100% found this document useful (2 votes)
305 views11 pages

CHAPTER 1 - Introduction To Ethical Hacking

The document provides an introduction to ethical hacking. It defines ethical hacking as identifying vulnerabilities in a system through approved rules and regulations before malicious hackers can exploit them. It discusses different types of hackers (black hat, white hat, grey hat), phases of hacking (footprinting, scanning, gaining access), and key terminology like vulnerabilities, exploits, payloads. The document also introduces concepts like cyber security, information security, and elements of information security like confidentiality, integrity, availability, authentication, and non-repudiation.

Uploaded by

armaan malik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
100% found this document useful (2 votes)
305 views11 pages

CHAPTER 1 - Introduction To Ethical Hacking

The document provides an introduction to ethical hacking. It defines ethical hacking as identifying vulnerabilities in a system through approved rules and regulations before malicious hackers can exploit them. It discusses different types of hackers (black hat, white hat, grey hat), phases of hacking (footprinting, scanning, gaining access), and key terminology like vulnerabilities, exploits, payloads. The document also introduces concepts like cyber security, information security, and elements of information security like confidentiality, integrity, availability, authentication, and non-repudiation.

Uploaded by

armaan malik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

Introduction to Ethical

Hacking
CHAPTER 1

https://www.hackerschool.in
Ethical Hacking

 By binding to rules and regulations of an organization, identifying known and


unknown vulnerabilities present in information system through which compromise
or destruction of data on information system can be done before any malicious
hacker discovers.
 In ethical hacking approach, security engineer discovers known vulnerabilities
through vulnerability scanning tools and creates scan reports for discovered
vulnerabilities. Whereas to discover unknown vulnerabilities, security engineer
uses manual approach which involves fuzzing & reverse engineering techniques.

https://www.hackerschool.in
Hacking

 Unauthorized access to information system either to steal or destroy data without


owners knowledge by an attacker

https://www.hackerschool.in
Hacker

 An intelligent individual who spends enormous amounts of time exploring


information system hardware and software to discover vulnerabilities through
which he/ she can compromise or destroy the data on information system,

https://www.hackerschool.in
Types of Hackers

 Black hat hacker


 White hat hacker
 Grey hat hacker
 Hacktivist
 State sponsored hacker
 Sneaker / contract hacker

https://www.hackerschool.in
Phases of hacking

 Foot printing 
 Scanning 
 Gaining access
 Maintain access
 Covering tracks 

https://www.hackerschool.in
Terminologies 

 Vulnerability: it is a weakness in any software program or application that helps hacker to


compromise or crash the information system
 Exploit: it is a piece of malicious programming code which takes advantage of vulnerability
to compromise the information system for delivering payload.
 Payload: a type of action, attacker wants to perform on information system after compromise
like controlling webcam, recording keystrokes etc. 
 Note: Vulnerability + Exploit + Payload = Remote control of information system 

https://www.hackerschool.in
Terminologies (Cont'd)

 Threat actor: is a person responsible for an event or incident that impacts or has the
potential to impact.
 Zero day: an exploit attack for which there is no defense by antivirus, intrusion
prevention system (IPS) and firewalls.
 Risk:  Risk is defined as the potential for loss or damage when a threat exploits a
vulnerability. Examples of risk include financial loss, damage to reputation, loss of
privacy, legal implications etc.

https://www.hackerschool.in
Cyber security

 Cyber security is the practice of defending computers, servers, mobile devices,


electronic systems, networks, and data from malicious attacks. It's also known as
information technology security or electronic information security.

https://www.hackerschool.in
Information Security

 Information security, often referred to as InfoSec, refers to the processes and tools
designed and deployed to protect sensitive business information from modification,
disruption, destruction, and inspection.

https://www.hackerschool.in
Elements of Information Security

NAME EXAMPLE

confidentiality Encryption, Steganography

Integrity Hash functions 

Availability Cloud computing, backup disks

Authentication  Passwords, 2 step verification

Non-repudiation Logs, digital signature

https://www.hackerschool.in

You might also like