SlideShare a Scribd company logo

Hacking

Download as PPT, PDF
L
lalpethajji
TechnologyNews & Politics
1 of 32
ITT Certified Ethical Hacker Certification Study Group Week 1 – CEH Objectives, Schedule, and Overview
CEH Study Group Overview  Instructor/Study Leader  Study Group Meeting Frequency & Location  Certified Ethical Hacker Exam (312-50) Objectives  Certification Text and “Schedule”  Week 1 Objectives
Study Group Instructor/Leader  Name: Mark McCoy, CISSP/MCSE/CNE  Occupation: Network Engineer/Administrator, Information Security Practioner, and Adjunct Instructor
Study Group Meeting Frequency and Location  Study Group Location: ITT-Omaha, Main Conference Room  Frequency: Once a Week  Day: Wednesday Night  Time: 6:00pm  Duration: 3 hours (1.5 Lecture/1.5 Lab)
Certified Ethical Hacker Exam (312-50) Objectives  Ethics and Legality  Footprinting  Scanning  Enumeration  System Hacking  Trojans and Backdoors  Sniffers  Denial of Service  Social Engineering  Session Hijacking  Hijacking Web Servers  Web Application Vulnerabilities  Web-Based Password Cracking  SQL Injection  Wireless Hacking  Viruses and Worms  Physical Security  Linux Hacking  Evading IDS’s, Honeypots, and Firewalls  Buffer Overflows  Cryptography  Penetration Testing Methods
Certification Text and Schedule  Certification Text(s):  Official Certified Ethical Hacker Review Guide  CEH Prep Guide  Certified Ethical Hacker Exam Prep  Certification Schedule:  We will cover two to three chapters of the Study Guide Per Week and plan to sit for the exam in 5 – 9 Weeks
Week 1 Learning Objectives  Chapter 1 – Introduction to Ethical Hacking, Ethics, and Legality  Understanding Ethical Hacking Terminology  Identifying Different Types of Hacking Technologies  Understanding the different “Phases” and Five Stages of Ethical Hacking  What is Hackivism?  List the Different Types of hacker Classes  Define the skills required to become an ethical hacker  What is vulnerability research?  Describe the ways to conduct ethical hacking  Understand the legal implications of hacking  Understand 18 U.S.C. 1029 and 1030 U.S. Federal law
Week 1 Learning Objectives (con’t)  Chapter 2 – Foot printing and Social Engineering  Footprinting  Define the Term Footprinting  Describe Information Gathering Methodology  Describe Competitive Intelligence  Understand DNS Enumeration  Understand ARIN and WHOIS Lookup  Identify the types of DNS Records  Understand how TRACEROUTE is used in footprinting  Understand how E-mail Tracking Works  Understand how Web Spiders work  Social Engineering  What is Social Engineering?  What are the common types of Attacks?  Understand dumpster diving  Understand Reverse Social Engineering  Understand Insider Attacks  Describe Phishing Attacks  Understand Online Scams  Understand URL Obfuscation  Social Engineering Countermeasures
Chapter 1 – Introduction to Ethical hacking, Ethics, and Legality  Ethical Hacking Terminology  Threat:  Exploit:  Remote Exploit:  Local Exploit:  Vulnerability:  Target of Evaluation:  Attack:
Chapter 1 – Introduction to Ethical hacking, Ethics, and Legality  Identifying Different Types of Hacking Technologies  Operating System  Application  Shrink-Wrap Code  Misconfiguration:
Phases and Stages of Ethical Hacking  Phase 1 – Reconnaissance  Phase 2 – Scanning  Phase 3 – Gaining Access  Phase 4 – Maintaining Access  Phase 5 – Covering Tracks
Hacktivism  Hacktivism is defined as: Hacking for a cause – Social or Political  White Hats: The “Good Guys”. The Ethical Hackers. Goal is to strengthen the defenses.  Black Hats: The “Bad Guys”. The Malicious Hacker, also known as a “Cracker”  Grey Hats: Hackers that “go both ways”. At times they are on the “Offensive” and at times they are on the “Defensive”
Skills required to be an Ethical Hacker  Expertise required in:  Computer Programming  Networking  Operating Systems  Windows  Unix  Linux  Penetration Teams (Ethical Hackers) are comprised of persons possessing expertise in one or more of the above areas
Vulnerability Research  What is Vulnerability Research and Why is it important to a Hacker (White Hat, Black Hat, or Grey Hat)?  For the Black Hat – “Know your Enemy”  Learn as much about the enemy’s architecture, its strengths and weaknesses, as you possible can, to give you the greatest advantage in defeating the enemy  For the White Hat – “Know yourself”  Learn as much about your own architecture, its strengths and weaknesses, as you possibly can, to give you the greatest ability to defend against the enemy.
Ethical Hacking – A Six-Step Process  Talk to the client and Conduct a Needs Assessment  Agree to Terms – The Non Disclosure Agreement  Organize your Team and Schedule Tests  Conduct Test (s)  Analyze Test Results and Prepare Report  Present your findings and recommendations to the Client
Types of Ethical Hacks  Remote Network Attack  Remote Dial-Up Network Attack (War Dialing)  Local Network Attack  Stolen Equipment Attack  Social Engineering  Physical Entry/Intrusion
Penetration Test Types  Black Box – Penetration Test Team has NO INFORMATION concerning Infrastructure or Systems  White Box - Penetration Test Team has COMPLTETE INFORMATION concerning Infrastructure and Systems  Grey Box - Penetration Test Team has LIMITED INFORMATION concerning Infrastructure or Systems
Legal Implications of Hacking  Cyber Security Enhancement Act of 2002: Life Sentence for hackers who “recklessly” endanger the lives of others  Title 18, United States Code (U.S.C.), section 1029 criminalizes the misuse of passwords and other access devices such as token cards  Title 18, United States Code (U.S.C.), section 1030 criminalizes the spreading of viruses and worms and breaking into computers by unauthorized individuals
Chapter 2 – Footprinting and Social Engineering  Footprinting: The process of creating a blueprint or map of an organization’s network and systems.  Sources of Information:  Google Groups  Whois  NsLookup  Sam Spade  Careerlink  Dice  Monster
Competitive Intelligence  Competitive Intelligence is described as: Information gathering about a competitor’s products, marketing, and technologies  Competitive Intelligence is non-intrusive and benign in nature
DNS Enumeration  Definition: The process of locating all DNS Servers and their corresponding records for an organization  Sources of DNS Information:  DNSstuff  Whois  ARIN  NSLookup
DNS Record Types  A (Address): A.K.A. Host Record  SOA: Start of Authority  CNAME: Canonical Name (another name for a host)  MX: Mail Exchange (Identifies Mail Server)  SRV: Service Record  PTR: Pointer (points IP Address to Host name)  NS: (Name Server Record): Identifies DNS Server
Traceroute and FootPrinting  Traceroute will actually “Trace The Route” a packet takes from an origination to a destination, which may reveal the ISP, via the routers that the packet traverses  ARIN, Whois, and DNSstuff may also assist in determining the “victim’s” ISP  NEOTrace, VisualRoute, and VisualLookout, provide a graphic of the traceroute command
E-Mail Tracking  Allows Sender to know whether recipient reads, forwards, modifies, or deletes an email.  eMailTracking Pro and MailTracking.com provide email tracking services
Web Spiders  A Web Spider will comb a website to collect email addresses (looking for the “@” syntax, that it will later be used as recipients for unsolicited email, by the attacker  Web Spiders can be defended against by adding a robots.txt file that contains a list of directories on your website you want protected from web spiders
Week 1 Learning Objectives  Chapter 1 – Introduction to Ethical Hacking, Ethics, and Legality  Understanding Ethical Hacking Terminology  Identifying Different Types of Hacking Technologies  Understanding the different “Phases” and Five Stages of Ethical Hacking  What is Hackivism?  List the Different Types of hacker Classes  Define the skills required to become an ethical hacker  What is vulnerability research?  Describe the ways to conduct ethical hacking  Understand the legal implications of hacking  Understand 18 U.S.C. 1029 and 1030 U.S. Federal law
Social Engineering  Definition: The use of influence and persuasion to deceive people for the purpose of obtaining information or persuading a victim to perform some action.
Types of Social Engineering Attacks  Human-Based: Person to person contact/persuasion  Computer-Based: Also known as phishing and on-line scams
URL Obfuscation  Definition: The hiding of a fake URL in what appears to be a legitimate URL  URL Obfuscation is used in may phishing scams to make the scam more legitimate  URL Obfuscation can normally be spotted when IP addresses are in the URL versus only the host/domain name
Social Engineering Countermeasures  USER/EMPLOYEE EDUCATION
Week 1 Learning Objectives (con’t)  Chapter 2 – Foot printing and Social Engineering  Footprinting  Define the Term Footprinting  Describe Information Gathering Methodology  Describe Competitive Intelligence  Understand DNS Enumeration  Understand ARIN and WHOIS Lookup  Identify the types of DNS Records  Understand how TRACEROUTE is used in footprinting  Understand how E-mail Tracking Works  Understand how Web Spiders work  Social Engineering  What is Social Engineering?  What are the common types of Attacks?  Understand dumpster diving  Understand Reverse Social Engineering  Understand Insider Attacks  Describe Phishing Attacks  Understand Online Scams  Understand URL Obfuscation  Social Engineering Countermeasures
Homework  Read Chapters 3 & 4 of the CEH Review Guide  Bring your Laptop for use in Lab (need Linux and Windows capabilities – One as a base OS and the other as a Virtual Machine)

Recommended

Hacking CEH cheat sheet
Hacking CEH cheat sheetHacking CEH cheat sheet
Hacking CEH cheat sheet
International College of Security Studies
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
WE-IT TUTORIALS
 
1435488539 221998
1435488539 2219981435488539 221998
1435488539 221998
Shree Krishna Shrestha
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hacking
Being Uniq Sonu
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
shreya_omar
 
Can I Get A Witness? Technical Witness Bootcamp
Can I Get A Witness? Technical Witness BootcampCan I Get A Witness? Technical Witness Bootcamp
Can I Get A Witness? Technical Witness Bootcamp
Priyanka Aash
 
IS Security Presentation
IS Security PresentationIS Security Presentation
IS Security Presentation
Renjith K P
 
Ce hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksCe hv8 module 03 scanning networks
Ce hv8 module 03 scanning networks
Mehrdad Jingoism
 

Recommended

Hacking CEH cheat sheet
Hacking CEH cheat sheetHacking CEH cheat sheet
Hacking CEH cheat sheet
International College of Security Studies
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
WE-IT TUTORIALS
 
1435488539 221998
1435488539 2219981435488539 221998
1435488539 221998
Shree Krishna Shrestha
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hacking
Being Uniq Sonu
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
shreya_omar
 
Can I Get A Witness? Technical Witness Bootcamp
Can I Get A Witness? Technical Witness BootcampCan I Get A Witness? Technical Witness Bootcamp
Can I Get A Witness? Technical Witness Bootcamp
Priyanka Aash
 
IS Security Presentation
IS Security PresentationIS Security Presentation
IS Security Presentation
Renjith K P
 
Ce hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksCe hv8 module 03 scanning networks
Ce hv8 module 03 scanning networks
Mehrdad Jingoism
 
Session Slide
Session SlideSession Slide
Session Slide
Muralidharan Radhakrishnan
 
Hacking Kishor
Hacking KishorHacking Kishor
Hacking Kishor
kishor sharma
 
Beyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspectiveBeyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspective
DNIF
 
Brute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping themBrute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping them
FlowTraq
 
Ethical hacking tausif h4 ck3r
Ethical hacking tausif h4 ck3rEthical hacking tausif h4 ck3r
Ethical hacking tausif h4 ck3r
Tausif Patel
 
White Hat vs Black Hat vs Grey Hat | Difference Between Black Hat White Hat G...
White Hat vs Black Hat vs Grey Hat | Difference Between Black Hat White Hat G...White Hat vs Black Hat vs Grey Hat | Difference Between Black Hat White Hat G...
White Hat vs Black Hat vs Grey Hat | Difference Between Black Hat White Hat G...
Intellipaat
 
Paper id 311201535
Paper id 311201535Paper id 311201535
Paper id 311201535
IJRAT
 
Se
SeSe
Se
Kingg Ravi
 
Security in Mind
Security in MindSecurity in Mind
Security in Mind
idlesun
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Data security & cryptography
Data security & cryptography Data security & cryptography
Data security & cryptography
Muhammad Danish
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing Attacks
PECB
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
Vallapureddy Sravani
 
Evolution of-ai-bots-for-real-time-adaptive-security
Evolution of-ai-bots-for-real-time-adaptive-securityEvolution of-ai-bots-for-real-time-adaptive-security
Evolution of-ai-bots-for-real-time-adaptive-security
DESMOND YUEN
 
White hat and black hat hackers
White hat and black hat hackersWhite hat and black hat hackers
White hat and black hat hackers
Bilal Ahmed
 
Threat hunting on the wire
Threat hunting on the wireThreat hunting on the wire
Threat hunting on the wire
InfoSec Addicts
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Viraj Kansara
 
ethical hacking
ethical hackingethical hacking
ethical hacking
Neelima Bawa
 
Ethical h
Ethical hEthical h
Ethical h
kawsarahmedchoudhuryzzz
 
Ethical h
Ethical hEthical h
Ethical h
Dr. Salman Iqbal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
sumanth1201
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
kawsarahmedchoudhuryzzz
 

More Related Content

What's hot

Security in Mind
Security in MindSecurity in Mind
Security in Mind
idlesun
 
White hat and black hat hackers
White hat and black hat hackersWhite hat and black hat hackers
White hat and black hat hackers
Bilal Ahmed
 

What's hot (16)

Session Slide
Session SlideSession Slide
Session Slide
 
Hacking Kishor
Hacking KishorHacking Kishor
Hacking Kishor
 
Beyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspectiveBeyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspective
 
Brute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping themBrute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping them
 
Ethical hacking tausif h4 ck3r
Ethical hacking tausif h4 ck3rEthical hacking tausif h4 ck3r
Ethical hacking tausif h4 ck3r
 
White Hat vs Black Hat vs Grey Hat | Difference Between Black Hat White Hat G...
White Hat vs Black Hat vs Grey Hat | Difference Between Black Hat White Hat G...White Hat vs Black Hat vs Grey Hat | Difference Between Black Hat White Hat G...
White Hat vs Black Hat vs Grey Hat | Difference Between Black Hat White Hat G...
 
Paper id 311201535
Paper id 311201535Paper id 311201535
Paper id 311201535
 
Se
SeSe
Se
 
Security in Mind
Security in MindSecurity in Mind
Security in Mind
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Data security & cryptography
Data security & cryptography Data security & cryptography
Data security & cryptography
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing Attacks
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Evolution of-ai-bots-for-real-time-adaptive-security
Evolution of-ai-bots-for-real-time-adaptive-securityEvolution of-ai-bots-for-real-time-adaptive-security
Evolution of-ai-bots-for-real-time-adaptive-security
 
White hat and black hat hackers
White hat and black hat hackersWhite hat and black hat hackers
White hat and black hat hackers
 
Threat hunting on the wire
Threat hunting on the wireThreat hunting on the wire
Threat hunting on the wire
 

Similar to Hacking

Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hacker
bestip
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
ssuserde23af
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
ShivamSharma909
 

Similar to Hacking (20)

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
ethical hacking
ethical hackingethical hacking
ethical hacking
 
Ethical h
Ethical hEthical h
Ethical h
 
Ethical h
Ethical hEthical h
Ethical h
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hacker
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking by shivam
Ethical hacking by shivamEthical hacking by shivam
Ethical hacking by shivam
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt
 
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
Lesson plan ethical hacking
Lesson plan ethical hackingLesson plan ethical hacking
Lesson plan ethical hacking
 
ethical hacking report
ethical hacking report ethical hacking report
ethical hacking report
 
1-Domain ComTIA Security+.pdf
1-Domain ComTIA Security+.pdf1-Domain ComTIA Security+.pdf
1-Domain ComTIA Security+.pdf
 
Hacking - CEH Cheat Sheet Exercises.pdf
Hacking - CEH Cheat Sheet Exercises.pdfHacking - CEH Cheat Sheet Exercises.pdf
Hacking - CEH Cheat Sheet Exercises.pdf
 
Cisel1 d
Cisel1 dCisel1 d
Cisel1 d
 

Recently uploaded

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

Hacking

  • 1. ITT Certified Ethical Hacker Certification Study Group Week 1 – CEH Objectives, Schedule, and Overview
  • 2. CEH Study Group Overview  Instructor/Study Leader  Study Group Meeting Frequency & Location  Certified Ethical Hacker Exam (312-50) Objectives  Certification Text and “Schedule”  Week 1 Objectives
  • 3. Study Group Instructor/Leader  Name: Mark McCoy, CISSP/MCSE/CNE  Occupation: Network Engineer/Administrator, Information Security Practioner, and Adjunct Instructor
  • 4. Study Group Meeting Frequency and Location  Study Group Location: ITT-Omaha, Main Conference Room  Frequency: Once a Week  Day: Wednesday Night  Time: 6:00pm  Duration: 3 hours (1.5 Lecture/1.5 Lab)
  • 5. Certified Ethical Hacker Exam (312-50) Objectives  Ethics and Legality  Footprinting  Scanning  Enumeration  System Hacking  Trojans and Backdoors  Sniffers  Denial of Service  Social Engineering  Session Hijacking  Hijacking Web Servers  Web Application Vulnerabilities  Web-Based Password Cracking  SQL Injection  Wireless Hacking  Viruses and Worms  Physical Security  Linux Hacking  Evading IDS’s, Honeypots, and Firewalls  Buffer Overflows  Cryptography  Penetration Testing Methods
  • 6. Certification Text and Schedule  Certification Text(s):  Official Certified Ethical Hacker Review Guide  CEH Prep Guide  Certified Ethical Hacker Exam Prep  Certification Schedule:  We will cover two to three chapters of the Study Guide Per Week and plan to sit for the exam in 5 – 9 Weeks
  • 7. Week 1 Learning Objectives  Chapter 1 – Introduction to Ethical Hacking, Ethics, and Legality  Understanding Ethical Hacking Terminology  Identifying Different Types of Hacking Technologies  Understanding the different “Phases” and Five Stages of Ethical Hacking  What is Hackivism?  List the Different Types of hacker Classes  Define the skills required to become an ethical hacker  What is vulnerability research?  Describe the ways to conduct ethical hacking  Understand the legal implications of hacking  Understand 18 U.S.C. 1029 and 1030 U.S. Federal law
  • 8. Week 1 Learning Objectives (con’t)  Chapter 2 – Foot printing and Social Engineering  Footprinting  Define the Term Footprinting  Describe Information Gathering Methodology  Describe Competitive Intelligence  Understand DNS Enumeration  Understand ARIN and WHOIS Lookup  Identify the types of DNS Records  Understand how TRACEROUTE is used in footprinting  Understand how E-mail Tracking Works  Understand how Web Spiders work  Social Engineering  What is Social Engineering?  What are the common types of Attacks?  Understand dumpster diving  Understand Reverse Social Engineering  Understand Insider Attacks  Describe Phishing Attacks  Understand Online Scams  Understand URL Obfuscation  Social Engineering Countermeasures
  • 9. Chapter 1 – Introduction to Ethical hacking, Ethics, and Legality  Ethical Hacking Terminology  Threat:  Exploit:  Remote Exploit:  Local Exploit:  Vulnerability:  Target of Evaluation:  Attack:
  • 10. Chapter 1 – Introduction to Ethical hacking, Ethics, and Legality  Identifying Different Types of Hacking Technologies  Operating System  Application  Shrink-Wrap Code  Misconfiguration:
  • 11. Phases and Stages of Ethical Hacking  Phase 1 – Reconnaissance  Phase 2 – Scanning  Phase 3 – Gaining Access  Phase 4 – Maintaining Access  Phase 5 – Covering Tracks
  • 12. Hacktivism  Hacktivism is defined as: Hacking for a cause – Social or Political  White Hats: The “Good Guys”. The Ethical Hackers. Goal is to strengthen the defenses.  Black Hats: The “Bad Guys”. The Malicious Hacker, also known as a “Cracker”  Grey Hats: Hackers that “go both ways”. At times they are on the “Offensive” and at times they are on the “Defensive”
  • 13. Skills required to be an Ethical Hacker  Expertise required in:  Computer Programming  Networking  Operating Systems  Windows  Unix  Linux  Penetration Teams (Ethical Hackers) are comprised of persons possessing expertise in one or more of the above areas
  • 14. Vulnerability Research  What is Vulnerability Research and Why is it important to a Hacker (White Hat, Black Hat, or Grey Hat)?  For the Black Hat – “Know your Enemy”  Learn as much about the enemy’s architecture, its strengths and weaknesses, as you possible can, to give you the greatest advantage in defeating the enemy  For the White Hat – “Know yourself”  Learn as much about your own architecture, its strengths and weaknesses, as you possibly can, to give you the greatest ability to defend against the enemy.
  • 15. Ethical Hacking – A Six-Step Process  Talk to the client and Conduct a Needs Assessment  Agree to Terms – The Non Disclosure Agreement  Organize your Team and Schedule Tests  Conduct Test (s)  Analyze Test Results and Prepare Report  Present your findings and recommendations to the Client
  • 16. Types of Ethical Hacks  Remote Network Attack  Remote Dial-Up Network Attack (War Dialing)  Local Network Attack  Stolen Equipment Attack  Social Engineering  Physical Entry/Intrusion
  • 17. Penetration Test Types  Black Box – Penetration Test Team has NO INFORMATION concerning Infrastructure or Systems  White Box - Penetration Test Team has COMPLTETE INFORMATION concerning Infrastructure and Systems  Grey Box - Penetration Test Team has LIMITED INFORMATION concerning Infrastructure or Systems
  • 18. Legal Implications of Hacking  Cyber Security Enhancement Act of 2002: Life Sentence for hackers who “recklessly” endanger the lives of others  Title 18, United States Code (U.S.C.), section 1029 criminalizes the misuse of passwords and other access devices such as token cards  Title 18, United States Code (U.S.C.), section 1030 criminalizes the spreading of viruses and worms and breaking into computers by unauthorized individuals
  • 19. Chapter 2 – Footprinting and Social Engineering  Footprinting: The process of creating a blueprint or map of an organization’s network and systems.  Sources of Information:  Google Groups  Whois  NsLookup  Sam Spade  Careerlink  Dice  Monster
  • 20. Competitive Intelligence  Competitive Intelligence is described as: Information gathering about a competitor’s products, marketing, and technologies  Competitive Intelligence is non-intrusive and benign in nature
  • 21. DNS Enumeration  Definition: The process of locating all DNS Servers and their corresponding records for an organization  Sources of DNS Information:  DNSstuff  Whois  ARIN  NSLookup
  • 22. DNS Record Types  A (Address): A.K.A. Host Record  SOA: Start of Authority  CNAME: Canonical Name (another name for a host)  MX: Mail Exchange (Identifies Mail Server)  SRV: Service Record  PTR: Pointer (points IP Address to Host name)  NS: (Name Server Record): Identifies DNS Server
  • 23. Traceroute and FootPrinting  Traceroute will actually “Trace The Route” a packet takes from an origination to a destination, which may reveal the ISP, via the routers that the packet traverses  ARIN, Whois, and DNSstuff may also assist in determining the “victim’s” ISP  NEOTrace, VisualRoute, and VisualLookout, provide a graphic of the traceroute command
  • 24. E-Mail Tracking  Allows Sender to know whether recipient reads, forwards, modifies, or deletes an email.  eMailTracking Pro and MailTracking.com provide email tracking services
  • 25. Web Spiders  A Web Spider will comb a website to collect email addresses (looking for the “@” syntax, that it will later be used as recipients for unsolicited email, by the attacker  Web Spiders can be defended against by adding a robots.txt file that contains a list of directories on your website you want protected from web spiders
  • 26. Week 1 Learning Objectives  Chapter 1 – Introduction to Ethical Hacking, Ethics, and Legality  Understanding Ethical Hacking Terminology  Identifying Different Types of Hacking Technologies  Understanding the different “Phases” and Five Stages of Ethical Hacking  What is Hackivism?  List the Different Types of hacker Classes  Define the skills required to become an ethical hacker  What is vulnerability research?  Describe the ways to conduct ethical hacking  Understand the legal implications of hacking  Understand 18 U.S.C. 1029 and 1030 U.S. Federal law
  • 27. Social Engineering  Definition: The use of influence and persuasion to deceive people for the purpose of obtaining information or persuading a victim to perform some action.
  • 28. Types of Social Engineering Attacks  Human-Based: Person to person contact/persuasion  Computer-Based: Also known as phishing and on-line scams
  • 29. URL Obfuscation  Definition: The hiding of a fake URL in what appears to be a legitimate URL  URL Obfuscation is used in may phishing scams to make the scam more legitimate  URL Obfuscation can normally be spotted when IP addresses are in the URL versus only the host/domain name
  • 31. Week 1 Learning Objectives (con’t)  Chapter 2 – Foot printing and Social Engineering  Footprinting  Define the Term Footprinting  Describe Information Gathering Methodology  Describe Competitive Intelligence  Understand DNS Enumeration  Understand ARIN and WHOIS Lookup  Identify the types of DNS Records  Understand how TRACEROUTE is used in footprinting  Understand how E-mail Tracking Works  Understand how Web Spiders work  Social Engineering  What is Social Engineering?  What are the common types of Attacks?  Understand dumpster diving  Understand Reverse Social Engineering  Understand Insider Attacks  Describe Phishing Attacks  Understand Online Scams  Understand URL Obfuscation  Social Engineering Countermeasures
  • 32. Homework  Read Chapters 3 & 4 of the CEH Review Guide  Bring your Laptop for use in Lab (need Linux and Windows capabilities – One as a base OS and the other as a Virtual Machine)