Ethical Hacking and Cybersecurity Presentation

HACKING YOUR WAY TO SECURE SOFTWARE Hello, I am Mike Remington. Over the past 25 years I have enjoyed a career in teaching computer science and working in various roles; tech support, network administration, and web development. My overall goal in education was to encourage and motivate students to do what they can to improve the world we live in. I am honored today to give you this presentation on cyber security. I hope to help you all become more aware of the threats you may face in software development and motivate you to learn more. 1 ETHICAL HACKING IN SDLC CYBER SECURITY? ETHICAL HACKING BEST PRACTICES RESOURCES The agenda for our presentation will be to discuss cyber security in general, learn a bit about ethical hacking, review some best practices for software development, share some resources so that you can take your learning further. 2 TECH TALK - GOAL ENCOURAGE EVERYONE TO BECOME AN ETHICAL HACKER Ethical hacking is a process that reveals areas of vulnerability in cyber security. As you become more aware of the data you are sharing you can become more aware of how to protect yourself and your company. So my goal is to make you all ethical hackers. 3 CYBER SECURITY I assume most of you already have a good idea of what cyber security is and I suspect you are already familiar with some of the concepts I present. So I am going to focus on reviewing some basic information and encourage you to learn more. The image you see here is supposed to be a representation of Confidentiality, Integrity, and Availability. At least that is what I asked Google Gemini Ai to create. The CIA in cybersecurity has nothing to do with secret agents, but it does relate to the reputation of hackers and how cybersecurity seems like its filled with secrets. CIA in cybersecurity represents 3 key objectives in defense and what is know as Blue team operations. 4 CIA TRIAD – DATA SECURITY Confidentiality: This involves implementing access controls, encryption, and secure authentication methods to protect data from unauthorized access. Integrity: This means preventing unauthorized modification of information and ensuring data remains authentic and reliable. Availability: This includes maintaining system uptime, preventing service disruptions, and ensuring quick recovery from incidents. CCYYSA Confidentiality and data leaks are most often what we think of when we are talking about cyber security. Keeping your data secure can be done with encryption and controlling access but no system is perfect. We will discuss in this presentation examples of where vulnerabilities have been exploited. Hackers not only want the data secured in your systems, they also may want to modify data, take over your system to do their work, and disrupt the services your systems provide. When you are thinking of why you need to make cyber security and integral part of the software development process, you need to think about how you will implement confidentiality, integrity, and availability. 5 CYBER SECURITY THREATS This image is created by Google Ai is supposed to represent a distortion of the CIA. Here is a representation of Disclosure, Alteration, and Denial. 3 Key objectives of the DAD triad that represent hacking threats and Red team operations. 6 DAD TRIAD - HACKING While the CIA triad defines the objectives of cybersecurity, there are three corresponding primary threats that directly challenge these objectives: Disclosure: This threat directly compromises confidentiality through data breaches, insider threats, or intercepted communications. Alteration: This can occur through malicious code, unauthorized system changes, or man-in-the-middle attacks. Denial: This includes Distributed Denial of Service (DDoS) attacks, system failures, or ransomware that blocks access to critical resources. Disclosure Alteration Denial These 3 objectives are the opposite of protection and security. The goal of a hacker is to gain access to confidential data and disrupt the normal operations of your systems. Post and disclose your confidential data. Trick you into clicking on a link that installs malware and possibly lock up your computer. In order to protect and secure your data you need to know the processes hackers follow. 7 ETHICAL HACKING What I propose today is that you all learn how to become ethical hackers. As you learn how some systems have been exploited you will discover how to avoid vulnerabilities, become familiar with common exploits, and experiment with tools hackers may be using. There are many courses available online to learn ethical hacking. One of the courses I found especially informative is the Practical Ethical Hacking course available through TMC Security Academy. We are going to discuss some concepts presented from that course to get you started and give you an idea of what you would learn on an ethical hacking pathway. Disclaimer: Please only use the information discussed here for ethical purposes. 8 ETHICAL HACKING PASSIVE RECONNAISSANCE – DATA GATHERING SCANNING AND INVESTIGATING – NETWORK DISCOVERY EXPLOITATION BASICS – GAINING ACCESS TO SYSTEMS We are going to look a 3 phase approach to ethical hacking. Passive research, active research/scanning and discovery, and executing that hack 9 PASSIVE RECONNAISSANCE What type of information can be gained by reviewing satellite images and social media posts from employees? Do employees gather outside of you building during breaks? Could it be possible for a hacker to join a group of employees in these break areas and begin to blend in? Do employees post pictures of themselves at work? Is there information about employee usernames, badge numbers, operating systems, etc. shown in photos? If you do not know already you will soon see how this data is a critical piece in the hacking puzzle as well as an important security concern. 10 PASSIVE RECONNAISSANCE Discovering Email Addresses hunter.io Verify Email Addresses emailhippo When a hacker finds information about you like names, companies, hobbies, ect. They being to build a profile on you that may lead to possible vulnerabilities that can be exploited. There are tools available to discover email addresses for individuals and companies. As we are discussing these tools and how they can be used feel free to explore this sites and see information is available about you and your company. How are your email addresses formatted? If an email address of an employee is not found it can be discovered are verified. With an email address a hacker can send you phishing attacks and even discover logon credentials 11 PASSIVE RECONNAISSANCE Hunting Breached Credentials dehashed.com haveibeenpwned.com Another important piece of hacker research is to search for the data that has been posted about you from a previous hack or data breach. Here are a couple of tools that store millions of personal credentials. Dehashed.com is a subscription tool that can be used to discover usernames and passwords you have used in the past. Currently the subscription is $5.49 for one week. There are many similar tools available. 12 PASSIVE RECONNAISSANCE Know and Learn Google Search Tools site:someSite.com -www site:someSite.com filetype:pdf Refine Google Searches The last point of hacker research we will discuss to day is maybe the most important. Use of Google is a free for discovering information that may be used to exploit vulnerabilities of a company or individual. For example; site:someSite.com -www --> can be used to find subdomains site:someSite.com filetype:pdf --> can be used to find files of a specific type 13 SCANNING AND INVESTIGATING Home Lab with Kali Linux Vulnhub Kiotrix Level 1 Example We have looked at some methods of how to discover information about a company through email, leaked data, and general google searching. Now lets go over some tools that can be used to find machines that could be exploited. We will discuss how to set up a home lab with Kali Linux and hack into a vulnerable machine for illustration. 14 HOME LAB VMWare – used to install virtual machines on your computer. windows download and install vmware player mac download and install VMWare Fusion Pro for personal use requires a broadcom account We will not be going through the install process. But virtual machines and VMWare are popular home lab systems for hackers. 15 HOME LAB Kali Linux - built with cyber security routines in mind download Kali Linux for VMWare https://www.kali.org/get-kali/#kali-platforms extract and run kali linux log in: kali, kali ThePhoto by PhotoAuthor is licensed under CCYYSA. Kali Linux is a standard and popular operating system used in ethical and nonethical hacking. 16 VULNHUB Learning to become an Ethical Hacker takes practice. Sites like Vulnhub offer virtual machines with various vulnerabilities and hacking difficulty You can get into trouble scanning and hacking actual machines on your network so to learn the skills and techniques of hacking sites like Vulnhub offer valuable resources. CTF games. 17 KIOPTRIX LEVEL 1 The Kioptirx virtual machine is designed to practice hacking within a local network. Kioprtix and Kali will be running on the same network (Set network to NAT not Bridged) Find the ip of Kioptrix Scan for open ports Investigate open ports for exploits Metasploit Discovering potential Vulnerabilities Google Exploit DB A great place to start experimenting with scanning and hacking is the kioptrix machine. 18 KIOPTRIX LEVEL 1 SCAN FOR IP ADDRESSES ON YOUR NETWORK. This is an internal network scan so all you need to know is your device IP then you can discover the other devices. Here is a screenshot of what information an arp scan gives you. 19 KIOPTRIX LEVEL 1 SCAN FOR OPEN PORTS OF A MACHINE GIVEN AN IP ADDRESS Once you know the IP address of the machine you would like to investigate the nmap tool can be used to scan for open ports. Open ports will show you what type of services could be running on the machine and you can develop a plan to exploit these services. From the example we can see possible ports to exploit: Port 22 – SSH or remote access Ports 80 and 443 – web hosting Port 139 – file share with Samba When you are completing the kioptrix level 1 challenge from vulnhub you will check for vulnerabilities in the web services and SSH. To save us some time I will tell you that though you will find some information in that investigation you will not find a way to gain root access. The vulnerability that can be exploited in this case is the Samba file share service. 20 KIOPTRIX LEVEL 1 USE METASPLOIT TO GET THE VERSION OF SAMBA Now you know that the machine you want to hack could have a vulnerability from the Samba file share service you need to find the version of samba to get a specific exploit. Metasploit is a tool that comes with Kali Linux and it is very useful for many tasks. At this point in our research we are going to use the auxiliary library to get the information we need. 21 KIOPTRIX LEVEL 1 AVAILABLE SMB SCANS IN METASPLOIT Here is a screenshot of some available scans that can be used in smb service discovery. The scan we are looking for is #16 smb_version. 22 KIOPTRIX LEVEL 1 RUNNING SMB VERSION SCAN When you run the smb version scan from metasploit the tools starts be setting a target to establish a reverse shell. Basically the kali linux machine runs the script that establishes a connection between the host and target then scans for open ports running smb. If found the discovery will return the specific version of smb running on the target machine. 23 KIOPTRIX LEVEL 1 SEARCH GOOGLE FOR EXPLOITS Now we can go to Google and find an exploit to hack the machine running samba 2.2.1a. A quick search gives us many options and an exploit name that appears prominent is the trans2open exploit. We could attempt to use one of the exploits found in the search but I think metasploit may be the most efficient tool. 24 KIOPTRIX LEVEL 1 SEARCH METASPLOIT FOR A SAMBA EXPLOPOIT Running searchsploit for samba verstion 2.2.1a we find the trans2open exploit we are looking for. 25 EXPLOITATION The hack is the last phase in our demonstration. We have the exploit needed no we just need to run it. Exploitation in cybersecurity refers to taking advantage of vulnerabilities, weaknesses, or flaws in computer systems, networks, or applications to gain unauthorized access or control. 26 KIOPTRIX LEVEL 1 SET PAYLOAD AND RUN THE EXPLOIT The final steps in this hack are to set a payload which is a set of instructions/scripts. In this case we want to establish a remote connection to the target machine using a reverse shell and gain root access. Root access on the target machine will give us full access to data and services. Ultimately once you have root access on the kioptrix machine and find the mail app, you will be able to read a message that says congratulations! 27 OVERWHELMING? Where you asking questions of yourself during the presentation so far? Are you or your company vulnerable to an attack like the one demonstrated today? Are you overwhelmed with data at this point? Or are you underwhelmed, you already no everything to keep yourself and company secure. Hopefully, you are thinking about how you plan to become an ethical hacker so that you can fix vulnerabilities before you get hacked. 28 TYPES OF EXPLOITS Software Exploits: Target vulnerabilities in applications or operating systems Hardware Exploits: Focus on weaknesses in physical devices or components Network Exploits: Attack vulnerabilities in network protocols or configurations Social Engineering: Exploit human psychology rather than technical vulnerabilities You can see here that there are many different types of exploits available to hackers. What you should begin to think about and plan for is how you will inspect your current systems and determine if there are vulnerabilities that need to be corrected. You could setup a virtual version of your systems in a controlled environment and run attacks on a regular basis to check your software, hardware, and network. But the most important exploits to prepare for are those that involve social engineering. We are going to discuss a plan for that as pat of the best practices section of this presentation. 29 ZERO DAY EXPLOITS A zero-day exploit is a cyber-attack that targets a previously unknown vulnerability before developers have a chance to patch it. The vulnerability is unknown to the software vendor There is no available patch or fix at the time of exploitation Attackers have the advantage of time There are hackers out that developing exploits every day. This is often done through; Reverse engineering of software, Analysis of patch releases, and Network traffic monitoring 30 FUZZING Key aspects of fuzzing: Automated input generation: Creates millions of test cases rapidly Mutation-based: Modifies known valid inputs to create test cases Generation-based: Creates new inputs from scratch based on input format Coverage-guided: Uses program behavior to guide input generation Now, let’s talk about something related specifically to software—fuzzing. It’s a method that most developers, I think, should start paying closer attention to. Essentially, it’s about feeding randomized or unusual inputs into software to see where it breaks. The whole idea is to catch edge cases and vulnerabilities, especially ones that traditional testing might overlook. And be aware: AI is making fuzzing way more powerful. Machine learning algorithms can test thousands—no, millions—of inputs in a fraction of the time, even predicting where weaknesses might occur. 31 NEXT STEPS Time to do some reflecting and self evaluation. What type of personal or company data is available to anyone who wants to find it? How do you secure this data? When it comes to cybersecurity, how can you make sure you are a "victor and not a victim"? --> quote: Eric Thomas 32 MISTAKES Before we get into some best practices in software development lets look at the most likely reason companies and individuals are hacked. 95% of all successful hacks are due to a person making a mistake. Clicked on a link in a phishing email/text, let someone have access to areas or systems they are not allowed to access, failed to update software. How can you and your company avoid these mistakes and just as important, how can you make sure everyone comes forward when they know that made a mistake. Do you have a working environment where employees are rewarded for making good decisions, It's been 100 days since our last hacking event. Is your tech support team approachable of are they like the typical tech guru's who make people feel stupid for making mistakes? It is extremely important for you to work in an environment where you can share concerns and feel safe to share mistakes. 33 BEST PRACTICES Team Training and Security Culture Regular security awareness training Foster a security-first mindset Encourage reporting of security concerns Recognize and reward security-conscious behavior The main focus of your cyber security training and implementation should be to develop a security culture that encourages everyone to make security a priority and report concerns 34 BEST PRACTICES Schedule training with Software Development Cyber Security Professionals Integrated from the beginning Planning, Design, Testing Moving forward I recommend that you work with a cyber security professional who specializes in securing the types of software you are developing. You not only need to shore up your existing software and systems, you need to integrate security into each step of the software development cycle. 35 CURRENT EVENTS Cyber Crime Magazine The 20 biggest data breaches in history Cybersecurity Trends for 2025 and Beyond There are a many resources available to track events in cyber security and you are encouraged to review this information from the links provided here as well as find your own. The more informed you are the better you will be at recognizing vulnerabilities. We all have the responsibility to be informed of new threats in cyber security. Do not wait for your IT department to keep you informed. 36 RESOURCES Training Platforms: Security Awareness: KnowBe4, Pluralsight Hands-on Training: TCM Security Hack The Box, TryHackMe Developer Training: SecureFlag, Security Journey Here are a few resources recommended for learning more about cyber security and ethical hacking. Though all that are listed are informative I think that the hands on training is going to be the most beneficial. 37 RESOURCES Documentation and Guidelines: OWASP Secure Coding Practices Guide NIST Secure Software Development Framework (SSDF) Microsoft Security Development Lifecycle (SDL) And finally you we have some documentation and guidelines to follow specific to software development. 38 QUESTIONS Thanks so much for joining me as we reviewed some information about cyber security and ethical hacking. I hope this inspires you to take that first step—or maybe that next step—towards more secure practices. I am happy to take questions at this time and if I am not able to give you a specific answer on the spot I will make sure I get back to you with a response. 39

Ethical Hacking and Cybersecurity Presentation

Document Details

Tags

Related

Summary

Full Transcript