Table of Contents
Introduction to Ethical Hacking
What is Hacking?
Ethical Hacking is the protection of interconnected systems, including hardware, software, and data, from cyberattacks.
What are the types of Hackers?
1: White Hat Hacker
2: Black Hat Hacker
3: Grey Hat Hacker
What are the Computer Security Threats?
1: Computer virus.
2: Computer Worm.
3: Scareware.
4: Key logger.
5: Adware.
6: Malware.
7: Backdoor.
8: Trojan.
9: Ransomware.
10: Spyware.
Goals of Ethical Hacking:
1: Protect the privacy of an Organization.
2: Transparently report all the identified bugs, weaknesses, and vulnerabilities to the Organization.
3: Inform the vendors about the security measures for the patches.
Skills required by Ethical Hacking:
1: Operating Systems.
2: Networking.
3: Programming Languages.
Process of Ethical Hacking:
1: Reconnaissance.
2: Scanning.
3: Gaining Access.
4: Maintaining Access.
5: Clearing Tracks.
6: Reporting.
Web Application Domain: Common Attacks
1: Injection Flaws, e.g., SQL injection, HTML injection, etc.
2: Cross-Site Scripting E.g., Reflected, Stored, etc.
3: Web Services Attacks, e.g,. DNS Cache Poising, File uploads, etc.
Types of Android Attacks:
1: Untrusted APKs
2: SMS
3: Email
4: Spying
5: App sandboxing
6: Rooting
Network Application Domain
A network is an attempt to gain unauthorized access to an organization’s network, to steal data, or perform other malicious activity.
There are two main types of network attacks:
Passive Attack: Attackers gain access to a network and can monitor or steal sensitive information, but without making any changes to data, leaving it intact.
Active Attack: Attackers not only gain unauthorized access but also modify data, either deleting, encrypting, or otherwise harming it.
Network Application Domain: Types of Network Attacks
Endpoint attacks: gaining unauthorized access to user devices, servers, or other endpoints, typically compromising them by infecting them with malware.
Malware attacks: infecting IT resources with malware, allowing attackers to compromise systems, steal data, and cause damage. These also include ransomware attacks.
Vulnerabilities, exploits, and attacks: exploiting vulnerabilities in software used in the organization to gain unauthorized access, compromise, or sabotage systems.
Advanced persistent threats: These are complex, multi-layered threats, which include network attacks but also other attack types.
Network Application Domain: Examples
The WannaCry ransomware attack was a May 2017 worldwide cyberattack by the WannaCry ransomware cyrptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
