The document provides an overview of ethical hacking and penetration testing, outlining key concepts, methodologies, and certifications in the field. It explains the roles of ethical hackers, the distinctions between various hacker types, and the tools and methodologies used in penetration testing. Additionally, it offers resources for further learning and common questions in the area of security testing.

1. Ethical Hacking & Penetration
testing
General Knowledge
Ayman Mohammed – CEH
http://www.AymanMohammed.com

2. Outline
• Introduction
• Certificates
• Keywords
• Questions
• References

3. General tips about information security career

4. Introduction to Ethical Hacking
• Ethical hackers
▫ Employed by companies to perform penetration tests
• Penetration test
▫ Legal attempt to break into a company’s network to
find its weakest link
▫ Tester only reports findings
• Security test
▫ More than an attempt to break in; also includes
analyzing company’s security policy and procedures
▫ Tester offers solutions to secure or protect the network

5. The Role of Security and Penetration
Testers
• Hackers
▫ Access computer system or network without
authorization
▫ Breaks the law; can go to prison
• Crackers
▫ Break into systems to steal or destroy data
▫ U.S. Department of Justice calls both hackers
• Ethical hacker
▫ Performs most of the same activities but with
owner’s permission

6. Penetration-Testing Methodologies
• White box model
▫ Tester is told everything about the network topology
and technology
▫ Tester is authorized to interview IT personnel and
company employees
▫ Makes tester job a little easier
• Black box model
▫ Company staff does not know about the test
▫ Tester is not given details about the network
 Burden is on the tester to find these details
▫ Tests if security personnel are able to detect an attack
• Gray box model
▫ Hybrid of the white and black box models
▫ Company gives tester partial information

7. Ethical Hacking in a Nutshell
• What it takes to be a security tester
▫ Knowledge of network and computer technology
▫ Ability to communicate with management and IT
personnel
▫ Understanding of the laws
▫ Ability to use necessary tools

8. Known certificates in cyber security field

9. Most famous certificates
• EC-Council
▫ CEH(Certified Ethical Hacker)
▫ ECSA (EC-Council Certified Security Analyst)
▫ LPT(Lice sensed Penetration Tester)
• SANSGIAC (Global Information Assurance Certification)
▫ GPEN(GIAC Certified Penetration Tester )
▫ GWAPT(GIAC Web Application Penetration Tester)
• OSSTMM (The Open Source Security Testing Methodology
Manual)
▫ OPST (OSSTMM PROFESSIONAL SECURITY TESTER ACCREDITED
CERTIFICATION)
▫ OPSA (OSSTMM PROFESSIONAL SECURITY ANALYST ACCREDITED
CERTIFICATION)
▫ OPSE (OSSTMM PROFESSIONAL SECURITY EXPERT ACCREDITED
CERTIFICATION)
• Mile2
▫ CPTEngineer(Certified Pen Testing Engineer)

10. Keywords you need to know , and search inside the resume

11. Top Keywords
• Certificates :
▫ CEH , ICSSP , LPT , CPTEngineer , ECSA , GPEN,
OPST ,OPSA ,OPSE , CISM, CISA
• Tools:
▫ Kali , Metasploit , sqlmap , Burp Suite ,
Acunitix ,IBM Appscan ,Nmap ,Cain & Able
,WireShark ,Nessus ,snort ,OpenSSH ,BackTrack ,Brutus
,John the Ripper.
• Methodologies :
▫ OWASP Top 10 , PCI-DSS
• Vulnerabilities :
▫ XSS , Sql injection , CSRF , session
hijacking , ....

12. Some questions to assess the Penetration testing knowledge

13. Questions & answers
• Q. What is XSS or Cross Site Scripting?
Ans. XSS or cross site scripting is type of vulnerability
that hackers used to attack web applications.
• It allows hackers to inject HTML or JAVASCRIPT code
into a web page which can steal the confidential
information from the cookies and returns to the hackers.
It is one of the most critical and common technique
which needs to be prevented.
• Q. What is a honeypot?
Ans. Honeypot is fake computer system which behaves
like a real system and attracts hackers to attack on it.
Honeypot is used to find out loop holes in the system
and to provide solution for these kinds of attacks.

14. Questions & answers (cont.)
• Q. What type of tools are there out there for
packet sniffing?
Ans. Wireshark is probably the most common
packet sniffing tool. This program can help you find
odd traffic across the network or identify a program
that is sending traffic silently from a host.
• Q. Which tools are you using in Performing
automatic vulnerability testing?
Ans. There are many tools to do so , the most
famous tools are Acunitix , IBM Appscan , Burb
suite , ZAP.

15. Where to start gain more knowledge

16. • http://www.softwaretestinghelp.com/interview-
questions/security-testing-interview-questions-
and-answers/
• http://www.eccouncil.org/Certification/professi
onal-series/ceh-course-outline
• http://www.zdnet.com/article/10-things-you-
need-to-know-before-hiring-penetration-
testers/
• https://www.owasp.org/index.php/Top_10_201
3-Table_of_Contents