Logic Bomb

Logic bombs are typically installed by privileged users who know what security controls need to be circumvented in order to go undetected until they detonate.

Piece of code that executes itself when pre-defined conditions are met

Logic Bombs that execute on certain days are known as Time Bombs

Code performs some “payload” not expected by the user.

Shareware that deactivates itself are not logic bombs.

System Scanning

A process used to collect information about a device or network to facilitate an attack on the system – what ports are open, what services are running, and what system software is being used.

By: YAAKUB BIN IDRIS MN131051 (yaakub4@live.utm.my)

By: YAAKUB BIN IDRIS MN131051 (yaakub4@live.utm.my)

By: YAAKUB BIN IDRIS MN131051 (yaakub4@live.utm.my)

Ethical hacking are terms that describe hacking performed to help a company or individual identify potential threats on the computer or network.

An ethical hacker attempts to hack their way past the system security, finding any weak points in the security that could be exploited by other hackers.

The organization uses what the ethical hacker finds to improve the system security, in an effort to minimize, if not eliminate, any potential hacker attacks.

We can describe as “HACKING WITH PERMISSION”

By: YAAKUB BIN IDRIS MN131051 (yaakub4@live.utm.my)

1. Network services test: This is one of the most common types of penetration tests, and involves finding target systems on the network, searching for openings in their base operating systems and available network services and then exploiting them remotely.

2. Client-side test: This kind of penetration test is intended to find vulnerabilities in and exploit client-side software, such as web browsers, media players, document editing programs, etc.

3. Web application test: These penetration tests look for security vulnerabilities in the web-based applications and programs deployed and installed on the target environment.

By: YAAKUB BIN IDRIS MN131051 (yaakub4@live.utm.my)

4. Remote dial-up war dial: These penetration tests look for modems in a target environment, and normally involve password guessing or brute forcing to login to systems connected to discovered modems.

5. Wireless security test: These penetration tests involve discovering a target’s physical environment to find unauthorized wireless access points or authorized wireless access points with security weaknesses.

6. Social engineering test: This type of penetration test involves attempting to make a user into revealing sensitive information such as a password or any other sensitive data. These tests are often conducted over the phone, targeting selected help desks, users or employees, evaluating processes, procedures, and user awareness.

By: YAAKUB BIN IDRIS MN131051 (yaakub4@live.utm.my)

By: YAAKUB BIN IDRIS MN131051 (yaakub4@live.utm.my)

Two of the more common types of penetration test are Black Box and White Box.

1. External Testing - Black Box – It refers to a methodology when an ethical hacker has no knowledge on the client's system under testing procedure. The goal of the test is to simulate an external "real world" hacking or cyber warfare attack.

2. Internal Testing - White Box – It refers to a methodology when the client is giving full IP information, network configuration, source code files and system etc., in a bid to find weaknesses from any of the available information.

By: YAAKUB BIN IDRIS MN131051 (yaakub4@live.utm.my)