尊敬的 微信汇率:1円 ≈ 0.046078 元 支付宝汇率:1円 ≈ 0.046168元 [退出登录]
SlideShare a Scribd company logo

Ethical Hacking n VAPT presentation by Suvrat jain

Download as PPTX, PDF
Suvrat Jain
Suvrat Jain

a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.

EducationTechnology
1 of 25
ETHICAL HACKING A LICENCE TO HACK Suvrat Jain 11042 CSE, 3rd year
What is hacking ? • Computer hacking is when someone modifies computer hardware or software in a way that alters the creator's original intent. What is Ethical Hacking ? • Ethical hacking is when person breaches the security with authorization for the purpose of finding loopholes(security issues).
Ty p e s o f h a c ke r s
Types of hacker • White Hat Hackers: – who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. • Black Hat Hackers: – A black hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat. • Gray Hat Hackers: – A grey hat, in the hacking community, refers to a skilled hacker whose activities fall somewhere between white and black hat hackers on a variety of spectra
What is information security  Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspect ion, recording or destruction.  Term Information Security follows CIA    Confidentiality Integrity Availability
 Confidentiality : Assurance that the information is accessible only to those authorized to have access. Confidentiality breaches may occur due to improper data handling or a hacking attempt.  Integrity : The data or resources in term of preventing improper and unauthorized changes. Assurance that Information can be relied upon to be sufficiently accurate for its purpose.  Availability : Assurance that the systems responsible for delivering storing , and processing Information are accessible when required by the authorized users.
Essential Terminology's  Threat – An action or event which is a potential challenge to Security.  Vulnerability – It is the existence of a Flaw or Error in the Design of the System which can cause undesired results ranging from Compromise of System Security to Service or System Unavailability.  Attack – An action which attempts to violate or challenge the Integrity or Security of a System.  Exploit – A defined way to breach the security of a System or Product using an identified vulnerability.
Identifying Vulnerabilities • Identifying vulnerabilities through a vulnerability appraisal – Determines the current security weaknesses that could expose assets to threats • Two categories of software and hardware tools – Vulnerability scanning – Penetration testing
Vulnerability Scanning • Vulnerability scanning is typically used by an organization to identify weaknesses in the system – That need to be addressed in order to increase the level of security • Tools include port scanners, network scanner, protocol analyzers, vulnerability scanners, the Open Vulnerability and Assessment Language, and password crackers
IP Addresses and Ports  Internet protocol (IP) addresses  The primary form of address identification on a TCP/IP network  Used to uniquely identify each network device  Port number  TCP/IP uses a numeric value as an identifier to applications and services on the systems  Each datagram (packet) contains not only the source and destination IP addresses  But also the source port and destination port
TCP/IP Ports
Port Scanners  Port scanner  Sends probes to interesting ports on a target system  Determines the state of a port to know what applications are running and could be exploited  Three port states:  Open, closed, and blocked
Network Scanner  Software tools that can identify all the systems connected to a network  Most network mappers utilize the TCP/IP protocol ICMP  Internet Control Message Protocol (ICMP)  Used by PING to identify devices  Less useful for modern versions of Windows
Network Scanner (continued)
Protocol Analyzers • Also called a sniffer – Captures each packet to decode and analyze its contents – Can fully decode application-layer network protocols • Common uses include: – Network troubleshooting – Network traffic characterization – Security analysis
Vulnerability Scanners  Products that look for vulnerabilities in networks or systems  Help network administrators find security problems  Most vulnerability scanners maintain a database that categorizes and describes the vulnerabilities that it can detect  Other types of vulnerability scanners combine the features of a port scanner and network mapper
Password Crackers  Password  A secret combination of letters and numbers that only the user knows  Because passwords are common yet provide weak security, they are a frequent focus of attacks  Password cracker programs  Use the file of hashed passwords and then attempts to break the hashed passwords offline  The most common offline password cracker programs are based on dictionary attacks or rainbow tables
Shadow File  A defense against password cracker programs for UNIX and Linux systems  On a system without a shadow fiile  The passwd file that contains the hashed passwords and other user information is visible to all users  The shadow file can only be accessed at the highest level and contains only the hashed passwords
Penetration Testing • Method of evaluating the security of a computer system or network – By simulating a malicious attack instead of just scanning for vulnerabilities – Involves a more active analysis of a system for vulnerabilities • One of the first tools that was widely used for penetration testing as well as by attackers was SATAN
SATAN  SATAN could improve the security of a network by performing penetration testing  To determine the strength of the security for the network and what vulnerabilities may still have existed  SATAN would:  Recognize several common networking-related security problems  Report the problems without actually exploiting them  Offer a tutorial that explained the problem, what its impact could be, and how to resolve the problem
Ethical Hacking n VAPT presentation by Suvrat jain

Recommended

Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
Akshay Kurhade
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
RomSoft SRL
 

Recommended

Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
Akshay Kurhade
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
Rand W. Hirt
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
RomSoft SRL
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
Bhavin Shah
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
Marcelo Silva
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
Intro to Network Vapt
Intro to Network VaptIntro to Network Vapt
Intro to Network Vapt
Apurv Singh Gautam
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
Nasir Bhutta
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
M.Tech. IDS Lecture by graphic era university
M.Tech. IDS Lecture by graphic era universityM.Tech. IDS Lecture by graphic era university
M.Tech. IDS Lecture by graphic era university
pheonix4
 

More Related Content

What's hot

VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
Bhavin Shah
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
Marcelo Silva
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
Intro to Network Vapt
Intro to Network VaptIntro to Network Vapt
Intro to Network Vapt
Apurv Singh Gautam
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
Nasir Bhutta
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 

What's hot (20)

VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Intro to Network Vapt
Intro to Network VaptIntro to Network Vapt
Intro to Network Vapt
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Penetration Testing Execution Phases
Penetration Testing Execution Phases Penetration Testing Execution Phases
Penetration Testing Execution Phases
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
Application Security
Application SecurityApplication Security
Application Security
 

Similar to Ethical Hacking n VAPT presentation by Suvrat jain

Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
M.Tech. IDS Lecture by graphic era university
M.Tech. IDS Lecture by graphic era universityM.Tech. IDS Lecture by graphic era university
M.Tech. IDS Lecture by graphic era university
pheonix4
 
M.Tech. IDS Lecture-Mid Term.pptx
M.Tech. IDS Lecture-Mid Term.pptxM.Tech. IDS Lecture-Mid Term.pptx
M.Tech. IDS Lecture-Mid Term.pptx
pawandeoli1
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
ZeeshanMajeed15
 
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxMateri Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Bernad Bear
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
miki304759
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
vamshimatangi
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
Q Fadlan
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
Rishabha Garg
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.
Ankur Kumar
 
Network and web security
Network and web securityNetwork and web security
Network and web security
Nitesh Saitwal
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
BugRaptors
 
Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with Fedora
Uditha Bandara Wijerathna
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
penetration Tester
 
Pentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
Pentesting Tools to Find Bugs Before Hackers | CyberPro MagazinePentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
Pentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
cyberprosocial
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guide
Pankaj Dubey
 
Thur Venture
Thur VentureThur Venture
Thur Venture
Sathishkumar Vasudevan
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
Sathishkumar Vasudevan
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
Sathishkumar Vasudevan
 

Similar to Ethical Hacking n VAPT presentation by Suvrat jain (20)

Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
M.Tech. IDS Lecture by graphic era university
M.Tech. IDS Lecture by graphic era universityM.Tech. IDS Lecture by graphic era university
M.Tech. IDS Lecture by graphic era university
 
M.Tech. IDS Lecture-Mid Term.pptx
M.Tech. IDS Lecture-Mid Term.pptxM.Tech. IDS Lecture-Mid Term.pptx
M.Tech. IDS Lecture-Mid Term.pptx
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
 
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxMateri Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with Fedora
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Pentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
Pentesting Tools to Find Bugs Before Hackers | CyberPro MagazinePentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
Pentesting Tools to Find Bugs Before Hackers | CyberPro Magazine
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guide
 
Thur Venture
Thur VentureThur Venture
Thur Venture
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
 

Recently uploaded

220711130083 SUBHASHREE RAKSHIT Internet resources for social science
220711130083 SUBHASHREE RAKSHIT Internet resources for social science220711130083 SUBHASHREE RAKSHIT Internet resources for social science
220711130083 SUBHASHREE RAKSHIT Internet resources for social science
Kalna College
 
IoT (Internet of Things) introduction Notes.pdf
IoT (Internet of Things) introduction Notes.pdfIoT (Internet of Things) introduction Notes.pdf
IoT (Internet of Things) introduction Notes.pdf
roshanranjit222
 
managing Behaviour in early childhood education.pptx
managing Behaviour in early childhood education.pptxmanaging Behaviour in early childhood education.pptx
managing Behaviour in early childhood education.pptx
nabaegha
 
Opportunity scholarships and the schools that receive them
Opportunity scholarships and the schools that receive themOpportunity scholarships and the schools that receive them
Opportunity scholarships and the schools that receive them
EducationNC
 
220711130097 Tulip Samanta Concept of Information and Communication Technology
220711130097 Tulip Samanta Concept of Information and Communication Technology220711130097 Tulip Samanta Concept of Information and Communication Technology
220711130097 Tulip Samanta Concept of Information and Communication Technology
Kalna College
 
220711130100 udita Chakraborty Aims and objectives of national policy on inf...
220711130100 udita Chakraborty Aims and objectives of national policy on inf...220711130100 udita Chakraborty Aims and objectives of national policy on inf...
220711130100 udita Chakraborty Aims and objectives of national policy on inf...
Kalna College
 
Library news letter Kitengesa Uganda June 2024
Library news letter Kitengesa Uganda June 2024Library news letter Kitengesa Uganda June 2024
Library news letter Kitengesa Uganda June 2024
Friends of African Village Libraries
 
The Science of Learning: implications for modern teaching
The Science of Learning: implications for modern teachingThe Science of Learning: implications for modern teaching
The Science of Learning: implications for modern teaching
Derek Wenmoth
 
Diversity Quiz Finals by Quiz Club, IIT Kanpur
Diversity Quiz Finals by Quiz Club, IIT KanpurDiversity Quiz Finals by Quiz Club, IIT Kanpur
Diversity Quiz Finals by Quiz Club, IIT Kanpur
Quiz Club IIT Kanpur
 
Creating Images and Videos through AI.pptx
Creating Images and Videos through AI.pptxCreating Images and Videos through AI.pptx
Creating Images and Videos through AI.pptx
Forum of Blended Learning
 
BỘ BÀI TẬP TEST THEO UNIT - FORM 2025 - TIẾNG ANH 12 GLOBAL SUCCESS - KÌ 1 (B...
BỘ BÀI TẬP TEST THEO UNIT - FORM 2025 - TIẾNG ANH 12 GLOBAL SUCCESS - KÌ 1 (B...BỘ BÀI TẬP TEST THEO UNIT - FORM 2025 - TIẾNG ANH 12 GLOBAL SUCCESS - KÌ 1 (B...
BỘ BÀI TẬP TEST THEO UNIT - FORM 2025 - TIẾNG ANH 12 GLOBAL SUCCESS - KÌ 1 (B...
Nguyen Thanh Tu Collection
 
Art Integrated Project between Maharashtra and Sikkim
Art Integrated Project between Maharashtra and SikkimArt Integrated Project between Maharashtra and Sikkim
Art Integrated Project between Maharashtra and Sikkim
pranavsawarbandhe24
 
Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024
Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024
Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024
yarusun
 
220711130082 Srabanti Bag Internet Resources For Natural Science
220711130082 Srabanti Bag Internet Resources For Natural Science220711130082 Srabanti Bag Internet Resources For Natural Science
220711130082 Srabanti Bag Internet Resources For Natural Science
Kalna College
 
Post init hook in the odoo 17 ERP Module
Post init hook in the odoo 17 ERP ModulePost init hook in the odoo 17 ERP Module
Post init hook in the odoo 17 ERP Module
Celine George
 
How to stay relevant as a cyber professional: Skills, trends and career paths...
How to stay relevant as a cyber professional: Skills, trends and career paths...How to stay relevant as a cyber professional: Skills, trends and career paths...
How to stay relevant as a cyber professional: Skills, trends and career paths...
Infosec
 
Images as attribute values in the Odoo 17
Images as attribute values in the Odoo 17Images as attribute values in the Odoo 17
Images as attribute values in the Odoo 17
Celine George
 
Creativity for Innovation and Speechmaking
Creativity for Innovation and SpeechmakingCreativity for Innovation and Speechmaking
Creativity for Innovation and Speechmaking
MattVassar1
 
pol sci Election and Representation Class 11 Notes.pdf
pol sci Election and Representation Class 11 Notes.pdfpol sci Election and Representation Class 11 Notes.pdf
pol sci Election and Representation Class 11 Notes.pdf
BiplabHalder13
 
A Quiz on Drug Abuse Awareness by Quizzito
A Quiz on Drug Abuse Awareness by QuizzitoA Quiz on Drug Abuse Awareness by Quizzito
A Quiz on Drug Abuse Awareness by Quizzito
Quizzito The Quiz Society of Gargi College
 

Recently uploaded (20)

220711130083 SUBHASHREE RAKSHIT Internet resources for social science
220711130083 SUBHASHREE RAKSHIT Internet resources for social science220711130083 SUBHASHREE RAKSHIT Internet resources for social science
220711130083 SUBHASHREE RAKSHIT Internet resources for social science
 
IoT (Internet of Things) introduction Notes.pdf
IoT (Internet of Things) introduction Notes.pdfIoT (Internet of Things) introduction Notes.pdf
IoT (Internet of Things) introduction Notes.pdf
 
managing Behaviour in early childhood education.pptx
managing Behaviour in early childhood education.pptxmanaging Behaviour in early childhood education.pptx
managing Behaviour in early childhood education.pptx
 
Opportunity scholarships and the schools that receive them
Opportunity scholarships and the schools that receive themOpportunity scholarships and the schools that receive them
Opportunity scholarships and the schools that receive them
 
220711130097 Tulip Samanta Concept of Information and Communication Technology
220711130097 Tulip Samanta Concept of Information and Communication Technology220711130097 Tulip Samanta Concept of Information and Communication Technology
220711130097 Tulip Samanta Concept of Information and Communication Technology
 
220711130100 udita Chakraborty Aims and objectives of national policy on inf...
220711130100 udita Chakraborty Aims and objectives of national policy on inf...220711130100 udita Chakraborty Aims and objectives of national policy on inf...
220711130100 udita Chakraborty Aims and objectives of national policy on inf...
 
Library news letter Kitengesa Uganda June 2024
Library news letter Kitengesa Uganda June 2024Library news letter Kitengesa Uganda June 2024
Library news letter Kitengesa Uganda June 2024
 
The Science of Learning: implications for modern teaching
The Science of Learning: implications for modern teachingThe Science of Learning: implications for modern teaching
The Science of Learning: implications for modern teaching
 
Diversity Quiz Finals by Quiz Club, IIT Kanpur
Diversity Quiz Finals by Quiz Club, IIT KanpurDiversity Quiz Finals by Quiz Club, IIT Kanpur
Diversity Quiz Finals by Quiz Club, IIT Kanpur
 
Creating Images and Videos through AI.pptx
Creating Images and Videos through AI.pptxCreating Images and Videos through AI.pptx
Creating Images and Videos through AI.pptx
 
BỘ BÀI TẬP TEST THEO UNIT - FORM 2025 - TIẾNG ANH 12 GLOBAL SUCCESS - KÌ 1 (B...
BỘ BÀI TẬP TEST THEO UNIT - FORM 2025 - TIẾNG ANH 12 GLOBAL SUCCESS - KÌ 1 (B...BỘ BÀI TẬP TEST THEO UNIT - FORM 2025 - TIẾNG ANH 12 GLOBAL SUCCESS - KÌ 1 (B...
BỘ BÀI TẬP TEST THEO UNIT - FORM 2025 - TIẾNG ANH 12 GLOBAL SUCCESS - KÌ 1 (B...
 
Art Integrated Project between Maharashtra and Sikkim
Art Integrated Project between Maharashtra and SikkimArt Integrated Project between Maharashtra and Sikkim
Art Integrated Project between Maharashtra and Sikkim
 
Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024
Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024
Get Success with the Latest UiPath UIPATH-ADPV1 Exam Dumps (V11.02) 2024
 
220711130082 Srabanti Bag Internet Resources For Natural Science
220711130082 Srabanti Bag Internet Resources For Natural Science220711130082 Srabanti Bag Internet Resources For Natural Science
220711130082 Srabanti Bag Internet Resources For Natural Science
 
Post init hook in the odoo 17 ERP Module
Post init hook in the odoo 17 ERP ModulePost init hook in the odoo 17 ERP Module
Post init hook in the odoo 17 ERP Module
 
How to stay relevant as a cyber professional: Skills, trends and career paths...
How to stay relevant as a cyber professional: Skills, trends and career paths...How to stay relevant as a cyber professional: Skills, trends and career paths...
How to stay relevant as a cyber professional: Skills, trends and career paths...
 
Images as attribute values in the Odoo 17
Images as attribute values in the Odoo 17Images as attribute values in the Odoo 17
Images as attribute values in the Odoo 17
 
Creativity for Innovation and Speechmaking
Creativity for Innovation and SpeechmakingCreativity for Innovation and Speechmaking
Creativity for Innovation and Speechmaking
 
pol sci Election and Representation Class 11 Notes.pdf
pol sci Election and Representation Class 11 Notes.pdfpol sci Election and Representation Class 11 Notes.pdf
pol sci Election and Representation Class 11 Notes.pdf
 
A Quiz on Drug Abuse Awareness by Quizzito
A Quiz on Drug Abuse Awareness by QuizzitoA Quiz on Drug Abuse Awareness by Quizzito
A Quiz on Drug Abuse Awareness by Quizzito
 

Ethical Hacking n VAPT presentation by Suvrat jain

  • 1. ETHICAL HACKING A LICENCE TO HACK Suvrat Jain 11042 CSE, 3rd year
  • 2. What is hacking ? • Computer hacking is when someone modifies computer hardware or software in a way that alters the creator's original intent. What is Ethical Hacking ? • Ethical hacking is when person breaches the security with authorization for the purpose of finding loopholes(security issues).
  • 3. Ty p e s o f h a c ke r s
  • 4. Types of hacker • White Hat Hackers: – who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. • Black Hat Hackers: – A black hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat. • Gray Hat Hackers: – A grey hat, in the hacking community, refers to a skilled hacker whose activities fall somewhere between white and black hat hackers on a variety of spectra
  • 5. What is information security  Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspect ion, recording or destruction.  Term Information Security follows CIA    Confidentiality Integrity Availability
  • 6.  Confidentiality : Assurance that the information is accessible only to those authorized to have access. Confidentiality breaches may occur due to improper data handling or a hacking attempt.  Integrity : The data or resources in term of preventing improper and unauthorized changes. Assurance that Information can be relied upon to be sufficiently accurate for its purpose.  Availability : Assurance that the systems responsible for delivering storing , and processing Information are accessible when required by the authorized users.
  • 7. Essential Terminology's  Threat – An action or event which is a potential challenge to Security.  Vulnerability – It is the existence of a Flaw or Error in the Design of the System which can cause undesired results ranging from Compromise of System Security to Service or System Unavailability.  Attack – An action which attempts to violate or challenge the Integrity or Security of a System.  Exploit – A defined way to breach the security of a System or Product using an identified vulnerability.
  • 8. Identifying Vulnerabilities • Identifying vulnerabilities through a vulnerability appraisal – Determines the current security weaknesses that could expose assets to threats • Two categories of software and hardware tools – Vulnerability scanning – Penetration testing
  • 9. Vulnerability Scanning • Vulnerability scanning is typically used by an organization to identify weaknesses in the system – That need to be addressed in order to increase the level of security • Tools include port scanners, network scanner, protocol analyzers, vulnerability scanners, the Open Vulnerability and Assessment Language, and password crackers
  • 10. IP Addresses and Ports  Internet protocol (IP) addresses  The primary form of address identification on a TCP/IP network  Used to uniquely identify each network device  Port number  TCP/IP uses a numeric value as an identifier to applications and services on the systems  Each datagram (packet) contains not only the source and destination IP addresses  But also the source port and destination port
  • 12. Port Scanners  Port scanner  Sends probes to interesting ports on a target system  Determines the state of a port to know what applications are running and could be exploited  Three port states:  Open, closed, and blocked
  • 13.
  • 14. Network Scanner  Software tools that can identify all the systems connected to a network  Most network mappers utilize the TCP/IP protocol ICMP  Internet Control Message Protocol (ICMP)  Used by PING to identify devices  Less useful for modern versions of Windows
  • 16. Protocol Analyzers • Also called a sniffer – Captures each packet to decode and analyze its contents – Can fully decode application-layer network protocols • Common uses include: – Network troubleshooting – Network traffic characterization – Security analysis
  • 17.
  • 18. Vulnerability Scanners  Products that look for vulnerabilities in networks or systems  Help network administrators find security problems  Most vulnerability scanners maintain a database that categorizes and describes the vulnerabilities that it can detect  Other types of vulnerability scanners combine the features of a port scanner and network mapper
  • 19.
  • 20. Password Crackers  Password  A secret combination of letters and numbers that only the user knows  Because passwords are common yet provide weak security, they are a frequent focus of attacks  Password cracker programs  Use the file of hashed passwords and then attempts to break the hashed passwords offline  The most common offline password cracker programs are based on dictionary attacks or rainbow tables
  • 21.
  • 22. Shadow File  A defense against password cracker programs for UNIX and Linux systems  On a system without a shadow fiile  The passwd file that contains the hashed passwords and other user information is visible to all users  The shadow file can only be accessed at the highest level and contains only the hashed passwords
  • 23. Penetration Testing • Method of evaluating the security of a computer system or network – By simulating a malicious attack instead of just scanning for vulnerabilities – Involves a more active analysis of a system for vulnerabilities • One of the first tools that was widely used for penetration testing as well as by attackers was SATAN
  • 24. SATAN  SATAN could improve the security of a network by performing penetration testing  To determine the strength of the security for the network and what vulnerabilities may still have existed  SATAN would:  Recognize several common networking-related security problems  Report the problems without actually exploiting them  Offer a tutorial that explained the problem, what its impact could be, and how to resolve the problem

Editor's Notes

  1. This template can be used as a starter file for presenting training materials in a group setting.SectionsRight-click on a slide to add sections. Sections can help to organize your slides or facilitate collaboration between multiple authors.NotesUse the Notes section for delivery notes or to provide additional details for the audience. View these notes in Presentation View during your presentation. Keep in mind the font size (important for accessibility, visibility, videotaping, and online production)Coordinated colors Pay particular attention to the graphs, charts, and text boxes.Consider that attendees will print in black and white or grayscale. Run a test print to make sure your colors work when printed in pure black and white and grayscale.Graphics, tables, and graphsKeep it simple: If possible, use consistent, non-distracting styles and colors.Label all graphs and tables.
  翻译: