🔐

Exploration of Ethical Hacking Techniques

Mar 8, 2025

Overview of 40 Hacking Techniques

Introduction

  • Focus: Ethical hacking and security tools.
  • Disclaimer: The lecture is educational for ethical hackers/security professionals only.

Key Hacking Techniques

1. Phishing

  • Description: Deceptive techniques to obtain sensitive data like passwords/credit card numbers.
  • Example: Email scams mimicking legitimate institutions.
  • Example Tool: GoPhish

2. Malware

  • Description: Software designed to harm computers (e.g., viruses, ransomware).
  • Notable Incident: WannaCry ransomware attack (2017).
  • Example Tool: Metasploit

3. SQL Injection

  • Description: Inserting malicious SQL code to exploit database vulnerabilities.
  • Notable Incident: 2014 Yahoo breach.
  • Example Tool: SQLMap

4. Cross-Site Scripting (XSS)

  • Description: Injects malicious scripts into webpages to steal information.
  • Notable Incident: 2005 MySpace worm.
  • Example Tool: XSS

5. Denial of Service (DoS)

  • Description: Overloading a system with traffic to make it unavailable.
  • Notable Incident: 2016 DYN attack affecting major websites.

6. Man-in-the-Middle (MITM)

  • Description: Intercepting and altering communications.
  • Notable Incident: 2011 DigiNotar breach.
  • Example Tool: Wireshark

7. Brute Force

  • Description: Trying multiple passwords until the correct one is found.
  • Notable Incident: 2012 LinkedIn breach.
  • Example Tool: Hydra

8. Social Engineering

  • Description: Manipulating people to disclose confidential information.
  • Notable Incident: 2013 Target breach.
  • Example Tool: Social-Engineer Toolkit (SET)

9. Zero-Day Exploits

  • Description: Exploiting unknown vulnerabilities before they’re patched.
  • Notable Incident: Stuxnet worm.
  • Example Tool: Immunity

10. Password Attacks

  • Description: Exploiting weak passwords with dictionary/credential stuffing attacks.
  • Notable Incident: 2019 Collection #1 breach.
  • Example Tool: John the Ripper

11. Ransomware

  • Description: Encrypts victim's data, demanding ransom for decryption.
  • Notable Incident: 2021 Colonial Pipeline attack.
  • Example Tool: CryptoLocker

12. Keylogging

  • Description: Capturing keystrokes to obtain sensitive information.
  • Notable Incident: 2017 HP laptop keylogger scandal.
  • Example Tool: Keylogger

13. Session Hijacking

  • Description: Taking control of a user’s active session.
  • Notable Incident: 2010 FireSheep extension incident.
  • Example Tool: Cookie Cadger

14. DNS Spoofing

  • Description: Redirecting traffic by altering DNS records.
  • Notable Incident: 2018 MyEtherWallet DNS attack.
  • Example Tool: DNS Chef

15. Watering Hole Attacks

  • Description: Infecting websites frequently visited by target groups.
  • Notable Incident: 2013 Council on Foreign Relations website attack.
  • Example Tool: Metasploit

16. Drive-By Downloads

  • Description: Automatic malware download when visiting infected sites.
  • Notable Incident: Neutrino exploit kit (2016).
  • Example Tool: Black Hole Exploit Kit

17. Exploit Kits

  • Description: Automated tools for exploiting software vulnerabilities.
  • Notable Kit: Angler Exploit Kit.
  • Example Tool: Neutrino Exploit Kit

18. Rootkits

  • Description: Hides malicious software to avoid detection.
  • Incident: 2005 Sony BMG rootkit scandal.
  • Example Tool: Rootkit Revealer

19. Botnets

  • Description: Networks of compromised devices.
  • Notable Incident: 2016 Mirai botnet attack.
  • Example Tool: Mirai Botnet

20. Packet Sniffing

  • Description: Capturing network data packets.
  • Example Tool: Wireshark

21. Replay Attacks

  • Description: Reusing intercepted data like login credentials.
  • Example Tool: Cain and Abel

22. Cross-Site Request Forgery (CSRF)

  • Description: Tricks users into making unintended requests.
  • Notable Incident: 2008 Twitter API vulnerability.
  • Example Tool: XSS Proxy

23. Clickjacking

  • Description: Tricking users into clicking on hidden elements.
  • Notable Incident: 2010 Facebook like button hijacking.
  • Example Tool: Browser Exploitation Framework (BeEF)

24. Credential Stuffing

  • Description: Using stolen credentials to access multiple accounts.
  • Notable Incident: 2018 Reddit attack.
  • Example Tool: Sentry MBA

25. Session Fixation

  • Description: Setting a user’s session ID to take control later.
  • Example Tool: Burp Suite

26. Eavesdropping

  • Description: Intercepting communications to steal data.
  • Example Tool: Ettercap

27. Privilege Escalation

  • Description: Gaining higher system privileges than intended.
  • Example Tool: Exploit Toolkits

28. Backdoors

  • Description: Secret entry points bypassing normal security.
  • Notable Incident: 2015 Juniper Networks backdoor.
  • Example Tool: BackOrifice

29. Typosquatting

  • Description: Registering domain names similar to popular ones to deceive users.
  • Example Tool: DNS Spoof

30. Wardriving

  • Description: Locating wireless networks by driving around.
  • Example Tool: Kismet

31. Vishing

  • Description: Voice phishing attacks via phone.
  • Notable Incident: Twitter employee attack.
  • Example Tool: Asterisk PBX

32. Evil Twin

  • Description: Setting up fake Wi-Fi access points.
  • Example Tool: Aircrack

33. Bait and Switch

  • Description: Luring users with legitimate content then switching to malicious.
  • Example Tool: Metasploit Module

34. SQL Slammer

  • Description: Worm exploiting SQL server vulnerabilities.
  • Notable Incident: 2003 outbreak.

35. Rainbow Table

  • Description: Cracking cryptographic hash functions.

36. Logic Bomb

  • Description: Code that triggers destructive action upon certain conditions.
  • Notable Incident: 2006 case at UBS.

37. Firmware Hacking

  • Description: Compromising hardware firmware.
  • Notable Incident: 2018 VPNFilter attack.
  • Example Tool: Firmware Modkit

38. Bluejacking

  • Description: Sending unsolicited messages via Bluetooth.
  • Example Tool: Bluever

Summary

  • Ethical hacking involves understanding vulnerabilities and protecting against them.
  • Tools and techniques evolve, requiring continuous learning and vigilance.

Full transcript