SlideShare une entreprise Scribd logo

Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx

Télécharger en tant que PPTX, PDF
B
Boston Institute of Analytics

This Cyber Security Project report presents a detailed analysis of vulnerabilities identified following a comprehensive scan conducted on the target system/network. Leveraging advanced scanning tools and methodologies, our assessment aims to uncover potential weaknesses and security gaps that could pose risks to the integrity and confidentiality of your digital assets. From critical vulnerabilities requiring immediate attention to low-risk findings warranting further monitoring, this report provides actionable insights to enhance your cybersecurity posture. Explore the breakdown of vulnerabilities, prioritized recommendations for remediation, and proactive measures to mitigate future threats. Empower your organization with the knowledge and strategies needed to strengthen defenses and safeguard against potential exploits with our Cyber Security projects. Discover more at https://bostoninstituteofanalytics.org/cyber-security-and-ethical-hacking/

Technologie
1  sur  85
Title – Generating a report for analyzing vulnerability after scan Subtitle – Describe about Tools & Methods used for Reconnaissance Name- Aditi Vasaikar
Introduction - Reconnaissance • Reconnaissance is initial phases in the process of gathering information about a target network or system, typically as a precursor to a cyber attack. • Reconnaissance, involves more direct probing and scanning of the target network or system to gather additional information beyond what is publicly available. • Reconnaissance may involve sending probes, pings, port scans, and other network reconnaissance techniques to gather information about the target's network topology, open ports, services running, and potential vulnerabilities. • Reconnaissance may also involve interacting with the target system in a way that can be detected, although the goal is still to remain as stealthy as possible to avoid detection.
Recon – in context of cybersecurity 1.Network Reconnaissance: This involves actively scanning and probing a target network to identify vulnerabilities, open ports, network topology, and other valuable information that can be exploited during an attack. 2.Host Reconnaissance: This involves gathering information about specific hosts within a network, including operating systems, running services, software versions, and configurations. 3.Application Reconnaissance: This involves analyzing specific applications or services running on a network to identify potential weaknesses or vulnerabilities that could be exploited.
Difference between Footprinting and Reconnaissance • Footprinting is the initial phase of reconnaissance, focused on passive information gathering from publicly available sources. • While reconnaissance involves a broader range of active and passive techniques to gather intelligence about a target's systems, networks, and personnel. • Footprinting typically involves collecting basic information about a target organization from public sources. • While reconnaissance extends this by actively probing the target's systems and networks to gather more detailed and potentially sensitive information.
Objective of reconnaissance • Gathering information • Understanding Target • Identifying Weaknesses • Planning Attacks • Avoiding Detection
Reconnaissance methods- Reconnaissance can be conducted through various methods and techniques, both passive and active. Here are some common ways reconnaissance can be done: 1. Passive Reconnaissance: Involves gathering information from publicly available sources without directly interacting with the target. This includes techniques like open-source intelligence (OSINT), social media monitoring, and browsing public websites. 2. Active Reconnaissance: Entails actively probing the target's systems and networks to gather additional information. This includes techniques such as network scanning, port scanning, service enumeration, and vulnerability scanning.
3. Physical Reconnaissance: Involves physically observing the target's premises, infrastructure, and personnel to gather information. This could include site visits, dumpster diving, tailgating, or reconnaissance through physical reconnaissance. 4. Wireless Reconnaissance: Focuses on identifying and analysing wireless networks and devices. Techniques may include wireless scanning, Wi-Fi sniffing, and wardriving. 5. Web Reconnaissance: Involves gathering information from websites, web applications, and web servers. Techniques may include spidering, directory brute-forcing, analysing HTTP headers, and extracting metadata from web pages.
Website Information I am performing Reconnaissance on a college website. Its basically polytechnic college at my place (Raigad District). It’s a dynamic website with college details, educational stuff, etc. Website URL – www.gvacharyapolytechnic.org IP Address – 103.21.58.93 For findings its IP address I have used nslookup command in kali Linux and ping command in Windows 10.
For Kali Linux Step 1 – Open kali Linux Terminal and execute command • Command : nslookup <website>
For Windows 10 Step 1 – Open Command Prompt in Windows and execute command Command : ping <website>
Reconnaissance Tools • Search engines – google, Shodan, Yahoo, etc. • Nmap • Masscan • Recon-ng • Metasploit • Sublist3r • WhoisLookup • Zenmap • Spiderfoot • Dirbuster • Burpsuite • Webscrapping • Google Hacking database(GHDB) • Maltego • Aquatone • Wappalyzer • Nessus and many more
1. WhoisLookup WHOIS is a protocol and database used for querying information about domain registrations, including details such as domain owner, registrar, registration and expiration dates, contact information, and name servers. • Uses: 1) Retrieving registration information for domain names. 2) Identifying domain ownership and contact details. 3) Verifying domain registration status and expiration dates. 4) Discovering name server information for domains. 5) Investigating domain history and registrar information.
• Functionalities: 1) Querying WHOIS databases for domain registration data. 2) Parsing and extracting registration details, such as owner name, organization, and contact information. 3) Displaying domain registration status, including creation and expiration dates. 4) Providing name server information and registrar details for domains. 5) Offering command-line and web-based interfaces for WHOIS queries. • Outcomes: 1) Obtain comprehensive information about domain ownership and registration. 2) Verify the legitimacy and status of domain registrations. 3) Identify potential contact points for domain administrators and owners. 4) Investigate domain history, including previous ownership and registration changes. 5) Assess domain registration data for security and compliance purposes.
Steps/POC - WhoisLookup Step 1 – Enter "WhoisLookup" into the Google search bar.
Step 2 – Select it’s official site
Step 3 – Enter the website URL into the search bar of the Whoislookup tool.
Step 4 – Review the results for the website URL, including domain Information, registrant contact details, administrative contact details, technical contact details, and raw WHOIS data.
2. Nmap Nmap is a versatile network scanning tool used for discovering hosts and services on a network. • Uses 1) Network scanning and reconnaissance. 2) Host enumeration and discovery. 3) Port scanning and service detection. 4) Operating system detection. 5) Vulnerability scanning and assessment. 6) Network mapping and topology visualization. 7) Security auditing and assessment.
• Functionalities: 1) Live host detection using ICMP and TCP probes. 2) Port scanning using various scan techniques (TCP, UDP, ACK, etc.). 3) Service detection to identify running applications and versions. 4) Operating system detection based on network fingerprinting. 5) Scripting engine (NSE) for custom scripts and vulnerability checks. 6) Network mapping to visualize network structure and layout. 7) Security assessment to identify vulnerabilities and misconfigurations. • Outcomes: 1) Identification of live hosts and active IP addresses. 2) Discovery of open, closed, and filtered ports on target hosts. 3) Determination of running services and associated applications. 4) Inference of the operating system running on target hosts. 5) Detection of known vulnerabilities and security weaknesses. 6) Visualization of network topology and architecture. 7) Evaluation of the security posture and risk exposure of target networks.
Steps/POC - Nmap Open Kali Linux terminal and execute the following nmap command: Command 1 : nmap <website> This command conducts an overall basic scanning of the specified website.
Command 2 : nmap –sS <website> This command initiates a TCP SYN scan, which is a stealthy scanning technique used to determine which ports are open on the target system.
Command 3 : nmap –sV <website> This command will attempt to determine the versions of services running on open ports on the target system.
Command 4 : nmap –O <website> This command will attempt to determine the operating system of the target system based on various network characteristics and responses.
Command 5 : nmap –sU <website> This command initiates a UDP scan, which is used to identify open UDP ports on the target system.
Command 6 : nmap –-script vulners <website> This command searches for known vulnerabilities in the target system
3. Recon-ng Recon-ng is open-source reconnaissance framework that provides a powerful set of tools for gathering information from various sources, including search engines, social media platforms, and public databases. • Uses: 1.Reconnaissance framework for gathering OSINT (Open Source Intelligence) data. 2.Automating the process of information gathering and reconnaissance. 3.Performing various reconnaissance tasks, including DNS enumeration, subdomain discovery, and social media profiling. 4.Integrating with other tools and platforms to enhance reconnaissance capabilities.
• Functionalities: 1) Modules for conducting OSINT tasks, such as DNS enumeration, subdomain discovery, and email harvesting. 2) Automated reconnaissance workflows for streamlining information gathering processes. 3) Integration with third-party APIs and data sources for accessing additional information. 4) Customizable and extensible framework with support for developing custom modules and scripts. • Outcomes: 1) Comprehensive intelligence gathering from various sources, including DNS records, social media platforms, and public databases. 2) Identification of subdomains, email addresses, and other relevant information about target domains. 3) Profiling of individuals and organizations based on online presence and activity. 4) Enhanced reconnaissance capabilities through integration with external tools and services.
POC/Steps – Recon-ng Step 1 – Open kali Linux terminal & execute following command Step 2 – Command – recon-ng Step 3 – Install all modules for further process Command - marketplace install all Step 4 – modules search using following command Command – modules search
Step 5 – Create workspace(demo) using following command Command – workspaces Command – Workspaces create demo Step 6 – List all available workplaces Command – workspaces list Step 7 – Adding domain to workspace Command – db insert domains Step 8 – Listing domains available in demo workspaces Command – show domains
Step 9 – Listing hosts available in domain(demo workspaces) Command – show hosts Step 10 – Loading all content/data in report Command – modules load report
Step 11 – Trying with different module Command –module load recon/domains-hosts/hackertarget Step 12 – Run the modules with following command Command – run Step 13 – Loading all content/data in report Command – modules load report Step 14 – Check the html file You will get complete report of recon-ng
4. Metasploit Metasploit is popular penetration testing framework that includes modules for reconnaissance, exploitation, post-exploitation, and reporting. Metasploit can be used for scanning, fingerprinting, and exploiting vulnerabilities in target systems. • Uses: 1) Penetration testing and vulnerability assessment. 2) Exploiting security vulnerabilities to gain unauthorized access. 3) Post-exploitation activities, including privilege escalation and lateral movement. 4) Developing and testing custom exploits and payloads.
• Functionalities: 1) Exploit development and execution for known vulnerabilities. 2) Payload generation for delivering malicious code to target systems. 3) Post-exploitation modules for performing various actions on compromised systems. 4) Auxiliary modules for reconnaissance, information gathering, and network scanning. • Outcomes: 1) Identification and exploitation of security vulnerabilities in target systems. 2) Unauthorized access to target systems for assessing security posture. 3) Execution of post-exploitation actions, such as privilege escalation or data exfiltration. 4) Development and testing of custom exploits and payloads for targeted attacks.
POC/Steps - Metasploit Step 1 – Open kali linux terminal & execute command Step 2 – Type msfconsole Step 3 – Search module - HTTP Server Fingerprinting Command – search http_version use auxiliary/scanner/http_version set RHOSTS <IP address(103.21.58.93)> run This module attempts to fingerprint the web server software and version.
HTTP Server Fingerprinting
 Step 4 – Search module - Directory Scanner Command – search dir_scanner use auxiliary/scanner/dir_scanner set RHOSTS <IP address(103.21.58.93)> run This module scans for directories and files on the target web server.  Step 5 – Search module - HTTP Directory Listing Checker Command – search dir_listing use auxiliary/scanner/dir_listing set RHOSTS <IP address(103.21.58.93)> run This module checks if directory listing is enabled on the target web server.
Directory Scanner
HTTP Directory Listing Checker
 Step 6 – Search module – Port Scanning Command – search portscan Use scanner/portscan/syn set RHOSTS <IP address(103.21.58.93)> run This module scans for ports on the target web server.  Step 7 – Search module – Server Message block scanning Command – use scanner/smb/smb_version set RHOSTS <IP address(103.21.58.93)> run This module identify versions of Microsoft Windows on the target web server.
Port Scanning Server Message block scanning
 Step 8 – Search module – Gathering my SQL server information Command – Use scanner/mssql/mssql__ping set RHOSTS <IP address(103.21.58.93)> Set threads 255 run This module gathers my sql information.  Step 9 – Search module – Gathering SSH Server information Command – use scanner/ssh/ssh_version set RHOSTS <IP address(103.21.58.93)> run This module gathers SSH information.
Gathering mySQL server information Gathering SSH server information
Step 10 – Search module – Scanning FTP version Command – Use scanner/ftp/ftp_version set RHOSTS <IP address(103.21.58.93)> run This module scans FTP versions. Scanning FTP version
Step 11 – Search module – SSL Certificate Analysis Command – use auxiliary/scanner/http/cert set RHOSTS <IP address(103.21.58.93)> run This module is used to analyze SSL certificates. Step 12 – Search module – Login Page Identification Command – use auxiliary/scanner/http/http_login set RHOSTS <IP address(103.21.58.93)> run This module is used to identify login pages on a web server.
SSL Certificate Analysis Login Page Identification
Step 13 – Search module – Nmap Command – db_nmap –sS –A <IP address(103.21.58.93)> This command runs an aggressive scan (-A) with TCP SYN Scan(-sS) and imports the results into the Metasploit database.
Nmap
5. Masscan A high-speed TCP port scanner designed to scan large networks quickly. Masscan is known for its speed and efficiency in scanning large IP ranges. • Uses: 1) Network scanning and reconnaissance. 2) Rapid scanning of large network ranges. 3) Identifying open ports and services on target systems. 4) Assessing network security posture and identifying potential attack vectors.
• Functionalities: 1) High-speed asynchronous port scanning using custom TCP and UDP packets. 2) Support for scanning large IPv4 and IPv6 address ranges. 3) Customizable scan parameters, including scan rate, timeout, and packet size. 4) Integration with Nmap and other tools for further analysis and exploitation. • Outcomes: 1) Quick identification of live hosts and active IP addresses. 2) Detection of open ports and services on target systems. 3) Assessment of network security vulnerabilities and misconfigurations. 4) Enhanced reconnaissance capabilities through rapid and efficient network scanning.
Steps/POC - Masscan Step 1 – Open kali Linux Terminal Step 2 – Execute the following command Command : masscan -p0-65535 <IP address of targeted system> This command scans all ports (from 0 to 65535) on the specified IP address using Masscan tool.
6. Sublist3r A tool for enumerating subdomains of a given domain. Sublist3r utilizes various search engines and DNS data sources to discover subdomains, which can be useful for expanding the scope of reconnaissance. • Uses: 1) Subdomain enumeration and discovery. 2) Expanding the scope of reconnaissance. 3) Identifying additional entry points for penetration testing and vulnerability assessment. 4) Assessing the attack surface of target domains.
• Functionalities: 1) Querying multiple search engines and DNS databases for subdomain information. 2) Brute-forcing subdomains using wordlists and permutation techniques. 3) Verifying the existence of discovered subdomains through DNS resolution. 4) Generating lists of subdomains for further analysis or exploitation. • Outcomes: 1) Discovery of subdomains associated with target domains. 2) Expansion of reconnaissance scope by identifying additional targets. 3) Identification of potential entry points for cyber attacks or security assessments. 4) Enhanced understanding of the attack surface and potential vulnerabilities of target domains.
Steps/POC – Sublist3r  Step 1 – Open kali Linux Terminal and execute following commands  Step 2 – Change directory to Desktop Command : cd Desktop  Step 2 – Change directory to Sublist3r Command : cd sublist3r  Step 3 – Check data by using ‘ls’ command Command : ls  Step 4 - Review subdomains results by following command: Command : sublist3r -d <website> This command will utilize Sublist3r to search for subdomains associated with the specified website.
7. Spiderfoot SpiderFoot is a versatile tool that offers a wide range of functionalities for information gathering, threat intelligence, and security analysis, ultimately leading to improved security posture and risk management. Uses: 1) Information Gathering 2) Threat Intelligence 3) Footprinting Functionalities: 1) Automated Data Collection 2) Integration with Various Data Sources 3) Analysis and Correlation 4) Reporting and Visualization
Outcomes: 1) Identification of Vulnerabilities 2) Risk Assessment 3) Enhanced Situational Awareness 4) Support for Investigations
Steps/POC – Spiderfoot Step 1 – Open kali Linux Terminal execute following commands Step 2 – Review results by executing following command: Command : spiderfoot -s <IPAddress> This command will instruct SpiderFoot to perform a scan on the specified IP address and gather information about it from various sources.
Note – In PPT, only 10-15% of the scan results generated by the SpiderFoot tool are displayed in the uploaded snapshots.
Preventions of Reconnaissance Preventing reconnaissance is challenging since it often involves gathering information that is publicly available or difficult to control. However, there are several techniques and measures that organizations can implement to reduce the effectiveness of reconnaissance activities and minimize the risk of potential attacks: 1) Implement Network Segmentation 2) Use Intrusion Detection and Prevention Systems (IDPS) 3) Employ Network Monitoring and Logging 4) Enforce Strong Authentication Mechanisms 5) Educate Employees About Security Awareness
6) Implement Web Application Firewalls (WAF) 7) Regularly Update and Patch Systems 8) Monitor External Exposure 9) Conduct Regular Security Assessments By implementing these prevention techniques, organizations can mitigate the risk of reconnaissance activities and enhance their overall security posture against potential cyber threats. However, it's important to note that no single solution can provide complete protection, and a layered approach to security is necessary to effectively defend against reconnaissance and other types of cyber attacks.
Conclusion  Reconnaissance serves as the foundation of cybersecurity, providing crucial insights into the adversary's intentions and capabilities.  Through meticulous information gathering and analysis, reconnaissance enables proactive threat detection and response.  By understanding the importance of reconnaissance and implementing robust defense measures, organizations can effectively mitigate risks and safeguard their digital assets.  Continuous reconnaissance efforts are essential in today's evolving threat landscape, ensuring organizations stay one step ahead of cyber adversaries and maintain a resilient security posture.
Proof of performance • Video Drive link – BIA Capstone Project_Recon_tools_videos Drive link includes screen recording of recon tools like nmap, sublist3r, masscan, whoislookup, nslookup, ping(cmd), Metasploit, recon-ng, spiderfoot.
Thank You!!

Recommandé

Hacking - penetration tools
Hacking - penetration toolsHacking - penetration tools
Hacking - penetration toolsJenishChauhan4
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptxVuongPhm
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancen|u - The Open Security Community
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdftalkaton
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxtalkaton
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 

Recommandé

Hacking - penetration tools
Hacking - penetration toolsHacking - penetration tools
Hacking - penetration toolsJenishChauhan4
 
An Toan Thong Tin.pptx
An Toan Thong Tin.pptxAn Toan Thong Tin.pptx
An Toan Thong Tin.pptxVuongPhm
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancen|u - The Open Security Community
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdftalkaton
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxtalkaton
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Network scan
Network scanNetwork scan
Network scanpenetration Tester
 
ethical Hack
ethical Hackethical Hack
ethical HackViggi Unbeaten
 
Wm4
Wm4Wm4
Wm4Umang Patel
 
Wm4
Wm4Wm4
Wm4Umang Patel
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51martinvoelk
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention SystemVishwanath Badiger
 
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...Boston Institute of Analytics
 
Dist sniffing & scanning project
Dist sniffing & scanning projectDist sniffing & scanning project
Dist sniffing & scanning projectRishu Seth
 
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...Boston Institute of Analytics
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityAPNIC
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
Introduction to Offensive Security.pptx
Introduction to Offensive Security.pptxIntroduction to Offensive Security.pptx
Introduction to Offensive Security.pptxMaaitrayoDas
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxMahdiHasanSowrav
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testingAbdul Rahman
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxAlfredObia1
 
Network Forensics.pdf
Network Forensics.pdfNetwork Forensics.pdf
Network Forensics.pdfShivamSolanki53
 
Penentration testing
Penentration testingPenentration testing
Penentration testingtahreemsaleem
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxAlfredObia1
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsyash sawarkar
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachBoston Institute of Analytics
 
Detecting Credit Card Fraud: An AI-driven Approach
Detecting Credit Card Fraud: An AI-driven ApproachDetecting Credit Card Fraud: An AI-driven Approach
Detecting Credit Card Fraud: An AI-driven ApproachBoston Institute of Analytics
 

Contenu connexe

Similaire à Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx

Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51martinvoelk
 
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...Boston Institute of Analytics
 
Dist sniffing & scanning project
Dist sniffing & scanning projectDist sniffing & scanning project
Dist sniffing & scanning projectRishu Seth
 
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...Boston Institute of Analytics
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityAPNIC
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
Introduction to Offensive Security.pptx
Introduction to Offensive Security.pptxIntroduction to Offensive Security.pptx
Introduction to Offensive Security.pptxMaaitrayoDas
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxMahdiHasanSowrav
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testingAbdul Rahman
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxAlfredObia1
 
Penentration testing
Penentration testingPenentration testing
Penentration testingtahreemsaleem
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxAlfredObia1
 

Similaire à Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx (20)

Network scan
Network scanNetwork scan
Network scan
 
ethical Hack
ethical Hackethical Hack
ethical Hack
 
Wm4
Wm4Wm4
Wm4
 
Wm4
Wm4Wm4
Wm4
 
Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51Penetration Testing Services Technical Description Cyber51
Penetration Testing Services Technical Description Cyber51
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
Cyber Security Project Presentation : Essential Reconnaissance Tools and Tech...
 
Dist sniffing & scanning project
Dist sniffing & scanning projectDist sniffing & scanning project
Dist sniffing & scanning project
 
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...
Cyber Security Project Presentation: Unveiling Reconnaissance Tools and Techn...
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensics
 
Introduction to Offensive Security.pptx
Introduction to Offensive Security.pptxIntroduction to Offensive Security.pptx
Introduction to Offensive Security.pptx
 
Chapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptxChapter 2 for cyber security examination.pptx
Chapter 2 for cyber security examination.pptx
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testing
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case Study
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
 
Network Forensics.pdf
Network Forensics.pdfNetwork Forensics.pdf
Network Forensics.pdf
 
Penentration testing
Penentration testingPenentration testing
Penentration testing
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 

Plus de Boston Institute of Analytics

Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachBoston Institute of Analytics
 
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...Boston Institute of Analytics
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
NLP Based project presentation: Analyzing Automobile Prices
NLP Based project presentation: Analyzing Automobile PricesNLP Based project presentation: Analyzing Automobile Prices
NLP Based project presentation: Analyzing Automobile PricesBoston Institute of Analytics
 
Data Science Project: Advancements in Fetal Health Classification
Data Science Project: Advancements in Fetal Health ClassificationData Science Project: Advancements in Fetal Health Classification
Data Science Project: Advancements in Fetal Health ClassificationBoston Institute of Analytics
 
Combating Fraudulent Transactions: A Deep Dive into Credit Card Fraud Detection
Combating Fraudulent Transactions: A Deep Dive into Credit Card Fraud DetectionCombating Fraudulent Transactions: A Deep Dive into Credit Card Fraud Detection
Combating Fraudulent Transactions: A Deep Dive into Credit Card Fraud DetectionBoston Institute of Analytics
 
Predicting Liver Disease in India: A Machine Learning Approach
Predicting Liver Disease in India: A Machine Learning ApproachPredicting Liver Disease in India: A Machine Learning Approach
Predicting Liver Disease in India: A Machine Learning ApproachBoston Institute of Analytics
 
Employee Churn Prediction: Artificial Intelligence Project Presentation
Employee Churn Prediction: Artificial Intelligence Project PresentationEmployee Churn Prediction: Artificial Intelligence Project Presentation
Employee Churn Prediction: Artificial Intelligence Project PresentationBoston Institute of Analytics
 
Predicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project PresentationPredicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project PresentationBoston Institute of Analytics
 
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptxNLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptxBoston Institute of Analytics
 
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...Boston Institute of Analytics
 
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfPredicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfBoston Institute of Analytics
 
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTPredictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTBoston Institute of Analytics
 
Heart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectHeart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectBoston Institute of Analytics
 

Plus de Boston Institute of Analytics (20)

Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning Approach
 
Detecting Credit Card Fraud: An AI-driven Approach
Detecting Credit Card Fraud: An AI-driven ApproachDetecting Credit Card Fraud: An AI-driven Approach
Detecting Credit Card Fraud: An AI-driven Approach
 
Predicting House Prices: A Machine Learning Approach
Predicting House Prices: A Machine Learning ApproachPredicting House Prices: A Machine Learning Approach
Predicting House Prices: A Machine Learning Approach
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
Decoding Loan Approval with Predictive Modeling in Action Discovering Weaknes...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
E-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptxE-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
 
NLP Based project presentation: Analyzing Automobile Prices
NLP Based project presentation: Analyzing Automobile PricesNLP Based project presentation: Analyzing Automobile Prices
NLP Based project presentation: Analyzing Automobile Prices
 
Decoding Loan Approval: Predictive Modeling in Action
Decoding Loan Approval: Predictive Modeling in ActionDecoding Loan Approval: Predictive Modeling in Action
Decoding Loan Approval: Predictive Modeling in Action
 
Analyzing Movie Reviews : Machine learning project
Analyzing Movie Reviews : Machine learning projectAnalyzing Movie Reviews : Machine learning project
Analyzing Movie Reviews : Machine learning project
 
Data Science Project: Advancements in Fetal Health Classification
Data Science Project: Advancements in Fetal Health ClassificationData Science Project: Advancements in Fetal Health Classification
Data Science Project: Advancements in Fetal Health Classification
 
Combating Fraudulent Transactions: A Deep Dive into Credit Card Fraud Detection
Combating Fraudulent Transactions: A Deep Dive into Credit Card Fraud DetectionCombating Fraudulent Transactions: A Deep Dive into Credit Card Fraud Detection
Combating Fraudulent Transactions: A Deep Dive into Credit Card Fraud Detection
 
Predicting Liver Disease in India: A Machine Learning Approach
Predicting Liver Disease in India: A Machine Learning ApproachPredicting Liver Disease in India: A Machine Learning Approach
Predicting Liver Disease in India: A Machine Learning Approach
 
Employee Churn Prediction: Artificial Intelligence Project Presentation
Employee Churn Prediction: Artificial Intelligence Project PresentationEmployee Churn Prediction: Artificial Intelligence Project Presentation
Employee Churn Prediction: Artificial Intelligence Project Presentation
 
Predicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project PresentationPredicting Employee Churn: A Data-Driven Approach Project Presentation
Predicting Employee Churn: A Data-Driven Approach Project Presentation
 
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptxNLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
NLP Project PPT: Flipkart Product Reviews through NLP Data Science.pptx
 
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
 
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfPredicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
 
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTPredictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
 
Heart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectHeart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis Project
 

Dernier

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Dernier (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx

  • 1.
  • 2. Title – Generating a report for analyzing vulnerability after scan Subtitle – Describe about Tools & Methods used for Reconnaissance Name- Aditi Vasaikar
  • 3. Introduction - Reconnaissance • Reconnaissance is initial phases in the process of gathering information about a target network or system, typically as a precursor to a cyber attack. • Reconnaissance, involves more direct probing and scanning of the target network or system to gather additional information beyond what is publicly available. • Reconnaissance may involve sending probes, pings, port scans, and other network reconnaissance techniques to gather information about the target's network topology, open ports, services running, and potential vulnerabilities. • Reconnaissance may also involve interacting with the target system in a way that can be detected, although the goal is still to remain as stealthy as possible to avoid detection.
  • 4. Recon – in context of cybersecurity 1.Network Reconnaissance: This involves actively scanning and probing a target network to identify vulnerabilities, open ports, network topology, and other valuable information that can be exploited during an attack. 2.Host Reconnaissance: This involves gathering information about specific hosts within a network, including operating systems, running services, software versions, and configurations. 3.Application Reconnaissance: This involves analyzing specific applications or services running on a network to identify potential weaknesses or vulnerabilities that could be exploited.
  • 5. Difference between Footprinting and Reconnaissance • Footprinting is the initial phase of reconnaissance, focused on passive information gathering from publicly available sources. • While reconnaissance involves a broader range of active and passive techniques to gather intelligence about a target's systems, networks, and personnel. • Footprinting typically involves collecting basic information about a target organization from public sources. • While reconnaissance extends this by actively probing the target's systems and networks to gather more detailed and potentially sensitive information.
  • 6. Objective of reconnaissance • Gathering information • Understanding Target • Identifying Weaknesses • Planning Attacks • Avoiding Detection
  • 7. Reconnaissance methods- Reconnaissance can be conducted through various methods and techniques, both passive and active. Here are some common ways reconnaissance can be done: 1. Passive Reconnaissance: Involves gathering information from publicly available sources without directly interacting with the target. This includes techniques like open-source intelligence (OSINT), social media monitoring, and browsing public websites. 2. Active Reconnaissance: Entails actively probing the target's systems and networks to gather additional information. This includes techniques such as network scanning, port scanning, service enumeration, and vulnerability scanning.
  • 8. 3. Physical Reconnaissance: Involves physically observing the target's premises, infrastructure, and personnel to gather information. This could include site visits, dumpster diving, tailgating, or reconnaissance through physical reconnaissance. 4. Wireless Reconnaissance: Focuses on identifying and analysing wireless networks and devices. Techniques may include wireless scanning, Wi-Fi sniffing, and wardriving. 5. Web Reconnaissance: Involves gathering information from websites, web applications, and web servers. Techniques may include spidering, directory brute-forcing, analysing HTTP headers, and extracting metadata from web pages.
  • 9. Website Information I am performing Reconnaissance on a college website. Its basically polytechnic college at my place (Raigad District). It’s a dynamic website with college details, educational stuff, etc. Website URL – www.gvacharyapolytechnic.org IP Address – 103.21.58.93 For findings its IP address I have used nslookup command in kali Linux and ping command in Windows 10.
  • 10. For Kali Linux Step 1 – Open kali Linux Terminal and execute command • Command : nslookup <website>
  • 11. For Windows 10 Step 1 – Open Command Prompt in Windows and execute command Command : ping <website>
  • 12. Reconnaissance Tools • Search engines – google, Shodan, Yahoo, etc. • Nmap • Masscan • Recon-ng • Metasploit • Sublist3r • WhoisLookup • Zenmap • Spiderfoot • Dirbuster • Burpsuite • Webscrapping • Google Hacking database(GHDB) • Maltego • Aquatone • Wappalyzer • Nessus and many more
  • 13. 1. WhoisLookup WHOIS is a protocol and database used for querying information about domain registrations, including details such as domain owner, registrar, registration and expiration dates, contact information, and name servers. • Uses: 1) Retrieving registration information for domain names. 2) Identifying domain ownership and contact details. 3) Verifying domain registration status and expiration dates. 4) Discovering name server information for domains. 5) Investigating domain history and registrar information.
  • 14. • Functionalities: 1) Querying WHOIS databases for domain registration data. 2) Parsing and extracting registration details, such as owner name, organization, and contact information. 3) Displaying domain registration status, including creation and expiration dates. 4) Providing name server information and registrar details for domains. 5) Offering command-line and web-based interfaces for WHOIS queries. • Outcomes: 1) Obtain comprehensive information about domain ownership and registration. 2) Verify the legitimacy and status of domain registrations. 3) Identify potential contact points for domain administrators and owners. 4) Investigate domain history, including previous ownership and registration changes. 5) Assess domain registration data for security and compliance purposes.
  • 15. Steps/POC - WhoisLookup Step 1 – Enter "WhoisLookup" into the Google search bar.
  • 16. Step 2 – Select it’s official site
  • 17. Step 3 – Enter the website URL into the search bar of the Whoislookup tool.
  • 18. Step 4 – Review the results for the website URL, including domain Information, registrant contact details, administrative contact details, technical contact details, and raw WHOIS data.
  • 19.
  • 20.
  • 21.
  • 22. 2. Nmap Nmap is a versatile network scanning tool used for discovering hosts and services on a network. • Uses 1) Network scanning and reconnaissance. 2) Host enumeration and discovery. 3) Port scanning and service detection. 4) Operating system detection. 5) Vulnerability scanning and assessment. 6) Network mapping and topology visualization. 7) Security auditing and assessment.
  • 23. • Functionalities: 1) Live host detection using ICMP and TCP probes. 2) Port scanning using various scan techniques (TCP, UDP, ACK, etc.). 3) Service detection to identify running applications and versions. 4) Operating system detection based on network fingerprinting. 5) Scripting engine (NSE) for custom scripts and vulnerability checks. 6) Network mapping to visualize network structure and layout. 7) Security assessment to identify vulnerabilities and misconfigurations. • Outcomes: 1) Identification of live hosts and active IP addresses. 2) Discovery of open, closed, and filtered ports on target hosts. 3) Determination of running services and associated applications. 4) Inference of the operating system running on target hosts. 5) Detection of known vulnerabilities and security weaknesses. 6) Visualization of network topology and architecture. 7) Evaluation of the security posture and risk exposure of target networks.
  • 24. Steps/POC - Nmap Open Kali Linux terminal and execute the following nmap command: Command 1 : nmap <website> This command conducts an overall basic scanning of the specified website.
  • 25. Command 2 : nmap –sS <website> This command initiates a TCP SYN scan, which is a stealthy scanning technique used to determine which ports are open on the target system.
  • 26. Command 3 : nmap –sV <website> This command will attempt to determine the versions of services running on open ports on the target system.
  • 27. Command 4 : nmap –O <website> This command will attempt to determine the operating system of the target system based on various network characteristics and responses.
  • 28. Command 5 : nmap –sU <website> This command initiates a UDP scan, which is used to identify open UDP ports on the target system.
  • 29. Command 6 : nmap –-script vulners <website> This command searches for known vulnerabilities in the target system
  • 30. 3. Recon-ng Recon-ng is open-source reconnaissance framework that provides a powerful set of tools for gathering information from various sources, including search engines, social media platforms, and public databases. • Uses: 1.Reconnaissance framework for gathering OSINT (Open Source Intelligence) data. 2.Automating the process of information gathering and reconnaissance. 3.Performing various reconnaissance tasks, including DNS enumeration, subdomain discovery, and social media profiling. 4.Integrating with other tools and platforms to enhance reconnaissance capabilities.
  • 31. • Functionalities: 1) Modules for conducting OSINT tasks, such as DNS enumeration, subdomain discovery, and email harvesting. 2) Automated reconnaissance workflows for streamlining information gathering processes. 3) Integration with third-party APIs and data sources for accessing additional information. 4) Customizable and extensible framework with support for developing custom modules and scripts. • Outcomes: 1) Comprehensive intelligence gathering from various sources, including DNS records, social media platforms, and public databases. 2) Identification of subdomains, email addresses, and other relevant information about target domains. 3) Profiling of individuals and organizations based on online presence and activity. 4) Enhanced reconnaissance capabilities through integration with external tools and services.
  • 32. POC/Steps – Recon-ng Step 1 – Open kali Linux terminal & execute following command Step 2 – Command – recon-ng Step 3 – Install all modules for further process Command - marketplace install all Step 4 – modules search using following command Command – modules search
  • 33.
  • 34.
  • 35.
  • 36. Step 5 – Create workspace(demo) using following command Command – workspaces Command – Workspaces create demo Step 6 – List all available workplaces Command – workspaces list Step 7 – Adding domain to workspace Command – db insert domains Step 8 – Listing domains available in demo workspaces Command – show domains
  • 37.
  • 38.
  • 39. Step 9 – Listing hosts available in domain(demo workspaces) Command – show hosts Step 10 – Loading all content/data in report Command – modules load report
  • 40.
  • 41. Step 11 – Trying with different module Command –module load recon/domains-hosts/hackertarget Step 12 – Run the modules with following command Command – run Step 13 – Loading all content/data in report Command – modules load report Step 14 – Check the html file You will get complete report of recon-ng
  • 42.
  • 43.
  • 44.
  • 45. 4. Metasploit Metasploit is popular penetration testing framework that includes modules for reconnaissance, exploitation, post-exploitation, and reporting. Metasploit can be used for scanning, fingerprinting, and exploiting vulnerabilities in target systems. • Uses: 1) Penetration testing and vulnerability assessment. 2) Exploiting security vulnerabilities to gain unauthorized access. 3) Post-exploitation activities, including privilege escalation and lateral movement. 4) Developing and testing custom exploits and payloads.
  • 46. • Functionalities: 1) Exploit development and execution for known vulnerabilities. 2) Payload generation for delivering malicious code to target systems. 3) Post-exploitation modules for performing various actions on compromised systems. 4) Auxiliary modules for reconnaissance, information gathering, and network scanning. • Outcomes: 1) Identification and exploitation of security vulnerabilities in target systems. 2) Unauthorized access to target systems for assessing security posture. 3) Execution of post-exploitation actions, such as privilege escalation or data exfiltration. 4) Development and testing of custom exploits and payloads for targeted attacks.
  • 47. POC/Steps - Metasploit Step 1 – Open kali linux terminal & execute command Step 2 – Type msfconsole Step 3 – Search module - HTTP Server Fingerprinting Command – search http_version use auxiliary/scanner/http_version set RHOSTS <IP address(103.21.58.93)> run This module attempts to fingerprint the web server software and version.
  • 49.  Step 4 – Search module - Directory Scanner Command – search dir_scanner use auxiliary/scanner/dir_scanner set RHOSTS <IP address(103.21.58.93)> run This module scans for directories and files on the target web server.  Step 5 – Search module - HTTP Directory Listing Checker Command – search dir_listing use auxiliary/scanner/dir_listing set RHOSTS <IP address(103.21.58.93)> run This module checks if directory listing is enabled on the target web server.
  • 52.  Step 6 – Search module – Port Scanning Command – search portscan Use scanner/portscan/syn set RHOSTS <IP address(103.21.58.93)> run This module scans for ports on the target web server.  Step 7 – Search module – Server Message block scanning Command – use scanner/smb/smb_version set RHOSTS <IP address(103.21.58.93)> run This module identify versions of Microsoft Windows on the target web server.
  • 54.  Step 8 – Search module – Gathering my SQL server information Command – Use scanner/mssql/mssql__ping set RHOSTS <IP address(103.21.58.93)> Set threads 255 run This module gathers my sql information.  Step 9 – Search module – Gathering SSH Server information Command – use scanner/ssh/ssh_version set RHOSTS <IP address(103.21.58.93)> run This module gathers SSH information.
  • 55. Gathering mySQL server information Gathering SSH server information
  • 56. Step 10 – Search module – Scanning FTP version Command – Use scanner/ftp/ftp_version set RHOSTS <IP address(103.21.58.93)> run This module scans FTP versions. Scanning FTP version
  • 57. Step 11 – Search module – SSL Certificate Analysis Command – use auxiliary/scanner/http/cert set RHOSTS <IP address(103.21.58.93)> run This module is used to analyze SSL certificates. Step 12 – Search module – Login Page Identification Command – use auxiliary/scanner/http/http_login set RHOSTS <IP address(103.21.58.93)> run This module is used to identify login pages on a web server.
  • 58. SSL Certificate Analysis Login Page Identification
  • 59. Step 13 – Search module – Nmap Command – db_nmap –sS –A <IP address(103.21.58.93)> This command runs an aggressive scan (-A) with TCP SYN Scan(-sS) and imports the results into the Metasploit database.
  • 60. Nmap
  • 61. 5. Masscan A high-speed TCP port scanner designed to scan large networks quickly. Masscan is known for its speed and efficiency in scanning large IP ranges. • Uses: 1) Network scanning and reconnaissance. 2) Rapid scanning of large network ranges. 3) Identifying open ports and services on target systems. 4) Assessing network security posture and identifying potential attack vectors.
  • 62. • Functionalities: 1) High-speed asynchronous port scanning using custom TCP and UDP packets. 2) Support for scanning large IPv4 and IPv6 address ranges. 3) Customizable scan parameters, including scan rate, timeout, and packet size. 4) Integration with Nmap and other tools for further analysis and exploitation. • Outcomes: 1) Quick identification of live hosts and active IP addresses. 2) Detection of open ports and services on target systems. 3) Assessment of network security vulnerabilities and misconfigurations. 4) Enhanced reconnaissance capabilities through rapid and efficient network scanning.
  • 63. Steps/POC - Masscan Step 1 – Open kali Linux Terminal Step 2 – Execute the following command Command : masscan -p0-65535 <IP address of targeted system> This command scans all ports (from 0 to 65535) on the specified IP address using Masscan tool.
  • 64.
  • 65. 6. Sublist3r A tool for enumerating subdomains of a given domain. Sublist3r utilizes various search engines and DNS data sources to discover subdomains, which can be useful for expanding the scope of reconnaissance. • Uses: 1) Subdomain enumeration and discovery. 2) Expanding the scope of reconnaissance. 3) Identifying additional entry points for penetration testing and vulnerability assessment. 4) Assessing the attack surface of target domains.
  • 66. • Functionalities: 1) Querying multiple search engines and DNS databases for subdomain information. 2) Brute-forcing subdomains using wordlists and permutation techniques. 3) Verifying the existence of discovered subdomains through DNS resolution. 4) Generating lists of subdomains for further analysis or exploitation. • Outcomes: 1) Discovery of subdomains associated with target domains. 2) Expansion of reconnaissance scope by identifying additional targets. 3) Identification of potential entry points for cyber attacks or security assessments. 4) Enhanced understanding of the attack surface and potential vulnerabilities of target domains.
  • 67. Steps/POC – Sublist3r  Step 1 – Open kali Linux Terminal and execute following commands  Step 2 – Change directory to Desktop Command : cd Desktop  Step 2 – Change directory to Sublist3r Command : cd sublist3r  Step 3 – Check data by using ‘ls’ command Command : ls  Step 4 - Review subdomains results by following command: Command : sublist3r -d <website> This command will utilize Sublist3r to search for subdomains associated with the specified website.
  • 68.
  • 69. 7. Spiderfoot SpiderFoot is a versatile tool that offers a wide range of functionalities for information gathering, threat intelligence, and security analysis, ultimately leading to improved security posture and risk management. Uses: 1) Information Gathering 2) Threat Intelligence 3) Footprinting Functionalities: 1) Automated Data Collection 2) Integration with Various Data Sources 3) Analysis and Correlation 4) Reporting and Visualization
  • 70. Outcomes: 1) Identification of Vulnerabilities 2) Risk Assessment 3) Enhanced Situational Awareness 4) Support for Investigations
  • 71. Steps/POC – Spiderfoot Step 1 – Open kali Linux Terminal execute following commands Step 2 – Review results by executing following command: Command : spiderfoot -s <IPAddress> This command will instruct SpiderFoot to perform a scan on the specified IP address and gather information about it from various sources.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80. Note – In PPT, only 10-15% of the scan results generated by the SpiderFoot tool are displayed in the uploaded snapshots.
  • 81. Preventions of Reconnaissance Preventing reconnaissance is challenging since it often involves gathering information that is publicly available or difficult to control. However, there are several techniques and measures that organizations can implement to reduce the effectiveness of reconnaissance activities and minimize the risk of potential attacks: 1) Implement Network Segmentation 2) Use Intrusion Detection and Prevention Systems (IDPS) 3) Employ Network Monitoring and Logging 4) Enforce Strong Authentication Mechanisms 5) Educate Employees About Security Awareness
  • 82. 6) Implement Web Application Firewalls (WAF) 7) Regularly Update and Patch Systems 8) Monitor External Exposure 9) Conduct Regular Security Assessments By implementing these prevention techniques, organizations can mitigate the risk of reconnaissance activities and enhance their overall security posture against potential cyber threats. However, it's important to note that no single solution can provide complete protection, and a layered approach to security is necessary to effectively defend against reconnaissance and other types of cyber attacks.
  • 83. Conclusion  Reconnaissance serves as the foundation of cybersecurity, providing crucial insights into the adversary's intentions and capabilities.  Through meticulous information gathering and analysis, reconnaissance enables proactive threat detection and response.  By understanding the importance of reconnaissance and implementing robust defense measures, organizations can effectively mitigate risks and safeguard their digital assets.  Continuous reconnaissance efforts are essential in today's evolving threat landscape, ensuring organizations stay one step ahead of cyber adversaries and maintain a resilient security posture.
  • 84. Proof of performance • Video Drive link – BIA Capstone Project_Recon_tools_videos Drive link includes screen recording of recon tools like nmap, sublist3r, masscan, whoislookup, nslookup, ping(cmd), Metasploit, recon-ng, spiderfoot.