Introduction to Ethical

Hacking

KDU-CYB 113
Fundamentals of Information
Security and Ethical Hacking
(Week 1 – 3)

Week 1
Introduction
• In this ethical hacking lectures for beginners, you will learn the
concepts like Fundamentals of information security and ethical
hacking, security threats, ethical hacking skills, Social
engineering, Cryptography, Wireshark, DoS attack, SQL
injection, Digital forensics, hacking tools, web security
vulnerabilities, Kali Linux, and many more interesting ethical
hacking concepts.

 Password cracking techniques, tools, and countermeasures.

 Social engineering concepts, its phases, techniques, and
countermeasures
 Introduction to Information Security

•Table of Content:
 What Is Information Security?
 Fundamental Principles of Information Security
 Information Security Controls
 Key Components of Information Security Management
 The Elements of Security
 Information Security Principles
 Why Does Information Security Matter?
 Uses of Information Security
 Issues of Information Security
 Summary
 Introduction to Ethical Hacking

•Table of Content:
 What is Hacking?
 Who is a Hacker?
 Types of Hackers
 Introduction of Cybercrime
 Type of Cybercrime
 What is Ethical Hacking?
 Why Ethical Hacking?
 Legality of Ethical Hacking
 Summary
 What Is Information Security?
• Information security often referred to as
cybersecurity or IT security, is the process of
securing electronic data against harm. Also,
• Information security generally entails the
safeguarding of information either at the point of
storage or processing or transmission through
necessary means including the use of technology,
policy and training or awareness
 Fundamental Principles of Information Security

• Information security is important because it helps to protect

information from being accessed by unauthorized
individuals.
• There are five main principles of information security:
• Confidentiality,
• Integrity,
• Availability,
• Authentication and
• Non-repudiation.
 Confidentiality
• Confidentiality: refers to the secrecy surrounding information. It
guarantees that only users with the necessary rights, privileges, and
legitimate needs can access information.
• When unauthorized individuals or systems access information, its
confidentiality is compromised.
• A variety of measures are used to ensure the confidentiality of
information including encryption.
• For example let assume that I have a password for my Gmail
account but someone saw while I was doing a login into Gmail
account. In that case my password has been compromised and
Confidentiality has been breached.
 Integrity
• Integrity means that data cannot be altered without authorization.
It entails preserving the consistency, precision, and reliability of
information, preventing unauthorized alterations or tampering. One
of the measures to ensure information security is to implement
privacy-preserving keyword search, which enables the retrieval of
files containing specific keywords without revealing their content
through decryption
• For example if an employee leaves an organisation then in that case
data for that employee in all departments like accounts, should be
updated to reflect status to JOB LEFT so that data is complete and
accurate and in addition to this only authorized person should be
allowed to edit employee data.
 Availability
• Availability ensures authorized users have access to the
data when needed.
• For example if one needs to access information of a
particular employee to check whether employee has
outstand the number of leaves, in that case it requires
collaboration from different organizational teams like
network operations, development operations, incident
response and policy/change management.
Denial of service attack is one of the factor that can hamper
the availability of information.
 Non-repudiation
• Non-repudiation The assurance that the parties involved cannot
repudiate or deny an action or transaction., such as sending an
email.
• For example in cryptography, Cryptography is used to protect
digital data. It focuses on transforming data into formats
that cannot be recognized by unauthorized users. An
example of basic cryptography is a encrypted message in
which letters are replaced with other characters
• Data Integrity and Authenticity are pre-requisites for Non
repudiation.
 Authentication
• Authentication: The process of verifying the identity of a user, device, or
process before allowing access to sensitive data or systems.
• For example if take above example sender sends the message along with
digital signature which was generated using the hash value of message and
private key. Now at the receiver side this digital signature is decrypted using
the public key generating a hash value and message is again hashed to
generate the hash value. If the 2 value matches then it is known as valid
transmission with the authentic or we say genuine message received at the
recipient side
 Information Security Controls
• Information security controls are safeguards or
countermeasures used to protect electronic information
systems and data from unauthorized access, use, disclosure,
disruption, modification, or destruction.
• Information security controls can be classified into three
main categories:
• Administrative Controls,
• Physical Controls, and
• Technical Controls.
 Administrative controls
• Administrative controls are procedures and
policies that help secure information systems and
data. They include specifying who is allowed for
1.having access to which systems and data,
2.establishing security clearance levels,
3.assigning responsibility for information security,
4.developing awareness and training programs,
5.conducting risk assessments, and
6.creating incident response plans.
• Physical controls are designed to protect
information systems and data from physical threats
such as fire, flooding, power outages, temperature
extremes, tampering, and theft. Examples of physical
controls are installing firewalls and intrusion detection
systems, using physical security devices such as
locks and alarms, and establishing environmental
controls.
• Technical controls protect information systems and
data from logical or cyber threats. They include
measures such as creating user accounts and
passwords, encrypting data, implementing access
control lists, and auditing system activity.
 Key Components of Information Security Management
• The following are the key components of an information security management
system:
1.Policies and procedures: Establishing clear policies and procedures is
essential to protecting sensitive data. The policies should be reviewed regularly
and updated to reflect business environment or technology changes.
2.Risk assessment: A risk assessment should be conducted periodically to
identify potential threats and vulnerabilities. The assessment should consider
the type of data, the level of sensitivity, and the potential impact of a security
breach.
3.Mitigation strategies: Once risks have been identified, mitigation strategies
should be implemented to reduce the likelihood or impact of an incident. These
may include technical controls, such as firewalls and intrusion detection
systems, or organizational measures, such as employee training.
4.Monitoring and testing: Information security should be monitored on an
ongoing basis to ensure that policies and procedures are followed, and that
controls are effective. Regular testing should be conducted to identify
weaknesses and vulnerabilities.
 The Elements of Security
• When it comes to security, there are a few key
elements that you need to consider. The most
important security elements are deterrence,
detection, verification, and reaction.
 Information Security Principles
• Regarding information security, three key principles must always
be kept in mind: confidentiality, integrity, and availability.
1.Confidentiality is all about keeping sensitive data safe from
prying eyes. This might involve encrypting data at rest or in transit
and implementing access controls to ensure only authorized users
can view or modify the data.
2.Integrity ensures that unauthorized individuals cannot tamper
with data. This means ensuring that data has not been altered in
any way, either intentionally or accidentally. Integrity also requires
that data is complete and accurate.
3.Availability means authorized users should be able to access the
data they need when needed. This might involve implementing
disaster recovery plans to ensure data can still be accessed even in
a major outage
 Why Does Information Security Matter?
• With the advent of the internet and the
interconnectedness of our world, the need
to protect our information has never
been greater.
• There are many reasons why information
security matters, but the most important
are the protection of personal
information, business information,
and national security from threat
actors.
 Uses of Information Security
Information security has many uses, including:
1. Confidentiality: Keeping sensitive information confidential and protected from unauthorized access.
2. Integrity: Maintaining the accuracy and consistency of data, even in the presence of malicious attacks.
3. Availability: Ensuring that authorized users have access to the information they need, when they need it.
4. Compliance: Meeting regulatory and legal requirements, such as those related to data privacy and protection.
5. Risk management: Identifying and mitigating potential security threats to prevent harm to the organization.
6. Authentication: Verifying the identity of users accessing information systems.
7. Encryption: Protecting sensitive information from unauthorized access by encoding it into a secure format.
8. Network security: Protecting computer networks from unauthorized access, theft, and other types of attacks.
9. Physical security: Protecting information systems and the information they store from theft, damage, or
destruction by securing the physical facilities that house these systems.
10.Disaster recovery: Developing and implementing a plan to quickly recover from data loss or system failures.
 Issues of Information Security :
• Information security faces many challenges and issues, including:
1.Cyber threats: Cyber attacks such as malware, phishing, and
ransomware, makes it difficult to protect information systems
and the information they store.
2.Human error: People can mistakingly put information at risk
through actions such as losing laptops or smartphones, clicking
on malicious links, or using weak passwords.
3.Insider threats: Employees with access to sensitive
information can pose a risk if they intentionally or unintentionally
cause harm to the organization.
4.Legacy systems: Older information systems may not have the
security features of newer systems, making them more
vulnerable to attack.
5. Complexity: The increasing complexity of information systems and
the information they store makes it difficult to secure them effectively.
6. Mobile and IoT devices: The growing number of mobile devices
and internet of things (IoT) devices creates new security challenges as
they can be easily lost or stolen, and may have weak security controls.
7. Integration with third-party systems: Integrating information
systems with third-party systems can introduce new security risks, as
the third-party systems may have security vulnerabilities.
8. Data privacy: Protecting personal and sensitive information from
unauthorized access, use, or disclosure is becoming increasingly
important as data privacy regulations become more strict.
9. Globalization: The increasing globalization of business makes it
more difficult to secure information, as data may be stored, processed,
and transmitted across multiple countries with different security
requirements
Introduction to Ethical Hacking

Week 1
 Introduction
• Ethical Hacking is a method of identifying weaknesses in computer
systems and computer networks to develop countermeasures that
protect the weaknesses.
• An Ethical Hacker exposes vulnerabilities in software to help
business owners fix those security holes before a malicious hacker
discovers them. (i.e White Hat)
• An Ethical hacker must get written permission from the owner of
the computer system, protect the privacy of the organization been
hacked, transparently report all the identified weaknesses in the
computer system to the organization, and inform hardware and
software vendors of the identified weaknesses.
 What is Hacking?
•Hacking is the activity of identifying weaknesses in a computer system or
a network to exploit the security to gain access to personal data or business
data.
•An example of computer hacking can be: using a password cracking
algorithm to gain access to a computer system.
• Computers have become mandatory to run a successful businesses. It is
not enough to have isolated computers systems; they need to be
networked to facilitate communication with external businesses.
• This exposes them to the outside world and hacking.
• System hacking means using computers to commit fraudulent acts such
as fraud, privacy invasion, stealing corporate/personal data, etc.
 Who is a Hacker?
•A Hacker is a person who finds and exploits the
weakness in computer systems and/or networks to gain
access.
•Hackers are usually skilled computer programmers
with knowledge of computer security.
 Types of Hackers
•Hackers are classified according to the intent of their actions. The
following list classifies types of hackers according to their intent:
• Ethical Hacker (White hat)
• Cracker (Black hat)
• Grey hat
• Script kiddies
• Hacktivist
• Phreaker
Ethical Hacker (White hat)
• Ethical Hacker (White hat): A
security hacker who gains access to
systems with a view to fix the
identified weaknesses.
• They may also perform penetration
Testing and vulnerability
assessments.
Cracker (Black hat)
• Cracker (Black hat): A hacker
who gains unauthorized access
to computer systems for
personal gain.
• The intent is usually to steal
corporate data, violate privacy
rights, transfer funds from bank
accounts etc.
 Grey hat
• Grey hat: A hacker who is in
between ethical and black hat
hackers.
• He/she breaks into computer
systems without authority with
a view to identify weaknesses
and reveal them to the system
owner.
Script kiddies
• Script kiddies: A non-skilled
person who gains access to
computer systems using already
made tools
 Hacktivist
• Hacktivist: A hacker who use
hacking to send social, religious,
and political, etc. messages.
• This is usually done by hijacking
websites and leaving the message
on the hijacked website.
 Phreaker
• Phreaker: A hacker who identifies
and exploits weaknesses in
telephones instead of computers
 Introduction of Cybercrime
•Cybercrime is the activity of using computers and networks
to perform illegal activities like spreading computer viruses,
online bullying, performing unauthorized electronic fund
transfers, etc.
•Most cybercrime hacks are committed through the internet,
and some cybercrimes are performed using Mobile phones
via SMS and online chatting applications.
 Type of Cybercrime
The following list presents the common types of cybercrimes:
 Computer Fraud: Intentional deception for personal gain via the use of computer systems.
 Privacy violation: Exposing personal information such as email addresses, phone number, account details, etc. on
social media, hacking a websites, etc.
 Identity Theft: Stealing personal information from somebody and impersonating that person.
 Sharing copyrighted files/information: This involves distributing copyright protected files such as eBooks and
computer programs etc.
 Electronic funds transfer: This involves gaining an un-authorized access to bank computer networks and making
illegal fund transfers.
 Electronic money laundering: This involves the use of the computer to launder money.
 ATM Fraud: This involves intercepting ATM card details such as account number and PIN numbers. These details are
then used to withdraw funds from the intercepted accounts.
 Denial of Service Attacks: This involves the use of computers in multiple locations to attack servers with a view of
shutting them down.
 Spam: Sending unauthorized emails. These emails usually contain advertisements.
 CATEGORIES OF CYBER CRIME

1. Identity Theft: Identity theft occurs when a hacker steals information

from personal accounts such as banking information, social security
numbers, and addresses. The hacker will then use this information to
create accounts in the victim's name.
2. Cyber laundering- is an electronic transfer of illegally-obtained monies
with the goal of hiding its source and possibly its destination.
3. Spamming– involves mass amounts of email being sent in order to
promote and advertise products and websites.
4. Cyber Stalking: Cyber stalking is a crime that occurs when a person is
being harassed by another person in an online setting. The victim is often
bombarded with messages not just to themselves, but also to family
members or friends.
36
5. Phishing: A “phishing scam” is the act of sending fraudulent emails that
appear to come from legitimate enterprises for the purpose of tricking the
victim into providing personal information, including usernames and
passwords. Once they had possession of employee logins and passwords,
they were able to steal payroll deposits by changing the bank account into
which the payroll was deposited. It is important for a potential victim to be
aware of email addresses associated with bank accounts.
6. Denial of Service Attacks: This involves the use of computers
in multiple locations to attack servers with a view of shutting them
down.

37
 CYBER TRICKS IN NIGERIA

• Freestyle Trick: it is the simplest and common among starters to swindle foreigners. With freestyle
trick, all you need to do is to open an account in any of the popular dating sites and look for
someone who falls in love with you, afterwards he or she starts paying your bills sending hard
currency.
• Over Payment Trick: This requires a lot of processes. The Yahoo Boy who uses this trick pretends to
be a prospective buyer, by logging into any of the popular Internet classified sites, after which he
offers the person who he’s buying from cheque as a mode of payment. In this case, the Yahoo Boys
have a way of persuading the seller to send the excess after issuing an over payment cheque. With
this trick, a Yahoo Boy can buy goods worth 1500USD and issue a cheque of 5500USD. What the
Yahoo Boy is interested in is not the goods he claimed to be interested in but the excess money
that will be sent to him after the cheque must have been cashed.
• Online Charity: Another aspect of e-crime common in Nigeria is where fraudulent people host
websites of charity organizations soliciting monetary donations and materials to these
organizations that do not exist. Unfortunately, many unsuspecting people have been exploited
through this means.

38
 CYBER TRICKS IN NIGERIA CONT.
• Come & Carry Trick: With this trick, the scammer claims to be a banker
and he tell his victim that a huge sum of money in his care, is by a late
businessman. Thereafter the scammer tells the victims that he will need
some certain amount of money to get the necessary documents to claim
the money.
• Apartment Trick: With this trick, the fraudsters claim to be agents by
placing adverts of apartments for lease on the internet. They go as far as
uploading pictures of posh apartments available for lease and tell
whoever is interested to make payment to a particular account. They have
used this trick to swindle many foreigners over the years.

39
 CYBER TRICKS IN NIGERIA CONT.

• The “Winning Ticket in Lottery you Never Entered” Scam: allowing users
believe they are beneficiaries of an online lottery that is in fact a scam
(Lottery scam).
• Transfer Trick: With this trick, they look for a foreigner whose account
can take huge amount of money and they persuade him or her to help in
receiving a large amount of money in his or her account. All they do here
is to do on-line transfer which is usually done by some IT Gurus who hack
into other peoples account to achieve the trick. Though the fraud transfer
will be detected few days after the transaction but the Yahoo Boy would
have gotten his own share from the transferred money before then.

40
 BOTTLENECK OF CYBERCRIME

• Corruption: Nigeria was ranked third among the most corrupt countries in the world.
Since 1999, corruption was seen as a way of life in Nigeria.
• Poverty Rate: On the global scale, Nigeria is regarded as a third world country. The
poverty rate is ever increasing. The rich are getting richer and the poor are getting
poorer.
• Unemployment: The spate of unemployment in Nigeria is alarming and growing by
the day. Companies are folding up and financial institutions are going bankrupt.
• Lack of Infrastructure: Proper monitoring and arrest calls for sophisticated state of
the art Information and Communication Technology devices.
• Lack of National Functional Databases: National database could serve as a means of
tracking down the perpetrators of these heinous acts by checking into past individual
records and tracing their movements.
• Porous Nature of the Internet: The Internet is free for all with no central control.
Hence, the state of anarchy presently experienced.
41
REASONS FOR ATTACKING PEOPLE, ORGANIZATION AND GOVERNMENT

Here are some reasons

• The prime reason is greed for money by these criminals
• Youths see how money change hands to corrupt government officials and
decide to get their own share of this money by carrying out cybercrime
• Unemployment is partly to blame for this crime. Undergraduate leave Nigeria
institutions of Higher Learning yearly without any hope of employment.
• Lack of confidence in your ability to succeed in a legitimate way.
• Porous cyber security protocol by organization, government and individuals
• Lack of accountability of government officials is another cause of this crime.

42
 EFFECTS OF CYBER CRIME

• Financial loss: Cybercriminals are like terrorists or metal thieves in that

their activities impose disproportionate costs on society and individuals.
• Loss of reputation: most companies that have been defrauded or
reported to have been faced with cybercriminal activities complain of
clients losing faith in them.
• Reduced productivity: this is due to awareness and more concentration
being focused on preventing cybercrime and not productivity.
• Vulnerability of their Information and Communication Technology (ICT)
systems and networks.

43
 WAYS TO PREVENT CYBERCRIME IN NIGERIA CONT.

• Use your computer's firewall protection feature, which is a digitally

created barrier that prevents hackers from getting into your computer
system. Always keep it turned on.
• Encrypt important data you don't want compromised. Utilize encryption
software, which "garbles" your data to make it unintelligible to anyone
who tries to hack into your computer system.
• Download a Virtual Private Network (VPN): A VPN is a valuable ally in the
fight against cybercrime.
• Create strong passwords: Choosing strong, unique passwords is one of the
simplest ways you can prevent online attacks.

44
 What is Ethical Hacking?
•Ethical Hacking is identifying weakness in computer systems and/or
computer networks and coming with countermeasures that protect the
weaknesses. Ethical hackers must abide by the following rules.
 Get written permission from the owner of the computer system and/or
computer network before hacking.
 Protect the privacy of the organization been hacked.
 Transparently report all the identified weaknesses in the computer system
to the organization.
 Inform hardware and software vendors of the identified weaknesses.
 Why Ethical Hacking?
 Information is one of the most valuable assets of an organization.
Keeping information secure can protect an organization’s image
and save an organization a lot of money.
 Fake hacking can lead to loss of business for organizations that
deal in finance such as PayPal.
 Ethical hacking puts them a step ahead of the cyber criminals who
would otherwise lead to loss of business.
 Legality of Ethical Hacking
• Ethical Hacking is legal if the hacker abides by the
rules stipulated in the above section on the definition of
ethical hacking.
• The
International Council of E-Commerce Consultants (EC-Co
uncil)
provides a certification program that tests individual’s
skills.
• Those who pass the examination are awarded with
certificates. The certificates are supposed to be renewed
after some time.
 Summary
 Hacking is identifying and exploiting weaknesses in
computer systems and/or computer networks.
 Cybercrime is committing a crime with the aid of
computers and information technology infrastructure.
 Ethical Hacking is about improving the security of
computer systems and/or computer networks.
 Ethical Hacking is legal.
Potential Security Threats
To Your Computer Systems

Week 2
 Potential Security Threats To Your Computer Systems

•Table of Content:
 What is a Security Threat?
 What are Physical Threats?
 What are Non-physical threats?
 Summary
 Introduction
•A computer system threat is anything that leads to loss or
corruption of data or physical damage to the hardware
and/or infrastructure.
•Knowing how to identify computer security threats is the first
step in protecting computer systems. The threats could be
intentional, accidental or caused by natural disasters.
• In this lecture, you will be introduce to the common
computer system threats and how you can protect systems
against them.
 What is a Security Threat?
•Security Threat is defined as a risk that which can
potentially harm computer systems and organization.
•The cause could be physical such as someone stealing a
computer that contains vital data.
•The cause could also be non-physical such as a virus attack.
•In these lecture series, we will define a threat as a potential
attack from a hacker that can allow them to gain
unauthorized access to a computer system.
 What are Physical Threats?
•A physical threat is a potential cause of an incident that may result in loss or physical
damage to the computer systems.
•The following list classifies the physical threats into three (3) main categories;
 Internal: The threats include fire, unstable power supply, humidity in the rooms housing
the hardware, etc.
 External: These threats include Lightning, floods, earthquakes, etc.
 Human: These threats include theft, vandalism of the infrastructure and/or hardware,
disruption, accidental or intentional errors.
•To protect computer systems from the above mentioned physical threats, an
organization must have physical security control measures.
 Physical Security Control Measures
The following list shows some of the possible measures that can be taken:
 Internal:
 Fire threats could be prevented by the use of automatic fire detectors and extinguishers that do not
use water to put out a fire.
 The unstable power supply can be prevented by the use of voltage controllers.
 An air conditioner can be used to control the humidity in the computer room.
 External: Lightning protection systems can be used to protect computer systems against
such attacks. Lightning protection systems are not 100% perfect, but to a certain extent,
they reduce the chances of Lightning causing damage. Housing computer systems in high
lands are one of the possible ways of protecting systems against floods.
 Humans: Threats such as theft can be prevented by use of locked doors and restricted
access to computer rooms.
 What are Non-physical threats?
•A non-physical threat is a potential cause of an incident that
may result in;
 Loss or corruption of system data
 Disrupt business operations that rely on computer systems
 Loss of sensitive information
 Illegal monitoring of activities on computer systems
 Cyber Security Breaches
 Others
 Non-physical threats Cont.
•The non-physical threats are also known as logical threats. The following list
is the common types of non-physical threats;
 Virus
 Trojans
 Worms
 Spyware
 Key loggers
 Adware
 Denial of Service Attacks
 Distributed Denial of Service Attacks
 Unauthorized access to computer systems resources such as data
 Phishing
 Other Computer Security Risks
 Logical Security Measures
To protect computer systems from the above-mentioned threats, an organization must have logical
security measures in place. The following list shows some of the possible measures that can be taken to
protect cyber security threats
•To protect against viruses, Trojans, worms, etc. an organization can use anti-virus software. In
additional to the anti-virus software, an organization can also have control measures on the usage of external
storage devices and visiting the website that is most likely to download unauthorized programs onto the user’s
computer.
•Unauthorized access to computer system resources can be prevented by the use of authentication
methods. The authentication methods can be, in the form of user ids and strong passwords, smart cards or
biometric, etc.
•Intrusion-detection/prevention systems can be used to protect against denial of service attacks. There
are other measures too that can be put in place to avoid denial of service attacks.
 Summary
 A threat is any activity that can lead to data loss/corruption
through to disruption of normal business operations.
 There are physical and non-physical threats
 Physical threats cause damage to computer systems hardware and
infrastructure. Examples include theft, vandalism through to
natural disasters.
 Non-physical threats target the software and data on the computer
systems.
Skills Required to Become
a Ethical Hacker.

Week 3
 Skills Required to Become a Ethical Hacker

•Table of Content:
 What is a programming language?
 Why should you learn how to program?
 What languages should I learn?
 Programming languages that are useful to hackers
 Other skills
 Summary
Skills Required to Become a Ethical Hacker
• Skills allow you to achieve your desired goals within the
available time and resources. As a hacker, you will need to
develop skills that will help you get the job done.
• These skills include learning how to program, use the
internet, good at solving problems, and taking advantage of
existing security tools.
•In this lecture, we will introduce you to the common
programming languages and skills that you must know as a
hacker.
 What is a programming language?
•A programming language is a language that is used to develop computer
programs. The programs developed can range from operating systems;
databased applications through to networking solutions.
 Why should you learn how to program?
 Hackers are the problem solver and tool builders, learning how to program
will help you implement solutions to problems. It also differentiates you
from script kiddies.
 Writing programs as a hacker will help you to automate many tasks which
would usually take lots of time to complete.
 Writing programs can also help you identify and exploit programming errors
in applications that you will be targeting.
 You don’t have to reinvent the wheel all the time, and there are a number of
open source programs that are readily usable. You can customize the
already existing applications and add your methods to suit your needs.
 What languages should I learn?
•The answer to this question depends on your target
computer systems and platforms. Some programming
languages are used to develop for only specific platforms. As
an example, Visual Basic Classic (3, 4, 5, and 6.0) is used to
write applications that run on Windows operating system. It
would, therefore, be illogical for you to learn how to program
in Visual Basic 6.0 when your target is hacking Linux based
systems.
Programming languages that are useful to hackers
S/N
COMPUTER LANGUAGES DESCRIPTION PLATFORM PURPOSE

1 HTML Language used to write web *Cross platform Web hacking

pages. Login forms and other data entry methods on
the web use HTML forms to get data. Being able
to write and interpret HTML, makes it easy for
you to identify and exploit weaknesses in the
code.

2 JavaScript Client side scripting language *Cross platform Web Hacking

JavaScript code is executed on the client browse.
You can use it to read saved cookies and perform
cross site scripting etc.

3 SQL Language used to *Cross platform Web Hacking

communicate with database Using SQL injection, to by-pass web application
login algorithms that are weak, delete data from
the database, etc.
S/N
COMPUTER LANGUAGES DESCRIPTION PLATFORM PURPOSE

4 PHP Server side scripting language *Cross platform Web Hacking

PHP is one of the most used web programming languages. It is
used to process HTML forms and performs other custom tasks.
You could write a custom application in PHP that modifies
settings on a web server and makes the server vulnerable to
attacks.

5 Python High level programming languages *Cross platform Building tools & scripts
Ruby They come in handy when you need to develop automation
tools and scripts. The knowledge gained can also be used in
Bash understand and customization the already available tools.
Perl

6 C & C++ Low Level Programming *Cross platform Writing exploits, shell codes, etc.
They come in handy when you need to write your own shell
codes, exploits, root kits or understanding and expanding on
existing ones.

7 Java Other languages Java & CSharp are *cross Other uses
platform. Visual Basic is specific The usefulness of these languages depends on your scenario.
CSharp to Windows
Visual Basic
VBScript
•* Cross platform means programs developed using the particular language can be
deployed on different operating systems such as Windows, Linux based, MAC etc.
Other skills
•In addition to programming skills, a good hacker should also have the following
skills:
 Know how to use the internet and search engines effectively to gather
information.
 Get a Linux-based operating system and the know the basics commands that
every Linux user should know.
 Practice makes perfect, a good hacker should be hard working and positively
contribute to the hacker community. He/she can contribute by developing open
source programs, answering questions in hacking forums, etc.
 Summary
 Programming skills are essential to becoming an effective
hacker.
 Network skills are essential to becoming an effective hacker
 SQL skills are essential to becoming an effective hacker.
 Hacking tools are programs that simplify the process of
identifying and exploiting weaknesses in computer systems.
Information Security Threats and
Vulnerabilities
(Week)

Week 4
 Information Security Threats and
Attacks
• Information Security Threats and attacks are actions or events that can
compromise the confidentiality, integrity, or availability of data and
systems.
• They can originate from various sources, such as individuals, groups, or even
natural event.
• Here are some common information security threats and attacks:
• Malware attack
• Social engineering attacks
• Software supply chain attacks
• Advanced persistent threats (APT)
• Distributed denial of service (DDoS)
• Man-in-the-middle attack (MitM)
• Password attacks
 Types of Information Security
Threats
The main types of information security threats
are:
• Malware attack
• Social engineering attacks
• Software supply chain attacks
• Advanced persistent threats (APT)
• Distributed denial of service (DDoS)
• Man-in-the-middle attack (MitM)
• Password attacks
 Malware Attack
• Malware: Malicious software designed to
infiltrate, damage, or disrupt systems.
• Malware includes viruses, worms, Trojans,
ransomware, and spyware.
• It can steal sensitive information, cause
system downtime, or provide unauthorized
access to attackers.
 Malware Attacks include:
• Trojan virus — tricks a user into thinking it is a harmless file. A Trojan can launch an attack on a
system and can establish a backdoor, which attackers can use.
• Ransomware — prevents access to the data of the victim and threatens to delete or publish it
unless a ransom is paid.
• Wiper malware — intends to destroy data or systems, by overwriting targeted files or destroying
an entire file system. Wipers are usually intended to send a political message, or hide hacker
activities after data exfiltration.
• Worms — this malware is designed to exploit backdoors and vulnerabilities to gain unauthorized
access to operating systems. After installation, the worm can perform various attacks, including
Distributed Denial of Service (DDoS).
• Spyware — this malware enables malicious actors to gain unauthorized access to data, including
sensitive information like payment details and credentials. Spyware can affect mobile phones,
desktop applications, and desktop browsers.
• Fileless malware — this type of malware does not require installing software on the operating
system. It makes native files such as PowerShell and WMI editable to enable malicious functions,
making them recognized as legitimate and difficult to detect.
• Application or website manipulation — OWASP outlines the top 10 application security risks,
ranging from broken access controls and security misconfiguration through injection attacks and
cryptographic failures. Once the vector is established through service account acquisition, more
malware, credential, or APT attacks are launched.
 Social Engineering Attacks
• A social engineering attack are when
attackers deceive users into revealing
sensitive information or executing
malicious actions, typically through
fraudulent emails or messages that
impersonate legitimate entities.
Social engineering attacks include:
• Phishing — attackers send fraudulent correspondence that seems to come from
legitimate sources, usually via email. The email may urge the user to perform an
important action or click on a link to a malicious website, leading them to hand
over sensitive information to the attacker, or expose themselves to malicious
downloads. Phishing emails may include an email attachment infected with
malware.
• Spear phishing — a variant of phishing in which attackers specifically target
individuals with security privileges or influence, such as system administrators or
senior executives.
• Malvertising — online advertising controlled by hackers, which contains malicious
code that infects a user’s computer when they click, or even just view the ad.
Malvertising has been found on many leading online publications.
• Drive-by downloads — attackers can hack websites and insert malicious scripts
into PHP or HTTP code on a page. When users visit the page, malware is directly
installed on their computer; or, the attacker’s script redirects users to a malicious
site, which performs the download. Drive-by downloads rely on vulnerabilities in
browsers or operating systems. Learn more in the guide to drive-by downloads.
• Scareware security software — pretends to scan for malware and then
regularly shows the user fake warnings and detections. Attackers may ask the
user to pay to remove the fake threats from their computer or to register the
software. Users who comply transfer their financial details to an attacker.
• Baiting — occurs when a threat actor tricks a target into using a malicious
device, placing a malware-infected physical device, like a USB, where the
target can find it. Once the target inserts the device into their computer, they
unintentionally install the malware.
• Vishing — voice phishing (vishing) attacks use social engineering techniques
to get targets to divulge financial or personal information over the phone.
• Whaling — this phishing attack targets high-profile employees (whales),
such as the chief executive officer (CEO) or chief financial officer (CFO). The
threat actor attempts to trick the target into disclosing confidential
information.
• Pretexting — occurs when a threat actor lies to the target to gain access to
privileged data. A pretexting scam may involve a threat actor pretending to
confirm the target’s identity by asking for financial or personal data.
• Scareware — a threat actor tricks the victim into thinking they
inadvertently downloaded illegal content or that their computer is infected
with malware. Next, the threat actor offers the victim a solution to fix the
fake problem, tricking the victim into downloading and installing malware.
• Diversion theft — threat actors use social engineers to trick a courier or
delivery company into going to a wrong drop-off or pickup location,
intercepting the transaction.
• Honey trap — a social engineer assumes a fake identity as an attractive
person to interact with a target online. The social engineer fakes an online
relationship and gathers sensitive information through this relationship.
• Tailgating or piggybacking — occurs when a threat actor enters a
secured building by following authorized personnel. Typically, the staff
with legitimate access assumes the person behind is allowed entrance,
holding the door open for them.
• Pharming — an online fraud scheme during which a cybercriminal installs
malicious code on a server or computer. The code automatically directs
users to a fake website, where users are tricked into providing personal
data.
 Software Supply Chain Attacks
• A software supply chain attack is a cyber attack
against an organization that targets weak links
in its trusted software update and supply chain.
• A supply chain is the network of all individuals,
organizations, resources, activities, and
technologies involved in the creation and sale
of a product.
• A software supply chain attack exploits the
trust that organizations have in their third-party
vendors, particularly in updates and patching.
 Types of software supply chain attacks:
• Compromise of software build tools or dev/test infrastructure
• Compromise of devices or accounts owned by privileged
third-party vendors
• Malicious apps signed with stolen code signing certificates or
developer IDs
• Malicious code deployed on hardware or firmware
components
• Malware pre-installed on devices such as cameras, USBs, and
mobile phones
Advanced Persistent Threats (APT)
• When an individual or group gains
unauthorized access to a network and
remains undiscovered for an extended period
of time, attackers may exfiltrate sensitive
data, deliberately avoiding detection by the
organization’s security staff.
• APTs require sophisticated attackers and
involve major efforts, so they are typically
launched against nation states, large
corporations, or other highly valuable targets.
Common indicators of an APT presence include:
• New account creation — the P in Persistent comes from an
attacker creating an identity or credential on the network with
elevated privileges.
• Abnormal activity — legitimate user accounts typically perform
in patterns. Abnormal activity on these accounts can indicate an
APT is occurring, including noting a stale account which was
created then left unused for a time suddenly being active.
• Backdoor/trojan horse malware — extensive use of this
method enables APTs to maintain long-term access.
• Odd database activity — for example, a sudden increase in
database operations with massive amounts of data.
• Unusual data files — the presence of these files can indicate
data has been bundled into files to assist in an exfiltration process.
Distributed Denial of Service (DDoS)
• The objective of a denial of service (DoS) attack is to
overwhelm the resources of a target system and cause it to
stop functioning, denying access to its users.
• Distributed denial of service (DDoS) is a variant of DoS in
which attackers compromise a large number of computers or
other devices, and use them in a coordinated attack against
the target system.
• DDoS attacks are often used in combination with other
cyberthreats. These attacks may launch a denial of service to
capture the attention of security staff and create confusion,
while they carry out more subtle attacks aimed at stealing
data or causing other damage.
 Methods of DDoS attacks include:
• Botnets — systems under hacker control that have been
infected with malware. Attackers use these bots to carry out
DDoS attacks. Large botnets can include millions of devices and
can launch attacks at devastating scale.
• Smurf attack — sends Internet Control Message Protocol (ICMP)
echo requests to the victim’s IP address. The ICMP requests are
generated from ‘spoofed’ IP addresses. Attackers automate this
process and perform it at scale to overwhelm a target system.
• TCP SYN flood attack — attacks flood the target system with
connection requests. When the target system attempts to
complete the connection, the attacker’s device does not
respond, forcing the target system to time out. This quickly fills
the connection queue, preventing legitimate users from
connecting.
 Man-in-the-middle attack (MitM)
• When users or devices access a remote system over the
internet, they assume they are communicating directly with
the server of the target system.
• In a MitM attack, attackers break this assumption, placing
themselves in between the user and the target server.
• Once the attacker has intercepted communications, they may
be able to compromise a user’s credentials, steal sensitive
data, and return different responses to the user.
 MitM attacks include:
• Session hijacking — an attacker hijacks a session between a network server and a
client. The attacking computer substitutes its IP address for the IP address of the
client. The server believes it is corresponding with the client and continues the
session.
• Replay attack — a cybercriminal eavesdrops on network communication and replays
messages at a later time, pretending to be the user. Replay attacks have been largely
mitigated by adding timestamps to network communications.
• IP spoofing — an attacker convinces a system that it is corresponding with a trusted,
known entity. The system thus provides the attacker with access. The attacker forges
its packet with the IP source address of a trusted host, rather than its own IP address.
• Eavesdropping attack — attackers leverage insecure network communication to
access information transmitted between the client and server. These attacks are
difficult to detect because network transmissions appear to act normally.
• Bluetooth attacks — Because Bluetooth is often open in promiscuous mode, there
are many attacks, particularly against phones, that drop contact cards and other
malware through open and receiving Bluetooth connections. Usually this compromise
of an endpoint is a means to an end, from harvesting credentials to personal
information.
 Password attacks
• A hacker can gain access to the password
information of an individual by ‘sniffing’ the
connection to the network, using social
engineering, guessing, or gaining access to a
password database. An attacker can ‘guess’ a
password in a random or systematic way.
• Password attacks: Attackers attempt to gain
unauthorized access by cracking user
passwords through methods such as brute
force, dictionary attacks, or keylogging.
 Password attacks include:
• Brute-force password guessing — an attacker uses software to try many
different passwords, in hopes of guessing the correct one. The software can use
some logic to trying passwords related to the name of the individual, their job,
their family, etc.
• Dictionary attack — a dictionary of common passwords is used to gain access
to the computer and network of the victim. One method is to copy an encrypted
file that has the passwords, apply the same encryption to a dictionary of regularly
used passwords, and contrast the findings.
• Pass-the-hash attack — an attacker exploits the authentication protocol in a
session and captures a password hash (as opposed to the password characters
directly) and then passes it through for authentication and lateral access to other
networked systems. In these attack types, the threat actor doesn’t need to
decrypt the hash to obtain a plain text password.
• Golden ticket attack — a golden ticket attack starts in the same way as a pass-
the-hash attack, where on a Kerberos (Windows AD) system the attacker uses the
stolen password hash to access the key distribution center to forge a ticket-
granting-ticket (TGT) hash. Mimikatz attacks frequently use this attack vector.