My CEH V11 notes from EC-Council Book

  1. Confidentiality:-Insure that information can be accessible by only authorized users. ex:- data classifications, data encryption.
  2. Integrity:-Insure that information can be changed or altered by only authorized users. ex:- access controls, checksum.
  3. Availability:-Insure the stored, processed information are available when needed. ex:- cluster machines, redundant systems, DDOS protection or antivirus software.
  4. Authority:-The one’s identity is created with a proof and conformed by a system. ex:-authentications controls.
  5. Non-repudiation:- The sender and receiver can’t deny the messages they sent or received. ex:-digital signature.
  1. Passive attacks:- don’t tamper with the target system directly. Only intercept or monitor the network traffic.
  2. Active Attacks:-tamper with the target system directly.
  3. Close-in Attacks:- performed when attackers are in close of physical target systems.
  4. Insider Attacks:-performed with a trusted person.
  5. Distribution Attacks:-tamper with the hardware or software prior installation.
  1. Reconnaissance:-Gather information about the target organization. It can be active or passive.
  2. Weaponization:-Analyze the information gained from previous stage then select a payload and send it.
  3. Delivery:-Make sure that the payload is sent successfully, and whether the intrusion attempts are blocked or not.
  4. Exploitation:-Executing the payload code in the target systems.
  5. Installation:-Repeat the previous stages for other system to spread the attacks.
  6. Commands and Controls:- Create command and control channel to communicate and pass the data between system.
  7. Actions on objectives:-Perform actions to achieve intended goals.
  1. Email indicators.
  2. Network-based indicators.
  3. Host-based indicators.
  4. Behavioral indicators.
  1. Black hats:-they attack for illegal or malicious proposes.
  2. White hats:-they have promotions to attack their target.
  3. Grey hats:- they are in between Black and White hats.
  4. suicide hackers:-they are not careful about the consequences of their actions.
  5. Script kiddies:- they don’t have skills and use tools from other hackers.
  6. Cyber terrorists:-they are motivated by political or religious beliefs.
  7. State-sponsored:-they are employed by governments.
  8. Hacktivists:-they are motivated by political or religious beliefs.
  1. Reconnaissance.
  2. Scanning.
  3. Gaining Access.
  4. Maintaining Access.
  5. Clearing Tracks.
  1. Risk Identifying.
  2. Risk Assessment.
  3. Risk Treatment.
  4. Risk Tracking.
  5. Risk Reviewing.
  1. Strategical:-high-level information on changing risk; consumed by high-level executives and management.
  2. Tactical:-provides information related to TTPs; consumed by IT services and SOC mangers, administrators
  3. Operational:-provide information on specific attacks; consumed by security managers and network defenders.
  4. Technical:-provide information on specific IoC; consumed by SOC staff and IR; Incidents Response teams.
  1. Identify Security Objectives.
  2. Application Overview.
  3. Decompose Application.
  4. Identify Threats.
  5. Identify Vulnerabilities.
  1. Preparation.
  2. Incidents recording and assessment.
  3. Incident triage.
  4. Notification.
  5. Containment.
  6. Evidences gathering and forensic analyzing.
  7. Eradication.
  8. Recovery.
  9. Post-incident activities.
  1. Supervised:-use of algorithm that input a set of labeled training data. It’s divided into:- Classifications:-includes completely divided classes. Regression:-includes data that can’t be divided into classes; continuous data.
  2. Unsupervised:-use of algorithm that input a set of unlabeled training data. It’s divided into:-clustering:-divides the data into clusters based on their similarity. Dimensionally Reduction:-is the process of reducing the attributes of the data.
  1. PCI DSS; Payment Card Industry Data Security and Standards:-is information security and standard for organizations that hold cardholders information.
  2. ISO/IEC:-specify the requirements for establishing, implementing, maintaining and improving and information security management system within the organization.
  3. HIPAA; Health Insurance portability and Accountability Act:- is federal protection for the individually identifiable health information that hold by hospitals.
  4. SOX; Sarbanes Oxley Act:- is designed to protect the investors and the public by increasing the accuracy and reliability of corporate disclosures.
  5. DMCA; Digital Millennium Copyright Act:- is united states copyright law that implement two treaties of WIPO; World Intellectual Property Organization.
  6. FISMA; Federal Information Security Management Act:- provides a comprehensive framework for insuring the effectiveness of information security controls over information resources that support Federal operations and assets.
  1. Passive:- Gathering information about the target without direct interactions.
  2. Active:- Gathering information about the target with direct interactions.
  1. Identify the security posture.
  2. Reducing the focus area.
  3. Identifying vulnerabilities.
  4. Drawing a network map.
  1. Organization Information:- employees details, names, number, location, etc.
  2. Network Information:- domains, subdomains, IP addresses, whois, DNS, etc.
  3. System Information:- OS, location of servers, usernames and passwords, etc.
  1. cache: :- display the web pages stored in Google cache.
  2. link: :- list web pages that have link to the given web page.
  3. related: :- list web pages that similar to the given web page.
  4. info: :- present some information that Google has about the given web pages.
  5. site: :- restrict the search results to those websites in the given domain.
  6. allintitle: :- restrict the search results to those websites containing all the search keywords in the title.
  7. intitle: :- restrict the search results to those documents containing the search keyword in the title.
  8. allinurl: :- restrict the search results to those websites containing all search keywords in the url.
  9. inurl: :- restrict the search results to those documents containing search keyword in the url.
  10. location: :- find information about a specific location.
  1. Domain name details.
  2. Contact detail of the domain owner.
  3. Domain name servers.
  4. NetRange.
  5. When a domain has been created.
  6. Expiry records.
  7. Records last updated.
  1. ICMP; Internet Control Message Protocol traceroute:- works on windows OS. tracert [IP address or domain name].
  2. TCP traceroute:- tcptraceroute [IP address or domain name].
  3. UDP traceroute. traceroute [IP address or domain name].
  1. Path Analyzer Pro.
  2. ViualRoute.
  1. Eavesdropping.
  2. Shoulder Snuffing.
  3. Dumpster diving.
  4. Impersonating.
  1. Maltego:- used to know the real relationship and world links between people.
  2. Recon-ng:- is a web reconnaissance framework.
  3. FOCA; Footprinting Organization with Collected Archives:- is used to find metadata and hidden information in documents.
  4. OSRFramework:- includes applications related to username checking, DNS lookup, deep web search, etc.
  5. OSINT Framework:- is online source intelligence gathering information used to collect in formation from free tools or resources.
  6. Recon-Dog:- is all in one tool used to collect needed information.
  7. BillCyber:- is an information gathering tool for IP addresses or websites.
  1. SYN; Synchronize:- initiates connection between hosts.
  2. ACK; Acknowledgement:- acknowledges the receipt of a message.
  3. FIN; Finish:- terminates the connections.
  4. RST; Reset:- resets a connection.
  1. PSH; Push:- sends all buffered data immediately.
  2. URG; Urgent:- processes the data immediately.
  1. ICMP ECHO Ping scan:- attackers send ICMP ECHO requests to the target hosts and receiving ICMP ECHO responds from alive hosts. It’s useful to check alive system or ICMP pass through firewall. nmap -sn -PE [IP address]
  2. ICMP ECHO Ping Sweep scan:- attackers send ICMP ECHO requests to multiple target hosts and receiving ICMP ECHO responds from alive hosts. It’s useful to check alive system. nmap -sn -PE [IP address]
  3. ICMP timestamp Ping scan:- nmap -sn -Pp [IP address]
  4. ICMP Address Mask Ping scan:-nmap -sn -Pm [IP address]
  1. TCP SYN Ping Scan:- attackers send SYN probe packets to the target hosts and receiving ACK packets from alive hosts, or RST from dead hosts. nmap -sn -PS [IP address]
  2. TCP ACK Ping scan:-attackers send ACK probe packets to the target hosts and receiving RST packets from alive hosts. nmap -sn -PA [IP address]
  1. SCTP INIT scan:- attackers send INIT chunks to the target hosts and receiving INIT chunks respond from opened ports, or ABORT chunks respond from closed ports. nmap -sY -v [IP address]
  2. SCTP COOKIE/ECHO scan:-attackers send COOKIE ECHO chunks to the target hosts and if there is no replies, the ports are opened, or ABORT chunks respond from closed ports. nmap -sZ -v [IP address].A good IDS only can detect SCTP COOKIE/ECHO.
  1. Simple Service Discovery Protocol Scanning:- is a network protocol work in conjunction with UPnP to detect play and plug. Attacker exploit the vulnerabilities in UPnP to lunch buffer overflow or DDOS attacks.
  1. packet fragmentation:- used by SYN/FIN technique; nmap -sS -T4 -A -f -v [IP address]
  2. source routing.
  3. source port manipulation:- nmap -g [port] [IP address] nmap -sorce-port [port] [IP address]
  4. IP address decoy:-generate IP address decoys; nmap -D RAND:[number of decoy][target] or nmap -D decoy1, decoy2, me, etc[target].
  5. IP address spoofing:- change the source IP address; Hping3 [URL][Fake IP address]. IP address spoofing techniques:- 1- direct TTL probes. 2- IPID number 3- TCP flow control method.
  6. creating custom packet:-by using tools. ex; Colatsoft Packet builder, NetScanTool Pro, by appending custom binary data → nmap [IP] -data Oxdeadbeef, by appending custom string → nmap [IP]-data-string “string1”, by appending random string → nmap [IP] -data-string [num;5]
  7. randomizing host order:- nmap -radomize-hosts [IP].
  8. sending bad checksum:- nmap -badsum [IP].
  9. proxy server:-proxy tools; Burp suite, proxy switcher, CyberGhost VPN . *proxy chaining:-use multiple proxies servers.
  10. anonymizers:- remove all identity information from a user’s computer, while surfs the internet. It allow to bypass the internet censors.
  1. Privacy and Anonymity.
  2. Protection against online attacks.
  3. Access restricted content.
  4. Bypass IDS and Firewall rules.
  1. Alkasir.
  2. Tails.
  3. Whonix.
  4. Psiphon.
  5. Orbot.
  6. OpenDoor.

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} The Quiz for Aikatsu Hack Free Resources Generator

Innovation Intelligence Review #8

The GridPlus Lattice1 is The Best Way to Use Ethereum Today— Here’s Why

‘The Next Pearl Harbor, The Next 9/11, Will Be Cyber’ — A Cybercrime News Round-Up

Kerberos Wireshark Captures: A Windows Login Example

Is Your Cryptographic Security Setup Holding You Back?

X Protocol Partners with MiracleGame

UNDERSTANDING THE ELLYPTIC CURVE CRYPTOGRAPHY (PART I)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
HackingSkills

HackingSkills

More from Medium

Design Thinking Project: Implementing a Digital Maintenance Log System for Children’s Hospital of…

The Secure Edge: Daily Round-up of Infosec Blogs — Issue #81

“Society 5.0” & UAM Cybersecurity

Supporting 80km of Europe’s largest infrastructure project using Aphex