[Music] I'd like to welcome you to this course on ethical hacking this is the first lecture of this course now in this lecture I try to give you a very overall idea about what ethical hacking exactly is what are the Scopes of an ethical hacker and towards the end I shall give you some idea about the coverage of this course what are the things were expected to cover okay so the title of this lecture is introduction to ethical hacking now in this lecture as I told you firstly we shall try to tell you what is ethical hacking there is a related terminological penetration testing we will also be discussing about that and some of the roles of an ethical hacker what an ethical hacker is expected to do and what he or she is not expected to do that we shall try to distinguish and discuss so let us first start with the definition of ethical hacking what exactly is ethical hacking well we all have heard the term hacking and hacker essentially the term has been associated with something which is bad and malicious well when we hear about somebody as a hacker we are a little afraid and cautious okay I mean as if the person is always trying to do some harm to somebody else to some other networks try to steal something something trying to steal something from some IT infrastructure and so on and so forth but ethical hacking is something different when ethical hacking as per the definition if you just look at it essentially refers to locating the weaknesses and vulnerabilities it means suppose you have network you have an organizational network you have an IP IT infrastructure you have computers which contains some software some data a lot of things are there now you try a means here you are trying to find out whether your infrastructure or network does have some weak points or vulnerabilities through which an actual hacker can break into your system into your network so this ethical hacking is the act of locating weaknesses and vulnerabilities in computers and information system in general it covers everything it covers networks it cover databases everything but how this is done this is done by mimicking the behavior of a real hacker as if you are a hacker you are trying to break into your own network then you will get lot of information about what are the weak points in your own network so this term is important by replicating the intent and actions of malicious hackers whatever malicious hackers do in reality you try to mimic that you try to replicate that okay your objective is to try and find out the vulnerabilities and weak points in your network well you have a good intent you try to identify the weaknesses and later on maybe the organization will be trying to plug a plug out or stop those weaknesses so that such attacks cannot occur or happen in the future ok this ethical hacking is sometimes also referred to by some other names penetration testing is a well-known terminology which is used a phrase intrusion testing red teaming these are also terminologies which are used to mean the same thing well you can understand penetration testing the literal meaning of this phrase is you are trying to penetrate into a system you are trying to penetrate into a network you are testing and find out whether not your able to penetrate and if you are able to penetrate which are the points through which it is easier to penetrate these are the objectives okay alright so talking about ethical hacking there are some terminology let's see well ethical hackers are the persons who are actually carrying out ethical hacking now they are not some unknown entities they are some organization or persons who are actually hired by the company the company is paying them some money to do a penetration testing on their own network and provide them with a list of vulnerabilities so that they can take some action later on okay so these ethical hackers are employed by companies who typically carry out penetration testing or ethical hacking penetration testing as I had said is an attempt to break into a network or a system or an infrastructure but the difference from malicious attempt is that this is a legal attempt the company has permitted you to run the penetration testing on their own network for the purpose of finding the vulnerabilities so this is a legal attempt you are trying to break in and you are trying to find out the weak links well in penetration testing per se what the tester will do tester will basically generate a report the report will contain a detailed report it will contain all the known vulnerabilities that have been detected in the network as a result of running the penetration testing process okay but normally they do not provide solutions well you can also seek solutions for them but everything comes with an extra or additional charge right so in contrast security test is another terminology used which includes penetration test plus this kind of suggestions to plug out the loopholes so this includes in addition analyzing the company security policies and offering solutions because ultimately the company will try to secure or protect their network of course there are issues there may be some limited budget so within that budget whatever best is possible that have to be taken care of or incorporated so these are some decisions the company administration will have to take ok fine so some of the terminologies that we normally use hacking hacking broadly speaking we we use this term to refer to a process which involves some expertise we expect the hackers to be expert in what they're doing at times we also assume that hackers are more intelligent in the person´s than the persons who are trying to protect the network this assumption is always safe to make that will make your network security better ok cracking means breaching the security of a some kind of system it can be software it can be hardware computers networks whatever this is called cracking you're trying to crack a system spoofing is a kind of attack where the person who is who is attacking is trying to falsify his or her identity suppose I am I am trying to enter the system but I am not telling Who I am I am Telling I am mr. X mr. X is somebody else right so it is the process of faking the originating address in a packet a packet that flows in a network is sometimes called a Datagram okay so the address will not be my address I will be changing the address to somebody else's address so that the person who will be detecting that will believe that someone else is trying to do whatever is being done okay denial of services another very important kind of an attack which often plagues or effects systems or infrastructures well here the idea is that one order collection of computers or routers or whatever you can say a collection of nodes in the network they can flood a particular computer or host with enormous amount of network traffic the idea is very simple suppose I want to bring a particular server down I will try to flood it with millions and millions of packets junk packets so that the server will spend all of its time filtering out those junk packets so whenever some legitimate requests are coming valid packets are coming they will find that the service time is exceedingly slow exceedingly long this is something which is called denial of service and port scanning is a terminology which you use very frequently well ports in a computer system this we shall be discussing later ports indicate some entry points in the system which connects the incoming connections to some programs or processes running in the system say means in a computer system there can be multiple programs that are running and these programs can be associated with something called a port number okay whenever you're trying to attack a system normally the first step is to scan through some dummy packets ping these are called ping packets and try to find out which of the port numbers in the system are active suppose you find out that there are 4 ports which are active then normally there is a well-documented hacking guideline which tells you that for these 4 ports what are the known vulnerabilities and what are the best ways to attack or get entering those into the system through these ports so this port scanning is the process of identifying which are the active ports which are there and then searching for the corresponding vulnerabilities so that you can exploit them ok these are called exploits once you identify the ports you try to find out an exploit through which you can get entry into the system this is roughly the idea now talking about gaining access into the system there are different ways in which you can gain access to a system one is you are entering the system through the front door so the name is also given front door access normally a system normally I am talking about whenever you try to access the system you try to log in you are validated with respect to some password or something similar to that so password are the most common ways of gaining entry or access to a system in the present day scenario okay so the first attempt through that front door channel will be to guess valid password or try and steal some password there are many methods that are used for this purpose during this course you will be seeing some of the tools through which you can try and do this okay this is the front door the second thing is a back door which normally a person coming is not able to see but it is there those of you who know there is a back door they can only enter through that back door this is the basic idea so bank notes are some you can say entry points to a system which had deliberately kept by the developers well I am giving an example suppose I buy a router a network router from some company they give me some root password and access rights I change the root password so I am I am quite happy that means I have sole access to it I have changed the password I am safe but sometimes it may happen if something goes down the company might automatically modify or configure reconfigure the router through that back door they will not even ask you at times they will automatic they entered the router through that backdoor entry there was some special password through which they can possibly enter and they can make some changes inside such backdoors are known to exist in many systems not only Hardware systems also many of these software systems software packages okay well usually developers keep it as debugging or diagnostic tools but sometimes these are also used for malicious purposes okay then comes the Trojan horses now if you remember the story of the Trojan horse but it is something which was hidden inside the horse some warriors were hidden inside the horse suddenly some time one night they they just comes out and start creating havoc Trojan horse is also in terms of a computer system something very similar here let's think of a software first so it is a software code that is hidden inside a larger software well as a user you are not even aware that such a Trojan is there inside the software ok now what happens sometimes that Trojan software can start running and can do lot of malicious things in a system for example they can install some back doors through which other persons or other packets can gain entry into your system nowadays you will also learn as part of the course later Trojans can also exists in hardware whenever you built a chip you fabricated chip without your knowledge some additional circuitry can get fabricated which can allow unauthorized access or use of your chip of your system during its actual runtime ok and lastly come software vulnerabilities exploitation well when a software is developed by a company that software is sold with time some vulnerabilities might get detected normally those vulnerabilities are published in the website of that company that well these are the vulnerabilities please install this patch to stop or overcome that vulnerability but everyone do not see that message and do not install the patch but as a hacker if you go there and see that well these are the vulnerabilities in that software you try to find out where all that software is installed and you try to break into those in using those vulnerable points ok and this kind of software vulnerabilities are typically used you can say as a playground for the first time hackers sometimes they are called script kiddies the hackers who are just learning how to hack and that is the best place means already in some website it is mentioned that these are the vulnerabilities they just try to hack and see that whether they are able to do it or not ok all right now once a hacker gains access inside a system there can be a number of things that can be done for example every system usually has a log which monitors that who is logging into the system at what time what commands they are running and so on and so forth so if the hacker gets into the system the first thing he or she will will possibly try to do is modify the log so that their tracks are erased so if the system administrator looks at the law later on they'll not understand that well and hacking actually happened or not so some entries in the log file can get deleted can be deleted some files may be stolen sometimes after stealing the files can stroyed also okay some files might get modified like you have heard of defacement of websites some hackers break into website and change the contents of the page to something malicious so that people know that well we came here we hacked your system okay yes to cause mischief well installing backdoors is more dangerous so you will not understand what has happened but someone has opened a back door through which anyone can enter into a system whenever they want okay and from your system some other systems can be attacked suppose in a network there are 100 computers someone gains entry into one of the systems one of the computers from there the other 99 computers can be attacked if they want to right okay now talking about the roles of the testers who are carrying out the security testing and penetration testing well I talked about script kiddies the beginners who have just learned how to break into systems they are typically young or inexperienced hackers so usually what they do then look at some existing websites lot of such hacking documentation czar there from there the typically copy codes run them on the system and see that whether actually the attacks are happening as it has been published or discussed in those websites right but experience penetration testers they do not copy codes from such other places they usually develop scripts they use a set of tools and they run a set of scripts using which they run those tools in some specific ways to carry out specific things and these tools or the scripts are typically written in different scripting language like Python JavaScript they can be written also in language like C C++ and so on now broadly the penetration testing methodologies if you think about first it is that the person who is doing penetration testing he or she must have all the set of tools at his or her disposal this is sometimes called a tiger box Tiger box basically is a collection of operating systems and hacking tools which typically are is installed in a portable system like a laptop from there forever the person wants to carry out penetration testing he or she can run the correct tool from there and try to mount a virtual attack on that system and see whether there are any vulnerabilities or not so this kind of tools helps penetration testers and security tester to conduct vulnerability assessment and attacks this tiger box contains a set of all useful tools that are required for that okay now for doing this penetration testing from the point of view of the tester the best thing is white box model where the company on whose behalf you are doing the testing tells the tester everything about the network and the network infrastructure they provide you with a circuit diagram with all the details okay means about the network table topology what kind of new technologies are used in the network everything and also the tester if they require whenever they require their authorized to interview the IT personnel many times it is required in a company if you interview people you will get to know a lot of things that how the information processing is carried out inside the company what are the possible vulnerabilities that they feel there are okay so this white box model makes the testers job a lot easier because all the information about the network whatever is available is made available or given to the tester okay now the exact reverse is the black box model black box model says that tester is not given details about the network so it is not that the person who is asking the tester to test is deliberately deliberately not giving maybe the person is not competent enough and does not know the relevant information to be shared with the tester so tester will have to dig into the environment and find out whatever relevant information is required so the burden is on the tester to find out all the details that may be required in practice usually we have something in between we do not have white box we do not also have black box we have something called the gray box model what is grey box model it is some kind of a hybrid of the white box and black box model the company will provide the tester with partial information about the network and the other things well if I partial because the company may be knowing the details of some of the subsystems but for some other subsystem the details may not be available to them also so they cannot provide any detail for that okay they have just bought it and installed it something like that so these are broadly the approaches now there are some legal issues also well it varies from country to country well in our country it is not that rigid there are some other countries where it is extremely rigid that means you are not possibly allowed to install some kind of software on your computers so these laws that involve technologies particularly IT they are changing and developing very far with time it is very difficult to keep track of these changes what is the latest law of the land okay now it is always good to know the exact set of rules that pertain in the place of your work where you are working what are the laws what are the rules okay so that you should be know what is allowed and what is not allowed maybe you are using something or doing something in good faith but possibly it is illegal in that state or that country okay maybe even trouble later on alright so the laws of the land are very important to know some of the tools are using on your computer may be illegal in that country so you must be know about these things the cyber crimes punishment and cyber crime these are becoming more and more crucial and severe with every passing day so these are a few things people should be extremely cautious about but certain things are quite obvious that you should not do certain things legally that everyone understands that accessing a computer without permission is clear so it is my computer why are we accessing without my permission that is something illegal installing worms or viruses that is not supposed to be illegal I have not installed worms and viruses so I have also not asked you to install so why have you installed or injected this kind of warm services in my computer ok denial of service attacks well hackers do mount this kind of attacks but these are illegal some services or servers are installed to provide some service to customers so if someone tries to deny the services that is something which is not permissible right then something similar to that denying users access to some networking resources because you should be aware whatever you are doing maybe as part of ethical hacking maybe as part of the work which companies are student you to do maybe you are doing something inside your the network of the company but you should be careful you should not prevent the customers of that company from doing their job this is very important ok so your your action should not be disruptive in terms of their business ok so in a nutshell to summarize this ethical hacking well if you're a security tester so what are the things you need to know what you need to do well the first thing clearly is you should have a sound knowledge of networking and computer technology so you see as part of this course will devote a significant amount of time discussing or brushing of the relevant backgrounds of networking technology because these are very important in actually understanding what you are doing how are you doing and why are you doing and also you cannot do everything yourself on your own you need to communicate with other people that art is also something to be mastered you need to interact with other people this quality is also very important and of course I mentioned the laws of the land are very important to understand and you should have the necessary tools at your disposal some of the tools may be freely available some of the tools may have to be purchased some you may develop on your own so you should have the entire set of tools at your disposal before you can qualify yourself to be a good network you can say ethical hacker penetration tester or a security tester okay fine now about this course very briefly speaking very broadly speaking we shall be covering relevant Network technologies as I'd said understanding some basic networking concepts are very important to understand how these tools work if you do not understand the networking concepts we will not be able to use the tools at all okay basic cryptographic concepts are required because whenever you are trying to stop some of the weak points or vulnerabilities often you will have to use some kind of cryptographic techniques or cryptographic solutions so you need to understand what are the things that are possible and what are not possible in terms of cryptography techniques okay well we shall look at some of the case studies of secure applications to understand how these cryptographic primitives are put to practice to develop secure applications then we shall be looking at unconventional attacks some of the attacks which are hardware based attacks which are very interesting and very recent and they are very unconventional shall be discussing about such kind of attacks and a significant part of this course will concentrate on demonstrating various tools how we can actually mount this kind of penetration testing and other kind of attacks on your system on your network and so on and so forth okay so with this I come to the end of this first lecture and I would expect that the lectures that are yet to come would be very useful for you in understanding the broad subject of ethical hacking and motivate you in the subject to possibly become an ethical hacker in the future you