info at storiecyber punto it
https://www.linkedin.com/pulse/ceh-practical-exam-all-you-need-know-xiotz-exzpf
https://hashes.com/en/decrypt/hash
CEH Practical Prep Guide: https://github.com/CyberSecurityUP/Guide-CEH-Practical-Master
https://www.linkedin.com/pulse/ceh-practical-exam-all-you-need-know-xiotz-exzpf/
CEH ANSI Prep Guide: https://github.com/Shubham22u/Cehv11-12-Question-Answer/tree/main
The seminal document for this course is:
o CEH, CASP & Sec+ Terms & Definitions
Then,
o CND v2 Notes
o Phases of Hacking
o NMAP Options and Examples
CEH Exam – 312-50v12
ANSI Exam 125 Questions / 240 min
Practical 20 Practicals / 6 hours
Pass both and earn the ‘CEH Master’ certification.
Exams can be taken on ECCExam.com or from a Pearson Vue Test Center.
On Friday, you will be asked to do an end of course evaluation. This will release your exam voucher. Available on Aspen.
Ethical Hacking:
o Honest ABE: Always Be Ethical
o The Colonel (KFC): Keep Findings Confidential
o Hippocratic Oath: Do No Harm*
(I.e., once an engagement is complete, the system is brought back to the same or better state. Tools used are removed, ports/protocols closed/removed, etc.)
Others;
Do not go outside of the Scope of Work! The SoW (or RoE) contains the limitations (boundaries) and inclusions of the engagement.
Differences between incidents, problems and attacks:
o Incident: Anything that affects the overall security of a system
o Problem: A break/fix item; Anything that might affect the availability of a system
o Attack: Anything that goes against a security control. An escalation of an incident into a full-blown exploit.
An attack directly affects the confidentiality of a system.
Legal, regulatory and standards compliance:
Need-to-know;
Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards.
Health Insurance Portability and Accountability Act (HIPAA) deals with personal health information (PHI) and provides a series of administrative, physical, and technical safeguards for covered entities to use to ensure the confidentiality, integrity, and availability of electronically protected health information.
Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. Applies to financial institutions and hold the CEO/CFO personally responsible for failures in these areas.
General Data Protection Regulation (GDPR) regulation was put into effect on May 25, 2018 and one of the most stringent privacy and security laws globally.
Important principles:
-Lawfulness, fairness, and transparency: Processing must be lawful, fair, and transparent to the data subject
-Right to be forgetten
EU-US Privacy Act } Act as compliments to GDPR where
EU-Swiss Privacy Act } the state is not in the EU
ISO2700x – International Organisation for Standards – Standards for IT and ITSM
Know which ISO27x is which:
27001 Information Security Management
27002 Information Security controls
27005 Information Security risk management
National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation’s oldest physical science laboratories. It also publishes the NIST RMF (Risk Management Framework).
Tools you need to know about:
nmap: www.nmap.org – Network mapper; Inventory of networks; Services, protocols and ports, OSes running
Wireshark: www.wireshark.org – Protocol analyzer/packet sniffer; Can output to .pcap files
tshark/tcpdump: CLI packet analyzers
Maltego: A graphing tool used for open-source intelligence, forensics and other investigations. It creates graphs and links that show relationships between objects (people, email addresses, social media, etc.)
Fingerprinting Organisations with Collected Archives (FOCA) is a tool used mainly to find metadata and hidden information in the documents it scans.
Web Vulnerability Analysis:
Burpsuite }
OpenVAS } Proxy tools
OWASP ZAP }
Nikto (CLI)/Wikto(GUI)
Vulnerability Assessment:
Nessus
GFI LanGuard
Solarwinds
nmap
Password Auditing (Cracking):
o Brute-Force: Every character is guessed, possibly with additional rules, such as elite rules (3L1T3)
o Dictionary: Uses a wordlist that is created from hacked accounts/leaked databases
o Rainbow-Tables: Pre-computer hashes of passwords (possibly from a dictionary/wordlist)
Tools:
o hashcat } Can use the GPU
o hydra } to crack hashes
o medusa
o John the Ripper (john.exe)
o Cain and Abel (cain.exe)
Malicious Software:
Viruses: Require human intervention to run
*Appending-Insert copies of themselves into the end of the infected file
*Prepending-Insert copies of themselves at the beginning of the infected file
Worms: Virus-type malware that does not require human intervention to run
*Use OS vulnerabilities to discover infection paths in networks.
*Consume bandwidth at incredible rates to burrow through the network
V/W have different components;
*Infection Engine: Changes the infected file’s code
*Dropper: Drops the payload onto the infected machine
*Obfuscation Engine: Can perform encryption of all or part of the v/w
Polymorhpic (some/many parts of the code are encrypted) vs Metamorphic (entire codebase is encrypted)
*Payload: What causes the damage/Actions on objectives
*Security Software Disablers
Wireless (802.11):
A = 5@54 WiFi 1
B = 2.4@11 WiFi 2
G = 2.4@54 WiFi 3
N = 2.4/5@72/150 WiFi 4
ac= 5.0@867 WiFi 5
ax= 5.0@10G WiFi 6
be= 2.4/5.0/6@36G WiFi 7
All ‘a’ run at 5GHz, BG&N are 2.4GHz and backwards compatible.
POODLE: Padding Oracle on Downgraded Legacy Extensions
ALPACA: Application Layer Protocol Confusion (A vulnerability in TLS Authentication)
For the purposes of the exam only:
Anything with an ‘E’ (and Fish,RSA) in it is encryption, anything with an ‘A’ (and MD) is hashing.
Mobile Device Management (MDM):
o BYOD: Bring Your Own Device; ‘Power to the people’-Power remains with the user; User has to buy-in into company requirements/policies
o CYOD: Choose Your Own Device; Power to the admin; User chooses a device of their liking from a company portal
o COPE: Company Owned, Personally Enabled; Typically issued to upper management; Some personal use is allowed
o COBO: Company Owned, Business Only; Typically issued to sales, marketing, etc. teams; No personal use is allowed