Introduction to Ethical Hacking- Terminology

Foot Printing and Reconnaissance – Information Gathering

Scanning networks- The objective is to scan the network received during Information Gathering

Enumeration – Gaining the details in depth

Vulnerability Analysis

System Hacking

Malware Threats

Sniffing

Social Engineering

Session Hijacking

SQL Injections

Wireless networks,IOT, IDS,IPS, Cloud Computing and Mobile Networks

Security is a process.

Data is getting generated ; the processes are responsible to share the data

Client Application

Network Transmission

Web Application Server

Network Layer

Operating System
Database Layer
Network Layer
Process- A program in execution

Kernel – A resource management tool

Operating System – Applications+SHELL+kernel

BIOS ->MBR->BootLoader->Kernel->start the 1st process- 512 bytes

Bootloader-446 bytes

Partition Table-64 bytes

16 bytes for new OS, 16 bytes for system reserve

OS signature-2 bytes

UEFI
OSI Architecture

Application Layer SSH,FTP,Browser,http,https,telnet

Presentation Layer Encoding Decoding
Session Layer Manage the various connections/sessions
Transport Layer TCP,UDP,Segmentation
Network Layer IP address
Data Link Layer MAC address
Physical Layer Digital or Analog Signals

TCP/IP stack

Application Layer (Application,Presentation,Session)

Transport Layer
Network Layer
Network Access Layer (Data Link ,Physical Layer)

Elements of Information Security

1. Confidentiality – Only authorized users/processes can access the data

2. Integrity – Only authorized users/processes can modify the data
3. Availability- Data should be available to authorized users/processes whenever required
4. Authenticity
5. Auditing and Accountability
6. Non Repudiation

Motive(Goal)+Method+Vulnerability = Attack

When Security goes up, usability and functionality goes down

Classification of Attacks

Passive Attack-objective is to monitor the network traffic and data flow for target network- Sniffing
or eavesdropping ;do not tamper with data

Active Attack-Tamper with the data in transit or disrupt the communication; Session hijacking or SQL
injection ,DoS;

Close-in Attacks-Are performed when the attacker is close proximity of target system or network

Insider Attack

Distribution Attack – Objective is to tamper with hardware or Software prior to installation.

CEH Hacking Methodology

1. Footprinting
2. Scanning
3. Enumeration
4. Vulnerability Analysis
5. System Hacking (Gaining the Access+ Escalating privileges, maintain the Access, clear the
logs)

Cyber Kill Chain Methodology

Objective is identify and prevent the malicious activities

1. Gather the Data

2. Weaponization –create a deliverable malicious payload using any exploit or backdoor
3. Delivery –Send the weaponized bundle to the victim using emails/USB etc
4. Exploitation –Exploit the vulnerability by executing the code on target machine
5. Installation-Install the malware on target system
6. Command and Control- Objective is to create communication channel to transmit the data
7. Actions on objective- Perform actions for intended objectives

Tactics, Techniques and Procedures

Tactics-guidelines which describes the way an attacker performs an attack from beginning to end

Techniques- Technical methods used by attacker to achieve intermediate results during attack

Procedures- Organizational approaches that the threat actor follows to launch an attack

Hacking – refers to exploiting system vulnerabilities and compromising security controls to gain
unauthorized access to system resource.

Hacker Classes

Black Hat-

White Hat

Gray Hat

Script Kiddies

Hacktivist
What is Ethical Hacking

Focuses on simulating the techniques used by attackers to verify the existence of exploitable
vulnerabilities in system security

Ethical Hacker always performs security assessment for an organization with the permission of
concerned authorities.

Information Assurance – Assurance that Integrity, confidentiality, availability, authenticity is always

protected during processing,storage usage and transmission of information

Adaptive Security Strategy

Predict

1. Risk and Vulnerability Assessment

2. Attack Surface Analysis
3. Threat Intelligence

Protect- Defense in Depth

1. Protect the endpoints

2. Protect Network
3. Protect Data

Respond

1. Incident Response

Detect

1. Continuous Threat Monitoring

Risk Management

 Risk Identification
 Risk Assessment
 Risk Treatment
 Risk Tracking
 Risk Review
Threat Modelling

1. Identify the Security Objectives

2. Application Overview (Identify the Processes , Identify the Components, Trust Boundaries )
3. Decompose the applications to identify threat
4. Identify the Vulnerabilities

Incident Management- is a set of processes to identify, analyze, prioritize and resolve the security
incidents to restore the normal business service operations.

PCIDSS

ISO 270001

HIPPA

SOX

IPV4 addressing Scheme – 32 bit Addressing scheme

Class A-11111111.00000000.00000000.00000000-/8 – 255.0.0.0

Class B-11111111.11111111.00000000.00000000-/16- 255.255.0.0

Class C-11111111.11111111.11111111.00000000- /24-255.255.255.0

Classless-11111111.11111111.1000000.00000000-/17

Classless IP addressing Scheme

Class A-1.0.0.0-126.255.255.255

Class B-128-191

Class C-192-223

Class D- Multicasting

Class E-Research Purpose

FootPrinting – first step of any attack on information system in which attacker collects information
about the target network

Passive Footprinting- Gathering the information about the target without direct interaction

Active Footprinting- Gathering the information with Direct interaction

[inurl:]-Restrict the result to documents containing the search keyword in URL

[intitle:]- Restrict the results to documents containing the search keyword in title

[site:]-restrict the results to those websites in given domain

Footprinting helps to:

 Know Security posture

 Reduce the attack Area
 Identify the Vulnerabilities
 Draw a Network Map
 Domain Name
 IP Addresses
 Namespaces
 Phone Numbers
 Job-information

Linux Commands

“/”- root partition

root – super user with UID 0

/root –Home directory for root user

“~” – home directory

“pwd”-Present working Directory

“user1” –“/home/user1”

“user2”-“/home/user2”
Create a directory and create a file using cat command in given directory

rmdir- remove empty directories

rm- removal of directories and files

DAC- Discretionary Access Control Subject->Object

MAC- Mandatory Access Control System Services which work in confined domain

RBAC- Role Based Access Control – Access permissions given according to job roles

User (owner of a file), Group ( group of users who are having similar requirement for
permissions),Others

777

r(4)w(2)x(1)(users) rwx(groups) rwx(others)

default permissions for files are 666

default permissions for directory 777

umask-022

777-022=755

666-022=644

Create a directory ; create a file in a directory; observe the umask and permissions, change
umask and create a new file; observe the permission

Provide rwx to user,rw to group for a file

Scanning Network

Network Scanning refers to set of procedures used for identifying hosts,ports and services in
the network

1. Whether the host is live or not:ping,netstat,traceroute,nmap

2. Find out the Open Ports:nmap
3. Find the services running:nmap

TCP : 3 way handshake

Syn

Node A Syn/Ack Node B

Ack

TCP flags

ACK- Acknowledgement

SYN-Synchronization

FIN-Finish

RST-Reset the connection

URG:Urgent

PSH: Push flag

nmap –sT -> full connect://ports are open

Syn

Node A Syn/Ack Node B

Ack
nmap –sS:Half Connect- Stealth Scan –Port is Open

Syn

Node A Syn/Ack Node B

RST

Nmap: -sF:FIN scan-Port is Open

FIN

Node A Node B

No Communication

Port is closed

Any Flag

Node A Node B

RST/ACK