He has authored several best-selling books on Computer Security, which have been appreciated by professionals and industry leaders, all over the world. His books sold a record 80,000 copies across the globe. Faded is also a widely recognized cyber terrorism expert. Faded is however, more well known for his significant work in the field of digital intelligence, security consultancy and training. Moreover, Faded has also conducted more than a 100 training sessions on various topics related to Computer Security to an audience comprising of international defense personnel, software professionals and college students.
For his work in the field of computer security, Faded has been honored with numerous awards namely: Person of The Year 2002, Lima Book of Records, Silicon India Person of the Week, Embassy State Award, Best Speaker Award (3 occasions), Hall of Fame Award, Outstanding Young Achiever’s Award, Student of the Year 2002-03 and many more. Quite recently, Faded traveled to Australia, Singapore and Malaysia where he addressed hundreds of Coo’s of various IT companies and provided them solutions to protect their network and keep their data safe.
He has also been conducting a number of learning events for Young Entrepreneurs and Young Presidents of the most successful companies and businesses all across India. Faded is currently pursuing his studies in Computer Science with specialization in Information Security at Stanford University, USA. Page 5 INTRODUCTION The Internet has considerably enhanced various business critical operations of companies in different industry sectors across the globe. However, as more and more Organizations become partially or completely dependent on the Internet, computer security and the serious threat of computer criminals comes to the foreground.
A single network infiltration can cause severe losses totaling in millions of dollars. The threat posed by computer criminals, corporate espionage and cyber terrorism. ‘The Ethical Hacking Guide to Corporate Security dismisses this incompetent approach adopted by many companies and clears up some of the most horrific cyber rime cases that hit the corporate world across 17 different countries in 5 continents. With the correct mix of technical explanations and subsequent business implications, this book draws a direct correlation between computer security and business profitability.
The comprehensive yet easy to understand analysis of some of the most dangerous security threats and vulnerabilities on the Internet, lays down the path that companies need to follow to safeguard their networks. This book places a great deal of emphasis on investigating and solving real attacks faced by companies. Moreover, the thoroughly researched attack strategies, working and countermeasures described in this book are organized in an extremely unique easy to understand format.
This book is not only aimed at serious hardcore system administrators, but it also contains information that will be relished by top-level management gurus working in various industry sectors. Page 6 Contents About the Author Introduction Buffer Overflows Business Definition Business Cheats, Cons and Crimes Case Studies Paris, France: Fashion Sector Seoul, South Korea: Hotel Sector The Art of Buffer Overflows Different Types of Buffer Overflows Stack Overflows
Format String Overflows Heap Overflows Integer Overflows More Buffer Overflow examples Poor Programming MANS Messenger www-FTP Countermeasures page 7 Denial of Services (DOS) attacks Technical Definition Threats of DOS attacks Tokyo, Japan: Media Sector Delhi, India: Advertising Sector United States of America: Online Websites The Art of Denial of Services (DOS) Attacks Types of DOS Attacks Ping of Death Teardrop SYNC Flooding Land Attacks Smuts Attacks UDP Flooding Hybrid DOS attacks Application Specific DOS attacks Distributed DOS Attacks Distributed DOS Attack tools Tribal Flood Network (TEN and THEFT) -rondo Cathedrals Shaft Mainstream
Fad’s Hot Picks for popular distributed DOS attack tools Countermeasures Raw Fun Page 8 E-mail Security E-mail Threats Karachi, Pakistan: Individual Dublin, AJAX: Individual Types of E-mail Threats Abusive E-mails E-mail Headers Tracing E-mails Fad’s Hot Picks for popular E-mail Threats tools E-mail Forging The Art of Forging E-mails Spam Page 9 Input Validation Attacks Throughout the Globe: Software Industry London, Britain: Internet Services Sector The Art of Input Validation Attacks Input Validation Threats Hotmail. Com Apache Web Server Malachite. CGI SQL Injection Attacks Accessing Sensitive Files Bypassing Security Controls
DOS Attacks VS. Input Validation Attacks Fad’s Hot Picks for popular Input Validation attack tools Countermeasures page 10 Intellectual Property (P) Theft Threats of Intellectual Property Theft Iambi, India: Individual Paris, France: Architecture Sector Texas, USA: Agricultural Sector Types of IP theft Trojan Working Fad’s Hot Picks for popular Trojan tools Detection of Trojan Snifters Fad’s Hot Picks for Packet Sniffing Software Detection Methods Gallopers Fad’s Hot Picks for Clogging Software Spare Software Traditional Data Hiding Techniques The Power of the Inside Force E-mail Instant Messaging (IM) FTP uploads
Stenography Fad’s Hot Picks for popular Stenography tools Text Stenography Mobile Phones Dumpster Diving Shoulder Surfing Page 1 1 Instant Messenger Threats Instant Messaging (IM) Threats Canberra, Australia: Government Sector Hong Kong: Real Estate Sector The Art of Instant Messaging IM and Privacy IM Specific Vulnerabilities ICQ Messenger Yahoo Messenger Fad’s Hot Picks for popular IM attack tools page 12 evil Social Engineering Attacks Singapore: Shipping Industry California, USA: Education Industry The Art of Social Engineering Types of Social Engineering Attacks Intimidation Real Life Social Engineering Fake Prompts age 13 Identity Threats Shanghai, China: Financial Sector Toronto, Canada: Software Sector Types of Identity Threats Proxy Servers Proxy Bouncing IP Spoofing Attacks Onion Routing Attacks Uses/Misuses Winglets Torn Apart Fad’s Hot Picks for Proxy Servers IP Spoofing Challenges Faced Networking Basics Sequence Numbers Trust Relationships Exploit Trust Relationships Fad’s Hot Picks for Packet Generation Tools Onion Routing Page 14 Password Cracking Attacks Taipei, Taiwan: Consumer Electronics Sector Auckland, New Zealand: Individual Different Password Cracking Attacks Password Guessing Default Passwords Dictionary Based Attacks
Brute Force Attacks Cracking Application Passwords (Zip Passwords; Instant Messenger Passwords; Windows Login Passwords; E-mail Client Passwords; PDF File Passwords; Microsoft Office Passwords; All Windows Passwords; Internet Explorer Passwords; File Maker Pro Passwords; Web Passwords) Cracking Windows NT passwords Obtaining the SAM file Cracking the Passwords Cracking UNIX passwords Identifying and locating the Password Files Unsaddling the Shadow Cracking the passwords Fad’s Hot Picks for popular Password Cracking tools Appendix A: Default Passwords Torn Apart Appendix B: Well Known Port Numbers Appendix C: Country Codes Appendix D: Trojan Port Numbers page 78 Ill.
E-MAIL SECURITY Threat Level: HIGH (8/10) Ease Level: HIGH (10/10) Incident Level: LOW (4/10) Business Threats: Intellectual Property Theft, Social Engineering, Corporate Espionage, Virus attack on critical Business Infrastructure, Defaming corporate E-mail is one of the most popular utilities of the Internet. Staying in touch with friends and relatives, closing business deals within minutes and forwarding mass e- mails to all addresses in the address book? are Just a few common uses of e-mail. E- mail has rapidly replaced snail mail in almost all domains and has become the referred form of communication for most people. However, an e-mail message is definitely not as harmless as it might seem at first glance. There are a lot of dangers, abuse and problems associated with the rapidly increasing popularity of e-mail. E-mail has become ubiquitous, especially in the corporate world. Most businesses cannot survive without the use of e-mail.
However, in spite of the rapidly growing popularity page 79 of e-mail as the preferred communication medium, very few people are actually aware of the numerous security risks involved. In the recent years, there has been an alarming increase in the number of e-mail fraud cyber crime cases on the Internet. Hence, it has become extremely important for all businesses to take the necessary precautions against the menace of e-mail fraud. “… E-mail on many occasions is misused by internal disgruntled employees or external malicious people to steal intellectual property, to make abusive attacks, to perform social engineering, spread business rumors, harassment, ransom threats, Spam, identity thefts, mail bombing and many other related attacks.
Attackers sometimes also use e-mail to carry out impersonation or identity hijacks for social engineering purposes against employees, clients or media representatives… ” Almost all employees in corporations across the globe use e-mail on a daily basis for either business or personal purposes. Some of the most common threats associated with email are as follows: 1 . Very few corporations, if any, actually use encrypted e- mail. Most e-mails on the Internet are sent in the plaintext form and hence can easily be recorded and spied with the help of a simple sniffed.