The Certified Ethical Hacker Exam - version 8 (The concise study guide)
3/5
()
About this ebook
The concise guide to Certified Ethical Hacker - version 8 is a compact study guide for those pursuing the Certified Ethical Hacker Certification.
This book summarizes all you need to know in the twenty exam modules to pass the exam.
If you are a practicing security professional there is no need to read through a 500 page book, It is all here for you in concise and condensed fashion!
Do not worry, you will not have to study for hours on hours, this book is not in itself a study guide for beginners but an exam reference that highlights the topics covered by the syllabus and is therefore hugely valuable for the last week preparation for the exam.
Read it, Remember it, Replay it and Good Luck!
Read more from Alasdair Gilchrist
Google Cloud Platform an Architect's Guide Rating: 5 out of 5 stars5/5REST API Design Control and Management Rating: 4 out of 5 stars4/5Concise Guide to OTN optical transport networks Rating: 4 out of 5 stars4/5A Concise Guide to Object Orientated Programming Rating: 0 out of 5 stars0 ratingsGoogle Cloud Platform for Data Engineering: From Beginner to Data Engineer using Google Cloud Platform Rating: 5 out of 5 stars5/5Google Cloud Platform - Networking Rating: 0 out of 5 stars0 ratingsConcise Guide to DWDM Rating: 5 out of 5 stars5/5Spreadsheets To Cubes (Advanced Data Analytics for Small Medium Business): Data Science Rating: 0 out of 5 stars0 ratingsA Practical Guide Wireshark Forensics Rating: 5 out of 5 stars5/5Six Sigma Yellow Belt Certification Study Guide Rating: 0 out of 5 stars0 ratingsSupply Chain 4.0: From Stocking Shelves to Running the World Fuelled by Industry 4.0 Rating: 3 out of 5 stars3/5An Executive Guide to Identity Access Management - 2nd Edition Rating: 4 out of 5 stars4/5Digital Success: A Holistic Approach to Digital Transformation for Enterprises and Manufacturers Rating: 0 out of 5 stars0 ratingsThe Layman's Guide GDPR Compliance for Small Medium Business Rating: 5 out of 5 stars5/5Tackling Fraud Rating: 4 out of 5 stars4/5A Concise Guide to Microservices for Executive (Now for DevOps too!) Rating: 1 out of 5 stars1/5A Last Minute Hands-on Guide to GDPR Readiness Rating: 0 out of 5 stars0 ratingsConcise and Simple Guide to IP Subnets Rating: 5 out of 5 stars5/5PSD2 - Open Banking for DevOps(Sec) Rating: 5 out of 5 stars5/5GDPR for DevOp(Sec) - The laws, Controls and solutions Rating: 5 out of 5 stars5/5Why Industry 4.0 Sucks! Rating: 0 out of 5 stars0 ratingsAn Introduction to SDN Intent Based Networking Rating: 5 out of 5 stars5/5SRS - How to build a Pen Test and Hacking Platform Rating: 2 out of 5 stars2/5FinTech Rising: Navigating the maze of US & EU regulations Rating: 5 out of 5 stars5/5Concise Guide to CompTIA Security + Rating: 3 out of 5 stars3/5A concise guide to PHP MySQL and Apache Rating: 4 out of 5 stars4/5The Concise Guide to SSL/TLS for DevOps Rating: 5 out of 5 stars5/5The Concise Guide to the Internet of Things for Executives Rating: 4 out of 5 stars4/5ChatGPT Will Won't Save The World Rating: 0 out of 5 stars0 ratings
Related to The Certified Ethical Hacker Exam - version 8 (The concise study guide)
Related ebooks
Introduction to US Cybersecurity Careers Rating: 3 out of 5 stars3/5Seven Deadliest Network Attacks Rating: 3 out of 5 stars3/5CEH: Certified Ethical Hacker v11 : Exam Cram Notes - First Edition - 2021 Rating: 0 out of 5 stars0 ratingsConcise Guide to CompTIA Security + Rating: 3 out of 5 stars3/5Learn Ethical Hacking: A Help Book of Ethical Hacking Rating: 0 out of 5 stars0 ratingsZero to Hacking: Zero Series, #1 Rating: 0 out of 5 stars0 ratingsHacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsHacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing Rating: 3 out of 5 stars3/5Certified Cybersecurity Compliance Professional Rating: 5 out of 5 stars5/5Hacking : Guide to Computer Hacking and Penetration Testing Rating: 5 out of 5 stars5/5The Cybersecurity Mindset: A Virtual and Transformational Thinking Mode Rating: 0 out of 5 stars0 ratingsSecurity+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5Building an Intelligence-Led Security Program Rating: 5 out of 5 stars5/5Seven Deadliest Web Application Attacks Rating: 0 out of 5 stars0 ratingsEthical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5CISSP in 21 Days - Second Edition Rating: 3 out of 5 stars3/5Modern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratingsCompTIA PenTest+ Study Guide: Exam PT0-001 Rating: 0 out of 5 stars0 ratingsComptia+ Network Rating: 0 out of 5 stars0 ratingsLearn Kali Linux 2019: Perform powerful penetration testing using Kali Linux, Metasploit, Nessus, Nmap, and Wireshark Rating: 0 out of 5 stars0 ratingsSome Tutorials in Computer Networking Hacking Rating: 0 out of 5 stars0 ratings7 Rules To Become Exceptional At Cyber Security Rating: 5 out of 5 stars5/5Applied Network Security Rating: 0 out of 5 stars0 ratings
Certification Guides For You
CompTIA A+ Complete Study Guide: Exam Core 1 220-1001 and Exam Core 2 220-1002 Rating: 4 out of 5 stars4/5CompTIA Security+ Get Certified Get Ahead: SY0-701 Study Guide Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5CompTIA Security+ Certification Practice Exams, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Coding For Dummies Rating: 5 out of 5 stars5/5CompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratings(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide Rating: 3 out of 5 stars3/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Data+ Study Guide: Exam DA0-001 Rating: 0 out of 5 stars0 ratingsMike Meyers' CompTIA Network+ Certification Passport, Sixth Edition (Exam N10-007) Rating: 1 out of 5 stars1/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCompTIA A+ Complete Review Guide: Core 1 Exam 220-1101 and Core 2 Exam 220-1102 Rating: 5 out of 5 stars5/5Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5CAPM Certified Associate in Project Management Practice Exams Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA A+ Certification Passport, Seventh Edition (Exams 220-1001 & 220-1002) Rating: 2 out of 5 stars2/5CCNA Certification Study Guide, Volume 2: Exam 200-301 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsCompTIA A+ Certification All-in-One For Dummies Rating: 3 out of 5 stars3/5Mike Meyers' CompTIA A+ Certification Passport, Sixth Edition (Exams 220-901 & 220-902) Rating: 4 out of 5 stars4/5CompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5AWS Certified Cloud Practitioner All-in-One Exam Guide (Exam CLF-C01) Rating: 5 out of 5 stars5/5Microsoft Office 365 for Business Rating: 4 out of 5 stars4/5PHR and SPHR Professional in Human Resources Certification Complete Practice Tests: 2018 Exams Rating: 4 out of 5 stars4/5
Reviews for The Certified Ethical Hacker Exam - version 8 (The concise study guide)
9 ratings0 reviews
Book preview
The Certified Ethical Hacker Exam - version 8 (The concise study guide) - alasdair gilchrist
Chapter 1 – Introduction to Ethical Hacking
In this chapter, we are going to introduce Ethical Hacking, including:
What is IT Security and why is it necessary?
Information technology has developed over the last few decades at amazing pace. As a result, technology has developed that focuses on ease of use and convenience to aid productivity, furthermore there has been a shift towards network based and web applications. This has made systems and applications easier for a hacker to access, and to compound the problem the skill levels required to launch attacks has decreased. However, conversely the increasing complexity of computer infrastructure, administration and management has become more complex.
This imbalance has led to increased hacker activity as the odds have shifted to be in the hacker's favor. For the company a successful attack can directly affect assets and goodwill, so they must place added importance to securing the business assets.
Essential Terminology
In order to understand many of the concepts of ethical hacking and IT security we need to be familiar with some commonly used terminology:
Threat - is an action or potential event that might compromise system security.
Vulnerability – is the existence of a weakness, design or implementation error that could lead to an unexpected and undesirable event that could lead to a compromise of security
Target of Evaluation – Ant IT system, application or asset subjected to the required security evaluation
Attack – an assault on system security that is derived from an intelligent intentional threat that violates system security
Exploit – is a defined way to breach system security via a known vulnerability
Elements of Security
The first thing we have to consider is what is security? It is defined as being a state of well-being of information and infrastructure in which the possibility of a successful yet undetected theft, tampering and disruption of information and services is kept low or tolerable. A hacking event will violate one or more of the security elements. The security elements are the key concepts of information security and they are:
Confidentiality – protection of privacy and concealment of information or resources
Authenticity – the identification and verification of the origin of information
Integrity – the assurance that the information has not been tampered with or modified through unauthorized changes
Availability – the ability to use the information or systems as designed
The Security Triangle
Functionality
Security Ease of Use
If we consider the diagram above, we can see that by moving the ball inside the triangle towards security means moving further away from functionality and ease of use. Therefore, by increasing security and minimizing the risk and number of exploits we reduce both functionality and ease of use.
Hacking Methodology
Hacking systems is not a random affair there are key phases to any attack and they follow a basic methodology.
Reconnaissance – preparation and information gathering phase before launching an attack. There are two types active scanning which requires interaction with the target, such as a phone call to the technical department and passive which acquires information indirectly, such as via online searches.
Scanning –is the pre-attack phase where the hacker scans the network for specific information such as operating systems, IP addresses, open ports and known vulnerabilities
Gaining Access – this refers to exploiting any discovered vulnerabilities this is the penetration phase and it can occur over the LAN, Internet or as a deception or theft.
Maintaining Access – once the system is compromised the hacker strives to maintain access to retain control of the target
Clearing tracks–a vital stage where the hacker has to hide his tracks, identity, access and misdeeds.
Types of Hacker Attacks
There are several ways an attacker can gain access to a system but they must first identify and exploit the system's vulnerability. The attack types are:
Operating System attacks – OS are very complex by nature with many services creating many potential vulnerabilities
Application-level attacks – Software application have an array of functions and services sometime not security tested
Shrink Wrap code attacks – these can be sample scripts that come with the OS that are aimed at making an administrator's job easier.
Miss-configuration attacks – many systems are installed with default configurations and passwords
Hacking Concepts
There are several types of hacker that we should be aware. For example, there is Hacktivism, which refers to the idea of hacking with or for a cause and comprises hackers with a social or political agenda. However, no matter the intentions, gaining unauthorized access is still a crime.
The other hacker classes are:
Black Hats – individuals with high skill levels but malicious intentions aka crackers.
White Hats – individuals with high skill levels used for defensive purposes aka security analysts
Grey Hats – Individuals who work both offensively and defensively
Suicide Hackers – Individuals who aim to bring down critical systems and infrastructure for a cause and don't care about being caught.
Ethical Hacker Classes
Former Black Hats – these are reformed crackers with firsthand experience though they may have credibility
White Hats – independent security consultants
Consulting Firms – security consultants that work as part of an ICT Firm and have good credibility.
So what do ethical hackers do? An ethical hacker try to answer the questions of what an intruder can see during the reconnaissance and scanning phases. They also check to see what vulnerabilities may be revealed by any information they manage to obtain to gain and maintain access. Finally, they will look to see if anyone noticed their activities. In order to do this an ethical hacker needs to know what an organization is trying to protect, and from whom, and what resources they are willing to expend to gain protection.
In order to become an ethical hacker you need to have the following profile:
Should be proficient with programs and computer networks
Should be proficient with vulnerability research
Should have mastery in different hacking techniques
Should be prepared to follow a strict code of conduct
A successful ethical hacker will be highly technical with exemplary knowledge of network and related OS and hardware as well as security areas and related issues.
One of the key areas regards ethical hacking is vulnerability research. Vulnerabilities are known weaknesses and designs that provide a way for hackers to compromise a systems security. Vulnerabilities are classified as:
Severity level – (low, medium, high)
Exploit range – (local or remote)
Ethical hackers need to be proficient in vulnerability research in order to identify and correct network vulnerabilities in order to protect the network from attack. They also use vulnerability research to gather information about latest viruses and to find weaknesses in the network. They also need to know how to recover from a network attack.
There are several vulnerability databases:
National Vulnerability Database (nvd.nis.gov)
Security Tracker (www.securitytracker.com)
Securitas (www.securiteam.com)
Hacker storm Vulnerability Database (www.hackerstorm.com)
How to conduct a Penetration Test
There is a methodology with regards conducting successful ethical hacking that follow a six-step procedure:
Determine the tasks objectives and scope
Prepare and get signed NDA documents
Draw up a schedule
Conduct the tests
Analyze the results
Deliver the report
Chapter 2 – Foot printing& Reconnaissance
In this chapter, we are going to introduce network