UNIT-1

Syllabus
Introduction Ethics of Ethical Hacking: Why you need to understand your
enemy’s tactics, recognizing the gray areas in security, Vulnerability
Assessment and Penetration Testing. Penetration Testing and Tools:. Social
Engineering Attacks: How a social engineering attack works, conducting a
social engineering attack, common attacks used in penetration testing,
defending against social engineering attacks.

Introduction to Ethics of Ethical Hacking

Ethical hacking involves legally breaking into systems to find and fix security
vulnerabilities.
It must be done with proper authorization and strong ethical conduct.

UNIT-1 1
 Ethics in ethical hacking ensures the hacker acts responsibly, maintains
confidentiality, avoids harm, and respects privacy.
Understanding and following ethical guidelines helps build trust, prevent
misuse of skills, and ensures that security testing is done lawfully and
professionally.

Core Principles of Ethical Hacking:

Principle Description

Always obtain explicit permission before testing or accessing any

Authorization
system.

Legality Operate within the boundaries of the law and organizational policies.

Confidentiality Protect sensitive data and findings; do not disclose without consent.

Report all findings honestly and avoid exploiting vulnerabilities for

Integrity
gain.

Responsibility Ensure actions do not harm the organization, its data, or its reputation.

Key Ethical Guidelines:

Do No Harm: The goal is to improve security, not to cause disruption or
damage.

Transparency: Clearly communicate the scope, methods, and findings to

stakeholders.

Respect Privacy: Handle all information with care, ensuring privacy and
data protection.

Professionalism: Maintain high standards of conduct, avoid conflicts of

interest, and act in the organization’s best interest.

Why you need to understand your

enemy’s tactics

UNIT-1 2
 To defend a system effectively, ethical hackers must think like attackers.
Understanding the tactics, techniques, and procedures (TTPs) used by real-
world hackers helps in identifying vulnerabilities before they are exploited.

🔹 Reasons:
Predict possible attack vectors

Simulate realistic attack scenarios

Understand the tools and methods attackers use (e.g., phishing, malware,
exploits)

Improve the defensive strategies and system hardening

Building Effective Defenses

Adapting to Evolving Threats

Prioritizing Remediation

UNIT-1 3
 Recognizing the Gray Areas in Security

Gray areas in security refer to situations where the ethical or legal boundaries
of hacking and cybersecurity practices are not clearly defined. These
ambiguities often arise due to the complex motivations and consequences
behind hacking activities, as well as the rapid evolution of technology and
threats.

Key Aspects of Gray Areas

Permission and Authorization:

Ethical hacking is generally considered acceptable only when performed

with explicit permission from the system owner. However, gray hat
hackers may probe systems without authorization, sometimes with the
intention of reporting vulnerabilities for the greater good. This lack of
permission, even with good intentions, places their actions in a legal and
ethical gray zone.

Responsible Disclosure:

Deciding when and how to disclose discovered vulnerabilities can be

ethically challenging. Some may choose to publicly reveal flaws before
informing the affected organization, which can expose users to risk but also
pressure organizations to act quickly.

Intent vs. Impact:

While white hat hackers act to improve security, gray hats may not have
malicious intent but still cause harm, such as service disruptions or privacy
violations. The line between helping and harming can be thin, especially if
innocent parties are affected.

Legal Consequences:

Even actions taken without malicious intent can be illegal if done without
authorization. Laws typically do not distinguish between intent, so gray hat
activities can result in prosecution.

Accountability:
When harm occurs, responsibility can be difficult to assign. Is the hacker at
fault, or does some blame lie with the organization for inadequate security?
This question highlights the ethical complexity of gray area actions.

UNIT-1 4
 Examples of Gray Areas:
Accessing systems without explicit permission, even with good intentions

Exploiting vulnerabilities in publicly exposed systems

Reporting bugs without a responsible disclosure process

Using hacking tools that can also be used for malicious purposes

Vulnerability Assessment and Penetration

Testing

Vulnerability Assessment and Penetration Testing (VAPT) are two

complementary security practices used to identify and address weaknesses in
IT systems, applications, and networks.

Vulnerability Assessment
Definition:

UNIT-1 5
 A vulnerability assessment is a systematic process for identifying,
evaluating, and prioritizing security weaknesses (vulnerabilities) in an
organization’s IT infrastructure, including software, hardware, networks,
and applications.

Process:

Planning and Scoping: Define objectives and gather system

information.

Scanning and Identification: Use automated tools to detect known

vulnerabilities.

Analysis and Assessment: Evaluate the severity of vulnerabilities, often

using standards like CVSS.

Reporting: Document findings and provide recommendations for

remediation.

Remediation and Monitoring: Apply fixes and continuously monitor for

new vulnerabilities.

Goal:

Identify as many vulnerabilities as possible so organizations can prioritize

and address them before attackers exploit them.

Tools:

Typically relies on automated scanners and tools.

Penetration Testing
Definition:
Penetration testing (or pen testing) is an authorized, simulated cyberattack
on a system, network, or application, performed by ethical hackers to
actively exploit vulnerabilities and determine the real-world impact of those
weaknesses.

Process:

Mimics the tactics and behavior of real attackers.

Attempts to exploit discovered vulnerabilities to assess what an attacker

could achieve.

UNIT-1 6
 Provides detailed reports on exploited vulnerabilities and
recommendations for remediation.

Goal:
Demonstrate how damaging a vulnerability could be in a real attack
scenario, rather than just identifying its existence.

Tools:
Combines automated tools with manual techniques and human expertise.

Key Differences
Aspect Vulnerability Assessment Penetration Testing

Identify and prioritize Exploit vulnerabilities to assess real-

Purpose
vulnerabilities world risk

Broad, automated, high-level Targeted, manual, in-depth

Approach
scanning exploitation

List of vulnerabilities and risk Demonstrated impact and

Outcome
levels exploitability

Frequency Regular, ongoing Periodic or as needed

Automated scanners(e.g., Mix of automated tools and manual

Tools
Nessus, OpenVAS) techniques(e.g., Metasploit)

In summary:
Vulnerability assessments help you find and prioritize weaknesses, while
penetration testing shows how those weaknesses could be exploited in the real
world. Together, they form the foundation of a robust cybersecurity strategy.

Penetration Testing and Tools

UNIT-1 7
 Penetration testing is a simulated, authorized cyberattack on a computer
system, network, or web application to identify and exploit security
vulnerabilities. The primary goal is to assess the effectiveness of security
controls and demonstrate the real-world impact of potential weaknesses

Types of Penetration Testing Tools

Penetration testers rely on a variety of specialized tools, each serving a unique
purpose in the assessment process:

Port Scanners:
Identify open ports and services on a target system, revealing possible
entry points.
Example: Nmap

Vulnerability Scanners:
Scan systems for known vulnerabilities and misconfigurations, often
referencing public vulnerability databases.

Example: Nessus, OpenVAS

Web Proxies:

UNIT-1 8
 Intercept and modify traffic between a browser and web server, helping
testers find and exploit web application vulnerabilities.

Example: Burp Suite, OWASP ZAP

Password Crackers:

Attempt to recover passwords from hashes using brute-force or dictionary

attacks, exposing weak credentials.

Example: John the Ripper, Cain & Abel

Network Sniffers:

Monitor and analyze network traffic to uncover sensitive data, insecure

protocols, or suspicious activity.
Example: Wireshark

Exploitation Frameworks:
Provide a platform for launching and managing exploits against known
vulnerabilities, automating much of the attack process.
Example: Metasploit Framework

Wireless Testing Tools:

Assess the security of wireless networks, including encryption weaknesses
and unauthorized access points.

Example: Aircrack-ng

SQL Injection and Web Vulnerability Tools:

Automate the detection and exploitation of web application vulnerabilities
such as SQL injection and XSS.

Example: sqlmap, Nikto

Popular Penetration Testing Toolkits

Kali Linux:

A Debian-based Linux distribution preloaded with hundreds of penetration

testing and digital forensics tools, widely used by professionals.

Burp Suite:
A comprehensive platform for web application security testing, offering
both automated and manual tools for vulnerability discovery and

UNIT-1 9
 exploitation.

Metasploit:
An industry-standard exploitation framework that allows testers to develop
and execute exploit code against remote targets

Social Engineering Attacks

Social engineering attacks are manipulation techniques that exploit human

psychology to gain unauthorized access to information, systems, or valuables.
Instead of targeting technical vulnerabilities, these attacks focus on deceiving
people into breaking standard security practices

How a Social Engineering Attack Works:

1. Research – Attacker gathers information about the target (e.g., via social
media)

UNIT-1 10
 2. Engagement – Establishes contact (email, phone, in person)

3. Exploitation – Uses trust, urgency, or authority to manipulate the target

4. Execution – Gains access, data, or system control

Common Types of Social Engineering Attacks

Attack Type Description

Fraudulent emails, messages, or calls that trick users into revealing

Phishing
sensitive information.

Spear Phishing Targeted phishing aimed at specific individuals or organizations.

Attacker creates a fabricated scenario to obtain information or

Pretexting
access.

Luring victims with promises (e.g., free software or gifts) to trick

Baiting
them into downloading malware.

Quid Pro Quo Offering a service or benefit in exchange for information or access.

Tailgating Physically following authorized personnel into restricted areas.

Vishing/Smishing Voice (phone) or SMS-based phishing attacks.

Goals of Social Engineering

Theft: Stealing sensitive data, credentials, or money.

Sabotage: Disrupting operations or corrupting data.

Access: Gaining entry to systems, networks, or physical locations

Conducting a Social Engineering Attack

A social engineering attack is carried out in phases, carefully designed to
manipulate the target and achieve unauthorized access or information.

🔹 Phases of Conducting the Attack:

1. Reconnaissance (Information Gathering)

Collect data about the target (names, roles, habits, org structure)

Sources: social media, websites, job postings, public records

UNIT-1 11
 2. Selection of Attack Vector

Choose the method: phishing email, phone call (vishing), SMS

(smishing), in-person, or fake websites

3. Pretexting (Creating a Scenario)

Build a believable story (e.g., “IT support from your company”)

Use it to gain trust or authority

4. Engagement and Manipulation

Contact the target and use tactics like urgency, fear, or friendliness

Example: "Your account is compromised. Please verify your password."

5. Exploitation

Extract credentials, get access, or make the target take an action (e.g.,
click a link, open a file)

6. Exit Without Detection

Maintain stealth, erase traces, and avoid suspicion

Sometimes followed by technical attacks using the gained access

⚠️ Ethical hackers simulate these attacks in a controlled,

authorized way to test and improve human security
awareness.

Defending against social engineering attacks

UNIT-1 12
 Social engineering attacks exploit human behavior, so defense requires a mix
of awareness, policies, and technical controls.

🔹 Key Defense Strategies:

1. Security Awareness Training

Regularly educate employees on common social engineering tactics

Conduct mock phishing simulations

2. Verification Protocols

Always verify unknown callers, emails, or in-person visitors

Use multi-factor verification for sensitive requests

3. Email & Web Security

Use spam filters, anti-phishing tools, and email authentication (e.g.,

SPF, DKIM, DMARC)

Block suspicious URLs and file attachments

4. Physical Security Measures

Restrict access to offices/data centers with ID badges, security guards,

and CCTV

Report unknown individuals immediately

UNIT-1 13
 5. Policies and Procedures

Enforce strict policies on information sharing and incident reporting

Require approvals for sensitive actions (e.g., password reset, money

transfer)

6. Incident Reporting Culture

Encourage employees to report suspicious interactions without fear

Fast response helps prevent further damage

Common attacks used in penetration

testing

Penetration testing involves simulating real-world attack techniques to identify

and exploit vulnerabilities in systems, networks, and applications. The most
common attacks and methods used by penetration testers include:

1. SQL Injection
Attackers inject malicious SQL queries into input fields to manipulate
databases and access sensitive data.

Common in web applications with poor input validation.

2. Buffer Overflow
Exploiting programming errors by sending more data than a buffer can
handle, leading to arbitrary code execution or system crashes.

3. Cross-Site Scripting (XSS)

Injecting malicious scripts into web pages viewed by other users, often to
steal session cookies or credentials.

4. Social Engineering Attacks

UNIT-1 14
 Manipulating individuals to reveal confidential information or perform
actions that compromise security.

Includes phishing, vishing (voice phishing), smishing (SMS phishing),

impersonation, dumpster diving, USB drops, and tailgating.

5. Network Attacks
Scanning for open ports and vulnerable services using tools like Nmap.

Exploiting weak network configurations and unpatched systems.

6. Web Application Attacks

Targeting web apps for vulnerabilities such as insecure authentication,
session management flaws, and logic errors.

7. Client-Side Attacks
Exploiting vulnerabilities in client software, such as browsers or email
clients, to compromise endpoints.

8. Physical Penetration Attacks

Attempting to bypass physical security controls, such as lock picking,
tailgating, or accessing sensitive areas to compromise infrastructure.

9. Password Attacks
Using brute-force, dictionary attacks, or password spraying to crack weak
passwords.

10. Wireless Attacks

Targeting Wi-Fi networks to exploit weak encryption or unauthorized
access points.

Penetration testers use a combination of these attack techniques, often

supported by automated tools and manual methods, to assess and demonstrate
the security posture of the target environment.

UNIT-1 15
UNIT-1 16