CEH: Understanding Ethical Hacking

CEH logo on black background

Pluralsights 1st course or ‘module’ as I will refer to them, in the Certified Ethical Hacking path, titled¬†Understanding Ethical Hacking, starts off with understanding what ethical hacking is and how you can use it to secure your network. The author, Dale Meredith presents this module with a cringe inducing attempt at comedy which I suppose may ‘lighten’ the load for some people but Dale comes across as knowledgeable and genuine without the need for awkward pauses or ‘jokes’.

This seems to be the most hands off of the modules but there is a virtual lab to setup which i’ve put in another post here.

Anyway my notes for the understanding ethical hacking module are:

  • CEH Program overview
    • Maintain certification through earning Credits ( or points) by:
      • Attending conferences
      • Writing research papers
      • Training
      • Reading related subject materials (this requires proof)
      • Exams
      • Webinars
  • Must adhere to Code of Ethics
    • Privacy
    • Intellectual Property
    • Disclosure. Disclose to the appropriate people at the appropriate time
    • Honest about Areas of Expertise
    • Knowledge Sharing. You’re required to share information
    • Exercise extreme care with customer’s systems
  • Terms
    • Hack Value
      • How valuable is a specific machine on a network, compared to the others
    • Exploits take advantage of Vulnerabilities
    • Target of Evaluation
      • A specific device that an ethical hacker is going to focus on
    • Daisy-chaining
      • Hacking one machine within the network and using it to attack others
  • Technology Triangle
    • Usability
    • Security
    • Functionality
    • Find balance between the 3
  • Threats
    • Hosts
      • Every hosts has a footprint. Finding that footprint is an important part of a hack
      • Physical security
      • Passwords
      • Malware
      • Privilege Escalation
      • Backdoors
      • Data clensing (hdd, memory sticks etc)
    • Applications
      • Buffer Overflow
        • When a program is trying to hold more data than it’s meant too.
        • The extra data flows over into adjacent memory
      • Copy and pasted code from other applications
        • All in house code should be reviewed
      • Data/Input Validation
        • Typically effects web based applications. SQL Injection
        • User puts unexpected information into a field and it causes the software to hiccup and allow them access to things they shouldn’t
  • IPv6 potential problems
    • Uses a lot of auto configuration
    • Many logging systems are still incompatible
    • Automatically turned on in many Microsoft products.
    • People are tempted to use shortcuts in addressing
    • Bigger headers than IPv4. May overload older network devices
    • 4to6 translations require expertise to implement properly
    • Each device may have up to 3 addresses. Complexity
    • Has additional features for Network Discovery, including Router Solicitation
  • What Skills Should a Hacker Have?
    • Explicit Permission, including scope
    • Use the same tactics and strategies as a real attacker
    • No means NO
    • Report all of your results. If you discover something illegal you must report it to the authorities
    • Know who to discuss what with
  • An IT Audit is just checking that the controls that are already in place are working as intended. Usually just working down a checklist. Different than a pen test
  • Phases of a Pen Test
    • Reconnaissance
      • Can be passive or active
    • Scanning
      • Fingerprinting, ping-sweeps, port scans, etc
    • Gaining Access
      • Via network, OS, application, etc
    • Maintain Access
      • Install a trojan or backdoor to make it easier to come back later
      • A good hacker may even harden up the system so another hacker can’t come in the same way later
    • Clearing Tracks
  • Attack Types
    • Application Attacks
      • Developers don’t properly check their code
      • That thing where you see the directory structure of a website is called Directory Transveral
    • Misconfiguration Attacks
      • There’s not a problem in the program itself, but the settings at set insecurely
      • Insecure defaults.
    • Shrink-Wrap Code
      • Developer uses code from outside sources, or re-uses the same code over and over again in multiple places
    • OS Attacks
      • Always apply Critical Updates immediately. They’re usually there to fix a 0-day
  • Entry Points
    • Remote Network
    • Dial-Up Network
    • Local Network/WLAN
    • Stolen Equipment. Laptops/Tablets/Etc
    • Social Engineering
    • Physical Entry

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.