CEH: Definition

Ceh Definition

Intrusion Prevention and Detection System Basics. An Intrusion Prevention System (IPS) is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.

Intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network.

Classes of Hackers

a)      Black Hat (unauthorized use)

b)      White Hat (Authorized Testing with permission)

c)       Gray Hat ( Go both ways, Day time White, Night Black Hackers)

d)      Suicide Hacker (Don't care about Law and consciences ) 

e)      Script Kidde (Brand New / use other script)

f)       Cyber Terrorist (hack under the name of religion or organization)

g)      State Sponsored Hacker (Hired by Country to Attack for their National Interest)

h)      Hackivist (Political Agenda)

 Hacking Vocabulary (6 min)

a)      Vulnerability: Weakness in the device configuration / implementation

b)      Exploit: Hacker breach of the weakness

c)       Payload: component of the attack; shutting down system or make it unreachable; Payload is the part of the code which is doing malicious activity.

d)      Zero day attack: Vulnerability exist in the device software and vendor do not have patch available to fixed the vulnerability. (Windows / Cisco)

e)      Daisy Chaining: getting access to one computer of the network and separating that attack to the network and finally reaching to DMZ

f)        Doxing: publishing personally identifiable information (PII) about individual

g)      BOT: Software application used remotely to attack (DOS)

h)      BOT-  NET: Multiple computer used to attack (ICMP request) (DDOS)

i)        Banner Grabbing: Banner grabbing is a technique used to glean information about a computer system on a network and the services running on its open ports. Administrators can use this to take inventory of the systems and services on their network.

j)        Reconnaissance: Gather information

o   Active Reconnaissance: interacting direct with the target/ Job interview/ phone call

o   Passive Reconnaissance: secret gathering information; company Public data; social media pages

k)      CIA : Confidentiality Integrity Availability

l)        Security Account Manager (SAM) is a database file[1] in Windows XP, Windows Vista and Windows 7 that stores users' passwords. It can be used to authenticate local and remote users. Beginning with Windows 2000 SP4, Active Directory authenticates remote users. SAM uses cryptographic measures to prevent forbidden users to gain access to the system.

m)    MITM: Man in the Middle Attack

InfoSec Concepts (5 min)

Information Security

Security make less easy to use the system and slow down the system because layers and layers of protection

3 Aspects:

        I.            Functionality:

      II.            Usability:

    III.            Security: More Security than less Functionality and more Usability

CIA : Confidentiality Integrity Availability

a)      Confidentiality: one individual will see the data on disk / network

b)      Integrity : trust worthiness of data/ Authenticity / Non-repudiation

c)       Availability: Authorize user should have access to the data.

 Attack Categories, Types, and Vectors (5 min)

Attack Vectors:

a)      APT Advanced persistent threats: very advance, long term, special coding

b)      Botnets: multiple computer attack

c)       Cloud Computing: Weak link

d)      Insider Attack: Ex employee attack

e)      Mobile Threat: using wireless network

f)       Virus: flash drive or click on the link

Attack Type:

a)      OS attack

b)      Device Mis-configuration attack

c)       Application Level attack: SQL injection

d)      Shrink-wrap / Default: using Default password

 Five Phases of Hacking (5 min)

5 phase of hacking:

1)      Reconnaissance: Gather information

a)      Active Reconnaissance: interacting direct with the target/ Job interview/ phone call

b)      Passive Reconnaissance: secret gathering information; company Public data; social media pages

2)      Scanning: Port, Network, Vulnerability scanning, OS

3)      Gain Access: gain access, Contractor access, Spread access to network computer

4)      Maintaining Access: for future attacks

5)      Clearing Tracks: go unnoticed

Footprinting and Reconnaissance Concepts (11 min)

Collect information

·         Google Search Engine

·         Cache websites

·         Netcraft : OS using

·         Any Who: People

·         Maps / Satellite images:

·         Market value / profile

·         Job site/ Hiring Java programmer / technology using

·         Forum / Social Media Website

·         Google Hacking: advance Google search

·         Company website: HTML source / Notes by Developer

·         Email messages Header

·         Whois.net

·         DNS to IP address

·         Network Mapping

·         Social Engineering:  

 Search Engine Tools (8 min)

·         Google, Yahoo, Bing, duck duck,

·         Cached Sites: Archive.org

·         Map sites

·         People anywho.com

·         Job search sites

·         Third party: netcraft; OS and Technology

·         Google incognito

Hacking using Google (12 min)

a)      Google Advance Search

b)      Google Hacking Database

Website Recon Tools (13 min)

·         FireBug: HTML details

·         Web Data : download information from the website; email address/ content

·         HTTrack---Mirror whole website

Metagoofil Metadata Tool (3 min)

·         Metagoofil:  Kali tool; look for pdf / doc files on the website/ total no of documents

Email Headers for Footprinting (5 min)

·         Email: email header

·         Email tracker pro

Using WHOIS for Recon (4 min)

·         Smartwhois

·         Whois

DNS Tools (12 min)

·         List of dns record type

·         Nslookup (Kali)

o   Set type=aaa

o   www.xyz

o   Set type = mx mail server

·         Network-tools.com

Network Scanning Overview (3 min)

·         Ping

·         Nmap –sn

·         Looks for open ports

·         Banner Grabbing: Banner grabbing is a technique used to glean information about a computer system on a network and the services running on its open ports. Administrators can use this to take inventory of the systems and services on their network.

34. Proxy Servers (8 min)

·         Proxy work bench

35. Using Public Proxy Services (6 min)

·         Proxy switcher.com

36. Enumeration Concepts (5 min)

37. NetBIOS Enumeration (11 min)

·         Net BIOS Wiki

·         Net BIOS suffix  Wiki

·         NetBIOS over TCP/IP Wiki

·         Net command

·         Netstat command

·         Net BIOS enumerator

38. SNMP Enumeration Concepts (10 min)

39. SNMP Enumeration Tools (10 min)

·         Ip network browser

40. LDAP Enumeration Concepts (5 min)

·         LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet.

·         LDAP uses TCP Port 389/636

·         Look for user with ADMIN Role

·         JXEXPLOER.ORG

41. LDAP Enumeration Example (7 min)

42. NTP Enumeration (7 min)

·         Network Time Protocol

·         UDP : 123

·         Time LOG

·         Digital cert.

·         Active directory

43. SMTP Enumeration (8 min)

·         Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (email) transmission. First defined by RFC 821 in 1982, it was last updated in 2008 with the Extended SMTP additions by RFC 5321—which is the protocol in widespread use today. SMTP by default uses TCP port 25.

·         Ports: POP3 TCP:110 /995;      IMAP: TCP 143 / 993;    SMTP TCP:25

·         Login/username as email address

·         NSLOOKUP SMTP.COX.NET

·         telnet SMTP.COX.NET 25

·         SMTP Commands WIKI

·         TARPIT attack ,,,, slow down SMTP server

·         SMTP-User-ENUM –M RCPT –u bob.cox.net –t SMTP.COX.NET ‘’’’’ USER Exits

44. System Hacking Overview (9 min)

Stages:

Goals:

·         Bypass Controls:

o   Password Attacks

§  Non Electronic attacks Social

§  Active Online attacks/ Malware/ Using Software

§  Passive Inline Attacks: Packet Captures/ Man in the Middle Attacks

§  Offline attacks: password files / Default password

·         Get Access Rights

o   Escalating Privileges

·         Maintain Remote ACCESS

o   Back door

o   Key-logger

o   Root Kits

·         Hide Activities

o   Covering Tracks

o   Record Audio

o   VOIP recording

o   Activate Camera

Password Cracking Concepts (10 min)

·         Social Engineering

·         Recovery System: Like Cisco, Password Recovery

·         Weak, Simple or Default Password

·         Dictionary vs Brute Force

·         Torjan / Spyware / Key logger

·         Sniffing or MITM (Man in the middle)

·         Rainbow Tables

·         SAM

Password Attack Example: MITM and Sniffing (13 min)

Rainbow Crack Lab Setup (8  min)

48. Rainbow Crack Demonstration (8 min)

49. Password Reset Hacking (8 min)

50. DHCP Starvation (10 min)

51. Remote Access (15 min)

52. Spyware (9 min)

53. NTFS Alternate Data Streams Exploit (9 min)

54. Steganography with OpenPuff (7 min)

55. Steganography with SNOW (5 min)

56. Covering Tracks (7 min)

57. Malware Overview (10 min)

58. Trojan Overview (10 min)

59. Creating a Trojan (11 min)

60. Virus Overview (13 min)

61. Virus Creation (8 min)

62. Detecting Malware (17 min)

Important:

63. Malware Analysis (10 min)

64. Hash File Verification (8 min)

65. Sniffing Overview (12 min)

66. CAM Table Attack and Port Security (10 min)

67. DHCP Snooping (14 min)

68. Dynamic ARP Inspection (DAI) (14 min)

69. Social Engineering (15 min)

70. Denial of Service (DoS) Attacks (19 min)

71. Session Hijacking (18 min)

72. Hacking Web Servers (10 min)

73. Buffer Overflow (13 min)

74. OWASP Broken Web Application Project (13 min)

75. Shellshock (6 min)

76. SQL Introduction (9 min)

77. SQL Injection (16 min)

78. Web App Vulnerabilities: WordPress (10 min)

79. Wireless Hacking (18 min)

80. Using an Android VM (4 min)

81. Malware for Mobile (11 min)

82. Mobile Device Risks and Best Practices (13 min)

83. Firewall Evasion (19 min)

84. Firewall ACL Example (15 min)

85. NAT and PAT fundamentals (11 min)

86. IDS/IPS Evasion (17 min)

87. Honeypots (12 min)

88. Cloud Computing (23 min)

89. CIA: Confidentiality, Integrity, and Availability (3 min)

90. Policies (9 min)

91. Quantifying Risk (6 min)

92. Separation of Duties (13 min)

93. Symmetrical Encryption Concepts (14 min)

94. Asymmetrical Encryption Concepts (16 min)

95. Control Types (11 min)

96. Multifactor Authentication (12 min)

97. Centralized Identity Management (13 min)

98. Kerberos and Single Sign On (SSO) (17 min)

99. Backups and Media Management (9 min)

100. Operations Security Controls (14 min)

101. Physical Security Controls (11 min)

102. Incident Response (12 min)

103. VPNs (21 min)

104. Disaster Recovery Planning (13 min)

105. Pen Testing Tips (10 min)

106. Useful Tools (11 min)

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.

Burp Suite - PortSwigger.net 

https://portswigger.net/burp Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing ..

TCPdump

NSlookup

Nmap

Zenmap

107. Case Study (21 min)

108. Additional Resources and Exam Prep (8 min)

Share on FacebookPlus on Google+

SUBSCRIBE MORE CONTENTS