0
INTRODUCTION TO CEH
PRESENTED BY:HEMANT MITAL
WHY SHOULD WE KNOW ABOUT
CEH?
• In this Tech-savvy world of 21st
Century every one is
engaged with internet, through whats...
WHAT A CEH DO?
•  A CEH is hired to locate and repair application
and system security vulnerabilities to preempt
exploitat...
EXAMPLES OF CYBER CRIME
STEPS FOR PEN TESTING
1. Preparation
2. Footprinting
3. Enumeration & Fingerprinting
4. Identification of Vulnerabilities
...
PREPARATION
• Identification of Targets – company websites, mail servers, extranets, etc.
• Signing of Contract
• Agreemen...
FOOTPRINTING
Collecting as much information about the target
•DNS Servers
•IP Ranges
•Administrative Contacts
•Problems re...
ENUMERATION & FINGERPRINTING
• Specific targets determined
• Identification of Services / open ports
• Operating System En...
IDENTIFICATION OF
VULNERABILITIES
Vulnerabilities
•Insecure Configuration
•Weak passwords
•Unpatched vulnerabilities in se...
IDENTIFICATION OF
VULNERABILITIES
Methods
•Unpatched / Possible Vulnerabilities – Tools, Vulnerability information
Website...
ATTACK – EXPLOIT THE
VULNERABILITIES
• Obtain as much information (trophies) from the Target Asset
• Gaining Normal Access...
ATTACK – EXPLOIT THE
VULNERABILITIES
• Network Infrastructure Attacks
• Connecting to the network through modem
• Weakness...
ATTACK – EXPLOIT THE
VULNERABILITIES
• Gaining access to application Databases
• SQL Injection
• Spamming
Exploits
• Free ...
REPORTING
Methodology
•Exploited Conditions & Vulnerabilities that could not
be exploited
•Proof for Exploits - Trophies
•...
OTHER IMPORTANT TECHNICES
• Social Engineering
• Denial of Service
• Session Hijacking
• SQL Injection
• IDS, Firewalls an...
OTHER IMPORTANT TECHNICES(CONTINUED…)
• Buffer Overflow
• Cryptography
• Hacking Wireless Networks
• SNIFFING
• Trojan hor...
OTHER IMPORTANT TECHNICES(CONTINUED…)
• Viruses and Worms
• Hacking Web Applications
• Hacking Mobile Platforms
Upcoming SlideShare
Loading in...5
×

Introduction to ceh

209

Published on

It is an introduction of CEH course

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
209
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Introduction to ceh"

  1. 1. INTRODUCTION TO CEH PRESENTED BY:HEMANT MITAL
  2. 2. WHY SHOULD WE KNOW ABOUT CEH? • In this Tech-savvy world of 21st Century every one is engaged with internet, through whatsapp , twitter, facebook , net-banking & lots of other platforms are there. • And some criminal minded persons commit crimes here, which is included under cyber-crime. • We should be aware about crimes happening around in the cyber-space, so we can protect ourselves.
  3. 3. WHAT A CEH DO? •  A CEH is hired to locate and repair application and system security vulnerabilities to preempt exploitations by black hat hackers and others with potentially illegal intentions.  •Ethical hackers employ the same tools and techniques as the intruders.
  4. 4. EXAMPLES OF CYBER CRIME
  5. 5. STEPS FOR PEN TESTING 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities 6. Cover tracks
  6. 6. PREPARATION • Identification of Targets – company websites, mail servers, extranets, etc. • Signing of Contract • Agreement on protection against any legal issues • Contracts to clearly specifies the limits and dangers of the test • Specifics on Denial of Service Tests, Social Engineering, etc. • Time window for Attacks • Total time for the testing • Prior Knowledge of the systems • Key people who are made aware of the testing
  7. 7. FOOTPRINTING Collecting as much information about the target •DNS Servers •IP Ranges •Administrative Contacts •Problems revealed by administrators Information Sources •Search engines •Forums •Tools – PING, whois, Traceroute, nslookup,
  8. 8. ENUMERATION & FINGERPRINTING • Specific targets determined • Identification of Services / open ports • Operating System Enumeration • Methods • Banner grabbing • Responses to various protocol (ICMP &TCP) commands • Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. • Tools • Nmap, tcpdump, ssh, telnet
  9. 9. IDENTIFICATION OF VULNERABILITIES Vulnerabilities •Insecure Configuration •Weak passwords •Unpatched vulnerabilities in services, Operating systems, applications •Possible Vulnerabilities in Services, Operating Systems •Insecure programming •Weak Access Control
  10. 10. IDENTIFICATION OF VULNERABILITIES Methods •Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites •Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic •Insecure Programming – SQL Injection, Listening to Traffic •Weak Access Control – Using the Application Logic, SQL Injection
  11. 11. ATTACK – EXPLOIT THE VULNERABILITIES • Obtain as much information (trophies) from the Target Asset • Gaining Normal Access • Escalation of privileges • Obtaining access to other connected systems • Last Ditch Effort – Denial of Service
  12. 12. ATTACK – EXPLOIT THE VULNERABILITIES • Network Infrastructure Attacks • Connecting to the network through modem • Weaknesses in TCP / IP, NetBIOS • Flooding the network to cause DOS • Operating System Attacks • Application Specific Attacks • Exploiting implementations of HTTP, SMTP protocols
  13. 13. ATTACK – EXPLOIT THE VULNERABILITIES • Gaining access to application Databases • SQL Injection • Spamming Exploits • Free exploits from Hacker Websites • Customised free exploits • Internally Developed • Tools – Nessus, Metasploit Framework
  14. 14. REPORTING Methodology •Exploited Conditions & Vulnerabilities that could not be exploited •Proof for Exploits - Trophies •Practical Security solutions
  15. 15. OTHER IMPORTANT TECHNICES • Social Engineering • Denial of Service • Session Hijacking • SQL Injection • IDS, Firewalls and Honeypots
  16. 16. OTHER IMPORTANT TECHNICES(CONTINUED…) • Buffer Overflow • Cryptography • Hacking Wireless Networks • SNIFFING • Trojan horse
  17. 17. OTHER IMPORTANT TECHNICES(CONTINUED…) • Viruses and Worms • Hacking Web Applications • Hacking Mobile Platforms
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×