Introduction to Ethical
Hacking
CHAPTER 1
https://www.hackerschool.in
Ethical Hacking
By binding to rules and regulations of an organization, identifying known and
unknown vulnerabilities present in information system through which compromise
or destruction of data on information system can be done before any malicious
hacker discovers.
In ethical hacking approach, security engineer discovers known vulnerabilities
through vulnerability scanning tools and creates scan reports for discovered
vulnerabilities. Whereas to discover unknown vulnerabilities, security engineer
uses manual approach which involves fuzzing & reverse engineering techniques.
https://www.hackerschool.in
Hacking
Unauthorized access to information system either to steal or destroy data without
owners knowledge by an attacker
https://www.hackerschool.in
Hacker
An intelligent individual who spends enormous amounts of time exploring
information system hardware and software to discover vulnerabilities through
which he/ she can compromise or destroy the data on information system,
https://www.hackerschool.in
Types of Hackers
Black hat hacker
White hat hacker
Grey hat hacker
Hacktivist
State sponsored hacker
Sneaker / contract hacker
https://www.hackerschool.in
Phases of hacking
Foot printing
Scanning
Gaining access
Maintain access
Covering tracks
https://www.hackerschool.in
Terminologies
Vulnerability: it is a weakness in any software program or application that helps hacker to
compromise or crash the information system
Exploit: it is a piece of malicious programming code which takes advantage of vulnerability
to compromise the information system for delivering payload.
Payload: a type of action, attacker wants to perform on information system after compromise
like controlling webcam, recording keystrokes etc.
Note: Vulnerability + Exploit + Payload = Remote control of information system
https://www.hackerschool.in
Terminologies (Cont'd)
Threat actor: is a person responsible for an event or incident that impacts or has the
potential to impact.
Zero day: an exploit attack for which there is no defense by antivirus, intrusion
prevention system (IPS) and firewalls.
Risk: Risk is defined as the potential for loss or damage when a threat exploits a
vulnerability. Examples of risk include financial loss, damage to reputation, loss of
privacy, legal implications etc.
https://www.hackerschool.in
Cyber security
Cyber security is the practice of defending computers, servers, mobile devices,
electronic systems, networks, and data from malicious attacks. It's also known as
information technology security or electronic information security.
https://www.hackerschool.in
Information Security
Information security, often referred to as InfoSec, refers to the processes and tools
designed and deployed to protect sensitive business information from modification,
disruption, destruction, and inspection.
https://www.hackerschool.in
Elements of Information Security
NAME EXAMPLE
confidentiality Encryption, Steganography
Integrity Hash functions
Availability Cloud computing, backup disks
Authentication Passwords, 2 step verification
Non-repudiation Logs, digital signature
https://www.hackerschool.in