Nitin Pandey at SUDO CON Colombo Sri Lanka 2019 - PowerPoint PPT Presentation

View by Category
About This Presentation
Title:

Nitin Pandey at SUDO CON Colombo Sri Lanka 2019

Description:

Nitin Pandey at SUDO CON Sri Lanka on topic "The next dimension of Nation Security: Cyber Security" – PowerPoint PPT presentation

Number of Views:0

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Nitin Pandey at SUDO CON Colombo Sri Lanka 2019


1
???????? ???????????
2


WHO AM I
Nitin Pandey
  • A Cyber Security Professional
  • Chairman of National Information Security Council
  • Founder of Hackers Day
  • Chair Member of National Cyber Safety Security
    Standards
  • Technical Head of Digital 4n6 Journal
  • Former Head of DEF CON OWASP Lucknow

3



The Next Dimension Of National Security Cyber
Security
4
CYBER SPACE



5
SOME FACTS!

  • Privacy is a big challenge!
  • WhatsApp Web Case study Husband Wife!
  • Giant companies have Data which is so much
    precious.
  • Over 2 Trillion Searches on Google per year!
  • Do we pay for using services of Google, Facebook
    etc?
  • Then how they earn money? They sell our Data!!
  • Is it legal?
  • 150 Billion emails are being send everyday!
  • Gmail case study Boy emailed his mother!
  • I have broken up with my girlfriend I am very
    depressed
  • --gtKeywords, Filters monitoring!
  • Google is tracking our location which is called
    Big Data Analysis!


6
Introduction to Hacking
Hacking is the art of exploiting computers,
networks, mobile devices etc. to get access to
otherwise unauthorized information. It is done by
identifying weakness in computer systems or
networks to exploit its weaknesses to gain access.
7
Introduction to Ethical Hacking
  • Ethical Hacking is identifying weakness/vulnerabil
    ities in computer systems and/or computer
    networks and coming with countermeasures that
    protect the weaknesses. Ethical hackers must
    abide by the following rules.
  • Get written permission from the owner of the
    computer system authorities and/or computer
    network before hacking.
  • Protect the privacy of the organization been
    hacked.
  • Transparently report all the identified
    weaknesses in the system to the organization.
  • Inform hardware and software vendors of
    the identified weaknesses.

8
Why Ethical Hacking?
  • Information (Data) is one of the most valuable
    assets of an organization. Keeping information
    secure can protect an organizations image and
    help to save a lot of money.
  • Hacking can lead to loss of business for
    organizations that deal in finance such as
    PayPal. Ethical hacking puts them a step ahead of
    the cyber criminals who would otherwise lead to
    loss of business.
  • Whole world is moving into Digital world,
    therefore keeping this digital world safe is very
    important.

9
Types of Hackers
  1. WHITE HAT HACKERS Ethical Hackers are White Hat
    Hackers. They gain access to systems with an
    intention to fix the identified vulnerabilities.
    They may also perform Penetration Testing and
    Vulnerability Assessments (VAPT).
  2. BLACK HAT HACKERS A hacker who gains
    unauthorized access to systems for personal gain.
    The intent is usually to steal sensitive data,
    violate privacy rights, transfer funds from bank
    accounts etc.
  3. GREY HAT HACKERS A hacker who is in between
    ethical and black hat hackers. They break into
    computer systems without authority with a view to
    identify weaknesses and reveal them to the system
    owner or sell them.
  4. HACKTIVIST A hacker who use hacking to send
    social, religious, and political, etc. messages.
    This is usually done by hijacking defacing
    websites and leaving the message on that website.

10
Basics
SERVER A server is a computer that serves many
kinds of information to user or client machines.
Usually a server will only do a few things for
many clients. Every type of thing a server does
is called a service. Services are used by other
computers that are called clients. The
relationship between client and server is called
a client-server relationship. For example,
HackersDay has web servers which have a service
for sending web pages over the Internet. Our
client computer talks to HackersDay's web page
service to get web pages for us.
11
Basics
  • TYPES OF SERVERS
  • Application Server
  • Proxy Server
  • Mail Server
  • Virtual Server
  • File Server

12
Basics
IP ADDRESS The Internet Protocol (IP) is the
method or protocol by which data is sent from one
computer to another on the Internet. Each
computer (known as a host) on the Internet has at
least one IP address that uniquely identifies it
from all other computers on the Internet.
13
IP ADDRESS The Internet Protocol (IP) is being
allotted by an authority named as IANA (Internet
Assigned Numbers Authority) to ISPs. Static
IPs Never changes Dynamic IPs Periodically
changes
14
Case Study on IP Address
  • A terrorist attack was happened in 2008 in Mumbai
    remembered as 26/11.
  • The terrorist organization took the
    responsibility via an Email
  • Police traced the email to know its IP Address
  • Police requested Google to give the information
    of IP Address
  • Google asks time in GMT (Greenwich Mean Time)
  • Our great Investigators gave time in IST (Indian
    Standard Time)
  • They arrested an innocent engineer in Bengaluru.

15
DoS Attack
Denial of Service (DoS) Attack is a malicious
attempt by a person or a group of people to cause
the victim, site or node to deny service to its
customers. DoS when a single host attacks DDoS
when multiple hosts attack simultaneously Purpose
Purpose is to shutdown a site. Purpose may be
extortion, demand of ransom or social action
including terrorism. Revenge/Hacktivism or Just
for fun!
16
History
  • Morris Worm (Nov 2, 1988)
  • First Denial of Service (DoS) Attack to cripple
    large amount of network infrastructure.
  • It took around 3 days to come under control.
  • Ultimately infected around 10 of Internet
    Computers.

17
Denial of Service Attack
18
Distributed Denial of Service (DDoS) Attack
A distributed denial-of-service (DDoS) attack is
an attack in which multiple computer systems
attack a target, such as a server, website or
other network resource, and cause a denial of
service for users of the targeted resource.
19
Distributed Denial of Service (DDoS) Attack
20
DDoS Attack Demo using HOIC
As you can see, DDoS Attack is running on
targeted website.
21
DDoS Attack Demo using HOIC
Now you can see the targeted website is down
because of DDoS Attack.
22
Precautions to prevent DDos attack
  • Use CloudFlare
  • Use a good Firewall
  • Always upgrade your servers operating system
  • Upgrade the firmware of routers similar devices
  • Update programs used on server
  • Monitor your Network traffic continuously
  • Identify the Attackers IP address block it

23
Mobile Hacking Security
MOBILE TECHNOLOGY Mobile Technology is a
technology used for cellular communication.
24
Mobile Hacking Security
  • MOBILE TECHNOLOGY
  • Who are the top contenders in the global mobile
    OS market?
  • Android 84.1
  • IOS - 14.8
  • Microsoft 0.7
  • RIM 0.2
  • (Statistics source statista.com)
  • According to Google, over 1.4 billion people
    across the globe are using Android devices.

25
Mobile Hacking Security
  • APK
  • Android Application Package File (APK) is the
    file format used to distribute install
    application software onto Googles Android OS.
  • An APK file contains all of that programs code
    (such as .dex files), resources, assets,
    certificates etc.
  • APK files are ZIP file formatted packages based
    on the JAR file format, with .apk file
    extensions.

26
Mobile Hacking Security
  • APK

27
Mobile Hacking Security
  • Mobile Hacking Tools
  • cSpoit
  • Hackode
  • zANTI
  • AndroRAT
  • FaceNiff
  • Shark for Root
  • Droidsheep
  • DroidBox
  • Nmap
  • xNore

28
Unwanted Permissions Data Privacy
29
Mobile Hacking Security
30
What can we do to protect ourselves?
  • Keep your OS up to date
  • Keep your Applications up to date
  • Never install untrusted apps
  • Always lock your phone with a strong Password/Pin
  • Never give your phone to untrusted person
  • Do not root your phone
  • Turn off external communication when not in use
    ex Bluetooth, Hotspot
  • Make sure Verify Apps option is turned-on
  • Do not allow USB Debugging unless needed
  • Keep an eye on Permissions apps are asking for
  • Install Antivirus
  • Backup your Data

31
SOCIAL ENGINEERING Art of Human Hacking
We Humans are the most vulnerable thing in
this world. We trust easily, we make friends
easily, we share our Information publicly. By
doing this, we allow Social Engineers to exploit
our Brains vulnerability Social Engineering is
the art of manipulating people to gain their
confidential information. Phishing is the most
common type of Social Engineering.
32
PHISHING
Phishing is the Most Effective attack, even
Today! Phishing is a type of social engineering
attack often used to steal user data, including
usernames, passwords and credit/debit card
details. It occurs when an attacker, pretends as
a trusted entity, dupes a victim into opening a
link, email, instant message, app or text
message.
33
PHISHING
  • Common misconceptions are
  • I have Nextgen firewall
  • My content gateway is good
  • Our e-mail protection will take care of it
  • Endpoint will make sure, phish does not cause
    damage.

34
PHISHING
  • The fact is
  • Despite all protection, phish mails get through
  • Most people still can not recognize sophisticated
    phish
  • Employees have a tendency of clicking on urgent
    stuff
  • Phishing is still one of the most successful
    attack vector

35
PHISHING
36
PHISHING
Fake Login Page
37
PHISHING
Fake Login Page DEMO
38
PHISHING
Source Codes
39
CLICKJACKING
Clickjacking (classified as a User Interface
redress attack or UI redressing) is a malicious
technique of tricking a user into clicking on
something different from what the user perceives,
thus potentially revealing confidential
information or allowing others to take control of
their computer while clicking on seemingly
innocuous objects, including web pages. A
clickjack takes the form of embedded code or a
script that can execute without the user's
knowledge, such as clicking on a button that
appears to perform another function.
40
CLICKJACKING ATTACK EXAMPLE
  • The attacker creates an attractive page which
    promises to give the user a free trip to England.
  • In the background the attacker checks if the user
    is logged into his banking site and if so, loads
    the screen that enables transfer of funds, using
    query parameters to insert the attackers bank
    details into the form.
  • The bank transfer page is displayed in an
    invisible iframe above the free gift page, with
    the Confirm Transfer button exactly aligned
    over the Receive Gift button visible to the
    user.
  • The user visits the page and clicks the Book My
    Free Trip button.
  • In reality the user is clicking on the invisible
    iframe, and has clicked the Confirm Transfer
    button. Funds are transferred to the attacker.
  • The user is redirected to a page with information
    about the free gift (not knowing what happened in
    the background).

41
CLICKJACKING
42
CLICKJACKING TEST- Is your site vulnerable?
  • A basic way to test if your site is vulnerable to
    Clickjacking is to create an HTML page and
    attempt to include a sensitive page from your
    website in an iframe.
  • View the HTML page in a browser and evaluate the
    page as follows
  • If the text Website is vulnerable to
    clickjacking appears and below it you see the
    content of your sensitive page, the page is
    vulnerable to clickjacking.
  • If only the text Website is vulnerable to
    clickjacking appears, and you do not see the
    content of your sensitive page, the page is not
    vulnerable to the simplest form of clickjacking.

43
SOCIAL ENGINEERING SPAMMING/SPOOFING
Spamming is when one person or company sends an
unwanted email to another person. Spam emails are
the computer version of unwanted "junk mail" that
arrives in a mailbox, such as advertising
pamphlets and brochures. But Attackers use
spamming as a strong weapon against victims by
sending fake emails (Email Spoofing) which could
be a phishing site, CSRF Form, Cookie stealing
etc.
44
EMAIL SPOOFING EXAMPLE
Fake Email
45
EMAIL SPOOFING EXAMPLE
Fake Email Received
46
PROXY SERVERS
A proxy server, also known as a "proxy" or
"application-level gateway", is a computer that
acts as a gateway between a local network (e.g.,
all the computers at one company or in one
building) and a larger-scale network such as the
internet. Proxy servers provide increased
performance and security. Public Proxy Servers
helps you to protect your identity and bypass
surfing restrictions. It can be used for
Anonymous Surfing.
47
How Proxy Servers Work?
48
VIRTUAL PRIVATE NETWORK (VPN)
A virtual private network (VPN) is a technology
that creates a safe and encrypted connection over
a less secure network, such as the internet.
Virtual Private Networks, like proxies, make your
traffic appear as if it comes from a remote IP
address. But thats where the similarities end.
VPNs are set up at the operating system level,
and the VPN connection captures the entire
network connection of the device it is configured
on. This means that unlike a proxy server, which
simply acts as a man-in-the-middle server for a
single application (like your web browser or
BitTorrent client). Where proxies only secure
your web browser, VPNs secure and encrypt your
entire online network.
49
How VPN Works?
50
WORLD WIDE WEB
The World Wide Web (WWW), also called the Web, is
an information space where documents and other
web resources are identified by Uniform Resource
Locators (URLs), interlinked by hypertext links,
and accessible via the Internet.
51
TYPES OF WEB
  • SURFACE WEB
  • DEEP WEB
  • DARK WEB
  • (Anonymous)

52
SURFACE WEB
The Surface Web (also called the Visible Web,
Indexed Web, Indexable Web or Lightnet) is the
portion of the World Wide Web that is readily
available to the general public and searchable
with standard web search engines.
53
DEEP WEB
The deep web, invisible web, or hidden web are
parts of the World Wide Web whose contents are
not indexed by standard web search engines for
any reason. The content of the deep web is hidden
behind HTTP forms, and includes many very common
uses such as web mail, online banking, etc.
Content of the deep web can be located and
accessed by a direct URL or IP address.
54
DARK WEB (Anonymous)
The dark web is the World Wide Web content that
exists on darknets, overlay networks that use the
Internet but require specific software,
configurations or authorization to access.
Darknet websites are accessible only through
networks such as Tor ("The Onion Routing"
project) and I2P ("Invisible Internet Project").
Tor browser and Tor-accessible sites are widely
used among the darknet users and can be
identified by the domain ".onion".
55
TOR
Tor is free software and an open network for
enabling anonymous communication. Tor was
originally called "The Onion Router" because it
uses a technique called onion routing to conceal
information about user activity. TOR Browser is
mainly used to access Dark Web.
56
CASE STUDY Disclaimer DO NOT ENTER INTO DARK WEB
WITHOUT HAVING GOOD KNOWLEDGE OF IT IT COULD PUT
YOU IN TROUBLE
AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK
  • Google or YouTube Christchurch Mosque Attack
    Full Video
  • Look at Search Results
  • You wont find the video of the Attack (except
    some clips) because it has been removed from
    Surface Web.

57
CASE STUDY
58
CASE STUDY
AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK
Now I will open Tor Browser and enter this url
http//hss3uro2hsxfogfq.onion/ (not Evil)
59
CASE STUDY
AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK
60
CASE STUDY
AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK
61
CASE STUDY
AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK
62
CASE STUDY
AL NOOR MOSQUE CHRISTCHURCH NZ ATTACK
63
RED ROOM DEEP WEB Disclaimer
I do not encourage accessing the Red room in any
way. Its just an educational guide to enlighten
you on the facts about the Red room.
64
RED ROOM DEEP WEB
Red Room is such type sites which deliver
streaming live shows, these live shows have mind
disturbing contents like as previously define
Murder, rape, tortures, snuff and so on, here
site admin sale shows access in very high Bitcoin
price. These access plans have specific on demand
features, like as client can request for any type
actions like slapping, killing, fighting, cutting
any body part or anything else.
65
RED ROOM DEEP WEB
66
PASSWORD ATTACKS
  • What is Password?
  • String of characters for authentication and log
    on computer, web application, software, files,
    mobile phones etc.
  • Password Cracking Concept
  • Guessing or recovering a password
  • Unauthorized access
  • To recover a forgotten password

67
TYPES OF PASSWORD ATTACKS
  • Dictionary Attack
  • Brute Force Attack
  • Keylogger Attack
  • Phishing
  • Password Guessing
  • Rainbow Table Attack

68
GUESSING TECHNIQUE
In this attack, attacker guesses all the possible
passwords of the victim such as victims DOB,
Mobile number, Fav. Celebritys name, default
login credentials such as (usernameadmin
passwordpassword), qwerty, 123456 etc. Almost
65 passwords all around the globe are easy to
guess because they are very simple common
passwords.
69
PHISHING TECHNIQUE
In this attack, attacker tries to manipulate
victim to browse his malicious link which looks
like original. Once the victim enters his/her
login credentials and pressed Enter or Login, the
malicious script will capture his/her username
password send it to attackers server in plain
text format.
70
DICTIONARY ATTACKS
Dictionary attacks work on the assumption that
most passwords consist of whole words, dates, or
numbers taken from a dictionary. Dictionary
attack tools require a dictionary input list.
71
BRUTE FORCE ATTACK
A brute-force attack consists of an attacker
submitting many passwords or passphrases with the
hope of eventually guessing correctly. The
attacker systematically checks all possible
passwords and passphrases until the correct one
is found.
72
RAINBOW TABLE ATTACK
A rainbow table attack is a type of hacking
wherein the attacker tries to use a rainbow hash
table to crack the passwords stored in a database
system. A rainbow table is a hash function used
in cryptography for storing important data such
as passwords in a database.
73
DEMO Using Cain Abel
  • Dictionary attack using MD5 (Message-Digest
    algorithm) hashes
  • Brute force attack using MD5 hashes
  • Windows Password using NTLM (NT LAN Manager)
    hashes

74
WEB APPLICATION PENETRATION TESTING
Web application security is a branch of
information security that deals specifically with
security of websites, web applications and web
services. At a high level, web application
security draws on the principles of application
security but applies them specifically to
internet and web systems.
  • VISIT www.owasp.org and learn OWASP TOP 10.
  • OWASP Testing Guide
  • Tools for Practice such as DVWA
  • Bug Hunting

75
OWASP TOP 10
76
Most common Web App Vulnerabilities
  • Command Injection An attack in which the goal is
    execution of arbitrary commands on the host OS
    via a vulnerable application.
  • SQLi (Structured Query Language Injection) An
    injection attack wherein an attacker can execute
    malicious SQL statements (also commonly referred
    to as a malicious payload) that control a web
    application's database server.
  • CSRF (Cross-Site Request Forgery) An attack that
    forces an end user to execute unwanted actions on
    a web app in which they're currently
    authenticated.
  • XSS Cross Site Scripting is a type of computer
    security vulnerability typically found in web
    apps. It enables attackers to inject client-side
    scripts into web pages viewed by other users. A
    XSS vulnerability may be used by attackers to
    bypass access controls such as the same-origin
    policy.
  • XSS reflected It involves the reflecting of a
    malicious script off of a web app, onto a users
    browser. The script is embedded into a link, and
    is only activated once that link is clicked on.
  • XSS stored It is also known as persistent XSS,
    is the more damaging of the two. It occurs when a
    malicious script is injected directly into a
    vulnerable web application.

77
Web App Pentesting using DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web
application that is damn vulnerable. Its main
goals are to be an aid for security professionals
to test their skills and tools in a legal
environment, help web developers better
understand the processes of securing web
applications and aid teachers/students to
teach/learn web application security in a class
room environment.
78
Install XAMPP Server
XAMPP is a free open-source cross-platform web
server solution stack package developed by Apache
Friends, consisting mainly of the Apache HTTP
Server, MariaDB database, and interpreters for
scripts written in the PHP and Perl programming
languages.
79
DEMO
  • Command Injection
  • SQLi
  • CSRF
  • XSS reflected
  • XSS stored

80
WEB APP SEC BUG BOUNTY
  • STEP 1) Start Reading OWASP TOP 10, OWASP Testing
    Guide v4!
  • STEP 2) Practice what you are learning!
  • STEP 3) Read technical write-ups POCs from
    other hunters watch tutorials on YouTube!
  • STEP 4) Join bug bounty communities!
  • STEP 5) Start reporting bugs!
  • STEP 6) Keep trying harder!

81
BUG BOUNTY PLATFORMS
  1. Bugcrowd
  2. Synack
  3. Intigriti
  4. HackerOne
  5. HackTrophy
  6. PlugBounty
  7. HackenProof
  8. Bounty Factory
  9. BountyGraph
  10. Open Bug Bounty

82
MALWARE
  • MALWARE Malware, or malicious software, is any
    program or file that is harmful to a computer
    user. Malware includes computer viruses, worms,
    Trojan horses and spyware.
  • VIRUS A computer virus is a type of malicious
    software that, when executed, replicates itself
    by modifying other computer programs and
    inserting its own code.
  • WORM A computer worm is a standalone malware
    computer program that replicates itself in order
    to spread to other computers.
  • TROJAN A Trojan horse or Trojan is a type of
    malware that is often disguised as legitimate
    software. Trojans can be employed by
    cyber-thieves and hackers trying to gain access
    to users' systems. Users are typically tricked by
    some form of social engineering into loading and
    executing Trojans on their systems.

83
SAUDI ARABIA SUFFERED One of WORLDS BIGGEST
CYBER ATTACK IN 2012
  • The Shamoon virus operates like a time bomb. It
    was used in the huge cyberattack in August 2012
    on Saudi Aramco, the world's biggest oil company.
  • Within a matter of hours, 35,000 computers were
    partially wiped or totally destroyed in that
    attack. It forced one of the most valuable
    companies on earth back into 1970s technology,
    using typewriters and faxes.
  • Not just once but Shamoon came back again in
    November 2016 as Shamoon 2. Impact was similar.
    Then 3rd wave of attack happened in January 2017
    of Shamoon 2 Virus.

84
(No Transcript)
85
What is Ransomware?
It is a type of malicious software that threatens
to publish the victim's data or block access to
it unless a ransom is paid. A more advanced
malware uses a technique called cryptoviral
extortion, in which it encrypts the victim's
files, making them inaccessible, and demands a
ransom payment to decrypt them.
Expose Data Threatens to publish the Sensitive
Data online.
Block Access to Data Prevents the user from
accessing the Data Stored.
Demand Ransom Compels the user to pay ransom to
retrieve the Data.
86
Mode of Infection How does your system get
infected?
Ransomware kits on the deep web have allowed
cybercriminals even with no technical background
to purchase inexpensive Ransomware programs and
launch attacks with very little effort. Attackers
may use one of several different approaches to
extort digital currency from their victims.
87
Why do they target Businesses?
88
Because thats where the money is Careless on
Security and Face the Facts!
  • Because a successful infection can cause major
    business disruptions, which will increase their
    chances of getting paid.
  • Because small businesses are often unprepared to
    deal with cyber attacks.

High Chance Chances of getting paid is high
?
?
No report and Fear Damage Businesses would rather
not report an infection for fear or legal
consequences and brand damage

Higher Complexity Higher Vulnerability Computer
systems in companies are often complex and prone
to vulnerabilities
89
Cases of Ransomware Around the World
90
R
Ukrainian Central Bank
91
WannaCry Ransomware
92
(No Transcript)
93
What is wannacry ransomware?
  • A tool first uncovered by NSA (National Security
    Agency) and then released by hackers on the
    internet became one of the most prolific cyber
    attacks ever happened around the globe.
  • WannaCry Ransomware Cryptoworm, which targeted
    systems by encrypting data and demand ransom in
    the Bitcoin.
  • More than 2.5 lac computers in 150 countries
    have been affected, with victims including
    hospitals, banks, telecommunications companies
    and warehouses
  • A Kill Switch" was found and could be used to
    shut down the software.
  • Russia was the most affected Nation. More than
    1000 computers at the Russian Interior Ministry
    got affected by WannaCry. A telecom giant Megafon
    had also been targeted in Russia.

94
KASPERSKY LAB Report
95
Not-Petya Ransomware
96
(No Transcript)
97
Not-Petya ransomware
  • Many organizations in Europe and the US have been
    crippled by Petya attack.
  • Its the second major global ransomware attack in
    the past six months.
  • Petya checks for a read-only file and if it
    finds it, it wont run the encryption.
  • Majority of infections have occurred in Ukraine
    and Russia, but some big names in the West have
    also suffered.
  • The attack appears to have been seeded through a
    software update mechanism built into an
    accounting program that companies working with
    the Ukrainian government need to use.

98
(No Transcript)
99
Locky Ransomware
100
(No Transcript)
101
Bad Rabbit Ransomware
102
(No Transcript)
103
QUESTION RAISED!
104
  • If National Security Agency (NSA) is incapable
    to secure its tools then why do they make such
    dangerous tools which could make the whole world
    in trouble. Their tools are getting leaked one by
    one, still why they are incapable to secure them?

105
CYBER EXTORTION
  • Cyber extortion is a crime involving an attack,
    threat of attack, blackmailing coupled with a
    demand for money to stop the attack or for
    various reasons in other cases. It can take many
    forms. Originally, denial of service (DoS)
    attacks against corporate websites were the most
    common method of cyber extortion. But nowadays
    cyber criminals are using so many tactics. For
    example they may use Ransomware" to encrypt your
    data, which means you can't read your data
    without the encryption key and the
    cybercriminal will ask you to pay a ransom to get
    decryption key in form of Digital currency
    (Bitcoins).

106
METHODS USED FOR CYBER EXTORTION
107
VAPT
  • VAPT is a step by step process. Vulnerability
    Assessment is the process of scanning the system
    or software or a network to find out the weakness
    loophole in that. Penetration Testing is the
    process of launching real world, secure attacks
    on systems help to identify the extent of
    exposures without causing any harm to existing
    data systems.
  • VAPT PROCESS
  • FOOTPRINTING INFORMATION GATHERING
  • (Whois lookup, Extracting info from DNS, e-mail
    servers, Social Engineering)
  • SCANNING
  • (Pings, Port Scanning, Vuln. Scanning)
  • EXPLOITATION
  • (Metasploit, Password Cracking, Sniffing network
    traffic, Interrogating web serversNIKTO,
    Spidering targets website)
  • MAINTAINING ACCESS
  • (Netcat, Netbus, Rootkits)

108
PHASE 1 FOOTPRINTING INFORMATION GATHERING
  • Footprinting Information Gathering refers to
    uncovering collecting as much Info as possible
    about the target network.

109
FOOTPRINTING INFO GATHERING METHODOLOGY
  • Searching for the target company in a search
    engine such as Google.

110
FOOTPRINTING INFORMATION GATHERING
  • Locating Internal URLs
  • Internal URLs provide an insight into different
    departments business units in an organization.
  • You may find an internal companys URL
  • Tools to search internal URLs
  • Google Dork
  • https//news.netcraft.com
  • https//www.webmaster-a.com/link-extractor-interna
    l.php

111
FOOTPRINTING INFORMATION GATHERING

112
FOOTPRINTING INFORMATION GATHERING

113
  • Mirroring Entire Website
  • Web mirroring tools allows us to download a
    website to a local directory, building
    recursively all directories, html files, images,
    videos other files from server to our computer.

FOOTPRINTING INFORMATION GATHERING
114
  • Scanning refers to a set of procedures for
    identifying hosts, ports services in a network.
  • Scanning is one of the components of intelligence
    gathering for an attacker to create a profile of
    the target organization.

PHASE 2 SCANNING
115
TYPES OF SCANNING
116
Nmap
  • Nmap is a free open source tool for network
    exploration.
  • It is designed to rapidly scan large networks.

117
Nmap Scan Options
118
Nessus
  • Nessus is a client server-based, open source
    vulnerability scanner.
  • It will scan a target computer for open ports
    known vulnerabilities report any found issues.

119
PHASE 3 GAINING ACCESS
  • Gaining access refers to penetration phase. The
    attacker exploits the vulnerability in the
    system.
  • The exploit can occur over a LAN, the internet,
    or as a deception, or theft. Examples include
    Buffer Overflow, DoS, Session hijacking
    Password cracking.
  • The attacker can gain access at the operating
    system level, application level or network level.

120
PHASE 4 MAINTAINING ACCESS
  • Maintaining access refers to the phase when the
    attacker tries to retain his/her ownership of the
    system.
  • The attacker has compromised the system.
  • Attacker may harden the system from other hackers
    as well by securing their exclusive access with
    Backdoors, RootKits or Trojans.
  • Attacker may upload, download or manipulate data,
    applications and configurations on the owned
    system.

121
PHASE 5 COVERING TRACKS
  • Covering tracks refer to the activities that the
    attacker does to hide his misdeeds.
  • Reasons include the need for prolonged stay,
    continued use of resources, removing evidence of
    hacking or avoiding legal actions.
  • Examples include altering the log files.

122
  • GOALS

123
SYSTEM HACKING METHODOLOGY
124
TO LEARN MORE
PLEASE DONT HACK ME!! VISIT THIS
SITE https//please.dont-hack.me/books/hacking/
125
INDIA LOVE SRI LANKA
126
THANK YOU !
NITIN PANDEY Contact 91 8922929191 Email
initinpandey_at_gmail.com Facebook
facebook.com/initinpandey LinkedIn
linkedin.com/in/initinpandey1 Twitter
_at_initinpandey
About PowerShow.com