• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Hacking
 

Hacking

on

  • 860 views

 

Statistics

Views

Total Views
860
Views on SlideShare
860
Embed Views
0

Actions

Likes
0
Downloads
47
Comments
1

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • free free download this latest version 100% working.
    download link- http://gg.gg/hqcf
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Hacking Hacking Presentation Transcript

    • ITT Certified Ethical HackerCertification Study GroupWeek 1 – CEH Objectives,Schedule, and Overview
    • CEH Study Group Overview Instructor/Study Leader Study Group Meeting Frequency &Location Certified Ethical Hacker Exam (312-50)Objectives Certification Text and “Schedule” Week 1 Objectives
    • Study Group Instructor/Leader Name: Mark McCoy,CISSP/MCSE/CNE Occupation: NetworkEngineer/Administrator, InformationSecurity Practioner, and AdjunctInstructor
    • Study Group MeetingFrequency and Location Study Group Location: ITT-Omaha,Main Conference Room Frequency: Once a Week Day: Wednesday Night Time: 6:00pm Duration: 3 hours (1.5 Lecture/1.5 Lab)
    • Certified Ethical Hacker Exam(312-50) Objectives Ethics and Legality Footprinting Scanning Enumeration System Hacking Trojans and Backdoors Sniffers Denial of Service Social Engineering Session Hijacking Hijacking Web Servers Web ApplicationVulnerabilities Web-Based PasswordCracking SQL Injection Wireless Hacking Viruses and Worms Physical Security Linux Hacking Evading IDS’s, Honeypots,and Firewalls Buffer Overflows Cryptography Penetration Testing Methods
    • Certification Text andSchedule Certification Text(s): Official Certified Ethical Hacker Review Guide CEH Prep Guide Certified Ethical Hacker Exam Prep Certification Schedule: We will cover two to three chapters of theStudy Guide Per Week and plan to sit forthe exam in 5 – 9 Weeks
    • Week 1 Learning Objectives Chapter 1 – Introduction to Ethical Hacking, Ethics,and Legality Understanding Ethical Hacking Terminology Identifying Different Types of Hacking Technologies Understanding the different “Phases” and Five Stages ofEthical Hacking What is Hackivism? List the Different Types of hacker Classes Define the skills required to become an ethical hacker What is vulnerability research? Describe the ways to conduct ethical hacking Understand the legal implications of hacking Understand 18 U.S.C. 1029 and 1030 U.S. Federal law
    • Week 1 Learning Objectives(con’t) Chapter 2 – Foot printing and Social Engineering FootprintingDefine the Term FootprintingDescribe Information Gathering MethodologyDescribe Competitive IntelligenceUnderstand DNS EnumerationUnderstand ARIN and WHOIS LookupIdentify the types of DNS RecordsUnderstand how TRACEROUTE is used in footprintingUnderstand how E-mail Tracking WorksUnderstand how Web Spiders work Social EngineeringWhat is Social Engineering?What are the common types of Attacks?Understand dumpster divingUnderstand Reverse Social EngineeringUnderstand Insider AttacksDescribe Phishing AttacksUnderstand Online ScamsUnderstand URL ObfuscationSocial Engineering Countermeasures
    • Chapter 1 – Introduction to Ethicalhacking, Ethics, and Legality Ethical Hacking Terminology Threat: Exploit:Remote Exploit:Local Exploit: Vulnerability: Target of Evaluation: Attack:
    • Chapter 1 – Introduction to Ethicalhacking, Ethics, and Legality Identifying Different Types of HackingTechnologies Operating System Application Shrink-Wrap Code Misconfiguration:
    • Phases and Stages of EthicalHacking Phase 1 – Reconnaissance Phase 2 – Scanning Phase 3 – Gaining Access Phase 4 – Maintaining Access Phase 5 – Covering Tracks
    • Hacktivism Hacktivism is defined as: Hacking for a cause– Social or Political White Hats: The “Good Guys”. The EthicalHackers. Goal is to strengthen the defenses. Black Hats: The “Bad Guys”. The MaliciousHacker, also known as a “Cracker” Grey Hats: Hackers that “go both ways”. Attimes they are on the “Offensive” and at timesthey are on the “Defensive”
    • Skills required to be an EthicalHacker Expertise required in: Computer Programming Networking Operating SystemsWindowsUnixLinux Penetration Teams (Ethical Hackers) arecomprised of persons possessing expertise inone or more of the above areas
    • Vulnerability Research What is Vulnerability Research and Why is itimportant to a Hacker (White Hat, Black Hat,or Grey Hat)? For the Black Hat – “Know your Enemy”Learn as much about the enemy’s architecture, itsstrengths and weaknesses, as you possible can, to giveyou the greatest advantage in defeating the enemy For the White Hat – “Know yourself”Learn as much about your own architecture, its strengthsand weaknesses, as you possibly can, to give you thegreatest ability to defend against the enemy.
    • Ethical Hacking – A Six-StepProcess Talk to the client and Conduct a NeedsAssessment Agree to Terms – The Non DisclosureAgreement Organize your Team and Schedule Tests Conduct Test (s) Analyze Test Results and Prepare Report Present your findings and recommendationsto the Client
    • Types of Ethical Hacks Remote Network Attack Remote Dial-Up Network Attack (WarDialing) Local Network Attack Stolen Equipment Attack Social Engineering Physical Entry/Intrusion
    • Penetration Test Types Black Box – Penetration Test Team has NOINFORMATION concerning Infrastructure orSystems White Box - Penetration Test Team hasCOMPLTETE INFORMATION concerningInfrastructure and Systems Grey Box - Penetration Test Team hasLIMITED INFORMATION concerningInfrastructure or Systems
    • Legal Implications of Hacking Cyber Security Enhancement Act of 2002:Life Sentence for hackers who “recklessly”endanger the lives of others Title 18, United States Code (U.S.C.), section1029 criminalizes the misuse of passwordsand other access devices such as tokencards Title 18, United States Code (U.S.C.), section1030 criminalizes the spreading of virusesand worms and breaking into computers byunauthorized individuals
    • Chapter 2 – Footprinting andSocial Engineering Footprinting: The process of creating ablueprint or map of an organization’s networkand systems. Sources of Information:Google GroupsWhoisNsLookupSam SpadeCareerlinkDiceMonster
    • Competitive Intelligence Competitive Intelligence is describedas: Information gathering about acompetitor’s products, marketing, andtechnologies Competitive Intelligence is non-intrusiveand benign in nature
    • DNS Enumeration Definition: The process of locating allDNS Servers and their correspondingrecords for an organization Sources of DNS Information: DNSstuff Whois ARIN NSLookup
    • DNS Record Types A (Address): A.K.A. Host Record SOA: Start of Authority CNAME: Canonical Name (another name fora host) MX: Mail Exchange (Identifies Mail Server) SRV: Service Record PTR: Pointer (points IP Address to Hostname) NS: (Name Server Record): Identifies DNSServer
    • Traceroute and FootPrinting Traceroute will actually “Trace The Route” apacket takes from an origination to adestination, which may reveal the ISP, via therouters that the packet traverses ARIN, Whois, and DNSstuff may also assistin determining the “victim’s” ISP NEOTrace, VisualRoute, and VisualLookout,provide a graphic of the traceroute command
    • E-Mail Tracking Allows Sender to know whetherrecipient reads, forwards, modifies, ordeletes an email. eMailTracking Pro andMailTracking.com provide emailtracking services
    • Web Spiders A Web Spider will comb a website to collectemail addresses (looking for the “@” syntax,that it will later be used as recipients forunsolicited email, by the attacker Web Spiders can be defended against byadding a robots.txt file that contains a list ofdirectories on your website you wantprotected from web spiders
    • Week 1 Learning Objectives Chapter 1 – Introduction to Ethical Hacking, Ethics,and Legality Understanding Ethical Hacking Terminology Identifying Different Types of Hacking Technologies Understanding the different “Phases” and Five Stages ofEthical Hacking What is Hackivism? List the Different Types of hacker Classes Define the skills required to become an ethical hacker What is vulnerability research? Describe the ways to conduct ethical hacking Understand the legal implications of hacking Understand 18 U.S.C. 1029 and 1030 U.S. Federal law
    • Social Engineering Definition: The use of influence andpersuasion to deceive people for thepurpose of obtaining information orpersuading a victim to perform someaction.
    • Types of Social EngineeringAttacks Human-Based: Person to personcontact/persuasion Computer-Based: Also known asphishing and on-line scams
    • URL Obfuscation Definition: The hiding of a fake URL inwhat appears to be a legitimate URL URL Obfuscation is used in mayphishing scams to make the scam morelegitimate URL Obfuscation can normally bespotted when IP addresses are in theURL versus only the host/domain name
    • Social EngineeringCountermeasures USER/EMPLOYEE EDUCATION
    • Week 1 Learning Objectives(con’t) Chapter 2 – Foot printing and Social Engineering FootprintingDefine the Term FootprintingDescribe Information Gathering MethodologyDescribe Competitive IntelligenceUnderstand DNS EnumerationUnderstand ARIN and WHOIS LookupIdentify the types of DNS RecordsUnderstand how TRACEROUTE is used in footprintingUnderstand how E-mail Tracking WorksUnderstand how Web Spiders work Social EngineeringWhat is Social Engineering?What are the common types of Attacks?Understand dumpster divingUnderstand Reverse Social EngineeringUnderstand Insider AttacksDescribe Phishing AttacksUnderstand Online ScamsUnderstand URL ObfuscationSocial Engineering Countermeasures
    • Homework Read Chapters 3 & 4 of the CEHReview Guide Bring your Laptop for use in Lab (needLinux and Windows capabilities – Oneas a base OS and the other as a VirtualMachine)