Ethical Hacking

Presented By:
Al Hassane BAH
 Content
 What is Hacking?
 Ethical Hacking
 Phase of Hacking.
 Why do We need Ethical Hacking
 Phase of Hacking
 Vulnerability Assessment.
 Vulnerability Assessment Process.
 Vulnerability scanning Tool.
 What is Hacking?
Hacking is the process of identifying and exploiting weakness in a
system or a network to gain unauthorized access to data and system
resources

It involves modifying system or application features to achieve a goal

outside of the creator’s original purpose.

Hacking can be used to steal and redistribute intellectual property

leading to business loss.
What is Ethical Hacking?
Ethical Hacking
involves the use of hacking tools, tricks
and techniques to identify
vulnerabilities so as to ensure system
security.

It focuses on stimulating
techniques used by attackers to verify the
existence of exploitable
vulnerabilities in the system.
Why do We need Ethical Hacking..
Phase of Hacking
Reconnaissa
nce

Clearing
Scanning
Tracks

Maintaining Gaining
Access Access
Hacking Phase: Reconnaissance

 Reconnaissance refers to a preparatory phase where an attackers

seeks to gather information about a target prior to launching an
attack.
 Could be the future point of return, noted for ease of entry for an
attack when more about the target is known on a board scale.
 Reconnaissance target range m a y include the target organization’s
clients employee, operations, network and systems.
Hacking Phase: Scanning

 Pre-Attack Phase: Scanning refers to the pre-attack phase when the

attackers scans the networks for specific information gathered during
reconnaissance.
 Port Scanner: Scanning can include use of diameter, port scanner’s,
network mapper, ping tools, vulnerabilities scanner etc.
 External Information: Attackers extract information such as live
machines, port, port status, O S details, device type, system uptime,
etc to launch attack.
Hacking Phase: Gaining Access

 Gaining access refers to the point where the attackers obtains access
to the operating system or applications on the computer or network.
 The Attackers can escalate privileges to obtain complete control of
the system. In the process, intermediate systems that are connected
to it are also compromised.
 The attacker can gain access at the operating system level,
application level, or network level.
 Example include password cracking, buffer overflows, denial of
service, session hijacking etc.
Hacking Phase: Maintaining Access

 Maintaining access refers to the phase when the attackers tries to

retain his or her ownership of the system
 Attackers m a y prevent the system from being owned by other
attackers by scanning their exclusive access with Black door,
Rootkits, or Trojans.
 Attackers can upload, download or manipulate data, applications and
configurations on the owned system.
 Attackers use the compromised system to launch further attacks.
Hacking Phase: Clearing Tracks

 Covering tracks refers to the activities carried out by an attacker to

hide malicious acts.
 The attackers intentions includes: Continuing access to the victim’s
system, remaining unnoticed and uncaught, deleting evidence that
might lead to his prosecution.
 The attackers overwrites the serve, system and application logs to
avoid suspicion.
Vulnerability Assessment

A vulnerability assessment is the process of defining, identifying,

classifying and prioritizing vulnerabilities in computer systems,
application and network infrastructures.
Vulnerability Assessment Process
Vulnerability Assessment Tool
 N-map

Nmap is a network scanner, monitor host and discover all the IP which is
connected to network.
Nmap can be used to:
 Create a complete network map.
 Find remote IP addresses of hosts.
 Detect open ports.
 Audit server security standards.
 It is well documented you can find
 everything using command.
Nmap run on major computer operating system and binary package
available
for windows, Linux, Mac O S etc
 Penetration Testing
Penetration testing is the process of hacking a system with the
permission from the owner of that system, to evaluate security, Hack
value, attacks, exploits, zero-day vulnerability and other components
such as threats, vulnerabilities and daisy chaining.
Thank Yo u …