Professional Documents
Culture Documents
Ethical Hackers in Demand
Ethical Hackers in Demand
WHAT IS HACKING?
Threat,
Vulnerability
Attack
Exploit
Target of Evaluation
THREAT
Lack of countermeasure
ATTACK
Inside attacks,
Outside attacks.
INSIDE ATTACK
Reconnaissance
Scanning
Gaining access
Maintaining access
Covering tracks
RECONNAISSSANCE
Black hats
White Hats
Gray Hats
BLACK HATS
Remote network
Remote dial-up network
Local network
Stolen equipment
Social engineering
Physical entry
REMOTE NETWORK
Examples include:
Vulnerability scanning,
Ethical Hacking, and
Penetration Testing.
SECURITY TESTING
Security testing can be conducted using
one of three approaches:
Black-box
White-box
Gray-box
BLACK-BOX
With no prior knowledge of the
infrastructure to be tested
WHITE-BOX
With a complete knowledge of the
network infrastructure
GREY-BOX
Internal Testing is also known as Gray-
box testing
This examines the extent of access by
insiders within the network.
ELEMENTS OF PEN TESTING
Three Elements for a Penetration Testing
are:
People
Process
Technology
Elements should be properly balanced
to get the maximum quality output.
TECHNOLOGY
Pen Testing Tools and Technology
Info Gathering Tools
Network Scanning Tools
Technology implemented at the testing
site.
OS Implemented
Database used
PEN TESTING TEAM
Introduction
Purpose
Scope
Assumptions and Limitations
Risks
Document Structure
ROE - TEMPLATE
Logistics
Personnel
Test Schedule
Test Site
Test Equipment
ROE - TEMPLATE
Communication Strategy
General Communication
Testing Execution
Nontechnical Test Components
76
FOOTPRINTING
Commonly includes:
Domain name lookup
Locations
Contacts (Telephone / mail)
UNEARTHING INITIAL INFO
Information Sources:
Open source
Whois
Nslookup
UNEARTHING INITIAL INFO
Hacking Tool
Sam Spade
UNEARTHING INITIAL INFO
whois
UNEARTHING INITIAL INFO
http://www.garykessler.net/library/is_tools_sam_s
pade.html
ARIN
ARIN allows search on the whois database to
locate information on networks autonomous
system numbers (ASNs), network-related
handles and other related point of contact
(POC).
http://emailtrackerpro.visualware.com/
EMAIL TRACKERPRO
102
UNEARTHING INITIAL INFO
host www.google.com
UNEARTHING INITIAL INFO
UNEARTHING INITIAL INFO
UNEARTHING INITIAL INFO
UNEARTHING INITIAL INFO
UNEARTHING INITIAL INFO
110
OBJECTIVES
www.matriux.com
CAN HACKING BE ETHICAL?