Loading...
Publication
Estudo sobre hacking ético na prevenção de ciber-ataques
| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 5.84 MB | Adobe PDF |
Authors
Advisor(s)
Abstract(s)
Este trabalho incide sobre o estudo do hacking ético no combate ao cibercrime,
iniciando-se com uma extensa revisão literária que contempla diversos artigos e livros
sobre hacking ético e engenharia social. O foco central é o desenvolvimento de uma
ferramenta de phishing, operacionalizada numa plataforma cloud, com recurso a um
domínio especificamente adquirido para conferir maior realismo ao ataque simulado.
Esta ferramenta utiliza um serviço especializado de envio de emails, com emissão de
certificados digitais, assegurando a autenticidade dos emails enviados.
A ferramenta de phishing permite a monitorização precisa e em tempo real dos
utilizadores alvo da campanha, facultando informação detalhada sobre interações
como a abertura de emails, cliques em hiperligações, e submissão de dados, incluindo
a data, hora, sistema operativo e navegador usado. Tal monitorização proporciona um
entendimento aprofundado do comportamento dos utilizadores perante ameaças de
phishing.
Adicionalmente, foram desenvolvidas ferramentas de hacking em Python,
nomeadamente um keylogger e um backdoor. O keylogger é projetado para registar a
atividade do teclado do utilizador, enquanto o backdoor visa criar um acesso remoto
oculto ao sistema comprometido. Estas ferramentas são complementares à análise da
vulnerabilidade dos utilizadores a diferentes tipos de ataques cibernéticos.
Foram igualmente realizados dois questionários para avaliar os conhecimentos e
perspetivas dos participantes relativamente à cibersegurança. Estes questionários
foram essenciais para medir a consciência dos participantes acerca das ameaças
cibernéticas e das práticas de segurança que adotam. A análise das respostas permitiu
identificar áreas onde o conhecimento e a preparação para enfrentar desafios do
cibercrime podem ser reforçados.
Este estudo representa uma contribuição significativa para a compreensão das
estratégias de hacking ético e sua eficácia no panorama atual da segurança cibernética.
Os resultados obtidos evidenciam a vulnerabilidade dos utilizadores a ataques de
engenharia social e realçam a importância de uma educação contínua e
desenvolvimento de estratégias de segurança robustas no combate efetivo ao
cibercrime. Este trabalho oferece, assim, uma base sólida para futuras investigações na
área de hacking ético e segurança cibernética, abrindo caminho para abordagens mais
integradas e sofisticadas no enfrentamento ao cibercrime.
Abstract: This work delves into the study of ethical hacking as a means to combat cybercrime, beginning with an extensive literary review of various articles and books related to ethical hacking and social engineering. The centrepiece of this study is the development of a phishing tool, supported and hosted on a cloud platform, utilizing a specially purchased domain to render a more realistic simulated attack. This tool employs a specialized email delivery service, ensuring the authenticity of the emails sent through digital certificates. The phishing tool is designed to monitor users involved in the phishing campaign in real-time, recording detailed information about how users react such as email opening, link clicking, and data submission, including the time, date, operating system, and browser used. This level of monitoring offers a deep understanding of user behaviour in response to phishing threats. Additionally, hacking tools developed using Python, namely a keylogger and a backdoor, are included in the study. The keylogger aims to record user keyboard activity, while the backdoor seeks to establish a hidden remote access to the compromised system. These tools complement the analysis of user vulnerability to different types of cyberattacks. The study also involves two questionnaires to assess participants' knowledge and perspectives on cybersecurity. These questionnaires measure the participants' awareness of cyber threats and their security practices. The analysis of the responses highlights areas where knowledge and preparedness to face cybercrime challenges can be strengthened. In a nutshell, this study contributes significantly to the understanding of ethical hacking strategies and their effectiveness in the current cybersecurity landscape. The results not only reveal user vulnerability to social engineering attacks but also emphasize the importance of continuous education and the development of robust security strategies to effectively combat cybercrime. This work thus provides a solid foundation for future investigations in ethical hacking and cybersecurity, paving the way for more integrated and sophisticated approaches in tackling cybercrime.
Abstract: This work delves into the study of ethical hacking as a means to combat cybercrime, beginning with an extensive literary review of various articles and books related to ethical hacking and social engineering. The centrepiece of this study is the development of a phishing tool, supported and hosted on a cloud platform, utilizing a specially purchased domain to render a more realistic simulated attack. This tool employs a specialized email delivery service, ensuring the authenticity of the emails sent through digital certificates. The phishing tool is designed to monitor users involved in the phishing campaign in real-time, recording detailed information about how users react such as email opening, link clicking, and data submission, including the time, date, operating system, and browser used. This level of monitoring offers a deep understanding of user behaviour in response to phishing threats. Additionally, hacking tools developed using Python, namely a keylogger and a backdoor, are included in the study. The keylogger aims to record user keyboard activity, while the backdoor seeks to establish a hidden remote access to the compromised system. These tools complement the analysis of user vulnerability to different types of cyberattacks. The study also involves two questionnaires to assess participants' knowledge and perspectives on cybersecurity. These questionnaires measure the participants' awareness of cyber threats and their security practices. The analysis of the responses highlights areas where knowledge and preparedness to face cybercrime challenges can be strengthened. In a nutshell, this study contributes significantly to the understanding of ethical hacking strategies and their effectiveness in the current cybersecurity landscape. The results not only reveal user vulnerability to social engineering attacks but also emphasize the importance of continuous education and the development of robust security strategies to effectively combat cybercrime. This work thus provides a solid foundation for future investigations in ethical hacking and cybersecurity, paving the way for more integrated and sophisticated approaches in tackling cybercrime.
Description
Dissertação apresentada à Escola Superior de Tecnologia do Instituto Politécnico de Castelo Branco para cumprimento dos requisitos necessários à obtenção do grau de Mestre em Engenharia Informática - Desenvolvimento de Software e Sistemas Interativos.
Keywords
Hacking ético Cibercrime Phishing Segurança cibernética Engenharia social Ethical hacking Cybercrime Cybersecurity Social engineering