IN5290 Ethical Hacking - Lecture 1: Introduction to Ethical Hacking, Information Gathering

IN5290 Ethical Hacking Lecture 1: Introduction to Ethical Hacking and Information Gathering

Page 1: Introduction

  • Course: IN5290 Ethical Hacking

  • Instructor: Laszlo Erdödi

  • University: Universitetet i Oslo

  • Lecture focuses on Ethical Hacking, especially information gathering techniques.

Page 2: Lecture Overview

  • Key Topics Covered:

    • Definition of ethical hacking

    • Steps involved in penetration testing

    • Techniques for information gathering

Page 3: Necessity of Ethical Hacking

  • Security Problems in Computer Systems:

    • There are several security vulnerabilities present in computer systems.

Page 4: Reasons for Security Issues

  • Common Causes of Security Vulnerabilities:

    • Lack of Money: Insufficient budget for security measures.

    • Lack of Time: Tight deadlines hinder adequate security implementations.

    • Lack of Expertise: Shortage of qualified personnel to manage security.

    • Negligence: Oversight or disregard for security protocols.

    • Convenience: Prioritizing accessibility over security.

    • Old Systems: Legacy systems that may not support newer security measures.

    • Too Complex Systems: Complicated architectures that are hard to secure.

    • Third-Party Components: Dependencies on external software that may introduce risks.

    • Additional Factors: Other unidentified causes contributing to security weaknesses.

Page 5: Usability, Functionality, and Security

  • Influence on Security:

    • There exists a trade-off between usability, functionality, and security.

    • Example analysis: A webpage with a single login (secured by HTTPS) is easy to use but may be vulnerable to password-related issues.

    • Risk assessments are vital to choose appropriate mitigations to balance these elements.

Page 6: Understanding the Attacker’s Perspective

  • Purpose of Ethical Hacking:

    • Evaluating security by simulating an attacker’s mindset can uncover serious vulnerabilities.

    • Considerations include methodology differences and ethical implications of hacking practices.

    • Recognition that complete security cannot be guaranteed but mitigation strategies must be consistently implemented.

Page 7: Motivations Behind Hacking

  • Hacker Motivations:

    • Thrill: The excitement associated with hacking.

    • Capability: The ability to exploit vulnerabilities.

    • Financial Gain: Motivated by monetary incentives.

    • Revenge: Targeting specific entities out of spite.

    • Annoyance: Acts carried out to disrupt or annoy.

    • Protest: Hacking as a form of activism.

    • Organized Groups: Covert operations conducted by well-funded entities, including state-sponsored activities.

Page 8: Goals of Hacking

  • Objectives of Hackers:

    • Disrupt the security triad: Confidentiality, Integrity, and Availability.

    • Stealing confidential information

    • Modifying data in unauthorized ways

    • Causing Denial of Service (DoS) by making services unavailable

    • Ethical hacking is also aimed at promoting security through these activities.

Page 9: Types of Hackers

  • Classification of Hackers:

    • Black Hat Hackers: Individuals with malicious intent.

    • White Hat Hackers: Ethical hackers who conduct penetration testing to enhance security.

    • Script Kiddies: Amateurs generally lacking deep technical skills, using readily available tools.

    • Protest Hackers: Focus on activism against established entities.

    • Grey Hat Hackers: Operate between ethical and unethical boundaries.

    • Red Hat Hackers: Actively fight against black hat hackers.

    • Blue Hat Hackers: Hack for personal revenge or to retaliate.

    • Green Hat Hackers: Beginners in the hacking community.

Page 10: Ethics and Legality in Hacking

  • Legal Considerations:

    • Stress on being ethical and legal in hacking practices.

    • Engage in ethical hacking activities only if legally sanctioned as it’s unacceptable to act against the law.

Page 11: Ethical vs. Non-Ethical Hacking

  • Task Comparison:

    • Example: Finding the admin password of a fictional bank, "NonExistingBank"

  • Approaches Taken:

    • Black Hat Techniques: Using various methods that involve exploiting weaknesses for malicious purposes.

    • White Hat Techniques: Focusing on promoting security, finding vulnerabilities while adhering to legal agreements.

Page 12: Ethical vs. Non-Ethical Hacking Practices


  • Differences Highlighted:

    Ethical Hacking

    Non-Ethical Hacking


    Legally sanctioned, often via contracts

    Illegal activities


    Promotes security by identifying gaps

    Steals or manipulates information


    Finds vulnerabilities without causing harm

    Exploits weaknesses for personal gain


    Documents findings with reports

    Ignorance of documentation

    Page 13: Main Steps of Hacking

    • Phases in the Hacking Process:

      1. Information gathering

      2. Identifying the target domain

      3. Finding vulnerabilities

      4. Exploiting the vulnerabilities

      5. Lateral movements within the network

      6. Achieving the goal

    Page 14: Attack Steps Overview

    • General Hacking Process Steps:

      • An overview of the attack process based on available information.

    Page 15: Detailed Steps in Hacking

    • Information Gathering Techniques:

      1. Gather general information about the target and organize it.

      2. Collect technical details like target IP ranges.

      3. Identify available hosts in the target network.

      4. Identify available services in the target network.

      5. Map services manually to assess system reactions.

    Page 16: Continuing Detailed Hacking Steps

    • Further Hacking Actions:

      1. Run automatic vulnerability scanning using specialized tools.

      2. Manually verify the findings for accuracy (true positives).

      3. Execute exploitation of identified vulnerabilities.

      4. Engage in lateral movements to navigate through the network.

      5. Ensure ongoing access until completion of the objectives.

      6. Collect data to achieve primary and secondary goals.

      7. Remove traces of the attack (clues).

      8. Report results and findings.

      9. Delete all tools and data associated with the hack.

    Page 17: Types of Ethical Hacking Projects

    • From the Attacker’s Viewpoint:

      • External Penetration Testing: Testing an organization’s external-facing assets.

      • Web Hacking: Focusing on vulnerabilities within web applications.

      • Internal Penetration Testing: Examining vulnerabilities within the internal network.

      • Wireless Penetration Testing: Testing the security of wireless networks.

      • Social Engineering: Testing the effectiveness of training and awareness among personnel.

    • Based on Access Rights:

      • Black Box Testing: No prior knowledge about the system.

      • Grey Box Testing: Some knowledge about the system.

      • White Box Testing: Full knowledge of the system.

    Page 18: General Information Gathering

    • Importance of Initial Phase:

      • General information gathering is crucial for the attack process.

      • Preliminary efforts should focus on collecting and analyzing vital information about the target.

      • This phase results in a comprehensive dataset that provides essential insights (e.g., user lists).

    Page 19: Methods of Information Gathering

    • Effective Techniques:

      • Utilize search engines for general queries.

      • Use advanced search methods (Google hacking)

      • Gather cached data to access historical info.

    • Social Media: Systems to trace key details for prospective attacks through profiles and connections.

    Page 20: Basic Information Gathering Using Google

    • Basic Search Practices:

      • Employ domain and site inquiries for getting initial insights on public data, faculty members, etc.

    Page 21: Key Persons and Important Pages

    • Importance of Discovering Personnel Details:

      • For building a potential target profile, gather contact info and additional service-related context.

    Page 22: News and Social Media Information Gathering

    • Finding Recently Related Information:

      • Leverage current events and social media activities to procure intelligence.

    Page 23: Cached Information Collection

    • Web Archiving Methods:

      • Use resources like the Internet Archive (Wayback Machine) and Google’s cached versions to retrieve outdated content.

    Page 24: Pipl.com for Account Recovery

    • Pipl.com Functions:

      • Facilitates the discovery of personal information across various platforms, catalogues, and social accounts.

    Page 25: Building Personal Profiles via Social Media

    • Information Elements:

      • Data to collect may include work history, education, contact information, family relationships, and personal likes, enhancing profiling for potential social engineering attacks.

    Page 26: Social Engineering Attack Examples

    • Case Study:

      • Example scenario with an individual using social media check-ins at a hotel, then receiving phishing emails.

      • Evidence showing the importance of personal information in orchestrating successful attacks through timing.

    Page 27: OSINT Tools for Gathering Information

    • Useful Open-Source Intelligence Tools:

      • Maltego: Gathering information from multiple sources.

      • Shodan: Identifying IoT devices and their vulnerabilities.

      • Google Dorks: Leveraging advanced search expressions.

      • Metagoofil: Extracting metadata for documents.

      • Recon-ng: A modular tool for information gathering.

      • Various others available for comprehensive analysis.

    Page 28: Notable Mention of Twitter Search

    • Example Discussions:

      • An illustrative conversation discussing security risks and hacker negotiations with high-profile accounts demonstrating social engineering possibilities.

    Page 29: Tracking Employees via Mobile Phones

    • Reference Article:

      • Discusses the ability to track individuals like CIA and NSA operatives through phone data.

    Page 30: Webpage Information Collection

    • Bulk Downloading Techniques:

      • Using tools such as wget and HTTrack to retrieve all static information from webpages.

    Page 31: Specific Information Search Techniques

    • Tactics for Finding Precise Data:

      • Querying for targeted information like emails or phone numbers through specialized tools and methods.

    Page 32: Document Retrieval with Foca

    • Utilizing Foca's Capabilities:

      • Identifies documents and technical information based on file types.

    Page 33: Google Hacking Techniques

    • Advanced Google Searches:

      • Use site-based filters to limit results to specific domains while discovering hidden data.

    Page 34: File Type Filtering in Google Searches

    • File Type Specific Queries:

      • Using the type command to filter results to specific file extensions like .doc or .sql for targeted reconnaissance.

    Page 35: Intitle and Inurl Filtering

    • Specific Search Keyword Usage:

      • Utilizing intitle and inurl expressions to filter results for relevant directories or content.

    Page 36: Google Hack Database

    • Resource for Hack Expressions:

      • A database that contains current expressions for Google hacking to maximize search effectiveness in extraction.

    Page 37: Tools for Automated Google Hacking

    • Various Tools Mentioned:

      • SiteDigger and Wikto can automate the process of Google hacking, providing a structured method to discover vulnerabilities.

    Page 38: Resources Required for the Course

    • Essential Tools:

      • Kali Linux: A Debian based Linux distribution known for its hacking tools.

      • Contains various pre-installed tools categorized by their purposes, such as information gathering and vulnerability assessment.

    Page 39: Conclusion

    • End of Lecture 1 Summary:

      • Recap of major points covered in ethical hacking and the importance of information gathering.