Scribd
Upload
24 views12 pages

22dit073 PPT

Uploaded by

Jiya Shah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
24 views12 pages

22dit073 PPT

Uploaded by

Jiya Shah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

OCIT3001: Ethical Hacking

Types of attacks in
Ethical Hacking

Presented By:
22DIT073

Guided By:
Prof. Shital Sharma
Introduction to
Ethical Hacking
Ethical hacking is the practice of legally and
responsibly penetrating computer systems and
networks to identify vulnerabilities that could be
exploited by malicious actors. This knowledge is
used to strengthen security and protect organizations
from potential cyber threats.
Types of Attacks in Ethical Hacking
Passive Attacks Active Attacks Social Engineering
Gather information Involve directly interacting Manipulate people into
without directly interacting with the target system, like revealing sensitive
with the target system, exploiting vulnerabilities information or performing
such as reconnaissance or launching denial- of- actions that compromise
and scanning. service attacks. security.
Reconnaissance Attacks

1 Information 2 Footprinting
Gathering Gather information
Collect data about about an
the target system, organization's
including network infrastructure,
details, open ports, employees, and
and running online presence.
services.

3 Vulnerability Identification
Analyze the collected data to identify potential
weaknesses in the target system.
Scanning and Enumeration
Attacks

1 Port Scanning
Identify open ports and running services on the
target system.

2 Vulnerability Scanning
Scan the target system for known
vulnerabilities and potential entry points.

3 Enumeration
Gather detailed information about the target
system, such as user accounts, shared
resources, and system configurations.
Vulnerability Exploitation
Attacks
Exploit Development Privilege Escalation
Create custom code or use Gain higher levels of access
existing exploits to take and control within the target
advantage of vulnerabilities in system.
the target system.

Lateral Movement Persistence


Spread throughout the target Maintain access to the target
network and compromise system even after the initial
additional systems. attack.
Denial of Service Attacks
1 2 3

Flooding Resource Depletion Application-layer Attacks


Overwhelm the target system with a Consume the target system's Target specific vulnerabilities in the
high volume of traffic to disrupt its resources, such as memory or application layer to disrupt its
normal operation. bandwidth, to render it unavailable. functionality.
Social Engineering Attacks

Phishing
Trick users into revealing sensitive information or performing actions
that compromise security.

Pretexting
Fabricate a plausible scenario to gain the trust of the target and extract
sensitive information.

Baiting
Leave physical media (e.g., USB drives) containing malware in a public
area to be discovered and used by the target.
Wireless Attacks
Attack Description

Wardriving Locate and map wireless


networks by driving around
with a laptop or mobile device.

Rogue Access Points Set up fake wireless access


points to lure and intercept
victim traffic.

Wireless Sniffing Capture and analyze wireless


traffic to gather information or
launch further attacks.
Mobile and Cloud Attacks
Mobile Attacks Cloud Attacks Supply Chain Attacks
Exploit vulnerabilities in mobile Compromise cloud Target the software,
apps, operating systems, or infrastructure, including virtual hardware, or services
device configurations to gain machines, containers, and provided by third-party
unauthorized cloud-based services, vendors to infiltrate the
access. to access sensitive data or target
disrupt organization.
operations.
Mitigation Strategies and Best
Practices

1 Vulnerability 2 Access Controls


Management Implement strong
Regularly identify, assess, authentication measures
and patch vulnerabilities and limit user privileges
in systems and to
applications. the minimum required.

3 Security Awareness 4 Incident Response


Train employees to Develop and regularly test
recognize and avoid incident response plans to
social engineering tactics quickly detect, contain,
and and
other threats. recover from attacks.
Conclusion

Understanding the different types of attacks,


like phishing, SQL injection, DoS, and MITM,
is key in ethical hacking to identify
vulnerabilities and strengthen security.
Ethical hackers simulate these threats to
help organizations prevent breaches and
enhance their defenses. This proactive
approach ensures better protection against
evolving cyber threats.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy