My CEH V11 notes from EC-Council Book

  1. Integrity:-Insure that information can be changed or altered by only authorized users. ex:- access controls, checksum.
  2. Availability:-Insure the stored, processed information are available when needed. ex:- cluster machines, redundant systems, DDOS protection or antivirus software.
  3. Authority:-The one’s identity is created with a proof and conformed by a system. ex:-authentications controls.
  4. Non-repudiation:- The sender and receiver can’t deny the messages they sent or received. ex:-digital signature.
  1. Active Attacks:-tamper with the target system directly.
  2. Close-in Attacks:- performed when attackers are in close of physical target systems.
  3. Insider Attacks:-performed with a trusted person.
  4. Distribution Attacks:-tamper with the hardware or software prior installation.
  1. Weaponization:-Analyze the information gained from previous stage then select a payload and send it.
  2. Delivery:-Make sure that the payload is sent successfully, and whether the intrusion attempts are blocked or not.
  3. Exploitation:-Executing the payload code in the target systems.
  4. Installation:-Repeat the previous stages for other system to spread the attacks.
  5. Commands and Controls:- Create command and control channel to communicate and pass the data between system.
  6. Actions on objectives:-Perform actions to achieve intended goals.
  1. Network-based indicators.
  2. Host-based indicators.
  3. Behavioral indicators.
  1. White hats:-they have promotions to attack their target.
  2. Grey hats:- they are in between Black and White hats.
  3. suicide hackers:-they are not careful about the consequences of their actions.
  4. Script kiddies:- they don’t have skills and use tools from other hackers.
  5. Cyber terrorists:-they are motivated by political or religious beliefs.
  6. State-sponsored:-they are employed by governments.
  7. Hacktivists:-they are motivated by political or religious beliefs.
  1. Scanning.
  2. Gaining Access.
  3. Maintaining Access.
  4. Clearing Tracks.
  1. Risk Assessment.
  2. Risk Treatment.
  3. Risk Tracking.
  4. Risk Reviewing.
  1. Tactical:-provides information related to TTPs; consumed by IT services and SOC mangers, administrators
  2. Operational:-provide information on specific attacks; consumed by security managers and network defenders.
  3. Technical:-provide information on specific IoC; consumed by SOC staff and IR; Incidents Response teams.
  1. Application Overview.
  2. Decompose Application.
  3. Identify Threats.
  4. Identify Vulnerabilities.
  1. Incidents recording and assessment.
  2. Incident triage.
  3. Notification.
  4. Containment.
  5. Evidences gathering and forensic analyzing.
  6. Eradication.
  7. Recovery.
  8. Post-incident activities.
  1. Unsupervised:-use of algorithm that input a set of unlabeled training data. It’s divided into:-clustering:-divides the data into clusters based on their similarity. Dimensionally Reduction:-is the process of reducing the attributes of the data.
  1. ISO/IEC:-specify the requirements for establishing, implementing, maintaining and improving and information security management system within the organization.
  2. HIPAA; Health Insurance portability and Accountability Act:- is federal protection for the individually identifiable health information that hold by hospitals.
  3. SOX; Sarbanes Oxley Act:- is designed to protect the investors and the public by increasing the accuracy and reliability of corporate disclosures.
  4. DMCA; Digital Millennium Copyright Act:- is united states copyright law that implement two treaties of WIPO; World Intellectual Property Organization.
  5. FISMA; Federal Information Security Management Act:- provides a comprehensive framework for insuring the effectiveness of information security controls over information resources that support Federal operations and assets.
  1. Active:- Gathering information about the target with direct interactions.
  1. Reducing the focus area.
  2. Identifying vulnerabilities.
  3. Drawing a network map.
  1. Network Information:- domains, subdomains, IP addresses, whois, DNS, etc.
  2. System Information:- OS, location of servers, usernames and passwords, etc.
  1. link: :- list web pages that have link to the given web page.
  2. related: :- list web pages that similar to the given web page.
  3. info: :- present some information that Google has about the given web pages.
  4. site: :- restrict the search results to those websites in the given domain.
  5. allintitle: :- restrict the search results to those websites containing all the search keywords in the title.
  6. intitle: :- restrict the search results to those documents containing the search keyword in the title.
  7. allinurl: :- restrict the search results to those websites containing all search keywords in the url.
  8. inurl: :- restrict the search results to those documents containing search keyword in the url.
  9. location: :- find information about a specific location.
  1. Contact detail of the domain owner.
  2. Domain name servers.
  3. NetRange.
  4. When a domain has been created.
  5. Expiry records.
  6. Records last updated.
  1. TCP traceroute:- tcptraceroute [IP address or domain name].
  2. UDP traceroute. traceroute [IP address or domain name].
  1. ViualRoute.
  1. Shoulder Snuffing.
  2. Dumpster diving.
  3. Impersonating.
  1. Recon-ng:- is a web reconnaissance framework.
  2. FOCA; Footprinting Organization with Collected Archives:- is used to find metadata and hidden information in documents.
  3. OSRFramework:- includes applications related to username checking, DNS lookup, deep web search, etc.
  4. OSINT Framework:- is online source intelligence gathering information used to collect in formation from free tools or resources.
  5. Recon-Dog:- is all in one tool used to collect needed information.
  6. BillCyber:- is an information gathering tool for IP addresses or websites.
  1. ACK; Acknowledgement:- acknowledges the receipt of a message.
  2. FIN; Finish:- terminates the connections.
  3. RST; Reset:- resets a connection.
  1. URG; Urgent:- processes the data immediately.
  1. ICMP ECHO Ping Sweep scan:- attackers send ICMP ECHO requests to multiple target hosts and receiving ICMP ECHO responds from alive hosts. It’s useful to check alive system. nmap -sn -PE [IP address]
  2. ICMP timestamp Ping scan:- nmap -sn -Pp [IP address]
  3. ICMP Address Mask Ping scan:-nmap -sn -Pm [IP address]
  1. TCP ACK Ping scan:-attackers send ACK probe packets to the target hosts and receiving RST packets from alive hosts. nmap -sn -PA [IP address]
  1. SCTP COOKIE/ECHO scan:-attackers send COOKIE ECHO chunks to the target hosts and if there is no replies, the ports are opened, or ABORT chunks respond from closed ports. nmap -sZ -v [IP address].A good IDS only can detect SCTP COOKIE/ECHO.
  1. source routing.
  2. source port manipulation:- nmap -g [port] [IP address] nmap -sorce-port [port] [IP address]
  3. IP address decoy:-generate IP address decoys; nmap -D RAND:[number of decoy][target] or nmap -D decoy1, decoy2, me, etc[target].
  4. IP address spoofing:- change the source IP address; Hping3 [URL][Fake IP address]. IP address spoofing techniques:- 1- direct TTL probes. 2- IPID number 3- TCP flow control method.
  5. creating custom packet:-by using tools. ex; Colatsoft Packet builder, NetScanTool Pro, by appending custom binary data → nmap [IP] -data Oxdeadbeef, by appending custom string → nmap [IP]-data-string “string1”, by appending random string → nmap [IP] -data-string [num;5]
  6. randomizing host order:- nmap -radomize-hosts [IP].
  7. sending bad checksum:- nmap -badsum [IP].
  8. proxy server:-proxy tools; Burp suite, proxy switcher, CyberGhost VPN . *proxy chaining:-use multiple proxies servers.
  9. anonymizers:- remove all identity information from a user’s computer, while surfs the internet. It allow to bypass the internet censors.
  1. Protection against online attacks.
  2. Access restricted content.
  3. Bypass IDS and Firewall rules.
  1. Tails.
  2. Whonix.
  3. Psiphon.
  4. Orbot.
  5. OpenDoor.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store