Ethical hacking



1-

- Information and cyber security overview

Cyber security is the application of technologies, processes, and controls to protect systems, networks, programs, devices and data from cyber attacks. It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems, networks, and technologies.

-Security thread and attack

Information Security Threats aim at corrupting or stealing data to disrupt an organization's systems or Data privacy. Security Threats come in all shapes and sizes, such as software attacks, theft of intellectual property, identity theft, equipment or information theft, sabotage, and information extortion

3-hacking concept

Hacking is the act of identifying and then exploiting weaknesses in a computer system or network, usually to gain unauthorized access to personal or organizational data.

Know more

4-ethocal hacking concept

Definition. Ethical hacking involves authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating strategies and actions of malicious attackers.

Know more




5-information security control

Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.

Know more

6-information security law and standards

Cyber laws, more commonly known as internet laws, are laws that are related to legal informatics, regulating the digital distribution of information, e-commerce, software, and information security. It usually covers many related areas, such as usage and access to the Internet, freedom of speech, and privacy.

Know more




7-footprint concepts

Footprinting is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them. It is one of the best methods of finding vulnerabilities.

Know more

8-Footprint through search Engine Attackers use search engines to extract information about a target such as technology platforms, employee details, login pages, intranet portals, etc. which helps in performing social engineering and other types of advanced system attacks.
Search engine caches and internet archives may also provide sensitive information that has been removed from the World Wide Web (WWW).
Know more


9-Footprints through web service


FootPrints Web Services provides a way for users to access the database over the Internet to retrieve information and to create or edit records. For example, users can search for tickets and they can create and edit tickets.

Records created or edited via Web Services are subject to the same business rules and validations as records created or edited via the web interface. However, required fields are not enforced when using Web Services to create or update a record, and you cannot alter the database structure.

First, you enable Web Services for your system and then enable access to the Services for specific Agent and Customer roles. Only the FootPrints internal authentication method is supported.

Know more

10-Footprints through social networking sites

Whenever you use the internet, you leave behind a trail of information known as your digital footprint. A digital footprint grows in many ways – for example, posting on social media, subscribing to a newsletter, leaving an online review, or shopping online.

Know more

11-website footprints

A digital footprint – sometimes called a digital shadow or an electronic footprint – refers to the trail of data you leave when using the internet. It includes websites you visit, emails you send, and information you submit online. A digital footprint can be used to track a person's online activities and devices.
A digital footprint can be stored when a user logs into a site and makes a post or change; the registered name is connected to the edit in an
online environment.

12-email footprint
Email footprinting

In this method, a hacker can trace an email and get information from it. Email footprinting gives us information regarding the sender's email, name, location, IP address, etc. We can use the following tools, among others, for email footprinting: Yesware.

Know more

13-compatitive intelligence
Competitive Intelligence Gathering

It concentrates on the external business environment. In this method, professionals gather information ethically and legally instead of gathering it secretly.Ethical Hacking uses the same methods as competitive intelligence to gather information.

Know more

13.1-Whois footprinting

Whois Footprinting is an ethical hacking practice that collects data about targets and their condition. This is the pre-attack phase and the activities performed will be stealthed and best efforts will be made to prevent the target from tracking you.

Know more

14-DNS footprint

DNS Footprinting is a technique that is used by an attacker to gather DNS information about the target system. DNS Footprinting allows the attacker to obtain information about the DNS Zone Data, which includes: DNS Domain Names. Computer Names. IP Addresses.


14.1-Network footprint

extent of control information that a network-based application references, again, excluding any data that it may require to transmit (download or upload) to carry its activities.

A digital footprint – sometimes called a digital shadow or an electronic footprint – refers to the trail of data you leave when using the internet. It includes websites you visit, emails you send, and information you submit online. A digital footprint can be used to track a person's online activities and devices.

14.2-Footprints through social engineering

Process of gathering data about an organization and its infrastructure. Footprinting is a systematic exploration of a system's defenses and vulnerabilities. Understanding the details of a system facilitates other attacks and can especially useful in facilitating social engineering.

Know more


15-Footprint tools
Footprinting (also known as reconnaissance) is the technique used for gathering information about computer systems and the entities they belong to. To get this information, a hacker might use various tools and technologies. This information is very useful to a hacker who is trying to crack a whole system.
Some of the common tools used for footprinting and information gathering are as follows:
Whois.
NSlookup.
Sam Spade.
SuperScan.
Nmap.
TcpView.
My ip Suite.
Dns enumerator.
Know more


16-Footprinting countermeasures:
Creating awareness among the employees and users about the dangers of social engineering.
Limiting the sensitive information.
encrypting sensitive information.
using privacy services on whois lookup database.
Disable directory listings in the web servers.
Enforcing security policies.
Know more


17-Footprint penetration Testing
In short, footprinting refers to the process of collecting data over time in order to make a targeted cyberattack (GeeksforGeeks, 2021). Footprinting involves gathering information about a target—typically related to its network infrastructure, systems, and users—without actually committing an attack.
Know more


18- network scanning concept
Network Scanning is a process where an attacker uses tools and techniques to gather information about the target. This information may be as simple as the active hosts within the network, to complex discoveries like gathering the OS of the hosts, open ports and active vulnerabilities on the host.


Know more


19-Scanning too
Scanning in ethical hacking is a network exploration technique used to identify the systems connected to an organization's network. It provides information about the accessible systems, services, and resources on a target system.
Know more


20-scanning techniques
Scanning is another essential step, which is necessary, and it refers to the package of techniques and procedures used to identify hosts, ports, and various services within a network. Network scanning is one of the components of intelligence gathering and information retrieving mechanism an attacker used to create an overview scenario of the target organization (target organization: means the group of people or organization which falls in the prey of the Hacker).
Know more


21-Scanning IDs and firewall
This is a process in which the attacker uses a chain of proxy servers to hide the actual source of a scan and evade certain IDS/firewall restrictions. Packet fragmentation refers to the splitting of a probe packet into several smaller packets (fragments) while sending it to a network.
Know more


22-Banner grabbing
Banner grabbing is a technique used to gain information about a computer system on a network and the services running on its open ports. Administrators can use this to take inventory of the systems and services on their network.
Know more


23-Draw networking diagram
Select a network diagram template. ...
Name the network diagram. ...
Remove existing elements that you don't need on your diagram. ...
Add network components to the diagram. ...
Name the items in your network diagram. ...
Draw connections between components. ...
Add a title and share your network diagram.




24-scanning pen testing

authorized simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system. Penetration tests usually simulate a variety of attacks that could threaten a business.
Know more


25- Enumeration concept
Enumeration is defined as the process of extracting user names, machine names, network resources, shares and services from a system. In this phase, the attacker creates an active connection to the system and performs directed queries to gain more information about the target.
Know more


26-netBIOS enumeration
NetBIOS stands for Network Basic Input Output System. It Allows computer communication over a LAN and allows them to share files and printers. NetBIOS names are used to identify network devices over TCP/IP (Windows).
Know more


27-SNMP enumeration
SNMP enumeration is used to enumerate user accounts, passwords, groups, system names, devices on a target system. It consists of three major components: Managed Device: A managed device is a device or a host (technically known as a node) which has the SNMP service enabled.
Know more


Post a Comment

0 Comments