CEH
What are the four common methods for dealing with risk?
-Avoidance -Transference -Mitigation -Acceptance
5 Phases of Ethical Hacking
-Reconnaissance -Scanning -Gain Access -Maintain Access -Cover Your Tracks
Penetration Testing Life Cycle
-Reconnaissance / Footprinting -Scan / Enumerate -Gain Access -Maintain Access -Report
grey hat hackers
A skilled hacker who falls in the middle of the white and black hat hackers. The gray hat may cross the line of what is ethical, but usually has good intentions and isn't malicious like a black hat hacker.
black hat hackers
A skilled hacker who uses skills and knowledge for illegal and malicious purposes
Advanced Persistent Threat (APT)
A stealthy computer network attack in which a person or group gains unauthorized access to a network and remains undetected for an extended period.
White box test
A test in which the tester knows about all aspects of the systems and understands the function and design of the system before the test is conducted. Not a very realistic test
grey box test
A test in which the tester may have knowledge of internal architectures and systems, or other preliminary information about the system being tested.
Script kiddies
An extremely unskilled person who uses tools and scripts developed by real hackers
Red Team
An offensive security team that attempts to discover vulnerabilities in a network or computer system.
OWASP (Open Web Application Security Project)
An organization that maintains a list of the top 10 errors found in web applications.
What are the 4 risk management methods?
Avoidance, transference, mitigation, and acceptance
Performing Reconnaissance
In this phase, the hacker begins gathering information about the target. This can include gathering publicly available information, using social engineering techniques or even dumpster diving.
Establishing Access
In this phase, the hacker uses all the information gathered through reconnaissance and scanning to exploit any vulnerabilities found and gain access.
state-sponsored hacker
a hacker who works for a government and attempts to gain top-secret information by hacking other government
cyber terrorism
the politically motivated use of computers and information technology to cause severe disruption or widespread fear in society.
Black box test
A penetration test in which the tester is given no information about the system being tested.
Purple Team
A mixture of both red and blue teams.
Stuxnet
A computer worm designed to find and infect a particular piece of industrial hardware; used in an attack against Iranian nuclear plants (2010)
Blue Team
A defensive security team that attempts to close vulnerabilities and stop the red team.
NIST SP 800-115
A guide to the basic technical aspects of conducting information security assessments
Suicide Hacker
A hacker who aims to bring down critical infrastructure for a "cause" and does not worry about the penalties associated with his actions.
White hat
A hacker who exposes security flaws in applications and operating systems so manufacturers can fix them before they become widespread problems.
hacktivist
A hacker whose main purpose is to protest an event or situation and draw attention to their own views and opinions
Rules of Engagement (ROE)
Detailed guidelines and constraints regarding the execution of information security testing. The ROE is established before the start of a security test, and gives the test team authority to conduct defined activities without the need for additional permissions.
What should you consider when planning for a penetration test?
How (internal or external), Who (can be targeted for social engineering attacks and who is allowed to know when the test is taking place), What (what systems will be targeted), When (during or outside of business hours), where (remotely or on-site)
Maintaining Access
Once the hacker has gained access, he can use backdoors, rootkits, or Trojans to establish permanent access to the system.
OSSTMM
Open Source Security Testing Methodology Manual - Standard method for pen testing. Sets forth detailed mandates regarding which aspects of the network to test, how to conduct it, and how to analyze the results. OSSTMM is a testing framework that conforms to legislative compliance, contractual compliance (to the customer), and standards compliance (it provides a standard framework for testing and is based on several NIST publications). OSSTMM also addresses security controls you can put in place to protect your network. Unfortunately, it does NOT include web apps like OWASP does.
Ethical Hacking
Perpetrating exploits against a system with the intent to find vulnerabilities sot that security weaknesses can be addresses and the system can be made more secure.
An organization should perform what before beginning a penetration test?
Risk Assessment
Scanning and enumeration
Scanning is a natural extension of reconnaissance. The hacker uses various tools to gather in-depth information about the network, computer systems, live systems, open ports, and other features. Extracting information such as usernames, computer names, network resources, shares, and services is known as enumeration. Enumeration is a part of the scanning step.
Risk Tolerance
The degree, amount, or volume of risk that an organization or individual will withstand.
Clearing Tracks
The final step in the hacking process is clearing tracks. The hacker overwrites log files to hide the fact they were ever there.
Penetration Testing
The practice of finding vulnerabilities and risks with the purpose of securing the computer or network system.
Threat Modeling
The process of analyzing the security of the organization and determine security holes.
Risk Assessment
The purpose of a risk assessment is to identify area of vulnerabilities within the organizations network. The risk assessment should look at all areas, including high value data, network systems, web applications, online information, and physical security (operating systems and web servers). Often, the penetration test is performed as part of a risk assessment. Once vulnerabilities have been determined, the organization needs to rank them and figure out how to handle each risk.
Scope Creep
The uncontrolled expansion to product or project scope without adjustments to time, cost, and resources.
Scope of work
defines exactly what a project will entail. Also known as a statement of work.