lOMoARcPSD|43093500
CSCI369 SPR 2020 W1 - Lecture notes 1
Ethical Hacking (University of Wollongong)
Scan to open on Studocu
Studocu is not sponsored or endorsed by any college or university
Downloaded by johanharr 1 (johanharrissss@gmail.com)
lOMoARcPSD|43093500
CSCI369 Ethical Hacking
Week 1– Introduction to Ethical Hacking
Dr Joonsang Baek
School of Computing and Information Technology
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
1
lOMoARcPSD|43093500
About This Subject
• Lecturer: Dr Joonsang Baek
• Lectures
Online lecture
The link for the online lecture will be available through Moodle. (Please
access it through Moodle (not directly through Webex app.)
Lecture slides for each week will be uploaded on the Moodle site.
Recorded lectures will be available from Moodle.
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
2
lOMoARcPSD|43093500
About This Subject
• Lab
Online lab
Important to attend
Kali Linux (on VirtualBox) will be your main platform
Lab quiz will be administered during the lab.
Lab instructions will be uploaded in the Moodle site.
Material
No textbook but you may want to have a look at various material related
to the topics.
You can refer to any online resources but they need to be referenced
when you do homework
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
3
lOMoARcPSD|43093500
About This Subject
• Kali Linux version
We will be using Kali Linux 2019.2.
This version is fairly stable.
 Link for the Kali iso files: https://cdimage.kali.org/kali‐2019.2/
Please download and install it on VirtualBox.
Please note that will won’t be using the latest 2020 versions, which are
not yet stable.
• Ubuntu
We will be using version LTS1804: https://releases.ubuntu.com/18.04/
(The version is not as critical as Kali Linux.)
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
4
lOMoARcPSD|43093500
About This Subject
• Windows
We will be using Windows 7: https://softlay.net/operating‐
system/windows‐7‐ultimate‐full‐version‐free‐download‐iso‐32‐64‐
bit.html (30 days free version. Please download and install later.)
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
5
lOMoARcPSD|43093500
About This Subject
• Assessment
Lab assessment (Three quizzes)
20%: Theory (lectures) + Practice (lab)
Assignment
30%: Problem Solving + Programming
Final
50%: Theory + Problem Solving
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
6
lOMoARcPSD|43093500
Defining Penetration Testing
• The term “hacker”
How my English dictionary defines a hacker:
A person who uses computers to gain unauthorised access to data
An enthusiastic and skilful computer programmer or user
• Different kinds of hackers
White Hat Hackers (= Ethical Hackers): Hackers thinking like
attacking party but they work for the good. They are characterised
by having a code of ethics which stipulates that they cause no
harm.
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
7
lOMoARcPSD|43093500
Defining Penetration Testing
• Different kinds of hackers (continued)
Grey Hat Hackers: Hackers straddling the line between good sides
and bad sides. Perhaps they have been “rehabilitated”.
Black Hat Hackers: Hackers operating on the wrong side of the
law. They may have an agenda or no agenda at all.
Cyberterrorists: A new form of hackers trying to destroy targets
and cause bodily harm. Sometimes their actions are not stealthy.
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
8
lOMoARcPSD|43093500
Defining Penetration Testing
• Penetration tester?
A penetration tester or a pentester is a white hat hacker employed
either as an internal employee or as an external entity to conduct
a penetration test.
• Penetration testing?
Surveying, assessing and testing the security of a given
organization by using the same techniques, tactics and tools that a
malicious hacker (black hat hacker and/or cyberterrorist) would
use.
In this subject (CSCI369), I would equate “penetration testing”
with “ethical hacking”.
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
9
lOMoARcPSD|43093500
Defining Penetration Testing
• Summary
penetration testing = pentesting = ethical hacking
Penetration tester = pentester = white hat hacker
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
10
lOMoARcPSD|43093500
Evolution of Hacking Activities
• Before 90s
Hackers in early days are those who were curious and passionate
about new technologies and spent some time to discover inner
workings and limitations of the computer/communication
systems.
Example: Steve Jobs and Steve Wozniak’s Blue Box phone phreaking
system: Simulating signalling tones of telephone exchanges to make free
long‐distance calls!
PCs were stand‐alone: A hacker’s curiosity usually ends in one PC.
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
11
lOMoARcPSD|43093500
Evolution of Hacking Activities
• After 90s
Computers are connected through the Internet: The Internet
offers an irresistible lure for hackers, who can spread their
activities widely and seriously.
(Not so) Benign attacks at early stages: defacing web pages.
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
12
lOMoARcPSD|43093500
Role of the Internet in Regards to Hacking
• Much more malicious attacks came later as the Internet
provides a lot of services:
Massive data breach against Apple’s iCloud in August 2014:
Resulted in lawsuit by many people whose personal photos were
stolen
Target’s data breach in September 2014: Resulted in disclosure of
nearly 56 million credit card accounts
Cybersecurity incidents in various levels of seriousness against
Obamacare website from March 2015 to the end of 2016
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
13
lOMoARcPSD|43093500
Role of the Internet in Regards to Hacking
Malware called “Spit Cash” was used to steal nearly $3 million from the
ATM machines of First Commercial Bank in Taiwan in July 2016
Those ATMs were not physically tampered with but a server of the bank in
London was hacked.
• Not only PCs and mainframes but all the small devices that are
pervasive in our daily lives are connected through the Internet
Smartphones, smartwatches, smarttoasters, smartfridges etc. can be
targets
Recently security for the Internet of Things (IoT) is becoming more and
more important.
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
14
lOMoARcPSD|43093500
Infamous Hackers and Hacking Cases
• 1988: Internet worm
Created by Robert T. Morris
It replicated extremely quickly and indiscriminately, resulting in
widespread slowdowns of the whole Internet
• 1990: Taking over telephone lines for LA‐based radio station KIIS‐
FM
Done by Kevin Lee Poulsen
(https://www.youtube.com/watch?v=cO1LRhcImSc ), nick named “Dark
Dante” to ensure that he would be 102nd to win a Porche
Resulted in being him banned from using the Internet
He is an editor at Wired magazine now
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
15
lOMoARcPSD|43093500
Infamous Hackers and Hacking Cases
• 1999: Melissa virus
Created by David L. Smith
Distributed as an email attachment; if clicked, the virus will delete files
in the infected system and the same email will be sent to 50 addresses
on the Outlook address book;
• 2002: Breaking into US military networks
Done by Gary McKinnon
Deleted critical files on information on weapons and other military
systems
• 2005: Breaking into Paris Hilton’s phone
Done by Cameron Lacroix
Exposed thousands of personal records.
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
16
lOMoARcPSD|43093500
Infamous Hackers and Hacking Cases
• 2009: Defrauding the Bank of America
Done by Kristina Svechinskaya
Used a Trojan horse to open thousands bank accounts, through
which she skimmed around $3.4 billion in total
• 2010 to now: Multiple hacking incidents
Done by “Anonymous” the hacking group
Targeted famous individuals and groups including Donald Trump
and his presidential campaign
• A must watch (for fun):
https://www.sbs.com.au/ondemand/program/cyberwar
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
17
lOMoARcPSD|43093500
Cyberlaw
• Its introduction due to
the difficulty of existing legal framework to keep on technological
advances in cyberspace;
the fact that more crimes take place within cyberspace.
• Scope
Cyberlaw can touch on many elements including contracts,
interactions between suppliers and consumers, policies for
handling of data and accessing corporate systems, complying with
government regulations and programs etc.
There may be some controversies in some part of cyberlaw
though…
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
18
lOMoARcPSD|43093500
Controversies
• FISA (Foreign Intelligence Surveillance Act of 1978
Amendment Act of 2008)
This US Federal law allows the US government to conduct
electronic surveillance on “agents of foreign powers” suspected of
espionage or terrorism  if one of the parties involved in the
communication is US citizen, the law can be applied.
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
19
lOMoARcPSD|43093500
Controversies
The electronic surveillance can be performed with or without a
court order:
The US president can authorize without a court order only to acquire
foreign intelligence
The secretive FISA court was created to issues surveillance warrants. The
approval rate was very high according to 2006 statistics: Only 5 rejections
out of 22,990 applications
The FISA court was responsible for NSA (National Security Agency)’s
PRISM program, a mass surveillance program revealed by Edward
Snowden
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
20
lOMoARcPSD|43093500
Cybercrime Law
• Scope
The part of cyberlaw relevant to our Ethical Hacking subject is
“cybercrime law”
• Cybercrime laws
US: 18 U.S.C. $1028 (read as “Title 18, United States Code Section
1028”), $1029, $1030, $1037,…
For example, $1037 is “Fraud and related activity in connection with electronic
mail”
Australia: Cybercrime Act 2001
For example, Cybercrime Act 2001 Part 10.7 Division 477 Subsection 477.1
specifies “Unauthorised access, modification or impairment with intent to
commit a serious offence”
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
21
lOMoARcPSD|43093500
Categories of Cybercrime According to Law
• Identity theft
Stealing of the information that allow a person to impersonate
other person(s) for illegal purposes, mainly financial gains such as
opening credit card/bank account, obtaining rental properties and
etc.
• Theft of service
Use of phone, Internet, streaming movies or similar items without
permission; it usually involves password cracking
Example: Sharing a Netflix account with even friends can be
considered as theft and can be prosecuted in certain states of US.
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
22
lOMoARcPSD|43093500
Categories of Cybercrime According to Law
• Network intrusion or unauthorised access
Most common type of attack; it leads to other cybercrimes
Example: Breaking into your neighbour’s WiFi network will open a lot of
opportunities of attack.
• Posting and/or transmitting illegal material
Distribution of pirated software/movies, child pornography
Getting hard to stop it due to file sharing services, encryption and etc.
• Fraud
Deceiving another party or parties to illicit information or access
typically for financial gain or to cause damage
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
23
lOMoARcPSD|43093500
Categories of Cybercrime According to Law
• Embezzlement
A form of financial fraud involving theft and/or redirection of
funds
• Dumpster Diving
Gathering information from discarded/unattended material (ATM
receipt, credit card statement and etc.)
Going through rubbish itself is not illegal but going through
rubbish in private property is
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
24
lOMoARcPSD|43093500
Categories of Cybercrime According to Law
• Writing malicious codes
Malicious codes refer to items like viruses, worms, spyware, adware,
rootkits, ransomware and other types of malware
This crimes is to cause havoc and/or disruption
• Unauthorised destruction or alteration of information
This covers modifying, destroying and tampering with information
without appropriate permission
• DoS (Denial of Service) /DDoS (Distributed Denial of Service)
Overloading a system’s resources so that it cannot provide the required
services to legitimate users
DDoS is performed in a larger scale – It is not possible to prevent DoS
by blocking one source
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
25
lOMoARcPSD|43093500
Categories of Cybercrime According to Law
• Cyberstalking/Cyberbullying
A relatively new crime on the list. The attacker uses online
resources and other means to gather information about an
individual and uses this to track, in some cases, to meet the
person (cyberstalking); to harass the person (cyberbullying)
• Cyberterrorism
Attackers make use of the internet to cause significant bodily
harm to achieve political gains
The scope of cyberterrorism is controversial
Related to information warfare
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
26
lOMoARcPSD|43093500
Penetration Testing Methodology (Overview)
1. Determining the objectives and scope of the job
2. Choosing the type of test to perform
3. Gaining permission via a contract
4. Performing penetration testing
Process of penetration testing specifies steps 4.1 to 4. 6
5. Creating a risk mitigation plan (RMP)
6. Cleaning up any changes made during the test
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
27
lOMoARcPSD|43093500
Penetration Testing Methodology
1. Determining the objectives and scope of the job
A pentester and a client should meet to discuss the objectives of
the test
Examples of objectives
To determine security weakness
To test an organisation’s security policy compliance, its employees’
security awareness
To test an organisation’s ability to identify and respond to security
incidents
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
28
lOMoARcPSD|43093500
Penetration Testing Methodology
Scope of the test
Usual network penetration testing
Social engineering testing: Human aspect in vulnerability
Application security testing: Finding flaws in software applications
Physical penetration testing: Testing the security of premises where digital
assets and network resources are stored
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
29
lOMoARcPSD|43093500
Penetration Testing Methodology
2. Choosing the type of test to perform
Three typical types of testing
1) Black‐Box Testing
 Most closely resembles the situation of an outside attack  This test is called
“external test”
 Execute the test from a remote location much like a real attacker
 The pentester will be extremely limited on information of the target
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
30
lOMoARcPSD|43093500
Penetration Testing Methodology
2) Grey‐Box Testing
 The pentenster will have some limited knowledge on the target, for example, (at
least) what operating system the target is mainly using
3) White‐Box Testing
 This gives the pentester full knowledge on the target
 Basically this test simulates “insider attack”  This test is called “internal test”
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
31
lOMoARcPSD|43093500
Penetration Testing Methodology
3. Gaining permission via a contract
It is vitally important to get clear and unambiguous permission to
perform a pentest: A written form of authorisation rather than a
verbal authorisation is important. It should include
Systems to be evaluated
Perceived risks
Timeframe
Actions to be performed when a serious problem is found
Deliverables
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
32
lOMoARcPSD|43093500
Penetration Testing Methodology
4. Performing penetration testing (More to come regarding
this)
5. Creating a Risk Mitigation Plan (RMP)
Purpose: RMP is to develop options and actions to enhance
opportunities and reduce threats in an organisation
Contents: RMP should clearly document all the actions took place
including the results, interpretations and recommendations
6. Cleaning up any changes made during the test
This is obvious step needed to prevent possible mishaps
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
33
lOMoARcPSD|43093500
Process of Penetration Testing
4.1 Information (Intelligence) Gathering
Gather information about a target before performing active attacks
4.2 Scanning
Based on the information gathered, target the attack much more
precisely
4.3 Enumeration
Determine the usefulness of what was uncovered in the scanning phase
4.4 Exploitation
Following enumeration, execute the attack
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
34
lOMoARcPSD|43093500
Process of Penetration Testing
4.5 Covering tracks
Make all attempts to remove evidence of being in a system
4.6 Maintaining Access
Plant backdoors or other means to leave something behind
• We will learn techniques for achieving these in CSCI369!
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
35
lOMoARcPSD|43093500
What We Want to Achieve
• CIA triad
Confidentiality
Keep information
secret/private from those who
are not authorised
Integrity
Keep information in a format
that retains its original purpose
and meaning
Availability
Keep information and resources
available to those legitimate
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
Integrity
36
lOMoARcPSD|43093500
What We Want to Prevent
• Anti CIA triad
Improper disclosure
Accidental or malicious
revealing of information
Unauthorised alteration
Accidental or malicious
modification of information
Disruption
Accidental or malicious
disturbance of information or
resources
This slide is copyrighted. It must not be distributed without
permission from UOW
Downloaded by johanharr 1 (johanharrissss@gmail.com)
Unauthorised altercation
37