Basics of Ethical Hacking Training

Basic Ethical hacking trainingHacking is a very common word now a day. Every other day we have attacks on the cyber space. According to studies, there is one cyber crime in India every 10 minutes. Ethical hacking is a concept where the Ethical Hacker (Security professionals) performs penetration testing to find out the vulnerabilities and patch them before any black hat hacker exploit it. CEH V9 Training of EC Council is the best certification to learn Ethical Hacking.

Terms of Ethical Hacking

This is Specific terms which are use in Ethical Hacking Training :

  • Hack Value
  • Vulnerability
  • Exploit
  • Payload
  • Zero Day Attack
  • Daisy Chaining

Elements of Information Security

Confidentiality, Integrity, Availability, Authenticity, Non-Repudiation

The level of security in any system can be defined by the strength of three components

Security(Restriction), Functionality(Features), Usability(GUI)

How does an Information Security attack happen?

Attack=Goal+Method+Vulnerability

 

Different Category of Information Security Threats

NETWORK THREATS: Information Gathering, Sniffing and Eavesdropping, Spoofing, DOS, Password Based Attack, ARP Poisoning etc.

HOST THREATS: Foot printing, Malware Attack, Unauthorized Access, DOS Attack, Privilege Escalation.

APPLICATION THREAT: Input Validation, Security Misconfiguration, Buffer Overflow, Cryptography Attack.

 

What is Hacking: It is the process of finding out the system vulnerabilities and then exploiting them by getting unauthorized access to the system resources.

 Hacker Class

  • White Hat
  • Black Hat
  • Grey Hat
  • Suicide Hackers
  • Script Kiddies
  • Cyber terrorists
  • State sponsored Hackers
  • Hacktivist

 

Other Article related to Hacking Training –  

 

Hacking Phases:

1.RECONNAISSANCE: It’s the preparatory phase also known as Information gathering about the target network before launching an attack.

Types

Active and Passive

2.SCANNING: Attacker scans the networks of the target on the basis of information gathered in Reconnaissance phase using the port scanner, ping tools and try to get information about the live system details etc.

3.GAINING ACCESS: Attacker can gain access at operating system, network or application level using open ports, session hijacking, password cracking etc.

4.MAINTAINING ACCESS: In this phase, attacker tries to retain his ownership in system by using back doors, rootkits, Trojans.

5.CLEARING TRACKS: In this phase cover the tracks to hide his identity.

Types of Security Policy

  • Promiscuous Policy
  • Permissive Policy
  • Prudent Policy
  • Paranoid Policy

 

Penetration Testing

Penetration Testing Training  is the method of evaluating the security of an information system or any network by simulating an attack to find out vulnerabilities that an attacker could exploit.

Types

White Box, Black Box, Grey Box

Phases of Penetration Testing

PRE ATTACK PHASE: Planning and Preparation, Methodology Designing, Network Information Gathering

ATTACK PHASE: PenetratingPerimeter, acquiring target, escalating privilege, execution, implantation, retracting

POST-ATTACKPHASE: Reporting, CleanUp, Artefact destruction

Security Testing Methodology

  • OWASP
  • OSSTMM
  • ISSAF
  • EC Council LPT Methodology

Information Security Standards

  • PCI DSS
  • HIPPA
  • ISO 27001:2013
  • SOX

About

Codec Networks provides IT Trainings from EC Council CEH ECSA, LPT, CHFI, Network Security, Penetration Testing, ISACA, ISC2, PECB ISO 27001LA LI, Cisco Networking CCNA CCNP, Linux Administration RHCE, Prog Languages JAVA, Advanced Java, android development. We also offer B2B Industry Solutions and Services in IT | Information|Cyber Security in Delhi NCR India.

View all posts by