Hacking is a very common word now a day. Every other day we have attacks on the cyber space. According to studies, there is one cyber crime in India every 10 minutes. Ethical hacking is a concept where the Ethical Hacker (Security professionals) performs penetration testing to find out the vulnerabilities and patch them before any black hat hacker exploit it. CEH V9 Training of EC Council is the best certification to learn Ethical Hacking.
Terms of Ethical Hacking
This is Specific terms which are use in Ethical Hacking Training :
- Hack Value
- Zero Day Attack
- Daisy Chaining
Elements of Information Security
Confidentiality, Integrity, Availability, Authenticity, Non-Repudiation
The level of security in any system can be defined by the strength of three components
Security(Restriction), Functionality(Features), Usability(GUI)
How does an Information Security attack happen?
Different Category of Information Security Threats
NETWORK THREATS: Information Gathering, Sniffing and Eavesdropping, Spoofing, DOS, Password Based Attack, ARP Poisoning etc.
HOST THREATS: Foot printing, Malware Attack, Unauthorized Access, DOS Attack, Privilege Escalation.
APPLICATION THREAT: Input Validation, Security Misconfiguration, Buffer Overflow, Cryptography Attack.
What is Hacking: It is the process of finding out the system vulnerabilities and then exploiting them by getting unauthorized access to the system resources.
- White Hat
- Black Hat
- Grey Hat
- Suicide Hackers
- Script Kiddies
- Cyber terrorists
- State sponsored Hackers
Other Article related to Hacking Training –
- HOW TO HACK WIRELESS NETWORKS?
- MOBILE HACKING — HOW TO HACK AN ANDROID PHONE?
- MAN IN THE MIDDLE ATTACK (GET LOGIN CREDENTIALS OF ADMIN PANEL OF WEBSITE)
- BURP-SUITE IN CEH V9 TRAINING
1.RECONNAISSANCE: It’s the preparatory phase also known as Information gathering about the target network before launching an attack.
Active and Passive
2.SCANNING: Attacker scans the networks of the target on the basis of information gathered in Reconnaissance phase using the port scanner, ping tools and try to get information about the live system details etc.
3.GAINING ACCESS: Attacker can gain access at operating system, network or application level using open ports, session hijacking, password cracking etc.
4.MAINTAINING ACCESS: In this phase, attacker tries to retain his ownership in system by using back doors, rootkits, Trojans.
5.CLEARING TRACKS: In this phase cover the tracks to hide his identity.
Types of Security Policy
- Promiscuous Policy
- Permissive Policy
- Prudent Policy
- Paranoid Policy
Penetration Testing Training is the method of evaluating the security of an information system or any network by simulating an attack to find out vulnerabilities that an attacker could exploit.
White Box, Black Box, Grey Box
Phases of Penetration Testing
PRE ATTACK PHASE: Planning and Preparation, Methodology Designing, Network Information Gathering
ATTACK PHASE: PenetratingPerimeter, acquiring target, escalating privilege, execution, implantation, retracting
POST-ATTACKPHASE: Reporting, CleanUp, Artefact destruction
Security Testing Methodology
- EC Council LPT Methodology
Information Security Standards
- PCI DSS
- ISO 27001:2013