CEHv13 Notes – Module 00-01- Introduction to Ethical Hacking

玉兰 好物分享

Information security refers to the protection or safeguarding of information and information systems that use, store, and transmit information from unauthorized access, disclosure, alteration, and destruction. Information is a critical asset that organizations must secure. If sensitive information falls into the wrong hands, then the respective organization may suffer huge losses in terms of finances, brand reputation, customers, or in other ways. To provide an understanding of how to secure such critical information resources, this module starts with an overview of information security. 

Elements of Information Security

Information Security Attacks: Motives, Goals, and Objectives 

An attack is an action that is performed with the intent to breach an IT system’s security by exploiting its vulnerabilities. An attack involves an attempt to obtain, edit, remove, destroy, implant, or reveal information without authorized access. It also refers to malicious software or commands that exploit vulnerabilities to cause unanticipated behavior in legitimate software or hardware. Therefore, an attack can be conceptualized as combination of a motive, with a method to perform the attack, which exploits one or more vulnerabilities in the system.
Attacks = Motive (Goal) + Method (TTP) + Vulnerability
Motives behind information security attacks
▪ Disrupting business continuity ▪ Stealing information and manipulating data ▪ Creating fear and chaos by disrupting critical infrastructures
▪ Causing financial loss to the target
▪ Propagating religious or political beliefs ▪ Achieving a state’s military objectives ▪ Damaging the reputation of the target ▪ Taking revenge ▪ Demanding ranso

TTPs

Tactics, Techniques, and Procedures ( TTPs)
•Attackers attempt various attack techniques to exploit vulnerabilities in a computer system or security policy and controls to achieve their motives
• The term Tactics, Techniques, and Procedures (TTPs) refers to the patterns of activities and methods associated with specific threat actors or groups of threat actors
▪ “Tactics” is defined as the strategy adopted by an attacker to perform the attack from the beginning to the end
▪ “Techniques” is defined as technical methods used by an attacker to achieve intermediate results during the attack
▪ “Procedure” is defined as a systematic approach adopted by threat actors to launch an attack

Vulnerability 

A vulnerability refers to a weakness in the design or implementation of a system that can be exploited to compromise the security of the system. It is frequently a security loophole that enables an attacker to enter the system by bypassing user authentication. There are generally two main causes for vulnerable systems in a network, software or hardware misconfiguration and poor programming practices. Attackers exploit these vulnerabilities to perform various types of attacks on organizational resources.

Common Reasons behind the Existence of Vulnerability

  • Hardware or software misconfiguration
  • Insecure or poor design of the network and application
  • Inherent technology weaknesses
  • Careless approach of end users

Attacks

 

Classification of Attacks
Passive Attacks
• Passive attacks do not tamper with the data and involve intercepting and monitoring network traffic and data flow on the target network
• Examples include sniffing and eavesdropping 
Active Attacks
•Active attacks tamper with the data in transit or disrupt the communication or services between the systems to bypass or break into secured systems
• Examples include DoS, Man-in-the-Middle, session hijacking, and SQL injection 
Close-in Attacks
•Close-in attacks are performed when the attacker is in close physical proximity with the target system or network in order to gather, modify, or disrupt access to information
• Examples include social engineering such as eavesdropping, shoulder surfing, and dumpster diving 
Insider Attacks
•Insider attacks involve using privileged access to violate rules or intentionally cause a threat to the organization’s information or information systems
• Examples include theft of physical devices and planting keyloggers, backdoors, and malware
Distribution Attacks
• Distribution attacks occur when attackers tamper with hardware or software prior to installation 
• Attackers tamper with the hardware or software at its source or in transit

Warfare

Information Warfare
• The term information warfare or InfoWar refers to the use of information and communication technologies (ICT) to gain competitive advantages over an opponent
Defensive Information Warfare
Refers to all strategies and actions designed to defend against attacks on ICT asset
Offensive Information Warfare
Refers to information warfare that involves attacks against the ICT assets of an opponent
Information Warfare Source: https://iwar.org.uk

Hacking

Hacking refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to a system’s resources
It involves modifying system or application features to achieve a goal outside of the creator’s original purpose Hacking can be used to steal and redistribute intellectual property, leading to business loss
Who is a Hacker? 
01
An intelligent individual with excellent computer skills who can create and explore computer software and hardware
02
For some hackers, hacking is a hobby to see how many computers or networks they can compromise
03
Some hackers’ intentions can either be to gain knowledge or to probe and do illegal thin

Ethical Hacking

What is Ethical Hacking?
  1. Ethical hacking involves the use of hacking tools, tricks, and techniques to identify vulnerabilities and ensure system security
  2. It focuses on simulating the techniques used by attackers to verify the existence of exploitable vulnerabilities in a system’s security
  3. Ethical hackers perform security assessments for an organization with the permission of concerned authorities 
Reasons why organizations recruit ethical hackers
  • To prevent hackers from gaining access to the organization’s information systems
  • To uncover vulnerabilities in systems and explore their potential as a security risk
  • To analyze and strengthen an organization’s security posture, including policies, network protection infrastructure, and end-user practices
  • To provide adequate preventive measures in order to avoid security breaches
  • To help safeguard customer data
  • To enhance security awareness at all levels in a business
Scope 
• Ethical hacking is a crucial component of risk assessment, auditing, counter fraud, and information systems security best practices
• It is used to identify risks and highlight remedial actions. It also reduces ICT costs by resolving vulnerabilities
Limitations
• Unless the businesses already know what they are looking for and why they are hiring an outside vendor to hack systems in the first place, chances are there would not be much to gain from the experience
• An ethical hacker can only help the organization to better understand its security system; it is up to the organization to place the right safeguards on the network
AI-Driven Ethical Hacking
Advancements in AI have led to more sophisticated cyber threats, as hackers increasingly use AI-driven tools to enhance and automate their attacks, presenting significant challenges to cybersecurity
AI-driven ethical hacking is a modern approach to cybersecurity where artificial intelligence (AI) technologies are used to enhance the capabilities of ethical hackers
Leveraging AI in ethical hacking enables professionals to anticipate emerging threats, outpace malicious actors, and proactively mitigate risks
AI-driven ethical hacking involves use of AI technologies such as AI algorithms, machine learning models, and automation frameworks to facilitate and automate ethical hacking efforts
Benefits: 1. Efficiency 2. Accuracy 3. Scalability 4. Cost-Effectiveness
How AI-Driven Ethical Hacking Helps Ethical Hacker?
AI-driven ethical hacking enhances the efficiency, effectiveness, and scope of cybersecurity measures, providing ethical hackers with powerful tools to safeguard digital assets against increasingly sophisticated cyber threats
  1. Automation of Repetitive Tasks
  2. Predictive Analysis 
  3. Advanced Threat Detection
  4. Adaptive Learning 
  5. Enhanced Decision Making
  6. Enhanced Reporting
  7. Simulation and Testing 
  8. Scalability
  9. Continuous Monitoring
  10. Adaptive Defense Mechanism
ChatGPT-Powered AI Tools for Ethical Hackers
ChatGPT-Powered AI Tools leverage the capabilities of OpenAI's ChatGPT model to assist ethical hackers in various aspects of their work
1. HackerGPT Source: www.chat.hackerai.co HackerGPT is an AI-driven tool designed to assist ethical hackers in identifying vulnerabilities. By leveraging advanced AI capabilities, HackerGPT provides real-time assistance and automates complex tasks, thereby significantly reducing the time and effort required for a thorough security assessment.
2. BurpGPT Source: www.burpgpt.app
BurpGPT integrates the Burp Suite, a popular web vulnerability scanner, to enhance its capabilities using AI. It utilizes AI-driven analysis to improve the accuracy of vulnerability detection and reduce false positives. By automating report generation and enhancing the scanning process, BurpGPT streamlines web application security testing and delivers precise results.
3. BugBountyGPT Source: www.chatgpt.com/g/g-Rsk7ADgbD-bugbountygpt
BugBountyGPT is tailored for bug bounty hunters and provides tools and insights for identifying and reporting security vulnerabilities. It automates the detection of vulnerabilities and seamlessly integrates with bug bounty platforms, offering AI-driven insights that enhance the efficiency and accuracy of bug bounty hunting.
4. PentestGPT Source: www.github.com/GreyDGL/PentestGPT
PentestGPT was designed to assist penetration testers by automating various aspects of the testing process. It leverages AI to conduct thorough vulnerability assessments and generate detailed reports, thereby significantly reducing the required manual effort.
5. GPT White Hack Source: www.chatgpt.com/g/g-3ngv8eP6R-gpt-white-hack
GPT White Hack focuses on ethical hacking and provides tools to identify and mitigate security threats. Utilizing AI-driven risk assessment and threat detection, this tool offers real-time recommendations for mitigating the identified vulnerabilities.
6. CybGPT Source: www.github.com/Coinnect-SA/CybGPT
CybGPT is a comprehensive AI tool for cybersecurity professionals that offers a wide range of features for enhancing security operations. It integrates threat intelligence, automates security assessments, and provides AI-driven incident-response capabilities.
7. BugHunterGPT Source: www.chatgpt.com/g/g-y2KnRe0w4-bug-hunter-gpt
BugHunterGPT assists security researchers in identifying and reporting bugs and vulnerabilities. It automates the detection process and integrates various reporting platforms, providing AI-driven analyses and recommendations.
8. Hacking APIs GPT Source: www.chatgpt.com/g/g-UZxOCmqLH-hacking-apis-gpt
Hacking APIs GPT focuses on identifying vulnerabilities in APIs and providing tools to test and secure them. It automates API vulnerability scanning, and uses AI-driven testing and analysis to deliver comprehensive reports.
9. h4ckGPT Source: www.chatgpt.com/g/g-1ehIO0APO-h4ckgpt
h4ckGPT is a versatile AI tool designed to assist ethical hackers in various aspects of their work. It offers real-time assistance, automates vulnerability identification, and provides recommendations and insights driven by AI.
10. HackerNewsGPT Source: www.chatgpt.com/g/g-BIfVX3cVX-hackernews-gpt HackerNewsGPT leverages AI to provide real-time news and updates relevant to
cybersecurity professionals. It aggregates news, performs AI-driven analyses of security trends, and offers customizable alerts.
11. Ethical Hacker GPT Source: www.chatgpt.com/g/g-j4PQ2hyqn-ethical-hacker-gpt
Ethical Hacker GPT provides tools and insights specifically designed for ethical hackers. It offers AI-driven vulnerability assessments, real-time hacking assistance, and comprehensive reporting.
12. GP(en)T(ester) Source: www.chatgpt.com/g/g-zQfyABDUJ-gp-en-t-ester
GP(en)T(ester) is an AI-powered tool designed to assist ethical hackers in various aspects of their work. It automates red teaming workflows, identifies vulnerabilities using AI, and generates detailed reports

Hacking Methodologies and Frameworks

CEH Ethical Hacking Framework Phase 
1: Reconnaissance Phase 2: Vulnerability Scanning Phase 3: Gaining Access Phase 4: Maintaining Access Phase 5: Clearing Track

Cyber Kill Chain Methodology
• The cyber kill chain methodology is a component of intelligence-driven defense for the identification and prevention of malicious intrusion activities
• It provides greater insight into attack phases, which helps security professionals to understand the adversary’s tactics, techniques, and procedures beforehand

MITRE ATT&CK Framework 
1. MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations
2. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, government, and the cybersecurity product and service community
3. The 14 tactic categories within ATT&CK for Enterprise are derived from the later stages (exploit, control, maintain, and execute) of the seven stages of the Cyber Kill Chain

Diamond Model of Intrusion Analysis
• The Diamond Model offers a framework for identifying the clusters of events that are correlated on any of the systems in an organization 
• It can control the vital atomic element occurring in any intrusion activity, which is referred to as the Diamond event 
• Using this model, efficient mitigation approaches can be developed, and analytic efficiency can be increased

 Information Security Controls

Information security controls prevent the occurrence of unwanted events and reduce risk to the organization’s information assets. The basic security concepts critical to information on the Internet are confidentiality, integrity, and availability; the concepts related to the persons accessing the information are authentication, authorization, and non-repudiation. Information is the greatest asset of an organization. It must be secured using various policies, creating awareness, employing security mechanisms, or by other means.
This section deals with Information Assurance (IA), continual/adaptive security strategy, defense-in-depth, risk management, cyber threat intelligence, threat modeling, incident management, and AI and ML concepts.
Information Assurance ( IA)
• IA refers to the assurance that the integrity, availability, confidentiality, and authenticity of information and information systems is protected during the usage, processing, storage, and transmission of information
• Some of the processes that help in achieving information assurance include: 
Developing local policy, process, and guidance 
Designing network and user authentication strategies
Identifying network vulnerabilities and threats 
Identifying problem and resource requirements  
Creating plans for identified resource requirements
Applying appropriate information assurance controls 
Performing certification and accreditation
Providing information assurance training 
Continual/ Adaptive Security Strategy 
• Organizations should adopt adaptive security strategy, which involves implementing all the four network security approaches 
• The adaptive security strategy consists of four security activities corresponding to each security approach

Defense-in-Depth
• Defense-in-depth is a security strategy in which several protection layers are placed throughout an information system
• It helps to prevent direct attacks against the system and its data because a break in one layer only leads the attacker to the next layer

What is Risk?
• Risk refers to the degree of uncertainty or expectation that an adverse event may cause damage to the system • Risks are categorized into different levels according to their estimated impact on the system • A risk matrix is used to scale risk by considering the probability, likelihood, and consequence or impact of the risk

Risk Management
• Risk management is the process of reducing and maintaining risk at an acceptable level by means of a well-defined and actively employed security program

Cyber Threat Intelligence
Cyber Threat Intelligence (CTI) is defined as the collection and analysis of information about threats and adversaries and the drawing of patterns that provide the ability to make knowledgeable decisions for preparedness, prevention, and response actions against various cyber-attacks
Cyber threat intelligence helps the organization to identify and mitigate various business risks by converting unknown threats into known threats; it helps in implementing various advanced and proactive defense strategies

Threat Modeling
Threat modeling is a risk assessment approach for analyzing the security of an application by capturing, organizing, and analyzing all the information that affects the security of an application

Incident Management
Incident management is a set of defined processes to identify, analyze, prioritize, and resolve security incidents to restore normal service operations as quickly as possible and prevent future recurrence of the incident

Incident Handling and Response 
Incident handling and response (IH&R) is the process of taking organized and careful steps when reacting to a security incident or cyberattack

Role of AI and ML in Cyber Security
• Machine learning (ML) and artificial intelligence (AI) are now vastly used across various industries and applications due to the increase in computing power, data collection, and storage capabilities
• ML is an unsupervised self-learning system that is used to define what the normal network looks like, along with its devices, and then to backtrack and report any deviations or anomalies in real-time
• AI and ML in cyber security helps in identifying new exploits and weaknesses, which can then be easily analyzed to mitigate further attacks

Applicable Security Laws and Standards

Laws are a system of rules and guidelines that are enforced by a particular country or community to govern behavior. A Standard is a “document established by consensus and approved by a recognized body that provides, for common and repeated use, rules, guidelines, or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context.” This section deals with the various laws and standards dealing with information security in different countries.
Payment Card Industry Data Security Standard ( PCI DSS)
• The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards
• PCI DSS applies to all entities involved in payment card processing — including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process, or transmit cardholder data
 https://www.pcisecuritystandards.org

ISO/ IEC Standards

Health Insurance Portability and Accountability Act ( HIPAA) 

Sarbanes Oxley Act ( SOX) 
• Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures
• The key requirements and provisions of SOX are organized into 11 titles:
The Digital Millennium Copyright Act (DMCA) and the Federal Information Security Management Act ( FISMA)  - https://csrc.nist.gov
• The FISMA provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets
• It includes
• Standards for categorizing information and information systems by mission impact
• Standards for minimum security requirements for information and information systems
• Guidance for selecting appropriate security controls for information systems
• Guidance for assessing security controls in information systems and determining security control effectiveness
• Guidance for security authorization of information system
The Digital Millennium Copyright Act (DMCA) - https://www.copyright.gov
• The DMCA is a United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO)
• It defines the legal prohibitions against the circumvention of technological protection measures employed by copyright owners to protect their works, and against the removal or alteration of copyright management information
General Data Protection Regula tion (GDPR)
• GDPR regulation was put into effect on May 25, 2018 and one of the most stringent privacy and security laws globally • The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching tens of millions of euros
GDPR Data Protection Principles
▪ Lawfulness, fairness, and transparency: Processing must be lawful, fair, and transparent to the data subject ▪ Purpose limitation: You must process data for the legitimate purposes specified explicitly to the data subject when you collected it ▪ Data minimization: You should collect and process only as much data as necessary for the purposes specified ▪ Accuracy: You must keep personal data accurate and up to date ▪ Storage limitation: You may only store personally identifying data for as long as necessary for the specified purpose ▪ Integrity and confidentiality: Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g., by using encryption)
▪ Accountability: The data controller is responsible for demonstrating GDPR compliance with all these principles
Data Protection Act 2018 (DPA) - https://www.legislation.gov.uk
• The DPA 2018 sets out the framework for data protection law in the UK
• It updates and replaces the Data Protection Act 1998 and came into effect on 25 May, 2018
• The DPA protects individuals concerning the processing of personal data, in particular by: 
• Requiring personal data to be processed lawfully and fairly, based on the data subject’s consent or another specified basis,
• The DPA is an act to make provision for the regulation of the processing of information relating to individuals; to make provision in connection with the Information Commissioner’s functions under specific regulations relating to information; to make provision for a direct marketing code of practice, and connected purposes
• Conferring rights on the data subject to obtain information about the processing of personal data and to require inaccurate personal data to be rectified, and
• Conferring functions on the Commissioner, giving the holder of that office responsibility to monitor and enforce their provisions
Cyber Law in Different Countries

https://blog.51sec.org

版权声明:
作者:玉兰
链接:https://www.techfm.club/p/219315.html
来源:TechFM
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>