CEHv13 Notes - Module 1 - Introduction to Ethical Hacking

The goal of the ethical hacker is to help the organization take preemptive measures against malicious attacks by attacking the system himself; all the while staying within legal limits. This philosophy stems from the proven practice of trying to catch a thief, by thinking like a thief. As technology advances and organization depend on technology increasingly, information assets have evolved into critical components of survival. If hacking involves creativity and thinking 'out-of-the-box', then vulnerability testing and security audits will not ensure the security proofing of an organization. To ensure that organizations have adequately protected their information assets, they must adopt the approach of 'defense in depth'. In other words, they must penetrate their networks and assess the security posture for vulnerabilities and exposure. The Ethical Hacker is an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods as a Hacker. Hacking is a felony in some countries. When it is done by request and under a contract between an Ethical Hacker and an organization, it is legal. The most important point is that an Ethical Hacker has authorization to probe the target. The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.

  https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/ 

CEH v13

The International Council of Electronic Commerce Consultants, better known as EC-Council, was founded in late 2001 to address the need for well-educated and certified information security and e-business practitioners. EC-Council is a global, member-based organization composed of industry and subject matter experts working together to set the standards and raise the bar in information security certification and education. 

Information security refers to the protection or safeguarding of information and information systems that use, store, and transmit information from unauthorized access, disclosure, alteration, and destruction. 

Tools Covered

 

1. Footprinting Tools

Maltego

Foca

Recon-ng

Google Dorks

Whois

theHarvester

Shodan

Dnsrecon

Grecon

Photon

Sherlock

Spiderfoot

holehe

2. Scanning Tools

Nmap

Rustscan

sx-Tool

Colasoft Packet Builder

Nessus

OpenVAS

QualysGuard

Nikto

Angry IP Scanner

Hping3

3. Enumeration Tools

Netcat S

NMPCheck 

SNMPEnum

Enum4Linux

NbtScan

SuperEnum

RPCScan

Dnsrecon

4. Vulnerability Assessment Tools
Nessus

OpenVAS

QualysGuard

Nikto

Burp Suite

W3af

5. System Hacking Tools

Metasploit Framework 

Msfvenom

Cain & Cabel 

John the Ripper

Hydra

Medussa

Hashcat 

RainbowCrack 

Havoc

PowerSploit 

Reverse-shell-generator

L0pthCrack 

Winrtgen

pwdump7

Tanium Endpoint Management

6. Sniffing tools

Wireshark

Tcpdump

Ettercap

Dsniff

MITM

Cain & Abel

Macchanger

7. Social Engineering Tools

Social-Engineer Toolkit (SET)

Dark-Phish

Shellphish

8. Denial of Service Tools

Slowloris

LOIC

HOIC

UltraDDoS

PyDDoS

PyFlooder

9. Session Hijacking Tools

CAIDO

Hetty

OWASP ZAP

10. Evading IDS, Firewall, and honeypots Tools

Nmap

Tcpreplay

Snort

Hping3

Pfsense

11. Hacking Web Server Tools

Ghost_eye

Impacket

Ncat

NMAP

Httprecon

ID Serve

12. Web Application Hacking Tools

OWASP ZAP

Burp Suite

SQLmap

Wapiti

Nikto

DirBuster

Wpscan

Skipfish

PwnXSS

Dirsearch

ClickjackPOC

13. SQL Injection Tools

DSSS

ghauri

SQLmap

14. Hacking Wireless

Networks Tools

Sparrow-wifi

Airodump-ng

Aircrack-ng

15. Hacking Mobile Platforms Tools

AndroRAT

PhoneSploit-Pro

LOIC

16. IoT and OT Tools

Bevywise IoT Simulator

17. AI Tools

ShellGPT

Tranis AI

Malware.AI

ChatGPT

DeepfakeVFX

SmartScanner

OSS Insight

DeepExploit

Hoodem

Module 1 - Introduction to Ethical Hacking

Learning Objectives:

1. Explain Information Security Concepts

2. Explain Hacking Concepts and Different Hacker Classes

3. Explain Ethical Hacking Concepts and Scope

4. Explain Hacking Methodologies and Frameworks

5. Summarize the Techniques used in Informaiton Security Controls

6. Explain the importance of Applicable Security Laws and Standards

At the end of this module, you will be able to: 

▪ Describe the elements of information security 

▪ Explain information security attacks and information warfare 

▪ Describe hacking concepts and hacker classes 

▪ Explain ethical hacking concepts and AI-driven ethical hacking 

▪ Describe various hacking methodologies and frameworks 

▪ Understand information security controls (information assurance, defense-in-depth, risk management, cyber threat intelligence, threat modeling, incident management process, and artificial intelligence (AI)/machine learning (ML))

▪ Understand various information security acts and laws 

1. Explain Information Security Concepts

 Information security refers to the protection or safeguarding of information and information systems that use, store, and transmit information from unauthorized access, disclosure, alteration, and destruction. Information is a critical asset that organizations must secure. If sensitive information falls into the wrong hands, then the respective organization may suffer huge losses in terms of finances, brand reputation, customers, or in other ways. To provide an understanding of how to secure such critical information resources, this module starts with an overview of information security. This section introduces the elements of information security, classification of attacks, and information warfare.

Information security is a state of well-being of information and infrastructure in which the possibility of theft, tampering, and disruption of information and services is low or tolerable

Elements of Information Security 

• Confidentiality
• Integrity
• Availability
• Authenticity
• Non-repudiation

Information Security Attacks: Motives, Goals, and Objectives

Attacks = Motive (Goal) + Method (TTP) + Vulnerability

Tactics, Techniques, and Procedures ( TTPs)

The terms “tactics, techniques, and procedures” refer to the patterns of activities and methods associated with specific threat actors or groups of threat actors. TTPs are helpful in analyzing threats and profiling threat actors and can further be used to strengthen the security infrastructure of an organization. The word “tactics” is defined as a strategy followed by an attacker to perform the attack from the beginning to the end. The word “techniques” is defined as the technical methods used by an attacker to achieve intermediate results during the attack . Finally, the word “procedures” is defined as a systematic approach followed by the threat actors to launch an attack. In order to understand and defend against the threat actors, it is important to understand the TTPs used by adversaries. Understanding the tactics of an attacker helps to predict and detect evolving threats in the early stages. Understanding the techniques used by attackers helps to identify vulnerabilities and implement defensive measures in advance. Lastly, analyzing the procedures used by the attackers helps to identify what the attacker is looking for within the target organization’s infrastructure.

Vulnerability 

A vulnerability refers to a weakness in the design or implementation of a system that can be exploited to compromise the security of the system. It is frequently a security loophole that enables an attacker to enter the system by bypassing user authentication. There are generally two main causes for vulnerable systems in a network, software or hardware misconfiguration and poor programming practices. Attackers exploit these vulnerabilities to perform various types of attacks on organizational resources. 

Common Reasons for the Existence of Vulnerabilities 

▪ Hardware or software misconfiguration

▪ Common Reasons for the Existence of Vulnerabilities ▪ Hardware or software misconfiguration

▪ Inherent technology weaknesses

▪ End-user carelessness

▪ Intentional end-user acts

Classification of Attacks

• Passive Attacks
• Active Attacks
• Close-in Attacks
• Insider Attacks
• Distribution Attacks

Information Warfare

2. Explain Hacking Concepts and Different Hacker Classes

 

Hacking refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to a system’s resources

It involves modifying system or application features to achieve a goal outside of the creator’s original purpose.

Hacking can be used to steal and redistribute intellectual property, leading to business loss 

What is Hacking? 

Hacking in the field of computer security refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to system resources. It involves a modifying system or application features to achieve a goal outside its creator’s original purpose. Hacking can be done to steal, pilfer, or redistribute intellectual property, thus leading to business loss. Hacking on computer networks is generally done using scripts or other network programming. Network hacking techniques include creating viruses and worms, performing denial-of-service (DoS) attacks, establishing unauthorized remote access connections to a device using trojans or backdoors, creating botnets, packet sniffing, phishing, and password cracking. The motive behind hacking could be to steal critical information or services, for thrill, intellectual challenge, curiosity, experiment, knowledge, financial gain, prestige, power, peer recognition, vengeance and vindictiveness, among other reasons.

Who is a Hacker?

A hacker is a person who breaks into a system or network without authorization to destroy, steal sensitive data, or perform malicious attacks. A hacker is an intelligent individual with excellent computer skills, along with the ability to create and explore the computer’s software and hardware. Usually, a hacker is a skilled engineer or programmer with enough knowledge to discover vulnerabilities in a target system. They generally have subject expertise and enjoy learning the details of various programming languages and computer systems.

3. Explain Ethical Hacking Concepts and Scope

 Ethical Hacking Concepts

An ethical hacker follows processes similar to those of a malicious hacker. The steps to gain and maintain access to a computer system are similar irrespective of the hacker’s intentions.

What is Ethical Hacking? 

Ethical hacking is the practice of employing computer and network skills in order to assist organizations in testing their network security for possible loopholes and vulnerabilities. White Hats (also known as security analysts or ethical hackers) are the individuals or experts who perform ethical hacking. Nowadays, most organizations (such as private companies, universities, and government organizations) are hiring White Hats to assist them in enhancing their cybersecurity. They perform hacking in ethical ways, with the permission of the network or system owner and without the intention to cause harm. Ethical hackers report all vulnerabilities to the system and network owner for remediation, thereby increasing the security of an organization’s information system. Ethical hacking involves the use of hacking tools, tricks, and techniques typically used by an attacker to verify the existence of exploitable vulnerabilities in system security.

Reasons why organizations recruit ethical hackers 

▪ To prevent hackers from gaining access to the organization’s information systems 

▪ To uncover vulnerabilities in systems and explore their potential as a risk 

▪ To analyze and strengthen an organization’s security posture, including policies, network protection infrastructure, and end-user practices

▪ To provide adequate preventive measures in order to avoid security breaches 

▪ To help safeguard the customer data 

▪ To enhance security awareness at all levels in a business

Scope and Limitations of Ethical Hacking 

Security experts broadly categorize computer crimes into two categories: crimes facilitated by a computer and those in which the computer is the target. Ethical hacking is a structured and organized security assessment, usually as part of a penetration test or security audit, and is a crucial component of risk assessment, auditing, counter fraud, and information systems security best practices. It is used to identify risks and highlight remedial actions. It is also used to reduce Information and Communications Technology (ICT) costs by resolving vulnerabilities. Ethical hackers determine the scope of the security assessment according to the client’s security concerns. Many ethical hackers are members of a “Tiger Team.” A tiger team works together to perform a full-scale test covering all aspects of the network, as well as physical and system intrusion. An ethical hacker should know the penalties of unauthorized hacking into a system. No ethical hacking activities associated with a network-penetration test or security audit should begin before receiving a signed legal document giving the ethical hacker express permission to perform the hacking activities from the target organization. Ethical hackers must be judicious with their hacking skills and recognize the consequences of misusing those skills.

Skills of an Ethical Hacker

Technical Skills

• In-depth knowledge of major operating environments such as Windows, Unix, Linux, and Macintosh

• In-depth knowledge of networking concepts, technologies, and related hardware and software

• A computer expert adept at technical domains

• Knowledgeable about security areas and related issues

• “High technical” knowledge for launching sophisticated attacks

Non-Technical Skills

• The ability to learn and adopt new technologies quickly

• Strong work ethics and good problem solving and communication skills

• Committed to the organization’s security policies

• An awareness of local standards and laws 

AI-Driven Ethical Hacking

Advancements in AI have led to more sophisticated cyber threats, as hackers increasingly use AI-driven tools to enhance and automate their attacks, presenting significant challenges to cybersecurity

AI-driven ethical hacking is a modern approach to cybersecurity where artificial intelligence (AI) technologies are used to enhance the capabilities of ethical hackers

Leveraging AI in ethical hacking enables professionals to anticipate emerging threats, outpace malicious actors, and proactively mitigate risks

AI-driven ethical hacking involves use of AI technologies such as AI algorithms, machine learning models, and automation frameworks to facilitate and automate ethical hacking efforts

Benefits: 1. Efficiency 2. Accuracy 3. Scalability 4. Cost-Effectivenes

How AI-Driven Ethical Hacking Helps Ethical Hacker?

AI-driven ethical hacking enhances the efficiency, effectiveness, and scope of cybersecurity measures, providing ethical hackers with powerful tools to safeguard digital assets against increasingly sophisticated cyber threats

1. Automation of Repetitive Tasks
2. Predictive Analysis 
3. Advanced Threat Detection
4. Adaptive Learning 
5. Enhanced Decision Making
6. Enhanced Reporting
7. Simulation and Testing 
8. Scalability
9. Continuous Monitoring
10. Adaptive Defense Mechanisms

ChatGPT-Powered AI Tools:

• HackerGPT https://chat.hackerai.co
• PentestGPT https://github.com
• Bug Hunter GPT https://chatgpt.com
• Ethical Hacker GPT https://chatgpt.com

1. ShellGPT: ShellGPT is an AI-powered tool that enhances accuracy in managing complex systems, writing secure code, and automating repetitive tasks, such as a variety of shell and command-line tasks.

2. AutoGPT: AutoGPT is an AI-powered tool designed to automate task execution and data processing. It leverages the capabilities of advanced AI models to generate actionable insights, streamline workflows, and enhance decision-making processes in various domains including cybersecurity.

3. WormGPT: WormGPT is an AI-powered tool that assists cybersecurity professionals in automating the generation of worm-like scripts and payloads. It leverages AI to create sophisticated malware for testing and defense purposes, ensuring that robust security measures are in place.

4. ChatGPT with DAN prompt: ChatGPT with DAN Prompt is a customized version of ChatGPT that utilizes the DAN (Do Anything Now) prompt to enhance its capabilities. This tool enables ethical hackers to perform a wide range of tasks by leveraging the flexibility and power of DAN prompts

5. FreedomGPT: FreedomGPT is an AI tool designed to provide ethical hackers with unrestricted access to AI. It aims to bypass traditional content filters and restrictions, allowing users to explore a wide range of functionalities and information.

6. FraudGPT: FraudGPT is an AI tool specifically designed to detect and prevent fraudulent activities. It leverages machine learning and AI to analyze patterns, identify suspicious behaviors, and provide actionable insights to mitigate fraud.

7. ChaosGPT: ChaosGPT is an AI tool designed to simulate and understand chaotic and unpredictable behaviors.

8. PoisonGPT: PoisonGPT is an AI-powered tool that introduces malicious models into otherwise trusted AI systems. It is used to study and understand the implications of AI model poisoning, helping develop defenses against such attacks.

1. HackerGPT Source: www.chat.hackerai.co

2. BurpGPT Source: www.burpgpt.app

3. BugBountyGPT Source: www.chatgpt.com/g/g-Rsk7ADgbD-bugbountygpt

4. PentestGPT Source: www.github.com/GreyDGL/PentestGPT

5. GPT White Hack Source: www.chatgpt.com/g/g-3ngv8eP6R-gpt-white-hack

6. CybGPT Source: www.github.com/Coinnect-SA/CybGPT

7. BugHunterGPT Source: www.chatgpt.com/g/g-y2KnRe0w4-bug-hunter-gpt

8. Hacking APIs GPT Source: www.chatgpt.com/g/g-UZxOCmqLH-hacking-apis-gpt

9. h4ckGPT Source: www.chatgpt.com/g/g-1ehIO0APO-h4ckgpt

10. HackerNewsGPT Source: www.chatgpt.com/g/g-BIfVX3cVX-hackernews-gp

11. Ethical Hacker GPT Source: www.chatgpt.com/g/g-j4PQ2hyqn-ethical-hacker-gpt

12. GP(en)T(ester) Source: www.chatgpt.com/g/g-zQfyABDUJ-gp-en-t-ester

04. Explain Hacking Methodologies and Frameworks

 

CEH Ethical Hacking Framework

Cyber Kill Chain Methodology

MITRE ATT&CK Framework

Diamond Model of Intrusion Analysis

5. Summarize the Techniques used in Information Security Controls

Information Assurance (IA)

 • IA refers to the assurance that the integrity, availability, confidentiality, and authenticity of information and information systems is protected during the usage, processing, storage, and transmission of information

• Some of the processes that help in achieving information assurance include: 

1. Developing local policy, process, and guidance 
2. Designing network and user authentication strategies
3. Identifying network vulnerabilities and threats 
4. Identifying problem and resource requirements 
5. Creating plans for identified resource requirements
6. Applying appropriate information assurance controls 
7. Performing certification and accreditation
8. Providing information assurance training 

Continual/ Adaptive Security Strategy

Defense - in - Depth

What is Risk?

• Risk refers to the degree of uncertainty or expectation that an adverse event may cause damage to the system 

• Risks are categorized into different levels according to their estimated impact on the system 

• A risk matrix is used to scale risk by considering the probability, likelihood, and consequence or impact of the risk

RISK = Threats x Vulnerabilities x Impact

RISK = Threat × Vulnerability × Asset Value

Risk Management

• Risk management is the process of reducing and maintaining risk at an acceptable level by means of a well-defined and actively employed security program

Risk Management Phases

Cyber Threat Intelligence

Cyber Threat Intelligence (CTI) is defined as the collection and analysis of information about threats and adversaries and the drawing of patterns that provide the ability to make knowledgeable decisions for preparedness, prevention, and response actions against various cyber-attacks

Cyber threat intelligence helps the organization to identify and mitigate various business risks by converting unknown threats into known threats; it helps in implementing various advanced and proactive defense strategies

Threat Intelligence Lifecycle 

Threat Modeling

Threat modeling is a risk assessment approach for analyzing the security of an application by capturing, organizing, and analyzing all the information that affects the security of an application

Threat Modeling Proces

Incident Management

Incident management is a set of defined processes to identify, analyze, prioritize, and resolve security incidents to restore normal service operations as quickly as possible and prevent future recurrence of the incident

Incident Handling and Response 

Incident handling and response (IH&R) is the process of taking organized and careful steps when reacting to a security incident or cyberattac

Steps involved in the IH&R process:

Role of AI and ML in Cyber Security

• Machine learning (ML) and artificial intelligence (AI) are now vastly used across various industries and applications due to the increase in computing power, data collection, and storage capabilities

• ML is an unsupervised self-learning system that is used to define what the normal network looks like, along with its devices, and then to backtrack and report any deviations or anomalies in real-time

• AI and ML in cyber security helps in identifying new exploits and weaknesses, which can then be easily analyzed to mitigate further attacks

• ML classification techniques:

▪ Supervised learning makes use of algorithms that input a set of labeled training data, with the aim of learning the differences between the labels

▪ Unsupervised learning makes use of algorithms that input unlabeled training data, with the aim of deducing all categories by itsel

How Do AI and ML Prevent Cyber Attacks?

1. Password Protection and Authentication
2. Phishing Detection and Prevention 
3. Threat Detection 
4. Vulnerability Management
5. Behavioral Analytics 
6. Network Security 
7. AI-based Antivirus 
8. Fraud Detection 
9. Botnet Detection 
10. AI to Combat AI Threats

6. Explain the Importance of Applicable Security Laws and Standards

Information Security Laws and Standards

Laws are a system of rules and guidelines that are enforced by a particular country or community to govern behavior. A Standard is a “document established by consensus and approved by a recognized body that provides, for common and repeated use, rules, guidelines, or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context.” 

Payment Card Industry Data Security Standard ( PCI DSS)

• PCI Data Security Standard - High Level Overview:
• Build and Maintain a Secure Network 
• Protect Cardholder Data 
• Maintain a Vulnerability Management Program
• Implement Strong Access Control Measures 
• Regularly Monitor and Test Networks 
• Maintain an Information Security Policy

Failure to meet the PCI DSS requirements may result in fines or the termination of payment card processing privileges 

ISO/ IEC Standards

Health Insurance Portability and Accountability Act ( HIPAA) 

HIPAA's Administrative Simplification Statute and Rules

• Electronic Transaction and Code Set Standards: Requires every provider who does business electronically to use the same health care transactions, code sets, and identifiers
• Privacy Rule: Provides federal protections for the personal health information held by covered entities and gives patients an array of rights with respect to that information
• Security Rule: Specifies a series of administrative, physical, and technical safeguards for covered entities to use to ensure the confidentiality, integrity, and availability of electronically protected health information
• National Identifier Requirements: Requires that health care providers, health plans, and employers have standard national numbers that identify them attached to standard transactions
• Enforcement RuleProvides the standards for enforcing all the Administration Simplification Rules 

Sarbanes Oxley Act ( SOX) 

• Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures

• The key requirements and provisions of SOX are organized into 11 titles

The Digital Millennium Copyright Act (DMCA) and the Federal Information Security Management Act ( FISMA)

The Digital Millennium Copyright Act (DMCA)

• The DMCA is a United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO)

• It defines the legal prohibitions against the circumvention of technological protection measures employed by copyright owners to protect their works, and against the removal or alteration of copyright management information

Federal Information Security Management Act (FISMA)

• The FISMA provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets

• It includes

• Standards for categorizing information and information systems by mission impact

• Standards for minimum security requirements for information and information systems

• Guidance for selecting appropriate security controls for information systems

• Guidance for assessing security controls in information systems and determining security control effectiveness

• Guidance for security authorization of information systems

General Data Protection Regula tion (GDPR)

• GDPR regulation was put into effect on May 25, 2018 and one of the most stringent privacy and security laws globally • The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching tens of millions of euros

GDPR Data Protection Principles

▪ Lawfulness, fairness, and transparency: Processing must be lawful, fair, and transparent to the data subject 

▪ Purpose limitation: You must process data for the legitimate purposes specified explicitly to the data subject when you collected it 

▪ Data minimization: You should collect and process only as much data as necessary for the purposes specified 

▪ Accuracy: You must keep personal data accurate and up to date ▪ Storage limitation: You may only store personally identifying data for as long as necessary for the specified purpose 

▪ Integrity and confidentiality: Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g., by using encryption)

▪ Accountability: The data controller is responsible for demonstrating GDPR compliance with all these principles

Data Protection Act 2018 (DPA) - UK

• The DPA 2018 sets out the framework for data protection law in the UK

• It updates and replaces the Data Protection Act 1998 and came into effect on 25 May, 2018

• The DPA protects individuals concerning the processing of personal data, in particular by: • Requiring personal data to be processed lawfully and fairly, based on the data subject’s consent or another specified basis,

• The DPA is an act to make provision for the regulation of the processing of information relating to individuals; to make provision in connection with the Information Commissioner’s functions under specific regulations relating to information; to make provision for a direct marketing code of practice, and connected purposes

• The DPA protects individuals concerning the processing of personal data, in particular by: 

• Requiring personal data to be processed lawfully and fairly, based on the data subject’s consent or another specified basis, 

• Conferring rights on the data subject to obtain information about the processing of personal data and to require inaccurate personal data to be rectified, and

• Conferring functions on the Commissioner, giving the holder of that office responsibility to monitor and enforce their provision

Cyber Law in Different Countries

References