Introduction to Ethical Hacking

Ethical Hacking and Penetration Testing-COMP6210|Binus International

Someone who employed by companies to perform a penetration tests to their own system (with the owner’s permission).

legal attempt to break into a company’s network to find its weekest link. (Tester only reports findings and offers solutions to secure or protect the network)

Someone who access computer system or network without authorization. (breaks the law can go to prison)

Someone who breaks into the systems to steal or destroy the data (U.S. Department of Justice calls both hackers)

Young inexperienced hackers (copy codes and techniques from knowledgeable hackers)

Examples : Practical Extraction and Report Language (Perl), C, Python

Set of instructions that runs in sequence

Collection of Oss and hacking tools. To help penetration testers and security testers conduct vulnerabilities assessments and attacks.

Why do we need penetration testing ?

Because we need to make sure that our system is secure. We use the Penetration Testing to test the vulnerabilities of our system and find the solution and make our system more secure.

The Process

2. Performing the pen-test

3. Reporting and delivering results

Tester is told everything about the network topology and technology.

Tester is authorized to interview IT personnel and company employees

Makes tester job a little easier

Company staff does not know about the test

Tester is not given details about the network

Tests if security personnel are able to detect an attack

Hybrid of the white and black box models

Company gives tester partial information

Common Techniques

2. Open Source Monitoring

3. Network mapping and OS fingerprinting

To know what the version of Operation System.

4. Spoofing

For instance: A tries to attack B and C.

Normally B and C will know that A is attacking them.

By spoofing techniques A can attack B and C as other person. A can attack the B as C and the B will know that the one who attacked him is C not A.

In simple its about how you attack other people by using other people.

You attack other IPs in the world by using another IPs.

5. Network Sniffing

Is the real-time monitoring of data packets in network.

People who defends the system, monitoring and checking the security of the systems.

People who performs the pen-test and attacking the systems.

Related posts:

Guatemala is one of the countries in Central America affected by the coffee rust disease. In fact, the country declared coffee rust a national emergency in 2013. The coffee production was massively…