maintaining
Protocol (LDAP) distributed directory information. LDAP is based on the ITU-T
(RFC 4510) X.500 standard but has been simplified and altered to work
over TCP/IP networks.
Hypertext Transfer Protocol TCP 443 HTTPS is used in conjunction with HTTP to provide the same
over SSL/TLS (HTTPS) services but doing it using a secure connection which is
(RFC 2818) provided by either SSL or TLS.
Lightweight Directory Access TCP/UDP 636 Just like HTTPS, LDAPS provides the same function as LDAP but
Protocol over TLS/SSL over a secure connection which is provided by either SSL or TLS.
(LDAPS)
(RFC 4513)
FTP over TLS/SSL TCP 989/990 Again, just like the previous two entries, FTP over TLS/SSL uses
(RFC 4217) the FTP protocol which is then secured using either SSL or TLS.
SMB TCP 139/445

20
Networking Basics
• IP Address
• MAC Address
• TCP, UDP
• Common ports and protocols
• OSI Model
• Subnetting

21
 Thank You
ANY MALICIOUS USE OF THE CONTENTS FROM THIS COURSE WILL NOT HOLD THE COURSE INSTRUCTOR(S) RESPONSIBLE,
THE CONTENTS ARE SOLELY FOR EDUCATIONAL PURPOSES.
PLEASE USE THE LEARNING MATERIALS ON PERMITTED TARGETS ONLY.

22