COMP40741: Ethical Hacking Quiz

Questions and Answers

Who is the module leader for COMP40741: Ethical Hacking and Penetration Testing?

• Dr.Nemitari Ajienka (correct)
• Dr. Kwame Assa-Agyei and Dr. Nemitari Ajienka
• Dr.Kwame Assa-Agyei
• Dr. Nemitari Ajienka and Dr. Kwame Assa-Agyei

Where can students find the module specification?

• In the NTU learning room on NOW (correct)
• In this lecture slide
• On the department website
• In the textbook

What is NOT included in the module specification?

• Learning outcomes
• Student attendance records (correct)
• Assessment details
• Module aims

What is the main objective of this module?

To equip students with cybersecurity knowledge and skills for identifying and addressing vulnerabilities (A)

Which of these are listed as learning outcomes after studying this module? (Select all that apply)

Understanding of penetration testing methodologies (A), Ability to identify and exploit vulnerabilities in computer systems (D)

What is one of the main aims of the COMP40741 module?

To provide students with a comprehensive understanding of ethical hacking and penetration testing (A)

What is Dr. Kwame Assa-Agyei's role in the COMP40741 module?

Lecturer (C)

Which of the following aspects is NOT mentioned as being part of the module specification?

Grading criteria for assignments (D)

Which of the following is NOT considered a key aspect of penetration testing methodology?

Software Development (D)

What is the significance of Common Vulnerabilities and Exposures (CVE) in penetration testing?

All of the above (D)

Which of the following techniques is NOT typically employed during the information gathering and footprinting phase of penetration testing?

Reverse Engineering (C)

What is the primary objective of a penetration test report?

To provide a comprehensive assessment of vulnerabilities and risks (C)

Which of the following ethical considerations is MOST crucial when conducting a penetration test?

All of the above (D)

What is the role of 'post-exploitation strategies' in the context of penetration testing?

To maintain persistent access to the compromised system (D)

Which of the following is a characteristic of a well-defined penetration test?

Clear objectives and scope of testing are defined beforehand (B)

What is the primary purpose of threat modelling in penetration testing?

To assess the likelihood and impact of potential threats (B)

What is the primary goal of responsible disclosure in ethical hacking?

To allow organizations time to fix vulnerabilities before they are exploited. (D)

When performing ethical hacking, what is considered a "proof of concept" attack?

An attack that exploits a known vulnerability to demonstrate its potential impact. (C)

What is the role of confidentiality agreements in ethical hacking?

They prevent the ethical hacker from disclosing information about the tests they conduct. (B)

Which of the following IS NOT a common legal framework governing ethical hacking practices?

General Data Protection Regulation (GDPR) (A)

Why is it important for ethical hackers to use the same tools and techniques as attackers?

To accurately assess the vulnerabilities of a system from an attacker's perspective. (C)

What is a key advantage of penetration testing compared to traditional security audits?

Penetration testing provides a more hands-on and realistic understanding of vulnerabilities. (B)

What should be the first step in responsible disclosure of a vulnerability?

Inform the organization about the vulnerability and give them time to fix it. (D)

Which of the following is NOT a typical deliverable provided by ethical hackers after conducting a penetration test?

A list of security products and services to purchase. (D)

Which of the following resources is NOT specifically mentioned as being useful for the completion of this week's lab?

VMWare / Virtual Box (A)

What is the primary purpose of the 'Penetration Testing Cheat Sheet' mentioned in the reading list?

To serve as a quick reference guide with essential information for penetration testers. (B)

Which of the following is MOST directly related to the content covered in the 'Information Gathering and Footprinting' section of the course?

Using Google Dorks to gather information. (C)

What is the significance of validating the country before beginning testing, as mentioned in the content?

It helps ensure the legality of the penetration test. (A)

Which of the following is NOT a key aspect of penetration testing methodology as implied by the content?

Software Development (D)

What types of hackers are often motivated by the need to restore their self-confidence or self-worth through non-violent means?

Power Assurance Hackers (C)

Which of these types of hackers typically look for system vulnerabilities and exploit them for malicious purposes?

Black Hats (D)

What is the primary motivation behind 'Information system's criminals' in the context of hacking?

Gaining a Competitive Advantage (A)

Which of these motivations is NOT typically associated with 'Vandals' in the hacking context?

Profit and Financial Gain (A)

What is the primary characteristic that distinguishes 'Grey Hats' from other types of hackers?

They operate both as security professionals and as hackers. (B)

Which of these types of hackers is primarily motivated by a desire to spread awareness of political or social causes?

Hacktivists (B)

What is the purpose of the 'Ethics Discussion' section in the provided content?

To emphasize the importance of responsible and ethical considerations in hacking. (A)

What is the key factor in determining whether a hacker is considered ethical or not?

The motivations behind their actions. (C)

During the pre-engagement phase of a penetration test, what is the PRIMARY goal of the conversation with the client?

To establish the scope and rules of engagement for the test (C)

Which of the following is NOT a core component of a penetration testing framework, as described in the provided content?

Network Configuration Auditing (C)

Which type of penetration testing involves the client providing the tester with minimal to no information about the target systems?

Black-box (B)

Which of the following is NOT a typical component of the Post-exploitation phase of a penetration test?

Reporting Findings (D)

Which type of penetration testing focuses specifically on vulnerabilities in web applications?

Web (C)

What is the MAIN purpose of 'Threat Modelling' in the context of penetration testing?

Analyzing the potential impact of successful attacks (B)

Which of the following is a key factor to consider when defining the scope of a penetration test?

The specific systems and applications to be tested (A)

Which of the following is a crucial aspect of the 'Rules of Engagement' during a penetration test?

The level of access granted to the tester (D)

Flashcards

Ethical Hacking

The practice of testing systems for vulnerabilities with permission.

Penetration Testing

A simulated cyber attack to identify vulnerabilities in systems.

Risk Assessment

The process of identifying and evaluating risks in cybersecurity.

Vulnerability Identification

The method of discovering weaknesses in computer systems.

Ethical Considerations

The moral factors involved in ethical hacking practices.

Practical Skills in Hacking

Hands-on abilities related to exploiting computer vulnerabilities.

Module Aims

Goals set for students to understand and apply hacking methods.

Learning Outcomes

Specific skills and knowledge students should acquire after the module.

Black Hats

Hackers who break into systems for malicious purposes, often engaging in illegal activities.

White Hats

Ethical hackers who identify and fix security flaws to make systems safer.

Grey Hats

Hackers who may act as security professionals by day and engage in hacking at night, often blurring ethical lines.

Hacktivists

Hackers motivated by political or ideological beliefs, seeking to promote their agenda.

Cyber Stalking

Using technology to stalk or harass an individual through low-aggression means.

Malicious Software (Malware)

Software designed to disrupt, damage, or gain unauthorized access to computer systems.

Vandals in Cybersecurity

Individuals motivated by anger to harm an organization or individual, often disrupting services without clear profit motives.

OSINT

Open-source intelligence gathering techniques.

Vulnerability Assessment

Process of discovering and analyzing security weaknesses.

Exploitation Techniques

Methods for exploiting identified vulnerabilities.

Legal Considerations

Laws and regulations concerning ethical hacking.

Social Engineering

Manipulating individuals into divulging confidential information.

Command Line Introduction

An essential skill for navigating and utilizing computer systems within labs.

Immersive Labs

A platform for practicing penetration testing and cybersecurity skills through interactive labs.

Google Dorks Lab

An exercise using advanced Google search techniques to gather information.

OSINT Gathering

The process of collecting information from publicly available sources for security purposes.

Reconnaissance Techniques

Methods employed to gather initial information about target systems during penetration testing.

Pre-engagement

Initial conversation with clients to understand testing objectives.

Exploitation

Using identified weaknesses to gain unauthorized access.

Post Exploitation

Actions taken after gaining access to maintain it or cover tracks.

Types of Penetration Testing

Different methodologies used in pentesting, like network and web testing.

Penetration Testing Framework

Structured phases guiding ethical hacking processes.

Scope in Penetration Tests

Defining the limits and boundaries of what will be tested.

Types of Penetration Tests

Black-box, white-box, and grey-box methodologies for testing.

Confidentiality

The obligation to keep sensitive information private.

Non-disclosure Agreement

A legal contract preventing disclosure of confidential information.

Responsible Disclosure

Notifying an organization about a security vulnerability before publicizing it.

Vulnerability Patch Period

Time allowed for a company to fix a security vulnerability.

Computer Misuse Act 1990

UK law relating to the misuse of computer systems.

Penetration Testing Focus

Targeting vulnerabilities in systems to enhance security.

Proof of Concept Attacks

Tests demonstrating a vulnerability's existence.

Specific Recommendations

Detailed advice on fixing identified vulnerabilities.

Study Notes

Ethical Hacking and Penetration Testing Lecture 1

• This module, COMP40741, covers ethical hacking and penetration testing
• Module leader is Dr. Nemitari Ajienka, Senior Lecturer and Certified Security Testing Associate (7Safe, GCHQ Accredited)
• Lecturer for the module team is Dr. Kwame Assa-Agyei
• Module materials are available in the Learning Room on NOW

Module Overview

• COMP40741: Ethical Hacking and Penetration Testing
• Covers module overview and aims
• Includes module content, delivery methods and schedule
• Provides indicative reading, learning outcomes, and assessment information

Module Aims

• Equip students with knowledge, skills, and ethical considerations for identifying and addressing vulnerabilities in computer systems
• Develop a comprehensive understanding of essential cybersecurity methods in ethical hacking and penetration testing
• Introduce students to ethical hacking principles, methodologies, and tools
• Develop practical skills in identifying and exploiting vulnerabilities
• Assess ethical and legal considerations
• Understand risk assessment and mitigation in cybersecurity

Learning Outcomes

• Knowledge and Understanding (K):
  • Demonstrate an understanding of penetration testing methodologies
  • Demonstrate an understanding of ethical hacking principles and methodologies
  • Evaluate the legal and ethical implications of penetration testing
  • Identify, analyze, and assess vulnerabilities and threats in computer systems
• Skills, Qualities, and Attributes (S):
  • Apply penetration testing techniques to identify and exploit vulnerabilities
  • Develop effective strategies to secure computer systems and networks
  • Communicate security findings and recommendations through comprehensive reports
  • Demonstrate critical thinking in risk assessment and mitigation

Assessments

• Online in-class test (30%): Individual assessment, testing theoretical understanding of penetration testing, ethical hacking, and legal implications
• Report (70%): Individual assessment requiring a hands-on penetration testing project, demonstrating practical vulnerability identification, exploitation, risk mitigation, actionable recommendations, and communication of findings.

Provisional Module Content

• Covering weeks 1-10, the topics include Ethical Hacking and Penetration Testing definitions, ethical considerations, overview of penetration testing methodologies, Information Gathering (passive, active, OSINT), Scanning and Enumeration, Vulnerability assessment, Exploitation techniques and tools, legal and ethical considerations relevant to penetration testing and Reporting, documentation standards, Risk assessment, Mitigation and Social engineering.

Resources or Reference Texts

• Contains lists of suggested texts for reference, including titles like Ethical Hacking, Penetration Testing Essentials, and a Kali Linux Penetration Testing Bible, from authors like Graham, Oriyano, and Khawaja
• Suggests additional learning from international conferences and journals

Web-based Resources and Tools

• Provides links for Immersive Labs, Digital Cyber Academy, VirtualBox, Kali Linux, Metasploitable, Seedubuntu and Ubuntu

Best Security Strategy?

• Defensive: Controls, Auditing, Policies, Standards, Guidelines, Network Architectural Design, Implementation
• Offensive: Pen Testing, Ethical Hacking, Security Assessment, Risk Assessments, Stress Testing

Unfair Security Challenge!

• Attackers can attack from anywhere in the world
• Security analysts must address all vulnerabilities

Who is the Enemy? A Hacker?

• Historically, hacker was a positive term referring to an expert in programming and operating systems
• Hacker, as a term, has become more negative since the 1970s, representing those who use computers without authorization or to commit crimes.

Other names for the enemy

• Crackers: Hackers who use their skills to commit unlawful acts or create mischief
• Script Kiddies: Hackers who use readily available scripts, without fully understanding them, to commit unlawful acts
• Black hat hackers: Hackers who have unethical intentions, and break into computers or networks for their own malicious reasons

What is their motivation?

• Profit: Ransomware, scareware, financial data theft, intellectual property theft
• Fun/Challenge: Hacking for enjoyment or to achieve a specific goal, e.g., Nasa hack
• Information Systems Criminals: Espionage/fraud/abuse for competitive advantage
• Vandals: Those motivated by anger against an individual, organization, etc.
• Political/Ideological: Hacktivists motivated by political or ideological reasons

What is their motivation (continued)?

• Power Assurance: To restore self-confidence or self-worth through seemingly low-aggression methods like cyberstalking
• Anger (retaliatory): Rage towards individuals, groups, institutions, or symbols perceived to represent injustice.
• Sadistic: Deriving gratification from the pain or suffering of others

Goodies or Baddies?

• Black Hats: Break into systems, create and share vulnerabilities, and attack tools
• Grey Hats: Operate in a middle ground between ethical and unethical intentions, often working as security professionals by day and engaging in hacking by night
• White Hats: Work within the security community, find vulnerabilities to help improve security and communicate these findings to vendors.

Ethics Discussion

• The course is for ethical purposes only, lab exercises must only be performed on a testbed.

Permission and Privacy

• Ethical hacking requires permission and understanding of acceptable boundaries
• Gaining permission doesn't justify any unauthorized actions
• Handling of sensitive information, like encryption keys, is crucial, and confidentiality is necessary

Permission and Privacy (continued)

• The name of any target/vulnerabilities must be kept secret during professional cyber security
• Confidentiality is essential, often supported by confidentiality and non-disclosure agreements

Responsible Disclosure

• Responsible disclosure is the process to notify a company of a security vulnerability
• The process involves allowing time for the vulnerability to be patched before publicly releasing the specific details.
• Minimizing risk of exploitation before a patch is released is a key element

Legislations

• International regulations for computer misuse and unauthorized access to computer systems and networks, such as the Computer Misuse Act 1990 (UK), Computer Fraud and Abuse Act 1986 (USA), Criminal Code Act (AUS)

What is Ethical Hacking / Penetration Testing?

• Definition from Engebretson (2013) - legal and authorized attempts to locate and successfully exploit computer systems for the purpose of improving security.
• Includes probing for vulnerabilities, and "proof of concept" attacks, with specific recommendations for addressing and fixing discovered issues.
• The method aims to find weaknesses by using the same techniques as attackers.

Importance of Studying Ethical Hacking/Penetration Testing

• EC-Council Cyber Career Paths and the Vulnerability Assessment and Penetration Testing (VAPT) Career Path

Penetration Testing Framework (ethical hacking)

• Includes planning/pre-engagement, information gathering, target scanning, vulnerability assessment, exploiting weaknesses, gaining access, privilege escalation, exploiting, retaining access, covering tracks, and reporting

Types of Penetration Testing

• Network/infrastructure, database, web, wireless, social engineering, and physical penetration tests

Types of Penetration Tests

• Black-box: No prior information is provided to the tester
• White-box: Tester is given full details of the target system (network and applications)
• Grey-box: Partial details are provided to the tester

Pre-engagement

• Pre-engagement involves discussion with the target to determine specific requirements for the test
• Like most things there are different levels of a penetration test (simple IP addresses, physical location, web application, or full simulation)
• A signed document granting permission to conduct the needed tests is required

Topics for Pre-engagement

• This category covers critical areas like scope, documentation, engagement rules, third-party/cloud environments, success criteria, review of past threats, and interference avoidance with security devices

Defining Scope

• The critical importance of defining testing scope ( what is to be tested )
• Potential issues from neglecting detailed planning, scope creep, dissatisfied customers, and legal issues

Questions - Network, Web, Wireless, Physical Penetration Tests

• Provides lists of important questions related to each test type to clarify requirements
• Specific questions are given for network, web, wireless, and physical penetration testing. These tests focus on various elements like compliance requirements, timing, devices, handling penetrated systems, and more.

Questions - Social Engineering Testing

• Discusses questions regarding social engineering testing, identifying the elements needed for the tests as specified by the customer (e.g., email addresses, phone numbers, individuals to target).

Scope Creep

• Effective methods to avoid scope creep to avoid losing clients/customers

ISP

• Importance of knowing terms of service with ISPs, potential need for notifying MSSPs (Managed Security Service Providers), determining the time response to ensure the integrity of the test

Important note:

These notes are based on the provided images, and should not be used for any specific action without the relevant qualification.