Day 1
Day 1
Day 1
Hacking
The Journey of the Internet
• Internet history starts in the 1960. On Oct. 29, 1969, At 10:30 p.m.,
a student programmer at UCLA named Charley Kline sent the letter
“l” and the letter “o” electronically using packet switching protocol
more than 350 miles to a Stanford Research Institute computer in
Menlo Park, California.
• The letters stood for “login,” and the effort led to a system crash
immediately afterward. But a technological revolution had begun.
• Jan. 1, 1983 is the date when ARPANET adopted to the TCP/IP protocol.
From there researchers began to assemble the “network of networks”
that became the modern Internet.
• Arpanet was renamed the Internet in 1984, when it linked 1,000 hosts
at university and corporate labs.
Domain Name System
• Paul Mockapetris, Jon Postel and Craig Partridge create the Domain Name
system, which uses domain names to manage the increasing number of users
on the internet.
• In 1989, the first Internet service providers, companies offering the public
direct access to the Internet for a monthly fee, were established in
Australia and the United States. In Brookline, Massachusetts, The World
became the first commercial ISP in the US. Its first customer was served in
November 1989.
Online
• The online world then took on a more recognizable form in 1990, when
computer scientist Tim Berners-Lee invented the World Wide Web.
• 1995 is the year with fast grown internet because Microsoft launches
Windows 95; Amazon, Yahoo and eBay all launch; Internet Explorer
launches; and Java is created, allowing for animation on websites and
creating a new flurry of internet activity.
• Google is founded in 1998. In 1999, the music and video piracy controversy
intensifies with the launch of Napster.
• The first internet virus capable of copying and sending itself to a user’s
address book is discovered in 1999.
Where from the internet comes
• The Internet comes to you across the bottom of the ocean
• Elite Hackers:
• These are individuals who are considered the “cutting-edge geniuses”.
They are the real experts and the innovators in the field of hacking.
• web: https://knowyourmeme.com/memes/events/lulzsec-hacks
• Malicious insider/whistleblower:
• These are the types of computer hackers who leak sensitive information from within an
organization, especially data under the umbrella of government agencies.
• web: https://www.theguardian.com/us-news/ng-interactive/2019/sep/13/edward-
snowden-interview-whistleblowing-russia-ai-permanent-record
Phases of Hacking
Phases of Hacking
• Damaged Reputation.
Case Study
• WannaCry
• The WannaCry ransomware attack was a May 2017 worldwide
cyberattack by the WannaCry ransomware cryptoworm, targeting only
the Microsoft Windows operating systems.
• The initial infection was likely through an exposed vulnerable SMB
port, rather than email phishing as initially assumed. However, email
phishing was the main method of spreading the WannaCry
ransomware.
• The WannaCry ransomware attack had exploited a vulnerability in
Windows OS called EternalBlue.
• Impact
• This attack impacted a number of businesses, institutions and
hospitals all over the world.
• Businesses like Nissan and Renault had to pause their activities after
some of their computers were affected.
• In hospitals, computer systems used for various purposes were
affected, like MRI scanners and computers.
• Many critics said that this attack could have been prevented if people
took steps, to solve the flaws on which the attacks were based,
earlier.
• Some even blame the governments for their inability to secure
vulnerabilities.
• Estimates state that around 200,000 to 300,000 computer
systems were affected in this attack in approximately 150
countries.
Social engineering Attack
• Social engineering is the term used for a broad range of
malicious activities accomplished through human interactions.
It uses psychological manipulation to trick users into making
security mistakes or giving away sensitive information
• E.g. : Phishing , Vishing, Smishing
• Phishing:
• Convincing looking website which ask for credentials and the
credentials entered are harvested by hackers. ie, Fake Links
• Vishing:
• Using telephone calling to perform social engineering attacks is called
vishing.. Victims recieve calls from spammers and make the victims
believe they are genuine Professionals providing you jobs in exchange
of amount
• Smshing:
• Sending sms to victims to lure them to click on the link provided. Ex:
The message consists of your number being selected for a lucky draw
• Web: https://openphish.com/
Future in Cyber Security
• Nowadays, everyone is connected; connected with each other
via the internet. With the rapid growth of the internet, it is
highly recommended to protect your personal data at all times
because anyone can misuse it for their own cause. With all
that said, the scope and demand of cybersecurity is increasing
day by day.
Some of the Certifications in Cyber Security
• CEH – Certified Ethical Hacker : Provided by EC-Council
• web: https://www.virtualbox.org/
General Awareness
• Password Management
• Passwords are the key to our treasure so protecting the key is very
important in the digital world. A secure password will look like:
• Minimum 12 Characters
• Contains Alphabets and Numbers
• Contains Special Characters
• Spaces
• Lengthy
• Different Password for different accounts
GOAL Based Password Management
• Convert your goal into your password.
• Eg :
• Quit_$moking 4Ever
• Iw@nt2becomead0ctor
Introduction to bug bounty
• A bug bounty program is a deal offered by many websites,
organizations and software developers by which individuals
can receive recognition and compensation for reporting bugs,
especially those pertaining to security exploits and
vulnerabilities.
• Popular Platforms ;
• Bugcrowd : https://www.bugcrowd.com/
• HackerOne : https://www.hackerone.com/
• Intigriti : https://www.intigriti.com/
LIVE CYBER THREAT MAP
• ThreatCloud from CheckPoint is a cyber attack map offering
a sophisticated way to detect all the malicious attacks all
over the world.
• Web: https://threatmap.checkpoint.com/