1 of 28

ACM Chapter SOA

Inside The Mind of a Hacker

Computer Science Department

Shiv Nadar University Chennai

Dr. Rourab Paul

Cyber Security

2 of 28

Why This Matters

  • Your data = money
  • Students are easy targets
  • Cyber attacks happen every second

Cyber Security

2

3 of 28

Quick Question

  • How many of you reuse passwords?
  • How many use public WiFi?
  • You are already a target.

Cyber Security

3

Sarah Palin

Clicked “Forgot Password”

Answered simple questions:

  • Date of birth
  • High school name

Found answers via:

  • Google
  • Public information (Wikipedia)

4 of 28

What is Cybersecurity?

  • Protecting systems, data, and identity from attacks.
  • Not just companies—YOU.

Cyber Security

4

5 of 28

How Hackers Think

  • Look for weakest link
  • Exploit human mistakes
  • Automate attacks

Who is a Hacker?

  • Not always criminal
  • Problem solver
  • Types:
    • White hat
    • Black hat
    • Grey hat

Cyber Security

5

6 of 28

Common Attack #1: Phishing

  • Fake emails/login pages
  • Goal: steal your credentials
  • skills: website/app design

Cyber Security

6

  1. Download html, css, js of the login

page of popular websites

  • Register a domain name like faceb00k.com, facebook.com or anything. We hardly notice address bar.
  • Upload the webpage in new domain. Share the link with targets
  • Target may log in with tier credential, collect data, redirect to original website

7 of 28

Common Attack #2: Password Attacks

  • Weak passwords
  • Brute force & dictionary attacks

Cyber Security

7

  1. Your Friends email: rahul123@gmail.com
  2. checks: Instagram bio Birthday posts Pet names Favorite team : Example guesses: Rahul@123 Rahul2002 Messi@10
  3. OSINTT tool to gather information
  4. Automation Tool Software tries thousands of passwords per second
  5. Automation may be prevented by Captcha

8 of 28

Common Attack #3: Social Engineering

  • Manipulating people
  • “Hi, I’m from your bank…”

Cyber Security

8

  1. Information Gathering – collect victim details

(name, phone, bank, social media)

  • Impersonation – pretend to be a trusted entity

(bank, support, friend)

  • Trust Building – use convincing language and context
  • Trigger Action – create urgency (OTP, password, link click)
  • Access Gained – victim shares sensitive information�Exploitation – misuse data (fraud, account takeover)

9 of 28

Live Thinking

  • Would you click this link?
  • Would you trust this email?

  • Think before you act.

Cyber Security

9

10 of 28

Real Impact

  • Money loss
  • Identity theft
  • Reputation damage

Cyber Security

10

11 of 28

Ukraine power grid cyberattack 2015

In 2015, hackers attacked Ukraine’s power system

Around 230,000 people lost electricity

How the attack worked

  1. Phishing emails
    • Employees received infected emails
  2. Malware installed
    • Hackers gained access to systems
  3. Remote control
    • Took control of power grid computers
  4. Power shutdown
    • Turned off electricity remotely

Cyber Security

11

12 of 28

WannaCry ransomware attack 2016

Spread across 150+ countries

Locked computers and demanded money

How the attack worked

    • Exploited unpatched Windows systems
    • Spread automatically (worm)

Hospitals, banks, companies affected

UK healthcare system disrupted

Cyber Security

12

13 of 28

Tools Hackers Use Generally

  • Automation tools
  • Password crackers
  • Phishing kits

Cyber Security

13

14 of 28

Cybersecurity Careers

  • Ethical Hacker
  • Security Analyst
  • Bug Bounty Hunter

Cyber Security

14

15 of 28

Cybersecurity Careers

  • Computer fundamentals (how OS, files, and programs work)
  • Networking basics (IP, DNS, HTTP/HTTPS)
  • Operating Systems (especially Linux basics)
  • Programming basics (Python / C / scripting)
  • Web fundamentals (how websites and logins work)
  • Cybersecurity basics (common attacks like phishing, malware)

Cyber Security

15

16 of 28

Cybersecurity Careers

  • Nmap – network scanning & port discovery
  • Wireshark – analyze network traffic
  • Burp Suite – test web applications
  • Metasploit – exploit vulnerabilities
  • John the Ripper – password testing
  • Aircrack-ng – WiFi security analysis

Cyber Security

16

17 of 28

Cybersecurity Certifications

🟢 Beginner Friendly

  • Google Cybersecurity Professional Certificate� → Good starting point, no prior experience needed
  • Introduction to Cyber Security� → Basics of threats, networks, security

🔵 Hands-on Learning (Highly Recommended)

  • TryHackMe� → Interactive labs, beginner to advanced
  • Hack The Box� → Real-world hacking challenges

🟡 Certification (for career growth)

  • CEH (Certified Ethical Hacker)� → Popular but more theory-based
  • CompTIA Security+� → Strong foundation, industry recognized

🔴 Advanced (later stage)

  • OSCP (Offensive Security Certified Professional)� → Highly respected, hands-on, tough�

Cyber Security

17

18 of 28

OWASP

Open Worldwide Application Security Project (OWASP)

  • A global non-profit organization for web security
  • Provides top security risks & best practices
  • Used by companies worldwide

In simple words:

“OWASP tells us what mistakes make websites hackable.”

Cyber Security

18

19 of 28

OSINTT

OSINT (Open Source Intelligence)

  • Collecting information from public sources
  • No hacking required
  • Uses:
    • Google
    • Social media
    • Public records

In simple words:

“OSINT = finding secrets that people accidentally make public.”

Cyber Security

19

20 of 28

Post Quantum Cryptography

Cyber Security

20

21 of 28

Post Quantum Cryptography

Cyber Security

21

22 of 28

Post Quantum Cryptography

Cyber Security

22

23 of 28

Post Quantum Cryptography

Cyber Security

23

24 of 28

Post Quantum Cryptography

Cyber Security

24

25 of 28

Post Quantum Cryptography

Cyber Security

25

26 of 28

Public Key Cryptography

Cyber Security

26

27 of 28

Public Key Cryptography

Cyber Security

27

28 of 28

Thank You

Cyber Security

28

Hackers don’t hack systems…

They hack humans.

Be aware. Stay secure.