Everand Logo

Welcome to Everand!

  • Discover millions of ebooks, audiobooks, and so much more with a free trial

    Only $11.99/month after trial. Cancel anytime.

    The Certified Ethical Hacker Exam - version 8 (The concise study guide)
    The Certified Ethical Hacker Exam - version 8 (The concise study guide)
    The Certified Ethical Hacker Exam - version 8 (The concise study guide)
    Ebook141 pages2 hours

    The Certified Ethical Hacker Exam - version 8 (The concise study guide)

    By alasdair gilchrist

    3/5

    ()

    Read preview

    About this ebook

    The concise guide to Certified Ethical Hacker - version 8 is a compact study guide for those pursuing the Certified Ethical Hacker Certification.

    This book summarizes all you need to know in the twenty exam modules to pass the exam.

    If you are a practicing security professional there is no need to read through a 500 page book, It is all here for you in concise and condensed fashion!

    Do not worry, you will not have to study for hours on hours, this book is not in itself a study guide for beginners but an exam reference that highlights the topics covered by the syllabus and is therefore hugely valuable for the last week preparation for the exam.

    Read it, Remember it, Replay it and Good Luck!

    LanguageEnglish
    PublisherRG Consulting
    Release dateFeb 11, 2015
    ISBN9781507084052
    The Certified Ethical Hacker Exam - version 8 (The concise study guide)

    Read more from Alasdair Gilchrist

    Related to The Certified Ethical Hacker Exam - version 8 (The concise study guide)

    Related ebooks

    Certification Guides For You

    View More
    View More

    Related podcast episodes

    Related articles

    • Article

      Building a Cybersecurity Fence

      Jan 30, 2019

      Building a Cybersecurity Fence
      4 min read

    • Article

      Staying Safe In The Cloud

      Jul 22, 2019

      Staying Safe In The Cloud
      4 min read

    • Article

      Web App Security

      Jun 29, 2021

      Web App Security
      8 min read

    • Article

      Hacker’s Manual

      Mar 2, 2021

      Hacker’s Manual
      1 min read

    • Article

      “Someone Who Under Takes A Ransomware Attack Isn’t A Hacker, They’re An Attacker”

      Aug 12, 2021

      If you’ve ever attended an infosec or cybersecurity event, you will no doubt have noticed the preponderance of “Hacking is NOT a Crime” stickers. In 2018, some 500 such stickers were handed out at the DEF CON 26 event, the following year 5,000 were d

      7 min read

    • Article

      Hacker’s Toolkit 2o22

      May 31, 2022

      Hacker’s Toolkit 2o22
      1 min read

    • Article

      Hacker’s Manual

      Nov 17, 2020

      Hacker’s Manual
      1 min read

    • Article

      Revisiting Tor

      Aug 24, 2020

      Revisiting Tor
      4 min read

    • Article

      Hack The Planet/Parrot

      May 31, 2022

      Hack The Planet/Parrot
      2 min read

    • Article

      Network Attacks

      Sep 21, 2020

      Though less common than malware and social engineering, network-based attacks are still a threat to every computer and mobile user, and everyone should have at least a basic understanding of what they are and how to avoid them. So this month let’s lo

      4 min read

    • Article

      Building PCs

      Apr 7, 2020

      Building PCs
      2 min read

    • Article

      Hack The System

      Dec 17, 2019

      If you followed our handy guide on the previous pages, then you’ll already have augmented your Kali Light installation with Nmap, a port-scanning utility par excellence and a vital part of any pen-tester’s arsenal. As mentioned on the DVD page (there

      4 min read

    • Article

      ‘Open Ports’ Leave a Hole in Smartphone Security

      May 8, 2017

      Smartphone apps that use “open ports” to share and receive data are more vulnerable to security breaches than previously thought, mainly due to the their widespread use in internet communication, a new study suggests. The vulnerability the researcher

      3 min read

    • Article

      Introducing Kali

      Mar 2, 2021

      Introducing Kali
      4 min read

    • Article

      All about Ethernet

      Jan 11, 2021

      All about Ethernet
      4 min read

    Related categories

    Reviews for The Certified Ethical Hacker Exam - version 8 (The concise study guide)

    3/5

    9 ratings0 reviews

    What did you think?

    Tap to rate

    Review must be at least 10 words

      Book preview

      The Certified Ethical Hacker Exam - version 8 (The concise study guide) - alasdair gilchrist

      Chapter 1 – Introduction to Ethical Hacking

      In this chapter, we are going to introduce Ethical Hacking, including:

      What is IT Security and why is it necessary?

      Information technology has developed over the last few decades at amazing pace. As a result, technology has developed that focuses on ease of use and convenience to aid productivity, furthermore there has been a shift towards network based and web applications. This has made systems and applications easier for a hacker to access, and to compound the problem the skill levels required to launch attacks has decreased. However, conversely the increasing complexity of computer infrastructure, administration and management has become more complex.

      This imbalance has led to increased hacker activity as the odds have shifted to be in the hacker's favor. For the company a successful attack can directly affect assets and goodwill, so they must place added importance to securing the business assets.

      Essential Terminology

      In order to understand many of the concepts of ethical hacking and IT security we need to be familiar with some commonly used terminology:

      Threat - is an action or potential event that might compromise system security.

      Vulnerability – is the existence of a weakness, design or implementation error that could lead to an unexpected and undesirable event that could lead to a compromise of security

      Target of Evaluation – Ant IT system, application or asset subjected to the required security evaluation

      Attack – an assault on system security that is derived from an intelligent intentional threat that violates system security

      Exploit – is a defined way to breach system security via a known vulnerability

      Elements of Security

      The first thing we have to consider is what is security? It is defined as being a state of well-being of information and infrastructure in which the possibility of a successful yet undetected theft, tampering and disruption of information and services is kept low or tolerable. A hacking event will violate one or more of the security elements. The security elements are the key concepts of information security and they are:

      Confidentiality – protection of privacy and concealment of information or resources

      Authenticity – the identification and verification of the origin of information

      Integrity – the assurance that the information has not been tampered with or modified through unauthorized changes

      Availability – the ability to use the information or systems as designed

      The Security Triangle

      Functionality

      Security  Ease of Use

      If we consider the diagram above, we can see that by moving the ball inside the triangle towards security means moving further away from functionality and ease of use. Therefore, by increasing security and minimizing the risk and number of exploits we reduce both functionality and ease of use.

      Hacking Methodology

      Hacking systems is not a random affair there are key phases to any attack and they follow a basic methodology.

      Reconnaissance – preparation and information gathering phase before launching an attack. There are two types active scanning which requires interaction with the target, such as a phone call to the technical department and passive which acquires information indirectly, such as via online searches.

      Scanning –is the pre-attack phase where the hacker scans the network for specific information such as operating systems, IP addresses, open ports and known vulnerabilities

      Gaining Access – this refers to exploiting any discovered vulnerabilities this is the penetration phase and it can occur over the LAN, Internet or as a deception or theft.

      Maintaining Access – once the system is compromised the hacker strives to maintain access to retain control of the target

      Clearing tracks–a vital stage where the hacker has to hide his tracks, identity, access and misdeeds.

      Types of Hacker Attacks

      There are several ways an attacker can gain access to a system but they must first identify and exploit the system's vulnerability. The attack types are:

      Operating System attacks – OS are very complex by nature with many services creating many potential vulnerabilities

      Application-level attacks – Software application have an array of functions and services sometime not security tested

      Shrink Wrap code attacks – these can be sample scripts that come with the OS that are aimed at making an administrator's job easier.

      Miss-configuration attacks – many systems are installed with default configurations and passwords

      Hacking Concepts

      There are several types of hacker that we should be aware. For example, there is Hacktivism, which refers to the idea of hacking with or for a cause and comprises hackers with a social or political agenda. However, no matter the intentions, gaining unauthorized access is still a crime.

      The other hacker classes are:

      Black Hats – individuals with high skill levels but malicious intentions aka crackers.

      White Hats – individuals with high skill levels used for defensive purposes aka security analysts

      Grey Hats – Individuals who work both offensively and defensively

      Suicide Hackers – Individuals who aim to bring down critical systems and infrastructure for a cause and don't care about being caught.

      Ethical Hacker Classes

      Former Black Hats – these are reformed crackers with firsthand experience though they may have credibility

      White Hats – independent security consultants

      Consulting Firms – security consultants that work as part of an ICT Firm and have good credibility.

      So what do ethical hackers do? An ethical hacker try to answer the questions of what an intruder can see during the reconnaissance and scanning phases. They also check to see what vulnerabilities may be revealed by any information they manage to obtain to gain and maintain access. Finally, they will look to see if anyone noticed their activities. In order to do this an ethical hacker needs to know what an organization is trying to protect, and from whom, and what resources they are willing to expend to gain protection.

      In order to become an ethical hacker you need to have the following profile:

      Should be proficient with programs and computer networks

      Should be proficient with vulnerability research

      Should have mastery in different hacking techniques

      Should be prepared to follow a strict code of conduct

      A successful ethical hacker will be highly technical with exemplary knowledge of network and related OS and hardware as well as security areas and related issues.

      One of the key areas regards ethical hacking is vulnerability research. Vulnerabilities are known weaknesses and designs that provide a way for hackers to compromise a systems security. Vulnerabilities are classified as:

      Severity level – (low, medium, high)

      Exploit range – (local or remote)

      Ethical hackers need to be proficient in vulnerability research in order to identify and correct network vulnerabilities in order to protect the network from attack. They also use vulnerability research to gather information about latest viruses and to find weaknesses in the network. They also need to know how to recover from a network attack.

      There are several vulnerability databases:

      National Vulnerability Database (nvd.nis.gov)

      Security Tracker (www.securitytracker.com)

      Securitas (www.securiteam.com)

      Hacker storm Vulnerability Database (www.hackerstorm.com)

      How to conduct a Penetration Test

      There is a methodology with regards conducting successful ethical hacking that follow a six-step procedure:

      Determine the tasks objectives and scope

      Prepare and get signed NDA documents

      Draw up a schedule

      Conduct the tests

      Analyze the results

      Deliver the report

      Chapter 2 – Foot printing& Reconnaissance

      In this chapter, we are going to introduce network

      Enjoying the preview?
      Page 1 of 1