Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Hacking
1. ITT Certified Ethical Hacker
Certification Study Group
Week 1 – CEH Objectives,
Schedule, and Overview
2. CEH Study Group Overview
Instructor/Study Leader
Study Group Meeting Frequency &
Location
Certified Ethical Hacker Exam (312-50)
Objectives
Certification Text and “Schedule”
Week 1 Objectives
3. Study Group Instructor/Leader
Name: Mark McCoy,
CISSP/MCSE/CNE
Occupation: Network
Engineer/Administrator, Information
Security Practioner, and Adjunct
Instructor
4. Study Group Meeting
Frequency and Location
Study Group Location: ITT-Omaha,
Main Conference Room
Frequency: Once a Week
Day: Wednesday Night
Time: 6:00pm
Duration: 3 hours (1.5 Lecture/1.5 Lab)
5. Certified Ethical Hacker Exam
(312-50) Objectives
Ethics and Legality
Footprinting
Scanning
Enumeration
System Hacking
Trojans and Backdoors
Sniffers
Denial of Service
Social Engineering
Session Hijacking
Hijacking Web Servers
Web Application
Vulnerabilities
Web-Based Password
Cracking
SQL Injection
Wireless Hacking
Viruses and Worms
Physical Security
Linux Hacking
Evading IDS’s, Honeypots,
and Firewalls
Buffer Overflows
Cryptography
Penetration Testing Methods
6. Certification Text and
Schedule
Certification Text(s):
Official Certified Ethical Hacker Review Guide
CEH Prep Guide
Certified Ethical Hacker Exam Prep
Certification Schedule:
We will cover two to three chapters of the
Study Guide Per Week and plan to sit for
the exam in 5 – 9 Weeks
7. Week 1 Learning Objectives
Chapter 1 – Introduction to Ethical Hacking, Ethics,
and Legality
Understanding Ethical Hacking Terminology
Identifying Different Types of Hacking Technologies
Understanding the different “Phases” and Five Stages of
Ethical Hacking
What is Hackivism?
List the Different Types of hacker Classes
Define the skills required to become an ethical hacker
What is vulnerability research?
Describe the ways to conduct ethical hacking
Understand the legal implications of hacking
Understand 18 U.S.C. 1029 and 1030 U.S. Federal law
8. Week 1 Learning Objectives
(con’t)
Chapter 2 – Foot printing and Social Engineering
Footprinting
Define the Term Footprinting
Describe Information Gathering Methodology
Describe Competitive Intelligence
Understand DNS Enumeration
Understand ARIN and WHOIS Lookup
Identify the types of DNS Records
Understand how TRACEROUTE is used in footprinting
Understand how E-mail Tracking Works
Understand how Web Spiders work
Social Engineering
What is Social Engineering?
What are the common types of Attacks?
Understand dumpster diving
Understand Reverse Social Engineering
Understand Insider Attacks
Describe Phishing Attacks
Understand Online Scams
Understand URL Obfuscation
Social Engineering Countermeasures
9. Chapter 1 – Introduction to Ethical
hacking, Ethics, and Legality
Ethical Hacking Terminology
Threat:
Exploit:
Remote Exploit:
Local Exploit:
Vulnerability:
Target of Evaluation:
Attack:
10. Chapter 1 – Introduction to Ethical
hacking, Ethics, and Legality
Identifying Different Types of Hacking
Technologies
Operating System
Application
Shrink-Wrap Code
Misconfiguration:
12. Hacktivism
Hacktivism is defined as: Hacking for a cause
– Social or Political
White Hats: The “Good Guys”. The Ethical
Hackers. Goal is to strengthen the defenses.
Black Hats: The “Bad Guys”. The Malicious
Hacker, also known as a “Cracker”
Grey Hats: Hackers that “go both ways”. At
times they are on the “Offensive” and at times
they are on the “Defensive”
13. Skills required to be an Ethical
Hacker
Expertise required in:
Computer Programming
Networking
Operating Systems
Windows
Unix
Linux
Penetration Teams (Ethical Hackers) are
comprised of persons possessing expertise in
one or more of the above areas
14. Vulnerability Research
What is Vulnerability Research and Why is it
important to a Hacker (White Hat, Black Hat,
or Grey Hat)?
For the Black Hat – “Know your Enemy”
Learn as much about the enemy’s architecture, its
strengths and weaknesses, as you possible can, to give
you the greatest advantage in defeating the enemy
For the White Hat – “Know yourself”
Learn as much about your own architecture, its strengths
and weaknesses, as you possibly can, to give you the
greatest ability to defend against the enemy.
15. Ethical Hacking – A Six-Step
Process
Talk to the client and Conduct a Needs
Assessment
Agree to Terms – The Non Disclosure
Agreement
Organize your Team and Schedule Tests
Conduct Test (s)
Analyze Test Results and Prepare Report
Present your findings and recommendations
to the Client
16. Types of Ethical Hacks
Remote Network Attack
Remote Dial-Up Network Attack (War
Dialing)
Local Network Attack
Stolen Equipment Attack
Social Engineering
Physical Entry/Intrusion
17. Penetration Test Types
Black Box – Penetration Test Team has NO
INFORMATION concerning Infrastructure or
Systems
White Box - Penetration Test Team has
COMPLTETE INFORMATION concerning
Infrastructure and Systems
Grey Box - Penetration Test Team has
LIMITED INFORMATION concerning
Infrastructure or Systems
18. Legal Implications of Hacking
Cyber Security Enhancement Act of 2002:
Life Sentence for hackers who “recklessly”
endanger the lives of others
Title 18, United States Code (U.S.C.), section
1029 criminalizes the misuse of passwords
and other access devices such as token
cards
Title 18, United States Code (U.S.C.), section
1030 criminalizes the spreading of viruses
and worms and breaking into computers by
unauthorized individuals
19. Chapter 2 – Footprinting and
Social Engineering
Footprinting: The process of creating a
blueprint or map of an organization’s network
and systems.
Sources of Information:
Google Groups
Whois
NsLookup
Sam Spade
Careerlink
Dice
Monster
20. Competitive Intelligence
Competitive Intelligence is described
as: Information gathering about a
competitor’s products, marketing, and
technologies
Competitive Intelligence is non-intrusive
and benign in nature
21. DNS Enumeration
Definition: The process of locating all
DNS Servers and their corresponding
records for an organization
Sources of DNS Information:
DNSstuff
Whois
ARIN
NSLookup
22. DNS Record Types
A (Address): A.K.A. Host Record
SOA: Start of Authority
CNAME: Canonical Name (another name for
a host)
MX: Mail Exchange (Identifies Mail Server)
SRV: Service Record
PTR: Pointer (points IP Address to Host
name)
NS: (Name Server Record): Identifies DNS
Server
23. Traceroute and FootPrinting
Traceroute will actually “Trace The Route” a
packet takes from an origination to a
destination, which may reveal the ISP, via the
routers that the packet traverses
ARIN, Whois, and DNSstuff may also assist
in determining the “victim’s” ISP
NEOTrace, VisualRoute, and VisualLookout,
provide a graphic of the traceroute command
24. E-Mail Tracking
Allows Sender to know whether
recipient reads, forwards, modifies, or
deletes an email.
eMailTracking Pro and
MailTracking.com provide email
tracking services
25. Web Spiders
A Web Spider will comb a website to collect
email addresses (looking for the “@” syntax,
that it will later be used as recipients for
unsolicited email, by the attacker
Web Spiders can be defended against by
adding a robots.txt file that contains a list of
directories on your website you want
protected from web spiders
26. Week 1 Learning Objectives
Chapter 1 – Introduction to Ethical Hacking, Ethics,
and Legality
Understanding Ethical Hacking Terminology
Identifying Different Types of Hacking Technologies
Understanding the different “Phases” and Five Stages of
Ethical Hacking
What is Hackivism?
List the Different Types of hacker Classes
Define the skills required to become an ethical hacker
What is vulnerability research?
Describe the ways to conduct ethical hacking
Understand the legal implications of hacking
Understand 18 U.S.C. 1029 and 1030 U.S. Federal law
27. Social Engineering
Definition: The use of influence and
persuasion to deceive people for the
purpose of obtaining information or
persuading a victim to perform some
action.
28. Types of Social Engineering
Attacks
Human-Based: Person to person
contact/persuasion
Computer-Based: Also known as
phishing and on-line scams
29. URL Obfuscation
Definition: The hiding of a fake URL in
what appears to be a legitimate URL
URL Obfuscation is used in may
phishing scams to make the scam more
legitimate
URL Obfuscation can normally be
spotted when IP addresses are in the
URL versus only the host/domain name
31. Week 1 Learning Objectives
(con’t)
Chapter 2 – Foot printing and Social Engineering
Footprinting
Define the Term Footprinting
Describe Information Gathering Methodology
Describe Competitive Intelligence
Understand DNS Enumeration
Understand ARIN and WHOIS Lookup
Identify the types of DNS Records
Understand how TRACEROUTE is used in footprinting
Understand how E-mail Tracking Works
Understand how Web Spiders work
Social Engineering
What is Social Engineering?
What are the common types of Attacks?
Understand dumpster diving
Understand Reverse Social Engineering
Understand Insider Attacks
Describe Phishing Attacks
Understand Online Scams
Understand URL Obfuscation
Social Engineering Countermeasures
32. Homework
Read Chapters 3 & 4 of the CEH
Review Guide
Bring your Laptop for use in Lab (need
Linux and Windows capabilities – One
as a base OS and the other as a Virtual
Machine)