Transcript campus.murraystate.edu

Ethical Hacking
By
Wesley Morefield
Kinds of Hackers
1. Black Hat / Destructive
2. White Hat / Ethical
3. Gray Hat
The Bad

Script Kiddies

Hacktivists

State Sponsored

Spy Hackers

Cyber Terrorists

Black Hat
Black Hat Hacker

Wants to get into your network or computer.

Uses any means available to gain access.

Don't care about damages caused from their
hacking.
Reasons

These people are after information

Credit card/Bank account numbers

Login information

Corporate secrets

Free Service
Steps

Information gathering

Scanning

Getting Access

Maintain Access

Cover Tracks
Information Gathering

Locating a target

Find information about the target


IP address
Social engineering
Scanning

Looking for open ports

Find out what operating system is on the target

Identifying services
Getting Access

Weak passwords

Spoof emails

Exploit Vulnerabilities
Maintain Access

Malware

Backdoor
Cover Tracks

Install Rootkit

Delete log files

Change system files
Notable Hackers
Randal Schwartz

Author of Learning Perl

Used password cracker on Intel's computers


He wanted to maintain access to his email
when he no longer had access to the network
Amassed a large number of passwords
Gary Mckinnon


Accused of hacking into 97 military and NASA
computers
Was searching for information about UFO
coverups.
Kevin Mitnick

Most notorious hacker

Started at 12 years old

Was charged in 1995 for wire fraud and for
breaking into the computers of several
corporations.
Malware Growth



Q1 of 2010 58,000 new
malware per day.
Q1 of 2011 73,000 new
malware per day.
Increase of over 25%.
Types of Malware
Antivirus Detection Rate
Ethical Hacker

Tests networks

Finds weaknesses

Notifies those in charge of the pitfalls of their
network.
Tools Used

Port scanners

Vulnerability scanners

Exploit lists

Reverse Engineering
Detection

Locate any current hacks

Search for any current password attacks

Ensure there isn't an outside IP performing port
scans on the network

Monitor network traffic

Scan for open ports
Conclusion

Lock down the network

Ensure all software is up to date

Identify unpatched vulnerabilities and exploits

Check for current virus definitions
Questions

Is it ethical for books and other material to be
released that goes into detail about the process
hackers use to gain entry into a computer?
References

http://hackingalert.blogspot.com/2011/03/how-to-hack-websiteweb-server-3-step.html

Gray Hat Hacking

http://billmullins.wordpress.com/2011/03/17/pandalabs-reports-73000-new-malware-threats-every-day/

http://www.sun.com/blueprints/0502/816-4816-10.pdf

http://en.wikipedia.org/wiki/Timeline_of_computer_security_hacker_history

http://www.computereconomics.com/article.cfm?id=1225

http://tjscott.net/policy/kevin1.htm

http://www.takedown.com/coverage/mitnick-timeline.html

http://www.wired.com/science/discoveries/news/2007/02/72647

http://www.knowthetrade.com/ethical-hacking.html