PARA 1

Securing Router and Cameras Using Firewall in Ethical Hacking

Securing routers and cameras using firewalls in ethical hacking involves implementing various
strategies to protect these devices from unauthorized access and potential exploitation. Here's a
step-by-step guide on how to approach this:

1. Understand the Network Topology: Before implementing any security measures, it's
crucial to understand the network topology. Identify the routers, cameras, and other
devices connected to the network. Determine their roles, IP addresses, and how they
communicate with each other.
2. Update Firmware: Ensure that both the router and camera firmware are up-to-date.
Manufacturers often release security patches and updates to address vulnerabilities.
Regularly check for firmware updates and apply them promptly.
3. Change Default Credentials: Default credentials are often well-known and easily
exploited by attackers. Change the default usernames and passwords for both the router
and cameras to strong, unique credentials.
4. Enable Firewall: Most modern routers come with built-in firewall capabilities. Enable
the firewall on the router and configure it to restrict inbound and outbound traffic based
on specific rules. For example, you can block all incoming traffic except for essential
services like SSH or HTTPS.
5. Configure Access Control Lists (ACLs): Access Control Lists (ACLs) allow you to
control traffic flow based on various parameters such as IP addresses, ports, and
protocols. Configure ACLs on the router to allow only authorized devices to
communicate with the cameras and block all other traffic.
6. Segmentation: Implement network segmentation to isolate the cameras from the rest of
the network. Create separate VLANs (Virtual Local Area Networks) for the cameras and
apply firewall rules to restrict communication between VLANs. This prevents a
compromise of one device from affecting the entire network.
7. Intrusion Detection/Prevention Systems (IDS/IPS): Consider deploying IDS/IPS
solutions to monitor network traffic for suspicious activities and prevent potential attacks
in real-time. These systems can detect and block malicious traffic targeting the cameras
or the router.
8. Regular Security Audits: Conduct regular security audits to identify vulnerabilities and
weaknesses in the network infrastructure. Perform penetration testing to simulate real-
world attacks and assess the effectiveness of security measures.
9. Monitor Logs: Enable logging on the firewall and other network devices to track and
analyze network traffic. Monitor logs for any unusual activity or security events that may
indicate a potential security breach.
10. Physical Security: Lastly, don't overlook physical security. Secure the router and
cameras in locked cabinets or rooms to prevent unauthorized access. Disable physical
interfaces such as USB ports on the router to prevent tampering.
By following these steps, you can significantly improve the security posture of routers and
cameras in your network, mitigating the risk of unauthorized access and exploitation by
malicious actors. Remember that security is an ongoing process, and it's essential to stay vigilant
and proactive in identifying and addressing potential security threats.

Address Resolution Protocol (ARP) :

The Address Resolution Protocol (ARP) is a communication protocol used in TCP/IP networks
to map IP addresses to MAC addresses. In simpler terms, ARP allows devices within a local
network to discover and associate the hardware (MAC) addresses of other devices with their
respective IP addresses.

When a device wants to communicate with another device on the same network, it needs to know
the MAC address of the target device. ARP enables this process by broadcasting an ARP request
packet containing the IP address of the target device. The device with the matching IP address
responds with an ARP reply packet containing its MAC address. Once the requesting device
receives this reply, it stores the mapping in its ARP cache for future reference.

ARP operates at the link layer of the TCP/IP protocol stack and is critical for the proper
functioning of network communication within LANs (Local Area Networks). It is a stateless
protocol, meaning it does not include any form of authentication or verification, which makes it
susceptible to various security threats such as ARP spoofing.

Overall, ARP plays a fundamental role in facilitating communication between devices on the
same network by resolving IP addresses to MAC addresses, thereby enabling the transmission of
data packets within a local network.
 Firewall Concepts
A firewall is a computer network security system that acts as a barrier between a private network
and the internet. It monitors and controls incoming and outgoing network traffic based on
predetermined security rules. Firewalls can be implemented using software, hardware, or a
combination of both to protect against unauthorized access and cyber threats.

Key Concepts of Firewalls:

1. Packet Filtering: This is one of the fundamental functions of a firewall where it

examines each packet of data passing through it and decides whether to allow or block it
based on specific criteria such as source/destination IP addresses, ports, protocols, etc.
2. Stateful Inspection: Stateful inspection firewalls keep track of the state of active
connections and make decisions based on the context of the traffic flow. This method
offers better security by understanding the context of each packet in relation to the entire
communication session.
3. Proxy Service: Proxy firewalls act as intermediaries between internal and external
networks. They receive requests from clients internally, forward them to external servers,
receive responses, and then send them back to the clients. This setup helps hide internal
network details from external sources.
4. Application Layer Filtering: Application layer firewalls operate at Layer 7 of the OSI
model, allowing them to inspect data packets at a deeper level than traditional firewalls.
They can analyze application-specific data to detect and prevent sophisticated attacks.
5. Network Address Translation (NAT): NAT is often used in firewalls to mask internal
IP addresses from external networks by translating them into public IP addresses before
sending data packets out to the internet. This adds an extra layer of security by hiding
internal network structures.
6. Virtual Private Networks (VPNs): Firewalls can also facilitate secure remote access
through VPNs, creating encrypted tunnels for users connecting from outside the protected
network. VPNs ensure that data transmitted over public networks remains confidential
and secure.
7. Intrusion Detection/Prevention Systems (IDS/IPS): Some advanced firewalls include
IDS/IPS capabilities to detect and respond to potential threats in real-time by analyzing
network traffic patterns for suspicious behavior.

By incorporating these key concepts into their design and configuration, organizations can
establish robust defense mechanisms against cyber threats while enabling secure communication
within their networks.
 Access Control in Computer Network




Access control is a security strategy that controls who or what can view or utilize
resources in a computer system. It is a fundamental security concept that reduces
risk to the company or organization. In this article, we are going to discuss every
point about access control.
What is Access Control?
Access Control is a method of limiting access to a system or resources. Access
control refers to the process of determining who has access to what resources
within a network and under what conditions. It is a fundamental concept in security
that reduces risk to the business or organization. Access control systems perform
identification, authentication, and authorization of users and entities by evaluating
required login credentials that may include passwords, pins, bio-metric scans, or
other authentication factors. Multi-factor authentication requires two or more
authentication factors, which is often an important part of the layered defense to
protect access control systems.
Authentication Factors
 Password or PIN
 Bio-metric measurement (fingerprint & retina scan)
 Card or Key
For computer security, access control includes the authorization, authentication,
and audit of the entity trying to gain access. Access control models have a subject
and an object.
Components of Access Control
 Authentication: Authentication is the process of verifying the identity of a user.
User authentication is the process of verifying the identity of a user when that
user logs in to a computer system.
 Authorization: Authorization determines the extent of access to the network
and what type of services and resources are accessible by the authenticated
user. Authorization is the method of enforcing policies.
 Access: After the successful authentication and authorization, their identity
becomes verified, This allows them to access the resource to which they are
attempting to log in.
 Manage: Organizations can manage their access control system by adding and
removing authentication and authorization for users and systems. Managing
these systems can be difficult in modern IT setups that combine cloud services
and physical systems.
 Audit: The access control audit method enables organizations to follow the
principle. This allows them to collect data about user activities and analyze it to
identify possible access violations.
Types of Access Control
 Attribute-based Access Control (ABAC): In this model, access is granted or
declined by evaluating a set of rules, policies, and relationships using the
attributes of users, systems and environmental conditions.
 Discretionary Access Control (DAC): In DAC, the owner of data determines
who can access specific resources.
 History-Based Access Control (HBAC): Access is granted or declined by
evaluating the history of activities of the inquiring party that includes behavior,
the time between requests and content of requests.
 Identity-Based Access Control (IBAC): By using this model network
administrators can more effectively manage activity and access based on
individual requirements.
 Mandatory Access Control (MAC): A control model in which access rights are
regulated by a central authority based on multiple levels of security. Security
Enhanced Linux is implemented using MAC on the Linux operating system .
 Organization-Based Access control (OrBAC): This model allows the policy
designer to define a security policy independently of the implementation.
 Role-Based Access Control (RBAC): RBAC allows access based on the job
title. RBAC eliminates discretion on a large scale when providing access to
objects. For example, there should not be permissions for human resources
specialist to create network accounts.
 Rule-Based Access Control (RAC): RAC method is largely context based.
Example of this would be only allowing students to use the labs during a certain
time of day.
Different access control models are used depending on the compliance
requirements and the security levels of information technology that is to be
protected. Basically access control is of 2 types:
 Physical Access Control: Physical access control restricts entry to campuses,
buildings, rooms and physical IT assets.
 Logical Access Control: Logical access control limits connections to computer
networks, system files and data.
Challenges of Access Control
 Distributed IT Systems: Current IT systems frequently combine internet and
on-premise networks. These systems may be distributed geographically and
comprise various devices, assets, and virtual machines. Access is allowed to all
of these devices, and keeping track of them can be challenging.
 Policy Management: Policy makers within the organization create policies, and
the IT department converts the planned policies into code for implementation.
Coordination between these two groups is essential for keeping the access
control system up to date and functioning properly.
 Monitoring and Reporting: Organizations must constantly check access
control systems to guarantee compliance with corporate policies and regulatory
laws. Any violations or changes must be recognized and reported immediately.
 Access Control Models: Access control mechanisms provide varying levels of
precision. Choosing the right access control strategy for your organization
allows you to balance acceptable security with employee efficiency.

Types of Firewall
Firewalls can be categorized based on their generation.
1. Packet Filtering Firewall
Packet filtering firewall is used to control network access by monitoring outgoing
and incoming packets and allowing them to pass or stop based on source and
destination IP address, protocols, and ports. It analyses traffic at the transport
protocol layer (but mainly uses first 3 layers). Packet firewalls treat each packet in
isolation. They have no ability to tell whether a packet is part of an existing stream
of traffic. Only It can allow or deny the packets based on unique packet headers.
Packet filtering firewall maintains a filtering table that decides whether the packet
will be forwarded or discarded. From the given filtering table, the packets will be
filtered according to the following rules:

 Incoming packets from network 192.168.21.0 are blocked.

 Incoming packets destined for the internal TELNET server (port 23) are blocked.
 Incoming packets destined for host 192.168.21.3 are blocked.
 All well-known services to the network 192.168.21.0 are allowed.
2. Stateful Inspection Firewall
Stateful firewalls (performs Stateful Packet Inspection) are able to determine the
connection state of packet, unlike Packet filtering firewall, which makes it more
efficient. It keeps track of the state of networks connection travelling across it, such
as TCP streams. So the filtering decisions would not only be based on defined
rules, but also on packet’s history in the state table.
3. Software Firewall
A software firewall is any firewall that is set up locally or on a cloud server. When it
comes to controlling the inflow and outflow of data packets and limiting the number
of networks that can be linked to a single device, they may be the most
advantageous. But the problem with software firewall is they are time-consuming.
4. Hardware Firewall
They also go by the name “firewalls based on physical appliances.” It guarantees
that the malicious data is halted before it reaches the network endpoint that is in
danger.
5. Application Layer Firewall
Application layer firewall can inspect and filter the packets on any OSI layer, up to
the application layer. It has the ability to block specific content, also recognize
when certain application and protocols (like HTTP, FTP) are being misused. In
other words, Application layer firewalls are hosts that run proxy servers. A proxy
firewall prevents the direct connection between either side of the firewall, each
packet has to pass through the proxy.
6. Next Generation Firewalls (NGFW)
NGFW consists of Deep Packet Inspection, Application Inspection, SSL/SSH
inspection and many functionalities to protect the network from these modern
threats.
7. Proxy Service Firewall
This kind of firewall filters communications at the application layer, and protects the
network. A proxy firewall acts as a gateway between two networks for a particular
application.
8. Circuit Level Gateway Firewall
This works as the Sessions layer of the OSI Model’s . This allows for the
simultaneous setup of two Transmission Control Protocol (TCP) connections. It can
effortlessly allow data packets to flow without using quite a lot of computing power.
These firewalls are ineffective because they do not inspect data packets; if
malware is found in a data packet, they will permit it to pass provided that TCP
connections are established properly.

Hardware Firewall:
It is physical piece of equipment planned to perform firewall duties. A hardware
firewall can be a computer or a dedicated piece of equipment which serve as a
firewall. Hardware firewall are incorporated into the router that is situated between
the computer and the internet gateway.
Advantages:
 Independently run so less prone to cyber-attacks.
 Installation is external so resources are free from the server.
 Increased bandwidth enables the handling of more data packets per second.
 Reduced latency.
 VPN connection is also supported for increased security and encryption.
Disadvantages:
 Hardware devices can take extra space
 A skilled IT person is required
 Upgradation challenge as it is not cost-effective because multiple devices need
to be replaced
 Working of hardware firewall
A hardware firewall is a physical appliance that is deployed to enforce a network boundary. All
network links crossing this boundary pass through this firewall, which enables it to perform
inspection of both inbound and outbound network traffic and enforce access controls and other
security policies.

Unifies threat management

Unified Threat Management (UTM) is the process to tackle the attacks and
malware threats on a network so that the safety of all the devices is maintained
during the connection. The various examples of Unified threat management
include:
 Antivirus software
 Firewalls
 Spam Email Detection
 Intrusion Detection
 Leak Prevention
 Used to prevent attacks on websites

Features of a UTM:

The various features of a UTM are:

 Unified Threat Management (UTM) is software used for the administration and
security of networks that are vulnerable to harmful malware and virus attacks
that may harm the systems of all the people connected to that network. It
prevents this spyware and malware to enter the network and any of the devices
connected to that network.
 UTM is an effective resource that enables developers to secure their internet
networking on their computers along with saving them a ton of time, money,
manpower, and expensive IT infrastructure.
 UTM works on effective algorithms and security modules that detect and alarm
all the threats and attacking signals in advance of the attack that is being
planned on that network. Also, UTM provides effective solutions to these threats
so that they may cause as little as possible harm to the network and its clients.
 UTM enables content moderation and filtration to block spam content that may
lead to violence, crime, or child safety issues on their network.
 UTM in advance comes with the latest definitions of anti-virus software that may
block harmful malware, spyware, etc. on their computer networks. It has a
database of pre-defined viruses in the system and it automatically blocks them
and removes them from the system.
 It enables efficient and faster processing of data that is being transferred over
the network. When UTM is enabled, the time for processing data reduces, and
now the transfer process is more secure and encrypted on the network.
 Unified Threat Management also deals with the retrieval of lost data over data.
The transferred data is being continuously monitored by the network
administrator. Even in case of data theft, it automatically recovers back all the
data and it alarms the system in advance of the data theft attack, and blocks
that attacker.
 UTM firewall is capable of scanning and removing viruses, spyware, malware,
Trojan horses, etc. at the same time. The incoming and outgoing data all
together are being continuously monitored and tracked to keep an eye on all the
incoming threats to the network in form of malicious data.
 The unified Threat Management system comes already with a browser
extension feature that tracks the user on the network and alerts them when a
particular website is misusing their cookies by sending spyware and malicious
malware to their system. Sometimes, it automatically blocks those websites that
don’t come with a https secure network connection.
 Nowadays, Gmail and other service providers use UTM extension in their
services to mark and remove spam-generated emails and alert the users about
the same. These extensions scan the message of those emails and check
whether they contain malicious spyware in form of links that could be used to
track the members of that network.
 UTM comes with incoming and outgoing intrusion detection algorithms to agree
with the terms and conditions of connection to that network. Also, it makes the
work easier as no we don’t need different specialized software for solving
different purposes.

Working of UTM:

UTM firewalls are of two types :

 Stream-based UTMs
 Proxy-based UTMs
In Stream-based UTMs, each device on the network is physically connected to a
network security device that enables to scan of the networking data and looking for
viruses, spyware, malware, or any attacks from the websites like DDoS attacks,
DNS Amplification attacks, and Intrusion attacks.
In Proxy-based UTMs, network security software is installed and enabled like anti-
virus, or connected to a private VPN, or using IPS systems. Also, a proxy server is
installed for safety purposes so that all the data is first transferred to that server
and after that to all other devices after it gets thoroughly scanned by that server as
a security measure.

File transfer protocol

File transfer protocol (FTP) is an Internet tool provided by TCP/IP. The first
feature of FTP is developed by Abhay Bhushan in 1971. It helps to transfer files
from one computer to another by providing access to directories or folders on
remote computers and allows software, data, text file to be transferred between
different kinds of computers. The end-user in the connection is known as localhost
and the server which provides data is known as the remote host.
The goals of FTP are:
 It encourages the direct use of remote computers.
 It shields users from system variations (operating system, directory structures,
file structures, etc.)
 It promotes sharing of files and other types of data.

TELNET
TELNET stands for Teletype Network. It is a type of protocol that enables one computer to
connect to the local computer. It is used as a standard TCP/IP protocol for virtual terminal
service which is provided by ISO. The computer which starts the connection is known as
the local computer.
The computer which is being connected to i.e. which accepts the connection known as
the remote computer.
During telnet operation, whatever is being performed on the remote computer will be
displayed by the local computer. Telnet operates on a client/server principle. The local
computer uses a telnet client program and the remote computers use a telnet server
program.

Advantages of Telnet
1. It provides remote access to someone’s computer system.
2. Telnet allows the user for more access with fewer problems in data
transmission.
3. Telnet saves a lot of time.
4. The oldest system can be connected to a newer system with telnet having
different operating systems.
Disadvantages of Telnet
1. As it is somehow complex, it becomes difficult to beginners in understanding.
2. Data is sent here in form of plain text, that’s why it is not so secured.
3. Some capabilities are disabled because of not proper interlinking of the remote
and local devices.

SSH
The SSH(Secure Shell) is an access credential that is used in the SSH Protocol.
In other words, it is a cryptographic network protocol that is used for transferring
encrypted data over the network. The port number of SSH is 22(Twenty-Two). It
allows you to connect to a server, or multiple servers, without having to remember
or enter your password for each system that is to log remotely from one system to
another. It always comes in key pairs:
 Public key – Everyone can see it, no need to protect it. (for encryption
function).
 Private key – Stays in computer, must be protected. (for decryption function).
Key pairs can be of the following types:
 User Key – If the public key and private key remain with the user.
 Host Key – If public key and private key are on a remote system.
 Session key – Used when a large amount of data is to be transmitted.
Features of SSH
 Encryption: Encrypted data is exchanged between the server and client, which
ensures confidentiality and prevents unauthorized attacks on the system.
 Authentication: For authentication, SSH uses public and private key pairs
which provide more security than traditional password authentication.
 Data Integrity: SSH provides Data Integrity of the message exchanged during
the communication.
 Tunneling: Through SSH we can create secure tunnels for forwarding network
connections over encrypted channels.
SSH Functions
There are multiple functions performed by SSH Function, here below are some
functions:
 SSH provides high security as it encrypts all messages of communication
between client and server.
 SSH provides confidentiality
 SSH allows remote login, hence is a better alternative to TELNET
 SSH provides a secure File Transfer Protocol, which means we can transfer
files over the Internet securely
 SSH supports tunneling which provides more secure connection communication
SSH Protocol
To provide security between a client and a server the SSH protocol uses
encryption. All user authentication and file transfers are encrypted to protect the
network against attacks.
Para 2
What is Malware Analysis? Malware Analysis is the study or process of determining the
functionality, origin and potential impact of a given malware sample and extracting as much
information from it. The information that is extracted helps to understand the functionality and
scope of malware, how the system was infected and how to defend against similar attacks in
future.
Objective:
• to understand Tthe type of malware and its functionality.
• Determine how the system was infected by malware and define if it was a targeted attack
or a phishing attack.
• How malware communicates with attacker.
• Future detection of malware and generating signatures.
Types of Malware Analysis:
• Static analysis – It is a process of analyzing the malware without executing or running it.
This analysis is used to extract as much metadata from malware as possible like P.E
headers strings etc.
• Dynamic analysis – It is process of executing malware and analyzing its functionality
and behavior. This analysis helps to know what malware does during its execution using
debugger.
• Code analysis – It is a process of analyzing/reverse engineering assembly code. It is
combination of both static and dynamic analysis.
• Behavioral analysis – It is the process of analyzing and monitoring the malware after
execution. It involves monitoring the processes, registry entries and network monitoring
to determine the workings of the malware.
Common Steps in Malware Analysis:
• Identification
• Static Analysis
• Dynamic Analysis
• Code Analysis
• Behavioral Analysis
• Reverse Engineering

Advantages of Malware Analysis:

1. Threat Detection: Malware analysis enables the detection of previously unknown threats,
allowing organizations to proactively defend against attacks.
2. Improved Security: By understanding the behavior of malware, organizations can
improve their security measures and reduce the risk of infection.
 3. Understanding of Attack Techniques: Malware analysis provides insight into the methods
and techniques used by attackers, allowing organizations to better prepare for and defend
against future attacks.
4. Early Detection: By analyzing malware early in its lifecycle, organizations can mitigate
the impact of an attack and reduce the time required to recover from it.
5. Forensics: Malware analysis can provide valuable information for forensic investigations
and can aid in the prosecution of attackers.

Disadvantages of Malware Analysis:

1. Time-Consuming: The process of malware analysis can be time-consuming and requires
specialized knowledge and tools.
2. Risk of Infection: Conducting malware analysis in an uncontrolled environment can
result in the spread of the malware, potentially causing harm to other systems.
3. Cost: Malware analysis requires specialized tools and expertise, which can be expensive
for organizations to acquire and maintain.
4. Difficulty: Malware is constantly evolving, and the analysis process can be challenging,
requiring specialized knowledge and expertise.
5. False Positives: Malware analysis can sometimes result in false positives, leading to false
alarms and a loss of confidence in the security measurement.

What is a Trojan Horse?

The name of the Trojan Horse is taken from a classical story of the Trojan War. It is a code that
is malicious in nature and has the capacity to take control of the computer. It is designed to steal,
damage, or do some harmful actions on the computer. It tries to deceive the user to load and
execute the files on the device. After it executes, this allows cybercriminals to perform many
actions on the user’s computer like deleting data from files, modifying data from files, and more.
Now like many viruses or worms, Trojan Horse does not have the ability to replicate itself.
For example:
There was a Trojan that disguised itself as a game. Many users have downloaded this game and
that secretly turned into a self-replicating virus. The game was a simple theme-based game, but it
started to back up all the files on the drive where the user would access them. The Trojan turned
out to be harmless, and it was easy for them to fix. So this was identified as Trojan because it did
not disclose the virus.

Features of Trojan Horse

• It steals information like a password and more.
• It can be used to allow remote access to a computer.
• It can be used to delete data and more on the user’s computers.
Working with trojan:
Trojan viruses work by taking advantage of a lack of security knowledge by the user and
security measures on a computer, such as an antivirus and antimalware software program.
A Trojan typically appears as a piece of malware attached to an email. The file, program, or
application appears to come from a trusted source.

How it works;
Unlike computer viruses, a Trojan horse requires a user to download the server side of the
application for it to function because it cannot manifest by itself. This means that for the Trojan
to target a device’s system, the executable (.exe) file must be implemented and the software
installed.
Cybercriminals can also utilize social engineering techniques to trick people into installing
malicious software, which can then infect a device with a Trojan. The malicious file may be
hidden in internet links, pop-up ads, or banner advertisements. The malicious file may be hidden
in internet links, pop-up ads, or banner advertisements.
Trojan software can propagate to other computers from a Trojan-infected the computer. A hacker
makes the device into a zombie computer, giving them remote access to it without the user’s
knowledge. The zombie machine can then be used by hackers to spread malware among a botnet
of computers.
A user might, for example, get an email from a friend that has an attachment that likewise
appears to be real. However, the attachment has malicious code that runs on the user’s device and
installs the Trojan. The user may not be aware that anything suspicious has happened because
their machine may continue to function regularly without any signs of it having been infected.
Until the user makes a certain action, such visiting a specific website or banking app, the
malware will remain undiscovered. As a result, the malicious code will be activated and the
Trojan will do the required hacking activity. The malware may destroy itself, go back to being
dormant, or continue to be active on the device, depending on the type of Trojan and how it was
developed.

Examples of Trojan Horse Virus Attacks

1.Rakhni Trojan: The Rakhni Trojan infects devices by delivering ransomware or a cryptojacker
utility that allows an attacker to utilize a device to mine bitcoin.
2.Tiny Banker: With the use of Tiny Banker, hackers can steal users’ bank information. As soon
as it infected, it was discovered at least 20 U.S. banks.
3.Zeus or Zbot: Zeus, often known as Zbot, is a toolkit that allows hackers to create their own
Trojan virus and targets financial services. To steal user passwords and financial information, the
source code employs strategies like form grabbing and keystroke logging.

Advantage of Trojan Horse

• It can be sent as an attachment in an email.
• It can be in some pop-up ads that we find on the web page.
• It can be used to allow remote access to a computer.
• It can be used to delete data and more on the user’s computers.

Disadvantages of Trojan Horse

• It can’t manifest by itself. It requires the implementation of the .exe files.
• It remains undetected and starts its execution when the user is doing any online
transaction activity.
• the system or the device where it has been affected will be slow.
• The user can also experience a direct shutdown of the computer.
• The user will experience the files to be opening much slower.
Para 3

What is Social Engineering?

The best and easiest definition of the term Social Engineering is :
“Social engineering is lying to people to get information.”
Social engineering is act of manipulating a person to take any action that
may or may not be in “target’s” best interest. This may include obtaining
information, gaining access, or getting target to take a certain action. It is art
of manipulating and misleading people. A phone call with a survey or some
quick research on Internet can yield a birthday date or anniversary date, and
armed with this information. This information is enough to build a password
attack list. Plus, a dozen sites offer detailed records of all sorts of personal
information on an individual for a mere INR 100 – INR 3000 or more than
this. It doesn’t involve use of technical hacking techniques. Only thing which
is compromised is human brain and trust.

Social Engineering Phases :

There are 7 phases in a total of Social Engineering Attack.
1. Identifying the goal –
First phase consists of Attack formulation and in accordance, identifying
target necessary to fulfill goal.
2. Information gathering –
In this phase, social engineers assess and identify potential information
sources and begin information gathering and assessment.
3. Preparation –
In this phase, social engineers analyze information and develop an action
plan and methodology to begin approaching the target.
4. Establishing a relationship –
In this phase, social engineers establish a line of communication and
begin to build a relationship.
5. Exploit the relationship –
In this phase, the target is “prepped”. The exploitation stage uses different
methods of misleading to evoke right type of emotions and prime the
target to right emotional stage.
6. Debrief –
In this phase, social engineer returns to victim and maintains desired
emotional state. The goal is that the victim will not feel like anything in
 relationship was odd, and they will not understand that they have been
under attack.
7. Goal Satisfaction –
After a successful social engineering attack, social engineers will exploit
information they have gathered. After social engineering attack, the social
engineer will either return to the victim for more information or slowly
close relationship.

Types of social engineering attacks :

1. Phishing
2. Whaling
3. Baiting
4. Diversion Theft
5. Business Email Compromise (BEC)
6. Smishing
7. Quid Pro Quo
8. Pretexting
9. Honeytrap
10. Tailgating/Piggybacking

1. Phishing
Phishing is a cyberattack that leverages email, phone, SMS, social media or other
form of personal communication to entice users to click a malicious link, download
infected files or reveal personal information, such as passwords or account
numbers.

While the most well-known phishing attacks usually involve outlandish claims, such
as a member of a royal family requesting an individual’s banking information, the
modern phishing scam is far more sophisticated. In many cases, a cyber criminal
may masquerade as retailers, service providers or government agencies to extract
personal information that may seem benign such as email addresses, phone
numbers, the user’s date of birth, or the names of family members.

Phishing is one of the most common types of cyberattacks and its prevalence
continues to grow year over year. COVID-19 dramatically increased cyberattacks of
all kinds, including phishing attacks. During the lockdown period, people generally
spent more time online and also experienced heightened emotions — the virtual
recipe for an effective phishing campaign. According to the FBI, phishing was the
top form of cybercrime in 2020, with incidents nearly doubling compared to 2019.

2. Whaling
A whaling attack is a type of phishing attack that also leverages personal
communication to gain access to a user’s device or personal information.

The difference between phishing and whaling has to do with the level of
personalization. While phishing attacks are not personalized and can be replicated
for millions of users, whaling attacks target one person, typically a high-level
executive. This type of attack requires a significant amount of research on that
individual, which is usually done by reviewing their social media activity and other
public behavior. This in-depth research results in more sophisticated outreach and a
higher likelihood of success.

Though whaling attacks require more planning and effort initially, they often have
huge payoffs as the targets have access to high value data or the financial
resources needed to advance a ransomware attack.

3. Baiting
Baiting is a type of social engineering attack wherein scammers make false
promises to users in order to lure them into revealing personal information or
installing malware on the system.

Baiting scams can be in the form of tempting ads or online promotions, such as free
game or movie downloads, music streaming or phone upgrades. The attacker hopes
that the password the target uses to claim the offer is one they have also used on
other sites, which can allow the hacker to access the victim’s data or sell the
information to other criminals on the dark web.

Baiting can also be in a physical form, most commonly via a malware-infected flash
drive. The attacker would leave the infected flash drive in an area where the victim
is most likely to see it. This would prompt the victim to insert the flash drive into the
computer to find out who it belongs to. In the meantime, malware is installed
automatically.

4. Diversion theft
Diversion theft is a cyberattack that originated offline. In this attack, a thief
persuades a courier to pick up or drop off a package in the wrong location, deliver
an incorrect package or deliver a package to the wrong recipient.

Diversion theft has since been adapted as an online scheme. The malicious actor
steals confidential information by tricking the user into sending it to the wrong
recipient.

This attack type often involves spoofing, which is a technique used by

cybercriminals to disguise themselves as a known or trusted source. Spoofing can
take many forms, such as spoofed emails, IP spoofing, DNS Spoofing, GPS
spoofing, website spoofing, and spoofed calls.

5. Business email compromise (BEC)

Business Email Compromise (BEC) is a social engineering tactic where the
attacker poses as a trustworthy executive who is authorized to deal with financial
matters within the organization.

In this attack scenario, the scammer closely monitors the executive’s behavior and
uses spoofing to create a fake email account. Through impersonation, the attacker
sends an email requesting their subordinates make wire transfers, change banking
details and carry out other money-related tasks.

BEC can result in huge financial losses for companies. Unlike other cyber scams,
these attacks do not rely on malicious URLS or malware that can be caught by
cybersecurity tools, like firewalls or endpoint detection and response (EDR)
systems. Rather, BEC attacks are carried out strictly by personal behaviour, which
is often harder to monitor and manage, especially in large organizations.

6. Smishing / SMS-phishing
SMS-phishing, or smishing, is a social engineering attack conducted specifically
through SMS messages. In this attack, scammers attempt to lure the user into
clicking on a link which directs them to a malicious site. Once on the site, the victim
is then prompted to download malicious software and content.

Smishing attacks have increased in popularity amongst criminals as people spend

more time on mobile devices. While users have become savvier at detecting email
phishing, many people are far less aware of the risks associated with text
messages.

A smishing attack requires little effort for threat actors and is often carried out by
simply purchasing a spoofed number and setting up the malicious link.

7. Quid pro quo

A quid pro quo attack involves the attacker requesting sensitive information from
the victim in exchange for a desirable service.

For example, the attacker may pose as an IT support technician and call a computer
user to address a common IT issue, such as slow network speeds or system
patching to acquire the user’s login credentials. Once the credentials are
exchanged, this information is used to gain access to other sensitive data stored on
the device and its applications, or it is sold on the dark web.
8. Pretexting
Pretexting is a form of social engineering that involves composing plausible
scenarios, or pretext, that are likely to convince victims to share valuable and
sensitive data.

Pretexters may impersonate someone in a position of authority, such as a member

of law enforcement or a tax official, or a person of interest, such as a talent agency
scout or sweepstakes organizer. After explaining the context, the attacker would
then ask the victim questions to gain personal and sensitive information, which they
could then use to advance other attack scenarios or access their personal accounts.

9. Honeytrap
A honeytrap attack is a social engineering technique that specifically targets
individuals looking for love on online dating websites or social media. The criminal
befriends the victim by creating a fictional persona and setting up a fake online
profile. Over time, the criminal takes advantage of the relationship and tricks the
victim into giving them money, extracting personal information, or installing
malware.

10. Tailgating/Piggybacking
Tailgating, also known as piggybacking, is a physical breach whereby an attacker
gains access to a physical facility by asking the person entering ahead of them to
hold the door or grant them access. The attacker may impersonate a delivery driver
or other plausible identity to increase their chances. Once inside the facility, the
criminal can use their time to conduct reconnaissance, steal unattended devices or
access confidential files.

Tailgating can also include allowing an unauthorized person to borrow an

employee’s laptop or other device so that the user can install malware.

11.Shoulder Sniffing:

Shoulder sniffing in ethical hacking refers to the practice of intercepting network

traffic by physically positioning oneself close to the target’s device or network
infrastructure. This allows the ethical hacker to capture data packets being
transmitted over the network, including sensitive information such as login
credentials, financial data, or personal information. By analyzing this intercepted
data, security professionals can identify weaknesses in the network’s encryption
protocols, configuration settings, or application vulnerabilities.

12.Eavesdropping:
 Eavesdropping, in the context of ethical hacking, involves listening in on
communications between individuals or devices to gather intelligence about
potential security risks. Ethical hackers may use tools like packet sniffers or
network monitoring software to intercept and analyze data exchanged over
unsecured channels. By eavesdropping on conversations or electronic
communications, security professionals can assess the effectiveness of
encryption methods, communication protocols, and access controls implemented
by the target organization.

Security measures of social engineering

attacks:
 Be suspicious of unsolicited phone calls, visits, or email
messages from individuals asking about employees or
other internal information. If an unknown individual claims
to be from a legitimate organization, try to verify his or
her identity directly with the company.
 Do not provide personal information or information about
your organization, including its structure or networks,
unless you are certain of a person's authority to have the
information.
 Do not reveal personal or financial information in email,
and do not respond to email solicitations for this
information. This includes following links sent in email.
 Don't send sensitive information over the internet before
checking a website's security.
 If you are unsure whether an email request is legitimate,
try to verify it by contacting the company directly. Do not
use contact information provided on a website connected
to the request; instead, check previous statements for
contact information. Information about known phishing
attacks is also available online from groups such as
the Anti-Phishing Working Group.
  Install and maintain anti-virus software, firewalls, and
email filters to reduce some of this traffic.

 Take advantage of any anti-phishing features offered by

your email client and web browser.
 Enforce multifactor authentication (MFA).

working on live phishing on external network in ethical

hacking:
To conduct live phishing on an external network as part of ethical hacking, it is crucial to
follow a structured approach to ensure that the activity is conducted responsibly and
legally. Here are the steps involved:

1. Obtain Proper Authorization: Before conducting any form of penetration testing or

ethical hacking, it is essential to obtain explicit authorization from the owner of the
network or system you intend to test. This ensures that you have legal permission to
perform the activities.
2. Set Up a Controlled Environment: Create a controlled environment for your phishing
simulation. This could involve setting up a separate network segment or using virtual
machines to isolate the phishing activities from the rest of the network.
3. Choose Your Phishing Technique: Select the type of phishing attack you want to
simulate based on your objectives and the vulnerabilities you aim to test. Consider
whether you will be conducting spear phishing, whaling, pharming, clone phishing, or
another type of attack.
4. Craft Believable Phishing Messages: Develop convincing phishing emails or
messages that mimic those used in real-world attacks. Pay attention to details such as
sender information, content, and call-to-action elements.
5. Deploy Phishing Infrastructure: Set up the necessary infrastructure for your phishing
campaign, including email servers, fake websites, or other tools required to execute the
attack.
6. Execute the Phishing Campaign: Send out your phishing emails or messages to the
target recipients within the external network. Monitor responses and interactions with
the malicious content.
7. Analyze Results and Gather Data: Collect data on how many recipients fell for the
phishing attempt, clicked on links, or provided sensitive information. This analysis helps
in understanding the effectiveness of the attack and identifying potential security gaps.
8. Report Findings and Mitigate Risks: Compile a detailed report outlining your findings
from the live phishing exercise. Highlight vulnerabilities discovered and provide
recommendations for improving security measures to mitigate risks.
9. Educate Users and Enhance Security Awareness: Use insights gained from the
ethical hacking exercise to educate users about common phishing tactics and enhance
overall security awareness within the organization.

Identity Theft:
How Identity Theft Relates to Ethical Hacking:

Identity theft is a critical aspect of ethical hacking as it involves understanding how

cybercriminals exploit vulnerabilities to steal personal information. Ethical hackers, also
known as white-hat hackers, use their skills to identify and rectify security weaknesses
that could lead to identity theft. By simulating cyber attacks, ethical hackers can help
organizations strengthen their defenses against malicious actors who engage in identity
theft.

Preventing Identity Theft Through Ethical Hacking:

Ethical hackers play a crucial role in preventing identity theft by conducting penetration
testing, vulnerability assessments, and security audits. These proactive measures help
organizations identify and address security gaps before cybercriminals can exploit them
for nefarious purposes. By working closely with cybersecurity teams, ethical hackers
contribute to the development of robust security protocols that safeguard sensitive
personal information from unauthorized access.

Ethical Hacking Techniques Against Identity Theft:

Ethical hackers utilize various techniques to combat identity theft, including:

1. Penetration Testing: Ethical hackers simulate real-world cyber attacks to uncover

vulnerabilities that could be exploited for identity theft.
2. Social Engineering Assessments: By testing employees’ susceptibility to social
engineering tactics, ethical hackers help organizations educate their staff on recognizing
and resisting manipulation attempts aimed at stealing personal information.
3. Security Audits: Ethical hackers conduct thorough assessments of an organization’s
security infrastructure to identify weaknesses that could lead to data breaches and
identity theft.
In conclusion, ethical hacking plays a vital role in combating identity theft by proactively
identifying and addressing security vulnerabilities that could be exploited by
cybercriminals.