Lecture 11.

1: Cyber Security, Attacks, and Ethical Hacking

1. Introduction to Cyber Security

• Cyber Security protects internet-connected systems (hardware, software, and

data) from cyberattacks.

• It ensures confidentiality, integrity, and availability of data.

• Cyber threats have increased drastically due to the rise of digital transactions,
IoT devices, and cloud computing.

2. Real-World Cyber Attacks (Case Studies)

1. K-Electric Ransomware Attack

• Attackers demanded $7 million ransom to prevent customer data leaks.

• Threat: Exposed names, CNICs, credit card details on the dark web.

• Impact: Millions of users were at risk of fraud.

2. Google Play Hack

• Malware-infected apps were uploaded to Google Play Store.

• Users unknowingly downloaded malicious apps that stole personal data.

• Lesson: Always download apps from verified developers.

3️. Meezan Bank Data Breach (2019)

• 69,189 bank card details were sold on the dark web.

• Loss: $3.5 million worth of banking data was leaked.

• Bank's Response: Asked customers to reset their PINs and take security
measures.

4️. PIA Website Attack

• Pakistan International Airlines (PIA) website was hacked, disrupting services.

• Impact: Passengers couldn't book flights or check flight status.

• Lesson: Websites handling sensitive data should have strong cybersecurity in

place.
 3️. The Importance of Cyber Security

• A huge increase in cybercrime has been reported in recent years.

• Cybercrime has become more profitable than the drug trade (Europol 2013
report).

• Security breaches can lead to financial loss, reputation damage, and personal
data theft.

4️. Cyber Security Principles (C.I.A. Triad)

Cybersecurity is based on three core principles:

1. Confidentiality

o Ensures data is accessible only to authorized users.

o Example: Encrypting sensitive information like bank details.

2. Integrity

o Ensures data is accurate and not modified by unauthorized users.

o Example: Digital signatures protect data integrity.

3. Availability

o Ensures data and services are available when needed.

o Example: DDoS protection to prevent website crashes.

5. Common Types of Cyber Attacks

1. Malware (Malicious Software)

• Software designed to damage or gain unauthorized access to systems.

• Types:

o Virus – Attaches to files and spreads when executed.

o Worms – Self-replicating and spread without user action.

o Trojan Horse – Disguised as legitimate software but contains malware.

o Spyware – Secretly collects user information.

o Ransomware – Encrypts files and demands ransom.

2. Phishing Attacks

• Fake emails or messages trick users into revealing sensitive data.

• Types:

o Vishing – Phishing via phone calls.

o Smishing – Phishing via SMS.

3️. Password Attacks

• Brute Force Attack – Trying many password combinations.

• Dictionary Attack – Using a list of common passwords.

• Keyloggers – Recording keystrokes to steal passwords.

4️. Distributed Denial of Service (DDoS)

• Overloading a website/server with traffic to crash it.

• Often done using botnets (infected computers controlled by hackers).

5. Man-in-the-Middle (MITM) Attack

• An attacker intercepts communication between two parties.

• Example: Hackers intercept login credentials on public Wi-Fi networks.

6. SQL Injection

• Attackers inject malicious SQL commands into a database to steal or modify

data.

• Example: Entering ' OR '1'='1 in a login form to bypass authentication.

7. DNS Poisoning

• Hackers alter DNS records to redirect users to fake websites.

• Example: Redirecting www.bank.com to a phishing site.

6. Cyber Crime

• Definition: Cybercrime involves using a computer to commit illegal activities.

• Common Cyber Crimes:

o Cyberstalking – Harassing someone online.

o Forgery – Creating fake documents.

 o Identity Theft – Stealing personal data for fraud.

o Software Piracy – Unauthorized distribution of software.

o Cyber Terrorism – Using technology for political or ideological attacks.

Cybercrime Motivations:

1. Money – Ransomware attacks demand payment.

2. Revenge – Insider threats or disgruntled employees.

3. Fun – Some hackers do it for amusement.

4. Recognition – Hackers want to prove their skills.

5. Cyber Espionage – Governments spying on rival nations.

7. Ethical Hacking and Security

1. What is Hacking?

• Hacking is the process of exploiting vulnerabilities in a system.

• Types of Hackers:

o White Hat (Ethical Hackers) – Work legally to improve security.

o Black Hat (Criminal Hackers) – Hack for personal gain.

o Grey Hat – Hack without malicious intent but still break rules.

2. Phases of Hacking

1. Footprinting & Reconnaissance – Gathering information.

2. Scanning – Identifying open ports and vulnerabilities.

3. Gaining Access – Exploiting weaknesses to enter a system.

4. Maintaining Access – Installing backdoors for future access.

5. Covering Tracks – Deleting logs and hiding presence.

3️. Why Ethical Hacking is Necessary

• Identifies vulnerabilities before hackers do.

• Helps companies strengthen their security.

• Ensures data protection and regulatory compliance.

 8. Countermeasures Against Cyber Threats

Use Strong Passwords – At least 12 characters with symbols & numbers.

Enable Multi-Factor Authentication (MFA) – Extra security layer.
Keep Software Updated – Patches fix vulnerabilities.
Use Firewalls & IDS – Monitor and block malicious activity.
Be Cautious with Emails – Verify before clicking links.
Backup Data Regularly – Protects against ransomware.

Summary

✔ Cybersecurity protects systems from unauthorized access and attacks.

✔ Real-world cyberattacks (K-Electric, Meezan Bank) show why security is crucial.
✔ Common threats include malware, phishing, DDoS, MITM, and SQL injections.
✔ Hacking can be ethical (White Hat) or criminal (Black Hat).
✔ Security measures like strong passwords, firewalls, and backups help protect
against attack

Footprinting
1. Introduction to Footprinting

• Footprinting is the process of gathering information about a target system,

network, or organization.

• It is the first phase of hacking and is used by both hackers (for attacks) and
security professionals (for defense).

• The goal is to collect as much publicly available information as possible before

attempting an attack.

2. Types of Footprinting

Footprinting can be classified into two types:

a) Passive Footprinting

• Involves gathering information without directly interacting with the target.

• Sources include:
 o Search engines (Google, Bing)

o Social media (LinkedIn, Facebook, Twitter)

o WHOIS database (Domain registration details)

o Job postings (Revealing technologies used by a company)

• Example: Searching "site:example.com" on Google to find all indexed pages of

a website.

b) Active Footprinting

• Involves direct interaction with the target system to gather information.

• Techniques include:

o Ping sweeps – Checking if a server is online.

o Traceroute – Finding the path data takes to reach a target.

o Port scanning – Identifying open services on a system.

• Example: Using Nmap to scan a company’s web server for open ports.

3️. Objectives of Footprinting

1. Gather domain and IP address information.

2. Identify security weaknesses (e.g., unprotected subdomains, outdated

software).

3. Find employee details and emails for phishing attacks.

4. Learn about technologies and infrastructure used by an organization.

5. Plan for future attacks, such as social engineering or penetration testing.

4️. Footprinting Techniques

1. Search Engine Footprinting

• Using Google, Bing, or DuckDuckGo to find sensitive information.

• Examples:

o site:example.com – Lists all indexed pages of a website.

o filetype:xls inurl:admin – Finds Excel files with "admin" in the URL.

2. WHOIS Lookup

• WHOIS databases store domain registration details, including:

o Owner name

o Email address

o Phone number

o Server IP address

• Example: Using whois example.com to find domain details.

3️. DNS Footprinting

• Collecting Domain Name System (DNS) information.

• Example: Running a DNS lookup to find subdomains (e.g., mail.example.com).

4️. Social Media Footprinting

• Hackers analyze company social media accounts for employee names, job
descriptions, and technology details.

• Example: A LinkedIn job posting mentioning "AWS and Kubernetes" reveals the
company’s cloud setup.

5. Email Footprinting

• Attackers use email headers to extract information like:

o IP address of sender

o Mail server details

• Example: Checking email headers to see where the email originated.

6. Network Footprinting

• Uses ping, traceroute, and port scanning to map network infrastructure.

• Example: tracert example.com shows the number of hops to reach the server.

7. Google Dorking (Advanced Google Searches)

• Google Dorks help find sensitive files and exposed information.

• Common Google Dorks:

o intitle:"index of" inurl:ftp – Finds open FTP servers.

o filetype:pdf "confidential" – Searches for confidential PDF files.

 o inurl:admin login – Finds admin login pages.

5. Is Footprinting Legal?

• Passive footprinting is legal because it gathers publicly available data.

• Active footprinting (like port scanning) may be illegal if done without

permission.

• Ethical hackers must follow cybersecurity laws and get written consent before
scanning a network.

6. Real-World Examples of Footprinting

Example 1: Corporate Cyber Attack

• An attacker searches LinkedIn for employees of "ABC Corp."

• They find an employee named "John Doe – IT Admin."

• The attacker sends a phishing email pretending to be from the CEO, asking for
login credentials.

• Result: The hacker gains access to the company’s internal systems.

Example 2: Government Cyber Espionage

• A hacker scans DNS records of a government website to find hidden

subdomains.

• They discover secure.example.gov, which leads to an exposed admin panel.

• Result: The hacker attempts brute-force attacks to gain access.

7. Countermeasures to Prevent Footprinting

Organizations can reduce the risk of being footprinted by following these measures:

Use Privacy Protection for WHOIS – Many domain registrars offer privacy
protection to hide owner details.
Restrict Social Media Exposure – Employees should avoid posting sensitive
company information online.
Disable Unused Services & Ports – Prevents attackers from finding open entry
points.
Monitor DNS & Web Traffic – Identifies suspicious activity before an attack
happens.
Educate Employees About Phishing – Social engineering is a major risk.

Summary

✔ Footprinting is the first step in hacking and penetration testing.

✔ It helps attackers gather information about a company’s network, employees,
and security flaws.
✔ Both passive (Google, WHOIS, social media) and active (port scanning,
traceroute) techniques exist.
✔ Google Dorking is a powerful method for finding exposed files, cameras, and
admin pages.
✔ Companies can reduce risk by securing DNS, limiting social media exposure, and
training employees.

Scanning
This chapter covers how to analyze and secure networks by scanning for
vulnerabilities, identifying security flaws, and using different scanning techniques.

1. Introduction

• Network security is crucial to prevent cyberattacks.

• Scanning helps detect vulnerabilities, misconfigurations, and weak points in

a system.

• Attackers use scanning as the first step in hacking, while security professionals
use it for defensive measures.

2. Basics of Security

To secure a system, several layers of security are needed:

a) Patch Management

• A patch is an update that improves security, performance, or fixes

vulnerabilities.

• Types of patches:

1. Critical patches – Fix major security holes.

 2. Recommended patches – Improve security and performance.

3. Optional patches – Add features but aren’t essential.

b) Ports

• Ports are like virtual doors that allow communication between devices.

• Every service (e.g., web browsing, file sharing) uses a specific port number.

• Example of common ports:

o Port 80 – HTTP (Web traffic)

o Port 4️4️3️ – HTTPS (Secure web browsing)

o Port 22 – SSH (Secure Shell, remote access)

o Port 4️4️5 – SMB (File sharing)

c) Protection Methods

1. Firewalls – Block unauthorized access.

2. Intrusion Detection Systems (IDS) – Detect potential threats.

3. Intrusion Prevention Systems (IPS) – Block malicious activities.

4. Antivirus Software – Detects and removes malware.

5. Regular Updates – Ensure systems are patched against vulnerabilities.

d) Security Policies

• Rules and guidelines to protect sensitive data.

• Examples: Strong passwords, multi-factor authentication, backup policies.

3️. Probing a System for Vulnerabilities

A probe is a tool used to check a system for weaknesses.

• Hackers use probing to find entry points.

• Security professionals use it to strengthen defenses.

a) Physical Security Considerations

• Destroy old backup tapes before disposal.

• Secure routers, switches, and hubs to prevent unauthorized access.

 • Example: A hacker with physical access to a router can configure it to spy on
network traffic.

4️. Types of Network Scanning

Network scanning involves different techniques to identify open ports, running

services, and vulnerabilities.

a) TCP Scan

• Scans Transmission Control Protocol (TCP) ports.

• Uses a three-way handshake:

1. The source sends a SYN request.

2. If the port is open, the destination replies with SYN-ACK.

3. The source responds with ACK, establishing the connection.

• Example: An attacker scans for port 22 (SSH) to try brute-force attacks.

b) SYN Scan (Stealth Scan)

• Faster and stealthier than a full TCP scan.

• Instead of completing the handshake, it drops the connection after SYN-ACK.

• Advantage: Harder to detect by firewalls.

• Example: Used by hackers to find open ports without triggering security alarms.

c) FIN Scan

• Uses FIN (Finish) packets instead of SYN.

• If no response is received, the port is open.

• Bypasses some firewalls that only monitor SYN traffic.

d) Null Scan

• Sends packets with no flags set.

• If the target doesn't respond, the port is open.

• Used for firewall evasion.

e) UDP Scan

• Scans UDP (User Datagram Protocol) ports, which do not use handshakes.
 • Harder to detect but less reliable.

• Example: Checking if port 53️ (DNS) is open.

f) Christmas Tree Scan

• Sets multiple TCP flags (FIN, PSH, URG) at once, making the packet look
unusual.

• Some devices crash when receiving this type of packet.

• Nickname: "Lights up the network like a Christmas tree."

5. Vulnerability Scanning

A vulnerability scanner looks for security weaknesses in a system.

a) Why Use Vulnerability Scanning?

• Helps identify weak points before hackers do.

• Ensures systems are patched and updated.

• Example: Detecting outdated software that hackers can exploit.

b) Common Vulnerability Scanning Tools

1. Nmap (Network Mapper) – Scans networks for open ports and running services.

2. Nessus – Detects security vulnerabilities in a system.

3. MBSA (Microsoft Baseline Security Analyzer) – Scans for Windows security

weaknesses.

6. Summary of Key Points

✔ Scanning is the first step in hacking and ethical security testing.

✔ Firewalls, IDS, and IPS help prevent unauthorized access.
✔ Different scanning methods (TCP, SYN, UDP) have different purposes.
✔ Using vulnerability scanning tools (Nmap, Nessus) helps protect against cyber
threats.
✔ Hackers and security professionals use similar tools, but with different
intentions.