CCSA#1

Introduction to Cyber-Security & Ethical-Hacking

Disclaimer:

Usage of these information/Data/Tools/Techniques for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. The Computer Joker/Instructor/Owner assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purpose. The Computer Joker/Instructor do not support/promote hacking. For more details, head to our t&c page.

Cybersecurity?

Cybersecurity (IT security) is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.

Why Security is important?

Cyberattacks are getting more common --> A report shows that attacker attacks a computer in US every 39 seconds

The rapid changes in technology will leave so many loophole. --> An advent of modern technology such as 5G, IoT, Cloud Computing

Damage to business --Yahoo, the web giant that suffered a breach affecting every one of its 3 billion customer accounts. Direct costs of the hack ran to around $350 Million.

Cybersecurity threats faced by individuals --› Not only do nations and businesses face threats from the actions and intentions of hackers, but individuals face many risks as well. Identity theft is a huge issue, where hackers steal an individual’s personal information and sell it for profit. 

elements of Cybersecurity

Confidentiality

Assurance that the information is accessible to only who have authorized access

Integrity

Assurance of data or a resource has not underwent by improper and unauthorized modification

Availability

Assurance that the systems are accessible when required by authorized user

Authenticity

Assurance of original or quality of being genuine

Non-repudiation

Assurance that sender and receiver cannot deny of message/data transferred

some cybersecurity stats

Cybercrime rose up to 600% in Covid19 pandemic

Total number of malware infections in 2018 is 812.67 millions

98% of mobile malware target android devices

98% of cyberattacks rely on social engineering

Ransomware attacks worldwide rose 350% in 2018

$3.9 million is the average cost of a data breach.

The average cost per record stolen is $150.

Hackers attack every 29 seconds, on average 2244 times a day

Data braches exposed 4.1 billion records in first half of 2019

94% malwares delivered by emails

By 2021, there will be 3.5 million unfilled cybersecurity jobs globally

MOtive behind cyberattacks

Hacktivism

Hacktivism (a portmanteau of hack and activism) is the use of computers and computer networks to promote political ends, chiefly free speech, human rights, and information ethics.

Cyber warfare

U.S. government security expert Richard A. Clarke, in his book Cyber War (May 2010), defines “Cyber Warfare" as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption."

Cyber espionage

Cyber espionage is the act or practice of obtaining secrets (sensitive, proprietary or classified information) from individuals, competitors, rivals, groups, governments and enemies also for military, political, or economic advantage using illegal exploitation methods on internet, networks, software and or computers.

Cybercrime

Cybercrime is illegal action performed with the help of and/or over a network or the Internet.

Top 10 cyberattacks

1. DOS & DDOS attacks

2. Man in the middle attack

3. Phishing attack – Social Engineering

4. Drive-by attack

5. Password attack

6. SQL injection attack

7. Cross site scripting attack

8. Eavesdropping attack

9. Birthday attack

10. Malware attack

what is hacking?

“Any unauthorized access to control over a computer or network” can be referred as Hacking.

Hacking refers to activities/attempt to exploit a computer system, smart phones, tablets and even network for malicious purposes.

Hacker.

A security hacker is someone who explores techniques for breaching/bypassing defences and exploiting weaknesses in a computer system or network to take control over it and use it for malicious intents.

what is ethical hacking?

Ethical hacking is a organized manner of hacking performed by professionals to identify any security vulnerabilities in a system or network, using tools and methods with organization’s knowledge and permission.

Ethical hacking is also known as Penetration Testing

Ethical Hacker

The term Ethical hacker refers to a computer security expert, who specializes in vulnerability assessment, penetration testing and in other testing methodologies that ensures the security of an organization's information systems by finding security weaknesses and eliminating them.

White hat hackers are called ethical hackers.

types of hackers

White Hat  --> They are ethical hackers who use their knowledge and skills to find a security vulnerability in system/application or network and help eliminating them, in order to improve the overall security of the organization.

They are good hackers. Just like me :)

Black Hat --> They use their skill set to violate computer security for malicious activities such as online robbery, taking revenge and other personal gain.

Grey Hat --> They may sometimes violate laws or typical ethical standards but does not have any malicious intents

Red Hat --> Red hat hackers are again a blend of both black hat and white hat hackers. They are usually on the level of hacking government agencies, top-secret information hubs, and generally anything that falls under the category of sensitive information.

Blue Hat --> A blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch.

Elite --> This is a social status among hackers, which is used to describe the most skilled. Newly discovered exploits will circulate among these hackers.

Script kiddie --> A script kiddie is a non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding of the underlying concept, hence the term Kiddie.

Neophyte --> A neophyte, "n00b", or "newbie" or "Green Hat Hacker" is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology and hacking.

Hacktivists -->A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial-of-service attacks.

phases of hacking

1.I nformation gathering/ Reconnaissance

2. Scanning

3. Gaining access

4. Maintaining access

5. Clearing logs

phases of hacking 1 : Information gathering

This is primary and foremost important phase of Hacking.

Information gathering refers to a pre-launching phase where an attacker tries to find/gather as much as information about the target.

The more information about the target, the more easy to determine the ease of access.

Recon may include the target organization’s online assets such as computer, mobile, printer or network, physical assets and people connected with it

There are two types of Recon:

Active - Eg. You call on help desk to know about their services

Passive – Eg. You search public records

Information includes IP address, technology behind it, DNS, directories, mail server address & etc.

phases of hacking 2: Scanning

Scanning is a pre-attack phase

Scanning refers when the attacker scans the digital assets of target such as network or system for specific information on the basis of information gathered in previous phase

Scanning is performed using network mapper, port scanners and vulnerability scanner.

In this phase attacker determines what services are running, what ports are open, firewall detection, Operating system detection, device type & etc.

phases of hacking 3: gaining access

The Hacking starts here!!!

The attacker analyze of all the information and designs a blue print of the target network

In this phase, attacker attempts to enter into the target system based on the vulnerability found in the scanning phase.

Gaining access refer to a point where the attacker get the access of the application or operating system on the system or network.

Eg. Password cracking, buffer overflow & etc.

phases of hacking 4: maintaining access

Maintaining access is a phase where an attacker tries to retain his/her ownership of the system

After gaining access, attacker tries to get into the root/admin accounts and uploads a malware(backdoor/rootkit/Trojan) in the system/network to ensure the continues access of the system.

Attacker may use compromised system to launch further attacks

phases of hacking 4: Clearing logs

Clearing logs refers to activities performed by attacker to hide unauthorized actions

To avoid getting caught or traced, attacker clears all the logs and evidences related to his/her impression

Attacker then overwrite the application, system or server logs to avoid detection

That's all for this module!

Click below to get to the Next Module - Basics of Computer Network

“When we lose our principles, we invite chaos”

-IRVING <Mr. Robot>

Disclaimer:

Usage of these information/Data/Tools/Techniques for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. The Computer Joker/Instructor/Owner assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purpose. The Computer Joker/owner/Instructor do not support/promote hacking. For more details, head to our t&c page.

want a training?

Please contact us by filling the form on the right side for:

--> Live One to One Training

--> Course materials (pdf, tools & videos)

--> For any queries/feedback & suggestions.

Social

Contact

hi@thecomputerjoker.com

© copyrighted 2021. All Rights Reserved.