Ethical Hacking Course GCyB - II

Questions and Answers

What is the primary goal of the pre-assessment phase in vulnerability management?

• To monitor systems continuously
• To create a baseline for vulnerability management (correct)
• To conduct a vulnerability scan
• To implement remediation strategies

Which step is NOT included in creating a baseline during the pre-assessment phase?

• Prioritize critical assets
• Identify business processes
• Conduct penetration testing (correct)
• Understand network architecture

What is one of the tasks involved in the pre-assessment phase?

• Performing vulnerability scans
• Identifying controls already in place (correct)
• Verifying the assessment results
• Remediation of vulnerabilities

In which phase do organizations typically identify vulnerabilities in their infrastructure?

Vulnerability assessment phase (B)

What should be prioritized when creating an inventory of all assets during the pre-assessment phase?

Prioritize critical assets (A)

What is a key aspect of understanding before defining the scope of the assessment?

Network architecture and infrastructure (B)

What is accomplished during the risk assessment post the vulnerability assessment phase?

Analysis of identified vulnerabilities (B)

During the pre-assessment phase, what type of documents or procedures are designed?

Information protection procedures (D)

What is the primary role of NVD staff in relation to CVEs?

To aggregate data points from various sources (D)

What is the purpose of the Common Weakness Enumeration (CWE)?

To categorize software and hardware vulnerabilities (B)

Which of the following best describes a vulnerability assessment?

A systematic process for identifying and evaluating security vulnerabilities (D)

Who provides the information that NVD relies on for CVE attributes?

Vendors, third party security researchers, and vulnerability coordinators (D)

What is one of the main goals of conducting a vulnerability assessment?

To identify weaknesses before they are exploited (B)

What is the maximum prison sentence for a first conviction of obtaining national security information under the CFAA?

Up to ten years (D)

What penalty is specified for intentionally disrupting the operation of an automated data processing system under Law 07-03?

One to three years of imprisonment (D)

Under the CFAA, how long can a second conviction for accessing a computer to defraud and obtain value result in imprisonment?

Up to ten years (B)

Which of the following acts is punishable by a maximum fine of 200,000 dirhams under Law 07-03?

Fraudulently introducing data into a system (A)

What is the penalty for trafficking in passwords under the CFAA for a first conviction?

Up to one year (B)

Which of the following actions is punishable by a minimum of one year under the CFAA?

Accessing a computer and obtaining information (D)

What is the maximum imprisonment term for a second conviction of extortion involving computers under the CFAA?

Ten years (B)

What is the punishment for fraudulently accessing part of an automated data processing system under Law 07-03?

One to three months and a fine (D)

What does the ACK flag indicate in a network packet?

It acknowledges the successful receipt of a packet. (C)

Which of the following statements is true regarding the FIN flag?

It ends a connection after its transmission. (A)

What is Zenmap known for?

It is the official Graphical User Interface (GUI) for Nmap. (D)

Which command is used for performing a scan with Nmap from within Metasploit?

nmap -sS 192.168.1.5 (C)

What type of scanning technique is provided by the Metasploit framework?

Nmap integration for compiling security reports. (B)

In the context of Metasploit, what is the TCP Port Scan auxiliary module used for?

To scan open ports on a target. (B)

What functionality does the PSH flag provide?

It indicates urgent data should be prioritized. (A)

Which of the following commands would initiate a ping sweep in Metasploit?

auxiliary/scanner/icmp_ping (B)

What does receiving an RST packet in response to an empty TCP ACK packet indicate?

The target host is active. (B)

Which Nmap command is used to perform a TCP ACK ping?

nmap -sn -PA TargetIP (D)

What is the purpose of the UDP ping technique in host discovery?

To check if the host is active based on UDP responses. (C)

What response is expected from the targeted host when an ICMP 'echo request' is sent?

An ICMP 'echo reply' packet. (A)

What kind of packets are used in the IP Protocol Ping technique?

Packets from different IP protocols such as ICMP, IGMP, TCP, or UDP. (C)

Which of the following commands would you use for an ICMP ping using Nmap?

nmap -sn -PE TargetIP (C)

What type of errors might be returned if a target host is offline during a UDP ping?

Host/network unreachable or TTL exceeded. (B)

Which statement about TCP ACK Ping is accurate?

It uses an empty TCP ACK packet and expects an RST response. (A)

What protocol is used for remote desktop access?

RDP (B)

Which protocol uses TCP port 445?

SMB (B)

Which tool is specifically designed for service enumeration and includes modules for various services?

Metasploit (D)

What is the default port for Microsoft's SQL Server protocol?

1433 (B)

What syntax is used in Nmap for running a script against a specific port?

Nmap -p --script (A)

On which UDP ports does NetBIOS operate?

137 and 138 (D)

What does a NetBIOS name record type's 16th character represent?

Reserved for service or name record type (B)

Nmap's Scripting Engine (NSE) is primarily used for which of the following?

Extracting valuable service information (D)

Flashcards

Hacking

Getting into someone else's computer system without permission to find information or do something illegal.

Ethical Hacking

Using hacking techniques for defensive or protective purposes.

Penetration Testing

Simulating a cyberattack on a system, network, or application to find vulnerabilities.

Ethical Hacking vs. Penetration Testing

Ethical hacking scope is less defined and uses various attack vectors, while penetration testing has a defined scope and specific attack vectors.

Ethical Hacker Requirements

Detailed knowledge of Tactics, Techniques, and Procedures (TTPs) and security tools.

Penetration Testing Requirements

Sound knowledge of the specific system or area and strong report writing skills.

Importance of Ethical Hacking

Protecting organizations from hackers, identifying and assessing system vulnerabilities, and improving security.

Security Risks

Potential threats to a system's data or functioning.

Vulnerabilities

Weaknesses in a computer system or network that a hacker can exploit.

Security Posture

The overall security strength or resilience of a system or organization.

Tactics

Techniques used in attacking or defending a system.

Techniques

Specific methods for carrying out a tactic.

Procedures

Steps taken to perform a task.

TTPs

Tactics, Techniques and Procedures used in cyber-attacks.

System Hacking

Gaining unauthorized access to a computer system.

Network Hacking

Gaining unauthorized access to a computer network.

Information Gathering

Collecting data about a target network or system.

Scanning

Identifying active hosts and open ports on a network.

Enumeration

Gathering information about a system or network, such as user accounts and services.

Vulnerability Analysis

Identifying and analyzing weaknesses in a system.

CFAA Penalties

The Computer Fraud and Abuse Act (CFAA) outlines various criminal offenses related to computer systems and sets penalties for each offense, including prison sentences.

Moroccan Cybercrime Law

The law No. 07-03, aims to regulate cybercrime in Morocco, establishing legal frameworks for offenses related to information systems and data processing.

Unauthorized Access to Data System

Under Moroccan law, accessing all or part of an automated data processing system without authorization is a punishable offense.

Disrupting or Falsifying Data System

The act of intentionally disrupting or falsifying the operation of a data processing system in Morocco is considered a crime.

Data Modification or Deletion

Fraudulently introducing, deleting, or modifying data in a data processing system is a punishable offense under Moroccan law.

Penalties for Unauthorized Access

Accessing a data processing system without authorization in Morocco can lead to a prison sentence of one to three months and a fine.

Penalties for System Disruption

Intentionally disrupting or falsifying a data processing system in Morocco can result in a prison sentence of one to three years and a fine.

Penalties for Data Modification

Under Moroccan law, fraudulently modifying data in a data processing system can result in a prison sentence of one to three years and a fine.

ACK Flag

This flag acknowledges the successful receipt of a packet. It signifies that the receiver has received the data and is ready for the next packet.

FIN Flag

The FIN flag is used to terminate a TCP connection. Once both ends send FIN flags, the connection is closed and no further data can be exchanged.

URG Flag

The URG flag indicates that the data in the packet should be processed urgently. It's used for situations where immediate processing is required.

PSH Flag

This flag suggests to the receiver that the data in the packet should be immediately processed as it is received.

RST Flag

The RST flag is used to reset a TCP connection. It's used when a connection is in an unexpected state or needs to be restarted.

Metasploit Framework

An open-source framework used for penetration testing and comprehensive security audits. It offers tools and features for scanning networks, identifying vulnerabilities, and gathering information about systems.

Nmap

A popular network scanning tool used for discovering hosts, identifying open ports, and gathering information about networks.

Zenmap

The official graphical user interface (GUI) for Nmap. It provides a user-friendly way to interact with Nmap and analyze its results.

What is the NVD?

The National Vulnerability Database (NVD) is a US government-run repository of publicly known cybersecurity vulnerabilities. It collects and analyzes data from various sources to provide a comprehensive understanding of vulnerabilities.

What does the NVD do?

The NVD gathers information about vulnerabilities from different sources, categorizes them, and assigns unique identifiers (CVEs). It also provides information on how to mitigate or fix these vulnerabilities.

What is CWE?

The Common Weakness Enumeration (CWE) is a standardized list of common software and hardware weaknesses that could be exploited by attackers.

What is a vulnerability assessment?

A vulnerability assessment is a systematic process of identifying and evaluating security weaknesses in computer systems, networks, and applications.

Why are vulnerability assessments important?

Vulnerability assessments help organizations understand their security risks. By identifying weaknesses, organizations can take steps to protect themselves from cyberattacks.

What is TCP ACK Ping?

A host discovery technique where an attacker sends an empty TCP ACK packet to a target. If the host is active, it will respond with an RST (reset) packet to terminate the connection attempt.

What is UDP Ping?

A host discovery technique that sends UDP packets to a target host. A response indicates the host is active.

What is ICMP Ping?

A host discovery technique that sends an ICMP "echo request" to a target host. An "echo reply" signifies the host is active.

What is IP Protocol Ping?

A host discovery technique that sends packets using various IP protocols (ICMP, IGMP, TCP, UDP) to a target host. Any response indicates the host is active.

Empty TCP SYN Packet

A TCP packet sent without any data, used in host discovery techniques like TCP ACK Ping.

RST Packet

A TCP packet used to terminate a connection or reject an invalid connection attempt.

Nmap -sn

Nmap's command to perform host discovery without port scanning.

Nmap -PS

Nmap command for host discovery using TCP ACK Ping.

What is SNMP used for?

Simple Network Management Protocol (SNMP) is used for managing network devices, such as routers and switches. It allows administrators to monitor network performance, configure devices, and troubleshoot problems.

What does LDAP access?

Lightweight Directory Access Protocol (LDAP) is used to access and maintain directory information services over a network. It is used to store and manage information about users, computers, and other network resources.

What is SMB used for?

Server Message Block (SMB) is a protocol used for file sharing over a network. It allows users on different computers to access files and folders on a shared server.

What is the purpose of NFS?

Network File System (NFS) is a protocol used to mount file systems on a remote host over a network. It allows users on one computer to access files and folders on another computer as if they were on their own.

What is RDP used for?

Remote Desktop Protocol (RDP) is a protocol used for remote desktop access. It allows users to access and control a computer from a different location.

What is Nmap used for?

Nmap is a powerful tool used for network scanning and service enumeration. It allows you to identify hosts on a network, discover open ports, and gather information about services running on those ports.

How does Metasploit help with enumeration?

Metasploit is a powerful tool used for penetration testing, including service enumeration. It provides modules specifically designed to gather information about services, such as user accounts and credentials.

What is NetBIOS enumeration?

NetBIOS (Network Basic Input/Output System) enumeration involves gathering information about NetBIOS name tables, which provide information about network devices. It is used to identify devices on a LAN.

Vulnerability Assessment

A process to identify and analyze weaknesses in a system, network, or application that could be exploited by attackers.

Pre-Assessment Phase

The initial stage of a vulnerability assessment that focuses on preparing for the assessment by defining goals, identifying critical assets, and understanding the organization's infrastructure.

Post-Assessment Phase

The stage following the vulnerability assessment, focusing on taking action to fix identified vulnerabilities and monitoring progress.

Scope and Asset Identification

The process of defining the boundaries of the vulnerability assessment and identifying all assets within that scope.

Vulnerability Scan

A process of using automated tools to scan systems and networks for known vulnerabilities.

Risk Assessment

Evaluating the likelihood and impact of each vulnerability being exploited.

Remediation

The process of fixing or mitigating identified vulnerabilities.

Verification

Confirming that the remediation efforts were successful and vulnerabilities are no longer present.

Study Notes

Abdelmalek Essaadi University

• Ethical Hacking course
• GCyB - II
• 2024-2025
• Instructor: Youssef SBAYTRI

Ethical Hacking Topics

• Introduction to hacking
• Footprinting/Information gathering
• Scanning and Enumeration
• Vulnerability Analysis
• Systems Hacking
• Networks Hacking

What is Hacking?

• The activity of getting into someone else's computer system without permission, to gain information or do illegal actions.
• The use of unconventional or illicit means to gain unauthorized access to a digital device, computer system, or computer network.
• Refers to unauthorized access to a system or network, often to exploit data or manipulate its normal behavior.
• Identifying and exploiting weaknesses in a computer system or network, usually to gain unauthorized access to personal or organizational data.

What is Ethical Hacking ?

• The use of hacking techniques for defensive or protective purposes.
• Ethical hackers use their skills to test the security of computer systems, networks, or applications.
• The term “ethical hacking” is usually used interchangeably with penetration testing.
• Penetration testing (Pentesting) is the practice of simulating a cyber attack on a computer system, network, or application to identify vulnerabilities
• Ethical hacking and penetration testing are legal as long as they are done with the permission and knowledge of the system owner.

Key Differences Between Ethical Hacking and Penetration Testing

• Ethical Hacking: Less defined scope of work. Utilizes any attack vector to breach a system. Has visibility to organization's infrastructure. Not a requirement for compliance frameworks. Should have detailed knowledge of TTP (Tactics, Techniques, and Procedures) and various tools. No mandatory requirement to be an expert in report writing.
• Penetration Testing: Well-defined scope of work. Attack vectors defined before testing. Limited/no information of organization's infrastructure. Required for some compliance frameworks. Requires sound knowledge of the dedicated domain. Comes with fool-proof report writing.

Why Ethical Hacking is Necessary

• To prevent hackers from gaining access to an organization's systems and data.
• To identify and assess vulnerabilities in systems in order to evaluate their potential security risks.
• To provide adequate preventive measures to avoid security breaches.
• To assess and harden the organization's security posture.
• To enhance security awareness at all levels.

Required Skills of an Ethical Hacker

• Profound familiarity with leading operating environments such as Windows, Linux, and MacOS
• In-depth knowledge of networking concepts, technologies, and related hardware and software.
• The knowledge of security areas and related issues.
• Ability to quickly learn and adapt new technologies.
• Strong work ethic and good problem-solving and communication skills
• Commitment to an organization's security policies.
• Awareness of local standards and laws.

Hacking Methodologies

• Learning hacking methodologies and frameworks helps ethical hackers understand the different phases.
• This course presents various hacking methodologies such as:
  • EC-Council CEH methodology
  • Cyber Kill Chain methodology
  • MITRE attack framework

CEH Hacking Methodology

• Footprinting
• Scanning
• Enumeration
• Vulnerability analysis
• Gaining Access
• Escalating privileges
• Maintaining Access
• Clearing Logs

Cyber Kill Chain Methodology

• Reconnaissance
• Gathering email addresses, personal information, etc.
• Delivery
• Delivering weaponized payload to the victim via email, USB, etc.
• Weaponization
• Coupling exploit with backdoor into deliverable payload
• Exploitation
• Exploiting a vulnerability
• Installation
• Installing malware on the asset
• Actions on Objectives
• Performing actions to achieve intended objectives
• Command & Control (C2)
• Command channel for remote manipulation of victim

MITRE ATT&CK Framework

• A globally accessible knowledge base of adversary tactics and techniques based on real-world observations.
• Comprises three collections of tactics and techniques (Enterprise, Mobile, and ICS).

Laws and Regulations

• Laws are a system of rules and guidelines that are enforced by a country/community.
• Ethical hacking involves probing systems.
• Understanding relevant laws, cybersecurity regulations (e.g., PCI-DSS, HIPAA), and industry standards ensures compliance and credibility. (Additional subsections on specific cyber laws are also included).

Footprinting and Reconnaissance

• Collecting maximum information about a target organization including infrastructure, assets, and personnel.
• Passive Footprinting: Collecting information without direct interaction.
• Active Footprinting: Collecting information with direct interaction.

Types of gathered information

• Organization information (employee details, phone numbers, locations)
• Network information (domain names, networks, IP addresses of systems)
• System information (OS, location of servers, email addresses, usernames, passwords)

Footprinting Techniques

• Through Search Engines

  • Google Dorking
  • Advanced Operators
  • Exploit Databases

• Through Web Services

• Website Footprinting

• Email Footprinting

• Whois and DNS Footprinting

• Social Engineering

• Eavesdropping, Shoulder Surfing, Dumpster Diving, Impersonation

OSINT Framework

• An open-source intelligence gathering framework.
• Focused on collecting information from free tools or resources.
• Lists various tools arranged by category.

Footprinting Countermeasures

• Security Training
• Password Policies
• Secure Data Handling
• Removing ex-employees and accounts
• Internet Registrar Sanitation
• Blocking External Access
• Monitoring

Vulnerability Analysis

• Introduction to vulnerabilities (weaknesses)
• Classification of vulnerabilities (misconfigurations, application flaws, outdated software, design flaws, etc.)
• Vulnerability research methods
• Vulnerability Scoring systems and Databases (e.g., CVSS)

Vulnerability Assessment

• Vulnerability Assessment process stages (pre-assessment, assessment, post-assessment)
• Types of Vulnerability Assessment (Active, Passive, External, Internal, etc.)
• Vulnerabilities Assessment tools

Network Hacking

• Network sniffing
• MAC flooding
• DHCP attacks
• ARP Spoofing Attacks
• DNS Posioning
• Proxy Server DNS poisoning

Wireless Networks

• Wireless concepts
  • Wireless encryption
  • Wireless threats
    • Access Control
    • Integrity
    • Confidentiality
    • Availability
• Wireless hacking methodology
• Wireless hacking tools
• Wireless hacking countermeasures

Description

This quiz covers the essential topics from the Ethical Hacking course at Abdelmalek Essaadi University for the academic year 2024-2025. It includes questions on hacking fundamentals, vulnerability analysis, and techniques used by ethical hackers. Assess your knowledge on protecting systems and networks from unauthorized access.