CEH

¡Supera tus tareas y exámenes ahora con Quizwiz!

Information security

"the state of the well-being of information and infrastructure in which the possibility of theft, tampering, or disruption of information and services is kept low or tolerable."

Inverse TCP Flag Scanning

Attackers send TCP probe packets with a TCP flag (FIN, URG, PSH) set or with no flags. When the port is open, the attacker does not get any response from the host, whereas when the port is closed, he or she receives the RST from the target host.

reconnaissance

Cyber Kill Chain Phase 1 that collects as much information about the target as possible to probe for weak points before actually attacking.

weaponization

Cyber Kill Chain Phase 2 that analyzes the data collected in the reconnaissance stage to identify the vulnerabilities and techniques that can exploit and gain unauthorized access to the target organization.

delivery

Cyber Kill Chain Phase 3 that measures the effectiveness of the defense strategies implemented by the target organization base on whether the intrusion attempt of the adversary is blocked or not.

exploitation

Cyber Kill Chain Phase 4 that triggers the adversary's malicious code to exploit a vulnerability in the operating system, application, or server on a target system.

installation

Cyber Kill Chain Phase 5 where the adversary downloads and installs more malicious software on the target system to maintain access to the target network for an extended period.

Command and control

Cyber Kill Chain Phase 6 where the adversary created a command and control channel, which establishes two-way communication between the victim's system and adversary-controlled server to communicate and pass data back and forth.

Actions on Objectives

Cyber Kill Chain Phase 7 where the adversary controls the victims system from a remote location and finally accomplishes their intended goals.

reconnaissance

Hacking phase 1: refers to the preparatory phase in which an attacker gathers as much information as possible about the target prior to launching the attack.

Scanning

Hacking phase 2: Here, the attacker uses the details gathered during reconnaissance to scan the network for specific information.

Maintaining access

Hacking phase 4: refers to the phase when the attacker tries to retain his or her ownership of the system.

Gaining access

Hecking phase 3: This is the phase in which real hacking occurs. Attackers use vulnerabilities identified during the reconnaissance and scanning phases to gain access to the target system and network.

ARP Scan

In the ______, the ARP packets are sent for discovering all active devices in the IPv4 range even though the presence of such devices is hidden by restrictive firewalls.

Network scanning

Lists the active hosts and IP addresses. ______ is a procedure for identifying active hosts on a network, either to attack them or assess the security of the network.

port scanning

Lists the open ports and services. _______ is the process of checking the services running on the target computer by sending a sequence of messages in an attempt to break in.

Preparation

Phase 1 of IH&R Process. includes performing an audit of resources and assets to determine the purpose of security and define the rules, policies, and procedures that drive the IH&R process.

Incident Recording and assignment.

Phase 2 of IH&R process. In this phase, the initial reporting and recording of the incident take place.

Incident Triage

Phase 3 of IH&R Process. In this phase, the identified security incidents are analyzed, validated, categorized, and prioritized.

Notification

Phase 4 of IH&R Process. the IH&R team informs various stakeholders, including management, third-party vendors, and clients, about the identified incident

Containment

Phase 5 of IH&R Process. This phase helps to prevent the spread of infection to other organizational assets, preventing additional damage.

Evidence gathering and Forensic Analysis

Phase 6 of IH&R Process. In this phase, the IH&R team accumulates all possible evidence related to the incident and submits it to the forensic department for investigation.

Eradication

Phase 7 of IH&R Process. the IH&R team removes or eliminates the root cause of the incident and closes all the attack vectors to prevent similar incidents in the future.

Recovery

Phase 8 of IH&R Process. the IH&R team restores the affected systems, services, resources, and data through recovery.

Post-Incident Activities

Phase 9 of IH&R Process.

Tactics, Techniques, and Procedures (TTP)

Refers to the patterns of activities and methods associated with specific threat actors or groups of threats actors

Risk Tracking and Review

Risk management phase that determine the measures and procedures adopted and ensure that the information gathered to perform the assessment was appropriate.

Email indicators Network indicators Host based indicators Behavioral Indicators

The four categories of IoCs:

Risk Identification

The initial step of the risk management plan. Its main aim is to identify the risks—including the sources, causes, and consequences of the internal and external risks affecting the security of the organization before they cause harm.

risk assessment

This Risk management phase assesses the organization's risks and estimates the likelihood and impact of those risks.

Risk Treatment

This Risk management phase is the process of selecting and implementing appropriate controls on the identified risks in order to modify them.

TCP Maimon scan

This scan technique is very similar to NULL, FIN, and Xmas scan, but the probe used here is FIN/ACK.

techniques

To launch an attack successfully, threat actors use several ____________ during its execution.

Operational Threat Intelligence

_________ provides contextual information about security events and incidents that help defenders disclose potential risks, provide greater insight into attacker methodologies, identify past malicious activities, and perform investigations on malicious activity in a more efficient way.

Tactical Threat Intelligence

___________ provides information related to the TTPs used by threat actors (attackers) to perform attacks.

Technical threat intelligence

____________ provides information about resources an attacker uses to perform an attack; this includes command and control channels, tools, and other items.

Hacktivism

_____________ is when hackers break into government or corporate computer systems as an act of protest.

IDLE/IPID Header SCan

a TCP port scan method that you can use to send a spoofed source address to a computer to find out what services are available.

SHODAN

a computer search engine that searches the Internet for connected devices (routers, servers, and IoT.).

hacker

a person who breaks into a system or network without authorization to destroy, steal sensitive data, or perform malicious attacks.

PCI DSS (Payment Card Industry Data Security Standard)

a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards.

Threat Modeling

a risk assessment approach for analyzing the security of an application by capturing, organizing, and analyzing all the information that affects it.

Defense in Depth

a security strategy in which security professionals use several protection layers throughout an information system.

Intelligence-based warfare

a sensor-based technology that directly corrupts technological systems.

incident management

a set of defined processes to identify, analyze, prioritize, and resolve security incidents to restore the system to normal service operations as soon as possible, and prevent recurrence of the incident.

theHarvester

a tool designed to be used in the early stages of a penetration test. It is used for open-source intelligence gathering and helps to determine a company's external threat landscape on the Internet.

Non-Repudiation

a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.

Sarbanes-Oxley Act

aims to protect the public and investors by increasing the accuracy and reliability of corporate disclosures.

Digital Millennium Copyright Act (DMCA)

an American copyright law that implements two 1996 treaties from the World Intellectual Property Organization (WIPO):

risk level

an assessment of the resulted impact on the network.

Cyber Kill Chain

an efficient and effective way of illustrating how an adversary can attack the target organization.

netscantools pro

an investigation tool that allows you to troubleshoot, monitor, discover, and detect devices on your network.

https://pentest-tools.com

an online tool used for discovering subdomains and their IP addresses, including network information and their HTTP servers.

Metasploit

an open-source project that provides the infrastructure, content, and tools to perform penetration tests and extensive security auditing.

Internal Reconnaissance Use of Powershell Unspecified Proxy Activities Use of Command-Line Interface HTTP user agent Command and Control Server Use of DNS tunneling Use of webshell Data Staging

behaviors of an adversary that can be used to enhance the detection capabilities of security devices:

Economic warfare

can affect the economy of a business or nation by blocking the flow of information.

Tactics

describe the way the threat actor operates during different phases of an attack.

Risk Identification Risk Assessment Risk Treatment Risk Tracking and Review

four key steps commonly termed as risk management phases are:

clearing tracks

hacking phase 5: refers to the activities carried out by an attacker to hide malicious acts.

state-sponsored hackers

individuals employed by the government to penetrate, gain top-secret information from, and damage the information systems of other governments.

suicide hackers

individuals who aim to bring down critical infrastructure for a "cause" and are not worried about facing jail terms or any other kind of punishment.

black hats (cracker)

individuals who use their extraordinary computing skills for illegal or malicious purposes.

white hats

individuals who use their hacking skills for defensive purposes.

gray hats

individuals who work both offensively and defensively at various times.

cyber terrorists

individuals with a wide range of skills, motivated by religious or political beliefs, to create fear of large-scale disruption of computer networks.

procedures

involve a sequence of actions performed by the threat actors to execute different steps of an attack life cycle.

Passive Attacks

involve intercepting and monitoring network traffic and data flow on the target network and do not tamper with the data.

Adversary Behavioral Identification

involves the identification of the common methods or techniques followed by an adversary to launch attacks to penetrate an organization's network.

Sublist3r

is a Python script designed to enumerate the subdomains of websites using OSINT. It enables you to enumerate subdomains across multiple sources at once.

D&B Hoovers

leverages a commercial database of 120 million business records and analytics to deliver a sales intelligence solution that enables sales and marketing professionals to focus on the right prospects so that they can generate immediate growth for their business.

Censys

monitors the infrastructure and discovers unknown assets anywhere on the Internet. It provides a full view of every server and device exposed to the Internet.

Distribution attack

occur when attackers tamper with hardware or software prior to installation

Insider Attacks

performed by trusted persons who have physical access to the critical assets of the target

Close-in Attacks

performed when the attacker is in close physical proximity with the target system or network. (shoulder surfing)

Electronic Data Gathering, Analysis, and Retrieval system (EDGAR)

performs automated collection, validation, indexing, acceptance, and forwarding of submissions by companies and others who are required by law to file with the U.S. Securities and Exchange Commission (SEC).

www.netcraft.com

provides Internet security services, including anti-fraud and anti-phishing services, application testing, and PCI scanning.

Lexis-Nexis

provides content-enabled workflow solutions designed specifically for professionals in the legal, risk management, corporate, government, law enforcement, accounting, and academic markets.

HIPPA (Health Insurance Portability and Accountability Act)

provides federal protections for the individually identifiable health information held by covered entities and their business associates and gives patients an array of rights to that information.

Strategic Threat Intelligence

provides high-level information regarding cybersecurity posture, threats, details about the financial impact of various cyber activities, attack trends, and the impact of high-level business decisions. T

Hacking

refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to system resources.

Information Assurance (IA)

refers to the assurance of the integrity, availability, confidentiality, and authenticity of information and information systems during the usage, processing, storage, and transmission of information.

Authenticity

refers to the characteristic of communication, documents, or any data that ensures the quality of being genuine or uncorrupted.

risk

refers to the degree of uncertainty or expectation of potential damage that an adverse event may cause to the system or its resources, under specified conditions.

C2 Warfare

refers to the impact an attacker possesses over a compromised system or network that they control.

UDP ping scan

scan that has the benefit of detecting systems behind firewalls

vulnerability scan

shows the presence of known weaknesses

ISO/IEC 27001:2013

specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of an organization.

Active Attacks

tamper with the data in transit or disrupt communication or services between the systems to bypass or break into secured systems. (DOS)

Confidentiality

the assurance that the information is accessible only to authorized

Availability

the assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users.

indicators of compromise (IOCs)

the clues, artifacts, and pieces of forensic data that are found on a network or operating system of an organization that indicate a potential intrusion or malicious activity in the organization's infrastructure.

Cyber Threat Intelligence

the collection and analysis of information about threats and adversaries and the drawing up of patterns that provide an ability to make knowledgeable decisions for preparedness, prevention, and response actions against various cyberattacks.

Footprinting

the first step in ethical hacking, refers to the process of collecting information about a target network and its environment.

ethical hacking

the practice of employing computer and network skills in order to assist organizations in testing their network security for possible loopholes and vulnerabilities.

Risk Management

the process of identifying, assessing, responding to, and implementing the activities that control how the organization manages the potential effects of risk.

Incident handling and response (IH&R)

the process of taking organized and careful steps when reacting to a security incident or cyberattack.

Hacker Warfare

the purpose of this type of warfare can vary from the shutdown of systems, data errors, theft of information, theft of services, system monitoring, false messaging, and access to data.

Integrity

the trustworthiness of data or resources in the prevention of improper and unauthorized changes

Cyberwarfare

the use of information systems against the virtual personas of individuals or groups.

Psychological warfare

the use of various techniques such as propaganda and terror to demoralize one's adversary in an attempt to succeed in battle

XMAS Scan

type of inverse TCP scanning technique with the FIN, URG, and PUSH flags set to send a TCP frame to a remote device. If the target has opened the port, then you will receive no response from the remote system. If the target has closed the port, then you will receive a remote system reply with an RST.

script kiddies

unskilled hackers who compromise systems by running scripts, tools, and software developed by real hackers.

TOR Browser

used to access the deep and dark web, where it acts as a default VPN for the user and bounces the network IP address through several servers before interacting with the web.

Electronic Warfare

uses radio-electronic and cryptographic techniques to degrade communication.


Conjuntos de estudio relacionados

Mental health (moderate) 15 questions

View Set

SECTION 1 ECONOMICS FINAL REVIEW

View Set

Employment Law: Ch 11 (Wages) & 12(Work Life Conflicts)

View Set

Chapter 2 Employment Laws That Influence Compensation and Benefits

View Set

Chapter 24: Management of Patients with Chronic Pulmonary Disease

View Set