Ethical Hacking and CIA Triad

Questions and Answers

Which of the following is the MOST accurate description of the relationship between ethical hacking and software development?

• Ethical hacking is a completely separate field from software development and has no impact.
• Ethical hacking is a process used to identify vulnerabilities in software, informing developers how to improve security. (correct)
• Ethical hacking is only relevant after a software application has been deployed and is in production.
• Software development is primarily focused on preventing ethical hackers from accessing systems.

What is the primary goal of promoting ethical hacking among software developers, according to the presentation?

• To enable developers to bypass security measures for faster development.
• To encourage developers to share company secrets.
• To foster a greater awareness of cybersecurity threats and defensive strategies. (correct)
• To turn all developers into professional penetration testers.

In the context of the CIA triad, what does 'Integrity' primarily ensure?

• Data is accessible to authorized users when needed.
• Systems can quickly recover from unexpected outages or incidents.
• Data is protected from unauthorized access and disclosure.
• Data remains accurate, complete, and unaltered by unauthorized modifications. (correct)

Which of the following scenarios BEST illustrates the 'Confidentiality' aspect of the CIA triad in data security?

A bank encrypts customer account numbers to prevent unauthorized access. (D)

A company experiences a data breach where customer information is exposed. Which principle of the CIA triad was MOST directly violated?

Confidentiality (A)

Consider a scenario where a hacker modifies sensitive data stored in a database. Which element of the CIA triad is MOST directly compromised?

Integrity. (C)

Which of the following actions would BEST support the 'Availability' principle of the CIA triad?

Regularly backing up data to an offsite location. (C)

How does encryption contribute to maintaining confidentiality within the CIA triad?

By converting data into an unreadable format, protecting it from unauthorized access. (A)

Which of the following ports are commonly associated with web hosting services?

Ports 80 and 443 (D)

In the Kioptrix Level 1 challenge, which service is identified as having a vulnerability that can be exploited for root access?

Samba file share service (A)

What is the primary function of Metasploit's auxiliary library in the context of the Kioptrix Level 1 challenge?

Gathering information about target services (C)

When using Metasploit to scan for the Samba version, what does the tool do after setting a target?

Establishes a reverse shell and scans for open ports running SMB (A)

After discovering the Samba version, what is the next recommended step in the exploitation process?

Searching for known exploits for that specific Samba version (B)

What is 'exploitation' in the context of cybersecurity?

Taking advantage of vulnerabilities to gain unauthorized access (C)

What is the trans2open exploit commonly associated with in the context of the Kioptrix Level 1 challenge?

Exploiting vulnerabilities in Samba versions like 2.2.1a (B)

In the exploitation phase, what is a 'payload'?

A set of instructions or scripts to be executed on the target system (C)

What is the ultimate goal when establishing a remote connection to a target machine using a reverse shell, as described?

To gain root access and full control over the target machine. (D)

According to the content, which type of exploit focuses on weaknesses in physical devices or components?

Hardware Exploit (C)

What makes zero-day exploits particularly dangerous?

They target vulnerabilities before a patch is available. (C)

Which of the following is NOT a method attackers use to develop exploits, as mentioned?

Direct collaboration with software vendors (A)

In the context of fuzzing, what does 'mutation-based' input generation involve?

Modifying known valid inputs to generate new test cases. (C)

Why is it important to consider social engineering exploits when securing systems?

Because social engineering bypasses technical security measures by exploiting human psychology. (D)

Which approach would be most effective for a company to proactively identify vulnerabilities in its systems?

Setting up a virtual version of their systems and running attacks in a controlled environment. (B)

During a security assessment, an ethical hacker discovers a vulnerability that is unknown to the software vendor. What type of vulnerability is this?

A zero-day vulnerability (D)

Which of the following scenarios best illustrates a hacker's motive to modify data within a compromised system?

Changing patient medical records to fraudulently claim insurance benefits. (B)

Implementing confidentiality, integrity, and availability (CIA) is crucial during software development to:

Protect data, maintain accuracy, and ensure uninterrupted access to resources. (C)

In the context of the DAD triad, which of the following actions aligns with the 'Alteration' objective from a hacking perspective?

Injecting malicious code into a banking application to redirect transactions. (D)

Which scenario exemplifies a 'Disclosure' threat, as it relates to compromising confidentiality?

A disgruntled employee releasing sensitive customer data to a public forum. (B)

What distinguishes 'ethical hacking' from malicious hacking activities?

Ethical hacking seeks to identify and rectify vulnerabilities with permission, while malicious hacking aims to exploit vulnerabilities for unauthorized purposes. (A)

Why is understanding the processes that hackers follow crucial for data protection?

It allows organizations to anticipate attack vectors and implement proactive security measures. (B)

An organization experiences a system failure that prevents customers from accessing their online services. According to the DAD triad, this incident is an example of:

Denial. (C)

A red team operation simulates real-world cyber attacks to assess an organization's security posture. In the context of the DAD triad, what is the MOST likely objective a red team would pursue during such an operation?

Modifying system logs to hide their activities and gain persistent access. (A)

Why is it important for individuals to stay informed about cybersecurity trends, beyond relying solely on the IT department?

To recognize vulnerabilities and potential threats proactively. (C)

Which approach is most effective for gaining practical cybersecurity skills, according to the content?

Focusing on hands-on training platforms like Hack The Box and TryHackMe. (C)

In what phase of the software development cycle should security be integrated?

At every step of the software development cycle. (A)

Which of the following resources provides documentation and guidelines specifically for secure software development practices?

OWASP Secure Coding Practices Guide (C)

An organization is looking to improve its cybersecurity posture. Besides reactive measures, what proactive approach should it prioritize?

Integrating security practices into every stage of software development. (A)

Which of the following best describes fuzzing in software development?

A testing technique that involves feeding randomized or unusual inputs into software to identify vulnerabilities and edge cases. (B)

How is AI enhancing fuzzing techniques in software testing?

By predicting potential weakness and testing millions of inputs quickly. (A)

What is the primary cause of successful hacks?

Human error, such as clicking on phishing links or granting unauthorized access. (B)

What is a key element in fostering a security-conscious environment within a company?

Creating a culture where employees feel comfortable reporting security concerns and mistakes. (B)

Which of the following strategies is most effective in preventing successful cyber attacks?

Establishing a security culture through regular training and encouraging the reporting of security concerns. (B)

Why is it important to involve cybersecurity professionals from the beginning of a software development project?

To integrate security considerations into the planning, design, and testing phases. (B)

An employee notices a suspicious email asking for their login credentials. Following the best practices outlined, what should they do?

Report the email to the security team or designated personnel within the company. (D)

A company experiences a minor security breach due to an employee's mistake. What approach should management take to address the situation effectively?

Focus on identifying the root cause of the mistake and implementing measures to prevent recurrence. (B)

Flashcards

Ethical Hacking

Discovering vulnerabilities in systems to improve security.

Cyber Security

Protecting computer systems and networks from cyber threats.

CIA Triad

Confidentiality, Integrity, and Availability.

Confidentiality

Protecting information from unauthorized access.

Integrity

Ensuring data is accurate and hasn't been altered without permission.

Availability

Making sure systems are up and running when needed.

Encryption

Using encryption to protect sensitive data.

Access Controls

Controlling who can access specific data or systems.

Disclosure (Hacking)

Gaining unauthorized access to confidential data.

Alteration (Hacking)

Making unauthorized changes to data or systems.

Denial (Hacking)

Preventing legitimate users from accessing resources or services.

DAD Triad

The three primary threats that challenge cybersecurity objectives.

Disclosure Examples

Data breaches, insider threats, or intercepted communications.

Alteration Examples

Malicious code, unauthorized system changes, or man-in-the-middle attacks.

Denial Examples

Distributed Denial of Service (DDoS) attacks, system failures, or ransomware.

What is a Port?

A communication endpoint on a network, identified by a number.

Common Exploitable Ports

22: Remote access (SSH). 80 and 443: Web hosting (HTTP/HTTPS). 139: File sharing (Samba).

What is Metasploit?

A tool in Kali Linux used for vulnerability scanning and exploitation.

What are auxiliary modules in Metasploit?

A Metasploit module used to gather information about a target.

What is 'smb_version'?

A Metasploit module that scan for services running on a target.

What is Exploitation?

Taking advantage of vulnerabilities in systems to gain unauthorized access.

What is trans2open?

Samba version 2.2.1a vulnerability.

What is a Payload?

A set of instructions or scripts executed after successful exploitation.

Reverse Shell Root Access

Establishing a remote connection to a target machine and gaining root access.

Software Exploits

Exploits targeting vulnerabilities in applications or operating systems.

Hardware Exploits

Exploits focusing on weaknesses in physical devices or components.

Network Exploits

Attacks targeting vulnerabilities in network protocols or configurations.

Social Engineering

Exploiting human psychology rather than technical vulnerabilities, for example, tricking someone into revealing sensitive information.

Zero-Day Exploit

A cyber-attack that targets a previously unknown vulnerability before developers have a chance to patch it. The vulnerability is unknown to the software vendor.

Fuzzing

Automatically generating a massive number of test inputs to find software vulnerabilities.

Mutation-Based Fuzzing

Modifies known valid inputs to create test cases for fuzzing.

Security Integration

Incorporating security measures into every phase of the software creation process, not just at the end.

Security Awareness Training

Platforms offering courses and materials to educate individuals about cybersecurity threats and best practices.

Hands-on Cybersecurity Training

Platforms that provide practical exercises and simulations to develop cybersecurity skills.

Secure Developer Training

Training specifically designed for developers to learn how to write secure code and prevent vulnerabilities.

OWASP Secure Coding Practices Guide

A collection of guidelines and best practices for developing secure software.

Main cause of hacks

Mistakes made by people. Clicking phishing links, unauthorized access, or failing to update software.

Safe Sharing Environment

A workplace where employees feel safe reporting mistakes and security concerns without fear of punishment.

Team Training and Security Culture

Training the team regularly on security best practices, fostering a security-first mindset, and encouraging reporting of concerns.

Security Culture

Creating a workplace environment where security is prioritized and everyone feels responsible for it.

How to develop security culture

Training, creating a security-first mindset, encouraging reporting, rewarding good security behavior.

Integrated Cybersecurity

Involves cyber security experts from the start, during planning, design, and testing phases.

Cyber Security Professional

Essential for helping you secure the specific types of software you're creating.

Study Notes

• The presentation will cover cyber security, ethical hacking, software development best practices, and learning resources.
• The goal is to encourage everyone to become an ethical hacker to reveal cyber security vulnerabilities.
• This will increase awareness of shared data and how to protect oneself and the company.

Cyber Security

• The focus is on reviewing basic cyber security information.
• CIA in cybersecurity represents Confidentiality, Integrity, and Availability.
• These are key objectives in defense and known as Blue team operations.
• Confidentiality involves access controls, encryption, and secure authentication to protect data from unauthorized access.
• Integrity means preventing unauthorized modification of information to ensure data remains authentic and reliable.
• Availability includes maintaining system uptime, preventing service disruptions, and ensuring quick recovery from incidents.
• Data security involves thinking how to implement confidentiality, integrity, and availability.

Cyber Security Threats

• The DAD triad represents Disclosure, Alteration, and Denial.
• They represent hacking threats and Red team operations.
• Disclosure compromises confidentiality through data breaches, insider threats, or intercepted communications.
• Alteration occurs through malicious code, unauthorized system changes, or man-in-the-middle attacks.
• Denial includes Distributed Denial of Service (DDoS) attacks, system failures, or ransomware blocking access to critical resources.
• The goal of a hacker is to gain access to confidential data and disrupt normal operations.
• Hackers trick users into clicking malicious links, potentially locking up their computers.

Ethical Hacking

• Learning how systems are exploited helps avoid vulnerabilities, become familiar with exploits, and experiment with hacking tools.
• One course is the Practical Ethical Hacking course from TMC Security Academy.
• A 3-phase approach to ethical hacking involves passive research, active research/scanning and discovery, and executing the hack.

Passive Reconnaissance

• Reviewing satellite images and social media posts reveals employee information.
• Hackers may join employee groups in break areas to blend in.
• Photos may reveal employee usernames, badge numbers, and operating systems.
• This data is critical in hacking and presents a security concern.
• Tools like hunter.io and emailhippo discover and verify email addresses.
• Hackers can send phishing attacks and discover logon credentials using email addresses.
• Dehashed.com and haveibeenpwned.com search for data from previous hacks or data breaches of personal credentials.
• Dehashed.com is a subscription tool to discover usernames and passwords used.
• Google can discover information to exploit vulnerabilities.
• site:someSite.com -www finds subdomains.
• site:someSite.com filetype:pdf finds files of a specific type.

Scanning and Investigating

• A home lab can be created with Kali Linux to hack into a vulnerable machine.
• VMWare is used to install virtual machines, with VMware Player for Windows and VMware Fusion Pro for Mac.
• Kali Linux, built with cyber security routines, can be downloaded for VMWare.
• Vulnhub offers virtual machines for practicing ethical hacking skills.
• Kioptrix virtual machine is designed for practicing hacking within a local network.
• Kioprtix and Kali should run on the same network (NAT, not Bridged).
• Finding the IP of Kioptrix, scanning open ports, investigating ports for exploits, and discovering potential vulnerabilities are useful techniques to start with.
• Search for IP addresses on the network to discover other devices.
• Nmap scans for open ports to show services running and develop an exploitation plan.
• Possible ports to exploit includes:
  • Port 22 (SSH or remote access)
  • Ports 80 and 443 (web hosting)
  • Port 139 (file share with Samba)
• Metasploit identifies the version of Samba for a specific exploit.
• Use the auxiliary library in Metasploit to get the required information.
• SMB scans in Metasploit can be used for smb service discovery, looking for #16 smb_version.
• Running the SMB version scan from metasploit establishes a reverse shell.
• Google can be used to search for exploits, for example, for samba 2.2.1a, the trans2open exploit.

Exploitation

• Exploitation involves taking advantage of vulnerabilities, weaknesses, or flaws in systems, networks, or applications for unauthorized access or control.
• The final steps are to set a payload (set of instructions/scripts) to establish a remote connection to the target machine using a reverse shell gaining root access
• Root access will give full access to data and services.
• After getting root access on the Kioptrix machine, reading a congratulatory message in the mail app will be possible

Overcoming Feeling Overwhelmed

• Consider if your company is vulnerable to an attack.
• Decide to become an ethical hacker to fix vulnerabilities before getting hacked.

Types of Exploits

• Software Exploits Target vulnerabilities in applications or operating systems
• Hardware Exploits Focus on weaknesses in physical devices or components
• Network Exploits Attack vulnerabilities in network protocols or configurations
• Social Engineering Exploit human psychology rather than technical vulnerabilities
• Inspect your systems and determine vulnerabilities.

Zero-Day Exploits

• These are cyber-attacks that target previously unknown vulnerabilities before developers can patch them.
• The vulnerability is unknown to the software vendor.
• There is no available patch or fix at the time of exploitation.
• Attackers have the advantage of time.

Fuzzing

• Key aspects of fuzzing:
  • Automated input generation: Creates millions of test cases rapidly
  • Mutation-based: Modifies known valid inputs to create test cases
  • Generation-based: Creates new inputs from scratch based on input format
  • Coverage-guided: Uses program behavior to guide input generation
• Fuzzing involves feeding randomized or unusual inputs into software to see where it breaks in order to catch exceptional cases and vulnerabilities.
• AI is making fuzzing more powerful, testing thousands/millions inputs predicting where weaknesses might occur.

Next Steps

• It's essential evaluate how personal or company data is accessible and how to improve security.

Mistakes

• 95% of successful hacks are due to a person making a mistake.

Best Practices

• Enforce Team Training and Security Culture
• Establish Regular security awareness training
• Foster a security-first mindset
• Encourage reporting of security concerns
• Recognize and reward security-conscious behavior
• Cyber security training and implementation should develop a security culture that prioritizes security

Resources

• Integrate cybersecurity into planning, design, and testing.
• Work with a cyber security professional specializing in the types of software being developed.
• Shore up existing software and integrate security into each step of the software development cycle.
• Resources include:
  • Cyber Crime Magazine
  • The 20 biggest data breaches in history
  • Cybersecurity Trends for 2025 and Beyond
• Training Platforms: KnowBe4, Pluralsight, TCM Security, Hack The Box, TryHackMe, SecureFlag, Security Journey
• Documentation and Guidelines: OWASP Secure Coding Practices Guide, NIST Secure Software Development Framework (SSDF), Microsoft Security Development Lifecycle (SDL)

Description

This lesson explores the relationship between ethical hacking and software development, focusing on how ethical hacking promotes secure software. It covers the CIA triad (Confidentiality, Integrity, Availability) and its application in data security, including scenarios involving data breaches and encryption.