Soumettre la recherche
Mettre en ligne
Ceh v5 module 01 introduction to ethical hacking
•
3 j'aime
•
2,431 vues
Vi Tính Hoàng Nam
Suivre
CEH v5 Module 01 Introduction to Ethical Hacking
Lire moins
Lire la suite
Signaler
Partager
Signaler
Partager
1 sur 43
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
Ceh v5 module 03 scanning
Ceh v5 module 03 scanning
Vi Tính Hoàng Nam
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Vi Tính Hoàng Nam
IT Security management and risk assessment
IT Security management and risk assessment
CAS
Ethical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
Man in The Middle Attack
Man in The Middle Attack
Deepak Upadhyay
ETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
Recommandé
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
Ceh v5 module 03 scanning
Ceh v5 module 03 scanning
Vi Tính Hoàng Nam
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Vi Tính Hoàng Nam
IT Security management and risk assessment
IT Security management and risk assessment
CAS
Ethical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
Man in The Middle Attack
Man in The Middle Attack
Deepak Upadhyay
ETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
Malware analysis
Malware analysis
Prakashchand Suthar
Application Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
Certified Ethical Hacker v11 First Look.pdf
Certified Ethical Hacker v11 First Look.pdf
Tuan Yang
Phishing attack
Phishing attack
Raghav Chhabra
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
Cyber security
Cyber security
Bhavin Shah
Penetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Tom K
Social engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumeration
Vi Tính Hoàng Nam
Email security
Email security
SultanErbo
Hyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
Chapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
ITpreneurs
Security Awareness Training
Security Awareness Training
William Mann
Ceh v5 module 00 student introduction
Ceh v5 module 00 student introduction
Vi Tính Hoàng Nam
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hacking
Vi Tính Hoàng Nam
Contenu connexe
Tendances
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
Malware analysis
Malware analysis
Prakashchand Suthar
Application Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Scott Sutherland
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
Certified Ethical Hacker v11 First Look.pdf
Certified Ethical Hacker v11 First Look.pdf
Tuan Yang
Phishing attack
Phishing attack
Raghav Chhabra
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
Cyber security
Cyber security
Bhavin Shah
Penetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Tom K
Social engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumeration
Vi Tính Hoàng Nam
Email security
Email security
SultanErbo
Hyphenet Security Awareness Training
Hyphenet Security Awareness Training
Jen Ruhman
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
Chapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
ITpreneurs
Security Awareness Training
Security Awareness Training
William Mann
Tendances
(20)
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Malware analysis
Malware analysis
Application Security - Your Success Depends on it
Application Security - Your Success Depends on it
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
Certified Ethical Hacker v11 First Look.pdf
Certified Ethical Hacker v11 First Look.pdf
Phishing attack
Phishing attack
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Cyber security
Cyber security
Penetration testing reporting and methodology
Penetration testing reporting and methodology
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Social engineering hacking attack
Social engineering hacking attack
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumeration
Email security
Email security
Hyphenet Security Awareness Training
Hyphenet Security Awareness Training
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
Chapter 1 Presentation
Chapter 1 Presentation
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
Security Awareness Training
Security Awareness Training
En vedette
Ceh v5 module 00 student introduction
Ceh v5 module 00 student introduction
Vi Tính Hoàng Nam
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hacking
Vi Tính Hoàng Nam
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
Vi Tính Hoàng Nam
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineering
Vi Tính Hoàng Nam
CEHv7 Question Collection
CEHv7 Question Collection
Manish Luintel
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
Vi Tính Hoàng Nam
CMIT 321 QUIZ 1
CMIT 321 QUIZ 1
HamesKellor
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Mike McLain
CCNA - Switching Concepts made easy
CCNA - Switching Concepts made easy
sushmil123
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoors
Vi Tính Hoàng Nam
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
Vi Tính Hoàng Nam
Ce hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologies
Vi Tính Hoàng Nam
0407 ceh certificate
0407 ceh certificate
Wayne Parton
Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflow
Vi Tính Hoàng Nam
File000140
File000140
Desmond Devendran
Ce hv6 module 49 creating security policies
Ce hv6 module 49 creating security policies
Vi Tính Hoàng Nam
Ce hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warez
Vi Tính Hoàng Nam
Ce hv6 module 66 security convergence
Ce hv6 module 66 security convergence
Vi Tính Hoàng Nam
Ce hv6 module 65 patch management
Ce hv6 module 65 patch management
Vi Tính Hoàng Nam
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webservers
Vi Tính Hoàng Nam
En vedette
(20)
Ceh v5 module 00 student introduction
Ceh v5 module 00 student introduction
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hacking
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineering
CEHv7 Question Collection
CEHv7 Question Collection
CATALOGUE QUESTEK (Tiếng Việt)
CATALOGUE QUESTEK (Tiếng Việt)
CMIT 321 QUIZ 1
CMIT 321 QUIZ 1
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
Switching vla ns_secugenius_harksh_mikemclain_secugenius security solutions
CCNA - Switching Concepts made easy
CCNA - Switching Concepts made easy
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 10 session hijacking
Ceh v5 module 10 session hijacking
Ce hv6 module 60 firewall technologies
Ce hv6 module 60 firewall technologies
0407 ceh certificate
0407 ceh certificate
Ceh v5 module 20 buffer overflow
Ceh v5 module 20 buffer overflow
File000140
File000140
Ce hv6 module 49 creating security policies
Ce hv6 module 49 creating security policies
Ce hv6 module 50 software piracy and warez
Ce hv6 module 50 software piracy and warez
Ce hv6 module 66 security convergence
Ce hv6 module 66 security convergence
Ce hv6 module 65 patch management
Ce hv6 module 65 patch management
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webservers
Similaire à Ceh v5 module 01 introduction to ethical hacking
Ethical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptx
Janani S
Introduction to Hacking
Introduction to Hacking
Rishabha Garg
Network Security Tools and applications
Network Security Tools and applications
webhostingguy
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
EMERSON EDUARDO RODRIGUES
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
wajug
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
GovandJamalSaeed
EN-Ethical-Hacking-2023-18-08-03-26-15.pdf
EN-Ethical-Hacking-2023-18-08-03-26-15.pdf
ssuser886cfe
EN-Ethical Hacking.pdf
EN-Ethical Hacking.pdf
Vinay379568
certifieced ethical hacker course old an
certifieced ethical hacker course old an
radio02moura
File000119
File000119
Desmond Devendran
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical Hacking
IRJET Journal
Ethical hacking BY Thariq ibnu Ubaidhullah
Ethical hacking BY Thariq ibnu Ubaidhullah
pongada123
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.
Rishabh Gupta
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
vamshimatangi
Ethical hacking
Ethical hacking
Mohammad Affan
Module 1 Introduction
Module 1 Introduction
leminhvuong
Security & control in management information system
Security & control in management information system
Online
Cyber Attack Methodologies
Cyber Attack Methodologies
Geeks Anonymes
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptx
AadityaRauniyar1
Similaire à Ceh v5 module 01 introduction to ethical hacking
(20)
Ethical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptx
Introduction to Hacking
Introduction to Hacking
Network Security Tools and applications
Network Security Tools and applications
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
EN-Ethical-Hacking-2023-18-08-03-26-15.pdf
EN-Ethical-Hacking-2023-18-08-03-26-15.pdf
EN-Ethical Hacking.pdf
EN-Ethical Hacking.pdf
certifieced ethical hacker course old an
certifieced ethical hacker course old an
File000119
File000119
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical Hacking
Ethical hacking BY Thariq ibnu Ubaidhullah
Ethical hacking BY Thariq ibnu Ubaidhullah
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
Ethical hacking
Ethical hacking
Module 1 Introduction
Module 1 Introduction
Security & control in management information system
Security & control in management information system
Cyber Attack Methodologies
Cyber Attack Methodologies
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptx
Plus de Vi Tính Hoàng Nam
CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
Vi Tính Hoàng Nam
Catalogue 2015
Catalogue 2015
Vi Tính Hoàng Nam
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vn
Vi Tính Hoàng Nam
CATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁT
Vi Tính Hoàng Nam
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
Vi Tính Hoàng Nam
Các loại cáp mạng
Các loại cáp mạng
Vi Tính Hoàng Nam
Catalogue 10-2014-new
Catalogue 10-2014-new
Vi Tính Hoàng Nam
Qtx 6404
Qtx 6404
Vi Tính Hoàng Nam
Camera QTX-1210
Camera QTX-1210
Vi Tính Hoàng Nam
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 Series
Vi Tính Hoàng Nam
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báo
Vi Tính Hoàng Nam
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
Vi Tính Hoàng Nam
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
Vi Tính Hoàng Nam
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
Vi Tính Hoàng Nam
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008E
Vi Tính Hoàng Nam
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênh
Vi Tính Hoàng Nam
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênh
Vi Tính Hoàng Nam
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênh
Vi Tính Hoàng Nam
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
Vi Tính Hoàng Nam
I phone v1.2_e
I phone v1.2_e
Vi Tính Hoàng Nam
Plus de Vi Tính Hoàng Nam
(20)
CATALOG KBVISION (Tiếng Việt)
CATALOG KBVISION (Tiếng Việt)
Catalogue 2015
Catalogue 2015
Tl wr740 n-v4_user_guide_1910010682_vn
Tl wr740 n-v4_user_guide_1910010682_vn
CATALOGUE CAMERA GIÁM SÁT
CATALOGUE CAMERA GIÁM SÁT
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
HƯỚNG DẪN SỬ DỤNG ĐẦU GHI QTD-6108
Các loại cáp mạng
Các loại cáp mạng
Catalogue 10-2014-new
Catalogue 10-2014-new
Qtx 6404
Qtx 6404
Camera QTX-1210
Camera QTX-1210
Brochua đầu ghi hình QTD-6100 Series
Brochua đầu ghi hình QTD-6100 Series
NSRT: Dụng cụ tháo đầu báo
NSRT: Dụng cụ tháo đầu báo
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
SLV-24N: Đầu báo khói quang
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
PEX-xx: Bộ hiển thị phụ 5-210 zone cho tủ RPP, RPS, RPQ
HRA-1000: Hiển thị phụ cho TT HCP-1008E
HRA-1000: Hiển thị phụ cho TT HCP-1008E
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ABW: TT báo cháy 10-20 kênh
RPP-ECW: TT báo cháy 3-5 kênh
RPP-ECW: TT báo cháy 3-5 kênh
HCP-1008E: TT báo cháy 8-24 kênh
HCP-1008E: TT báo cháy 8-24 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
HCV-2/4/8: TT báo cháy 2,4,8 kênh
I phone v1.2_e
I phone v1.2_e
Ceh v5 module 01 introduction to ethical hacking
1.
Module I Introduction to
Ethical Hacking Ethical Hacking Version 5
2.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Module Objective This module will familiarize you with the following: Importance of Information security in today’s world Elements of security Various phases of the Hacking Cycle Types of hacker attacks Hacktivism Ethical Hacking Vulnerability research and tools that assist in the same Steps for conducting ethical hacking Computer crimes and implications Cyber Laws prevailing in various parts around the World
3.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Module Flow Importance of security Legal perspective Phases to perform malicious hacking Elements of security Ethical Hacking Hacktivism Computer crimes and implicationsTypes of hacker attacks Conducting ethical hacking vulnerability research and tools
4.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Problem Definition – Why Security? Evolution of technology focused on ease of use Decreasing skill level needed for exploits Increased network environment and network based applications
5.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Essential Terminologies Threat – An action or event that might compromise security. A threat is a potential violation of security Vulnerability – Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system Target of Evaluation – An IT system, product, or component that is identified/subjected as requiring security evaluation Attack – An assault on system security that derives from an intelligent threat. An attack is any action that violates security Exploit – A defined way to breach the security of an IT system through vulnerability
6.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Elements of Security Security – A state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable Security rests on confidentiality, authenticity, integrity, and availability •Confidentiality – The concealment of information or resources •Authenticity – The identification and assurance of the origin of information •Integrity – The trustworthiness of data or resources in terms of preventing improper and unauthorized changes •Availability – The ability to use the information or resource desired Any hacking event will affect any one or more of the essential security elements
7.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited The Security, Functionality, and Ease of Use Triangle The number of exploits gets minimized when the number of weaknesses is reduced => greater security Takes more effort to conduct same task => reduced functionality Functionality Ease of Use Security Moving the ball towards security means moving away from functionality and ease of use
8.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited What Does a Malicious Hacker Do? Reconnaissance • Active/passive Scanning Gaining access • Operating system level/application level • Network level • Denial of service Maintaining access • Uploading/altering/ downloading programs or data Clearing tracks Clearing Tracks Maintaining Access Gaining Access Scanning Reconnaissance
9.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Phase 1 - Reconnaissance Reconnaissance refers to the preparatory phase where an attacker seeks to gather as much information as possible about a target of evaluation prior to launching an attack Business Risk: Notable - Generally noted as "rattling the door knobs" to see if someone is watching and responding Could be future point of return when noted for ease of entry for an attack when more about the target is known on a broad scale
10.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Reconnaissance Types Passive reconnaissance involves acquiring information without directly interacting with the target For example, searching public records or news releases Active reconnaissance involves interacting with the target directly by any means For example, telephone calls to the help desk or technical department
11.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Phase 2 - Scanning Scanning refers to the pre-attack phase when the hacker scans the network for specific information on the basis of information gathered during reconnaissance Business Risk: High – Hackers have to get a single point of entry to launch an attack Scanning can include use of dialers, port scanners, network mapping, sweeping, vulnerability scanners, and so on NMAP Scanner Front End
12.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Phase 3 - Gaining Access Gaining Access refers to the penetration phase. The hacker exploits the vulnerability in the system The exploit can occur over a LAN, the Internet, or as a deception or theft. Examples include buffer overflows, denial of service, session hijacking, and password cracking Influencing factors include architecture and configuration of the target system, the skill level of the perpetrator, and the initial level of access obtained Business Risk: Highest – The hacker can gain access at the operating system level, application level, or network level
13.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Phase 4 - Maintaining Access Maintaining Access refers to the phase when the hacker tries to retain his ownership of the system The hacker has compromised the system Hackers may harden the system from other hackers as well (to own the system) by securing their exclusive access with Backdoors, RootKits, or Trojans Hackers can upload, download, or manipulate data, applications, and configurations on the owned system
14.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Phase 5 - Covering Tracks Covering Tracks refers to the activities that the hacker undertakes to hide his misdeed Reasons include the need for prolonged stay, continued use of resources, removing evidence of hacking, or avoiding legal action Examples include Steganography, tunneling, and altering log files
15.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Types of Hacker Attacks There are several ways an attacker can gain access to a system The attacker must be able to exploit a weakness or vulnerability in a system Attack Types: 1. Operating System attacks 2. Application-level attacks 3. Shrink Wrap code attacks 4. Misconfiguration attacks
16.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited 1. Operating System Attacks Today’s Operating systems are complex in nature Operating Systems run many services, ports and modes of access and requires extensive tweaking to lock them down The default install of most operating systems has large numbers of services running and ports open Applying patches and hotfixes are not so easy in today’s complex network Attackers look for OS vulnerabilities and exploit them to gain access to a network system
17.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited 2. Application Level Attacks Software developers are under tight schedules to deliver products on time Extreme Programming is on the rise in software engineering methodology Software applications come with tons of functionalities and features There is not enough time to perform complete testing before releasing products Security is often an afterthought and usually delivered as "add-on” component Poor or non-existent error checking in applications which leads to “Buffer Overflow Attacks”
18.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited 3. Shrink Wrap Code Attacks Why reinvent the wheel when you can buy off-the-shelf “libraries” and code? When you install an OS/Application, it comes with tons of sample scripts to make the life of an administrator easy The problem is “not fine tuning” or customizing these scripts This will lead to default code or shrink wrap code attack
19.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited 4. Misconfiguration Attacks Systems that should be fairly secure are hacked into because they were not configured correctly Systems are complex and the administrator does not have the necessary skills or resources to fix the problem Most often the administrator will create a simple configuration that works In order to maximize your chances of configuring a machine correctly, remove any unneeded services or software
20.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Remember This Rule! If a hacker wants to get inside your system, he will and there is nothing you can do about it The only thing you can do is make it harder for him to get in
21.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacktivism Refers to the idea of hacking with or for a cause Comprises hackers with a social or political agenda Aims at sending a message through their hacking activity and gaining visibility for their cause and themselves Common targets include government agencies, MNCs, or any other entity perceived as bad or wrong by these groups or individuals It remains a fact, however, that gaining unauthorized access is a crime, no matter what the intent
22.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hacker Classes Black Hats Individuals with extraordinary computing skills, resorting to malicious or destructive activities. Also known as crackers White Hats Individuals professing hacker skills and using them for defensive purposes. Also known as security analysts Gray Hats Individuals who work both offensively and defensively at various times Suicide Hackers Individuals who will aim to bring down critical infrastructure for a "cause" and not worry about facing 30 years in jail for their actions
23.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Ethical Hacker Classes Former Black Hats – Reformed crackers – First-hand experience – Lesser credibility perceived White Hats – Independent security consultants (may be groups as well) – Claim to be knowledgeable about black hat activities Consulting Firms – Part of ICT firms – Good credentials
24.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited What Do Ethical Hackers Do? “If you know the enemy and know yourself, you need not fear the result of a hundred battles” – Sun Tzu, Art of War Ethical hackers try to answer the following questions: What can the intruder see on the target system? (Reconnaissance and Scanning phases) What can an intruder do with that information? (Gaining Access and Maintaining Access phases) Does anyone at the target notice the intruders’ attempts or successes? (Reconnaissance and Covering Tracks phases) If hired by any organization, an ethical hacker asks the organization what it is trying to protect, against whom, and what resources it is willing to expend in order to gain protection
25.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Can Hacking be Ethical? Hacker refers to a person who enjoys learning the details of computer systems and how to stretch their capabilities Hacking describes the rapid development of new programs or the reverse engineering of already existing software to make the code better and more efficient Cracker refers to a person who uses his hacking skills for offensive purposes Ethical hacker refers to security professionals who apply their hacking skills for defensive purposes
26.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited How to Become an Ethical Hacker? To become an ethical hacker you must meet the following requirements: Should be proficient with programming and computer networking skills Should be familiar with vulnerability research Should have mastery in different hacking techniques Should be prepared to follow a strict code of conduct
27.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Skill Profile of an Ethical Hacker A computer expert adept at technical domains Has in-depth knowledge of target platforms, such as Windows, Unix, and Linux Has exemplary knowledge of networking and related hardware and software Knowledgeable about security areas and related issues In other words you must be “highly technical” to launch sophisticated attacks
28.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited What is Vulnerability Research? Discovering vulnerabilities and design weaknesses that will open an operating system and its applications to attack or misuse Includes both dynamic study of products and technologies and ongoing assessment of the hacking underground Relevant innovations are released in the form of alerts and are delivered within product improvements for security systems Can be classified based on: • Severity level (low, medium, or high) • Exploit range (local or remote)
29.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Why Hackers Need Vulnerability Research? To identify and correct network vulnerabilities To protect the network from being attacked by intruders To get information that helps prevent security problems To gather information about viruses To find weaknesses in the network and to alert the network administrator before a network attack To know how to recover from a network attack
30.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Vulnerability Research Tools US-CERT publishes information regarding a variety of vulnerabilities in “US-CERT Vulnerabilities Notes” Similar to alerts but contain less information Does not contain the solutions to all the vulnerabilities Contains vulnerabilities that meet certain criteria Contains information that is useful to the administrator Vulnerability notes can be searched by several key fields: name, vulnerability ID number, and CVE-name Can be cross checked with the Common Vulnerabilities and Exposures (CVE) catalog
31.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Vulnerability Research Websites www.securitytracker.com www.microsoft.com/security www.securiteam.com www.packetstormsecurity.com www.hackerstorm.com www.hackerwatch.org
32.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Secunia (secunia.com/product/) Secunia monitors vulnerabilities in more than 9,500 products
33.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hackerstorm Vulnerability Database Tool (www.hackerstorm.com) You can search CVS Vulnerability database using this tool – Updates provided daily and are free – You can view Vulnerability database offline (without Internet access) – Easy to use Web-based GUI, requires a browser with flash – Data includes description, solution, attack type, external references, and credit – Source is available for those who wish to contribute and enhance the tool – Data is provided by www.osvdb.org and its contributors
34.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Hackerstorm
35.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited HackerWatch www.hackerwatch.org HackerWatch lets you report and share information that helps identify, combat, and prevent the spread of Internet threats and unwanted network traffic HackerWatch provides reports and graphical up-to-date snapshots of unwanted Internet traffic and threats Snapshots include critical port incidents graphs, worldwide port activity statistics, and target and source maps showing unwanted traffic and potential threats to Internet security
36.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Zone-h.org Reports Web Page Defacement Mirror Images Zone-h.org reports web attacks and cybercrimes as an independent observatory and lists them on their website You will be able to see tons of defaced webpages The list is updated every day
37.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited MILWORM
38.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited How to Conduct Ethical Hacking? Step 1: Talk to your client on the needs of testing Step 2: Prepare NDA documents and ask the client to sign them Step 3: Prepare an ethical hacking team and draw up schedule for testing Step 4: Conduct the test Step 5: Analyze the results and prepare a report Step 6: Deliver the report to the client Note: In-depth Penetration Testing methodology is covered in EC- Council’s LPT program
39.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited How Do They Go About It? Any security evaluation involves three components: Preparation – In this phase, a formal contract is signed that contains a non- disclosure clause as well as a legal clause to protect the ethical hacker against any prosecution that might otherwise attract during the conduct phase. The contract also outlines infrastructure perimeter, evaluation activities, time schedules, and resources available to him Conduct – In this phase, the evaluation technical report is prepared based on testing potential vulnerabilities Conclusion – In this phase, the results of the evaluation are communicated to the organization or sponsors and corrective action is taken if needed
40.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Approaches to Ethical Hacking Remote network – This approach attempts to simulate an intruder launching an attack over the Internet Remote dial-up network – This approach attempts to simulate an intruder launching an attack against the client’s modem pools Local network – This approach simulates an employee with legal access gaining unauthorized access over the local network Stolen equipment – This approach simulates theft of a critical information resource, such as a laptop owned by a strategist that was taken from its owner and given to the ethical hacker Social engineering – This approach attempts to check the integrity of the organization’s employees Physical entry – This approach attempts to physically compromise the organization’s ICT infrastructure
41.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Ethical Hacking Testing There are different forms of security testing. Examples include vulnerability scanning, ethical hacking, and penetration testing Approaches to testing are shown below •Black box – With no prior knowledge of the infrastructure to be tested •White box – With a complete knowledge of the network infrastructure •Gray box – Also known as Internal Testing. Examines the extent of access by insiders within the network
42.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Ethical Hacking Deliverables An Ethical Hacking Report : Details the results of the hacking activity, matching it against the work schedule decided prior to the conduct phase Vulnerabilities are detailed and prevention measures suggested. Usually delivered in hard copy format for security reasons Issues to consider – Nondisclosure clause in the legal contract (availing the right information to the right person), integrity of the evaluation team, sensitivity of information
43.
EC-Council Copyright © by
EC-Council All Rights reserved. Reproduction is strictly prohibited Summary Security is critical across sectors and industries Ethical Hacking is a methodology to simulate a malicious attack without causing damage Hacking involves five distinct phases Security evaluation includes preparation, conduct, and evaluation phases Cyber crime can be differentiated into two categories U.S. Statutes ξ 1029 and 1030 primarily address cyber crime
Télécharger maintenant