Introduction to Ethical Hacking
What is Hacking?
Ethical Hacking is the protection of interconnected systems, including hardware, software, and data, from cyberattacks.
What are the types of Hackers?
1: White Hat Hacker
2: Black Hat Hacker
3: Grey Hat Hacker
What are the Computer Security Threats?
1: Computer virus.
2: Computer Worm.
3: Scareware.
4: Key logger.
5: Adware.
6: Malware.
7: Backdoor.
8: Trojan.
9: Ransomware.
10: Spyware.
Goals of Ethical Hacking:
1: Protect the privacy of an Organization.
2: Transparently report all the identified bugs, weaknesses, and vulnerabilities to the Organization.
3: Inform the vendors about the security measures for the patches.
Skills required by Ethical Hacking:
1: Operating Systems.
2: Networking.
3: Programming Languages.
Process of Ethical Hacking:
1: Reconnaissance.
2: Scanning.
3: Gaining Access.
4: Maintaining Access.
5: Clearing Tracks.
6: Reporting.
Web Application Domain: Common Attacks
1: Injection Flaws, e.g., SQL injection, HTML injection, etc.
2: Cross-Site Scripting E.g., Reflected, Stored, etc.
3: Web Services Attacks, e.g,. DNS Cache Poising, File uploads, etc.
Types of Android Attacks:
1: Untrusted APKs
2: SMS
3: Email
4: Spying
5: App sandboxing
6: Rooting
Network Application Domain
A network is an attempt to gain unauthorized access to an organization’s network, to steal data, or perform other malicious activity.
There are two main types of network attacks:
Passive Attack: Attackers gain access to a network and can monitor or steal sensitive information, but without making any changes to data, leaving it intact.
Active Attack: Attackers not only gain unauthorized access but also modify data, either deleting, encrypting, or otherwise harming it.
Network Application Domain: Types of Network Attacks
Endpoint attacks: gaining unauthorized access to user devices, servers, or other endpoints, typically compromising them by infecting them with malware.
Malware attacks: infecting IT resources with malware, allowing attackers to compromise systems, steal data, and cause damage. These also include ransomware attacks.
Vulnerabilities, exploits, and attacks: exploiting vulnerabilities in software used in the organization to gain unauthorized access, compromise, or sabotage systems.
Advanced persistent threats: These are complex, multi-layered threats, which include network attacks but also other attack types.
Network Application Domain: Examples
The WannaCry ransomware attack was a May 2017 worldwide cyberattack by the WannaCry ransomware cyrptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
