Legal Circumstances for Hacking

Hacking is only legal under specific circumstances, such as owning the device/network, obtaining explicit permission, or having Ethical Hacker Certification. Keyloggers are tools used for various purposes, from legitimate uses such as security to malicious activities like stealing passwords. This content distinguishes between hardware and software keyloggers, highlighting their nature and potential risks.

• Hacking
• Legal
• Keyloggers
• Security
• Ethical

pliz Follow

Uploaded on Feb 24, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

2. DISCLAIMER Hacking is only legal under the following circumstances: Hacking is only legal under the following circumstances: 1. 1. You hack (penetration test) a device/network you own. You hack (penetration test) a device/network you own. 2. 2. You gain explicit, documented permission from an individual, assumedly a friend. You gain explicit, documented permission from an individual, assumedly a friend. 3. 3. You acquire an Ethical Hacker Certification and hack for a public or private sector You acquire an Ethical Hacker Certification and hack for a public or private sector organization with explicit permission to do so. This is the safest of the three organization with explicit permission to do so. This is the safest of the three methods. methods. Hacking is illegal in all other circumstances. Hackers can be charged with fines, Hacking is illegal in all other circumstances. Hackers can be charged with fines, misdemeanors, and/or felonies depending on severity and accounts of hacks. For misdemeanors, and/or felonies depending on severity and accounts of hacks. For these reasons I will not be demonstrating any live hacking attempts in the wild. these reasons I will not be demonstrating any live hacking attempts in the wild. For more information For more information http://definitions.uslegal.com/c/computer http://definitions.uslegal.com/c/computer- -hacking/ hacking/

3. DEFINITION Keystroke Logging Keystroke Logging (Key recording (or logging) the keys struck on a recording (or logging) the keys struck on a keyboard, typically in a covert manner so that keyboard, typically in a covert manner so that the person using the keyboard is unaware that the person using the keyboard is unaware that their actions are being their actions are being monitored. (Key- -logging logging): is ): is the action of the action of monitored.

4. USES Legitimate: Keyloggers are frequently used by search Legitimate: Keyloggers are frequently used by search engines, some software packages, and network engines, some software packages, and network security. They are also sometimes used in research, security. They are also sometimes used in research, particularly acoustics and human particularly acoustics and human- -computer interaction. interaction. Semi Semi- -legitimate: Monitoring the computer habits of legitimate: Monitoring the computer habits of people in your family or people you live with i.e. people in your family or people you live with i.e. Parental Control. Parental Control. Malicious: Stealing passwords and PII via internet based Malicious: Stealing passwords and PII via internet based methods such as honeypots. methods such as honeypots. computer

5. HARDWARE VS. SOFTWARE All computer viruses are dependent on both hardware All computer viruses are dependent on both hardware and software. Viruses are normally contained in your and software. Viruses are normally contained in your hard drive, which is why sandboxing works. hard drive, which is why sandboxing works. Keyloggers are a particularly good example of this by Keyloggers are a particularly good example of this by nature. They measure the mechanical input of nature. They measure the mechanical input of hardware via keystrokes, yet at the same time process hardware via keystrokes, yet at the same time process it via queries (software). it via queries (software). Therefore we will divide the approaches toward Therefore we will divide the approaches toward keyloggers between hardware and software. keyloggers between hardware and software.

6. HARDWARE-FOCUSED KEYLOGGERS BIOS BIOS- -level firmware (Supply Chain Attack at the factory level firmware (Supply Chain Attack at the factory level) level) Circuit Circuit- -based (USB) based (USB) Wireless keyboard sniffers Wireless keyboard sniffers Keyboard Overlays (ATMs) Keyboard Overlays (ATMs) Acoustic Cryptanalysis Acoustic Cryptanalysis Electromagnetic Emission Capturing Electromagnetic Emission Capturing Optic Surveillance (Hidden camera) Optic Surveillance (Hidden camera) Fingerprinting plus Brute Fingerprinting plus Brute- -Force Attack Force Attack

7. SOFTWARE-FOCUSED KEYLOGGERS API based: API based: Intercept (Hook) and change keyboard API Intercept (Hook) and change keyboard API commands Hyper Hyper- -visor based: visor based: Virtual machine running under the OS Virtual machine running under the OS undetected undetected Kernel based: Kernel based: Rootkits that subvert the OS kernel, often pretending Rootkits that subvert the OS kernel, often pretending to be device drivers to be device drivers Form grabbing: Form grabbing: Log web Log web- -forms submissions via web browsers event forms submissions via web browsers event functions and event listeners. functions and event listeners. Memory Injection: Memory Injection: Alter memory tables associated with system Alter memory tables associated with system functions and logs the input. functions and logs the input. Packet Analysis: Packet Analysis: Captures network traffic (data packets) looking for Captures network traffic (data packets) looking for unencrypted passwords. unencrypted passwords. commands

8. COUNTERMEASURES Anti Anti- -keyloggers and AV Software keyloggers and AV Software Network Monitors(reverse firewalls) Network Monitors(reverse firewalls) Automatic Form Filler Programs (anti Automatic Form Filler Programs (anti- -Form Grabbing) One Time Passwords (OTPs) One Time Passwords (OTPs) Security Tokens (smartcards) Security Tokens (smartcards) Live CD boot (for OS level keyloggers) Live CD boot (for OS level keyloggers) Non Non- -traditional input devices (i.e. speech recognition traditional input devices (i.e. speech recognition software) software) Form Grabbing)

9. WORKSHOP As a Computer Science professional, it is integral to As a Computer Science professional, it is integral to continue learning new languages and technical skills continue learning new languages and technical skills outside of the classroom. outside of the classroom. This is why today we will write a simple API This is why today we will write a simple API- -based keylogger program, but not in Java, or COBOL, or keylogger program, but not in Java, or COBOL, or Assembly. Assembly. Due to it s popularity, simplicity of syntax, and power, we Due to it s popularity, simplicity of syntax, and power, we will use Python, a dynamic programming language for will use Python, a dynamic programming language for today s workshop. today s workshop. based

10. BRIEF OVERVIEW OF PYTHON Dynamic : (OOP, Procedural, Scripting, etc. ). Dynamic : (OOP, Procedural, Scripting, etc. ). Strongly Typed: primitives operations must be between Strongly Typed: primitives operations must be between same type. same type. Duck typed: Methods and Properties determine valid Duck typed: Methods and Properties determine valid semantics, not inheritance. semantics, not inheritance. Automatic memory management Automatic memory management Code is similar to Java and COBOL in syntax and MIPS Code is similar to Java and COBOL in syntax and MIPS Assembly in design philosophy Assembly in design philosophy

11. CODE EXAMPLES: DECLARING VARIABLES v v = = ('a', ('a', 'b', (x, (x, y, y, z) z) = = v v 'b', 'e') 'e') print print x x print print y y print print z z

12. CODE EXAMPLES: FOR LOOP AND IF/ELSE words words = = ['A', for for word print print word ['A', 'B', word in in words: word 'B', 'C', words: 'C', 'D', 'D', 'E'] 'E'] print print "password "password please please\ \n" n" password password = = raw_input raw_input("Enter ("Enter your your password: password: ") ") if if password password == print print "Access else: else: print print "Access == "name": "name": "Access Granted" Granted" "Access Denied" Denied"

13. CODE EXAMPLE: TRY/CATCH AND EXCEPTIONS def def f(): f(): print print "in 1/0 1/0 raises a a ZeroDivisionError ZeroDivisionError exception exception print print "in "in f, f, after "in f, f, before before 1/0" 1/0" try: try: g() g() print print "in except except ZeroDivisionError ZeroDivisionError: : print print "ZD "ZD exception exception caug ht" ht" print print "function "function h h ends" # # raises "in h, h, after after g()" g()" after 1/0" 1/0" caug def def g(): print print "in f() f() print print "in g(): ends" "in g, g, before before f()" f()" "in g, g, after after f()" f()" def def h(): print print "in h(): "in h, h, before before g()" g()"

14. DOWNLOADS Go to Go to python.org/ python.org/getit compatible with your computer compatible with your computer Also download the Also download the pyhook goo.gl.DdKLg goo.gl.DdKLg Now the default Python IDE, IDLE should be on your computer Now the default Python IDE, IDLE should be on your computer and ready to use. and ready to use. If you don t want to use IDLE you can also download: If you don t want to use IDLE you can also download: The The JPython JPython Extension for the Eclipse IDE Extension for the Eclipse IDE The The Python or IronPython Python or IronPython extension for Visual Studio. extension for Visual Studio. getit and download a python package and download a python package pyhook and and pywin32 pywin32 modules from modules from

15. STEPS 1. 1. Code the keylogger in IDLE (follow my instructions) Code the keylogger in IDLE (follow my instructions) 2. 2. Save it as a . Save it as a .pyw pyw file file 3. 3. Start notepad and code the launch file (follow my instructions). Start notepad and code the launch file (follow my instructions). 4. 4. Save it as a .batch file. Save it as a .batch file. 5. 5. Go to your Internet Explorer Shortcut and change it to run using Go to your Internet Explorer Shortcut and change it to run using the your launch file (change target to your batch file after right the your launch file (change target to your batch file after right clicking) clicking) 6. 6. Run IE and type something into your homepage . Run IE and type something into your homepage . 7. 7. Check you IE s log file (C Check you IE s log file (C: :\ \Users Users\ \(Your Name) Name)\ \AppData AppData\ \Local Local\ \Microsoft Microsoft\ \Windows Files Files\ \Content.IE5) Content.IE5) 8. 8. Shutdown your python files with task manager Shutdown your python files with task manager (Your Windows\ \Temporary Internet Temporary Internet

16. FIN