Professional Documents
Culture Documents
ch01 (GS)
ch01 (GS)
HACKING
Week 1
presentation slides to accompany
CEHv10 Certified Ethical Hacker Exam Study Guide
author: Ric Messier; © 2019 John Wiley & Sons
WHAT IS ETHICAL WHY ETHICAL
HACKING HACKING
INTRO TO EH
https://blog.eccouncil.org/the-ten-commandments-of-ethical-hacking/
WHILE YOU WORK
You will be given access to recourses
Must agree not to damage any equipment.
If any damage
‒ Must be unintentional
‒ Agreed on by the employer
To avoid issues, keep lines of communication open
Word in a timely manner
RULES OF ENGAGEMENT TO
REMEMBER
Ethical hackers should abide by a few rules when conducting the
tests:
Always obtain written permission before starting any tests.
Never exceed the limits of the authorization.
Have a signed NDA between client and ethical hacker.
Always be ethical.
Keep findings confidential.
Do no harm.
STANDARDS AS AN ETHICAL
HACKER
You are not to be engaged in any illegal activities.
You can not be convicted of any felony or violate any law.
Can not be involved with black hat groups.
Maintain the scope of your work in writing, clear and
documented.
ATTACKER’S METHODOLOGY
THE EH IS TO THINK AS A REAL HACKER
Attackers follow a fixed methodology that can be divided into six
steps:
1. Performing reconnaissance
2. Scanning and enumeration
3. Gaining access
4. Escalation of privilege
5. Maintaining access
6. Covering tracks and placing backdoors
RECONNAISSANCE AND
FOOTPRINTING
First pre-attack phase
Systematic attempt to collect as much information about the
target as possible:
‒ Passive information gathering
‒ Identify network blocks, hosts, locations, and people
Reconnaissance techniques:
‒ Dumpster diving
‒ Social engineering
‒ Internet research
SCANNING AND ENUMERATION
Second pre-attack phase
Scanning is actively trying to connect to the system and get a
response and identify open ports.
Enumeration is in-depth information gathering about the target:
‒ Open shares
‒ User accounts information
‒ Software versions
Considered active information gathering.
GAINING ACCESS
The attacker moves from probing the network to attacking
it.
Access can be gained using a variety of techniques:
⁻ Open wireless connection
⁻ Unsecured system
⁻ System vulnerability
⁻ Web applications vulnerabilities
⁻ Backdoors
⁻ Social engineering
ESCALATION OF PRIVILEGE
Attackers try to gain administrative access by escalating their
privilege.
By exploiting a vulnerability or a bug in the system or an
application
After the privilege escalation attackers have full control over the
system and network.
the attacker will attempt to escalate himself to domain
administrator or root privilege.
After all, these are the individuals who control the network, and
that is the type of power the hacker seeks
MAINTAINING ACCESS
Attackers use various techniques to maintain access to the system:
‒ Stealing additional passwords
‒ Placing rootkits
‒ Using sniffers
A rootkit is a set of tools used to help the attacker maintain his access to
the system and use it for malicious purposes.
‒ They have the capability to mask the hacker, hide his presence, and
keep his activity secret.
Sniffers are used to monitor the activity of legitimate users.
COVERING TRACKS
Attacker try to erase all evidence from their activities:
‒ Modifying log files to cover tracks
‒ Hiding files and folders
‒ Using Alternate Data Streams (ADS)
‒ Using rootkits
A backdoor could be used for gaining access to the system
again.
Ex: Wiping logs on Windows will leave a log entry that indicate it
has been wiped. This can be traced to see exactly what was used
and seen as “malicious”.
THE ETHICAL HACKER’S PROCESS
Follows a similar process as the attacker.
Strives to do no harm.
The goal is to assess the organization’s strengths and weaknesses and
develop a security methodology.
Five steps in security methodology:
‒ Assessment
‒ Policy development
‒ Implementation
‒ Training
‒ Auditing
NIST SP 800-15
Method of security assessment is broken down into four basic
stages.
1. Discovery
2. Attack
3. Reporting
4. Planning
Documentation will save you if you are clear