ITT Certified Ethical HackerCertification Study GroupWeek 1 – CEH Objectives,Schedule, and Overview
CEH Study Group Overview Instructor/Study Leader Study Group Meeting Frequency &Location Certified Ethical Hacker Exam ...
Study Group Instructor/Leader Name: Mark McCoy,CISSP/MCSE/CNE Occupation: NetworkEngineer/Administrator, InformationSecu...
Study Group MeetingFrequency and Location Study Group Location: ITT-Omaha,Main Conference Room Frequency: Once a Week D...
Certified Ethical Hacker Exam(312-50) Objectives Ethics and Legality Footprinting Scanning Enumeration System Hacking...
Certification Text andSchedule Certification Text(s): Official Certified Ethical Hacker Review Guide CEH Prep Guide Ce...
Week 1 Learning Objectives Chapter 1 – Introduction to Ethical Hacking, Ethics,and Legality Understanding Ethical Hackin...
Week 1 Learning Objectives(con’t) Chapter 2 – Foot printing and Social Engineering FootprintingDefine the Term Footprin...
Chapter 1 – Introduction to Ethicalhacking, Ethics, and Legality Ethical Hacking Terminology Threat: Exploit:Remote Ex...
Chapter 1 – Introduction to Ethicalhacking, Ethics, and Legality Identifying Different Types of HackingTechnologies Oper...
Phases and Stages of EthicalHacking Phase 1 – Reconnaissance Phase 2 – Scanning Phase 3 – Gaining Access Phase 4 – Mai...
Hacktivism Hacktivism is defined as: Hacking for a cause– Social or Political White Hats: The “Good Guys”. The EthicalHa...
Skills required to be an EthicalHacker Expertise required in: Computer Programming Networking Operating SystemsWindow...
Vulnerability Research What is Vulnerability Research and Why is itimportant to a Hacker (White Hat, Black Hat,or Grey Ha...
Ethical Hacking – A Six-StepProcess Talk to the client and Conduct a NeedsAssessment Agree to Terms – The Non Disclosure...
Types of Ethical Hacks Remote Network Attack Remote Dial-Up Network Attack (WarDialing) Local Network Attack Stolen Eq...
Penetration Test Types Black Box – Penetration Test Team has NOINFORMATION concerning Infrastructure orSystems White Box...
Legal Implications of Hacking Cyber Security Enhancement Act of 2002:Life Sentence for hackers who “recklessly”endanger t...
Chapter 2 – Footprinting andSocial Engineering Footprinting: The process of creating ablueprint or map of an organization...
Competitive Intelligence Competitive Intelligence is describedas: Information gathering about acompetitor’s products, mar...
DNS Enumeration Definition: The process of locating allDNS Servers and their correspondingrecords for an organization So...
DNS Record Types A (Address): A.K.A. Host Record SOA: Start of Authority CNAME: Canonical Name (another name fora host)...
Traceroute and FootPrinting Traceroute will actually “Trace The Route” apacket takes from an origination to adestination,...
E-Mail Tracking Allows Sender to know whetherrecipient reads, forwards, modifies, ordeletes an email. eMailTracking Pro ...
Web Spiders A Web Spider will comb a website to collectemail addresses (looking for the “@” syntax,that it will later be ...
Week 1 Learning Objectives Chapter 1 – Introduction to Ethical Hacking, Ethics,and Legality Understanding Ethical Hackin...
Social Engineering Definition: The use of influence andpersuasion to deceive people for thepurpose of obtaining informati...
Types of Social EngineeringAttacks Human-Based: Person to personcontact/persuasion Computer-Based: Also known asphishing...
URL Obfuscation Definition: The hiding of a fake URL inwhat appears to be a legitimate URL URL Obfuscation is used in ma...
Social EngineeringCountermeasures USER/EMPLOYEE EDUCATION
Week 1 Learning Objectives(con’t) Chapter 2 – Foot printing and Social Engineering FootprintingDefine the Term Footprin...
Homework Read Chapters 3 & 4 of the CEHReview Guide Bring your Laptop for use in Lab (needLinux and Windows capabilities...
Upcoming SlideShare
Loading in...5
×

Hacking

905

Published on

Published in: Technology, News & Politics
1 Comment
0 Likes
Statistics
Notes
  • free free download this latest version 100% working.
    download link- http://gg.gg/hqcf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
905
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
51
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Hacking

  1. 1. ITT Certified Ethical HackerCertification Study GroupWeek 1 – CEH Objectives,Schedule, and Overview
  2. 2. CEH Study Group Overview Instructor/Study Leader Study Group Meeting Frequency &Location Certified Ethical Hacker Exam (312-50)Objectives Certification Text and “Schedule” Week 1 Objectives
  3. 3. Study Group Instructor/Leader Name: Mark McCoy,CISSP/MCSE/CNE Occupation: NetworkEngineer/Administrator, InformationSecurity Practioner, and AdjunctInstructor
  4. 4. Study Group MeetingFrequency and Location Study Group Location: ITT-Omaha,Main Conference Room Frequency: Once a Week Day: Wednesday Night Time: 6:00pm Duration: 3 hours (1.5 Lecture/1.5 Lab)
  5. 5. Certified Ethical Hacker Exam(312-50) Objectives Ethics and Legality Footprinting Scanning Enumeration System Hacking Trojans and Backdoors Sniffers Denial of Service Social Engineering Session Hijacking Hijacking Web Servers Web ApplicationVulnerabilities Web-Based PasswordCracking SQL Injection Wireless Hacking Viruses and Worms Physical Security Linux Hacking Evading IDS’s, Honeypots,and Firewalls Buffer Overflows Cryptography Penetration Testing Methods
  6. 6. Certification Text andSchedule Certification Text(s): Official Certified Ethical Hacker Review Guide CEH Prep Guide Certified Ethical Hacker Exam Prep Certification Schedule: We will cover two to three chapters of theStudy Guide Per Week and plan to sit forthe exam in 5 – 9 Weeks
  7. 7. Week 1 Learning Objectives Chapter 1 – Introduction to Ethical Hacking, Ethics,and Legality Understanding Ethical Hacking Terminology Identifying Different Types of Hacking Technologies Understanding the different “Phases” and Five Stages ofEthical Hacking What is Hackivism? List the Different Types of hacker Classes Define the skills required to become an ethical hacker What is vulnerability research? Describe the ways to conduct ethical hacking Understand the legal implications of hacking Understand 18 U.S.C. 1029 and 1030 U.S. Federal law
  8. 8. Week 1 Learning Objectives(con’t) Chapter 2 – Foot printing and Social Engineering FootprintingDefine the Term FootprintingDescribe Information Gathering MethodologyDescribe Competitive IntelligenceUnderstand DNS EnumerationUnderstand ARIN and WHOIS LookupIdentify the types of DNS RecordsUnderstand how TRACEROUTE is used in footprintingUnderstand how E-mail Tracking WorksUnderstand how Web Spiders work Social EngineeringWhat is Social Engineering?What are the common types of Attacks?Understand dumpster divingUnderstand Reverse Social EngineeringUnderstand Insider AttacksDescribe Phishing AttacksUnderstand Online ScamsUnderstand URL ObfuscationSocial Engineering Countermeasures
  9. 9. Chapter 1 – Introduction to Ethicalhacking, Ethics, and Legality Ethical Hacking Terminology Threat: Exploit:Remote Exploit:Local Exploit: Vulnerability: Target of Evaluation: Attack:
  10. 10. Chapter 1 – Introduction to Ethicalhacking, Ethics, and Legality Identifying Different Types of HackingTechnologies Operating System Application Shrink-Wrap Code Misconfiguration:
  11. 11. Phases and Stages of EthicalHacking Phase 1 – Reconnaissance Phase 2 – Scanning Phase 3 – Gaining Access Phase 4 – Maintaining Access Phase 5 – Covering Tracks
  12. 12. Hacktivism Hacktivism is defined as: Hacking for a cause– Social or Political White Hats: The “Good Guys”. The EthicalHackers. Goal is to strengthen the defenses. Black Hats: The “Bad Guys”. The MaliciousHacker, also known as a “Cracker” Grey Hats: Hackers that “go both ways”. Attimes they are on the “Offensive” and at timesthey are on the “Defensive”
  13. 13. Skills required to be an EthicalHacker Expertise required in: Computer Programming Networking Operating SystemsWindowsUnixLinux Penetration Teams (Ethical Hackers) arecomprised of persons possessing expertise inone or more of the above areas
  14. 14. Vulnerability Research What is Vulnerability Research and Why is itimportant to a Hacker (White Hat, Black Hat,or Grey Hat)? For the Black Hat – “Know your Enemy”Learn as much about the enemy’s architecture, itsstrengths and weaknesses, as you possible can, to giveyou the greatest advantage in defeating the enemy For the White Hat – “Know yourself”Learn as much about your own architecture, its strengthsand weaknesses, as you possibly can, to give you thegreatest ability to defend against the enemy.
  15. 15. Ethical Hacking – A Six-StepProcess Talk to the client and Conduct a NeedsAssessment Agree to Terms – The Non DisclosureAgreement Organize your Team and Schedule Tests Conduct Test (s) Analyze Test Results and Prepare Report Present your findings and recommendationsto the Client
  16. 16. Types of Ethical Hacks Remote Network Attack Remote Dial-Up Network Attack (WarDialing) Local Network Attack Stolen Equipment Attack Social Engineering Physical Entry/Intrusion
  17. 17. Penetration Test Types Black Box – Penetration Test Team has NOINFORMATION concerning Infrastructure orSystems White Box - Penetration Test Team hasCOMPLTETE INFORMATION concerningInfrastructure and Systems Grey Box - Penetration Test Team hasLIMITED INFORMATION concerningInfrastructure or Systems
  18. 18. Legal Implications of Hacking Cyber Security Enhancement Act of 2002:Life Sentence for hackers who “recklessly”endanger the lives of others Title 18, United States Code (U.S.C.), section1029 criminalizes the misuse of passwordsand other access devices such as tokencards Title 18, United States Code (U.S.C.), section1030 criminalizes the spreading of virusesand worms and breaking into computers byunauthorized individuals
  19. 19. Chapter 2 – Footprinting andSocial Engineering Footprinting: The process of creating ablueprint or map of an organization’s networkand systems. Sources of Information:Google GroupsWhoisNsLookupSam SpadeCareerlinkDiceMonster
  20. 20. Competitive Intelligence Competitive Intelligence is describedas: Information gathering about acompetitor’s products, marketing, andtechnologies Competitive Intelligence is non-intrusiveand benign in nature
  21. 21. DNS Enumeration Definition: The process of locating allDNS Servers and their correspondingrecords for an organization Sources of DNS Information: DNSstuff Whois ARIN NSLookup
  22. 22. DNS Record Types A (Address): A.K.A. Host Record SOA: Start of Authority CNAME: Canonical Name (another name fora host) MX: Mail Exchange (Identifies Mail Server) SRV: Service Record PTR: Pointer (points IP Address to Hostname) NS: (Name Server Record): Identifies DNSServer
  23. 23. Traceroute and FootPrinting Traceroute will actually “Trace The Route” apacket takes from an origination to adestination, which may reveal the ISP, via therouters that the packet traverses ARIN, Whois, and DNSstuff may also assistin determining the “victim’s” ISP NEOTrace, VisualRoute, and VisualLookout,provide a graphic of the traceroute command
  24. 24. E-Mail Tracking Allows Sender to know whetherrecipient reads, forwards, modifies, ordeletes an email. eMailTracking Pro andMailTracking.com provide emailtracking services
  25. 25. Web Spiders A Web Spider will comb a website to collectemail addresses (looking for the “@” syntax,that it will later be used as recipients forunsolicited email, by the attacker Web Spiders can be defended against byadding a robots.txt file that contains a list ofdirectories on your website you wantprotected from web spiders
  26. 26. Week 1 Learning Objectives Chapter 1 – Introduction to Ethical Hacking, Ethics,and Legality Understanding Ethical Hacking Terminology Identifying Different Types of Hacking Technologies Understanding the different “Phases” and Five Stages ofEthical Hacking What is Hackivism? List the Different Types of hacker Classes Define the skills required to become an ethical hacker What is vulnerability research? Describe the ways to conduct ethical hacking Understand the legal implications of hacking Understand 18 U.S.C. 1029 and 1030 U.S. Federal law
  27. 27. Social Engineering Definition: The use of influence andpersuasion to deceive people for thepurpose of obtaining information orpersuading a victim to perform someaction.
  28. 28. Types of Social EngineeringAttacks Human-Based: Person to personcontact/persuasion Computer-Based: Also known asphishing and on-line scams
  29. 29. URL Obfuscation Definition: The hiding of a fake URL inwhat appears to be a legitimate URL URL Obfuscation is used in mayphishing scams to make the scam morelegitimate URL Obfuscation can normally bespotted when IP addresses are in theURL versus only the host/domain name
  30. 30. Social EngineeringCountermeasures USER/EMPLOYEE EDUCATION
  31. 31. Week 1 Learning Objectives(con’t) Chapter 2 – Foot printing and Social Engineering FootprintingDefine the Term FootprintingDescribe Information Gathering MethodologyDescribe Competitive IntelligenceUnderstand DNS EnumerationUnderstand ARIN and WHOIS LookupIdentify the types of DNS RecordsUnderstand how TRACEROUTE is used in footprintingUnderstand how E-mail Tracking WorksUnderstand how Web Spiders work Social EngineeringWhat is Social Engineering?What are the common types of Attacks?Understand dumpster divingUnderstand Reverse Social EngineeringUnderstand Insider AttacksDescribe Phishing AttacksUnderstand Online ScamsUnderstand URL ObfuscationSocial Engineering Countermeasures
  32. 32. Homework Read Chapters 3 & 4 of the CEHReview Guide Bring your Laptop for use in Lab (needLinux and Windows capabilities – Oneas a base OS and the other as a VirtualMachine)
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×