ETHICAL

HACKING
Week 1
presentation slides to accompany
CEHv10 Certified Ethical Hacker Exam Study Guide
author: Ric Messier; © 2019 John Wiley & Sons
 WHAT IS ETHICAL WHY ETHICAL
HACKING HACKING
INTRO TO EH

THE IMPORTANCE A CODE OF ETHICS

OF ETHICS
 Definition: using tactics, techniques and procedures
commonly used by attackers in order to locate
weaknesses so they can be remediated (fixed)
ETHIC
AL In practice: using a defined methodology of
reconnaissance, scanning, enumeration, exploitation and
HACKI analysis to increase the overall security posture of an
organization with targeted recommendations
NG
Keep in mind – almost everything you will be doing is
probably illegal in at least one jurisdiction
 ETHICS
Are moral principles that govern a person's behavior or the conducting of an
activity.
 You’re being employed to help improve a security posture.
 Keep the needs/goals of your employer in mind.
 Do no harm
– This can’t always be helped.
– Revision: do no deliberate harm and own up when something goes awry
.
 The most Important aspect of Hacking.
 What is ethical to some people may not be ethical to others.
 Penetration testing – usually a tightly
ETHICAL scoped, point in time assessment of a
section of an organization’s network
HACKING
CAN BE Red teaming -- less tightly scoped;
DONE specific type of Pen testing, a read
teamer acts as an attacker
UNDER
DIFFERENT Application testing – a limited version of
ethical hacking where you are focused
NAMES… exclusively on an application –
commonly a web application
 KEEP YOURSELF VIABLE AND
PROFESSIONAL
 You are entrusted with access to sensitive data and critical
systems therefore you must:
⁻ Behave as a professional
⁻ Perform your work in an ethical and professional way
⁻ Adhere to the codes of ethics
 CODES OF ETHICS
As part of the code of ethics:
 You will be sworn to keep info you obtain as confidential and
private.
 Failing to protect the data is considered a violation of the
codes of ethics.
 Disclose info only to people who engaged your service
 Must disclose any conflict of interests that you may have.
 If you come across something that may impact large number
of people , you are expected to disclose it in a professional
manner
 THE 10 COMMANDMENTS OF
ETHICAL HACKING
1. Thou shalt set thy goals
2. Thou shalt plan thy work
3. Thou shalt obtain permission
4. Thou shalt work ethically
5. Thou shalt keep records
6. Thou shalt respect the privacy of others
7. Thou shalt do no harm
8. Thou shalt use a “scientific” process
9. Thou shalt not covet thy neighbor’s tools
10. Thou shalt report all thy findings

https://blog.eccouncil.org/the-ten-commandments-of-ethical-hacking/
 WHILE YOU WORK
 You will be given access to recourses
 Must agree not to damage any equipment.
 If any damage
‒ Must be unintentional
‒ Agreed on by the employer
 To avoid issues, keep lines of communication open
 Word in a timely manner
 RULES OF ENGAGEMENT TO
REMEMBER
Ethical hackers should abide by a few rules when conducting the
tests:
 Always obtain written permission before starting any tests.
 Never exceed the limits of the authorization.
 Have a signed NDA between client and ethical hacker.
 Always be ethical.
 Keep findings confidential.
 Do no harm.
 STANDARDS AS AN ETHICAL
HACKER
 You are not to be engaged in any illegal activities.
 You can not be convicted of any felony or violate any law.
 Can not be involved with black hat groups.
 Maintain the scope of your work in writing, clear and
documented.
 ATTACKER’S METHODOLOGY
THE EH IS TO THINK AS A REAL HACKER
Attackers follow a fixed methodology that can be divided into six
steps:
1. Performing reconnaissance
2. Scanning and enumeration
3. Gaining access
4. Escalation of privilege
5. Maintaining access
6. Covering tracks and placing backdoors
 RECONNAISSANCE AND
FOOTPRINTING
First pre-attack phase
 Systematic attempt to collect as much information about the
target as possible:
‒ Passive information gathering
‒ Identify network blocks, hosts, locations, and people
 Reconnaissance techniques:
‒ Dumpster diving
‒ Social engineering
‒ Internet research
 SCANNING AND ENUMERATION
Second pre-attack phase
 Scanning is actively trying to connect to the system and get a
response and identify open ports.
 Enumeration is in-depth information gathering about the target:
‒ Open shares
‒ User accounts information
‒ Software versions
 Considered active information gathering.
 GAINING ACCESS
 The attacker moves from probing the network to attacking
it.
 Access can be gained using a variety of techniques:
⁻ Open wireless connection
⁻ Unsecured system
⁻ System vulnerability
⁻ Web applications vulnerabilities
⁻ Backdoors
⁻ Social engineering
 ESCALATION OF PRIVILEGE
 Attackers try to gain administrative access by escalating their
privilege.
 By exploiting a vulnerability or a bug in the system or an
application
 After the privilege escalation attackers have full control over the
system and network.
 the attacker will attempt to escalate himself to domain
administrator or root privilege.
 After all, these are the individuals who control the network, and
that is the type of power the hacker seeks
 MAINTAINING ACCESS
 Attackers use various techniques to maintain access to the system:
‒ Stealing additional passwords
‒ Placing rootkits
‒ Using sniffers
 A rootkit is a set of tools used to help the attacker maintain his access to
the system and use it for malicious purposes.
‒ They have the capability to mask the hacker, hide his presence, and
keep his activity secret.
 Sniffers are used to monitor the activity of legitimate users.
 COVERING TRACKS
 Attacker try to erase all evidence from their activities:
‒ Modifying log files to cover tracks
‒ Hiding files and folders
‒ Using Alternate Data Streams (ADS)
‒ Using rootkits
 A backdoor could be used for gaining access to the system
again.
Ex: Wiping logs on Windows will leave a log entry that indicate it
has been wiped. This can be traced to see exactly what was used
and seen as “malicious”.
 THE ETHICAL HACKER’S PROCESS
 Follows a similar process as the attacker.
 Strives to do no harm.
 The goal is to assess the organization’s strengths and weaknesses and
develop a security methodology.
 Five steps in security methodology:
‒ Assessment
‒ Policy development
‒ Implementation
‒ Training
‒ Auditing
 NIST SP 800-15
Method of security assessment is broken down into four basic
stages.

1. Discovery
2. Attack
3. Reporting
4. Planning
 Documentation will save you if you are clear

GET OUT OF Communicate, communicate, communicate

JAIL FREE Make sure the employing company is informed

about your actions when they need to be
CARD (depending on the scope and agreements up
front)

Secrecy is bad unless you’ve agreed to it

ahead of time
 SUMMARY
 Ethical hacking is an important skill, but it must be taken seriously.
 Ethical hacking, penetration testing, red-teaming and application
testing are related but not the same.
 Do no harm. At least do no deliberate harm.
 Get a Get Out of Jail Free Card by ensuring the scope of your
engagement is completely clear up front and agreed to by a business
owner – someone who has the authority to agree to let you do the
testing.