Introduction to

Ethical Hacking

Module 1
1. Information
Security

Module 1
What is Information?

Meaningful form of data

Can be called as processed data
Data has no context, info does
Computer is data
This is my computer is information

5
What is Information?

6
What is Information Security?

What will I do with your birthday?

I can definitely do with your phone number

Protecting information from unauthorized

access
Employing tools and policies
IT IS THE BASIC NEED OF EVERYONE

7
What is Information Security?

Wonder how people have realized the sensitivity of information!

Enigma Machine which was used by Germans to encrypt warfare
data.
What if someone is constantly watching you??

Security is the quality of information

Security is freedom
Security is an asset
8
What is Information Security?

9
What is Information Security?

Information is everywhere
This is the information age
Information in digital systems makes cyber security

10
What is Information Security Threats?

Threat is a constant danger to an asset

It can be a person, object or an event

Threats can be categorized and ranked

11
What is Information Security Threats?

Types of Threats

Inadvertent threats (human failure)

Physical disasters (natural disasters)

Technical failures (hardware or software)

Deliberate acts (hacking, espionage) 12

Information Security does not deal with?

Cyber warfare
Information warfare
Negative impacts of people on Internet (sexual abuse,
cyber stalking, etc.)
IoT security

13
Information Security does not deal with?

Then who deals with them?

14
2. Cyber Security

Module 1
What is Cyber Security?

Protection of cyber space against cyber threats and

cyberspace vulnerabilities
Any threats to information via the cyber space

Deals with deliberate acts

deal with physical and personal security
Threats via cyberspace, not threats for Cyberspace
16
What is Cyber Security?

17
3. Objectives of
Cyber Security

Module 1
Objectives of Cyber Security

Confidentiality: No telling to unauthorized parties

Integrity: Completeness and accuracy of data

Availability: When needed, data is available

19
Objectives of Cyber Security

Non-repudiation: I should accept I sent you the message

and you should accept you received it

Authenticity: You should actually be who you tell you are

20
3. The CIA Triad

Module 1
The CIA Triad

22
Confidentiality

Roughly but wider than privacy

Sensitive data should not reach wrong people
Sensitive data should reach right people

Measures:
Data encryption
Authentication (maybe multi-factor)
More sensitive, more physical

23
Integrity

Data should be consistent, trustworthy and accurate

Data must not change in transit
Most complex to implement

Measures:
Backups
Cryptographic measures (checksums)
Access control

24
Availability

Data should be available as and when needed

Updated software and hardware
Adequate system capacity and bandwidth

Measures:
Firewalls rules
Patch management and disaster recovery
Load balancers

25
4. What is Hacking?

Module 1
What is Hacking?

Hacking is a very wide term

Introduced in the 1960s MIT

That time was of more hardcore programming

Those were the most intelligent and advanced hackers

All started by the end of 1960s, when ARPANET was founded by the
US military.
27
What is Hacking?

There is no standard definition of hacking

Media continues to add false information about hacking

There are good hackers, and there are bad

Bad ones need to be discussed, but not learnt

Good ones are to be focused, the Ethical Hackers

28
WHO IS A HACKER?
29
WHO IS A HACKER?

Steal facebook password?

Hack a wifi?
A CS Student?
Get me unlimited coins in the game?
HACKS NASA WITH HTML?
A Terrorist?
30
WHO IS A HACKER?

31
teenage mischief into a billion-

32
WHO IS A HACKER?

Using his/her skills and knowledge to gain unauthorized

access to a software, computer, or a network
Uses his/her own tools and techniques
Is NOT always bad
Can go to prison, or earn millions
One of the most risky professions of them all

33
The quieter you become, the
more you are able to hear.

34
TYPES OF HACKERS
35
WHITE HAT HACKERS
Security Professionals, hack with
permissions
36
White Hat Hacker

The ethical hackers, also break into systems

Not to exploit them, but to help management fix them

The same thrill, same swag, but bonus money and respect

Even work with Government, cyber cells and police

37
White Hat Hacker

38
White Hat Hacker

39
White Hat Hacker

40
BLACK HAT HACKERS
Criminals, highly destructive, penetrate
to destroy and cause damage
41
Black Hat Hacker

That typical hacker you might have heard of

Use undisclosed vulnerabilities, tools and exploits

Just randomly hack systems to create havoc

Or to take revenge or fulfil personal desires

Most common desires: Financial gain, spying, revenge

42
Black Hat Hacker

43
GREY HAT HACKERS
malicious intent
44
Grey Hat Hacker

Not completely white, not completely black

Hack without permissions and authorization, sometimes report

Demand compensation/money for fix

Whether to say illegal, totally depends on the victim party

actually have any professional gain

45
Grey Hat Hacker

No image to show!

46
5. What is Ethical
Hacking?

Module 1
Ethical Hacking

Performed by a company or individual to help identify potential threats

on a computer or network

Search for any weak points that could be exploited by malicious hackers

This information is then used by the organization to improve the system

security

Very underrated and criticized, especially in India

48
Ethical Hacking

It is way more wider than we think!

HACKING IS HACKING, NO MATTER HOW YOU LOOK AT IT!!

IF YOU HACK, YOU ARE A COMPUTER CRIMINAL OR CYBER CRIMINAL!!

But actually, the cyber space is more safer as we see it because of

ethical hackers

49
WHO IS AN ETHICAL HACKER?

50
WHO IS A ETHICAL HACKER?

Security Professional
Tests the security and identifies loopholes
Creates reports and analysis
Authorized with proper permissions
Earns money and respect

51
6. Information
Warfare

Module 1
Information Warfare

Tactical and strategic use of information, to gain an advantage

In the earlier days, information was more physical

Groups of people involved, especially Government, to tackle enemies
Countries spent millions in secret intelligence and spies
Military used weapons and army power to send policy implementations

53
Information Warfare

Today, this warfare involves most of the digital media.

It has become cyber warfare

Government spends millions for IT infrastructure to attack, defend from attacks

Now it mostly revolves around terrorism

Common practices of cyber warfare:

Using viruses and malwares
Exploiting electronic communication systems and networks
Stealing info via unauthorized access 54
Information Warfare

55
7. Need for Ethical
Hackers

Module 1
Need for Ethical Hackers

There is a hack attack every 39 seconds

The average cost of a data breach in 2020 will exceed $150 million

Companies have spend $2 trillion total in 2019

$6 trillion is expected to be spent globally on cybersecurity by 2021

Cybersecurity jobs worldwide will reach 3.5 million by 2021

57
Need for Ethical Hackers

Who will prevent wastage of this money?

Who will help developers fix their bugs in production?

Who will stop those black hats and their malicious activities to damage our
cyberspace?

Who will ensure security to the companies?

Who will ensure national security?

Who will help to keep the cyber space safe and clean? 58
Careers in Ethical
Hacking

Module 1
CAREERS IN HACKING?
60
 1,000,000
Ethical Hackers would be needed by 2020 in India

61
 5,80,000
Average Salary

2,50,000
For a beginner/Fresher

20,00,000+
For a professional
62
 150,000$
Average Salary

80,000$
For a beginner/Fresher

250,000$
For a professional
63
PROFESSIONAL CERTIFICATIONS

64
TO BECOME AN ETHICAL HACKER?

Security
Certified Ethical Hacker (CEH)
Offensive Security Certified Professional (OSCP)
CompTIA Security+, Pentest+
GIAC Penetration Tester(GPEN)
Certified Information Systems Security Professional
(CISSP)
65
TO BECOME AN ETHICAL HACKER?

Networking
Cisco Certified Network Associate (CCNA)
CompTIA Network+
Cisco Certified Network Professional (CCNP)
Cisco Certified Internetwork Expert (CCIE)
AWS Certified Solutions Architect

66
CAREERS IN ETHICAL HACKING

67
IS HACKING ILLEGAL?
68
IS HACKING ILLEGAL?

Not always
Ethical Hacking is completely LEGAL
There is a huge need for ethical hackers
Hack systems, earn money

69
GENERAL TERMINOLOGIES

Vulnerability: A weakness that can be exploited

Threat: One who exploits a vulnerability
Risk: Damage caused by exploiting the vulnerability
Asset: Which needs to be accessed after exploitation
Bug: Error, fault or flaw in a computer program that may
cause unexpected behavior

78
79
GENERAL TERMINOLOGIES

Hacker: Gains access with or without malicious intent

Cracker: Gains access to damage assets and cause harm,
always malicious

80
GENERAL TERMINOLOGIES

Infosec: Information Security/Cyber Security/Data Security

Penetration Testing: Testing and reporting the security
loopholes
Vulnerability Assessment: Testing and reporting the
security loopholes, and tells how to fix them

81
GENERAL TERMINOLOGIES

Cyber Espionage: Spying on someone to gain illicit access

to confidential information (large institutions)
Exploits: Designed to cause unexpected behaviors that an
attacker can take advantage of to perform harmful actions
Script Kiddie: Newbies/noobs so called hackers without any
skills
Zero-day: Vulnerability not known to professionals only to
be exploited by hackers
82
TO BECOME AN ETHICAL
HACKER?
83
THE PROCESS IS EASY

Learn Code Apply

84
TO BECOME AN ETHICAL HACKER?

Programming is important!
mindset
Be verbose
Logical thinking
learn it all, but know it all

85
TO BECOME AN ETHICAL HACKER?

Computer Basics: Hardware, Software, processing

methodology
Web and Internet: HTTP, DNS, Web Servers, FTP, SMTP
Networking: TCP/IP, ARP, Devices, types, Routing and
Switching
Operating Systems: Linux (Kali, Parrot, Red Hat), Windows,
Android, iOS, MAC
86
TO BECOME AN ETHICAL HACKER?

Programming:
Reverse Engineering- Assembly, C, C++
Script Writing- Python, Ruby, Perl
Web App Testing- JavaScript, PHP, SQL, JSP, Python
Shell Scripting- Bash

87
TO BECOME AN ETHICAL HACKER?

OWASP Top 10
GitHub
Bug Bounty Programs
Hacking Forums
Stack
Soft Skills
PRACTICE, PRACTICE AND PRACTICE 88
HACKING
Is an art, practised through a creative mind.

89
THANKS!
Any questions?

90