By:

Dr. Mohammad Shoab

Ethical Hacking

Introduction

• Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal.
• Ethical hacking, is legally breaking into computers and devices to test an organization's defenses.

Ethical Hacking

• Independent computer security Professionals breaking into the computer systems.
• Neither damage the target systems nor steal information.
• Evaluate target systems security and report back to owners about the vulnerabilities found.

​

Hackers

• A person who enjoys learning details of a programming language or system
• A person who enjoys actually doing the programming rather than just theorizing about it
• A person capable of appreciating someone else's hacking
• A person who picks up programming quickly
• A person who is an expert at a particular programming language or system

�

Types of Hackers

• Black Hat Hacker
• White Hat Hacker
• Grey Hat Hacker

​

​

​

​

Black-Hat Hacker

• A black hat hackers or crackers are individuals with extraordinary computing skills, resorting to malicious or destructive activities.

​

• That is black hat hackers use their knowledge and skill for their own personal gains probably by hurting others.

White-Hat Hacker

• White hat hackers are those individuals professing hacker skills and using them for defensive purposes.
• This means that the white hat hackers use their knowledge and skill for the good of others and for the common good.

​

Grey-Hat Hackers

• These are individuals who work both offensively and defensively at various times.
• We cannot predict their behavior.
• Sometimes they use their skills for the common good while in some other times he uses them for their personal gains.

​

Hacking Process

• Foot Printing
• Scanning
• Gaining Access
• Maintaining Access

​

Foot Printing

• Whois lookup
• NS lookup
• IP lookup

Scanning

• Port Scanning
• Network Scanning
• Finger Printing
• Fire Walking

Gaining Access

• Password Attacks
• Social Engineering
• Viruses

Maintaining Access

• Os BackDoors
• Trojans
• Clears Tracks

Why Do We Need Ethical Hacking

Protection from possible External Attacks

Required Skills of an Ethical Hacker

• Microsoft: skills in operation, configuration and management.

​

• Linux: knowledge of Linux/Unix; security setting, configuration, and services.

​

• Firewalls: configurations, and operation of intrusion detection systems.

​

Required Skills of an Ethical Hacker….

• Routers: knowledge of routers, routing protocols, and access control lists

​

• Mainframes

​

• Network Protocols: TCP/IP; how they function and can be manipulated.

​

• Project Management: leading, planning, organizing, and controlling a penetration testing team.

​

What do hackers do after hacking?...

• Patch Security hole
• The other hackers can’t intrude
• Clear logs and hide themselves
• Install rootkit ( backdoor )
• The hacker who hacked the system can use the system later
• It contains trojan virus, and so on
• Install irc related program
• identd, irc, bitchx, eggdrop, bnc

​

What do hackers do after hacking?

• Install scanner program
• mscan, sscan, nmap
• Install exploit program
• Install denial of service program
• Use all of installed programs silently

​

​

Advantages

• ‘’To catch a thief you have to think like a thief”

​

• Helps in closing the open holes in the system network

​

• Provides security to banking and financial establishments

​

• Prevents website defacements

​

• An evolving technique

​

Disadvantages

• All depends upon the trustworthiness of the ethical hacker

​

• Hiring professionals is expensive.

​

Saudi Arabia’s Legal Aspects Regarding Ethical Hacking

1. Cybercrime Law (Anti-Cyber Crime Law)

​

Saudi Arabia’s Anti-Cyber Crime Law (Royal Decree No. M/17, 8 Rabi’ al-Awwal 1428H, corresponding to 27 March 2007) is one of the primary legal instruments in the country regulating cyber-related activities. This law is designed to combat various forms of cybercrime, including hacking, Unauthorized Access, Penalties, Interception of Data.

Cont…

2. Regulation of Information Technology (IT) and Digital Transactions

Saudi Arabia has also issued regulations that govern information technology and electronic transactions:

• Electronic Transactions Law: Regulates the use of digital signatures, electronic contracts, and online services. Ethical hackers who perform penetration testing must ensure they don’t violate any agreements or misuse data during their activities.
• Protection of Privacy: The government is keen on protecting the privacy of individuals and businesses, especially when it comes to data storage, management, and online transactions.

​

Cont…

3. National Cybersecurity Strategy

In 2020, Saudi Arabia launched the National Cybersecurity Strategy under the Saudi Vision 2030 plan. The strategy aims to:

• Strengthen the country's cybersecurity infrastructure.
• Promote the creation of a secure digital environment.
• Ensure compliance with best practices and international standards in cybersecurity.

Ethical hacking and penetration testing are integral to the strategy, but these activities must be carried out under proper authorization to prevent conflicts with existing cybersecurity laws.

Cont…

4. The Saudi Arabian Monetary Authority (SAMA) Cybersecurity Framework

​

For businesses in the financial sector, the SAMA Cybersecurity Framework outlines strict guidelines for information security, including penetration testing. Organizations must ensure that ethical hacking activities in these areas follow proper protocols and receive the necessary approvals from relevant authorities.

Cont…

5. Saudi Data Protection Laws

​

Although a formal, comprehensive data protection law is still in progress, Saudi Arabia’s Personal Data Protection Law (drafted in 2021) addresses the processing of personal data and outlines the legal framework for privacy.

• Data Breach Reporting: Ethical hackers need to be aware of how they handle data breaches. If a breach occurs during an ethical hacking activity, it is important to follow legal procedures for reporting.

Thanks