Basics of Ethical Hacking Trainig

Hacking is a very common word now a day. Every other day we have attacks on the cyber space. According to studies there is one cybercrime in India every 10 minutes. Ethical hacking is a concept where the Ethical Hacker (Security professionals) performs penetration testing to find out the vulnerabilities and patch them before any black hat hacker exploit it. CEH V9 Training of EC Council is the best certification to learn Ethical Hacking .

Terms of Ethical Hacking

This is Specific terms which is use in Ethical Hacking Training :-   

·         Hack Value

·         Vulnerability

·         Exploit

·         Payload

·         Zero Day Attack

·         Daisy Chaining

Elements of Information Security

Confidentiality, Integrity, Availability, Authenticity, Non-Repudiation

The level of security in any system can be defined by the strength of three components

Security(Restriction), Functionality(Features), Usability(GUI)

How an Information Security attack happens?

Attack=Goal+Method+Vulnerability

Different Category of Information Security Threats

NETWORK THREATS: InformationGathering, Sniffing and Eavesdropping, Spoofing, DOS, Password Based Attack, ARP Poisoning etc.

HOST THREATS: Footprinting, MalwareAttack, UnauthorizedAccess, DOSAttack, Privilege Escalation.

APPLICATION THREAT: Input Validation, Security Misconfiguration, Buffer Overflow, Cryptography Attack.

What is Hacking: It is the process of finding out the system vulnerabilities and then exploiting them by getting unauthorised access to the system resources.

Hacker Class

·         White Hat

·         Black Hat

·         Grey Hat

·         Suicide Hackers

·         Script Kiddies

·         Cyber terrorists

·         State sponsored Hackers

·         Hacktivist

Other Article related to Hacking Training -  

·         HOW TO HACK WIRELESSNETWORKS ?

·         MOBILE HACKING — HOWTO HACK AN ANDROID PHONE?

·         MAN IN THE MIDDLEATTACK (GET LOGIN CREDENTIALS OF ADMIN PANEL OF WEBSITE)

·         BURP-SUITE IN CEH V9TRAINING

Hacking Phases:

1.RECONNAISSANCE:It’s the preparatory phase also known as Information gathering about the target network before launching an attack.

Types

Active and Passive

2.SCANNING: Attacker scan the networks of the target on the basis of information gathered in Reconnaissance phase using port scanner, ping tools and try to get information about the live system details etc.

3.GAINING ACCESS: Attacker can gain access at operating system, network or application level using open ports, sessionhijacking, password cracking etc.

4.MAINTAINING ACCESS: In this phase attacker tries to retain his ownership in in system by using backdoors, rootkits, Trojans.

5.CLEARING TRACKS: In this phase cover the tracks to hide his identity.

Types of Security Policy

·         Promiscuous Policy

·         Permissive Policy

·         Prudent Policy

·         Paranoid Policy

Penetration Testing

Penetration Testing Training  is the method of evaluating the security of an information system or any network by simulating an attack to find out vulnerabilities that an attacker could exploit.

Types

White Box, BlackBox, Grey Box

Phases of Penetration Testing

PRE ATTACK PHASE: Planning and Preparation, Methodology Designing, Network Information Gathering

ATTACK PHASE: PenetratingPerimeter, acquiringtarget, escalatingprivilege, execution, implantation, retracting

POST-ATTACKPHASE: Reporting, CleanUp, Artefact destruction

Security Testing Methodology

OWASP

OSSTMM

ISSAF

EC Council LPT Methodology

Information Security Standards

PCI DSS

HIPPA

ISO 27001:2013

SOX