22CSE012- ETHICAL HACKING

DEPARTMENT OF COMPUTER SCIENCE ANDENGINEERING

LECTURE NOTES

VI SEMESTER

22CSE012 – ETHICAL HACKING

(Professional Elective)
Regulation – 2022
Academic Year 2024 – 2025(Even Semester)

Prepared by

Mr. S. Senthilnathan, AP / CSE

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

UNIT I INTRODUCTION 6 Hrs

Ethical Hacking Overview - Role of Security and Penetration Testers- Penetration-Testing
Methodologies- Laws of the Land - Overview of TCP/IP- The Application Layer - The Transport
Layer - The Internet Layer - IP Addressing .- Network and Computer Attacks - Malware - Protecting
Against Malware Attacks.- Intruder Attacks - Addressing Physical Security

1.1 Ethical Hacking Overview

Ethical hacking means that authorized individuals work at exposing a security vulnerability
and ultimately eliminate it before a malefactor can exploit it.

What is Ethical Hacking?

Ethical hacking involves the probing and testing of computer systems, networks, and
applications purposely to identify and make amends on security vulnerabilities, an ethical
hacker alias white-hat or pen tester, is mandated with similar goals to enhance security
within an organization.

Key aspects of ethical hacking include:

• Reporting: Ethical hackers report back to the organization with the results of the tests.
• Permission-Based: This permission becomes necessary to differentiate their job from
criminal hacking jobs
• Objective: The main goal is to find the holes before hostile attackers can penetrate
them. This includes discovering system, application, and network vulnerabilities that an
attacker could exploit.
• Methodology: Ethical hackers perform these steps using a variety of tools and
techniques, similar to criminal hackers. It includes scanning for vulnerabilities testing to
break in, and accessing control measures available.

Importance of Ethical Hacking

Ethical hacking contributes significantly to contemporary cybersecurity, ethical hackers are

able to identify and address vulnerabilities before they are exploited by simulating the
strategies and tactics utilized by cybercriminals. This proactive methodology serves to:

• Enhance Security: Identify and address flaws to stop data breaches and cyberattacks.
• Compliance: Meet security standards set by the industry and regulatory requirements.
• Management of risk: Assess and reduce potential threats to the assets of the
organization
• Occurrence Reaction: Enhance the company’s capacity to respond to security incidents
and recover from them.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

Types of Ethical Hacking

Depending on the focus of the security testing, ethical hacking can be broken down into a
number of different categories:

• Hacking the network: involves testing the infrastructure of the network in order to find
flaws in the protocols, configurations, and devices of the network
• Hacking Web Applications: Centers around distinguishing shortcomings in web
applications, for example, SQL injection or cross-website prearranging (XSS)
weaknesses
• Hacking the system: Targets working frameworks and programming to find security
defects that could be taken advantage of.
• Social Designing: attempts to manipulate individuals into revealing confidential
information or performing actions that could compromise security, putting the human
element to the test.
• Hacking into wireless networks: involves identifying potential dangers in wireless
communications and evaluating the security of wireless networks.

Types of Ethical Hackers

Ethical hacking is to scan vulnerabilities and to find potential threats on a computer or
network. An ethical hacker finds the weak points or loopholes in a computer, web
application or network and reports them to the organization.

These are various types of hackers:

(1) White Hat Hackers (Cyber-Security Hacker)
(2) Black Hat Hackers (Cracker)
(3) Gray Hat Hackers (Both)
(4) Blue Hat hackers
(5) Green Hat Hackers
(6) Red Hat Hackers.

1. White Hat Hackers:

• White hat hackers generally get all the needed information about the application or
network to test for, from the organization itself.
• They use their skills to test it before the website goes live or attacked by malicious
hackers.
• To become a white hat hacker, you can earn a bachelor’s degree in computer science,
information technology, or cybersecurity.
• In addition, certifications such as
Certified Ethical Hacker (CEH) and Certified Information Systems Security
Professional (CISSP) are highly recommended.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

2. Black Hat Hackers:

• They unethically enter inside the website and steal data from the admin panel or
manipulate the data.
• They only focus on themselves and the advantages they will get from the personal
data for personal financial gain.
• They can cause major damage to the company by altering the functions which lead to
the loss of the company at a much higher extent.
• This can even lead you to extreme consequences.

3. Grey Hat Hackers:

• They sometimes access to the data and violates the law.
• But never have the same intention as Black hat hackers, they often operate for the
common good.
• The main difference is that they exploit vulnerability publicly whereas white hat
hackers do it privately for the company.
• One criticism of Grey Hat hackers is that their actions can still cause harm.
• Even if they do not steal or damage data, their unauthorized access to computer
systems can still disrupt operations and cause financial losses for companies.
• Additionally, there is always the risk that a Grey Hat hacker will accidentally cause
damage while attempting to identify vulnerabilities.

4. Blue Hat hackers:

• They are much like the script kiddies, are beginners in the field of hacking.
• If anyone makes angry a script kiddie and he/she may take revenge, then they are
considered as the blue hat hackers.
• Blue Hat hackers’ payback to those who have challenged them or angry them.
• Like the Script Kiddies, Blue hat hackers also have no desire to learn.

5. Green Hat hackers:

• They are also amateurs in the world of hacking but they are bit different from script
kiddies.
• They care about hacking and strive to become full-blown hackers.
• They are inspired by the hackers and ask them few questions about.
• While hackers are answering their question they will listen to its novelty.

6. Red Hat Hackers:

• They are also known as the eagle-eyed hackers.
• Like white hat hackers, red hat hackers also aim to halt the black hat hackers.
• There is a major difference in the way they operate. They become ruthless while
dealing with malware actions of the black hat hackers.
• Red hat hacker will keep on attacking the hacker aggressively that the hacker may
know it as well have to replace the whole system.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

Phases of Ethical Hacking

• Preparation and planning: Characterize the extent of the test, acquire fundamental
authorizations, and accumulate data about the objective framework.
• Reconnaissance: Gather in-depth data about the target system, including information
about its network structure, IP addresses, and potential security holes.
• Scanning: Scan the target system using a variety of tools and methods to look for
vulnerable services, open ports, and vulnerabilities.
• Obtaining Entry: Attempt to gain access to the system by mimicking potential real-
world attacks by taking advantage of identified vulnerabilities.
• Keeping Access Open: Test the capacity to keep up with access inside the framework
and survey ingenuity components that could be utilized by assailants.
• Reporting and Analysis: Produce a comprehensive report to the organization, document
findings, and offer suggestions for reducing vulnerabilities.

Benefits of Ethical Hacking

• Preventing Data Breach: Organizations can avoid costly data breaches by identifying
vulnerabilities before attackers do.
• Protecting Private Information: safeguards vital data from misuse and unauthorized
access.
• Enhancing the System’s Resilience: makes applications and systems stronger and more
resistant to attacks.
• Developing Trust: demonstrates a commitment to data security and improves the
company’s reputation.

1.2 Role of Security and Penetration Testers

Security and penetration testers work to identify and fix vulnerabilities in an organization's
systems and networks. They use ethical hacking techniques to simulate attacks on a system and
assess its security.

Responsibilities
• Plan and conduct tests: Design and carry out tests on networks, applications, and cloud
infrastructures
• Identify vulnerabilities: Use tools and techniques to find weaknesses in security, such as
open services, application security issues, and open source vulnerabilities
• Create reports: Document findings and present them to management and other relevant
parties
• Recommend improvements: Provide advice on how to fix or lower security risks
• Train users: Educate users on best practices to minimize future security risks
• Develop methodologies: Create new penetration testing methods, scripts, and tools
• Review code: Examine code for security vulnerabilities

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

• Reverse engineer malware: Analyze malware or spam to understand how it works

• Assess security measures: Evaluate the effectiveness of security measures
• Create business continuity plans: Develop plans to help the organization recover from a
disaster

Benefits
• Regular penetration testing helps organizations stay ahead of potential attackers

• It can help resolve security threats caused by user error, such as inadequate password
policies
• It can help organizations identify new vulnerabilities and address them promptly

Penetration testers specifically seek out flaws and weaknesses in active systems.
• Penetration testing teams simulate cyberattacks and other security breaches designed
to access sensitive, private, or proprietary information. They utilize existing hacking
tools and strategies and devise their own.
• During a simulated attack, pen testers document their actions to generate detailed
reports indicating how they managed to bypass established security protocols.
• Penetration testing teams help their employers avoid the public relations fallout and
loss of consumer confidence that accompany actual hacks and cyberattacks. They also
help businesses and organizations improve their digital security measures.

Key Soft Skills for Penetration Testers

• A Desire to Learn: Hackers and cybercriminals constantly change their strategies
and tactics as technology evolves. Penetration testing professionals need to stay
updated on the latest developments on both fronts.
• A Teamwork Orientation: Penetration testers often work in teams; junior members
perform duties with lower levels of responsibility and report to senior members.
• Strong Verbal Communication: Team members must share their findings in clear
language that people without advanced technical knowledge or skills can understand.
• Report Writing: Strong writing skills serve penetration testing professionals well
because their duties include producing reports for management and executive teams.

Key Hard Skills for Penetration Testers

• Deep Knowledge of Exploits and Vulnerabilities: Most employers prefer
candidates whose knowledge of vulnerabilities and exploits goes beyond automated
approaches.
• Scripting and/or Coding: Testers with good working knowledge of scripting and/or
coding can save time on individual assessments.
• Complete Command of Operating Systems: Penetration testers need advanced
knowledge of the operating systems they attempt to breach while conducting their
assessments.
• Strong Working Knowledge of Networking and Network Protocols: By definition,
understanding how hackers and cybercriminals operate requires penetration testers to

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

understand networking and network protocols like TCP/IP, UDP, ARP, DNS, and
DHCP.

Penetration Tester Main Responsibilities

• Plan and Design Penetration Tests: Penetration testers must develop experiments and
simulations that evaluate the effectiveness of specific, existing security measures.
• Carry Out Tests and Other Simulations: After planning and designing assessments,
penetration testing teams carry out investigations and document their outcomes.
• Creating Reports and Recommendations: Penetration testing teams convey findings
into reports to present to their supervisors and other key organizational decision-makers.
Depending on the intended audience, these reports may use either lay or technical
language.
• Advise Management on Security Improvements: Senior members of penetration testing
teams often work directly with company management, communicating the level of risk
posed by specific vulnerabilities and offering advice on how to address them.
• Work with Other Employees to Improve Organizational Cybersecurity: Penetration
testing professionals cooperate with other cybersecurity and IT personnel to educate
employees on steps to boost the organization's cybersecurity levels.

1.3 Penetration-Testing Methodologies

• Black box — The pen test begins without prior knowledge of or access permissions to the
target environment. This type of pen test simulates the actions a malicious actor may
perform to breach the target, for example, conducting research and reconnaissance. Black
box is considered the most realistic assessment of external threats.
• Gray box — The pen test has initial, limited knowledge of and authorized access to the
target environment. The test may begin with a legitimate user account and an employee-
level understanding of the network. This type of pen test simulates an insider threat attack
or the actions of a malicious external actor after gaining initial access through compromised
credentials, phishing, or other means.
• White box — The pen tester has full, authorized access to the target and all information and
documentation related to the target. This type of pen test is often faster because there is no
need to perform reconnaissance. However, admins’ preconceptions about how the system is
designed to work may influence the pen tester.

In addition to the above pentesting types, it is also customary to use the following categories when
determining the most suitable test to perform:
• External test — Involves attacking information assets visible to outsiders, such as apps,
websites, DNSes, and email. The objective may be extracting data, performing transactions,
or other malicious activities. This test can help identify vulnerabilities visible to external
attackers.
• Internal test — Involves launching an internal attack to expose the scope of damage
possible internal threats can cause to the tested system. It covers malicious insiders and
employees responding to phishing attacks and social engineering.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

• Blind test — Involves obtaining publicly available information about the target. The tester
does not get any inside information about the target and its security posture while the target
company expects the attack. The company is informed of when and where the attack will
occur and can prepare in advance.
• Double-blind test — Involves launching an attack when neither the pen tester nor target
have prior knowledge about the test. It requires testers to rely on available tools and skills to
penetrate the target’s defenses. The target company also must rely on its resources to
prevent the tester from penetrating its defenses.

1.4 Laws of the Land

In India, ethical hacking is legal if the network owner gives their consent. However, there are
several laws that govern hacking in India, including:

• Section 43 of the Information Technology Act 2000

This section states that anyone who damages, misuses, or destroys a company or
organization's data or networking website without permission is liable.
• Section 66 of the Information Technology Act 2000
This section states that anyone who violates the rules of section 43 can be imprisoned for
up to three years.
• Section 65 of the Information Technology Act
This section states that anyone who intentionally or knowingly tampers with computer
source documents can be imprisoned for up to three years or fined up to Rs 2 lakh.

Ethical hacking, also known as penetration testing or white-hat hacking, is a legal practice that
involves:
• Bypassing system security to identify potential data breaches and network
vulnerabilities
• Rectifying security vulnerabilities in computer systems, networks, and software
applications
Ethical hackers should follow these key protocol concepts: Obtain proper approval before
accessing and performing a security assessment, Define the scope, Disclose the findings, and
Respect data sensitivity.

1.5 Overview of TCP/IP

TCP/IP is the most fundamental protocol used in the Internet.
• Allows computers to communicate / share resources.
• Used as a standard.
• To bridge the gap between non-compatible platforms.
Work on TCP/IP started in the 1970s.
• Funded by US Military.
• Advanced Research Project Agency (ARPA).

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

Network Layering in TCP/IP

• In 1978, International Standards Organization (ISO) proposed the 7-layer OSI reference
model for network services and protocols.
• TCP/IP does not strictly follow the OSI model.
• It follows a simplified 4-layer model.

• Data Flow in 4-layer Model

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

• Protocol
Language used by computers
Transmission Control Protocol/internet Protocol (TCP/IP) Most widely used
• TCP/IP stack
Four distinct layers
• Network
• Internet
• Transport
• Application

1.6 The Application Layer

Application layer is the top most layer in TCP/IP model. Application layer provides the
devices to access network and applications such as emails, cloud storage etc. While
communicating from one application layer protocol to another application layer the
information is forwarded to transport layer.

Application Layer Protocols

The protocols used at application layer conveys the user request to transport layer. These
protocols help to transfer mail, sharing of file and terminal login. Below are the protocols
used at application layer of TCP/IP Model.

HTTP, TELNET, FTP, SMTP, DNS and DHCP

• Front end to the lower-layer protocols

• Layer you can see and touch
• Interfaces with user applications (e.g., HTTP, FTP).

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

1.7 The Transport Layer

The transport layer is responsible for error-free, end-to-end delivery of data from the source
host to the destination host. It corresponds to the transport layer of the OSI model.

The functions of the transport layer are −

• It facilitates the communicating hosts to carry on a conversation.

• It provides an interface for the users to the underlying network.
• It can provide for a reliable connection. It can also carry out error checking, flow control,
and verification.

The protocols used in this layer are −

• Transmission Control Protocol, TCP − It is a reliable connection-oriented protocol that

transmits data from the source to the destination machine without any error. A connection
is established between the peer entities prior to transmission. At the sending host, TCP
divides an incoming byte stream into segments and assigns a separate sequence number to
each segment. At the receiving host, TCP reorders the segments and sends an
acknowledgment to the sender for correct receipt of segments. TCP also manages flow
control so that a fast sender does not overwhelm a slow receiver.
• User Datagram Protocol, UDP − It is a message-oriented protocol that provides a simple
unreliable, connectionless, unacknowledged service. It is suitable for applications that do
not require TCP’s sequencing, error control or flow control. It is used for transmitting a
small amount of data where the speed of delivery is more important than the accuracy of
delivery.
• Stream Control Transmission Protocol, SCTP − It combines the features of both TCP
and UDP. It is message oriented like the UDP, which providing the reliable, connection-
oriented service like TCP. It is used for telephony over the Internet.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

• Encapsulates data into segments

Use TCP or UDP to reach a destination host
• TCP is a connection-oriented protocol
• TCP three-way handshake
Computer A sends computer B a SYN packet
Computer B replies with a SYN-ACK packet
Computer A replies with an ACK packet

1.8 The Internet Layer

The Internet layer is responsible for logical transmission of data packets over the internet. It can be
compared to the network layer of the OSI model.

The main functions of the internet layer are −

• It transmits data packets to the link layer.

• It routes each of the data packets independently from the source to the destination, using the
optimal route.
• It reassembles the out-of-order packets when they reach the destination.
• It handles the error in transmission of data packets and fragmentation of data packets.

The protocols used in this layer are −

• Internet Protocol, IP − It is a connectionless and unreliable protocol that provides a best effort
delivery service. It transports data packets called datagrams that travel over different routes across
multiple nodes.
• Address Resolution Protocol, ARP −This protocol maps the logical address or the Internet
address of a host to its physical address, as printed in the network interface card.
• Reverse Address Resolution Protocol, RARP − This is to find the Internet address of a host when
its physical address is known.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

• Internet Control Message Protocol, ICMP − It monitors sending the queries as well as the error
messages.
• Internet Group Message Protocol, IGMP −It allows the transmission of a message to a group of
recipients simultaneously.

The following diagram shows the network layer in the TCP/IP protocol suite −

• Routes packets to destination address

Uses a logical address (i.e., IP address)
IP addressing packet delivery is connectionless
• Internet Control Message Protocol (ICMP)
Sends messages related to network operations
Helps troubleshoot network connectivity problems
• Ping command
Tracks the route a packet traverses
• Traceroute command

1.9 IP Addressing

IP addressing is a system used to assign unique numerical labels to devices on a network,

enabling them to communicate with each other.
Each IP address consists of two parts:
the network portion, which identifies the network itself, and the host portion, which identifies
the specific device within that network.

What is an IP Address?

• An IP address is a unique numerical label assigned to each device connected to a computer

network that uses the Internet Protocol for communication.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

• It serves two main functions: identifying the host or network interface and providing the
location of the device in the network.

• IP addresses can be classified into two types: IPv4, which uses a 32-bit address format, and
IPv6, which uses a 128-bit address format, allowing for a vastly larger number of unique
addresses.

• Currently, most devices use IPv4 addressing, and we will also learn about IPv4 addresses.

• IPv4 addresses are 32-bit binary numbers, typically represented in decimal format (dotted-
decimal notation) consisting of four octets separated by periods.

• Each octet represents 8 bits, ranging from 0 to 255, giving a total of 2^32 (approximately
4.3 billion) unique IPv4 addresses.

IPv4 Address Classes

IPv4 addresses are categorized into five classes, each serving different purposes based on the size
of the network and the number of hosts.

Class First Bits IP Address Range Network Size

A 0 1.0.0.0 - 126.0.0.0 Large networks

B 10 128.0.0.0 - 191.255.0.0 Medium-sized networks

C 110 192.0.0.0 - 223.255.255.0 Small networks

D 1110 224.0.0.0 - 239.255.255.255 Multicast addresses (not assigned to individual hosts
or networks)

E 1111 240.0.0.0 - 255.255.255.255 Reserved for experimental and future use

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

Types of IPv4 Address

There are two types of IPv4 addresses.

1. Public IPv4 addresses: They are globally routable and can be accessed over the Internet.
• A public IP address, or external-facing IP address, applies to the main device people use to
connect their business or home internet network to their internet service provider (ISP).
• In most cases, this will be the router. All devices that connect to a router communicate with
other IP addresses using the router’s IP address.
• Knowing an external-facing IP address is crucial for people to open ports used for online
gaming, email and web servers, media streaming, and creating remote connections.

• 1.0.0.0 - 126.255.255.255

• 128.0.0.0 - 191.255.255.255

• 192.0.0.0 - 223.255.255.255

2. Private IPv4 addresses: They are used in private networks which are not routable on the
Internet.

• A private IP address, or internal-facing IP address, is assigned by an office or home intranet

(or local area network) to devices, or by the internet service provider (ISP).
• The home/office router manages the private IP addresses to the devices that connect to it
from within that local network.
• Network devices are thus mapped from their private IP addresses to public IP addresses by
the router.
• Private IP addresses are reused across multiple networks, thus preserving valuable IPv4
address space and extending addressability beyond the simple limit of IPv4 addressing
(4,294,967,296 or 2^32).

• 10.0.0.0 - 10.255.255.255

• 172.16.0.0 - 172.31.255.255

• 192.168.0.0 - 192.168.255.255

NAT (Network Address Translation) converts private IPv4 addresses into public addresses or
vice versa. It helps private networks to communicate over the internet once they are converted to
public addresses.

Static IP address

• All public and private addresses are defined as static or dynamic.

• An IP address that a person manually configures and fixes to their device’s network is
referred to as a static IP address.
• A static IP address cannot be changed automatically.
• An internet service provider may assign a static IP address to a user account.
• The same IP address will be assigned to that user for every session.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

Dynamic IP address

• A dynamic IP address is automatically assigned to a network when a router is set up.

• The Dynamic Host Configuration Protocol (DHCP) assigns the distribution of this dynamic
set of IP addresses.

• The DHCP can be the router that provides IP addresses to networks across a home or an
organization.

• Each time a user logs into the network, a fresh IP address is assigned from the pool of
available (currently unassigned) IP addresses.

• A user may randomly cycle through several IP addresses across multiple sessions.

1.10 Network and Computer Attacks

A network attack is any attempt to disrupt, compromise or gain unauthorized access to a computer
network or its resources. Network attacks can be classified into several categories, depending on the
method used, the target and the intent of the attacker.

One way to classify network attacks is by their intent. Some attacks are designed to disrupt the
normal operation of a network or its resources, while others are designed to steal sensitive
information or take control of network resources.

A few examples of network attacks include −

• Denial of Service (DoS) attacks

• Distributed Denial of Service (DDoS) attacks
• Phishing attacks
• Sniffing attacks
• Malware attacks
• Remote code execution attacks

Denial of Service (DoS) attacks

• A Denial of Service (DoS) attack is an attempt to make a network resource or service

unavailable to legitimate users by overwhelming it with traffic from multiple sources.
• The goal of a DoS attack is to disrupt the normal operation of a network or website,
making it unavailable to legitimate users.
• DoS attacks can be launched from a single machine or from a distributed network of
compromised machines, known as a botnet.
• These attacks are relatively easy to launch and can cause significant disruption, even if the
attack is not particularly sophisticated.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

Distributed Denial of Service (DDoS) attacks

• A Distributed Denial of Service (DDoS) attack is a type of attack that is similar to a Denial
of Service (DoS) attack, but it uses a distributed network of compromised machines to
generate traffic to overwhelm a target.
• This makes DDoS attacks much more difficult to defend against than traditional DoS
attacks because the traffic is coming from multiple sources, making it difficult to distinguish
legitimate traffic from attack traffic.
• In a DDoS attack, an attacker infects a large number of computers with malware, creating a
botnet, and then uses this botnet to generate a large amount of traffic directed at a target,
such as a website or a network.
• The traffic can come in many forms, including HTTP requests, ICMP packets, and UDP
traffic, among others.
• The goal is to saturate the network and resources of the target, making it unavailable to
legitimate users.

Phishing attacks

• Phishing is a type of social engineering attack that attempts to trick individuals into
revealing sensitive information, such as login credentials or financial information.
• The goal of a phishing attack is to steal sensitive information or gain unauthorized access to
a user's accounts or devices.
• Phishing attacks typically take the form of an email or a message, often purporting to be
from a legitimate organization, such as a bank or a well-known company.
• These messages often include a link to a fake website or a request for sensitive information.

Man-in-the-middle (MitM) attacks

• A Man-in-the-Middle (MitM) attack is a type of attack in which an attacker intercepts and

modifies network traffic between two parties without their knowledge.
• In a MitM attack, the attacker is able to read, insert and modify the content of the traffic
between the communication parties.
• This can allow the attacker to steal sensitive information, such as login credentials, financial
information, or other sensitive data.

Sniffing attacks

• A sniffing attack is a type of network attack that involves intercepting and analyzing
network traffic in order to extract sensitive information.
• A sniffer, also known as a packet sniffer or network analyzer, is a tool or software used to
capture and analyze network packets.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

• Attackers use sniffing tools to capture and analyze network traffic in order to steal sensitive
information, such as login credentials, financial information, or other sensitive data.

SQL injection

• SQL injection is a type of attack that exploits vulnerabilities in the SQL code of websites or
web-based applications.
• It is a technique used to take advantage of improper coding of web applications that allows
an attacker to insert malicious SQL statements into the input fields of a web application,
which are then executed by the back-end database.
• An attacker can use SQL injection to gain unauthorized access to a database, steal sensitive
information, modify or delete data, or even execute arbitrary system commands on the
server.

Remote code execution attacks

• A Remote Code Execution (RCE) attack is a type of attack that allows an attacker to
execute arbitrary code on a remote system.
• This can allow the attacker to take control of the system, steal sensitive information, or
cause damage to the system and its resources.
• RCE attacks typically involve exploiting vulnerabilities in software or systems, such as
unpatched software, weak or easily guessable passwords, or poor system configurations.
• Once the attacker has gained access to a system, they can use various techniques to execute
code and take control of the system.

1.11 Malware
Malware is malicious software and refers to any software that is designed to cause harm
to computer systems, networks, or users.

Malware includes computer viruses, worms, Trojan horses, ransomware, spyware, and
other malicious programs. Individuals and organizations need to be aware of the different
types of malware and take steps to protect their systems, such as using antivirus software,
keeping software and systems up-to-date, and being cautious when opening email
attachments or downloading software from the internet.

Malware is designed to harm and exploit your computer or network.

It can steal sensitive information like passwords and credit card numbers, disrupt your
system’s operations, and even allow attackers to gain unauthorized access to your device.

Some types of malware, such as ransomware, encrypt your files and demand payment to
unlock them, while spyware monitors your activities and sends the information back to the
attacker.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

Why do Cybercriminals use Malware?

• Cybercriminals use malware, including all forms of malicious software
including viruses, for various purposes.
• Using deception to induce a victim to provide personal information for identity
theft
• Theft of customer credit card information or other financial information
• Taking over several computers and using them to launch denial-of-service
attacks against other networks
• Using infected computers to mine for cryptocurrencies like bitcoin.

Types of Malware

Viruses – A Virus is a malicious executable code attached to another executable file. The
virus spreads when an infected file is passed from system to system. Viruses can be harmless
or they can modify or delete data. Opening a file can trigger a virus. Once a program virus is
active, it will infect other programs on the computer.

Worms – Worms replicate themselves on the system, attaching themselves to different files
and looking for pathways between computers, such as computer network that shares common
file storage areas. Worms usually slow down networks. A virus needs a host program to run
but worms can run by themselves. After a worm affects a host, it is able to spread very
quickly over the network.

Trojan horse – A Trojan horse is malware that carries out malicious operations under the
appearance of a desired operation such as playing an online game. A Trojan horse varies from
a virus because the Trojan binds itself to non-executable files, such as image files, and audio
files.

Types of Malware

Ransomware – Ransomware grasps a computer system or the data it contains until the victim
makes a payment. Ransomware encrypts data in the computer with a key that is unknown to
the user. The user has to pay a ransom (price) to the criminals to retrieve data. Once the
amount is paid the victim can resume using his/her system.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

Adware – It displays unwanted ads and pop-ups on the computer. It comes along with
software downloads and packages. It generates revenue for the software distributer by
displaying ads.

Spyware – Its purpose is to steal private information from a computer system for a third
party. Spyware collects information and sends it to the hacker.

Rootkits – A rootkit modifies the OS to make a backdoor. Attackers then use the backdoor to
access the computer distantly. Most rootkits take advantage of software vulnerabilities to
modify system files.

Backdoors – A backdoor bypasses the usual authentication used to access a system. The
purpose of the backdoor is to grant cyber criminals future access to the system even if the
organization fixes the original vulnerability used to attack the system.

Keyloggers – Key logger records everything the user types on his/her computer system to
obtain passwords and other sensitive information and send them to the source of the
keylogging program.

1.12 Protecting Against Malware Attacks

How to know If our devices are infected with Malware?

• Performing poorly on the computer by execution.

• When your web browser directs you to a website you didn’t intend to visit, this is
known as a browser redirect.

• Warnings about infections are frequently accompanied by offers to buy a product to

treat them.

• Having trouble starting or shutting down your computer.

• Persistent pop-up ads.

How to Protect from Malware?

• Update your operating system and software. Install updates as soon as they become
available because cybercriminals search for vulnerabilities in out-of-date or outdated
software.

• Never click on a popup’s link. Simply click the “X” in the message’s upper corner to
close it and leave the page that generated it.

• Don’t install too many apps on your devices. Install only the apps you believe you will
regularly use and need.

• Be cautious when using the internet.

• Do not click on unidentified links. If a link seems suspicious, avoid clicking it whether it
comes from an email, social networking site, or text message.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

• Choose the websites you visit wisely. Use a safe search plug-in and try to stick to well-
known and reputable websites to avoid any that might be malicious without your
knowledge.

• Emails requesting personal information should be avoided. Do not click a link in an

email that appears to be from your bank and asks you to do so in order to access your
account or reset your password. Log in immediately at your online banking website.

How to Remove Malware?

• A large number of security software programs are made to both find and stop malware as
well as to eliminate it from infected systems.

• An antimalware tool that handles malware detection and removal is Malwarebytes.

• Malware can be eliminated from Windows, macOS, Android, and iOS operating systems.

• A user’s registry files, currently running programs, hard drives, and individual files can
all be scanned by Malwarebytes.

• Malware can then be quarantined and removed if it is found. Users cannot, however, set
automatic scanning schedules like they can with some other tools.

Tools Used to Remove Malware

• Malwarebytes

• SUPERAntiSpyware

• Malicious Software Removal Tool (MSRT)

• Bitdefender Antivirus Free Edition

• Adaware Antivirus Free

• Avast Free Mac Security

Advantages of Detecting and Removing Malware

• Improved Security: By detecting and removing malware, individuals, and organizations can
improve the security of their systems and reduce the risk of future infections.

• Prevent Data Loss: Malware can cause data loss, and by removing it, individuals and
organizations can protect their important files and information.

• Protect Reputation: Malware can cause harm to a company’s reputation, and by detecting
and removing it, individuals and organizations can protect their image and brand.

• Increased Productivity: Malware can slow down systems and make them less efficient, and
by removing it, individuals and organizations can increase the productivity of their systems
and employees.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

Disadvantages of Detecting and Removing Malware

• Time-Consuming: The process of detecting and removing malware can be time-consuming

and require specialized tools and expertise.

• Cost: Antivirus software and other tools required to detect and remove malware can be
expensive for individuals and organizations.

• False Positives: Malware detection and removal tools can sometimes result in false
positives, causing unnecessary alarm and inconvenience.

• Difficulty: Malware is constantly evolving, and the process of detecting and removing it can
be challenging and require specialized knowledge and expertise.

• Risk of Data Loss: Some malware removal tools can cause unintended harm, resulting in
data loss or system instability.

1.13 Intruders
• Intruders are often referred to as hackers and are the most harmful factors contributing
to security vulnerability.

• They have immense knowledge and an in-depth understanding of technology and

security. Intruders breach the privacy of users and aim to steal the confidential
information of the users.

• The stolen information is then sold to third parties, aiming to misuse it for personal or
professional gains.

Types of Intruders

• Masquerader: Masqueraders are outsiders and hence they don’t have direct access to the
system, they aim to attack unethically to steal data.

• Misfeasor: Misfeasors are insiders and they have direct access to the system, which they
aim to attack unethically for stealing data/ information.

• Clandestine User: A Clandestine User can be any of the two, insiders or outsiders, and
accordingly, they can have direct/ indirect access to the system, which they aim to attack
unethically by stealing data/ information.

Keeping Intruders Away

• Access Control: Implement strong authentication mechanisms, such as two-factor

authentication (2FA) or multi-factor authentication (MFA). Regularly review and update
user access permissions to ensure they align with job roles and responsibilities.

• Network Segmentation: Divide your network into segments to limit lateral movement
for intruders. For example, separate guest Wi-Fi from internal networks.
Use firewalls and access control lists (ACLs) to restrict communication between
segments.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

• Regular Patching: Keep software, operating systems, and applications up to date. Patch
known vulnerabilities promptly. Monitor security advisories and apply patches as soon as
they are released.

• Intrusion Detection and Prevention Systems (IDPS): Deploy Intrusion

Detection and Prevention Systems (IDPS) solutions to detect and prevent suspicious
activities. Set up alerts for any unauthorized access attempts.

• Security Awareness Training: Educate employees about phishing, social engineering,

and safe online practices. Regularly conduct security awareness sessions.

• Encryption: Encrypt sensitive data in transit (using protocols like HTTPS) and at rest
(using encryption algorithms). Use strong encryption keys and rotate them periodically.

Different Ways Adopted by Intruders

• Regressively try all short passwords that may open the system for them.

• Try unlocking the system with default passwords, which will open the system if the user
has not made any change to the default password.

• Try unlocking the system by personal information of the user such as their name, family
member names, address, and phone number in different combinations.

• Making use of a Trojan horse for getting access to the system of the user.

• Attacking the connection of the host and remote user and getting entry through their
connection gateway.

• Trying all the applicable information, relevant to the user such as plate numbers, room
numbers, and locality info.

How to Protect from Intruders?

• By being aware of all the security measures that help us to protect ourselves from
Intruders.

• By increasing the security and strengthening the security of the system.

• In case of any attack, first, reach out to cyber security experts for a solution to this type
of attack.

• Try to avoid becoming a survivor of cybercrime.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

1.14 Addressing Physical Security

• Physical security can be defined as the protection and concern regarding information-
related assets storage devices, hard drives, computers, organizations' machines, and
laptops and servers.
• The protection is mainly taken care of real-world threats and crimes such as unauthorized
access, natural disasters like fire and flood, a human-made disaster like theft, etc.
• This type of security requires physical controls such as locks, protective barriers, in-
penetrable walls and doors, uninterrupted power supply, and or security personnel for
protecting private and sensitive data stored in servers.

Information Security vs. Physical Security

Both the term has a conceptual difference. Information security generally deals with
protecting information from unauthorized access, disclosure, illegal use, or modification of
information, recording, copying, or destroying information. Information security is based on
a logical domain, whereas physical security is based on the physical domain.

Objectives of Physical Security

• Understand the needs for physical security.

• Identify threats to information security that are connected to physical security.

• Describe the key physical security considerations for selecting a facility site.

• Identify physical security monitoring components.

• Understand the importance of fire safety programs.

• Describe the components of fire detection and response.

Factors on Which Physical Security Vulnerabilities Depend

Any hack may result in success, despite the security if the attacker gets access to the
organization's building or data center looking for a physical security vulnerability. In small
companies and organizations, this problem may be less. But other factors on which physical
security vulnerabilities depend may be as follows:

1. How many workplaces, buildings, or sites in the organization?

2. Size of the building of the organization?

3. How many employees work in the organization?

4. How many entry and exit points are there in a building?

5. Placement of data centers and other confidential information.

EH 1.1 JNNIE/CSE/R-22/III YR/EH

 22CSE012- ETHICAL HACKING

Layers of Physical Security

Physical security depends on the layer defense model like that of information security.
Layers are implemented at the perimeter and moving toward an asset. These layers are:

1. Deterring.
2. Delaying.
3. Detection.
4. Assessment.
5. Response.
Crime Prevention Through Environmental Design (CPTED)

It is a discipline that outlines how the proper design of a real scenario can mitigate crime
and hacking by directly affecting human behavior. This concept was developed in the 1960s
and is still used mainly to prevent social engineering. It has three main strategies, namely:

1. Natural Access Control.

2. Natural Surveillance.

3. Territorial reinforcement.

Risk Assessment

Both physical intruders and cybercriminals have the same motive as money, social agenda,
etc. Also, intruders try to seek opportunities to exploit by any means. So these three terms -
motive, opportunity, and means are listed together to make a formula whose calculation is
resulted in the total risk i.e.

Risk = Controls((Means+Motive)*Opportunity) * Business Impact

Controls

EH 1.1 JNNIE/CSE/R-22/III YR/EH