Cybersecurity Session Attacks Quiz

Questions and Answers

What technique involves compromising a session ID through a method that intercepts communications between a user and a server?

• Blind Hijacking
• Source Routing
• Man-in-the-Middle Attack (correct)
• IP Address Spoofing

Which attack method aims to repeat or replay valid session data to gain unauthorized access?

• Directory Traversal Attack
• Session Fixation
• Session Replay Attack (correct)
• UDP Hijacking

What method of evasion involves manipulating the form or content of data to bypass detection systems?

• TCP/IP Hijacking
• Injection Attacks
• Obfuscating (correct)
• Session Splicing

Which of the following is a technique used to bypass firewalls that involves sending packets with misleading source addresses?

IP Address Spoofing (C)

What type of attack involves altering DNS requests to redirect to malicious sites?

DNS Server Hijacking (B)

Which of the following methods can be classified as a network-level session hijacking technique?

Source Routing (D)

What is the primary goal of a Denial-of-Service Attack (DoS)?

To disrupt services and make them unavailable (A)

What kind of attack targets web application sessions by attempting to exploit user sessions through manipulating existing identifiers?

Session Fixation (B)

What is the primary goal of session hijacking?

To gain unauthorized access to a user's session. (A)

Which method utilizes a three-way handshake in session hijacking?

TCP/IP Hijacking (B)

Which of the following is a technique used for evading Intrusion Detection Systems (IDS)?

Session Splicing (C)

What attack is characterized by overwhelming a network service to make it unavailable?

Denial-of-Service Attack (DoS) (C)

Which of the following is an example of a client-side attack in session hijacking?

Man-in-the-Browser Attack (C)

What is one of the key countermeasures against session hijacking?

Implementing IPSec. (D)

Which attack can be used to manipulate or exploit buffer overflow vulnerabilities in web servers?

Directory Traversal Attack (C)

What type of attack creates copies of legitimate DNS responses to redirect traffic?

DNS Server Hijacking (C)

In web application security, what is a common method to identify potential vulnerabilities?

Code Review (B)

What is the primary goal of ethical hacking?

To uncover vulnerabilities before malicious hackers can exploit them (D)

What is the main purpose of a honeypot in network security?

To deceive and monitor attackers. (A)

Which phase of ethical hacking involves gathering information about a target?

Footprinting & Reconnaissance (B)

Which of the following skills is NOT typically associated with ethical hackers?

Expertise in marketing strategies (B)

What is a major limitation of ethical hacking?

It requires organizations to know their specific vulnerabilities (D)

What does the phase 'Escalation of Privileges' in ethical hacking signify?

Gaining additional access to systems after initial penetration (D)

Which characteristic is essential for an effective ethical hacker?

Strong knowledge of hardware and software exploration (D)

What action should an organization take after receiving recommendations from a pentester?

Implement the recommended security measures (C)

Which of the following is NOT a phase of ethical hacking?

Vulnerability Analysis (A)

What is the primary focus of incident response management?

Defining roles during a system attack (C)

Which of the following is NOT a part of the incident response management process?

System Upgrade (B)

Who typically comprises the incident response team?

Trained officials including HR and Law enforcement (D)

What is the main responsibility of the incident response team during an attack?

To take action according to the Incident Response Plan (A)

During a system attack, what is the role of the professional responding to the incident?

To collect evidence and information (C)

What does vulnerability assessment help identify?

Weaknesses and threats to a system (D)

Which stage of incident response involves minimizing the impact of an incident?

Containment (C)

What is a crucial step during the post-incident activities?

Reporting and documenting the processes (A)

What are the three main components behind an information security attack?

Motive, Method, Vulnerability (B)

Which of the following is a common motive for information security attacks?

Disruption of services (A)

How does a data breach in cloud computing impact the overall security?

It can lead to the compromise of multiple records. (A)

What type of potential threat is data loss considered in cloud security?

One of the most common threats (B)

What is the primary role of authentication in information security?

To identify the user or device and grant access (B)

Which statement accurately describes non-repudiation?

It ensures communication authenticity so that senders and receivers cannot deny their actions (C)

What should be ensured to protect services and important data in cloud computing?

Robust cloud security measures (D)

Which of the following is NOT a motive for an attacker to compromise a system?

Enhancing system performance (D)

In the Security, Functionality, and Usability triangle, what does a ball positioned closer to security indicate?

The system is prioritizing security at the expense of functionality and usability (B)

Which statement is true regarding vulnerabilities in the context of an attack?

They help attackers achieve their motives. (C)

What is one potential consequence of implementing a high level of security?

Lower performance and reduced ease of usability (B)

Which of the following is NOT a technique associated with non-repudiation?

User authentication (A)

In cloud environments, what can result from a single data breach?

Loss of confidentiality (B)

What must security experts consider while developing an application to ensure effective security?

Balancing security with functionality and usability (C)

What does authenticity ensure in the context of information security?

Information originates from a legitimate user claiming to be the source (B)

Which elements are considered part of the Security, Functionality, and Usability triangle?

Security, functionality, and usability (A)

What is a key characteristic of an advanced persistent threat (APT)?

It is defined by continuous monitoring and data extraction. (B)

Which of the following is NOT considered a threat to cloud computing?

Regular software updates (C)

How do viruses differ from worms in the context of network security?

Worms do not require user interaction to spread. (D)

Which characteristic of an advanced persistent threat indicates the aggressor's ability to evade detection?

Risk tolerance (D)

What do advanced persistent threats (APTs) primarily focus on?

Exploiting vulnerabilities in private organizations. (D)

Which of the following terms encompasses threats posed by malicious insiders?

Internal vulnerabilities (A)

Which aspect does NOT form a part of the criteria for evaluating an advanced persistent threat?

Playing games (A)

What is a common method for compromising session IDs during a Man-in-the-Middle attack?

Intercepting data packets between the user and the server (B)

What primarily differentiates the propagation methods of viruses and worms?

Worms replicate themselves whereas viruses cannot. (A)

What is a characteristic of Session Fixation in session hijacking?

The attacker fixes a session ID before the victim logs in (D)

Which technique is used to evade firewalls by manipulating the data packets?

Source Routing (D)

What is a potential consequence of DNS Amplification Attacks?

DDoS against the targeted server (B)

Which of the following is a method of evading IDS through data manipulation?

Insertion Attacks (A)

What is the primary mechanism used in TCP/IP Hijacking?

Intercepting and modifying packets (A)

What is one of the goals of employing a honeypot in network security?

To gather intelligence on attackers (C)

Which technique is associated with both web server and web application attacks to gain unauthorized data?

Directory Traversal attacks (D)

What is the primary risk associated with unsecured Wi-Fi networks?

Allowing unauthorized access to sensitive data (A)

Which threat involves stealing information through the exploitation of session management practices?

Improper Session Handling (D)

What characterizes a botnet in the context of cyber threats?

A network of compromised devices controlled by a single entity (D)

What is one of the primary motivations behind insider attacks?

Access to sensitive information (A)

Which of the following is a common vulnerability in network infrastructure?

Weak access control measures (B)

What is the consequence of poorly configured network devices?

Exploitation by intruders (C)

What type of attack involves the use of malicious scripts to gain control of systems?

Botnet attacks (A)

Which of the following actions could be considered a method of phishing?

Tricking users to provide personal data through counterfeit sites (A)

What is one key characteristic of a skilled ethical hacker?

In-depth knowledge of various operating systems (C)

Which phase of ethical hacking involves actively searching for open ports and services on a target system?

Scanning (B)

What can be considered a limitation of ethical hacking?

It requires the organization to have clear goals (A)

What primary role does ethical hacking serve in the context of risk assessment?

To uncover vulnerabilities before they can be exploited (B)

Which of the following is NOT one of the phases of ethical hacking?

Testing (A)

What essential quality must an ethical hacker possess to be effective?

Deep understanding of emerging technologies (C)

What is the purpose of the 'Covering Tracks' phase in ethical hacking?

To obscure evidence of testing activities (B)

Which is a major advantage of ethical hacking?

It helps to strengthen the overall security posture of the organization (D)

Which technique involves intercepting session IDs through client-side attacks?

Man-in-the-Middle Attack (C)

What is a common characteristic of UDP hijacking?

Can be executed without session establishment (C)

Which of the following is a valid countermeasure against session hijacking?

Implementing IPSec (D)

What is the primary difference between network-level and application-level session hijacking?

Application-level hijacking focuses on session management flaws (C)

What does the term 'Session Fixation' refer to?

Forcing a user to authenticate with a known ID (C)

Which of the following is an example of an evasion technique specifically aimed at intrusions?

Session Splicing (C)

What is a common result of applying source routing in network attacks?

Bypassing security controls (C)

Which attack method is focused on overwhelming system resources to deny service?

DDoS Attack (D)

What type of attack manipulates the content of packets to evade detection in networks?

Obfuscating (C)

Which technique is primarily used to capture valid session data for unauthorized access?

Session Replay Attack (D)

What is one of the key purposes of the ISO/IEC 27001:2013 standard?

To provide guidelines for information security management systems (C)

Which of the following is NOT a key domain addressed by HIPAA regulations?

Environmental Safety Rules (D)

What major aspect does the Sarbanes Oxley Act (SOX) address?

Accountability and financial disclosures for corporations (D)

Which of the following best describes 'electronic protected health information' (e-PHI) under HIPAA?

Confidential health information that is stored or transmitted electronically (B)

Which of the following is a component of the administrative safeguards under HIPAA?

Employee training protocols (C)

What is one of the focuses of the ISO/IEC 27001:2013 standard regarding risk management?

Ensuring risk management is cost-effective and efficient (B)

Which title under the Sarbanes Oxley Act (SOX) addresses auditor independence?

Title II (C)

Which legislation focuses on the regulation of digital copyright and fair use of content?

Digital Millennium Copyright Act (B)

What is a common type of attack that utilizes social engineering to compromise cloud services?

Service Hijacking using Social Engineering Attacks (B)

Which of the following best describes a key benefit of cloud computing?

Improved scalability and flexibility (C)

What is a critical responsibility in cloud security?

Regularly updating security protocols (D)

Which of the following encryption methods is known for its use in secure communications?

Rivest Shamir Adleman (RSA) (A), Advanced Encryption Standard (AES) (B)

Which factor can lead to potential data loss in cloud computing?

Data breaches during transfer (D)

What does authentication primarily involve in information security?

Identifying the user or device to grant access (C)

Which of the following best describes non-repudiation?

Ensuring that a sender cannot deny sending a message (B)

In the context of the Security, Functionality, and Usability triangle, what does a ball positioned further away from usability indicate?

Strong protection but with user-friendliness compromised (A)

What is one potential drawback of implementing a high level of security in a system?

Reduced performance and user-friendliness (A)

What aspect of information security does authenticity primarily ensure?

The origin of the information is from a valid user (D)

Which component is NOT part of the Security, Functionality, and Usability triangle?

Data Integrity (C)

In what way does non-repudiation typically use encryption?

To ensure the authenticity of the communication (C)

What does confidentiality in information security ensure?

Only authorized persons can access sensitive data. (C)

Which of the following describes the role of bots in information security?

Bots are often used to automate tasks and can also conduct malicious activities. (A)

For data in motion, what is a key method to ensure confidentiality?

Encryption should be applied before sending data. (B)

What is the purpose of ensuring data integrity in information security?

To ensure data remains unaltered by unauthorized individuals. (B)

What problem does availability address in information security?

Making sure authorized users can access data without interruptions. (A)

What does 'CIA' stand for in information security?

Confidentiality, Integrity, Availability. (C)

What impact does a Denial-of-Service (DoS) attack have on availability?

It disrupts access to services or data for users. (B)

Which of the following is NOT a common use of bots?

Enhancing data encryption processes. (A)

What is the primary objective of footprinting in ethical hacking?

Gathering information about a target (D)

Which technique is NOT typically used for information security policies?

Social Engineering Tactics (B)

What is one of the primary purposes of the CEH certification?

To establish minimum standards for credentialing ethical hackers (B)

What is the purpose of a vulnerability scoring system?

To categorize vulnerabilities based on risk level (C)

Which area has been included in the CEH v10 update for enhanced security coverage?

Security of IoT devices (B)

What is a key commitment of the EC-Council in terms of certification practices?

To maintain impartiality and objectivity in decision-making (B)

During which phase of ethical hacking is the security configuration of a target system assessed?

Post-Exploitation (C)

Which of the following best describes the mission of the EC-Council?

To validate the skills and knowledge of information security professionals (D)

Which of the following is a common technique for enumeration in network security?

Nmap Scanning (D)

What is a primary goal during the incident management process?

To minimize the impact of incidents (B)

What is one characteristic of the approach taken by the CEH workbook?

It uses a case study based approach. (C)

Which certification is NOT owned by the EC-Council?

Cisco Certified Network Associate (CCNA) (D)

What is the significance of OS fingerprinting in network scanning?

Identifying the operating system of a host (B)

What does the CEH credential primarily inform the public about?

The individual meets or exceeds minimum standards. (B)

Which of the following skills is essential for an ethical hacker?

Advanced programming abilities (C)

How does the CEH workbook aim to enhance understanding of vulnerability analysis?

By delivering real-world application insights. (B)

What does the security, functionality, and usability triangle represent?

Balancing user needs and security measures (B)

What does vulnerability assessment typically focus on?

Identifying and mitigating security weaknesses (C)

What is the primary purpose of penetration testing?

To evaluate security by simulating attacks on a system (D)

What does the black box type of penetration testing imply?

The tester has no prior knowledge of the system (D)

Which of the following actions is NOT a benefit of penetration testing?

Verifying the effectiveness of backup procedures (D)

Why is it important for penetration testers to think like hackers?

To anticipate methods and strategies used by attackers (D)

What kind of information is typically provided to a pentester in a gray box penetration test?

Basic information like IP addresses or operating systems (B)

How does penetration testing help reduce IT security expenses?

By enhancing the Return on Security Investment (ROSI) (C)

Which of the following describes a major advantage of performing penetration testing?

To test and enhance existing security layers (D)

Which typing of penetration testing involves a pentester receiving no information about the target?

Black Box Testing (B)

What was one key factor that allowed hackers to compromise eBay's network?

Phishing that compromised employee credentials (A)

Which of the following types of information was NOT compromised in the eBay data breach?

Credit card information (C)

What is the primary importance of encrypting sensitive information in databases?

To protect information from unauthorized access (D)

How was the Google Play hack executed by Ibrahim Balic?

By exploiting a flaw in the Android Operating System (C)

What was a specific method through which eBay's security was compromised?

Targeting employees with phishing attacks (D)

What does eBay emphasize must be done with sensitive customer data?

It must be encrypted using strong encryption methods (A)

What was one significant consequence of the eBay data breach in 2014?

145 million customers had data loss (B)

What kind of attack did Ibrahim Balic conduct on the Google Play platform?

Exploitation of vulnerabilities (C)

What is the main focus of vulnerability assessment?

Identifying and evaluating security weaknesses (C)

Which of the following best describes penetration testing?

Simulating attacks to identify vulnerabilities (C)

What is a key component of ethical hacking?

Identifying vulnerabilities with permission (C)

Which phase of ethical hacking involves exploiting identified vulnerabilities?

Gaining Access (B)

What does the term 'enumeration' refer to in the context of network security?

Collecting information about resources and services (D)

Which of the following is a common type of vulnerability assessment?

Network vulnerability scans (C)

What is one of the main goals of information security policies?

To establish guidelines for protection and response (D)

Which term best describes an Ethical Hacker's primary role?

To help organizations to identify and fix vulnerabilities (A)

What is a common outcome of not conducting regular vulnerability assessments?

Exposure to undetected vulnerabilities (B)

Which of the following describes the primary responsibility of the incident response team?

To manage and orchestrate responses to security incidents (D)

What is the primary goal of offensive information warfare?

To gain competitive intelligence by accessing the opponent's territory (D)

Which of the following is NOT a component of defensive information warfare?

Hacking Techniques (C)

What characterizes the role of a hacker?

Gains unauthorized control over systems to steal sensitive information (D)

What are the three major components upon which an information security attack depends?

Motive, Objective, and Method (B)

In the context of hacking, what does reconnaissance mean?

Gathering information about a target system to identify weaknesses (D)

Which of the following actions is considered part of offensive information warfare?

Executing cyber attacks to modify opponent’s information (C)

Which of the following is a common motive for attackers to compromise a system?

Information theft (B)

What can result from a single data breach in a cloud computing environment?

Compromised multiple records (D)

What is a misconception about hackers?

All hackers are involved in illegal activities. (D)

In the context of information security, what does 'vulnerability' refer to?

An exploitable weakness in a system (A)

Which phase is NOT part of the typical hacking process?

Analysis of Defense (D)

What is the ultimate goal of hacking according to the definitions provided?

To exploit vulnerabilities for unauthorized access (C)

Which type of threat is data loss considered in cloud security?

Catastrophic potential threat (D)

What is a potential ethical motive behind information security attacks?

Propagation of political beliefs (B)

What aspect of cloud security can lead to data loss due to unintended means?

User mismanagement (D)

What do motives and objectives of an attacker typically depend on?

Valuable information stored in a system (C)

What is the main purpose of reconnaissance in the hacking process?

To gather information about the target (D)

Which of the following describes passive reconnaissance?

Gathering information without direct interaction (C)

What does the scanning phase primarily involve?

Obtaining information previously gathered during reconnaissance (C)

Which technique is NOT typically used to gain access to a system?

Data encryption (A)

In the maintaining access phase, what is the primary goal of the attacker?

To prevent detection and retain control over compromised systems (D)

Which of the following tools is commonly used during the scanning phase?

Port scanners (C)

What does privilege escalation refer to in the context of hacking?

Gaining additional access rights to an operating system (D)

What type of information can be gathered during the scanning phase?

Port status and operating system information (D)

What is the role of the Department of Homeland Security under FISMA?

To develop and administer information security policies for federal agencies. (C)

Which amendment did the Federal Information Security Modernization Act of 2014 make?

It amends the Federal Information Security Management Act of 2002. (A)

What is the primary purpose of footprinting in ethical hacking?

To gather information about a target for exploitation. (D)

In what way can pseudonymous footprinting be characterized?

Posting information under an assumed name to avoid detection. (D)

Which method is NOT commonly used in the footprinting phase?

Direct hacking into systems. (C)

What is a major advantage of active reconnaissance methods compared to passive methods?

Active methods generally provide more detailed information. (C)

Why is obtaining deeper information about a target important in ethical hacking?

It allows for a more efficient focus on the attack surface. (C)

Which of the following describes the aim of reconnaissance in cybersecurity?

To avoid any notification of information gathering to the target. (C)

What is the primary purpose of the Certified Ethical Hacker (CEH) credential?

To certify knowledge in ethical hacking from a vendor-neutral perspective (C)

Which section of the CEH exam carries the highest weight?

Tools/Systems/Programs (B)

How many questions are there in the CEH exam?

125 (C)

What is required for a candidate to be eligible for the CEH exam?

Two years of work experience in Information Security (B)

Which of the following concepts does Information Security NOT directly ensure?

Compliance with financial regulations (C)

Public internet is mainly known for its role in what context?

Spreading threats rapidly across the globe (A)

Which of these topics is least addressed by the CEH credential?

Software Development Lifecycle (D)

What essential action should organizations take to mitigate risks related to unauthorized access?

Ensure application of well-defined security policies and procedures (A)

What does data integrity ensure in information security?

Only authorized parties can modify data. (D)

What is the primary purpose of payload in malicious code?

To initiate harmful activities. (A)

What does the availability component of the CIA triad focus on?

Ensuring systems and data can be accessed when needed. (A)

What is a common threat to mobile devices?

Unsecured Wi-Fi (C)

Which of these best describes an insider attack?

An attack conducted by a trusted individual within the network (B)

Which of the following is a common use for bots in information security?

To automate tasks like spreading malware. (C)

What role do botnets typically serve on the Internet?

To perform repetitive tasks under control of a master computer (D)

Which method is not commonly used to ensure confidentiality for data in motion?

Regularly updating passwords. (A)

What is an example of a risk related to integrity in information security?

Corruption of data by malware. (D)

Which one of the following is NOT a common vulnerability on networks?

Using strong encryption methods (A)

What is a primary focus of host threats in a computer system?

Software exploitation vulnerabilities (D)

What is a common consequence of a Denial-of-Service (DoS) attack?

Server downtime for legitimate users. (A)

Which type of attack specifically targets the boundaries of data capacity in a program?

Buffer overflow (B)

In the context of botnets, what purpose does the 'Spider' program serve?

To crawl the internet for security weaknesses (D)

Which action can help protect data at rest?

Data encryption on storage media. (B)

What is a common outcome of software exploitation attacks?

Unauthorized system access (A)

What is one of the most significant mobile threats to business and personal information?

Spyware (D)

Which application threat involves flawed handling of user data input?

Improper Data Validation (A)

What type of attack can be characterized by overwhelming a system resource to disrupt its functioning?

Denial-of-Service Attack (B)

Which of the following is a characteristic of network threats?

They can exploit vulnerabilities in configuration. (B)

Which of the following is NOT a common type of host-level threat?

Man-in-the-Middle Attacks (C)

What type of attack focuses primarily on vulnerabilities found in an operating system?

Operating System Attacks (B)

During an application threat assessment, which vulnerability category can lead to unauthorized access?

Authentication & Authorization Attack (C)

What is a primary factor that motivates an attacker to target a specific system?

Valuable data stored within the system (B)

What role does vulnerability play in an information security attack?

It enables the attacker to exploit weaknesses in the system. (A)

Which of the following best describes a consequence of a data breach in cloud computing?

Opportunity for attackers to access multiple records (B)

What is an inherent risk associated with data loss in cloud security?

Data loss may occur due to both accidental and intentional means. (A)

How does the method of attack relate to the goals of an attacker?

The method must align with the attacker’s motives to effectively achieve their goals. (C)

Which statement accurately captures the nature of motives behind information security attacks?

Motives can be ethical or unethical and based on various objectives. (A)

What is the significance of cloud computing threats in relation to traditional security issues?

They replicate many of the same issues found in traditional security implementations. (B)

In the context of information security, what is a potential outcome of an attacker achieving their objectives?

Impacts on the target's reputation and data integrity. (A)

What is the main purpose of email encryption?

To prevent unauthorized access to email content (A)

Which of the following best describes a digital signature?

An encryption mechanism that ensures non-repudiation (B)

Which cryptography attack aims to recover the plaintext from the ciphertext without the secret key?

Code breaking (A)

What role does SSL (Secure Sockets Layer) play in network security?

It is used for ensuring secure communications over a computer network (D)

Which technology is primarily used for disk encryption?

AES (Advanced Encryption Standard) (D)

Which phase of ethical hacking involves analyzing the security posture of a target?

Reconnaissance (B)

What type of network scanning checks for live systems within a subnet?

Ping scanning (B)

Which of the following is an example of a vulnerability scanning solution?

Nessus (C)

What is the role of the incident response team during a cyber attack?

To minimize damage and recover from the attack (D)

Which statement accurately describes non-repudiation in information security?

It enables verification of a transaction’s origin and integrity (D)

What is a common motive behind information security attacks?

Seeking revenge against an organization (B)

Which encryption method is typically linked with Pretty Good Privacy (PGP)?

Asymmetric-key encryption (D)

Flashcards

Session Hijacking

Exploiting vulnerabilities in network protocols or applications to intercept and manipulate communication sessions between a user and a server.

Application-Level Session Hijacking

A type of attack aiming to take over a user's active session with a web application by acquiring the session ID.

Compromising Session IDs Using Client-side Attacks

A technique that exploits weaknesses in web applications to gain access to a user's session ID.

RST Hijacking

A type of attack that sends specially crafted packets to a server, attempting to hijack an existing TCP connection.

Directory Traversal Attacks

A technique used to identify potential web server vulnerabilities by testing different directory paths.

DoS/DDoS

A type of attack that attempts to disrupt a web server's availability through overwhelming it with requests.

Phishing Attacks

A technique used to deceive users into providing sensitive information by impersonating a legitimate website.

Website Defacement

Compromising a website's content to display malicious information.

Authenticity

Ensures the information is genuine and originates from the claimed source.

Authentication

Process of verifying the identity of a user or device to grant access.

Non-Repudiation

Guarantees the sender cannot later deny sending the message and the receiver cannot deny receiving it.

Security, Functionality, and Usability Triangle

A measure of the strength of security in a system considering its functionality and usability.

Confidentiality

Safeguarding data and information from unauthorized access, modification, or destruction.

Availability

Ensuring data and systems are available when needed.

Integrity

Ensuring the accuracy and completeness of information.

Business continuity planning

Strategies to minimize the impact of business disruptions and restore normal operations quickly.

DoS/DDoS Attacks

Attacker floods the web server with requests, overwhelming it and making it unavailable to legitimate users.

IDS

Intrusion Detection System (IDS) constantly monitors network traffic for malicious activity.

Firewall

A network security device that controls incoming and outgoing traffic based on predefined rules.

Honeypot

A decoy system designed to attract attackers and gather intelligence about their techniques.

Obfuscating

Technique to hide malicious code within normal data, aiming to bypass security systems like firewalls.

Attacker's Motive

The reason or purpose behind an attack on a system.

Attacker's Method

The specific action or technique used by an attacker to exploit a vulnerability and achieve their goal.

System Vulnerability

A weakness in a system that can be exploited by an attacker to gain unauthorized access or cause harm.

Single Data Breach Impact

A situation where a single data breach in a cloud environment could potentially compromise multiple records, leading to significant data loss.

Cloud Data Loss

The unintentional or intentional loss of data, which can occur in various scales and have severe consequences for businesses and individuals.

Cloud Security

The security measures and practices implemented to protect data and services in a cloud computing environment.

Information Security Attack Triangle

The combination of attacker motives, methods, and vulnerabilities that create a successful attack.

Penetration Testing

The process of searching for vulnerabilities and flaws in a system to prevent attacks.

Ethical Hacker

A skilled professional who ethically hacks systems to identify vulnerabilities.

Footprinting

The first phase of ethical hacking, involving gathering information about the target system or network.

Scanning

A phase of ethical hacking that involves scanning the target for vulnerabilities, typically using automated tools.

Enumeration

A phase of ethical hacking that focuses on gathering detailed information about the target's services, accounts, and other assets.

System Hacking

A phase of ethical hacking that simulates real-world attacks to exploit vulnerabilities and gain access to the target system.

Escalation of Privileges

A phase of ethical hacking where the attacker attempts to escalate their privileges on the compromised system.

Covering Tracks

A phase of ethical hacking where the attacker attempts to cover their tracks and remove any evidence of their presence.

Vulnerability Assessment

A process that identifies, analyzes, and addresses vulnerabilities in systems or applications to prevent potential attacks or breaches.

Incident Response Management

A set of steps that an organization takes to prepare for, respond to, and recover from security incidents. It involves various stages, including preparation, detection, containment, investigation, and recovery.

Incident Response Team

A team of experts responsible for handling security incidents. It includes IT personnel, security specialists, and others who can investigate, mitigate, and recover from attacks.

Incident Response Plan (IRP)

A document outlining the procedures and responsibilities for handling security incidents within an organization. It defines the actions to be taken in case of a breach.

Forensic Investigation

A crucial phase in the incident response process that investigates the nature and extent of an attack. It involves collecting evidence, analyzing logs, and identifying the attackers' techniques.

Containment

A stage in incident response that involves stopping the spread of an attack and preventing further damage. It often involves isolating affected systems or network segments.

Eradication and Recovery

A measure that focuses on restoring a system or network to its normal state after a security incident. It may involve data recovery, system repairs, and security hardening.

Post-Incident Activities

Activities conducted after a security incident to identify lessons learned, improve security controls, and prevent similar incidents in the future.

The 3-Way Handshake

A series of three packets exchanged to establish a secure TCP connection between a client and a server. It's the foundation for many network protocols.

TCP/IP Hijacking

A technique targeting the TCP connection setup process. The attacker intercepts the handshake and manipulates it, potentially establishing the connection to the server instead of the intended client.

Session Hijacking with Client-side Attacks

A technique that exploits weaknesses in web applications to get a user's session ID.

IP Address Spoofing

A technique where an attacker directs network traffic to a different server, creating a false path for communication.

Phishing

A deceptive technique that tricks users into giving up sensitive information by impersonating a legitimate website.

HTTP Response Splitting Attack

A vulnerability in web servers where attackers exploit HTTP response headers to inject malicious code or redirect users to malicious websites.

Worm

A type of malware that can replicate itself and spread quickly on a resident system, often responsible for disrupting network services with DoS attacks.

Advanced Persistent Threat (APT)

A continuous process of stealing information by exploiting system vulnerabilities, often targeting private organizations or political entities.

Skills of an Ethical Hacker

A skilled ethical hacker possesses a range of technical and non-technical skills, including a deep understanding of operating systems, networking, security concepts, and ethical hacking methodologies.

Mobile Devices as Attack Targets

Mobile devices, especially smartphones, have become prime targets for attackers due to their widespread use and potential for accessing sensitive information.

Insider Threat

An insider threat is a security breach caused by someone with authorized access to a system or network, such as an employee or contractor. It involves exploiting existing privileges to gain unauthorized access.

Botnet

A botnet is a network of compromised computers (bots) controlled by a single attacker. Bots perform tasks remotely for the attacker, often for malicious purposes. They are known for their repetitive nature.

Network Threats

Network threats exploit vulnerabilities in network infrastructure components like routers, switches, or firewalls. This could involve using default settings, weak passwords, or lacking the latest security patches.

Data Leakage

Data leakage refers to the unintentional or unauthorized release of sensitive information from a system. This could happen due to human error, faulty security measures, or external attacks.

Unsecured Wi-Fi

Unsecured Wi-Fi networks are susceptible to eavesdropping and data theft because they lack proper encryption and authentication. Attackers can easily intercept sensitive information sent over such networks.

Network Spoofing

Network spoofing involves impersonating a legitimate device or system on a network to gain unauthorized access. Attackers can deceive other devices into trusting them.

ISO/IEC 27001:2013

A standard that ensures the implementation, maintenance, and improvement of an information security management system within an organization.

HIPAA

A set of rules that protect the privacy and security of health information.

HIPAA Security Rules

It defines the standards and regulations for protecting patient health information.

Sarbanes-Oxley Act (SOX)

A law designed to protect investors by improving the accuracy and reliability of corporate financial reporting.

Title II of Sarbanes-Oxley Act

A part of SOX that focuses on the independence of auditors.

Digital Millennium Copyright Act (DMCA)

A law combating online copyright infringement.

Federal Information Security Management Act (FISMA)

A law that sets cybersecurity standards for federal agencies.

Business Continuity Planning (BCP)

A comprehensive set of policies and procedures that helps organizations recover from business disruptions, like natural disasters or cyberattacks.

Intrusion Detection System (IDS)

A technology designed to detect intrusion attempts and malicious activities on a network.

Denial of Service (DoS) Attack

A deliberate attempt to make a system unavailable to legitimate users by overwhelming it with requests.

What is a Payload?

A malicious code component that triggers harmful actions like exploiting vulnerabilities, opening backdoors, and hijacking systems.

What is a Bot?

Software that can be remotely controlled to execute predefined tasks, often used for automation and malicious activities.

What is Integrity in Information Security?

Ensuring that only authorized individuals can access and modify sensitive data.

What is Confidentiality in Information Security?

Protecting data and information from unauthorized access, modification, or destruction.

What is Availability in Information Security?

Guaranteeing that systems and data are available when needed by authorized users.

What is the CIA Triad?

A framework for remembering the three core principles of Information Security: Confidentiality, Integrity, and Availability.

What is Authentication?

A mechanism for verifying the identity of users or devices to grant access.

What is Encryption?

A method used to secure sensitive data by transforming it into an unreadable format.

Black Box Testing

A type of penetration testing where the tester has no prior knowledge of the system or any information about the target, simulating a situation where attackers have no insider information.

Gray Box Testing

A type of penetration testing where the tester has limited prior knowledge of the system, such as IP addresses, operating system, or network information, but not a full understanding of the target's internal workings.

White Box Testing

A type of penetration testing where the tester has significant prior knowledge of the target system, including access to internal documentation, network diagrams, and other resources, often used for evaluating specific components or configurations.

Attack Simulation

A simulated attack or series of attacks conducted to test the effectiveness of security defenses and identify vulnerabilities in systems or networks.

Business Continuity

Strategies and plans designed to minimize the impact of disruptions and restore business operations quickly. This includes identifying critical functions and developing recovery plans.

CIA Triad

The three core principles of Information Security, often referred to as the CIA Triad.

Encryption

A technique used to secure sensitive data by transforming it into an unreadable format, making it difficult for unauthorized personnel to access it.

What is Reconnaissance?

The initial phase of an attack where the attacker gathers information about the target to plan their attack.

What is the Scanning Phase?

A phase in hacking where the attacker scans the target network using tools like port scanners and network mappers to gather information about open ports, operating system, and network devices.

What is Gaining Access in Hacking?

The point where an attacker gains control over a system or network, obtaining access to data and resources.

What is Maintaining Access (Escalation of Privileges)?

The phase where the attacker aims to maintain control over the compromised system, often using techniques like backdoors, rootkits, or Trojans to stay hidden.

What is Reconnaissance?

A pre-attack phase where the attacker gathers information about the target using passive and active reconnaissance techniques, such as public searches, social media, or direct contact.

What is the First Phase of an Attack?

The initial phase involves gathering information about a target system or network. This includes collecting data from publicly available resources, social media, and other sources.

What is the Second Phase of an Attack?

During this phase, the attacker aims to identify specific vulnerabilities within the network or system. They utilize network scanning tools like port scanners and vulnerability scanners to uncover potential weaknesses.

What is the Third Phase of an Attack?

The attacker utilizes various methods to gain access to the target system or network. This can involve exploiting known vulnerabilities, brute force attacks, or social engineering techniques to gain unauthorized access.

Information Warfare

The use of information and communication technology (ICT) to gain a competitive advantage over an opponent.

Defensive Information Warfare

Defensive actions taken to protect information and information systems from attacks.

Offensive Information Warfare

Aggressive operations taken against an enemy to gain information, disrupt their operations, or seize control of their information systems.

Hacker

An individual who uses technical skills to gain unauthorized access to computer systems.

Hacking

Exploiting vulnerabilities in a system to gain unauthorized access, control, or disrupt its functionality.

Reconnaissance

The initial phase of hacking where an attacker gathers information about their target, often using public sources or reconnaissance tools.

Information Security

Ensuring the authenticity, integrity, and availability of information and systems.

Cyber Warfare

The use of technology to manipulate, disrupt, or disable an opponent's ability to communicate or access information.

Effective Security Policy

A security policy should prioritize effectiveness and benefit to the organization, not just applying unnecessary security measures that waste resources and create weaknesses for attackers.

Data Breach

A data breach is a security incident where sensitive data is compromised and potentially stolen.

eBay Data Breach

The eBay data breach in 2014 affected millions of users, highlighting the importance of strong data security for sensitive information.

Google Play Hack

A Turkish hacker exploited vulnerabilities in Google Play, emphasizing the need for constant vigilance and robust security patches.

Encryption Importance

Storing sensitive information in a plain text format makes it vulnerable to data breaches. Encrypting data is crucial to protect its confidentiality.

Vulnerability Testing

Vulnerability testing is a crucial security practice where systems are tested for weaknesses to identify and fix before attackers exploit them.

Hackers Exploit Vulnerabilities

A hacker can exploit vulnerabilities to gain unauthorized access to a system and potentially cause harm.

Pseudonymous Footprinting

A method of gathering information about a target using fake identities and online sources.

DMCA

A U.S. law that combats copyright infringement online.

Study Notes

CEH V10 EC-Council Certified Ethical Hacker

• This guide provides comprehensive training for the CEH v10 exam (312-50).
• The course focuses on advanced hacking techniques.
• The aim is to help students think like hackers to identify vulnerabilities.

Document Control

• Updated 14th May 2018
• Version 1.0
• Includes Practice Labs and Certified Ethical Hacking Workbook.

Technology Brief

• Introduces ethical hacking and its relationship with computer technologies.
• Explains data breaches as a threat to computer security.
• Outlines technologies, threats and vulnerabilities and hacking phases.

Table of Contents

• Contains detailed chapter organization of the topics covered in the guide.
• Topics include Introduction to Ethical Hacking, Technology Brief, Data Breach, and Essential Terminology.
• Further topics include the Security, Functionality and Useability Triangle; discussion on security threats, attack vectors, and motivations behind attacks.
• Discusses types of attacks on a system and hacking concepts, types and phases, further breaking these into Hacking, Hacking Phases and Ethical Hacking Concepts and Scope.
• Discusses Why Ethical Hacking is necessary, and Scope and Limitations.
• Explores the different phases of Ethical Hacking, including Skills of an Ethical Hacker and Information Security Controls.
• Further chapters tackle Information Assurance, Information Security Management Program, Threat Modeling, and Enterprise Information Security Architecture.
• Other chapters are dedicated to Network Security Zoning, Information Security policies, Implications for Security Policy Enforcement, Physical Security, Incident Management and Incident Management Process.
• Further chapters include Penetration Testing, Security Testing Methodology, and International Security Laws and Standards, including details of PCI-DSS, ISO/IEC 27001, and specifics such as HIPAA and SOX acts.
• Additional topics of interest are Footprinting, Internet Footprinting, Footprinting through Social Networking Sites, website Footprinting, Email Footprinting, and Competitive Intelligence.
• Further chapters cover Scanning, Virtual Labs, practice questions, Monitoring, authors and reviewers.
• More advanced chapters include System Hacking, Escalating Privileges, Hiding Files, Malware, Steganography, Virus Analysis, and Sniffing techniques and tools, along with MAC Flooding, DHCP Attacks, and DNS poisoning.
• Other topics include Social Engineering, Risks of Social Networking, Identity Theft, and the process of Identity Theft.
• Continues with Denial of Services, Botnets, DDoS, and further details on Session Hijacking, Evading IDS, Firewalls, and Honeypots, plus DNS poisoning techniques.
• Other topics covered include Web server concepts, Web server attacks, Website Defacement, HTTP Response Splitting, Web Cache Poisoning, SSH brute attack, and other web application attacks and vulnerabilities.
• Explores Patch Management, Microsoft Baseline Security Analyzer (MBSA), security issues of Web Applications, and SQL Injection.
• Explores Wireless Concepts, Wireless Hacking Methodology, Wireless Security Tools, Bluetooth Hacking, and Wireless Security Tools, along with details on Bluetooth Attacks, such as BlueSmacking, BlueBugging, BlueJacking, BluePrinting and BlueSnarfing.
• Continues to IoT Hacking methodology and attack areas explored; Cloud Computing threats and attacking, including several cloud security approaches, such as On-premises MDM deployment and Cloud-based MDM deployment, and more.
• Additional chapters on Cryptography covered, including Encryption Algorithms, such as Ciphers, AES, and DES, the RSA Algorithm, and Secure Hashing Algorithms (SHA).
• Different forms of Cryptography attacks are presented.
• Practical tools and techniques are reviewed for working with these attacks, discussing tools such as HashCalc, and Advanced Encryption Package 2014.
• Explicitly reviews the feedback and contact information for the book.
• Explains the author's experience and qualifications.
• Provides contact information for feedback, including book title and ISBN.