Introduction to ethical

hacking
Module 01
• Sun Tzu states in the Art of War, “If you know yourself but not the enemy, for
every victory gained, you will also suffer a defeat.”
• System administrators and security professionals must guard their
infrastructure against exploits by knowing the enemy—the malicious
hacker(s)—who seeks to use the same infrastructure for illegal
activities.
Information Security
• Information Security refers to the protection or safeguarding of
information systems that use store and transmit information from
unauthorized access disclosure alteration and destruction.
• Information is a critical asset that must be secured.
• Information security is the state of the well being of information and
infrastructure in which the possibility of theft tampering or disruption
of information services is kept loe
Elements of Information security
• Five Major Elements
• Confidentiality
• Integrity
• Availability
• Authenticity
• Non-repudiation
 • Confidentiality is the assurance that the information is accessible only to

Confidentiality authorized. Confidentiality breaches may occur due to improper data handling
or a hacking attempt. Confidentiality controls include data classification, data
encryption, and proper disposal of equipment (such as DVDs, USB drives, and
Blu-ray discs).

• Integrity is the trustworthiness of data or resources in the prevention of improper and

Integrity
unauthorized changes—the assurance that information is sufficiently accurate for its
purpose. Measures to maintain data integrity may include a checksum (a number
produced by a mathematical function to verify that a given block of data is not
changed) and access control (which ensures that only authorized people can update,
add, or delete data).

• Availability is the assurance that the systems responsible for delivering, storing,

Availability and processing information are accessible when required by authorized users.
Measures to maintain data availability can include disk arrays for redundant
systems and clustered machines, antivirus software to combat malware, and
distributed denial-of-service (DDoS) prevention systems.

• Authenticity refers to the characteristic of communication, documents, or any

data that ensures the quality of being genuine or uncorrupted. The major role of
Authenticity authentication is to confirm that a user is genuine. Controls such as biometrics,
smart cards, and digital certificates ensure the authenticity of data, transactions,
communications, and documents

• Non-repudiation is a way to guarantee that the sender of a message cannot

Non-Repudiation later deny having sent the message and that the recipient cannot deny having
received the message. Individuals and organizations use digital signatures to
ensure non-repudiation.
Motives, Goals and objectives of Information
Security attacks
• Attackers generally have motives (goals), and objectives behind their
information security attacks.
• A motive originates out of the notion that a target system stores or
processes something valuable, which leads to the threat of an attack
on the system.
• The purpose of the attack may be to disrupt the target organization’s
business operations, to steal valuable information for the sake of
curiosity, or even to exact revenge.
• Attacks = Motive (Goal) + Method + Vulnerability
Motives behind information security attacks
• Disrupt business continuity
• Perform information theft
• Manipulating data
• Create fear and chaos by disrupting critical infrastructures
• Bring financial loss to the target
Classification of Attacks
• Passive Attacks
• Passive attacks involve intercepting and monitoring network traffic and data
flow on the target network and do not tamper with the data.
• These attacks are very difficult to detect as the attacker has no active interaction
with the target system or network.
• Examples of passive attacks: Foot printing ,Sniffing and eavesdropping
• Active Attacks
• Active attacks tamper with the data in transit or disrupt communication or
services between the systems to bypass or break into secured systems.
• Attackers launch attacks on the target system or network by sending traffic
actively that can be detected
• Examples of Active Attacks: Denial of Service Attacks, spoofing attacks, replay
attacks
Classification of Attacks
• Close-in Attacks
• Close-in attacks are performed when the attacker is in close physical proximity with the target
system or network.
• The main goal of performing this type of attack is to gather or modify information or disrupt its
access.
• For example, an attacker might shoulder surf user credentials. Attackers gain close proximity
through surreptitious entry, open access, or both.
• Examples of close-in attacks: oSocial engineering (Eavesdropping, shoulder surfing, dumpster
diving, and other methods)
• Insider Attacks
• Insider attacks are performed by trusted persons who have physical access to the critical assets of
the target.
• An insider attack involves using privileged access to violate rules or intentionally cause a threat to
the organization’s information or information systems.
• Examples: eavesdropping and wiretapping, Planting keyloggers
Classification of Attacks
• Distribution Attacks
• Distribution attacks occur when attackers tamper with hardware or software
prior to installation.
• Attackers tamper the hardware or software at its source or when it is in
transit.
• Examples of distribution attacks include backdoors created by software or
hardware vendors at the time of manufacture.
Cyber Kill chain
• CyberKillchain is an efficient and effective way of illustrating how an
adversary can attack the target organization.
• This Model helps organizations understand the various possible
threats at every stage of an attack and develop the necessary
countermeasures to defend against such attacks.
Cyber Kill chain Methodology
What is Hacking?
• Hacking in the field of computer security refers to exploiting system
vulnerabilities and compromising security controls to gain unauthorized
or inappropriate access to system resources.
• It involves a modifying system or application features to achieve a goal
outside its creator’s original purpose.
• Hacking can be done to steal, pilfer, or redistribute intellectual property,
thus leading to business loss.
• The motive behind hacking could be to steal critical information or
services, for thrill, intellectual challenge, curiosity, experiment,
knowledge, financial gain, prestige, power, peer recognition, vengeance
and vindictiveness, among other reasons.
Who is a Hacker?
• A hacker is a person who breaks into a system or network without
authorization to destroy, steal sensitive data, or perform malicious
attacks. A hacker is an intelligent individual with excellent computer
skills, along with the ability to create and explore the computer’s
software and hardware.
 Hacker Types
Black Hats:
Black hats are individuals who
use their extraordinary
computing skills for illegal or
malicious purposes. This
category of hacker is often
involved in criminal activities.
They are also known as crackers.
White Suicide Script Cyber
Gray Hats:
Hats: Hackers: Kiddies: Terrorists:
White hats or penetration
testers are individuals who use Suicide hackers are individuals
Gray hats are the individuals who
their hacking skills for defensive who aim to bring down critical
work both offensively and Script kiddies are unskilled
purposes. These days, almost infrastructure for a “cause” and
defensively at various times. Gray hackers who compromise Cyber terrorists are individuals
every organization has security are not worried about facing jail
hats might help hackers to find systems by running scripts, tools, with a wide range of skills,
analysts who are knowledgeable terms or any other kind of
various vulnerabilities in a system and software developed by real motivated by religious or political
about hacking countermeasures, punishment. Suicide hackers are
or network and, at the same hackers. They usually focus on beliefs, to create fear of large-
which can secure its network similar to suicide bombers who
time, help vendors to improve the quantity rather than the scale disruption of computer
and information systems against sacrifice their life for an attack
products (software or hardware) quality of the attacks that they networks.
malicious attacks. They have and are thus not concerned with
by checking limitations and initiate.
permission from the system the consequences of their
making them more secure.
owner. actions.
Hacking Phases
What is Ethical Hacking?
• Ethical hacking is the practice of employing computer and network
skills in order to assist organizations in testing their network security
for possible loopholes and vulnerabilities.
• White Hats (also known as security analysts or ethical hackers) are the
individuals or experts who perform ethical hacking.
• Nowadays, most organizations (such as private companies,
universities, and government organizations) are hiring White Hats to
assist them in enhancing their cybersecurity.
Reasons why organizations Need ethical
hackers
• To prevent hackers from gaining access to the organization’s
information systems
• To uncover vulnerabilities in systems and explore their potential as a
risk
• To analyze and strengthen an organization’s security posture,
including policies, network protection infrastructure, and end-user
practices
• To provide adequate preventive measures in order to avoid security
breaches
• To help safeguard the customer data
Ethical hacker Evaluation
1. What can an attacker see on the target system?
2. What can an Intruder do with that information
3. Are the attackers attempts being noticed on the target system?
Skills of an Ethical Hacker
Technical Skills
• In-depth knowledge of major operating environments, such as Windows, Unix, Linux,
and Macintosh
• In-depth knowledge of networking concepts, technologies, and related hardware and
software
• A computer expert adept at technical domains o The knowledge of security areas and
related issues o High technical knowledge of how to launch sophisticated attacks
• Non-Technical Skills
• The ability to quickly learn and adapt new technologies
• A strong work ethic and good problem solving and communication skills
• Commitment to an organization’s security policies o An awareness of local standards
and laws
Information Security Controls
• Information security controls prevent the occurrence of unwanted
events and reduce risk to the organization’s information assets.
• The basic security concepts critical to information on the Internet are
confidentiality, integrity, and availability; the concepts related to the
persons accessing the information are authentication, authorization,
and non-repudiation.
• Information is the greatest asset of an organization. It must be
secured using various policies, creating awareness, employing security
mechanisms, or by other means.
Information Assurance (IA)
• IA refers to the assurance of the integrity, availability, confidentiality,
and authenticity of information and information systems during the
usage, processing, storage, and transmission of information.
• Security experts accomplish information assurance with the help of
physical, technical, and administrative controls.
• Information Assurance and Information Risk Management (IRM)
ensure that only authorized personnel access and use information.
• This helps in achieving information security and business continuity.
What is Risk?

• Risk refers to the degree of uncertainty or expectation of potential

damage that an adverse event may cause to the system or its resources,
under specified conditions.
• Alternatively, risk can also be:
• The probability of the occurrence of a threat or an event that will damage,
cause loss to, or have other negative impacts on the organization, either from
internal or external liabilities.
• The product of the likelihood that an event will occur and the impact
that the event might have on an information technology asset.
• The relation between Risk, Threats, Vulnerabilities, and Impact is as
follows: RISK = Threats x Vulnerabilities x Impact
Risk Management

• Risk management is the process of identifying, assessing, responding

to, and implementing the activities that control how the organization
manages the potential effects of risk.
• It has a prominent place throughout the security life cycle and is a
continuous and ever-increasing complex process.
Risk Management Objectives
• Identify potential risks—this is the main objective of risk
management  Identify the impact of risks and help the organization
develop better risk management strategies and plans
• Prioritize the risks, depending on the impact or severity of the risk,
and use established risk management methods, tools, and techniques
to assist in this task
• Understand and analyze the risks and report identified risk events. 
Control the risk and mitigate its effect.  Create awareness among the
security staff and develop strategies and plans for lasting risk
management strategies.
Risk Management Phases
Risk Tracking and Review
• Requires a tracking and review
structure to ensure effective
identification and assessment
of the risks as well as the use of
appropriate controls and
responses.
• The review phase evaluates the
performance of the
implemented risk management
strategies.
Risk Treatment
• The purpose of this step is to
identify treatments for the risks
that fall outside the
department’s risk tolerance and
provide an understanding of
the level of risk with controls
and treatments.
Risk Identification
• Its main aim is to identify the
risks—including the sources,
causes, and consequences of
the internal and external risks
affecting the security of the
organization before they cause
harm.
Risk Assessment
• Risk assessment is an ongoing
iterative process that assigns
priorities for risk mitigation and
implementation plans, which in
turn help to determine the
quantitative and qualitative
value of risk.
Cyber threat intelligence
• Cyber threat intelligence, usually known as CTI, is the collection and
analysis of information about threats and adversaries and the drawing
up of patterns that provide an ability to make knowledgeable
decisions for preparedness, prevention, and response actions against
various cyberattacks.
• It is the process of recognizing or discovering any “unknown threats”
that an organization may face so that necessary defense mechanisms
can be applied to avoid such occurrences. It involves collecting,
researching, and analyzing trends and technical developments in the
field of cyber threats (including cybercrime, hacktivism, and
espionage).
Types of Threat Intelligence

• Strategic Threat Intelligence Strategic threat intelligence provides high-level

information regarding cybersecurity posture, threats, details about the financial
impact of various cyber activities, attack trends, and the impact of high-level business
decisions.
• Tactical Threat Intelligence. It provides information related to the TTPs used by threat
actors (attackers) to perform attacks.
• It helps the cybersecurity professionals understand how the adversaries are expected to perform
their attack on the organization, identify the information leakage from the organization, and
assess the technical capabilities and goals of the attackers along with the attack vectors.
• Operational Threat Intelligence :Operational threat intelligence provides information
about specific threats against the organization.
• It provides contextual information about security events and incidents that help defenders
disclose potential risks, provide greater insight into attacker methodologies, identify past
malicious activities, and perform investigations on malicious activity in a more efficient way.
Incident Management

• Incident management is a set of defined processes to identify,

analyze, prioritize, and resolve security incidents to restore the system
to normal service operations as soon as possible, and prevent
recurrence of the incident.
• Incident management includes the following:
• Vulnerability analysis
• Artifact analysis
• Security awareness training
• Intrusion detection
• Public or technology monitoring
Role of AI and ML in cyber security
• Using AI and ML in cybersecurity helps to identify new exploits and
weaknesses, which can be easily analyzed to mitigate further attacks.
It reduces the pressure on security professionals and alerts them
whenever an action is needed.
• AI and ML is used in:
• Phishing detection and prevention
• Threat detection
• Behaviour analysis
Information Security Laws and Standards
• Laws are a system of rules and guidelines that are enforced by a
particular country or community to govern behavior. A Standard is a
“document established by consensus and approved by a recognized
body that provides, for common and repeated use, rules, guidelines,
or characteristics for activities or their results, aimed at the
achievement of the optimum degree of order in a given context.” This
section deals with the various laws and standards dealing with
information security in different countries. Payment
Information Security Laws and Standards

• Laws are a system of rules and guidelines that are enforced by a

particular country or community to govern behavior

• Standard is a document established by consensus and approved by

reconised body that provides for common and repeated use, rules ,
guidelines or characteristics for activities or their resultsaimed at the
achievement of the optimum degree
• Payment card Industry Data Security Standard(PCI DSS)
• ISO 2700
• Health Insurance Portability and Accountability Act (HIPPA)
• General Data Proctection Regulation GDPR
• Different countires have also insitututed various cyber laws i.e
Australia, United Kingdom, China, Canada Singapore just to mention a
few.