Scribd
Upload
13 views20 pages

Introduction To EHPT

The document provides an introduction to ethical hacking and penetration testing, defining ethical hacking as the process of identifying vulnerabilities in computer systems by mimicking malicious hackers. It outlines the roles of ethical hackers, the methodologies used in penetration testing, and the legal considerations surrounding hacking activities. Key concepts such as hacking terminology, types of penetration testing models, and the importance of understanding laws related to cybersecurity are also discussed.

Uploaded by

Anonymous thOs8HQw
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
13 views20 pages

Introduction To EHPT

The document provides an introduction to ethical hacking and penetration testing, defining ethical hacking as the process of identifying vulnerabilities in computer systems by mimicking malicious hackers. It outlines the roles of ethical hackers, the methodologies used in penetration testing, and the legal considerations surrounding hacking activities. Key concepts such as hacking terminology, types of penetration testing models, and the importance of understanding laws related to cybersecurity are also discussed.

Uploaded by

Anonymous thOs8HQw
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 20

Introduction to Ethical

Hacking and Penetration


Testing
By
Mitul Patel
CONCEPTS COVERED
• What is ethical hacking
• Penetration Testing
• Role of ethical hackers
What is Ethical Hacking?
• It refers to the act of locating weaknesses and vulnerabilities of
computer and information systems by replicating the intent and actions
of malicious hackers.
• It is also known as penetration testing, intrusion testing or red teaming.
Introduction to Ethical Hacking
• Ethical Hackers
• Employed by companies to perform penetration test.
• Penetration Test
• Legal attempt to break into the company’s network to find the weak
links.
• Tester only report findings, does not provide solutions.
•Security Test
• Also includes analyzing company’s security policy and procedures.
• Tester offers solutions to secure or protect the network.
Some Terminologies
• Hacking - showing computer expertise.
• Cracking - breaching security on software or systems.
• Spoofing - faking the originating IP address in a datagram.
• Denial of Service (DoS) - flooding a host with sufficient
network traffic so that it cannot respond anymore.
• Port Scanning - searching for vulnerabilities.
Gaining access
Once inside, the hacker can...
• Modify logs
• To cover their tracks.
• Steal files
• Sometimes destroy after stealing.
• An expert hacker would steal and cover their tracks to remain undetected.
• Modify files
• To let you know they were there.
• To cause mischief.
• Install back doors
• So they can get in again.
• Attack other systems
The Role of Security and Penetration Testers

• Script kiddies or packet monkeys


• Young or inexperienced hackers.
• Copy codes and techniques from knowledgeable hackers.

• Experienced penetration testers write programs or scripts


using
• Perl, C, C++, Python, JavaScript, Visual Basic, SQL, and many others.
Penetration-Testing Methodologies
• Tiger box
• Collection of OSs and hacking tools.
• Usually on a laptop.
• Helps penetration testers and security testers conduct
vulnerabilities assessments and attacks.
• White box model
• Tester is told everything about the network topology and technology.
• Tester is authorized to interview IT personnel and company
employees.
• Makes tester’s job a little easier
Penetration-Testing Methodologies
• Black box model
• Tester is not given details about the network.
• Burden is on the tester to find the details.
• Gray box model
• Hybrid of the white and black box models.
• Company gives tester partial information.
What You Can Do Legally
• Laws involving technology change as rapidly as technology
itself.
• Find what is legal for you locally.
• Laws change from place to place.
• Be aware of what is allowed and what is not allowed.
Laws of the Land
• Tools on your computer might be illegal to possess.
• Contact local law enforcement agencies before installing
hacking tools.
• Written words are open to interpretation.
• Governments are getting more serious about punishment for
cybercrimes.
What You Cannot Do Legally
• Accessing a computer without permission is illegal.
• Other illegal actions:
• Installing worms or viruses
• Denial of Service attacks
• Denying users access to network resources
• Be careful your ac1ons do not prevent customers from doing
their jobs.
Ethical Hacking in a Nutshell
• What it takes to be a security tester?
• Knowledge of network and computer technology.
• Ability to communicate with management and IT personnel.
• Understanding of the laws.
• Ability to use necessary tools.
Basics of Networking(OSI vs TCP/IP)
Data Flow in TCP/IP
TCP/IP Family Members(Partial List)
Format of IP Datagram
Viewing IP Packets
• We can use packet sniffers to view IP packets.
• Some popular packet sniffers:
• Wireshark
• Windump
• tcpdump
• Tshark
• SolarWinds
• …. and many more
Wireshark …

You might also like