Scribd
Upload
20 views19 pages

Lecture 3,4,5 Ehical Hacking Framework ++

Uploaded by

nikhilraval706
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views19 pages

Lecture 3,4,5 Ehical Hacking Framework ++

Uploaded by

nikhilraval706
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

3CS204ME24

Ethical Hacking and Vulnerability


Assessment
What we will learn today?
• Ethical Hacking Framework
• Key components of Ethical Hacking
• Ethical Hacking Concepts
• Different types of Attacks
• Cyber kill chain Process
• Different types of Hackers
• Why ethical Hacking is necessary
Ethical Hacking and Vulnerability Assessment
• Ethical hacking, also known as penetration testing or white-hat hacking,
refers to the practice of intentionally probing computer systems, networks,
and applications to find security vulnerabilities that could be exploited by
malicious hackers.
• The goal of ethical hacking is to identify and fix these vulnerabilities before
they can be used for unauthorized purposes.
• Vulnerability Assessment is the process of identifying, quantifying, and
prioritizing (or ranking) the vulnerabilities in a system.
• The goal is to determine the weaknesses that could be exploited by threats
and to assess the potential impact on the system.
• Key components: {Asset, Threat, Vulnerability} Identification, Risk
Assessment, Prioritization of Vulnerabilities, Reporting.
Ethical Hacking Framework
• What is Ethical Hacking Framework?
• An Ethical Hacking Framework is a structured approach that ethical
hackers follow to systematically identify and exploit vulnerabilities in an
organization's systems, networks, or applications to improve their
security posture.

• This framework ensures that the process is conducted in a controlled


and authorized manner, aligning with legal and ethical standards.
Ethical Hacking Framework
• Key Components of an Ethical
Hacking Framework
1.Planning and Reconnaissance
2.Scanning and Enumeration
3.Gaining Access
4.Maintaining Access
5.Covering Tracks
6.Reporting and Remediation
Popular Ethical Hacking Tools
• Nmap: Network scanning tool used to discover hosts and services.
• Metasploit: Exploitation framework for developing and executing
exploit code.
• Wireshark: Network protocol analyser for network troubleshooting
and analysis.
• Burp Suite: Integrated platform for performing security testing of web
applications.
Ethical Considerations
• Authorization - Ethical hackers must have explicit permission from the
system owner before conducting any testing.
• Legal Compliance- Ensure adherence to relevant laws and regulations
(e.g., IT Act, Computer Fraud and Abuse Act, GDPR).
• Professional Conduct - Maintain integrity, honesty, and
professionalism throughout the process.
Quiz
• Which phase of the ethical hacking framework involves gathering
information about the target system or network without direct
interaction?
• A. Scanning
• B. Post-Exploitation
• C. Reconnaissance
• D. Reporting
• Answer: C. Reconnaissance
• In the ethical hacking process, what is the primary objective of the
Scanning phase?
• A. To gather intelligence about the target
• B. To identify and exploit vulnerabilities
• C. To document findings and provide recommendations
• D. To maintain access and escalate privileges
• Answer: B. To identify and exploit vulnerabilities
• Which component of the ethical hacking framework focuses on
documenting findings, vulnerabilities, and recommendations for
improving security?
• A. Exploitation
• B. Reporting
• C. Post-Exploitation
• D. Reconnaissance
• Answer: B. Reporting
• What is the primary goal during the Exploitation phase of an ethical
hacking framework?
• A. To gather information about the target system
• B. To identify open ports and services
• C. To attempt to gain unauthorized access by exploiting vulnerabilities
• D. To remove traces of hacking activities
• Answer: C. To attempt to gain unauthorized access by exploiting
vulnerabilities
• Which phase in the ethical hacking framework involves ensuring
persistent access and escalating privileges after gaining access to the
target system?
• A. Reconnaissance
• B. Scanning
• C. Exploitation
• D. Post-Exploitation
• Answer: D. Post-Exploitation
Attacks

Source: Ethical Hacking Guide (EC-Council)


Classification of Attacks

Source: [Book]Ethical Hacking and Counter measures


Source: [Book]Ethical Hacking and Counter measures
Cyber Kill Chain Methodology

Source: [Book]Ethical Hacking and Counter measures


Types of Hackers

Source: [Book]Ethical Hacking and Counter measures


Footprinting
• Collecting information about organization to identify various ways to
intrude the into systems.
• Objectives
• Security postures
• Reduction of focus areas
• Identifying vulnerabilities
• Drawing network map

• Active Footprinting
• Passive Footprinting

You might also like