Scribd Logo
Upload

Welcome to Scribd!

  • 2 views

    CPT 01 Terms

    Uploaded by

    xerolag230

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    CPT 01 Terms

    Uploaded by

    xerolag230
    2 views29 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    2 views29 pages

    CPT 01 Terms

    Uploaded by

    xerolag230

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 29

    Hacking and Classes of Hackers

    What is hacking ?

    Unauthorised

    access/changes/deletion

    of

    data system/network devices

    is called hacking

    NetsBook
    Classes of Hackers

    White Hat Hacker Blue Hat Hackers

    Black Hat Hacker Red Hat Hackers

    Grey Hat Hacker Suicide hackers

    Script Kiddie Cyber terrorists

    Green Hat Hackers State sponsored hackers

    Blue Hat Hackers Hacktivists

    NetsBook
    Hacking and Classes of Hackers

    White Hat Hacker

    ➢ They are Ethical hackers

    ➢ They are security specialist who breaks into secured systems


    and networks to test their level of security.

    Black Hat Hacker

    ➢ They are Crackers, they never ask for permission or consent.

    ➢ They illegally using their skills for either personal gain or malicious intent.

    ➢ They steal or destroy data or deny access to resources.

    NetsBook
    Hacking and Classes of Hackers

    Grey Hat Hacker

    ➢ Computer hacker or security expert who sometimes violate laws or


    ethical standards, for personal purposes but don’t have the
    malicious intentions

    Script Kiddie

    ➢ A Skiddie or Script Kiddie is an unskilled individual who uses


    programs or scripts developed by other hackers to attack
    networks and computer systems

    NetsBook
    Hacking and Classes of Hackers

    Green Hat Hackers

    ➢ Green hat hackers are newbie to the hacking world.

    ➢ They have a desire to become full-blown hackers and are curious to


    learn

    Blue Hat Hackers

    ➢ Their main agenda is to take revenge on anyone who makes them


    angry. They have no desire for learning and may use simple cyber
    attacks

    ➢ Companies invite them to check the vulnerabilities in their


    softwares before the launch NetsBook
    Hacking and Classes of Hackers
    Red Hat Hackers

    ➢ They are also known as the eagle-eyed hackers. Red hat hackers
    aims to halt the black hat hackers. They will keep on attacking the
    hacker aggressively that the hacker have to replace the entire
    system.

    Suicide hackers

    ➢ Suicide hackers are ready and willing to perform an attack for


    a “cause”, even if they get caught and prosecuted.

    Cyber terrorists

    ➢ Cyber terrorists are hackers who are influenced by certain


    religious or political beliefs. They work to cause fear and
    disruption of systems. NetsBook
    Hacking and Classes of Hackers

    State sponsored hackers

    ➢ State sponsored hackers are recruited by governments to gain


    access to secret information of other governments

    Hacktivists

    ➢ Hacktivism is meant to call the public's attention to something the


    hacktivist believes is an important issue or cause, such as freedom
    of information or human rights

    ➢ It can also be a way for the hacktivists to express their opposition


    to something

    NetsBook
    Ethical Hacking Terminology

    Malware

    ➢ Malicious software is any piece of software that was written with


    the intention of damaging devices, stealing data etc.

    ➢ Viruses, Trojans, spyware, adware, keylogger and ransomware are


    among the different kinds of malware

    NetsBook
    Ethical Hacking Terminology

    Virus

    ➢ Virus is a malicious software loaded in to a computer without user’s


    knowledge and performs malicious actions

    ➢ After entering a computer, a virus can attaches itself to another


    programs in such a way that execution of the host program
    triggers the action of the virus simultaneously

    ➢ It can self-replicate, inserting itself onto other programs or files

    ➢ Viruses spread when the software or documents they get attached


    to are transferred from one computer

    NetsBook
    Ethical Hacking Terminology

    Worm

    ➢ Worm is a standalone malware computer program that


    replicates itself in order to spread to other computers

    ➢ Often, it uses a computer network to spread itself

    ➢ Unlike a virus, it does not need to attach itself to an existing


    program.

    NetsBook
    Ethical Hacking Terminology

    Trojan

    ➢ Trojan or Trojan horse is a type of malware that disguises itself as


    a legitimate software.

    ➢ Trojans can be employed by hackers to destroy files, alter


    information, steal passwords and gain access to users’ systems.

    NetsBook
    Ethical Hacking Terminology
    Rootkit

    ➢ A rootkit is a program designed to provide privileged access to a


    computer while actively hiding its presence.

    ➢ The term rootkit is a connection of two words "root" and "kit."

    ➢ Rootkit is a collection of tools that enabled administrator-level


    access to a computer or network.

    ➢ Root refers to the Admin account on Unix and Linux systems,


    and kit refers to the software components that implement the
    tool.

    NetsBook
    Ethical Hacking Terminology
    Macro virus

    ➢ A macro virus is written in the same macro language used for


    software programs, including Microsoft Excel or Word.

    ➢ When a macro virus infects, it causes a sequence of actions to


    begin automatically when the application is opened.

    NetsBook
    Ethical Hacking Terminology
    Keylogger

    ➢ Keylogger records every keystroke made by a user, especially


    in order to gain access to passwords and other confidential
    information.

    Spyware

    ➢ Spyware meant for gathering person’s or organization’s


    information without their knowledge and sent that information
    to any other entity without the consent.

    NetsBook
    Ethical Hacking Terminology

    Adware

    ➢ Adware acts as a spyware to track a user’s browsing activities

    ➢ It then generates advertisements based on the user’s browsing


    history

    ➢ Some adware is maliciously designed to pop up ads with a


    frequency ultimately slowing down your system

    NetsBook
    Ethical Hacking Terminology
    Bot

    ➢ Bot is a software application that can be controlled remotely to


    execute or automate predefined tasks.

    ➢ Bot automates an action so that it can be done repeatedly at a much


    higher rate

    ➢ Sending HTTP, FTP or Telnet at a higher rate or calling script to


    create objects at a higher rate are examples

    NetsBook
    Ethical Hacking Terminology
    Zombie computers
    ➢ Zombie computers are computers that have been taken over by a
    hacker without the knowledge of the owner

    ➢ A hacker secretly infiltrated an unsuspecting victim’s computer and


    uses it to conduct illegal activities.

    Botnet
    ➢ A network of private computers infected with malicious software and
    controlled as a group without the owners' knowledge

    ➢ Botnets, also known as a zombie army can be used to perform


    distributed denial-of-service attack (DDoS attack), steal data and
    send spam

    NetsBook
    Ethical Hacking Terminology

    Denial of service attack (DoS)

    ➢ A denial of service (DoS) attack is a malicious attempt to make a


    server or a network resource unavailable to users.

    DDoS (Distributed Denial of Service)

    ➢ This is a type of DOS attack in which multiple compromised systems


    are used

    ➢ All these infected systems select a target and cause a Denial of


    Service (DoS) attack.

    NetsBook
    Ethical Hacking Terminology

    Vulnerability

    A vulnerability is a weakness allowing a hacker to compromise the


    security of a computer system or a network system

    Exploit

    Exploit is a piece of software that takes advantage of a vulnerability to


    compromise the security of a computer or network system

    NetsBook
    Ethical Hacking Terminology

    Attack

    An attack is an action that is done on a victim system to get its access


    and extract sensitive data

    Threat

    Threat is a possible danger that might exploit a vulnerability to breach


    security and therefore cause possible harm.

    NetsBook
    Ethical Hacking Terminology

    Breach

    ➢ A security breach is any incident that results in unauthorized


    access of data, applications, services, networks and devices by
    bypassing their underlying security mechanisms.

    Backdoor

    ➢ A backdoor is a malicious program used to provide unauthorized


    remote access to a compromised PC by exploiting security
    vulnerabilities.

    ➢ This virus works in the background and hides from the user.

    NetsBook
    Ethical Hacking Terminology

    Social Engineering (SE)

    ➢ Social engineering is a non-technical strategy cyber attackers use


    that relies heavily on human interaction and often involves tricking
    people into breaking standard security practices.

    ➢ When successful, many social engineering attacks enable attackers


    to gain legitimate, authorized access to confidential information

    FUD (Fully UnDetectable)

    ➢ FUD refer something as a clean software to many anti-viruses but


    still contain some kind of hacking tool inside it.

    NetsBook
    Ethical Hacking Terminology

    RAT

    ➢ Remote administration tool (RAT) is a piece of software that allows


    a remote “operator” to control a system as if he has physical
    access to that system

    IP Grabber

    ➢ IP Grabber is a link that grabs victim’s IP when they visit a


    particular web address

    NetsBook
    Ethical Hacking Terminology

    Phishing

    ➢ Phishing is a type of social engineering attack often used to steal


    data, including login credentials and credit card numbers

    ➢ Hackers send emails that appears to be from a legitimate company,


    usually contains link to a fake website that looks authentic.

    Brute force attack

    ➢ Brute force attack is a trial-and-error method used to obtain


    information such as a password or personal identification number ,
    it tries different combination of usernames and passwords, over
    and over, until gets in.

    NetsBook
    Ethical Hacking Terminology

    Spoofing

    ➢ In spoofing, intruder sends messages with an IP address indicating


    that the message is coming from a trusted host.

    Zero-day attack

    ➢ Zero-day attack is defined as software or hardware vulnerabilities


    that have been exploited by an attacker where there is no prior
    knowledge of the flaw in the general information security
    community, and, therefore, no vendor fix or software patch
    available for it.

    NetsBook
    Ethical Hacking Terminology

    CIA Triad of Information Security

    NetsBook
    Information Security Threat Categories

    Network Threats

    1. Information gathering
    2. Sniffing and eavesdropping
    3. Spoofing
    4. Session hijacking and Man-In-The-Middle attack
    5. DNS and ARP Poisoning
    6. Password-based attack
    7. Denial-of-Service attack
    8. Compromised-key attack
    9. Firewall and IDS attack

    NetsBook
    Information Security Threat Categories

    Host Threats

    1. Malware attacks
    2. Footprinting
    3. Password attacks
    4. Denial-of-Service attacks
    5. Arbitrary code execution
    6. Privilege escalation
    7. Backdoor attacks
    8. Physical security threats

    NetsBook
    Information Security Threat Categories

    Application Threats

    1. Improper data/input validation


    2. Authentication and Authorization attacks
    3. Security misconfiguration
    4. Information disclosure
    5. Broken session management
    6. Buffer overflow issues
    7. Cryptography attacks
    8. SQL injection
    9. Improper error handling and exception management

    NetsBook

    You might also like