Ethical Hacking Full Course | Ethical Hacking Tutorial | CompTIA Network+ Exam Prep | Simplilearn
Key Takeaways
This video teaches ethical hacking tools and techniques for CompTIA Network+ exam prep
Full Transcript
[Music] Welcome to Simply's Ethical Hacking Full Course. Your gateway to one of the fastest growing careers in cyber security. In today's digital world, every company depends on secure systems to protect sensitive data. But as cyber attacks become more frequent and advanced, the demand for skilled ethical hackers is skyrocketing. Ethical hacking is all about thinking like a hacker. But using those skills to protect and not to harm. From testing networks to securing applications, ethical hackers are the heroes keeping businesses and individuals safe online. So in this course, we'll start from very basics. So even if you're new to cyber security, you'll feel right at home. First, we'll learn about how hackers think, the tools they use, and the most importantly, how to defend against them. We'll also cover key topics like penetration testing, network security, web application vulnerabilities, and real world hacking techniques step by step. And by the end of this course, you'll have the knowledge, skills, and confidence to start your journey as ethical hacker and open doors to exciting highpaying career opportunities in cyber security. So, are you ready to learn how to hack the system right away and secure the digital future? Let's get started. Also, if you're interested in stepping into one of the most in demands field, then the advanced executive program in cyber security by Simple is the perfect choice for you. In just 6 month, you gain expertise in ethical hacking, penetration testing, ransomware analysis, and advanced defense strategies through a hands-on industry relevant approach. This program offered in collaboration with triple IT Bangalore and IBM features live interactive classes, real world project and industry recognized certification. You'll also benefit from master classes by top triple IIT Bangalore faculty and an XNPCI expert right away. So whether you're just looking to start or advance your career in cyber security, this course will make you job ready with practical tools, projects and certifications to help you stand out in the job market. So what are you waiting for? Hurry up and enroll now and you can find the course link below >> and welcome to the next video in the cyber security space. In this video we are going to discuss what is ethical hacking. Now take this as an example. There is an organization that keeps on getting compromised or keeps on getting attacked repeatedly every month and they're at a loss of why exactly this is happening. So an employee comes up with a brilliant idea of hiring an ethical hacking or uh hiring an ethical hacker to test the security systems. The bosses agree and the company ends up hiring a ethical hacker. Now what this hacker does is they try to test all the security controls that the organization has implemented all the applications uh maybe even the databases and then they start giving a report. So here you can see that they are trying to test the firewall. Uh maybe fire viruses, malicious queries towards the firewall, hack the company's website, test the company's websites, any applications that the company is utilizing and try to analyze the responses that they're going to get. So they're trying to emulate a hacker scenario where a hacker is trying to attack and trying to figure out the vulnerabilities and the areas for compromise to the organization's infrastructure. So once the report is ready they would be submitting the report to the organization and they would then give recommendations of how to enhance the security posture of the organization. Once the security posture is enhanced the likelihood of the organization getting compromised reduces drastically. Thus the organization becomes a lot more secure than it was before. And this is what we are going to discuss in this video. So first and foremost we are going to discuss uh what is ethical hacking. We're going to talk about the types of hackers. We are looking at phases of ethical hacking, common types of attacks that are possible on networks and other systems. And then we talking about certification and job roles in the cyber security space as well. So what exactly is ethical hacking? Ethical hacking is locating weaknesses or vulnerabilities of computers and information system using the intent and actions of a malicious hacker. Now the difference here is the intent. A malicious hacker will try to gain something for their own uh personal gains or try to cause damage to the other organization. Here the intent of the ethical hacker is to identify possible flaws and vulnerabilities weaknesses and then try to enhance the security on those weaknesses by mitigating those weaknesses thus preventing malicious hackers from getting access. So the intent is the complete other way around where a malicious hacker may be looking at gaining personally from these attacks where a ethical hacker would prevent the vulnerability thus prevent the hack from happening in the first place. An ethical hacker is an expert who penetrates a computer system or network on behalf of its owners to find security vulnerabilities that the hacker can exploit. So the difference between the hacker and ethical hacker here is that the hacker is not authorized by the organization. Whereas in case of ethical hacker, it's the organization themselves who have hired the services of the ethical hacker to test the security controls, to test the network, to test applications and find out flaws within them so that they can be fixed. Ethical hacker is also known as a penetration tester. So the job role here is to find vulnerabilities and to fix them so that malicious hackers may not be able to misuse them. What are the advantages of hiring an ethical hacker in an organization? First and foremost, ethical hackers can emulate or simulate the scenarios that a hacker would. They have the same knowledge, might use the same tools except for the intent. So they will be able to identify the security threats for the organization. Once the security threats have been mitigated, the organization can actually focus on their business and increase productivity. Once the attacks have been mitigated and the compromises have been minimized, the organization can full-fledged work towards their goals, their objectives of the business and be more productive. the reputation of the company can be safeguarded. We obviously don't want to deal with organizations that keep on repeatedly getting hacked and compromise our data. We wouldn't trust those organizations with our private and personal data in the first place. Which means that this is going to inspire customer confidence. The customer would feel that if the organization is secure and is able to protect themselves, they would be able to protect the customer's data and customers uh private information as well, which is the protection for your customers or clients. So this can be advertised as by the organization saying we have ethical hackers. We do proactive approach towards our security measures. We have integrated security mechanisms in place. We are safe. We have been tested and we can prove that we are security compliant. Once the customers come to know about this, customers would feel a lot more safer to deal with such organizations. After discussing the advantages of hiring an ethical hacker, let's discuss the types of hackers. The first classification is of a black hat hacker. These people are individuals with extraordinary computing skills which means they are very intelligent. They can program quite a bit. Uh they know everything about hacking and these guys are experts. However, their intent is malicious or destructive in nature. They would want to harm the victim and gain possibly monetarily from these kind of activities. Some of these people would do it for fun, an ego boost if you will. The second classification is of a grey hat hacker. These are individuals who work offensively as well as defensively. So at times they can uh for an agenda become a blackhead hacker, gain out of it, hack without authorization and at times they can actually accept a contract from an organization to help them enhance the security of that organization. And then there are white hat hackers. These are individuals professing the same skills that of a black hat or a gray hat. They might use the same tools, possess the same knowledge except for the intent. Their intent is not to cause harm but to protect the organization and enhance their security skills. These are people like us. These are ethical hackers who essentially uh try to emulate or simulate the attacks from a blackhead hacker's perspective to find out the flaws and then try to mitigate them, try to enhance the security posture of the organization to prevent that organization from getting hacked. And then there are suicide hackers. These are individuals who bring down critical infrastructure for a cause. The main difference between the black hat hackers and suicide hackers is that black hat hackers will try to hide their identity. Suicide hackers do not. In fact, they will claim responsibility for the attacks that they have done. Then we have script kitties. These are unskilled hackers. They have no idea what they're doing. They may not be technically very adept, but they rely on tools already created by black hat hackers and then try to use those tools and leverage them to try to hack an organization. A cyber terrorist would be any organization or individual who are motivated by religious or political beliefs and they try to create fear by large scale disruption of computer networks. So they might attack countries, they might attack organizations to promote their political or religious causes and might create harm to the population at large. State sponsored hackers are individuals who are employed by the government to spy on neighboring countries or uh their enemies. The attempt is to gain top secret information that would be damaging to other governments which would enhance the security posture of one own one's own country. Now this is not an official job profile but uh it's a known fact that most of the governments have hired uh hackers to spy on other countries and other organizations. Then there are hackivists individuals who want to promote a political agenda by hacking and defacing websites. These guys do not infrastructure. They just hack websites, deface them, put their own propaganda on the face of the website uh to promote whatever political messages that they want to promote. Now let's talk about the phases of ethical hacking. Ethical hacking is distributed into five different phases. They are the reconnaissance phase, scanning, gaining access, maintaining access, and covering tracks. The first phase, the reconnaissance phase is all about information gathering. Here you're trying to identify the target, trying to get to know the target, gathering information about the target, could be digital in nature, could be any personal information or organizational information that you can leverage later on for social engineering attacks as well. Here you might try to find out from a technical perspective the IP addresses, domain names, subdomains, uh email addresses, phone numbers of uh people uh working in the organization. Once you have all this information, you would then proceed to the scanning phase. We are going to actively scan for devices that are live and can you can interact with. Then you're going to scan those live devices to identify ports, protocols and services running on those systems. Now these ports or protocols, these would be your entry points to try to gain access to that system. It is here where those flaws would exist. So in this phase you're basically identifying which ports are open, which services are running on top of them, what protocols are being utilized by the machine. Once you have identified this, you might want to enumerate them by gathering more information from a specific protocol. And then you might want to go into the vulnerability scanning phase where you're going to scan these services protocols for vulnerabilities trying to create a list of all the possible vulnerabilities in that system. Once you have the list of possible vulnerabilities, you're going to move on to the gaining access phase where you're going to attack those vulnerabilities, try to exploit them and try to gain access or embed a Trojan virus key logger or any software that can spy on the victim. Once you have hacked into this machine, you're going to try to maintain access. Maintaining an access is you're trying to retain those access for a longer period of time so you can spy on the uh device, spy on the user, uh try to collect more information as time goes on. You're not going to rely on the hack forever because the hack may no longer work after a period of time, especially if the system gets patched up or somebody runs an antivirus scan or figures out something is wrong. Maintaining access is where you're going to install a back door, an unauthorized backdoor obviously without the knowledge of the victim which will allow you to interact with the machine or gather information from the machine without any hindrance. Once you have installed these kind of softwares, you don't want them to be discovered. That's where the covering tracks come into the picture. When you have installed a rootkit, a Trojan, a spyware, it will create directories. It will create files. In this phase, the covering tracks you're going to try to erase the trace of the creation of these files. When you're accessing something while maintaining access or gaining access, there would be logs that would be created uh by the applications which would announce what you've been doing. In the covering covering tracks phase, you'll be trying to delete those logs and try to erase the traces of your activity as well. So in these five phases, the entire gambit of ethical hacking is covered. Let's move on to discuss the common types of attacks. The first and foremost and the most common attack in today's world is a denial of service attack or a distributed denial of service attack. This attack is launched by a attacker not to not for personal gain but to harm the other organization by crashing those services or making the services unavailable for legitimate users thus causing monetary harm and reputational harm to the organization. They actually try to restrict the access to these resources for legitimate users by consuming all the bandwidth or the resources made available. Then there are password attacks. These attacks are essentially where you're trying to crack the password of a user so that you can gain access to their account and through their access you can then uh leverage those access and capture data that you wouldn't have otherwise gotten access to. Then man-in-the-middle attack is where you are trying to capture data packets over the network that are flying between the victim and the target server. So you're essentially placing yourself between the communication channel that has been opened between the victim and the targeted server and you're trying to capture the data packets. You're trying to analyze those data packets and capture any secret information like usernames, passwords, any other transactions that the user might be doing. Then you have email attacks. The attacker sends bait often in the form of an email. So these would be a fishing attacks that would come under the gambit of so social engineering. Fishing attacks are nothing but fake mails that look very genuine to the end user and thus persuade them to click on links that lead to malicious servers thus compromising the device of the victim. SQL injection attacks are normally targeted to websites or web applications that that have a database connected to them. The database and the application interact with each other using SQL language or structured query language. If not configured properly and uh if there are no firewalls watching, a user can craft malicious SQL queries which can then dump data or uh give out unwanted information to the hacker that should have been protected in the first place. And then if you have the eavesdropping attack where the attacker observes the traffic on the system and works and the work you are doing on your computer. Eavesdropping could be where you're uh you're tracking WIP calls or you have installed a Trojan on somebody's mobile phones and you're try looking at all that information. Let's look at the certifications that are available in this field. The foundational knowledge that you would require is a graduate in computer science or any IT security related field. Most of the univers universities nowadays provide this kind of certifications. You should have solid grounds in IT IT fundamentals. That means you should be technically very adept. You should understand how protocols work, how networking works. You should be somewhat convergent with some scripting languages and should be able to understand programming. Knowing networking and mastering networking is a very fundamental requirement. Even if you later on decide to go into application security and you're looking at programming languages, applications still work over the network and you need to know how these networks are going to be configured and how data is going to be transmitted over this network. coding skills. Like I said, programming not from a developer's perspective, but at least good enough to understand how the program functions, what the flaws may be in the programming code that has been given and how you can break that particular code. That is what is required. A few scripting languages like PHP, Pearl, Python, Ruby, uh they would be a lot helpful at this point in time. Maybe bash scripting or PowerShell scripting as well. And then understanding of the architecture of an operating system. We just don't want to know how the operating system works and how it functions. We should be able to troubleshoot the operating system to recover from errors, flaws. And we should know how the operating system works, stores data and interacts with the hardware in at the first place. With everything there is now cloud and cloud is gaining traction a lot. We got public clouds like Amazon, Microsoft and Google. We got private clouds like VMware. Uh Microsoft again Citrix and so on so forth. Most of the organizations in today's world have a hybrid environment where they've got a part physical IT infra and part cloud infrastructure. So learning what cloud is, the nuances of cloud, the services that a cloud can provide, software as a service, infrastructure as a service and platform as a service, understanding them and then knowing how you can secure these or what the vulnerabilities are in the first place and then trying to secure them is of very much a sense in today's world. over a period of time you will have to learn cloud security to be relevant in today's world especially with IoT artificial intelligence and machine learning uh picking up pace and then malware analysis and reverse engineering so let's say there's a new virus that has been released and there's an antivirus company who's working to figure out how the virus works what are the signatures that are created by the virus and this is where those malware analysis skills come into the picture even in real terms or in normal terms if you're working in an organization ization and if a machine has been infected or is suspected of an in infection you need to investigate the machine to identify whether it was a worm, virus or a trojan and need to take effective action to prevent further compromise from happening and that is why malware analysis is of importance as well. The certifications that you have certified ethical hacker it will train you in reverse engineering. So this is where you basically look at offensive security. This is where you're looking at hacking and you're looking at how the methodologies the five steps that we have talked about and this course deals with each and every one of those five steps and helps you analyze and understand the tool sets and the skills that are required for each of that particular step. Salaries may range between $71,000 and above in the US market and around 5 lakh rupees and more in the Indian market. After EC we have got the ECSA/ LPT course. ECSA is the EC council certified security analyst course. Once you get certified on that you can then apply for the LPT which is the licensed penetration tester. So it's for CH then ECSA EC council certified security analyst and then LPT license penetration tester. This gives certified penetration testers the opportunity to practice their skills and gives you a license where you have uh and a certificate that proves that you have understood the methodology and are very adept at the skills of hacking. We humans are highly tech-savvy in today's times. With the extensive use of the internet and modern technologies, there is a massive challenge in protecting all our digital data such as net banking information, account credentials and medical reports to name a few. Have you heard about the deadly one to cry ransomware attack? The attack happened in May 2017 in Asia and then it spread across the world. Within a day, more than 230,000 computers were infected across 150 countries. The Wry Cryptoorm encrypted the data and locked the users out of their systems. For decryption of the data, the users were asked for a ransom of $300 to $600 in Bitcoin. The users who used the unsupported version of Microsoft Windows and those who hadn't installed the security update of April 2017 were targeted in this attack. The one a cry attack took a toll on every sector. Top tier organizations like Hitachi, Nissan and FedEx had to put their businesses on hold as their systems were affected too. Now this is what you call a cyber attack. To prevent such attacks, cyber security is implemented. We can define cyber security as the practice of protecting networks, programs, computer systems and their components from unauthorized digital attacks. These illegal attacks are often referred to as hacking. Hacking refers to exploiting weaknesses in a computer network to obtain unauthorized access to information. A hacker is a person who tries to hack into computer systems. This is a misconception that hacking is always wrong. There are hackers who work with different motives. Let's have a look at three different types of hackers. Black hat hackers are individuals who illegally hack into a system for monetary gain. On the contrary, we have white hat hackers who exploit the vulnerabilities in a system by hacking into it with permission in order to defend the organization. This form of hacking is absolutely legal and ethical. Hence, they are also often referred to as ethical hackers. In addition to these hackers, we also have the gray hat hackers. As the name suggests, the color gray is a blend of both white and black. These hackers discover vulnerabilities in a system and report it to the systems owner, which is a good act, but they do this without seeking the owner's approval. Sometimes grey hat hackers also ask for money in return for the spotted vulnerabilities. Now that you have seen the different types of hackers, let's understand more about the hacking that is legal and valid, ethical hacking through an interesting story. Dan runs a trading company. He does online training with the money his customers invest. Everything was going well and Dan's business was booming until a hacker decided to hack the company's servers. The hacker stole the credentials of various trading accounts. He asked for a lumpsum ransom in exchange for the stolen credentials. Dan took the hacker's words lightly and didn't pay the hacker. As a result, the hacker withdrew money from various customers accounts and Dan was liable to pay back the customers. Dan lost a lot of money and also the trust of his customers. After this incident, Dan gave a lot of thought as to what could have gone wrong with the security infrastructure in his company. He wished there was someone from his company who could have run a test attack to see how vulnerable systems were before the hacker penetrated into the network. This was when he realized he needed an employee who thinks like a hacker and identifies the vulnerabilities in his network before an outsider does. To do this job, he hired an ethical hacker, John. Jon was a skilled professional who worked precisely like a hacker. In no time, he spotted several vulnerabilities in Dan's organization and closed all the loopholes. Hiring an ethical hacker helped Dan protect his customers from further attacks in the future. This in turn increased the company's productivity and guarded the company's reputation. So now you know hacking is not always bad. John in this scenario exposed the vulnerabilities in the existing network and such hacking is known as ethical hacking. Ethical hacking is distributed into six different phases. Let us look at these phases step by step with respect to how Jon our ethical hacker will act. Before launching an attack, the first step Jon takes is to gather all the necessary information about the organization's system that he intends to attack. This step is called reconnaissance. He uses tools like Inmap and Hping for this purpose. John then tries to spot the vulnerabilities if any in the target system using tools like Inmap and Nexos. This is the scanning phase. Now that he has located the vulnerabilities, he then tries to exploit them. This step is known as gaining access. After Jon makes his way through the organization's networks, he tries to maintain his access for future attacks by installing back doors in the target system. The metas-ploit tool helps him with this. This phase is called maintaining access. John is a brilliant hacker, hence he tries his best not to leave any evidence of his attack. This is the fifth phase, clearing tracks. We now have the last phase that is reporting. In this phase, Jon documents a summary of his entire attack, the vulnerabilities he spotted, the tools he used, and the success rate of the attack. Looking into the report, Dan is now able to take a call and see how to protect his organization from any external cyber attacks. Don't you all think Jon is an asset to any organization? If you want to become an ethical hacker like John, then there are a few skills that you need to acquire. First and foremost, you need to have a good knowledge of operating environments such as Windows, Linux, Unix, and Macintosh. You must have reasonably good knowledge of programming languages such as HTML, PHP, Python, SQL, and JavaScript. Networking is the base of ethical hacking. Hence, you should be good at it. Ethical hackers should be well aware of security laws so that they don't misuse their skills. Finally, you must have a global certification on ethical hacking to successfully bag a position of an ethical hacker like John. Few examples of ethical hacking certification are certified ethical hacker certification, C, CompTIA pinest plus, and licensed penetration tester certification to name a few. Simply learn provides a cyber security expert masters program that will equip you with all the skills required by a cyber security expert. You could have a look at it by clicking the link in the description. The endless growth of technologies in this area is directly proportional to the number of cyber crimes. Cyber crimes are estimated to cost $6 trillion in 2021. Hence, to tackle these cyber crimes, organizations are continuously on the lookout for cyber security professionals. The average annual salary of a certified ethical hacker is $91,000 in the US and approximately rupes 7 lakhs in India. So what are you waiting for? Get certified and become an ethical hacker like John and put an end to the cyber attacks in the world. So let's talk about hacking and what exactly hacking is. Hacking refers to exploiting weaknesses in a computer network to obtain unauthorized access to information. A hacker is a person who tries to hack into computer systems. Now here there are some key words that we need to understand. First and foremost exploit. When you're exploiting weaknesses, weaknesses are technically called vulnerabilities which are basically design flaws, misconfiguration errors, usage of default usernames and passwords which have not been modified. So any misconfiguration or anything that has been left behind by a security administrator that can be misused which means exploited by a hacker to gain unauthorized access. So the next term is unauthorized access something that you're not allowed to do. And when you say a hacker is a person who tries to hack, it's basically a person with malicious intent trying to gain access to a system or a resource that they are not authorized to access in the first place. How do they do it? they find a vulnerability that is a weakness or a flaw and then they misuse it to gain access to that particular network. So here in the diagram you can see that a sender on the left hand side is trying to send some data to the receiver on the right hand side. The hacker would try to gain unauthorized access to the transmission that is being sent and would try to capture the data packets and read the secrets within. Let's look at a business case scenario into hacking. Now there is an organization uh everybody's going around their own business when they realize that their systems may have been compromised. Now they're trying to look at the customer data to ensure that that has not been compromised and trying to assure the customers. However, they do realize that some customer data has been lost and even the company reports have been modified as well. Now this is the scenario where there have been some security controls in place and those controls have been identified. they realized that there is an attack that has happened and based on that attack they have realized that the data has now been compromised and the records have been modified uh by the hacker which means that the data is no longer trustworthy and thus cannot be used by the business for any legal transactions. So then the hacker gives a call to the organization or gets connected to the organization demanding a ransom for the data to be replaced to be taken back into the original state where it was trusted and thus the organization can utilize it for business transactions. The organization has probably no backup. So they decide that they want to pay the lumpsum to the hacker to restore that data so that they can continue on with the business. does money exchanges and the hacker is able to restore that data and the business continues at as usual. However, the activity here of a hacker trying to leverage the misconfiguration of the weaknesses in the organization's security thus being able to hack them and uh make these ransomware demands. So the company then wants to figure out even having a security system in place how was the hacker able to hack their systems. Thus, one of the employees comes up with a brilliant idea of identifying vulnerabilities in the network uh to proactively search for any flaws that have been left behind uh so that they can plug those flaws and nobody can misuse them. Thus, they figure out that they want to hire a ethical hacker who would help them identify the security posture of the organization, identify the weaknesses, vulnerabilities and flaws and help them remedy those flaws so that in future scenarios these scenarios will not happen. So before we go into an ethical hacker, let's understand what are the types of hackers. So what are the types of hackers? Hacker is a technically skilled person uh who is very adept with computers. They have good programming skills. They understand how operating system works. They understand how networks work. They understand how to identify flaws and vulnerabilities within all of these aspects. and then they understand and know how to misuse these flaws to get a outcome which would be detrimental to the health of the organization. So there are six type of hackers that have been identified. Black hat hackers, white hat hackers, grey hat, script kitties, nation sponsored hackers and a hackists. So blackhat hackers are bas basically uh the malicious hackers who have malicious intent and have criminalistic tendencies. They want to harm the organization by hacking into their infrastructure, by destroying their infrastructure, by destroying their data so that uh they can gain from it from a monetary perspective. Uh these guys are also known as crackers. The main aspect of these uh people are that they have malicious intent. They try to do unauthorized activities and they try it for personal gain. Another important aspect to remember is that a black hat hacker will always try to hide their identity. uh they will spoof their online digital identity by masking it by spoofing their IP addresses, MAC addresses and try to remain anonymous on the network. A white hat hacker on the other hand is also an ethical hacker or a security analyst who's an individual who will do exactly the same thing that a black hat hacker would do minus the malicious intent plus the intent of helping the organization identifying the flaws and remedying them so that nobody else can misuse those vulnerabilities. So they are authorized to act on the company's behalf. They are authorized to do that activity which would help the company identify those flaws and thus help the company mitigate those flaws improving on their security posture. So these uh these kind of security experts or ethical hackers would help organizations defend themselves against unauthorized attacks. Greyhead hackers is a blend of both white hat and blackhat hackers. So here they can work defensively and offensively both. They can accept contracts from organizations to increase their security posture. At the same time, they can also get themselves involved in malicious activities towards other organizations to personally gain or benefit from them by doing unauthorized activity. Script kitties are people who are technically not much aware about what hacking is. Uh they rely on existing tools that have been created by other hackers. They have no technical knowledge of what they're doing. It's just a hit or miss for them. So they just get their hands on a tool. they try to execute those tools. Uh if the hack works, it works otherwise it doesn't. So these people are basically who are noobs or newbies who are trying to learn hacking or uh just uh people who with malice's intent who just want to have some fun or trying to impress people around. Then we have the nation or the state sponsored hackers. As the name suggests these hackers are sponsored by their government. Now this may not be a legitimate job but most of the governments do have uh hackers uh enrolled in their pay on um on their uh organizations to spy on their enemies to spy on various countries and try to figure out uh the aspirations of those countries. So this is basically a spying activity where you are technically trying to get access to other countries resources and then try to spy on them to figure out what their activities have been or what their future plans have been. And then we have the activists who is an individual who has a political agenda to promote and they promote it by doing hacking. So uh these guys what is the difference between a black hat hacker and a activist? The blackhead hacker may try to hide their identity. A h activist will claim responsibility of what they have done. So for them it's a political agenda, a political cause and they will try to hack various organizations to promote their cause. They would probably do this by defacing the website and posting the messages that they want to promote on these websites. So what exactly is ethical hacking? Then we have discussed the types of hackers. We have identified a malicious hacker as a black hat hacker with the intent uh of doing harm to an organization's network for personal gain. We have discussed what the ethical hacker is. So an ethical hacker would be doing the same activity but in an authorized manner. So they would have legal contracts that they would be signing with the organization which would give them a definite scope of what they're allowed to do and what they are not allowed to do and the ethical hackers would function within those scopes would try to execute those test scenarios where they would be able to identify those flaws or those system vulnerabilities and then they would be submitting a report to the management of what they have found. They would also help the management to mitigate or to resolve those weaknesses so that nobody else can misuse them later on. They might use the same techniques and the same tools that blackhat hackers do. However, the main difference here is that these guys are authorized to do that particular activity. They're doing it in a controlled manner with the intent of helping the organization and not with the intent of personal gains. So, who's an ethical hacker? Again, an ethical hacker is a highly intelligent, highly educated person who knows how computers function, how programming languages work, how operating systems work. They can troubleshoot. They're technically very adept at computing. They understand the architecture. they understand uh how various components in a computer work. They can troubleshoot those components and they can basically be uh very good with programming as well. Now when I say programming, we don't want the ethical hacker to be a good developer of applications. We want them to understand programming in such a way that they can create scripts, they can write their own short programs like viruses, worms, trojans or exploits which would help them achieve the objective that they have set out for. So uh here you can see the ethical hacker there are individuals who perform a security assessment of their companies with the permission of cons concerned authorities. So what is a security assessment? A security assessment is finding out the exact security posture of the organization by identifying what security controls are in place how they've been configured and if there are any gaps in the configurations themselves. So an organization will hire a ethical hacker. They would give the ethical hacker the information about what information is or what security controls, what firewalls, what IDs, IPSS, introen detection or intro prevention systems, antiviruses are already in place and then they will ask the ethical hacker to figure out a way to bypass these mechanisms and see if they can still hack the organization. What is the need of an ethical hacker? The need of an ethical hacker is proactive security. The ethical hacker would identify all the existing flaws in an organization and try to resolve those flaws to help secure the organization from blackhead hackers. So ethical hackers would prevent hackers from cracking into an organization's network by securing the organization by improving on their security on a periodic basis and they would also try to identify system vulnerabilities, network vulnerabilities or application level vulnerabilities that would have been missed or have already been missed and then try to figure out a way of plugging them or uh resolving them so that they cannot be misused by other hackers. They would also analyze and enhance an organization security policies. Now what are policies? Policies are basically documents that have been created by an organization of rules that all the employees need to follow to ensure that the security of an organization is maintained. For example, a password policy. A password policy would help users in an organization to adhere to the standards the organization has identified for a password complexity. For example, a password when a user is creating them should adhere to standards where they are using random words. They are uh they contain the alphabet A through Z uppercase and lower case 0 through 9 as numeric and special characters and they're randomized so that the password becomes more more stronger to prevent from brute force attacks. So what would an ethical hacker do at this point in time? They would try to test the strength of the passwords to see if brute force attacks or dictionary attacks are possible and if any of these passwords can be cracked. They would ensure that all the employees are following the policies and all the passwords are are as secured as the policies want them to be. If there are any gaps in the policies or the implementation of the policy, it is the ethical hacker's responsibility to identify those gaps and warn the organization about it. Similarly, they would also try to protect any personal information, any data that is owned by the organization that is critical for the functioning of the organization and they'll try to protect it by from falling into the hacker's hands. Now what are the skills that are required of an ethical hacker? These are the following skills. So first and foremost they should have good knowledge with operating systems such as Windows, Linux, Unix and Mac. Now when we say knowledge about operating systems, it's not only about how to use those operating systems but how to troubleshoot those operating systems, how these operating systems work, how these operating systems need to be configured, how can they be secured. For example, securing an operating system is not only installing a firewall and an antivirus, but you need to configure permissions on an operating system of what users are allowed to do and what users are not allowed to do. For example, limiting the installation of applications. How are we going to do that? We need to go into the system center, the security center of Windows, and we need to configure security parameters over there of what are acceptable softwares and what are not. Same with Linux and uh Mac softwares, operating systems. So we need to know how we can secure these operating systems. Similarly, all of these would have desktop versions and server versions of operating systems. As a ethical hacker, we need to know the desktop and server versions both how to configure them and how to provide services within the organization on these servers so that they can be consumed in a secure manner by all the employees. At the same time, they should also be knowledgeable of programming languages or scripting languages such as PHP, Python, Ruby, HTML for programming, if you will, because web servers come into the picture. So again, they should not be great developers where they can create huge applications, but they should be able to develop scripts, understand those scripts, analyze those scripts, and figure out what the output should be of those scripts to achieve the hacking goals that they have set out for. An ethical hacker should have a very good understanding about networking. No matter whether you're in application security, you're in network security, or you're in hostbased security. Since a computer will always be connected to a network, either a local area network like a LAN or the internet, we should know how networking works. We should know the seven layers of the OSI model. We should know which protocols work on those seven layers. We should identify the TCP IP model and how OSI model can be mapped to the TCP IP model. We should understand how TCP and UDP work. How uh how each and every protocol is crafted, how they are supposed to behave for us to analyze and understand any network-based attacks. We should be very good in security measures. So we should know where those vulnerabilities would lie. What are the latest exploits available in the market and we should be able to identify them. We should be able to know the techniques and the tools of how to deal with security, how to analyze security and then how to implement security to enhance it as well. Along with that, it is important that a security analyst or ethical hacker is aware of the local security laws and standards. Why is that? Because an organization cannot do any illegal activity. Whatever responses that they have, whatever security mechanisms, whatever security controls they will implement, they need to be adhering to the local law of the land. They should be legal in nature and should not cause undue harm to any of the employees or any of the third party clients that they are dealing with. So the ethical hackers should be aware of what uh security laws are before they implement security controls or even before they start testing for security controls. And all of these should be backed up by having a global certification or a globally valid certification related to networking, related to security, ethical hacking, the law of the land, anything and everything. maybe even programming. Uh it's good to have a certification in PHP, Pearl, Python, Ruby and so on so forth. Why? Because most of the organizations when they hire ethical hackers look out for these certifications especially globally valid certifications so that they can be sure or they can be assured that the person that they are hiring has the required skill set. So let's talk about a few of the tools that a ethical hacker would utilize uh in their testing scenarios. To be honest, there are hundreds of tools out there. What you see on the screen are just a few examples of them. Uh Nessus is a vulnerability scanner. What is a vulnerability scanner? It is an automated tool that is designed to identify vulnerabilities within hosts, within uh operating systems, within networks. So they come with their readym made databases of all the vulnerabilities that have already been identified and they scan the network against that database to find out any possible flaws or any possible vulnerabilities that currently exist on the host or the operating system or on the network. Similarly, there would be application scanners like uh Aunetics or Arachnne that would help you scan applications and identify flaws within those applications as well. Now all of these are automated tools. The essence of ethical hacker is when these tools churn out the reports. The ethical hacker hacker can understand these reports, analyze them, identify the flaws and then craft their own exploits or use existing exploits in a particular manner so that they can get access or they can bypass the access security controls mechanisms that are already in place. How can they do that? With the tool called metasloit. You see that big M there on the right hand side. That M logo is for a tool called metas- exploit which is a penetration testing tool. What is a penetration testing tool? It is that tool that will allow a ethical hacker to craft their exploits or choose their exploits for the vulnerabilities that have been identified by Nessus. Since we are interacting with computers, we will always be interacting using tools, right? So the first tool Nessus identifies the flaws and the possible list of vulnerabilities. We do a penetration test using metas-loit to validate those flaws and to verify that those flaws actually exist and try to figure out the complexity of those flaws and that's where metasloit helps us do that. Wireshark would be used in the background while we are doing both the activities using Nessus or metasloit to keep a track of what packets are being sent and by received on the network which will help us analyze those packets. So whenever I run a necess scanner I would run a wireshark in the background. it will capture the data packets and I can go through those data packets and analyze that data packets to identify what Nessuses is actually trying to do. Similarly, when I try to attack a machine using exploit on metas-loit, I'll keep on wireshark running in the background to capture the data packets that have been sent and the responses that I've received from the victim. So that I can also go through those packets and analyze the responses and analyze the attack whether it was successful to what extent was it successful and basically will also give me a validation a proof of the activity that has happened. N MAPAP is another automated tool that allows me to scan for open ports and protocols. So why would I use N MAPAP? Because pro ports and protocols become an entry point for a hacker to gain access to devices. For example, when we connect to a web server, we connect through a web browser, but we automatically connect to port 80 using HTTP and port 443 is using HTTPS. So if I'm connecting to a web server using HTTPS, it is safe to assume that port 443 on the web server is open to accept those connections. Similarly, there would be other services that may be left open on the web server because nobody thought about configuring it or they misconfigured the web server and they left unwanted services running. So end mapap will allow me to scan those ports and services and allow me to understand what services are being offered on that server. So then I can start analyzing that server, identify those flaws within those services and then try to attack them. If the application that I'm analyzing is connected to a database and I want to do a SQL injection attack or if I if Nessus tells me that there is a SQL injection attack that may be possible on that particular application, I can use an automated tool called SQL map or SQL map that would allow me to automatically craft all the queries that are required for a SQL injection attack and help me do that attack at the same time. So here I do not have to manually create my own queries. Uh the SQL map tool would automatically create them for me. What I would do is I would use Nessus to identify that particular flaw. If Nessus reports that flaw, I would then go use the tool SQL map configure it to attack that particular web server. And when I fire off the tool, it will then automatically start directing queries, SQL injection queries to the database to see if those uh databases are vulnerable and if yes, what data can be retrieved from those databases. So all of these tools in a nutshell would help me hack networks, applications, operating systems and host devices. And this is what the ethical hacker does. They use these kind of tool sets. They identify what attacks they need to do. They identify the right tool for that particular attack and they write their exploits. They create those attacks and then they start attacking analyze the response and then give a report to the management uh providing them feedback about how the attack was created or crafted, what was the response to that attack and whether the attack was successful or not. If successful, they would also give recommendations of what to do to prevent these attacks from happening in the future. So when we are doing these attacks or when we want to launch these attacks, what is the process that we would follow? So there are six steps that we would do as a ethical hacker. If you are just a hacker, you probably wouldn't do the sixth step which is a reporting step. So the first step that would be done is the reconnaissance phase which is the information gathering phase which is very important from ethical hacker's perspective or a hacker's perspective because if I want to attack someone or something as a digital device, I need to know what I'm attacking. I need to know the IP address of the device, the MAC address of those devices. I need to know the operating system, the build or the version of that operating systems, applications on top, the versions of those applications, so I know what I'm attacking. For example, if I if I want to attack a server, I assume it's a Windowsbased server and I use a particular tool to attack it, but it actually turns out to be a Linux based server, my attacks are going to be unsuccessful. So, I need to focus my attack based on what is there at the other end. So in my information gathering phase, I want to identify all of that information. Once I have that information done, I'm going to scan those servers using tools like end mapap that we just talked about and we're going to try to see the open ports, open services and protocols that are running on that server that can give me possible entry points within the network or within the device or within the operating system. At the same time along with the scanning with N mapap I would run a vulnerability scanner the Nessus vulnerability scanner we talked about or aunetics for applications and then I would try to identify vulnerabilities in those applications operating systems or networks. Once I have identified those vulnerabilities in the scanning phase I would then move on to the gaining phase where I would then craft my exploits or choose existing exploits and start attacking the attacking the victim. At this point in time, if my attack is successful, I will probably have gained access uh by either cracking passwords or escalating privileges or exploiting a vulnerability that I may have found during the scanning phase. Once I have gained my access, I want to maintain my access. Why? Because the vulnerability may not be there for long. Maybe somebody updated the operating system and hence the flaw was no longer exist existing or somebody changed the password that may I may have cracked. Thus, I no longer have access. So what do I do to maintain my access? I install Trojans or backdoor entries to those systems using which I can secretly in a covert manner get access to those devices at my own will at my own time as long as those devices are available over the network. So that's where I maintain my access. I have hacked them. Now I want to maintain my access. So I install a software which would give me a backdoor entry to that device no matter what. Once I've done this I want to clear my track. So whatever activity that I've been doing for example installing a Trojan a Trojan is also a software that would create directory directories and files once installed on the victim's machine. So I want to hide that. If I have access data stores, if I have modified data, I want to hide that activity because if the victim comes to know that something has happened, they would start they would start increasing their security parameters. They might start scanning their devices. They may take them offline. Thus my hack would no longer be efficient. The reason I'm clearing my tracks is that the victim doesn't find out that they have been hacked or they have been compromised or even if they do find out that they've been compromised, they cannot trace the compromise back to me. So I would be deleting references of any of the IP addresses or MAC addresses that I may have used to attack that particular device. And this is where I would be able to identify where those logs were created, where those traces are. Once I take off those traces, the victim would not be any wiser of whether they have been compromised or who compromised their system. And if I am successful at all of these stages or what to whatever extent the success that I've achieved in any of these stages, I would then create a report based on that and I would report to the management about the activities that we have been able to do and whatever we have been able to achieve out of those activities. For example, we identified 10 different flaws. There were 20 different attacks that we wanted to do. what attack did we do? What was the outcome of that attack? What was the intended or or the expected output of that attack? I'll create a report which would give a detailed analysis of all the steps that were taken along with screenshots and evidences of what activity was conducted, what was the output, what was the expected output and I would submit that report to the management giving them an idea of what vulnerabilities and flaws exist in their environment or their devices that need to be mitigated so that the security can be enhanced. So these are the six steps that the ethical hacking process would take. uh just going through this the uh reconnaissance is where you're going to use hiking tools like N map edgep to obtain information about targets there are hundreds of tools out there depending on what information you want then in scanning again N map MAP next pose these kind of tools to be utilized to identify open ports protocols and services in gaining access you're going to exploit the vulnerability by using the metasloit tool that we talked about in the previous slides in the maintaining access you're going to install back doors you can use metasloit at the same time uh you can craft craft your own scripts to create a Trojan and install it on the victim's machine. Once you have achieved that, clearing tracks is where you're going to clear all evidences of your activity so that you do not get caught or the victim doesn't even realize that they have been hacked. And once you have done all of this, we are going to create reports that are going to be submitted to the management to help them understand the current security evaluation of their organization. So now let's see how we can hack using social engineering. Now what is social engineering? Social engineering is the art of manipulating humans into revealing confidential information which they otherwise would not have revealed. So this is where your social skill and your people skills come into the picture. If you're able to communicate effectively to another person, they would probably give up more information that they intended to give out. Let's look at look at examples. Right? If you see on the screen fishing activity, what is fishing? We receive a lot of fake emails on a regular basis. We have always received those emails where we have won a lottery of a few million dollars, but we have never realized that we didn't purchase a lottery to win a lottery in the first place. We have always had those Nigerian frauds where a prince died in some South African country and you out of 7 billion people on the planet have been identified where they want to transfer a few hundred million through your account and they want to give you 50% of that money in return as thank you. So, some very basic attacks where you go onto websites and there's a banner flashing at you saying, "Congratulations, you're the 1 millionth visitor to this website. Click here to claim your prize." All of these are social engineering attacks, fishing attacks, fake websites, fake communications being sent out to users to prey on their gullibility. Most of humans always have that dream of striking it rich, winning a huge lottery once and for all, and living their life lavishly ever after. But sadly in the real world that's not that doesn't happen that often. And if you're receiving those mails, it is very important that you first research the validity of those those communications before you even want to act upon them. So why are a human susceptible to social engineering? Because humans have emotion. Machines do not. Try pleading with a machine to give you access to a account that you have forgotten a password to. The machine wouldn't even know what you're doing. Try pleading with a human sympathy or empathy where you could try to create a social engineering attack where you can plead with them saying if I do not get access to this account immediately I might lose my job and then that would put my family into problems. Somebody would feel empathy or sympathy towards you and help you reset that password and give you access to that account. It's how good the attack is and how convincing you are for the success of this attack to happen. So what is a familiarity exploit? Attackers interact with victims to gain information which will benefit the attackers to crack credentials. As passwords, if we want to reset our passwords, what do we have as a mechanism to resetting passwords? We have some security questions that we set up. Those questions are nothing but personal information that we would know. But through a social engineering attack, we it would be easily be able to uh gather the information that you have set for your security questions. The security questions can be as simple as the first school that you attended. You probably have that listed on your LinkedIn profile. where a per person can just go in there and see your academic qualifications and identify the school that you were in right similarly it might also be a question what was your mother's maiden name that's a very good attack and that's uh I mean if a person can interact with you let's say they're trying to take a survey and they approach you for a feedback on a particular product that you have been utilizing and they ask you these questions you wouldn't think twice before giving those answers as long as the request sounds legitimate to us we are able to justify that request we do answer those queries. So it's upon us to verify the authenticity of the request coming in before we answer it. Fishing as discussed would be fraudulent emails which appear to be coming from a trusted source. So email spoofing uh comes into mind, fake websites and so on so forth. Exploiting human curiosity, curiosity killed the cat, right? So there was there's so many physical attacks where hackers just keep pen drives lying around in a parking lot. Now this is a open a generic attack. Whoever falls victim will fall victim. So if I just throw around a few USBs in the parking lot obviously with Trojans implemented on them. Some people who are curious or who are looking for a couple of freebies might take up those pen drives plug them in their computers to see what data is on their pen drives. At the same time once they plug in their those pen drives on their computers the virus or the Trojan would get infected and cause harm to their machine. Then exploiting human greed. We just talked about the Nigerian frauds and the lotteryies, those kind of attacks, the fake money-making gimmicks. Now, basically, this is where you prey upon the person's uh greed kicking in and they clicking on those links in order to uh get that money that has been promised to them in that email. So, one of the safest mechanism to keep data private and to keep yourself secure is using encryption. Now, encryption can happen through cryptography. What is cryptography? Cryptography is the art of scrambling data using a particular algorithm so that the data becomes unreadable to the normal user. The only person with the key to unscramble that data would be able to unscramble it and make sense out of that data. So we're just making it unreadable or non-readable by using a particular key or a particular algorithm and then we're going to send the key to the end user. The end user using the uh same key would then decrypt that data. If anybody compromises that data while it is being sent over the network since it is encrypted, they would not be able to read it. So the encryption algorithm would be something like this. Now if you see uh the computer would once made into unreadable format would look like eqo rxv gt. For a end user it wouldn't make any sense but the person who has a key to unscramble that would be able to convert it back to computer and then understand the meaning of that word. So this is just a substitution cipher that is being shown on the screen. So what is the alphabet? The key is alphabet + 3. So C plus three alphabets that becomes E. O becomes Q. M becomes O. So the key that is utilized to scramble the data is the character that you are at. The third character from there would be the corresponding key. So the encrypted message is also known as a cipher. The decryption is just the other way around where you know the key now and you can now figure out what that E correspondent to by going back three characters in the alphabet. Most of the times a certified ethical hacker must decrypt a message without knowing the secret key. So let's say a ransomware has affected your organization or has affected a device and you want to figure out uh or you want to decrypt that data. Now, as a ethical hacker, you wouldn't be for paying a ransom uh to the hacker, would you? So, it is now your prerogative of how you're going to work around and how you're going to try to crack the encryption mechanism, how to crack the cipher to decrypt that message and see what's within it. Right? Decryption without the use of a secret key. That is known as a crypt analysis. Cryp analysis is the reversing of an algorithm to figure out what the decryption was uh without using a key. So cryp analysis can be done using various formats. The first one is a brute force attack. Second is a dictionary attack. The third one is a rainbow table attack. A brute force attack is trying every combination permutation and combination of the key to figure out what the key was. It is 100% successful but may take a lot of time. A dictionary attack is where you have created a list of possible encryption mechanisms, a list of possible cracks and then you try to figure out whether those cracks work or not. Rainbow tables are where you have an encrypted text in hand and you're trying to figure out uh the similarities between the text that you have and the encrypted data that you wanted to decrypt in the first place. So in the brute force attack, you're trying every possible combination permutation of what the key would be. In dictionary attack, you have a word list that would tantamount to the key. And if you're you're trying to match all the words listed in the text file or the word list to see if any of those words are going to work to decrypt that data. Here in the rainbow table, the cipher text is compared with another cipher text. You find out similarities and then you try to work or reverse engineer your way accordingly. So let's have a quick demo on cryptography before we end this session. So to begin with the demo of cryptography, we are on a website called spammimic.com which will help us scramble the message that we created into a completely a format which would be unrelated to the topic at hand. So if I say I want to encode a message, turn a short message into spam. So what this does is you want to send across a secret message, you type in the secret message, a short one and it will convert that into a spam mail. You send it across. So whoever is reading that spam mail would never get an idea of the embedded message within it. So if I want to type in a message here, hi this is a secret message. The password is as at the rate 1 2 3 4 and I want to send this out to people or to one of my colleagues but I want to send it out in a secret manner so that others are not aware of this. So when I press on encode what the algorithm would do is it will convert this message into a spam mail. So my message hi this is a secret message the password is at the rate 1 2 3 4 or ASD at the rate 1 2 3 4 gets converted into this. Now if you read it dear e-commerce professional this letter was specially selected to be sent to you. This doesn't make sense. There is nowhere or no reference to the actual message that I've already said. So if I copy this entire message and I send it let's say via email to the recipient. Now the thing is that the recipient needs to know that I've encoded it using spam mimic. The algorithm rem need needs to remain the same. So once they know that it is spam mimic what they can do is now in this instance what I'm going to do is I'm going to open up a new browser and I'm going to go to the same website and at this point in time I'm going to click on decode. When I click on decode I'm going to paste the message that I've just copied. There we are. And this message is now being copied into a different browser. And if I decode this, you will see that it will convert it back to the original message that there was. So the key is there at spam mimic and uh it is embedded within the message. So whenever we paste the message in the decode factor, it knows what the key was and it can decrypt that message and give me the actual message that was embedded within it. There we are, the entire message. This is what we created in the Google Chrome browser and in the Firefox browser we decoded. Similarly, if I want to protect these kind of messages, there is an aspen encrypt.com website where let's say we use text encryption and I want to encrypt the same message. This is a secret message. The password is ASD at the rate 1 2 3 4. And then I give it a password to protect this message. Let's say the word password. And I use the cipher to scramble this by using let's say AES which is the strongest cipher right now and I say encrypt. So this is what the encryption would look like. And basically uh if I don't have the password over here, if I decrypt it, you would see that the error has occurred. Now if I type in the password over here and then decrypt it, it will be able to convert that back into the unscrambled text and it will give me what the original message was. This is a secret message. The password is ASD at the rate 1 2 3 4. So if I want to keep my data secure from hackers, I want to scramble it in such a way that they would not be able to crack it or it would be very difficult from for them to crack it. And this is one of the first mechanisms that would be recommended by any ethical hacker to keep the data secure. Now let's talk about downloading and installing Kali Linux. Along with that, we'll also be looking at the basic commands that are required for Kali Linux. All right. So I've opened my browser and we want to go to the Kali website. So we want to go to kali.org. org. You can directly type in kali.org and go to the website. I can just do a Google search and say kali download and it will give you the same website but it will directly take you to the downloads pages. So either here and or you can go to the homepage uh cookies are being installed on your machine. So uh see which cookies you want to allow. I'm only going to use the necessary cookies to support this site. And you can see that this gives you the latest Kali Linux news and tutorials. gives you the latest release, what is in that release and gives you a lot of documentation which will help you understand what tools have been developed and what functionality has been given in the latest version. If you want to download, you can directly go here and you can download Kali Linux. Now Kali Linux is a 2.6 GBTE download. So it's going to take time. The latest version being 2019.4. And we click over here. I'm using a download manager to manage all these huge downloads. And uh you can see it's pointed to the operating systems folder and it is going to be a 2.57GB download. So you click on download and in the background uh you can see this is going to be downloaded and we're going to minimize this and uh it will take a few minutes for that to download. But this is an ISO image. So we need to install it on a virtual machine. So what we need is we need to use a hypervisor which will allow us to create virtual machines. So we can either use VMware workstation which you can download from here. However, uh this is paid version. So you can see it is around $250 or something for uh this software. But it is a very good software to have. So if you click on download now, it is going to start the download. It's a 30-day trial period if you want to use it. After 30 days, you'll need to enter the key which you'll get after purchasing the software. If you do not want to utilize this the free version that you have, you can either download VMware Player, but there are some limitations for VMware Player that you might want to look at. Does you want to compare these products before you want to purchase them, right? Otherwise, you can download Oracle Virtual Box, which is a free hypervisor. It's not as robust as VMware Workstation, but it does the trick, right? So the the free version uh 6.1 is free and you can then create your own virtual machines over there and install operating systems on them. What I do have I already have a VMware workstation installed. So I'm just going to open that up and that's my VMware workstation. As you can see I already have a lot of virtual machines created over here. What we going to do is we going to configure a virtual machine for the Kali Linux operating system that we are downloading which should be somewhere here. Let's see it's at 43%. So all halfway there. Till then let's create the virtual machine. So I click on file create a new virtual machine. I'm going to customize that machine. So click on next. This limit default. We don't want to change that. And then we want to install the operating system later. We don't want to point it out right now. So I'll just click on I will install the operating system later. Click on next. We want to install Linux. Now in the dropown you would not see Kali Linux over here. However you can choose Ubuntu 64-bit. That's what I'm going to choose. There it is. Next. What is the name that we want? I want to give it Kali Linux without the typo. And I want to store it in one of the folders that I've created. By default, it stores on the C drive, which is not a good place to store. Uh you don't want to run out of space on your C drive. So, I'm going to click on this PC. And this is my data. And in here, I'll have a folder called virtual box or virtual machines. There it is. within which you can see the other software that I already created. I'm going to create a new folder and call it Kali 2019 L. L for is is latest for me because you can see already have a Kali Linux. So I'm just going to identify this folder with the L at the end. Going to select it and click on okay. You can see the path being changed over here. Click on next. It's going to ask you how many processors now depending on the processor that you have. You can see I've got a 8 core i7. So if I give it 16 cores or 16 processors, that's not going to work. I cannot go beyond what the physicality already is. So for this machine, one processor with one core is more than enough. If you're going to lo use a lot of tools at the same time, you might just want to give it two cores. So we've given it two cores. It will ask us for RAM to be provided for this virtual machine. By default, 248 MGB. That's 2 GB of RAM is more than enough. If you require more, we can change this later on. So click on next. We want to use NAT for now. Leave this default. Next. Whatever is recommended, keep it the way it is. We do not want to change it. Next. Create a new virtual hard disk for this machine. And it is going to ask us the size. 20GB is more than fine. Store it as a single file. We don't want to use multiple file options. Click on next. And then click on browse where we want to store the VMDK file or the virtual hard disk file. And we go back again to the same folder that we had created virtual machines. and we look at the Kali Linux Kali 2019 L and we want to store the VMDK file over there. Once we save it, we want to click on next and then we want to click on finish. So this is the virtual machine that has been created right here. Right now this is the basic configuration. Now where are we at with the operating system and you can see the operating uh system has been downloaded and it is stored in this particular folder. So we go to E drive. So we're looking for the so the operating system that we have downloaded. We download it in the operating systems folder and if we go in here you can see the current one the Kali Linux 2019.4 ISO right here. So what we do we go back to the Kali Linux machine that we have created edit virtual machine settings and we point this virtual machine using the CDDVD and then we point the ISO the one that we downloaded over here. So we go back to E drive we go back to OS and we click on Kali Linux 2019. Click on open. So now when this boots up, it will boot up with this ISO and then it will allow us to install the operating system. So click on okay. Then we click on power on this virtual machine. It will start powering on. It will boot through to the ISO and it will start giving us the booting option. So I'm just going to uh enter the full screen mode over here for this to be better visible. And we don't want the live mode. What we want is we want to use the graphical install. And then we highlight that. We press enter. And you can see the setup starting up. We'll wait for the GUI to pop up. There it is. Which language do we want for now? We want English. Click on continue. Where are we located? Click on continue. And the configure your keyboard. We want the US keyboard, American English. Continue. It is going to detect the hardware. So, as you can see on the screen, it's attempting a auto configuration for most of these uh settings. The network with DHCP. data has identified the network cards uh hardware like uh the processor that has been provided. Now it is asking for a host name. We're going to leave it at default. We're going to click on continue. Domain name. I'm not joining this into a domain as yet. This is going to be a standalone machine. So I can leave this blank. Click on continue. Now it is going to configure the network. It is asking for a password at this point in time. The root password. Type in any password that you want. Ensure that you remember the password. Now by default the uh username for the account is the name is the word root. We are just creating the password for the root account. And then we want to click on continue. Setting of the clock looking at the hard disks. Now here it asks us do we want to use the entire disc the 20GB virtual hard disk that we had provided or do we want to give it a manual configuration or a guided one where we want encryption and a logical volume management coming into the picture. We're just going to use the first option guided you use entire disk. Don't worry, it's only going to use the virtual disc that we had created. Click on continue. It will give us that it's a 21.5GB VMware virtual disc that we had. And click on continue. All files in one partition. That's what we want. Recommended for new users. Whatever it is, we don't want to change these folders. Continue. And this is what we have configured. Uh once we click on continue, it is going to say you are you sure you want to make these changes? Click on yes. Click on continue. And it will start installing Kali Linux on your device. Now this is going to take a few minutes for the installation to work. All right. So that's the installation that's completed. Now it's asking us to configure a package manager. A network mirror can be used to supplement the software that is included on the installation media. This may also make new versions of software available. Do you want to use a network mirror? We can click no for now and then click on continue. Now this is going to install the grub boot loader. This might take a few minutes as well. Install the group grub loader to the master boot record. Yes. Click on continue. Click the hard disk that you have just utilized. This is the one. Click on continue. It will install the grub boot loader running through the last phases of the installation. And now it says the installation is complete. We want to click on continue. Finishing the installation. And then it will do a reboot. All right. And you can see this is starting up. So we are going to use you just wait out the boot. And now it started the booting sequence. Just going to maximize the screen. And you can see it's asking me for the password. This is the one that we created. Now that's the that's not the password. That's the username. That's the root and the password that we had created at that point in time. And then click on log in. And this is your screen. And now what we need to do here is we need to install VMware tools which will help us manage the screen and help the virtual machine to be a little bit better uh integrated on the system. So that's not mounted yet. So we're just waiting for it to mount. There it is. And what we want to do here is open VMware tools upgrader. All right. So what we want is we want to extract or we want to use this open X archiver. And once we do that, we'll see the VMware install.pl. Double click on that. All right. We've got the VMware tools here. What I've done is we have extract to and I've extracted that on the desktop. Right. So what we just did was click on the desktop over here. open and this is what it will do and click on extract. Now the error is happening because I've already extracted this. Open this up. We want to run this VMware install.pl. So what do we do? We open up the terminal window which is the command line interface over here. And now this is where some of the commands come into the picture. So for example pwd it will show us the present working directory. ls will show us the list of the folders that are there. So the folder that we have is on our desktop. So we'll just change directory to desktop. Press enter. Do an ls. That will show us the list. And you can see VMware tools distrib. That's the folder that we have right here. Right. So we want to go into that folder. CD VMware. At this point you can just click on tab and it will populate everything over there. Press enter. Do an ls. And we want the VMware install.pl to be executed. All right. So we tried executing that command. We had an error over there. So what we need to do is we need to execute this command. So dot /vmware install.pl and it will start creating. Now uh it will ask you for your input installing VMware tools in which directory do you want to install the binary files. Uh by default it is going to use / usr/bin. If I just press in uh enter it is going to use the default. As you can see the input over here. What directory do you want the init directories? I'm just going to press uh keep on pressing enter for the defaults to come in. This part does not exist. It is going to create it. Default. Yes. Defaults everywhere. And then it tries to start initializing it. To maximize this. This is where it is installing. And you can see by it automatically adjusted the screen. And now we got a full screen of Kali Linux right here. Right. And that is what VMware tools does for us once we have installed the operating system. And now you can see the entire screen. on here you will see the tool sets that are given here. Now why are we using Kali Linux in the first place? Because this comes in uh with a bundle of thousands of softwares that are ready to be utilized for ethical hacking right and they have been categorized over here for information gathering, vulnerability analysis, web application analysis and so on so forth. So you can see from foreign sex onwards reporting tools and as you scroll down you can see your development tools graphics coming in internet uh and the system configuration coming into the picture. These are your settings for your operating system. So these are basically your tools. We are right now on the favorites. If I click on information gathering you will see that other tools for information gathering start appearing over here. For vulnerability analysis we have got Sparta Nap fuzzing tools. web application analysis. We have got comics, skipfish, SQL map, database assessments, password attacks and so on so forth. So if you just go in the favorites, this was the terminal emulator that we utilized. This is the command line that we saw. We use the cd command. We use the pwd command. We did the ls command as well to give us the list of the directory that we are in. Similarly, there would be commands like cat. So let's go to cd downloads. Let's see what they uh what's there. I can see this case sensitive. So if I type in a capital D and then do a tab ls there's nothing over here on download. So CD dot dot will take us back one directory. Now you can see we are back from downloads to root. If I want to go to desktop this is how I go to desktop. Do a ls you can see the VMware tools uh folder over there. CD VMware tools and we go into that folder ls which will give us the list of all those files. Now you can see install is a file that we had edited back then. So if I do a cat install, you will see the cat basically is the command that will help us look at the contents of the file. All right, without opening of the file or without editing the file. So you can see just uh if I scroll up, this is where we gave the cat command. It then uh printed the contents of the file over here and then it exited and gave me back the command line right here. Right now if I want to copy this cp root desktop VMware install and if you want to copy it to root downloads and press enter. Now what we are going to do is we going to see if this file the install file that we just edited over here has been cop copied to the downloads folder. So we do a uh we are currently in the VMware on the desktop VMware tools district folder. We do a cd dot dot that takes us down one directory. So we are still in the desktop. do a cd dot dot. Now you can see we are back in the root and now we're going to do a cd downloads run ls and you can see the copied file right here. So if I do a cat install, you can see the same content of that file coming in. So these are some of the commands that we would need to learn as we go ahead. The remove command is let's say we've got install we do a man rm man is the manual page command that uh gives us the pages with the description of how that particular command is to be utilized. So rm is remove files or directories synopsis is the description the options hyphen f for force hyphen i for prompt hyphen capital I prompt once before removing more than three files and so on so forth. If you want to exit this, you can press Q to exit and you come back to this page. So if I say rm install ls, you'll see that the install file has now been deleted. So in Windows, we use the deell command. In Linux, it is the rm command. So this is what we wanted to look at the demo for Kali Linux, how to download it, how to install it, and some of the basic commands that we can utilize. All right, let's begin with the fishing uh tutorial. We have the Kali Linux operating system booted up over here. Uh what we are going to do is we're going to open up a tool called set social engineering toolkit which you would find in this option and that's the tool that we want. It's a command line tool uh a menudriven tool. We are going to host a fake uh Facebook page and we can see how we can harvest credentials by this kind of an attack. So these are some disclaimers you might want to go through there. Do you want to agree to the terms of service? Yes. Press enter and that's your social engineering toolkit and we are talking about a fishing attack which comes under the social engineering attack. So like I said it's a menudriven tool. So we just have to look at these options and then just type in the number of the option that we want. So we want to do a social engineering attack. So I type in one press enter. In that it is asking me whether I want a spear fishing attack, a website attack vector. We going to choose a second option. So I type in two, press enter and then it asks me uh what I want to do. I want to take the third option here credential harvester attack methodology and we want to do the third attack. Now it is asking whether we want to use the inhouse website templates that it already has or do we want to clone a site or do we have a customized site that we have prepared that we want to migrate to this tool. We're going to do the site cloning option. So we going to type in two. Press enter. And then it is going to ask me the IP address where it wants to capture and store the credentials. By default, this is the IP address that I'm using. So if I leave it blank, it will take my default IP address. So I'm just going to press enter. And now it is asking me the URL to clone. So I type in httpsubdubdub.fas.com. What it is going to do? It is going to connect online. And it is now just it has cloned the website uh Facebook login.php. The best way to use this attack is the if you the if the username and password form are in the same field or the same page. Regardless, this captures all posts on a website. So you may need to copy dubdub star into html depending on where your directory structure is. Press return if you understand what we are saying here. So press enter. The social engine toolkit credential hover attack is running on port 80. Information will be displayed to you as it arrives. So the site was 71.134, right? The default IP address. And this is where the website is being hosted. Let's check that out. So let me open up a browser on my host machine and uh let me point it to the Kali Linux machine that we have just created 192 16871.134. And you should see a login to Facebook coming up right here. Looks genuine. It is genuine because we just went online and downloaded this. Let's just have a recap. Let's have a explanation of what we are trying to do. I am trying to host fake Facebook page on my server which has an embedded script in it which is going to do credential harvesting. So the attack here is let's say if I'm now hosted this I can craft a fake email send it across to a victim saying uh your Facebook account has seen some unforeseen activity create a hyperlink using HTML coding within that click here to access your account and verify uh that the account is secure and when they click on that link they will be redirected to my fake page which is here you can see the uh IP address is my virtual machine's IP address but I'm seeing a Facebook login page and I'm going to type in someone at somewhere.com and the password. I'm just going to type in the regular ones that I use. And if you see it when we typed in uh the username and password, the page just refreshed and gave us the login page again. But now, if you look at the URL, I'm actually on Facebook's login page, which is exactly the same that I was hosting. So, a layman wouldn't probably figure out they've been hacked by now. they just would figure out, okay, they probably typed in the incorrect password and the page refresh or something like that and they're just going to log in and they're actually going to access the Facebook page. Thus, they might not even realize that something went wrong. But if I go back to my virtual machine, you can see that it has captured some data and it is reporting over here of what has happened. So, if I just scroll up, let's see what happened here and if we have been able to capture anything. So, we got a hit printing the output. This does the HTTP 1.1200. Okay, response coming in. Password field found and uh we just looking there it is email someone at somewhere.com and uh password that I typed in as at the rate 1 2 3 4. So it has captured the username and the password right here. Uh once we done I mean this is the way attackers work. Now this is a very basic attack. Again uh in the actual trainings you would then look at how you would host this on a real website. Make it a global attack. Right now it's a virtual machine with a class C IP address. So here the thought process is where can we get a free hosting where we can host this kind of sites. Maybe I'll have to purchase a domain which looks like similar to Facebook or the victim that I'm trying to attack. So this is just a P. So we just wanted to find out if we can how fishing is done and this is exactly how it is done right. So pressing Ctrl C would execute this tool and takes you back to the actual menu. Press 99 99 to exit. And there it is. Close the two window. And that's the fishing practical. After fishing, let's talk about SQL injection. SQL injection stands for uh structured query language injection which is a database attack though it resides within the application. So it's the application vulnerability that we are trying to uh look at to try to bypass authentication. As the name suggests, a SQL injection vulnerability allows an attacker to inject malicious input into a SQL statement. What is a SQL statement? A query that is used by an application and is fired off to the database. Database executes that query uh gets that uh information that is required and sends it back to the user if the user is authenticated. So, we're going to look at the SQL injection attack demo here. And uh what we are going to do is we're going to go back to our VMware Workstation. And I have got a tool over here called OASP broken web application which is a utility that has been created for people like us to test our skills to learn on how we can develop our skills further. So this has a lot of uh vulnerable applications built within it. We're just going to try to access it and we're going to see if we can create a SQL injection attack. Just waiting for it to boot up. Once it boots up, it will give us an IP address. There we are. So we need to connect to 71.132. So I can just use the same browser I was using. Close off Facebook. And now go to 192 16871.132. And this is the OASP broken web application project. Uh what we're going to do is we're going to go to utility. And this is a application that has a lot of information within it. You can see it gives you links about what you should do, help me, video tutorials, listing of vulnerabilities that they have and so on so forth. So you can see we are not logged in right now. I'm just going to do this as a demo. So what we're going to do is we're going to look at this and bypass authentication. So we are taken to the login page where you need a username and password to log in. I'm going to type in test as the username and test as the password. Click on login and you can see that account does not exist. So the authentication mechanism works. Now what we want to do is we want to create a query. Now what does a query look like? When I type in a username and a password, if I just type in a single quote here, it is going to create an error. And this is what a SQL query looks like. Select username from account where username is a single quote. And then the exception error happened. So it did it's not showing the rest of the query to us. Now what I'm going to do is I'm just going to craft a query here uh single quote and give it a condition or 1= 1 space. What happens hyphen space is comments out anything after that. So the password field is being commented out at this point in time and I'm just giving it a condition where the condition is true. one does equal 1 and if this condition is true it is going to allow me to log in. So you can see right now we are not logged in this bypasses the authentication mechanism and you can see user authenticated and we are now logged in as admin. So uh in the training what we need to understand uh as a whole is how SQL works what are the queries that are structured with how you can what are the testing operators. Now the single code that we used that was an operator in the SQL syntax. What these operators are, how they function and then how you can leverage these attacks. There are different tools that are given to you in Kali as well that uh you can utilize. So in Kali Linux you can just open up a command prompt and there's a tool called SQL map. You need to give it a particular site. So SQL map u for the URL and whatever the URL is. now URL here and then once you're here we just press the enter key. This tool will craft all the queries in the background for you. You don't even have to no SQL query or SQL languages. Uh this is a very easy tool to utilize. Sadly I cannot demo this on a live website because that would be illegal. But uh you can uh see how you can operate this yourself. That's what uh SQL injections are all about. Moving on, we now talk about uh VPNs, virtual private networks. And a virtual private network is basically a secure network that allows me to anonymize myself over the internet. So what I'm doing is I'm connecting from here to a server that encrypts my channel, encrypts my connection and thus allows me to keep my data secure. Now the basic essence of a VPN or a virtual private network is to allow me this encryption mechanism where I can encrypt and safeguard my data. The added advantage that nowadays a VPN gives is that it can allow us to spoof our IP address or offiscate our IP address so we can actually become anonymous on the internet. It can allow us to use multiple IP addresses and thus uh secure ourself on the internet. For example, I use VPN called Cyber Ghost. And what this allows me to do is it allows me so many servers over here. And if you look at the entire list, all the servers, then there are no spy servers. Uh which and guarantee me that they are not going to keep and store any logs and thus they are not going to record any of the activity that I'm doing. Right? Since they are located out of Romania, this becomes a little bit more safer for me because the government and the laws over there are a little bit more relaxed than other countries. Uh they give me uh different links for torrenting, for streaming, for connection features. So uh there are a lot of VPNs out there. So for example, let's go to the website cyberost.com. So you can see there's a a sale going on 76% sale or you can go on to ExpressVPN, which is also a very good VPN. Then there is NordVPN. It depends on what uh you want and how you want to utilize it. So just purchasing a VPN or getting a free freeVPN is not enough. It depends on which country the VPN originates from and which server you're connected to. For example, most of the countries uh have a pact where they share information amongst themselves. even if you're connected to a VPN. That means that these companies that provide these services have to generate and store logs and these logs have to be reported to the government if they ask for it. Now, if uh there's a list of 14 countries that actually uh focuses on this practice, so you have to find out VPN that and a server that is not a part of those 14 countries and ensure that those logs are not going to be reported to the uh government. And these are what three VPNs basically are something that which are good and I personally use Cyber Ghost. I have used the others. I just keep on rotating them just to get an idea of which one is better. So uh these are VPNs that you can allow you to anonymize yourself on the internet. Moving on, uh these are the ones that we talked about. There are other safer VPN, Hide My Ass, ExpressVPN and so on so forth. From our terminologies, let's now talk about VPS. uh VPS is basically virtual private server where you can rent a service or a server as a service a virtual machine as a service. So basically on a cloud using infrastructure as a service you can rent a server and utilize it for whatever activity you want. So let's go to uh these sites register.com Godaddy network solutions or we can talk about other cloud solutions as well. So here you can get uh register your domain names. Uh so in the previous exercise for let's say when we talked about the fishing exercise uh what we want is we can go on to register.com or we can go on to godaddy.com and we can purchase a particular domain for example something like this instead of the O's I'm typing in a couple of zeros for the Facebook and see let's see if uh anything of that is available now something photo is available or facetips.com is available uh there are other options that are making over here that that they're giving doing this over here. And once we purchase this, we can then have our own hosting uh with a web hosting as a service and uh you can have a Linux based uh hosting or a Windows-based hosting depending on what you want and that's where your shared hosting comes into the picture. If you just want uh if you want to look at a virtual server and you want to render a server over there itself, you can move on to rackspace.com and here in your services you can have physical server or a virtual server in a public cloud. Your other cloud providers uh for example would be Amazon AWS and on AWS you can basically look at EC2 elastic compute cloud which is basically virtual servers in the cloud and over here you can rent out a server with whatever capacity you require. You'll obviously have to pay rent for what what those servers are going to cost but uh once you have those servers you can then launch any services on top of it. Uh looking at uh other services that we have, we talked about to is a onion routing uh software that allows users to browse the web anonymously. So we can just go online and we can try to spoof our identity and I'm going to show you how. So I've got a VMware workstation right here, the one. So we're just going to pull that up and we're going to power on a Windows 7 machine where we're going to look at the onion routing. So our Windows machine has booted up. We're just going to log in and uh this is my Windows 7 machine. Now I've got a Chrome browser right here and we're going to go to a website called seemyip.com which is going to give the IP address that I'm currently using. So right now I'm not on connected to any VPN or anything and you can see that's my IP address that I'm utilizing. Now if I want to anonymize myself what I'm going to do is I am going to uh use to and that's the to browser that's set up right there. If I click on it, it's going to open up the software and it's going to create a new network and it's going to connect to the to network and allow me to anonymize myself. Right. So that's the TH browser opening up and uh giving me a new browser over here. So I've got one which is the old one which is uh my current IP address. If I just refresh that, you'll see that I'm still on the same IP address as far as this browser is concerned. There's a refresh and it's still showing me the same IP address where if I go on to to right now and if I go to see myip.com you will see that it is going to give me and you can see the amount of time it is taking to reach that site that's because I am using a VPN and there's a lot of encryption running off and you can see now I'm suddenly uh connected via Hong Kong and even to reach this site what to does is it gives me a proxy chain. A proxy chain is where it creates multiple hops to hide my identity and uh before I reach see my uh ip.com I am using three different IP addresses over here. One in France, one in Germany and one in Hong Kong. So if I do something over here to trace back my steps to my actual IP address, the law enforcement agencies or anyone who's going to search uh like a foreign investigator would have to go through these IP addresses before they come back to me. Now it's not impossible but the effort and time that's going to be taken to come across three different countries is going to be phenomenal. So it may just defeat the purpose of having so much resources spent to identify who did what. So that's what to does for us. All right, moving on from to we are going to look at key loggers. Key loggers are basically softwares that run in the background and record all the keystrokes of the user. So if I've got a key logger installed right now, whatever I type will be stored in a text file for the hacker so that they can look at it later on. And just to give you an example of that, we go back to my VMware Workstation and we open up another Windows 7 machine. I'm going to power this on and I'm going to close this one till then. So this virtual machine has booted up. We are going to use user one. Login as user one. Just close all these softwares uh which are not required. And once this machine is booted up, what we're going to do is I'm just going to open up a random websites and see what we're doing. Basically, there's a key logger that's there in the startup that's going to record our keystrokes. And we just want to see what it actually does. Now, Firefox is getting updated. So, let's hold on. Now, this is the latest version of Firefox, right? And we're just going to go to, let's say, facebook.com. Wait for the website to open up. All right, let's try opening it up again. And that's facebook.com. And we're just going to type in some random username and password somewhere someone at somewhere.com. And the password being again asd 1 2 3 4 5 6 7 8 9 0. Login. Obviously that login is not going to work. User probably doesn't exist. Or if it does, the password probably is incorrect. And uh so we're going to close this. Uh we're going to let's say open up another browser window. Go to another site. Uh rediff.com and then go to rediff mail. Try the same thing over here. Someone at somewhere.com password 1 2 3 4 5 6 7 whatever it is. Don't say we can see the combination is incorrect. Now there's a key logger running in the background and what we want is we now want to open up the key logger. Now it is visible here because I've kept it visible. You can hide it in the start menu and there's a shortcut key for you to pull it up later on. So this completely becomes invisible and uh what it can do is it basically creates a record of whatever you have been doing so far. So you can see these things populating on the 25th of December. So if I look at the visited websites you can see I opened up Mozilla Firefox the first where it uh there was a problem loading the page then we opened up Facebook then we opened up Rediffmail.com and so on so forth. So this it just gives me the list of visited websites. Whereas if I look at keystrokes and clipboard, you will see whatever we have typed in. So we first typed in facebook.com then again uh the second time I try try to type in then uh I hit backspace. Then I type in facebook.com and then you can see I typed in someone at somewhere.com and in tab a at the rate 1 2 3 4 5 6 7 8 9 0. We closed up the browser. We opened up a new one and we went on to rediffmail.com and then you can see me typing this one then going back one space. then the rest of what I typed and then the password coming in. So that's what a key logger does. If you look at the taskbar, it's not going to show you a key logger running in the background. It's in processes. You're not going to see anything at all, but it's going to mask itself as a service. So if you look into the properties, you can see that icon coming in over here which matches this one. And so you can see that this masking itself as a service.exe. If this gets hidden as well, it would be very difficult for a user to even identify this. All right. So that's what a key logger is. Moving on, let's see what else we want to talk about. So we've talked about to, we've talked about key loggers, and now we want to talk about firewalls. Now, for key loggers to be prevented, we need antiviruses, right? So we know need a good antivirus program that's going to be installed, updated, and run on a regular basis to protect ourselves from malares. But what about network connections? And you need a firewall in a system to prevent or to detect what kind of connections are going on in the first place. Now we cannot rely on softwares 100%. So even if a firewall is not configured properly that's that's going to be a problem. So what we need to do is we have to have a firewall configure it correctly and then allow and disallow certain activity from off uh happening. And what we're going to do is I've got such a system on my machine here. I use a software called glass wire. What it does is it is a network analyzer. So it allows me to analyze whatever is going on. I can see all the apps that I'm utilizing and how much upload and download they have been uh doing all the traffic. So you can see the protocols that I'm utilizing. So I come to know what's going on in the background. And this gives me the entire graph of how much I have been doing for the past 24 hours, past 3 hours, past 5 minutes and so on so forth. Right? So this is what the activities and these are the alerts that it has been generating. I can click on those alert and it will start telling me what it was all about. If the graph doesn't work for me, it gives me usage as well. So how much uh I have utilized since I've installed this software right and what applications have been utilized which host I've been connected to and the traffic type that was utilized and then the things on my network. So these are the devices that I have currently on my network that has been that have been identified and then comes the firewall. So on the firewall the firewall is clicked on you see all those services that have been identified and I can just click on a particular service to lock that service. So this becomes a discovery tool, identifies whatever networking is going on, gives me all that information and then I can look at and I can just click on any of these services that I find it as malicious and block them. I can create different profiles for different applications as I'm as and when I want them and these are the alerts. So you can see that this was the first time a network connection was looked at from VMware and what this allows me to do is whenever I execute a file it can upload it to virus total.com and scan it as a third party antivirus to ensure that there is nothing malicious on it. So I already have an antivirus over here. But if this ever gets compromised, I still can rely on a third party service where in real time as an and when I execute my applications uh they would be verified and I would be assured that nothing is wrong with my system. And this software that I'm utilizing glass wire basic is free and then there are paid versions as well. It's just glasswire.com is where you're going to find this. Moving on, rootkit. Rootkits are also malicious softwares that you allow an unauthorized user to have access to a computer to restrict areas of its software. Now a rootkit in a sense is which uh a software a malicious software that infects a machine and prevents a fun some functionality from it like hiding data or preventing users from uh running antiviruses and uh it's basically a malicious software that is used to hide information from the victim so that they would not realize that they have actually been compromised. It's going to be a difficult showing of a root kit. So I cannot show that demo to you. So we're just going to move on and we are going to talk about ethical hacking techniques. Now now when we say ethical hacking techniques, we want to look at what kind of audits are available when we want to do ethical hacking. So uh there's a blackbox audit, a white box audit and a gray box audit. So if I'm invited in an organization to conduct a test to conduct a audit to conduct a vulnerability assessment or a penetration test to identify vulnerabilities and then try to plug them out. They are going to give me three different variations. In a blackbox audit, they're not going to tell me about the infrastructure. they are not going to give me any information and they want me to start from the basics of gathering information identifying the systems and based on the information that I gather whether I'm able to develop any hacks and get compromise their infrastructure so it will be a simulation of a hacker who's sitting outside the organization and trying to find a way in whereas a white box audit is where full infrastructure knowledge is given anything and everything that is required for an audit is given and this is a simulation of an insider attack a person sitting inside the organization misuse using their permissions and then trying to compromise, trying to get access to data that they do not have access to. So the simulation is from a malicious insider. A gray box is where some partial knowledge is available and from that partial knowledge you're going to try to build up more information and then you're going to try to get access to those resources. What are the tools that we utilize? So we've already had a couple of demos on key loggers, SQL injection, SQL map and so on so forth. Metas-ploit is a very much used tool for penetration testing and uh having knowledge on metas-ploit is very much necessary as far as ethical hacking is concerned. N map MAP this is a tool used for network discovery. Ness a vulnerability scanner. Wireshark is a packet capturer that allows you to capture packets and analyze whatever is going on. SQL map is something that we have seen a SQL injection attack tool which generates its own queries. And John the ripper is a password cracking tool. uh backtrack used to be an operating system that was utilized for penetration testing. However, backtrack has now been replaced by something called Kali Linux and that's the operating system that we have utilized in all our demos where we tried to look at SQL map and those injection attacks that we did. So what are the areas of ethical hacking? We have just talked about all these areas as well. network services. We looked at the glasswware application that showed us how my my machine is consuming networks, which protocols are being consumed, how uh the connections are being uh created. If somebody is able to install a Trojan on my machine, it is going to try to create a new connection on the network with the hacker to allow that hacker a backdoor access. Now, if I have that glass wire or a similar firewall implemented, it is this firewall that is going to detect it and prevent that connection from happening. So if I install a software that is suddenly suspicious or that install something else in the background that I may not be aware of, that tool is going to identify all the connections that are being made and it is going to highlight that connection. I need to go through all of those connections and identify whether they are legit or not. And if I find some suspicious or doubtful, I'm going to block that connection and then I'm going to investigate what's going on. And that's where ethical hacking comes into the picture. You want to find out if your firewall that you have implemented is going to work correctly or not. if the configuration of the firewall is done properly or if the firewall is misconfigured, is it leaking out information, right? At the same time, you're looking at web applications. We looked at the OAS broken web application where we did some SQL injection attacks, right? So, that was a weakness or a vulnerability in that application which would allow us to bypass authentication and get access uh to resources that we were not authorized for. And then client side attack should be where uh you install key logger at the end of the at the client system and then you try to capture whatever data the uh user is typing in like usernames and passwords on the Facebook and the rediffmail.com website that we saw and then try to misuse that information to get access to those resources. Then Wi-Fi networks, right? Wi-Fi is something that we use on a regular basis. We got our smart devices nowadays, smartphones, tablets, fabts that we can connect to Wi-Fi and start using all our services, our banking applications and our smartphones. And thus we want to ensure that wireless connectivity is simple and is secured. So you want to use encryption mechanisms, you want to use tools on your smartphones, antiviruses, firewalls on your smartphones to ensure that whatever you are utilizing is going to remain secure. And then social engineering. We've looked at the fishing website on facebook.com. We've seen how easy it is to clone websites and uh host them on Apache server. So if you look at it as a from ethical hacker's perspective, the job of ethical hacker is to simulate these kind of attacks that a hacker may conduct. And uh first of all, you're basically going to find out areas where these attacks can happen. Think of it from a hacker's perspective. Try to simulate those attacks and see if those attacks are going to be effective. Can those attacks be prevented? and can your current security controls that you have put in place identify, detect and prevent these attacks from happening in the first place. And that is what ethical hacking is all about. Let's look at the metas-ploit attack. Metas-ploit is a framework of penetration testing that makes hacking very simple. You just need to know how to utilize the tool. You need to identify the vulnerability associated with a particular exploit and then run the exploit on metasloit. We'll be demoing this during the practical. So there are active exploits and passive exploits. In active exploits exploits a specific computer, runs until execution and then exits. Uses brute force and exits when an error occurs. In a passive exploit, these exploits wait for incoming requests and exploit them as soon as they connect. They can also be used in conjunction with emails and web browsers. So in passive exploits, we create a payload. We uh like a reverse connection payload. We send it to the victim. Once the victim installs that software, the machine will then initiate a connection to us. our machine will be in a listen mode and then we will once that software is executed at their end we would then try to connect and exploit that particular vulnerability. This is the uh practical that we'll be doing on metasloit. So let's move on with the demos and then we'll see uh what we can discuss amongst them. All right let's have a look at some of the demos that we had uh talked about in the ethical hacking and penetration testing module. We are going to look at three different demos. The first one is going to be a SQL injection attack that we're going to perform on this tool that we have. The second one is a password tracking attack on Windows 7. And the third one is a meetup reader based or a metastasoid based shellshock attack on a Linux based web server. So let's get cracking. I've powered on this virtual machine uh which is the OAS broken web application. It is a tool that is provided for a people who want to enhance their skills and they can practice uh how to do these attacks in a legal manner. So, we are going to go to this site. I'm just going to open up my browser. The IP address is 71.132 and that's the uh OAS broken web application that we want to utilize. We're going to head off to Mutility 2 and we are going to look at uh SQL injection attack where we want to bypass authentication. Now, this takes us to the login screen. So, we can just try our luck here and see that the authentication mechanism works. The account does not exist. So the username and password that we have supplied is not the correct one. So we want to ensure that there's a SQL database and uh we can uh try to attack it and see uh if we can bypass the authentication. Now uh what we want to do is we want to create a SQL based malformed query that can give us a different output. So I'm just going to type in a single quote over here and type login. And you can see that this is now suddenly recognized as a operator and there's an error that is given out compared to the login that we tried uh earlier when we used a proper textbased login mechanism. It gave us the account does not exist. But here the single code gave us a error and it shows us how SQL works. This is the query that we had created. Now in the trainings that you have for ethical hacking there would be explanations of what these queries are all about, how the syntax works. Here we just going to see if we can create a mal for query to log in as a user in this case. So what I'm going to do is uh create the query over here and we're going to give it a comparison. So we're going to give it a or 1= 1 spacey space and if you now click login you should be able to bypass authentication and you can see user has been authenticated and we now have admin access to this application. Now here the SQL queries need to be crafted in such a perspective that they're going to work. So there would be a lot of exercise in identifying what the database is. There's a Microsoft database, an Oracle database and so on so forth. And then you have to choose those proper commands. But identifying that would come in the training. Right now we're just looking at de at a demo. This is how a SQL injection attack works. Now let me log out here. Similarly, now we are in a login page. The same query worked wonders where it allowed us to bypass authentication. So it also depends on what kind of a page I am and what query would be accepted at this point in time. So here application understanding would also come into the picture where uh which function we are calling upon when we are connected to a particular page. Now this is a user lookup function right. So again here we try the same method test that's not going to work. Authentication error bad user on password. And if we type in the same query over here single quote or and give it a condition single quote or 1= 1 space - space. Now here it is not going to log us in because this is not a login page. This is a user lookup form. So here it would instead give us a dump of all the databases that it has. So you can see all the usernames and passwords coming in that are stored in the user lookup field. So this is where the uh understanding comes in of which query to create at what page we are depending upon the function that is being called. Right? So that's the SQL uh injection attack that we wanted to look at. Let's move on to password tracking. Now this is a Windows 7 machine that we have. I'm just going to do a very basic password tracking example. We're just going to log in. Now here the assumption is that we are able to log in. we have access to a computer and we want to check out other users who are using this computer and see if we can find out their passwords so that uh we can login as a different user steal data if required and we wouldn't be to blame if there are any logs that are created. So here we've got a tool called Kane enable that is installed right here. Now I'm already an administrator on this machine. I'm checking out other administrators who share the same privileges or any other user who may be on this system whose password I can crack and thus I would be able to get access through their account and then do any malicious activity. Right? So this allows me to go into a cracker tool and it allows me to enumerate this machine and identify all the users and passwords that are there in this particular machine. Right? So I'm just going to click on the plus sign and I'm going to import uh hashes from a local system. So where are these files stored? Where does Windows store its passwords? In what format are they stored and what this tool does to retrieve those? That's something that we all need to know as a ethical hacker, right? So, import the hashes from the local system. Click on next. It's going to enumerate that file and it is going to give you a list of all the users that are there. So, you can see the users are hacker admin test the one that we are logged in as. And then there's a user called virus as well. And you can see that this is the hash value of the password that is being utilized. Now, there's a particular format uh for the hash value for Windows and how it stores. But once we have these hash values, let's say if I want to crack this password, there are various attacks that we can do. For example, a dictionary based attack or a brute force attack. Let's try a brute force attack. Right? NLM is the hashing mechanism that is used by Windows. So, we're going to try to create an NTLM hash attack. And here we're going to use a predetermined rule set. For example, we are not sure what characters are being utilized over here. So we just create an attack like this using all characters and uh lowerase A through Z, uppercase A through Z, numeric 0 through 9 and all the special characters. Let's say the password is between 7 and 16 characters and this is the character set that we want to try the brute force attack on. What is a brute force attack? It is an attack where the computer is going to try each and every permutation and combination out of this character set and try to figure out if the password is going to be correct. So if we click start, it's going to start with a particular characters and then it is going to identify if that NLM hash is going to work against this character and you can see the time is going to be phenomenal over here. So it's not necessary that this attack would be viable. It will be 100% successful given the time frame. However, the time frame is huge enough for this attack to become a little bit redundant. There are other attacks that we can do which can easily identify this data for us as well. But that is something that we will look on in future videos. So that's how we can get access to users and passwords. Uh there are different mechanisms where let's say we don't have login access. Then what are we going to do? How we can create a fake user login or how we can remotely access a machine and then try to get the same access. And that is what we are going to try to do in the next demo on a Linux machine. So what we are doing in a Linux machine could also be doable on the Windows machine with a different exploit. So what I'm going to do is this is the Linux web server that I have that I'm going to power on. I'm going to use a Kali Linux machine to hack that device and I'm going to just power off my Windows 7 machine. Give it a minute till it boots up. Now this is also a demo machine that we have which has its own preconfigured vulnerabilities. So here we've got something from the pentesters lab uh and has a shell shock vulnerability implemented inside. Shell shock vulnerability uh affects Linux, Mac and Unix based operating systems for a particular version of the bash shell. Bash is the bone again shell which is the command line interface in these operating systems. So what we are trying to do here is we are going to use the Kali Linux machine try to find out the vulnerability over here and if it exists we are going to use metas-loit to attack this machine. Now the first and foremost thing is we want to identify the IP address. We have no idea what the IP address is. We are in the same subnet. So we are assuming that we're able to connect to this machine. So what I'm going to do is I'm going to open up a tool called Zen Map. I'm going to open up a command line interface. Find out what my IP address is. And my IP address is this with a subnet mask of 255255255.0. So I want to see if there are any other machines that are live in the same subnet. And we are doing a ping sweep over here to identify which machines are live. In a minute we'll get all the IP addresses. 71.1 to 133, 254 and 128. We know that we are 128 at this point in time. Uh 254 is the DHCP server. So we assuming that 133 is the machine that we want to look at. And let's then try to see if we can scan that machine 133. And we're going to do an intent scan to find out which ports are open, what services are running over there, and if it is whether the pentest machine that we were looking for. You can see of the start port 22 and port 80. And somewhere here it's going to give us the ports that are open and the details about those ports. And somewhere here it will tell us that this is the pentester lab machine that we wanted which is correct. So now we want to do a vulnerability analysis on this. What we are going to do is I'm going to use another GUI based tool called Sparta which I can just find out from here. Sparta uses two tools in the background end mapap tool and a tool called nikto. So we're just going to start scanning 192 16871.133 was the IP address. Add to scope and over a period of time you can see all of these will start populating with information. There we are. That's the Nikto tool coming in scanning on port 80 which is uh which means that it's a web server using HTTP. It tells us it's an Apache HTT HTTPD2.2.21 and gives us the 22 port number as well. If we head over to the tab of Nikto or let's look at the screenshot first. This is what the website would be looking like and Nikto gives us the options over here. It tells us that there is a vulnerability over here for shell shock and this is the path where the vulnerability is going to exist. So what we're going to do, we go back to the command line. Sorry, we open up a new one. Minimize all these other windows and we're going to open up Metasloit. Metasloit is a penetration testing tool that is used by most hackers and ethical hackers to test applications and test uh existing exploits and vulnerabilities. So just give it a minute till it starts. You can see there are already around 1,700 exploits right here. Uh we're going to see all those exploits with these commands. There we are. Sorry for the typo. And it will just give us a list of all the exploits that are stored in metasloit in this version. So all of these are Windows based. If we scroll up, we will be looking at other vulnerabilities as well or exploits the unique spec exploits linax osx multi exploits and we're looking for a exploit for um multi-based Apache or HTTP. Let's go up. Uh let's look at So this is the one that we're looking for. Apache mod CGI bash environmental executable. So what we're going to do is we're just going to copy it. Go back to the bottom. Say use exploit and paste the one that we wanted. Press enter. Say show options. So it'll ask us to configure this. I'm just going to configure it based on the knowledge that we have. Set our host which is the remote host the victim's machine. So we put in the IP address. It asks us for the target URI. So that's the path that we saw. Set target URI to CGI- bin / status. Enter. Now with the exploit we need to find a payload that is going to give us the output that we want. So we say show payloads and it will give us a list of all the compatible payloads with this exploit. And we want to create a reverse TCP connection which is this. So we know it's a Linux operating system. We want this uh payload to be set. So set payload. Press enter. That's the payload coming in. Show options. Now that we have set the payload, this is the options for the exploit. And now we want to set our options for the payloads as well. So we are creating a reverse TCP connection which means we are remotely executing code at the victim side and making the victim connect back to our machine which means we need to set up a listener. So I need to put my IP address over here. Set local host or LHost 192 168 71 not 128 which was our IP address. Show options again just to ensure everything is fine which looks like it is. And we then type in the word exploit so that it will start this attack. I can see that it has created a mutter session at the victim side and it has opened up a session. So if I do a pwd now pwd is a Linux command for present working directory and it will show us that we'll connect it to where dubdubdub cgi- bin do an ls it will list all the files that's the status file over there. Do a cd backslash it will take us to the root of this machine. Now remember we saw the uh passwords on a Windows machine. Similarly we can head over to the cdet folder ls and you can see these files psd and shadow. Now pssw is the file where linux stores it usernames and shadow is the file where passwords are shown. So do a cat command psd and you can see these users coming up. So you can see the last user pentest lab and you can see there are no passwords. So let's do a cat shadow and that's your hash value for the password that we have for the user pentest lab. So these are the different attacks that we need to understand uh and we need to create based on the vulnerabilities that exist on different machines. So we just looked at Windows and Linux and how we can exploit them depending on existing vulnerabilities. As a ethical hacker, this is uh what we need to learn in our trainings and then we need to clear our exams based on this knowledge of how these things work so that uh we get certified and then we can position ourselves for the uh penetration testing jobs. Now let's begin with who is a certified ethical hacker. A certified ethical hacker is a person who's also known as a ethical hacker. An ethical hacker is just the opposite of an hacker. A hacker is a person who with malicious intent tries to misuse vulnerabilities that they have identified in an organization structure and then gain access to unauthorized data. Whereas an ethical hacker does the same thing. They try to locate the weakness. They try to locate the vulnerabilities and they see how they can be misused. However, the intent is completely different and that is what differentiates a hacker from an ethical hacker. Hacker would be a criminal with a malicious intent who would try to misuse and personally gain by doing criminal activity from that particular activity that they have done. Whereas the ethical hacker would try to help the organization in an authorized manner. So that's where the permission comes into the picture. The ethical hacker has permission from the organization to conduct some activity that would identify vulnerabilities or weaknesses in the information technology structure of that organization. And then once they have been identified, the ethical hacker would then help the organization to plug those vulnerabilities rather than misuse those vulnerabilities. So any person who completes CH version 10 certification is known as a certified ethical hacker. So this is a certification. Once you complete that, once you pass the exams, you can essentially call yourself as a certified ethical hacker and you're going to get a certificate with the same terminology. So as you can see in the diagram your responsibility would be as a certified ethical hacker would be with the proper permission of the organization with the authorization coming in with contracts coming in you would legally help the organization to identify those weaknesses and vulnerabilities and once you find them you're going to report them to the organization and you're going to help the organization with remediation plan which should help them remediate mitigate and resolve the vulnerabilities that you have identified thus making the organization's security structure a lot better based on which black hat hackers or malicious hackers would be unable to attack the organization. So what is CH version 10? Now this course was initially introduced in September 2015 and I think if you look at the versioning this is the 10th version that is there in the market. So essentially C or the certified ethical hacking course as the course itself has been for a long time in the industry. It's a very well accepted course and it's a well-renowned course. The current version as it is was uh introduced in September 2015 and is one of the toughest certifications in the cyber security field. This includes a lot of information that you have to uh learn that you have to know before you can attempt the certification. You will master all ethical hacking methodologies that are used in penetration testing and ethical hacking situations. What does that mean? That means that C version 10 is a structured course that will help you look at all the phases that are used in ethical hacking. all the terminologies that are utilized, all the tools that are utilized in such a manner that you can penetration test or a vulnerability assessment and identify and test the vulnerabilities for their complexity. And this course once you complete the course you would have mastered all the ethical hacking techniques that are required. There are two exams. One is a written exam and the other is a practical exam. Now you can opt for either or. The written exam is basically a multiple choice question exam where uh they'll ask you scenario- based questions and you have to answer those questions. That is something that we're going to look into during this video. The practical exam is basically a simulation exam where they give you a scenario and you have to complete some the complete those tests and prove that you are a good ethical hacker based on the report that you give. If the report tallies to what the test was, you would be clearing that exam. So practical exam is a little bit tougher. It's more hands-on. It tests this actual skills that you would perform in a hacking scenario or a ethical hacking scenario. Does the practical exam going to be that much tougher? The written exam to give it credence tests you a lot on your uh mentality on your thought process on your judgment characteristics. So they will give you a scenario and ask you what do you think is happening? What does this attack trying to amount to or would be what what would be the next step in the particular attack that they're describing. Thus it's more of an intellectual uh test where you uh when your thought processes are being checked and uh you are giving those exam. So what would be the difference between these exams? In a practical exam you would be conducting all those steps yourself and you would be reaching reaching a conclusion. So here essentially you're being tested on the skills that you have developed on the execution part of it and to see whether you can execute a test end to end. Whereas in a written exam, you would be put in the middle of a test where you have to assume something where you have to understand what the steps would have been performed in the in the previous steps and what would be the expected result and you're supposed to analyze that and then come to the correct answer. So if there's a question which which exam is better written or practical the answer to that is from an intellectual perspective a written exam would be a lot tougher than a practical exam and from an execution perspective a practical exam would be tougher than a written exam. So it depends on us which exam we want to give. Both of them are widely accepted and well respected uh in the information security field. So it's just the option that we choose which exam we want to give. Now this course the version 10 course is purely attack based course. Okay. It is an offensive course. There's no defensive mechanisms. So if you're looking for questions of how to secure yourself on the internet, how to securely configure operating system or how to securely configure a server, how to configure a firewall, this is not the certification. This basically talks about attacking those devices. So if you come across a firewall, how would you test a firewall? How would you identify vulnerabilities in those? And how would you bypass a firewall? Similarly, if you come across a server, how you going to attack and hack the server? Let it be Windows or Linux based. So this basically becomes a attack based course. You're looking at offensive mechanisms over here and not defensive ones at all. So what's new in this version? In this version, there's a new module called for IoT, Internet of Things. It focuses on emerging attacks, vectors like cloud, artificial intelligence and machine learning. It basically talks about smart devices and it talks about the vulnerabilities, the risk that the smart devices face in today's world. Uh for example, it will tell you about the industries that are utilizing all these smart devices. why are they utilizing it for, what kind of devices they are utilizing and what are the risks within those devices. It will also give you a lot of tools for you to practice upon to identify such IoT devices. What would constitute an IoT or an internet of things device any device which has an IP address and can connect to the internet and create data. So even your smartwatch, your smartphone, your cars that have internet connectivity nowadays, your uh Google Homes, Amazon Alexas, all of these devices would come under the IoT umbrella. And have you ever wondered about uh sitting at home having a Wi-Fi, having all of these devices, even a smart TV if you will, connected to the Wi-Fi, and have you ever questioned how a hacker would then be able to access your home through all of these devices, record information, and uh basically just spy on you? Similarly, an organization where they utilizing IoT, they would be vulnerable for the same vulnerabilities and this course it does include IoT security to a certain extent. Uh where we talk about vulnerabilities and how to identify those vulnerabilities in IoT. Then there's a new vulnerability analysis module where it gives you risk assessment. It talks about CVSS scoring systems. It talks about how to do a vulnerability management program in the first place. What are the steps required in a vulnerability management program? How should it be reputable and how it should be measurable as a program and what should be the outcome. So basically it will give you a structured way of how to do a vulnerability management assessment and how do you want to achieve the end goal thus leading you to a penetration test. So all the modules are leveled up. What do you mean by leveled up? That means they've been updated to the latest tools, latest standards, latest technologies. So you've got cryptographic attacks, you have got attacks on applications like SQL injection. We'll be talking about packet sniffing using uh various tools. All of these are upgraded which means they are up to the latest operating system. So even when we do this course you'll be looking at operating systems like Windows 10, Windows 8, Windows Server 2012, Windows Server 2016, Kali Linux machines, Android machines and Ubuntu desktop as well. So all of the operating systems are latest, the tools are latest and you will be interacting with these tools. And then there's a mobile security toolkit as well which uh will help you do a penetration test on a mobile device. So these are what is new in version 10. Now let's talk about the roles and responsibilities that a ethical hacker should have when they actually go into the world. Now what are the responsibilities roles what are the capabilities that we should have that we should be able to look at scripts that would test for vulnerabilities. So for example a SQL injection attack it's a scriptbased attack. let's say uh cross-ite scripting attack that is again going to be a script based attack. So we maybe we want to go ahead a little bit look at Windows systems and do a PowerShell attack and know about PowerShell scripting a little bit. If you look at Linux Windows there's a bash shell where there's bash scripting and you'll want to learn that scripting as well. Now the course doesn't include all these scripting languages. It does help you understand what these scripting languages are and it does have some basic introduction to how these languages can be utilized to create those scripts. Then we also want to develop tools to increase security. You want to look at those commands that are utilized on all operating systems. You want to look at the capabilities of those operating systems of how to create security parameters and ensure the operating systems and applications devices are secure. Uh you should be able to perform risk assessment. Now when you say risk assessment, risk assessment is the likelihood of an attack being actually executed on an organization based on the threats and the vulnerabilities that we have identified. So risk assessment is something that uh you find out a vulnerability and then you try to figure out in a hypothetical manner of what is the likelihood of that vulnerability being exploited by a hacker if they find that vulnerability and if they do execute that what is the impact that is going to happen on the organization and what is the penalties or the repercussions that the organization is going to face if that vulnerability is exploited. That's what a risk assessment is. Then we should also be able to develop security policies or set up security policies and implement them to ensure that the security mechanisms are standardized and are consistent. And then we should also look at training staff for network security to ensure that they are aware of these vulnerabilities and they know what their responsibilities are to maintain some semblance of security in the organization. So why do we want to become a certified ethical hacker? Now since you're watching this video, it's easy to assume that we all are interested in security. We all are interested in hacking. But hacking is not a real job. For us to get a job in the industry on a security parameter or information security parameter, we want to become a certified ethical hacker. So if you look at the popular hacking cases that have happened in 1990s there was a national crackdown on criminals. Microsoft entity operating system was hacked. Now, this was back in the '9s when security wasn't that much evolved and there were a lot of attacks back then. Uh that crippled infrastructure, that crippled banks when they started realizing that computing isn't as easy as it seems. Of course, if you use a computer, the functionality is always there. But if the functionality is not properly configured, you're just exposing yourself to cyber criminals where they're going to steal information and your organization may just go bankrupt because of that. In 2013, an example, Adobe reported 2.9 million accounts as stolen. In 2016, Casperski, which is a internet security firm, uh announced that there were 758 million malicious attacks that occurred worldwide. Imagine that. 758 million malicious attacks that were identified and reported. In 2018, Facebook reported a loss of 30 millions to accounts that were stolen. 2018 again Kora reported 100 million customer accounts being stolen and in 2018 again Marriott 500 million travelers accounts stolen and manipulated. Now when you see accounts were stolen how does it affect the organizations? Now first and foremost if those accounts were stolen that means usernames and passwords were cracked and those accounts may have contained credit card information or may have contained some personal information that would identify the personal the person and thus make them gullible for a social engineering attack or an identity theft attack. So it has a cascading effect. If I would have been affected or you would have been affected with these attacks, the repercussions would have been catastrophic. your credit card information being stolen that means somebody else would have misused it and you would have uh seen a huge bill come to come your way. Now you can go back to the bank and uh dispute that but that that's again a dispute that you're trying to have with the bank for something that you didn't do which requires a lot of energy and a lot of time and at the end of it somebody has to pay for that particular loss. Now in this scenario the bank would have had to bear the loss but then that's a loss for the bank and bank doesn't want to do that and that's where they would try to hire certified ethical hackers who would try to test these vulnerabilities and plug them in so that the end consumer is also secured the bank is also secured right in this case uh Marriott there were 500 million travelers accounts that were stolen a lot of credit card information uh was uh leaked out email accounts were hacked and compromised And thus there was a lot of repution that happened. Now the thing is that there are also laws that these organizations need to adhere to that tell the organizations how to keep their information secure and also have penalties in place if the organization gets hacked and the penalties are pretty severe. So organizations do not want to get hacked or do not want to get compromised. Not only from the customers perspective where they would be losing customers, losing reputations and then thus facing losses but also from a legislative perspective where they would have to pay fines to the government for the frauds that have happened. So uh these are some of the popular hacking cases that have cost these organizations quite a lot of money and thus uh they have a lot of security in mind. uh if you look at the news uh in uh BBC news there was something reported from a French uh police that there was a virus that infected more than 850,000 computers worldwide. Now on the similar lines if you remember ransom wares and if you look at wuk cry that happened in 2018 or 2017 it also cost the world $4 billion in losses during that just one small month of its infection. Then Apple Google basically disclosed that a large scale hacking effort was targeted at Apple devices and this has been uh it has reported that there was a sustained effort to hack iPhones over a period of at least 2 years which means that there's a specific target towards Apple consumers and they are at a higher risk of getting hacked than others. Then the Texas government organizations hit by ransomware attack. So hackers have infected 23 organizations connected to local government in the US state of Texas with ransomware. That means that their databases have been encrypted. The government themselves do not have access to that database. The databases could have been compromised by the hackers. And that means that whatever services were being provided to the users based on that database may no longer be available to the end users because of the ransomware. Now moving on with these, why won't do we want to become a certified ethical hacker? Increased attacks lead to more job openings. Now if you look at ransomware, the vanogra attack that happened in 2017, there was a knee-jerk reaction given by the rest of the world for IT security. Suddenly budgets or started opening up. Suddenly people wanted more ethical hackers on their payrolls to test for vulnerabilities. In UK and Europe we have GDPR uh which is again another law that imposes CV of penalties on organizations that get hacked and for not having proper security and a volity assessment and penetration testing program in place. So that leads to a lot of job requirements as well where organizations look at people with the special skill set to help them mitigate the vulnerabilities to keep to safeguard them and their customers from hackers and also from penalties from law enforcement and governments. So thus the demand keeps on increasing for ethical hackers which automatically means that the salaries are going to increase as well. So more the demand, lesser the supply, higher the salaries. That's plain economics. Then challenge hacker with malicious intent. So from a ethical hacker's perspective, it is our duty to safeguard an organization which means that we'll be pitched against hackers and we have to ensure that those hackers would be challenged to the maximum limit before they even try to get access to any of the resources that we are trying to pro protect. It offers a boost in your career. So more uh efforts that you put in, more vulnerabilities that you find, the better the career prospects that you have and the better job aspects that you're going to get. And this also lets you keep yourself updated on the latest technology. As the technology progresses, as we evolve on technology, security will also evolve and the ethical hacker would need to keep themselves updated on these technologies. So this is what is a plus point to become a certified ethical hacker. So why do we want to get the certification and what would it mean by being a Ccertified uh individual? Take this into consideration. You are applying for jobs and uh you have been applying for cyber security related jobs of course and you go in for an interview. In the interview you are asked quite a few questions and they will be testing you on cyber security concepts. So they will be asking you a lot of technical questions about cyber security about information security and any other related topic. So let's say in a few minutes into the interview there are some concepts that you have not brushed your skills upon and they ask you about certifications and one of the main certifications that is sought after is the C certification and if you're not certified that's where things can become a little bit problematic where organizations today very proactively start looking for people or candidates who are already certified rather than take them on board and get them certified. So in this scenario uh having a certification would obviously help not only to be uh shortlisted for the job but the certification involves a lot of training which would help you understand the concepts and prepare you for the interview a lot better as well right so getting yourself certified is quite necessary in today's world let's look at what the certification is all about the certification involves a very hands-on training that trains an individual into thinking about cyber security from a hacker's perspective and developing this mindset is very important because to catch a thief we have to think like a thief teaches the candidate to spot vulnerabilities in a system so it trains you on how to identify flaws how to verify that they exist and then how to treat them as well like I said this is a very sought- after certification and companies look for people who are already certified as C or a certified ethical hacker so what is this certification all about uh this is a global accepted certification and it tests the knowledge that a candidate may will have about threats and their prevented preventive mechanisms. So the certification the exam itself will test you on the parameters. The training would provide you with all the information that you require to clear the exam and to gain knowledge from a real world perspective. So it will train a candidate to think like a hacker. It will train the candidate to use the tools to identify those flaws uh to spot those uh flaws in the first place and it will give an understanding to the candidate where to look for those flaws in the first place. So essentially when you get certified as a certified ethical hacker you become a white hat hacker or a ethical hacker which means that you will be looking at flaws ethically and reporting them to those organizations. The certifying authorities the EC council it is a very well-known and a widely accepted certification authority across the globe. It is based out of the United States but the certification is valid across the globe. So what does it take to take the exam and who can take the exam in the first place? Now the basic criteria is that a candidate should be 18 years and above. So any person who has completed an official EC council training is eligible to attempt the exam without going through an application process. So there are two ways you can actually attempt the exam. You either have work experience that means you're already in the cyber security space, you already have some uh you already have some hands-on knowledge and you want to give the exam. In that scenario, you just have to prove that you have got two years of experience with network or information security and then you can apply to EC council to directly appear for the exam without attending the training. Else you can then approach EC council and register yourself for a training course after which you can give the exam. So there are two ways that you can deal with it. What are the fees for this exam? Now the fee itself is $500 for the exam. Candidates who take the second route where they prove that they have experience and they directly want to appear for the exam. There is another additional $100 of application fee that they have to pay to EC counselor for them to verify that you actually have that experience and then allow you to appear for the exam. So what are the exam questions like? What what is the exam all about? The exam code is 312-50 and there are 125 questions that need to be answered in 4 hours. Now that sounds like a lot of time but trust me it isn't. The questions are descriptive in nature. They give you a scenario. You have to identify those keywords based on the knowledge and the understanding that you have and then gauge the correct answer for that particular scenario. And the scenarios could be a little bit complex could be a little bit confusing. The exam will be a multiple choice question exam. So one questions with four answers. If any question has multiple answers they will mention it in the question itself. The pass percentage cuts off at around 60 to 85%. So there is no fixed percentile. Every question has a different grade. Every question has a different value and based on the questions that you have been asked and the correctness of the answers, you would either pass somewhere between 60 to 85%. The results are immediate. So once you complete the exam and you submit it, it will uh let you know that itself whether you have cleared or not. So what are the skills that you require for this exam? You must have very good networking skills. And when we say networking skills, you should know your protocols. You should know how computers communicate with each other. Uh the protocols like HTTPS, FTP, SMTP and anything about the OSI layer. You should be good with your operating systems. The candidate should also have a very good knowledge about operating systems. And when we say operating systems, we want the candidate to know about troubleshooting methods and how the operating system work in the first manner. So you should have some basic skills about operating systems and the configuration of these operating systems. Uh you should also know the different types of cyber attacks such as social engineering, fishing and how to prevent these attacks. So this is the exam skills. The training prepares you with all these skills. The candidate must be able to hack into an organization system with permission and erase all digital evidences. So uh the training itself will get you accustomed uh with all the hacking phases, how a hack is constructed, how a hack is made more effective and how the hack evolves and later on how you can delete all the evidences of the hack that has happened. So for the exam you should have or you should be very good with your networking skills, understanding protocols and how they work, configuring operating systems and troubleshooting them. You should be able to classify different cyber attacks and know how to launch them as well. And you should be able to hack into devices and erase all digital evidences that may have happened. Password cracking and cryptography is also a very much required skill to clear the exam. There must be a few rules followed and there is a code of ethics from EC council. So they essentially give you a non-disclosure agreement before you start the training which you have to go through and you have to sign it submit it to EC council only then are you allowed to go forward with the exam. So what are the exam all about? What are the topics within that exam and what kind of questions would you get? So there are seven domains in this training based on which they will ask you questions. When you say background, uh background is nothing but your knowledge on networking skills, u your knowledge on a little bit of operating systems, how communications happen, how protocols work and so on so forth. Analysis would be where you analyze certain attacks and you're able to uh analyze let's say packets and based on those packets you can identify whether uh it's a legitimate packet or is it a malicious packet with any malicious data within it. Then with security tools you are able to talk about security as in the concepts of security like confidentiality integrity and availability triad the AAA identification authentication authorization and accountability tri aspects uh and various other concepts that are there in security. So you'll be questioned on those topics as well. tools and programs. Ethical hacking carries a lot of tools and you should be conversant with those tools. Uh in the during the training there will be hundreds of tools that uh you would be going through and you would be facing questions on these tools. So there would be some basic questions like commands that would be given to you to identify what that command would execute or there would be a specific scenario given to you and then they would ask you which is the most uh suitable tool that you would utilize to crack that particular scenario. And then there's the methodology of course of how or which steps would you take in this particular attack to be successful. Then we talk about policies and the ethics. So as you can see all of these domains have different weightage in the exam. 21.79% for your backgrounds. So you can see the background information is very much important. Operating systems, networking, a little bit of applications, a little bit of architecture of how things are deployed. Now C is normally an advanced certification, right? So there are a few presumptions that you already know a little bit about uh active directory, how operating systems work, uh how identity management works. So there's a little bit of presumption that you have these background knowledge but in the training you can be prepped up for that knowledge as well. So it does contain a little bit of insights about how these things work. Analysis is where you're looking at some scenarios and based on the evidences given to you, you can analyze what's going on. So that's at 20.73%, security which is the main topic is at 23.73%, tools and programs related to security would be at 28.91%, the methodologies would carry a weightage of 8.77, policies 1.90 and ethics 2.17%. So you have 125 questions. You can figure out percentile wise how many questions you would get on each of these domains. So let's have a look at these domains a little bit more. The background is about network and communication technologies. Again, like I said, protocols, procedures, services, how computers work. So, ports on a computer, how uh how ports are utilized by services and how communications happen over these services and these ports, how we can scan these ports to identify what's going on and then try to find out vulnerabilities within them. Then we have got information security technologies and the information security threats as well. So when I want to launch an attack on a device, where would I find vulnerabilities? Is it just on the network? Uh do I look at the operating system? Do I look at different applications that are there on the operating system and so on so forth. So where are the threats? That's something that we need to identify and that's what this domain deals with. So uh 27 questions from this domain. Then analysis and assessment, information security assessment and analysis and the security assessment process. So uh let's say you're in a penetration test and you want to launch an attack. What is the assessment that you want to do before you launch that attack? What is the process you want to conduct and how you going to analyze the vulnerability in the first place to identify which penetration test or which attack you should uh do at that particular point in time. Then security would talk about information security controls. Controls would be all the uh security elements that you can implement to prevent uh hacking. So firewalls, IDS, IPS, antiviruses or endpoints, all of these would be included in this domain. Information security, attack detection. So it's not only about how you can attack, you also want to know if you're being attacked in the first place. So analysis would basically identify how you're being attacked and the detection is where where you first detect that something is wrong after which you can analyze it, right? And how you can prevent uh security attacks happening at your organization as well. So which firewall would fit at what OSI layer? What uh in the architectural aspect where do you want to place a ID uh IDS or an IPS? Where would you want to place a firewall? Where would you want to place a UTM to have a layered approach a structure structured approach towards security where a hacker would have to peel off layers of security to reach the data that they wanted to get access to in the first place. So there will be 30 questions from the security domain, 16 questions on the analysis and assessment domain. The fourth domain is the tools, systems and programs. So this is where all the tools that you would have utilized resume. So this is where all the tools that you have utilized in the ethical hacking scenario and there will be questions asked about those tools. So in the training there are some tools that are prescribed in the course where you'll have to concentrate on those tools. You'll have to get your hands on on those tools to understand how those tools work and then give appropriate answers in this domain. So there would be 36 questions for tools, systems and programs. Then the fifth domain is procedures and methodology. Information security procedures and assessment methodologies would be asked over here. So how would you uh conduct a test? How would you conduct a vulnerability assessment? What is the method and the procedures that you would follow in conducting these tests? So there would be around 11 questions for this domain. The sixth one is regulations and policies. So this is all about uh some basics that you need to be aware about uh for information security policies and frameworks uh like ISO 27,0001 PCIDSS and these uh regulations that are available in the real world that you can that can help you or guide you to place a security architecture on your organization. These questions are not going to be in depth about any of the laws or policies. It's just checking your awareness whether you are aware of these laws or policies and where they can be implemented. So you can see there are only a couple of questions that would come in regulations and policies. And then ethics. Ethics is the code of conduct uh of how you are expected to behave as a ethical hacker. What is expected out of your job role? What you should be doing and what you shouldn't be doing. So there would be around three questions of ethics in the exam. Now let's look at a few sample questions from the exam as well. So this will help you get an idea what the exam questions would be. So consider the attack scenario given below. There are five steps listed. Step one starts with user browses a web page. The second step is where user uh web server replies with the requested page and sets a cookie on the user's browser. In the third step, attacker steals the cookie by either at creating an attack of on the network for sniffing or at the application with cross-ite scripting or sending a fake mail or uh hosting a fake website by a social engineering attack which is a fishing attack. In the fourth step, attacker gets access using whatever they have done and orders a product using modified cookies. And in the fifth step, the product is actually delivered to the attacker's address whereas the bill is fooded by the victim. So what is the attack that is happening here? Identify the web application attack. Is it a session fixation attack? Is it a unvalidated redirect attack? Is it a cookie poisoning attack? Or is it a denial of service attack? So again going through these steps, which of these would be the correct answer. Now in this scenario, it is C, which is a cookie poisoning attack because if you look at the steps, the attacker basically hijacked the cookie or stole the cookie and then modified it to be utilized for some malicious reasons. Second question, which one of the following scanning techniques do attackers use to bypass firewall rules, logging mechanisms and also hide themselves as usual network traffic? A stealth scanning technique, B TCP connect scanning technique, C maintaining access or D FIN scanning technique. Now here as you can understand we need to know what these techniques are, right? So what does a FIN scan mean? What is maintaining access? What is TCP connect? What does TCP mean? TCP is transmission control protocol. How does it work? So when you connect using TCP, what is actually happening in the back end? That is what the knowledge is all about. And in here the correct answer is a stealth scanning technique. So what do we mean by stealth? How can we achieve that? Which tools help us achieve that? That is what we want to gain an understanding in before we can attempt the exam. Question three. Which of the following Wi-Fi chalking method refers to drawing symbols in public places to advertise open Wi-Fi networks? Warwalking, warflying, war chalking or war driving. Now here we need to know first that there is something known as Wi-Fi chalking, right? And there are some symbols that are utilized globally and they are recognized globally. They're standardized by the way. And these symbols represent some type of Wi-Fi networks. For example, open Wi-Fi, which means you can freely connect to the Wi-Fi or paid Wi-Fi where you have to pay before you can connect to the Wi-Fi or once you get connected, you first have to make a payment only then the internet would be activated. Right? So for different Wi-Fi mechanisms there are different options that can be utilized and which of the question is which of the Wi-Fi chalking method refers to drawing these symbols in public places to advertise open Wi-Fi. So in this the answer is war chalking. Now the question here itself is a little bit so here the question itself is is a little bit misleading because it mentions Wi-Fi chalking in the question itself and that would then lead us to whether war chalking is a correct answer or not. So uh some of the questions could be a little bit misleading. So let's start looking at the certifications. So to be an ethical hacker you must hold a certification which specializes in ethical hacking or in cyber security. Companies look for candidates who are globally certified. When we say globally certified, they're looking for a certificate that has been given by an organization that is recognized globally and is well accepted in the industry. So these are the top five certifications a candidate can obtain. The first one become a certified ethical hacker. Then there is global information assurance certification penetration tester. Then offensive security certified professional comia pentest plus and finally the licensed penetration tester. Now uh these certifications are offered by different organizations. All of these organizations are recognized globally and their certifications are well accepted uh in the technical space. So let's start off with the certified ethical hacker and we'll look at uh the organizations that provide these certifications and how we can attain them. So C or certified ethical hacker in its current form is in its version 10. It's been revised and updated over a period of time. EC council is the certifying authority for C. They have their own authorized training centers through which you can attend trainings, give those exams, get yourself certified and thus become globally certified and uh can be eligible to apply for security related jobs. It is a very well-known certification and is widely accepted at the same time. It would test the candidates's knowledge of security threats and preventive measures. Now there are two types of exams that you can give with C. One is a multiplechoice question exam which is theoretical in nature. They ask you questions and you answer the correct one. You select the correct answers. If you clear, you get certified. The second certification nowadays is where there's a practical exam associated with it. That's a uh you'll have to purchase the voucher for that exam and give that exam. The practical exam is held in a virtual lab where you're given scenarios and based on those scenarios you have to resolve the questions given to you and give proof of the resolution which would then uh get you certified as an ethical hacker. The theoretical exam in this scenario is the fees is around $500. This is for the multiple choice question exam uh where you can pay the fees and you can uh attend through a uh online portal and you can give the exam directly. The exam is 4 hours long in which you have to answer 125 questions. Now 4 hours for 125 questions seems a long time but it isn't. It's a very technical exam. There are scenario-based questions and it would take some time for you to analyze and understand the question and then identify the equivalent correct answer. So it's a very competitive exam and you'll have to study really hard to clear this exam as well. The cutff for passing varies from 60 to 85%. So there is no exact grade and all the questions have different weightages. So depending on the questions that have been given to you and the way that you have answered them, you would pass at either 60% or you would pass when you have scored 85%. Once you are CE certified, which is a very technical certification, you will be qualified to apply for job roles as a penetration tester or a security engineer. These are job roles where you would be responsible of ethically trying to attack applications uh servers, switches and try to find out vulnerabilities within them. The training of this certification will make you adept in most of these tools that are required. There are a lot of practicals in this uh trainings and uh if uh you successfully completed those practicals, clearing the exam is a easy task. With the practicals comes your knowledge and would help you understand how you would be performing penetration tests in the real world. An average annual salary in the USA for a CE certified person is around $91,000 and in India is around 476,000 odd rupees. The salaries would vary as far as organizations are concerned. Uh more established organizations can afford to pay a little bit more but these are average salaries that we have seen across the market. The next certification is the GPEN also known as the global information assurance certification penetration tester. This certification looks into the different pen testing practices and methods also focuses on the various problems and pen testing. So again this is where you getting certified as a penetration tester. So it's again a technical certification where your knowledge on networking applications and security of which will be tested. Uh you will be trained on this of course. So the training will include all these areas where you need to focus identify those problems and thus be ready for the real world scenarios. The candidate will have to understand networking concepts and operating systems such as Linux and Windows and you should be very well aware of the TCP IP protocols. This is true for any of the technical certifications for ethical hacking. GIA is the certification provider. It's again a very well-renowned and wellaccepted uh certification authority across the globe. The exam fees are $1,899. 82 to 115 questions to be answered in 3 hours. Now why 82 to 115? It depends on the test that has been associated and depending on how you are answering those questions uh you would be given those many number of questions to begin with. But all of these need to be answered in 3 hours. 74% is the past percentage that is required to clear this exam. The average annual salary in the USA is around $96,000 while in India it is around uh similar to certified ethical hacking. Then looking at the next certification from offensive security called the OCP uh offensive security certified professional. This is another penetration testing certification highly technical in nature and it is an entirely hands-on certification. In the previous two certifications that we saw, we talked about C where there are two different exams. You could either take the theoretical exam and give your MCQs or you could take the practical one. Here you don't have an option. This is a practical exam. So the test is conducted on a virtual network. So they send out instructions to you. There's a virtual lab that is given out to you and they give you the questions and you have to perform those assessments, create those reports and provide it to the certifying authority. In this case, offensive security. Uh if you match their criterias of whatever you have identified in those reports, you get certified. Here the requirements of good understanding of networking protocols, how systems function, how Kali Linux operating system functions and the candidate must complete offensive securityities penetration testing with the Kali Linux course and pass the hands-on exam. So this focuses purely on Kali Linux. Kali Linux is an operating system that is freely distributed over the internet and comes structured with around 300 plus tools used for ethical hacking. So this course totally relies on Kali Linux for you to use as a tool set for penetration testing. The certificate provider as stated is offensive security. The name of the course is OCP offensive security certified professional. Exam is around $800 to 1550. Now understand that this exam is technical and is hands-on. So for you to prepare for this exam, they come up with virtual labs where you can start practicing and honing your skills. Depending on the number of days for which you have purchased the access to that particular labs, the amount will vary from $800, which would be the minimum access days available to $1,550 where the maximum number of days would be given to you for practicing. Once you're ready, even during the time time span of where you have that access, once you're ready for the exam, you can you can attempt the exam and clear. The average annual salary is similar around $91,000 for the US market and 95,000 rupees in the Indian market. Then looking at the Comchia Pentest Plus, Comchia is another certification authority or a certification provider, a training provider that that will help you get yourself certified in the ethical hacking space. So they have certification called pentest plus which is focused towards penetration testing. So it is an intermediate level certification. It assesses the vulnerability assessment and the penetration testing skills of a candidate. Here the training will provide you with all the essentials where it will help you identify how to do vulnerability assessments, how to identify those vulnerabilities and then which tools to utilize for what kind of a penetration test. For the requirements, a minimum of 3 to four years of hands-on experience in the information security field. Also, a comture security plus or a network plus or equivalent knowledge is required. So, in the network plus uh they talk about securing networks and uh they help you understand the OSI layers, the TCP IP layers and uh help you understand the protocols and all of those things. So, having that knowledge is an added advantage. The certificate provider is Comchia and the cost of the exam is around $349. Maximum number of questions is 85 and I think it's a 3hour exam. The passing percentage is uh scoring 750 marks out of a possible 900. So the scale is the minimum you can ever score is 100. If you're completely unprepared, the maximum you can score is 900. uh you get a leeway of 150 marks for your uh certifications. So you have to score a minimum of 750 to clear the exam. Average annual salary for a kamchia certified penetration test plus professional is $97,000 in the US market and in the Indian market it would be around 5 lak rupees. Then comes the licensed penetration tester. Now this is an advanced certificate again from EC council. This is where AC council gives you a license which certifies that you have undergone thorough training and have cleared your exam in which you can conduct or lead a audit for vulnerability assessment and penetration testing. It is an expert level uh certification comes after the C certification. It is the ultimate test which tests this candidates penetration testing skills. So there are two certifications over here. One is the ECSA EC council certified security analyst. Once you clear that you get you can appear for the licensed penetration tester. Both of these are hands-on certifications. So you will be given a virtual lab. You will be given a scenario in which you'll have to perform some assessments, create reports, submit it to the EC council. They will analyze your reports. If they meet the criterias that have been identified, you would then be certified as a licensed penetration tester. The candidate must be above 18 years of age. A reertification is required every 3 years. So the validity is 3 years. After 3 years you will have to be reertified or there is a continuing point education system over there where you can score points by publishing articles by attending trainings or giving out trainings and you can get yourself reertified. It is preferred that the candidate has C and the ECSA certification. So the previous certification that we saw certified ethical hacker and then the ECSA EC council certified security analyst after which you can appear for the LPT the licensed penetration tester. The certificate provider again is EC council. The license penetration tester exam has a different process. The candidate must purchase an exam dashboard for $899 which is valid for a year. So once you purchase the voucher the validity is one year. uh you can prepare within that one year and then give the exam and attain the certification only once you're ready the exam can be uh scheduled and you can give that exam. The exam consists of three different levels. Each level has three different challenges. The candidate must pass at least one challenge in order to qualify for the next level. And for each level, the exam is 6 hours. So this is a grueling exam. This is hands-on. They're giving you challenges and they are going to test you on your skills as a penetration tester. So be ready to be very hands-on for this kind of a certification. Average annual salary in the US is around $100,000 and above and in India $825,000 and above. >> Next, Shri will guide you through the career of an ethical hacker. With the increase in the number of cyber crimes across the globe, there is also an increase in the number of cyber security jobs and the role of an ethical hacker tops the list. Hi guys, this is Shuti from Simply Learn and today I will run you through this video on ethical hacking career. So let's get started and explore the world of ethical hacking. Let's begin with a few facts. Did you know that by the year 2021 there will be 3.5 million cyber security job openings? That is a huge number, isn't it? And also according to the US Bureau of Labor Statistics, there will be 20% increase in the number of jobs from 2016 to 2026 for information security analysts which includes ethical hackers. This proves that there is a great demand for ethical hackers at the moment. As I mentioned earlier, the number of cyber crimes across the world will increase as the digital era will only continue to grow. Organizations will be on the lookout to hire professionals who can fight these cyber crimes and protect the company's data. And to fight these cyber crimes, we will require individuals who can think like a hacker. And who is that? Well, to do this job, we have ethical hackers. As you might be knowing, an ethical hacker is trained to discover system vulnerabilities. An ethical hacker is also known as a white hat hacker. He or she is given authorization from the company to perform security assessments and at the end an ethical hacker would have to report the findings back to the company so that the vulnerabilities can be fixed. An ethical hacker performs these security assessments with the help of various hacking techniques and tools. Let's now move on to our next topic that is the steps to become an ethical hacker. You might wonder how to start your ethical hacking career, right? Well, I will take you through that step by step. Firstly, the candidate must have a computer science or an information technology bachelor's degree. It is also possible to become an ethical hacker without these degrees, but provided you have the required skill sets and experience. The next requirement to be an ethical hacker is that the candidate must have a minimum of 2 years of experience in the information security field. You have to start your career with a software or a networking job and only then can you move onto the ethical hacking field. You have to start your career with a software or a networking job and only then can you move into the ethical hacking field. Coming to the certifications, it is necessary for the candidate to hold various cyber security certifications. Certifications play a vital role in the field of cyber security. Your job opportunities can solely depend on these certifications. To become an ethical hacker, you can start off with the foundational level certifications such as the CCNA and Comtchia security plus certifications. Finally, the last step to become an ethical hacker is to clear the certified ethical hacker examination. CH certification is provided by the EC council. It trains the candidate to protect a company's network by using the same tools and methods that a hacker would use. The CH exam will have a duration of 4 hours with 125 number of questions. If the candidate clears this exam, then he or she will become a certified ethical hacker. Now that you know the steps to become an ethical hacker, let's look into the skill sets which are required to help you achieve these steps. First and foremost, an ethical hacker needs to have an in-depth knowledge of the working of the operating systems. Knowledge of Windows, Linux and Macintosh operating systems is required for penetration testing, creating exploits and bug hunting. Programming will be important. So knowledge of programming languages such as C, C++, HTML, Python and PHP will be very helpful. Basic knowledge of networking, TCP IP protocols and OSI model is necessary as networking is the foundation of cyber security for securing databases. Knowledge of SQL, NoSQL, postgraql is necessary. Cryptography is used to secure information. It is the process of converting data from a readable format to a non-readable format and vice versa. Cryp analysis is decryption without a secret key. In most cases, certified ethical hacker would need to perform cryp analysis. Hence, ethical hacker has to be comfortable with cryptography and cryp analysis. Ethical hackers should be proficient in network security control measures such as intrusion detection and intrusion prevention techniques. Now let's move on to the responsibilities which are taken care of by an ethical hacker. Let's have a look at these responsibilities. An ethical hacker is responsible for scanning systems open and closed ports using tools like Nessus and NAP. Vulnerabilities and threats are identified by doing this. In addition to scanning for vulnerabilities, they also search the deep corners of the network to spot critical information such as passwords which can make the organization vulnerable to an attack. In addition to building and maintaining IDS, IPS and firewalls, they also try to evade these security measures to gauge the performance of the systems. A lot of times a company's online fraud or online theft incidents are looked into by an ethical hacker. An ethical hacker also checks for sniffing networks and hijacked web servers and applications. Those were the responsibilities of an ethical hacker. Now let's look into the various job roles an ethical hacker can apply for. It is a misconception that an ethical hacker will perform only penetration testing. Well, there are a number of other jobs an ethical hacker can apply for. the different job roles such as that of a penetration tester, information security analyst, security consultant, and an information security manager. Let's have a look at each of these job roles one by one. A penetration tester performs the typical responsibility of an ethical hacker. That is he or she tries to exploit a security systems vulnerabilities. This is carried out using different hacking tools and techniques. An ethical hacker can also apply for the role of an information security analyst. There is a difference between the job roles of a penetration tester and that of an information security analyst. Here the candidate will be required to primarily design and protect the organization's network from various cyber attacks. Finally, the candidate is also required to document the identified security breaches so that it can be omitted the next time. The responsibilities of a security consultant is more or less similar to that of an information security analyst that we saw previously. As a security consultant, you will be responsible to design, implement, and maintain various security architectures. In addition to this, you're also required to upgrade the security systems as and when required. Finally, an ethical hacker can also apply to the role of an information security manager. As the name suggests, this role will require the candidate to possess managerial skills as an information security manager is responsible to head the IT and the information security team. Now that we have seen the responsibilities, the skills and the steps to become an ethical hacker, let's have a look at the different companies hiring ethical hackers. To name a few, we have Bank of America, Ernest Young, KPMG, Urban Pro, and IBM. Let's now look into the salary structure of an ethical hacker. Well, in India, the average annual salary of a certified ethical hacker is nearly 4 lakhs 76,000 rupees. And in the US, the average annual salary of a certified ethical hacker is $91,000. Now, I will guide you through a sample rum of a penetration tester. As you can see on your screens, this is a sample ré of a penetration tester. We will look into this ré closely and understand how your résé should look like if you are applying for the role of a penetration tester. As always, you can start off with your name and your email ID and your phone number followed by a brief summary of your current job profile. It is preferred to add your LinkedIn profile link here and also your GitHub profile link if you have one. As I mentioned earlier, this is a sample réumé for a penetration tester and hence we have to have more than 2 years of experience in the information security field. As you can see under the experience section, the candidate has two prior experiences out of which the first experience is that of a software tester and second is that of a penetration tester. You would have to mention your latest or current experience at the beginning. You can mention your job role and the company and the duration under which you can list out the various responsibilities that you are looking into currently. If you are a penetration tester, you can mention responsibilities such as security monitoring, blackbox testing, documentation of the results, vulnerability scanning and so on. Below this, you can mention your first company's experience with the roles and responsibilities that you have performed earlier. Here the candidate was a software tester before becoming a penetration tester. Let's move on to the education section. Here the candidate holds a bachelor's degree in computer science. You can mention your degree followed by the university name or if you're applying for any other role in the cyber security domain. It is recommended that you list out the certifications as well. To start off with, a CCNA certification will be preferred, followed by a certified ethical hacker certification, which is a must if you are applying for the role of a penetration tester. In addition to it, the certified expert penetration tester certification will also hold a great advantage. After mentioning the certifications, you can go ahead and mention your skill sets. Here we have the technical skills and non-technical skills. Under technical skills, you can mention the programming languages that you know. Here we have C, C++, Java, Pearl. You can also mention the operating systems that you have worked on. For example, Windows, Linux, Unix. And in addition to the programming languages and the OS, you can also mention the tools that you know such as end map, metas-loit tools which will be helpful if you are applying for the role of a penetration tester. Then you can also mention encryption technologies, knowledge of SQL and bug tracking systems if you have worked on them before. If you have participated in ecodathons, you can mention that here as well. Under the non-technical skills, you can mention various competitions that you have taken part in and the games that you like and other extracurricular activities. Finally, you can also mention the projects undertaken. Under the projects undertaken, you can talk about the various projects that you have performed in your company or outside the company. Here we have two projects. one as a software test engineer and second one as a penetration tester. So this is how a rum of a penetration tester will look like. >> Imagine this you are a protector of a digital world keeping intruders out and ensuring sensitive data stays safe. That is what the core of cyber security and at the heart lies Kal Linux the ultimate operating system trusted by ethical hackers and security experts. In this beginner friendly tutorial, we are going to understand what Kal Linux is and why it is important. We are going to discover the most essential tool it offers. We are going to dive into the hands-on activities to practice the real world scenario. So, let us start with understanding what is Kali Linux. My dear friends, Kali Linux is a powerful open-source Linux distribution is specifically designed for cyber security professionals like ethical hackers, penetration testers. So these guys can use this tool. Actually this tool is built on DBN. So DBN is a operating system and it comes with pre-installed over 600 advanced security tools to perform various tasks like penetration testing, vulnerability assessment, digital forensics and wireless network analysis. Kali Linux was developed by offensive security and it is widely used in cyber security training and certifications like OCP certification program. If I talk about Kali Linux, Kali Linux is a versatile offering various options for installation on virtual machines, USB drives or even as live operating system. Additionally, it supports Windows Subsystem for Linux for seamless integration into Windows environments with clean interface and customizable setup. Kali is just not for professionals but it is also an excellent platform to learn cyber security. Now if I talk about advantages of using Kal Linux, there are several one of them like first of all it has over 600 tools. Okay. So, which are pre-installed tools and which is specifically tailored for security professionals. Second of all, it has wide support. Now, in terms of wide supports, it works on multiple platforms like virtual machines, Windows subsystem for Linux, Raspberry Pi, etc. Third of all, because of its documentation. Now, it has extensive tutorials and forum for guidance. So, you could see all over here. This is the official documentation of Kali Linux and you could say there's a very amazing documentation. It will help you with installation, introduction. Then it has given option for USB, Kali on ARM, WSL, cloud and many more. And finally, you could customize this. It is fully customizable to suit specific tasks and workflows. Now, let us move ahead and let us try to understand some of the known commands of Kali Linux. But before that let us learn how to install this on Windows. Now before installing Kali Linux I want you to make sure that you have Windows subsystem for Linux installed on your system. If not you can navigate to this website which is installing WSL. So you will get a Microsoft official website and in this you could see there are certain prerequisites. Suppose if you're using Windows 11 operating system so it should be higher than 10. Okay. Now just type on the PowerShell. Okay, open PowerShell and just copy this and install this. So with this command you'll be able to install Windows Subsystem for Linux. Now the next step would be installing Kali Linux. So you have to do nothing. Go on to the Microsoft Store and just click install. Now since I've already installed Kali Linux and it is very easy process after that it will be very uh like comfortable for you to operate on Kali Linux. So you could see I have installed the minimal configuration all over here. Okay. So this is the Kali Linux terminal. So it has opened. Now we are going to learn certain important commands which will help you to understand and these are very basic Linux commands only. So you have to not worry about it too much. So guys let's try to understand our first command. Let us say we want to know the date. So the name of the date command is just date. And you could see you'll get the exact date of today and the given time. And since I'm connected from the Indian time zone, so it is showing IST 2025. That's a very basic command. Next command is cal command. So cal command basically displays the current month's formatted calendar in your terminal screen. If you require more advanced version of cal, you can install the ncal package on the Linux machine which displays calendar vertically and provides additional options. So for now we are fine with cal. Just type cal. Okay. So you could see I have not installed cal. So let us try to install. So type sudo apt install encal. Now you can see all over here it is fetching all the packages and we have perfectly installed it. Now let us type cal. Okay I think so still processing. Now you can see all over here we are getting calendar in the vertical format and you could see the month date and all over here. Okay. So that is one of the most uh amazing uh you know package encal. Okay. Next is a very basic uh Linux command that is cd. So cd is also called change of directory. Okay. So if you want to switch this command you know if you want to move to any directory so you could just type cd and the given directory name. Okay but we are now fine all over here. Now next thing would be cp. Now cp is also same command as one of the most important Linux command which basically helps you to copy files or group of files or directory to create the exact image of a file on a disk with a different name. So suppose uh let us say we are going to desktop. So let us try to first find out how many files do we have ls. Okay. So you could see we have no files. So first we have to create a directory. So let us say mkdir and just type demo. Okay. Now type ls. So you could see we have this file demo. Now type cd and go to demo. So you can see all over here we are now in demo folder. So that was one of the thing if you want to go back just type cd dot dot and you'll be reved back. Now before moving ahead so ls let's talk about this command. So it is one of the most powerful and useful commands in kal linux. Okay. So ls command basically list all the directories or contents of the files. So with the help of ls command we can easily list out every hidden file or directory with say with lsa attribute. Okay and it helps you to you know find the list of directories present on your system. So that was one of the command. Now let us try to understand the cat command. So basically the CAD command is one of the Linux uh one of the most commonly used commands permitting us to create single or many files and concatenate files redirect view and contain of you know any output in a terminal file. Usually we use the CAD command to display the content of a file. So suppose we created any
Original Description
🔥CISM Certification: Certified Information Security Manager - https://www.simplilearn.com/cyber-security/cism-certification-training?utm_campaign=EGLrHQ0-Cds&utm_medium=Lives&utm_source=Youtube
🔥Professional Certificate Program in Cybersecurity- Red Team (India Only) - https://www.simplilearn.com/vapt-vulnerability-assessment-penetration-testing-certification?utm_campaign=EGLrHQ0-Cds&utm_medium=Lives&utm_source=Youtube
🔥IIITB - Advanced Executive Program in Cybersecurity (India Only) - https://www.simplilearn.com/pgp-advanced-executive-program-in-cyber-security?utm_campaign=EGLrHQ0-Cds&utm_medium=Lives&utm_source=Youtube
️🔥 AI-Powered Cybersecurity Mastery - https://www.simplilearn.com/ai-cybersecurity-course?utm_campaign=EGLrHQ0-Cds&utm_medium=Lives&utm_source=Youtube
The Ethical Hacking Full Course 2025 by Simplilearn provides a comprehensive introduction to cybersecurity, covering fundamental concepts, threats, and best practices. It includes a live demonstration on cybersecurity, followed by an exploration of Kali Linux for ethical hacking and the top dangerous hacking gadgets. The course also introduces EthicalHacker GPT, a tool for ethical hacking, and a Wireshark tutorial for network analysis. Learners will understand common cybersecurity mistakes and explore top cybersecurity certifications, including penetration testing using Kali Linux. The course concludes with a deep dive into the toughest cybersecurity certifications and top 50 cybersecurity interview questions to prepare learners for career opportunities.
Following are the topics discussed in the Cybersecurity Full Course 2025
00:00:00 - Introduction to Ethical Hacking Full Course 2025
00:02:07 - What is Ethical Hacking
00:13:07 - Ethical Hacking Fundamentals
- Importance of ethical hacking
- What is ethical hacking
- Types of hackers
- Who is an ethical hacker
- Need for ethical hackers
- Skills of an ethical hacker
- Ethical hacking tools
- Installing Kali Linux, ba
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from Simplilearn · Simplilearn · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Ethical Hacking Full Course 2026 | Ethical Hacking Course for Beginners | Simplilearn
Simplilearn
AWS Full Course 2026 | AWS Cloud Computing Tutorial for Beginners | AWS Training | Simplilearn
Simplilearn
Data Structures And Algorithms Full Course | Data Structures and Algorithms Tutorial | Simplilearn
Simplilearn
SQL Full Course 2026 | SQL Tutorial for Beginners | SQL Beginner to Advanced Training | Simplilearn
Simplilearn
Microsoft Azure Full Course 2026 | Azure Tutorial for Beginners | Azure Training | Simplilearn
Simplilearn
Shopify Tutorial For Beginners 2026 | Shopify Course | shopify dropshipping | Simplilearn
Simplilearn
Six Sigma Full Course 2026 | Six Sigma Green Belt Training | Six Sigma Training | Simplilearn
Simplilearn
🔥Feeling Stuck? How Upskilling Can Boost Your Career! #shorts #simplilearn
Simplilearn
Growth Hacking In Marketing | Learn Growth Hacking Marketing Strategies | Simplilearn
Simplilearn
🔥Cracked 3 Job Offers with One AIML Course! | 20–30% Salary Hike #shorts #simplilearn
Simplilearn
Top 10 Must-Have Figma Plugins for UI/UX Designers in 2026 | Figma Plugins | Simplilearn
Simplilearn
Business Analytics Full Course 2026 | Business Analytics Tutorial For Beginners | Simplilearn
Simplilearn
Simplilearn Reviews | Getting future-ready with course in Artificial Intelligence | Roopam’s story
Simplilearn
Generative AI Full Course 2026 | Gen AI Tutorial for Beginners | Gen AI Explained | Simplilearn
Simplilearn
Full Stack Developer Course 2026 | Full Stack Java Developer Tutorial for Beginners | Simplilearn
Simplilearn
Simplilearn Reviews | How David Went From Seasoned Engineer to AI Innovator #GetCertifiedGetAhead
Simplilearn
Complete Social Media Marketing Strategy for 2026 | Social Media Marketing Strategy | Simplilearn
Simplilearn
🔥Top 4 Cybersecurity Certifications You Need! #simplilearn #shorts
Simplilearn
🔥Cloud Engineer Salary in India 2026 | City-Wise Breakdown #shorts #simplilearn
Simplilearn
Digital Marketing Full Course 2026 | Digital Marketing Tutorial For Beginners | Simplilearn
Simplilearn
Full Stack Java Developer Course | Full Stack Java Developer Tutorial for Beginners | Simplilearn
Simplilearn
Social Media Marketing Full Course | Social Media Marketing Tutorial For Beginners | Simplilearn
Simplilearn
How To Create LLM Chatbot Demo 2026 | Build a LLM Chatbot From Scratch | Simplilearn
Simplilearn
Digital Supply Chain Management Certification | Supply Chain Management Course | Simplilearn
Simplilearn
AI Agents Full Course 2026 | AI Agents Tutorial for Beginners | How to Build AI Agents | Simplilearn
Simplilearn
ITIL Full Course 2026 | ITIL 4 Foundation Course | ITIL Tutorial For Beginners | Simplilearn
Simplilearn
Generative AI Full Course 2026 | Gen AI Tutorial for Beginners | Gen AI Explained | Simplilearn
Simplilearn
ITIL Full Course 2026 | ITIL 4 Foundation Course | ITIL Tutorial For Beginners | Simplilearn
Simplilearn
Simplilearn Reviews | Integrating AI & Music | Diego's Story
Simplilearn
Digital Marketing Full Course 2026 | Digital Marketing Tutorial For Beginners | Simplilearn
Simplilearn
SEO Full Course 2026 | SEO Tutorial for Beginners | SEO Training | SEO Explained | Simplilearn
Simplilearn
PMP Vs CAPM: Which Certification Should You Choose? | PMP Vs CAPM | Simplilearn
Simplilearn
Complete Data Analyst Roadmap 2026 | How To Become A Data Analayst In 2026 | Simplilearn
Simplilearn
Generative AI Full Course 2026 | Gen AI Tutorial for Beginners | Gen AI Explained | Simplilearn
Simplilearn
🔥5 Jobs That Are Most Likely Safe from Layoffs in Today’s Market #shorts #simplilearn
Simplilearn
🔥Git vs GitHub – What's the Difference?
Simplilearn
What Goes Behind Building the Likes of Uber and Netflix? | Product Management Tutorial | Simplilearn
Simplilearn
AI Agents Full Course 2026 | AI Agents Tutorial for Beginners | How to Build AI Agents | Simplilearn
Simplilearn
Full Stack Developer Course 2026 | Full Stack Java Developer Tutorial for Beginners | Simplilearn
Simplilearn
Product Life Cycle 2025 | Stages Of Product Life Cycle | Product Life Cycle Tutorial | Simplilearn
Simplilearn
Project Management Full Course 2026 | Project Management Tutorial | PMP Course | Simplilearn
Simplilearn
PCB Design Course 2025 | PCB Designing Explained | How To Make PCBs | Simplilearn
Simplilearn
Python Full Course 2026 | Python Data Analytics Tutorial For Beginners | Simplilearn
Simplilearn
🔥Top Product Management Skills You Need to Succeed in 2026 #shorts #simplilearn
Simplilearn
SQL For Data Analytics 2026 | Essential SQL Commands | SQL Tutorial For Beginners | Simplilearn
Simplilearn
Simplilearn Reviews | Paving Way To Success With AI & ML Course | Soumik’s Upskilling Journey
Simplilearn
Six Sigma Full Course 2026 | Six Sigma Green Belt Training | Six Sigma Training | Simplilearn
Simplilearn
Learn Snowflake In 45 Mins | Snowflake Tutorial | What Is Snowflake | Snowflake Explained
Simplilearn
🔥ML Career Tip – How to Start Learning Machine Learning in 60 Seconds! #shorts#simplilearn
Simplilearn
🔥Agile vs Waterfall in 60 Seconds #shorts #simplilearn
Simplilearn
Excel Full Course 2026 | Excel Tutorial For Beginners | Microsoft Excel Course | Simplilearn
Simplilearn
What Are AI Agents? | Types Of AI Agents | AI Agents Explained | AI Agents Tutorial | Simplilearn
Simplilearn
How To Create a Product Roadmap In 2026 | Product Roadmap | What Is Product Roadmap | Simplilearn
Simplilearn
SQL Full Course 2026 | SQL Tutorial for Beginners | SQL Beginner to Advanced Training | Simplilearn
Simplilearn
🔥What Is Phishing? #shorts #simplilearn
Simplilearn
Cloud Computing Full Course 2026 | Cloud Computing Tutorial | Cloud Computing Course | Simplilearn
Simplilearn
Simplilearn Reviews | Overcoming Rejection & career plateau to finding a New Job : Bhaskar Banerji
Simplilearn
Six Sigma Full Course 2026 | Six Sigma Green Belt Training | Six Sigma Training | Simplilearn
Simplilearn
Generative AI Full Course 2026 | Gen AI Tutorial for Beginners | Gen AI Explained | Simplilearn
Simplilearn
VLSI Design Course 2026 | VLSI Tutorial For Beginners | VLSI Physical Design | Simplilearn
Simplilearn
Related Reads
Chapters (3)
Introduction to Ethical Hacking Full Course 2025
2:07
What is Ethical Hacking
13:07
Ethical Hacking Fundamentals
🎓
Tutor Explanation
DeepCamp AI