Ethical Hacking Course GCyB - II
45 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary goal of the pre-assessment phase in vulnerability management?

  • To monitor systems continuously
  • To create a baseline for vulnerability management (correct)
  • To conduct a vulnerability scan
  • To implement remediation strategies

Which step is NOT included in creating a baseline during the pre-assessment phase?

  • Prioritize critical assets
  • Identify business processes
  • Conduct penetration testing (correct)
  • Understand network architecture

What is one of the tasks involved in the pre-assessment phase?

  • Performing vulnerability scans
  • Identifying controls already in place (correct)
  • Verifying the assessment results
  • Remediation of vulnerabilities

In which phase do organizations typically identify vulnerabilities in their infrastructure?

<p>Vulnerability assessment phase (B)</p> Signup and view all the answers

What should be prioritized when creating an inventory of all assets during the pre-assessment phase?

<p>Prioritize critical assets (A)</p> Signup and view all the answers

What is a key aspect of understanding before defining the scope of the assessment?

<p>Network architecture and infrastructure (B)</p> Signup and view all the answers

What is accomplished during the risk assessment post the vulnerability assessment phase?

<p>Analysis of identified vulnerabilities (B)</p> Signup and view all the answers

During the pre-assessment phase, what type of documents or procedures are designed?

<p>Information protection procedures (D)</p> Signup and view all the answers

What is the primary role of NVD staff in relation to CVEs?

<p>To aggregate data points from various sources (D)</p> Signup and view all the answers

What is the purpose of the Common Weakness Enumeration (CWE)?

<p>To categorize software and hardware vulnerabilities (B)</p> Signup and view all the answers

Which of the following best describes a vulnerability assessment?

<p>A systematic process for identifying and evaluating security vulnerabilities (D)</p> Signup and view all the answers

Who provides the information that NVD relies on for CVE attributes?

<p>Vendors, third party security researchers, and vulnerability coordinators (D)</p> Signup and view all the answers

What is one of the main goals of conducting a vulnerability assessment?

<p>To identify weaknesses before they are exploited (B)</p> Signup and view all the answers

What is the maximum prison sentence for a first conviction of obtaining national security information under the CFAA?

<p>Up to ten years (D)</p> Signup and view all the answers

What penalty is specified for intentionally disrupting the operation of an automated data processing system under Law 07-03?

<p>One to three years of imprisonment (D)</p> Signup and view all the answers

Under the CFAA, how long can a second conviction for accessing a computer to defraud and obtain value result in imprisonment?

<p>Up to ten years (B)</p> Signup and view all the answers

Which of the following acts is punishable by a maximum fine of 200,000 dirhams under Law 07-03?

<p>Fraudulently introducing data into a system (A)</p> Signup and view all the answers

What is the penalty for trafficking in passwords under the CFAA for a first conviction?

<p>Up to one year (B)</p> Signup and view all the answers

Which of the following actions is punishable by a minimum of one year under the CFAA?

<p>Accessing a computer and obtaining information (D)</p> Signup and view all the answers

What is the maximum imprisonment term for a second conviction of extortion involving computers under the CFAA?

<p>Ten years (B)</p> Signup and view all the answers

What is the punishment for fraudulently accessing part of an automated data processing system under Law 07-03?

<p>One to three months and a fine (D)</p> Signup and view all the answers

What does the ACK flag indicate in a network packet?

<p>It acknowledges the successful receipt of a packet. (C)</p> Signup and view all the answers

Which of the following statements is true regarding the FIN flag?

<p>It ends a connection after its transmission. (A)</p> Signup and view all the answers

What is Zenmap known for?

<p>It is the official Graphical User Interface (GUI) for Nmap. (D)</p> Signup and view all the answers

Which command is used for performing a scan with Nmap from within Metasploit?

<p>nmap -sS 192.168.1.5 (C)</p> Signup and view all the answers

What type of scanning technique is provided by the Metasploit framework?

<p>Nmap integration for compiling security reports. (B)</p> Signup and view all the answers

In the context of Metasploit, what is the TCP Port Scan auxiliary module used for?

<p>To scan open ports on a target. (B)</p> Signup and view all the answers

What functionality does the PSH flag provide?

<p>It indicates urgent data should be prioritized. (A)</p> Signup and view all the answers

Which of the following commands would initiate a ping sweep in Metasploit?

<p>auxiliary/scanner/icmp_ping (B)</p> Signup and view all the answers

What does receiving an RST packet in response to an empty TCP ACK packet indicate?

<p>The target host is active. (B)</p> Signup and view all the answers

Which Nmap command is used to perform a TCP ACK ping?

<p>nmap -sn -PA TargetIP (D)</p> Signup and view all the answers

What is the purpose of the UDP ping technique in host discovery?

<p>To check if the host is active based on UDP responses. (C)</p> Signup and view all the answers

What response is expected from the targeted host when an ICMP 'echo request' is sent?

<p>An ICMP 'echo reply' packet. (A)</p> Signup and view all the answers

What kind of packets are used in the IP Protocol Ping technique?

<p>Packets from different IP protocols such as ICMP, IGMP, TCP, or UDP. (C)</p> Signup and view all the answers

Which of the following commands would you use for an ICMP ping using Nmap?

<p>nmap -sn -PE TargetIP (C)</p> Signup and view all the answers

What type of errors might be returned if a target host is offline during a UDP ping?

<p>Host/network unreachable or TTL exceeded. (B)</p> Signup and view all the answers

Which statement about TCP ACK Ping is accurate?

<p>It uses an empty TCP ACK packet and expects an RST response. (A)</p> Signup and view all the answers

What protocol is used for remote desktop access?

<p>RDP (B)</p> Signup and view all the answers

Which protocol uses TCP port 445?

<p>SMB (B)</p> Signup and view all the answers

Which tool is specifically designed for service enumeration and includes modules for various services?

<p>Metasploit (D)</p> Signup and view all the answers

What is the default port for Microsoft's SQL Server protocol?

<p>1433 (B)</p> Signup and view all the answers

What syntax is used in Nmap for running a script against a specific port?

<p>Nmap -p --script (A)</p> Signup and view all the answers

On which UDP ports does NetBIOS operate?

<p>137 and 138 (D)</p> Signup and view all the answers

What does a NetBIOS name record type's 16th character represent?

<p>Reserved for service or name record type (B)</p> Signup and view all the answers

Nmap's Scripting Engine (NSE) is primarily used for which of the following?

<p>Extracting valuable service information (D)</p> Signup and view all the answers

Flashcards

Hacking

Getting into someone else's computer system without permission to find information or do something illegal.

Ethical Hacking

Using hacking techniques for defensive or protective purposes.

Penetration Testing

Simulating a cyberattack on a system, network, or application to find vulnerabilities.

Ethical Hacking vs. Penetration Testing

Ethical hacking scope is less defined and uses various attack vectors, while penetration testing has a defined scope and specific attack vectors.

Signup and view all the flashcards

Ethical Hacker Requirements

Detailed knowledge of Tactics, Techniques, and Procedures (TTPs) and security tools.

Signup and view all the flashcards

Penetration Testing Requirements

Sound knowledge of the specific system or area and strong report writing skills.

Signup and view all the flashcards

Importance of Ethical Hacking

Protecting organizations from hackers, identifying and assessing system vulnerabilities, and improving security.

Signup and view all the flashcards

Security Risks

Potential threats to a system's data or functioning.

Signup and view all the flashcards

Vulnerabilities

Weaknesses in a computer system or network that a hacker can exploit.

Signup and view all the flashcards

Security Posture

The overall security strength or resilience of a system or organization.

Signup and view all the flashcards

Tactics

Techniques used in attacking or defending a system.

Signup and view all the flashcards

Techniques

Specific methods for carrying out a tactic.

Signup and view all the flashcards

Procedures

Steps taken to perform a task.

Signup and view all the flashcards

TTPs

Tactics, Techniques and Procedures used in cyber-attacks.

Signup and view all the flashcards

System Hacking

Gaining unauthorized access to a computer system.

Signup and view all the flashcards

Network Hacking

Gaining unauthorized access to a computer network.

Signup and view all the flashcards

Information Gathering

Collecting data about a target network or system.

Signup and view all the flashcards

Scanning

Identifying active hosts and open ports on a network.

Signup and view all the flashcards

Enumeration

Gathering information about a system or network, such as user accounts and services.

Signup and view all the flashcards

Vulnerability Analysis

Identifying and analyzing weaknesses in a system.

Signup and view all the flashcards

CFAA Penalties

The Computer Fraud and Abuse Act (CFAA) outlines various criminal offenses related to computer systems and sets penalties for each offense, including prison sentences.

Signup and view all the flashcards

Moroccan Cybercrime Law

The law No. 07-03, aims to regulate cybercrime in Morocco, establishing legal frameworks for offenses related to information systems and data processing.

Signup and view all the flashcards

Unauthorized Access to Data System

Under Moroccan law, accessing all or part of an automated data processing system without authorization is a punishable offense.

Signup and view all the flashcards

Disrupting or Falsifying Data System

The act of intentionally disrupting or falsifying the operation of a data processing system in Morocco is considered a crime.

Signup and view all the flashcards

Data Modification or Deletion

Fraudulently introducing, deleting, or modifying data in a data processing system is a punishable offense under Moroccan law.

Signup and view all the flashcards

Penalties for Unauthorized Access

Accessing a data processing system without authorization in Morocco can lead to a prison sentence of one to three months and a fine.

Signup and view all the flashcards

Penalties for System Disruption

Intentionally disrupting or falsifying a data processing system in Morocco can result in a prison sentence of one to three years and a fine.

Signup and view all the flashcards

Penalties for Data Modification

Under Moroccan law, fraudulently modifying data in a data processing system can result in a prison sentence of one to three years and a fine.

Signup and view all the flashcards

ACK Flag

This flag acknowledges the successful receipt of a packet. It signifies that the receiver has received the data and is ready for the next packet.

Signup and view all the flashcards

FIN Flag

The FIN flag is used to terminate a TCP connection. Once both ends send FIN flags, the connection is closed and no further data can be exchanged.

Signup and view all the flashcards

URG Flag

The URG flag indicates that the data in the packet should be processed urgently. It's used for situations where immediate processing is required.

Signup and view all the flashcards

PSH Flag

This flag suggests to the receiver that the data in the packet should be immediately processed as it is received.

Signup and view all the flashcards

RST Flag

The RST flag is used to reset a TCP connection. It's used when a connection is in an unexpected state or needs to be restarted.

Signup and view all the flashcards

Metasploit Framework

An open-source framework used for penetration testing and comprehensive security audits. It offers tools and features for scanning networks, identifying vulnerabilities, and gathering information about systems.

Signup and view all the flashcards

Nmap

A popular network scanning tool used for discovering hosts, identifying open ports, and gathering information about networks.

Signup and view all the flashcards

Zenmap

The official graphical user interface (GUI) for Nmap. It provides a user-friendly way to interact with Nmap and analyze its results.

Signup and view all the flashcards

What is the NVD?

The National Vulnerability Database (NVD) is a US government-run repository of publicly known cybersecurity vulnerabilities. It collects and analyzes data from various sources to provide a comprehensive understanding of vulnerabilities.

Signup and view all the flashcards

What does the NVD do?

The NVD gathers information about vulnerabilities from different sources, categorizes them, and assigns unique identifiers (CVEs). It also provides information on how to mitigate or fix these vulnerabilities.

Signup and view all the flashcards

What is CWE?

The Common Weakness Enumeration (CWE) is a standardized list of common software and hardware weaknesses that could be exploited by attackers.

Signup and view all the flashcards

What is a vulnerability assessment?

A vulnerability assessment is a systematic process of identifying and evaluating security weaknesses in computer systems, networks, and applications.

Signup and view all the flashcards

Why are vulnerability assessments important?

Vulnerability assessments help organizations understand their security risks. By identifying weaknesses, organizations can take steps to protect themselves from cyberattacks.

Signup and view all the flashcards

What is TCP ACK Ping?

A host discovery technique where an attacker sends an empty TCP ACK packet to a target. If the host is active, it will respond with an RST (reset) packet to terminate the connection attempt.

Signup and view all the flashcards

What is UDP Ping?

A host discovery technique that sends UDP packets to a target host. A response indicates the host is active.

Signup and view all the flashcards

What is ICMP Ping?

A host discovery technique that sends an ICMP "echo request" to a target host. An "echo reply" signifies the host is active.

Signup and view all the flashcards

What is IP Protocol Ping?

A host discovery technique that sends packets using various IP protocols (ICMP, IGMP, TCP, UDP) to a target host. Any response indicates the host is active.

Signup and view all the flashcards

Empty TCP SYN Packet

A TCP packet sent without any data, used in host discovery techniques like TCP ACK Ping.

Signup and view all the flashcards

RST Packet

A TCP packet used to terminate a connection or reject an invalid connection attempt.

Signup and view all the flashcards

Nmap -sn

Nmap's command to perform host discovery without port scanning.

Signup and view all the flashcards

Nmap -PS

Nmap command for host discovery using TCP ACK Ping.

Signup and view all the flashcards

What is SNMP used for?

Simple Network Management Protocol (SNMP) is used for managing network devices, such as routers and switches. It allows administrators to monitor network performance, configure devices, and troubleshoot problems.

Signup and view all the flashcards

What does LDAP access?

Lightweight Directory Access Protocol (LDAP) is used to access and maintain directory information services over a network. It is used to store and manage information about users, computers, and other network resources.

Signup and view all the flashcards

What is SMB used for?

Server Message Block (SMB) is a protocol used for file sharing over a network. It allows users on different computers to access files and folders on a shared server.

Signup and view all the flashcards

What is the purpose of NFS?

Network File System (NFS) is a protocol used to mount file systems on a remote host over a network. It allows users on one computer to access files and folders on another computer as if they were on their own.

Signup and view all the flashcards

What is RDP used for?

Remote Desktop Protocol (RDP) is a protocol used for remote desktop access. It allows users to access and control a computer from a different location.

Signup and view all the flashcards

What is Nmap used for?

Nmap is a powerful tool used for network scanning and service enumeration. It allows you to identify hosts on a network, discover open ports, and gather information about services running on those ports.

Signup and view all the flashcards

How does Metasploit help with enumeration?

Metasploit is a powerful tool used for penetration testing, including service enumeration. It provides modules specifically designed to gather information about services, such as user accounts and credentials.

Signup and view all the flashcards

What is NetBIOS enumeration?

NetBIOS (Network Basic Input/Output System) enumeration involves gathering information about NetBIOS name tables, which provide information about network devices. It is used to identify devices on a LAN.

Signup and view all the flashcards

Vulnerability Assessment

A process to identify and analyze weaknesses in a system, network, or application that could be exploited by attackers.

Signup and view all the flashcards

Pre-Assessment Phase

The initial stage of a vulnerability assessment that focuses on preparing for the assessment by defining goals, identifying critical assets, and understanding the organization's infrastructure.

Signup and view all the flashcards

Post-Assessment Phase

The stage following the vulnerability assessment, focusing on taking action to fix identified vulnerabilities and monitoring progress.

Signup and view all the flashcards

Scope and Asset Identification

The process of defining the boundaries of the vulnerability assessment and identifying all assets within that scope.

Signup and view all the flashcards

Vulnerability Scan

A process of using automated tools to scan systems and networks for known vulnerabilities.

Signup and view all the flashcards

Risk Assessment

Evaluating the likelihood and impact of each vulnerability being exploited.

Signup and view all the flashcards

Remediation

The process of fixing or mitigating identified vulnerabilities.

Signup and view all the flashcards

Verification

Confirming that the remediation efforts were successful and vulnerabilities are no longer present.

Signup and view all the flashcards

Study Notes

Abdelmalek Essaadi University

  • Ethical Hacking course
  • GCyB - II
  • 2024-2025
  • Instructor: Youssef SBAYTRI

Ethical Hacking Topics

  • Introduction to hacking
  • Footprinting/Information gathering
  • Scanning and Enumeration
  • Vulnerability Analysis
  • Systems Hacking
  • Networks Hacking

What is Hacking?

  • The activity of getting into someone else's computer system without permission, to gain information or do illegal actions.
  • The use of unconventional or illicit means to gain unauthorized access to a digital device, computer system, or computer network.
  • Refers to unauthorized access to a system or network, often to exploit data or manipulate its normal behavior.
  • Identifying and exploiting weaknesses in a computer system or network, usually to gain unauthorized access to personal or organizational data.

What is Ethical Hacking ?

  • The use of hacking techniques for defensive or protective purposes.
  • Ethical hackers use their skills to test the security of computer systems, networks, or applications.
  • The term “ethical hacking” is usually used interchangeably with penetration testing.
  • Penetration testing (Pentesting) is the practice of simulating a cyber attack on a computer system, network, or application to identify vulnerabilities
  • Ethical hacking and penetration testing are legal as long as they are done with the permission and knowledge of the system owner.

Key Differences Between Ethical Hacking and Penetration Testing

  • Ethical Hacking: Less defined scope of work. Utilizes any attack vector to breach a system. Has visibility to organization's infrastructure. Not a requirement for compliance frameworks. Should have detailed knowledge of TTP (Tactics, Techniques, and Procedures) and various tools. No mandatory requirement to be an expert in report writing.
  • Penetration Testing: Well-defined scope of work. Attack vectors defined before testing. Limited/no information of organization's infrastructure. Required for some compliance frameworks. Requires sound knowledge of the dedicated domain. Comes with fool-proof report writing.

Why Ethical Hacking is Necessary

  • To prevent hackers from gaining access to an organization's systems and data.
  • To identify and assess vulnerabilities in systems in order to evaluate their potential security risks.
  • To provide adequate preventive measures to avoid security breaches.
  • To assess and harden the organization's security posture.
  • To enhance security awareness at all levels.

Required Skills of an Ethical Hacker

  • Profound familiarity with leading operating environments such as Windows, Linux, and MacOS
  • In-depth knowledge of networking concepts, technologies, and related hardware and software.
  • The knowledge of security areas and related issues.
  • Ability to quickly learn and adapt new technologies.
  • Strong work ethic and good problem-solving and communication skills
  • Commitment to an organization's security policies.
  • Awareness of local standards and laws.

Hacking Methodologies

  • Learning hacking methodologies and frameworks helps ethical hackers understand the different phases.
  • This course presents various hacking methodologies such as:
    • EC-Council CEH methodology
    • Cyber Kill Chain methodology
    • MITRE attack framework

CEH Hacking Methodology

  • Footprinting
  • Scanning
  • Enumeration
  • Vulnerability analysis
  • Gaining Access
  • Escalating privileges
  • Maintaining Access
  • Clearing Logs

Cyber Kill Chain Methodology

  • Reconnaissance
  • Gathering email addresses, personal information, etc.
  • Delivery
  • Delivering weaponized payload to the victim via email, USB, etc.
  • Weaponization
  • Coupling exploit with backdoor into deliverable payload
  • Exploitation
  • Exploiting a vulnerability
  • Installation
  • Installing malware on the asset
  • Actions on Objectives
  • Performing actions to achieve intended objectives
  • Command & Control (C2)
  • Command channel for remote manipulation of victim

MITRE ATT&CK Framework

  • A globally accessible knowledge base of adversary tactics and techniques based on real-world observations.
  • Comprises three collections of tactics and techniques (Enterprise, Mobile, and ICS).

Laws and Regulations

  • Laws are a system of rules and guidelines that are enforced by a country/community.
  • Ethical hacking involves probing systems.
  • Understanding relevant laws, cybersecurity regulations (e.g., PCI-DSS, HIPAA), and industry standards ensures compliance and credibility. (Additional subsections on specific cyber laws are also included).

Footprinting and Reconnaissance

  • Collecting maximum information about a target organization including infrastructure, assets, and personnel.
  • Passive Footprinting: Collecting information without direct interaction.
  • Active Footprinting: Collecting information with direct interaction.

Types of gathered information

  • Organization information (employee details, phone numbers, locations)
  • Network information (domain names, networks, IP addresses of systems)
  • System information (OS, location of servers, email addresses, usernames, passwords)

Footprinting Techniques

  • Through Search Engines

    • Google Dorking
    • Advanced Operators
    • Exploit Databases
  • Through Web Services

  • Website Footprinting

  • Email Footprinting

  • Whois and DNS Footprinting

  • Social Engineering

  • Eavesdropping, Shoulder Surfing, Dumpster Diving, Impersonation

OSINT Framework

  • An open-source intelligence gathering framework.
  • Focused on collecting information from free tools or resources.
  • Lists various tools arranged by category.

Footprinting Countermeasures

  • Security Training
  • Password Policies
  • Secure Data Handling
  • Removing ex-employees and accounts
  • Internet Registrar Sanitation
  • Blocking External Access
  • Monitoring

Vulnerability Analysis

  • Introduction to vulnerabilities (weaknesses)
  • Classification of vulnerabilities (misconfigurations, application flaws, outdated software, design flaws, etc.)
  • Vulnerability research methods
  • Vulnerability Scoring systems and Databases (e.g., CVSS)

Vulnerability Assessment

  • Vulnerability Assessment process stages (pre-assessment, assessment, post-assessment)
  • Types of Vulnerability Assessment (Active, Passive, External, Internal, etc.)
  • Vulnerabilities Assessment tools

Network Hacking

  • Network sniffing
  • MAC flooding
  • DHCP attacks
  • ARP Spoofing Attacks
  • DNS Posioning
  • Proxy Server DNS poisoning

Wireless Networks

  • Wireless concepts
    • Wireless encryption
    • Wireless threats
      • Access Control
      • Integrity
      • Confidentiality
      • Availability
  • Wireless hacking methodology
  • Wireless hacking tools
  • Wireless hacking countermeasures

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Related Documents

Ethical Hacking 2024-2025 PDF

Description

This quiz covers the essential topics from the Ethical Hacking course at Abdelmalek Essaadi University for the academic year 2024-2025. It includes questions on hacking fundamentals, vulnerability analysis, and techniques used by ethical hackers. Assess your knowledge on protecting systems and networks from unauthorized access.

More Like This

Ethical Hacking Overview Quiz
14 questions
Ethical Hacking Principles
74 questions
Use Quizgecko on...
Browser
Browser