Certified Ethical Hacker

Kimberly Graves
 Course Overview
• Chapter 1: Introduction to Ethical Hacking,
Ethics, and Legality
• Chapter 2: Gathering Target Information:
Reconnaissance, Footprinting, and Social
Engineering
• Chapter 3: Gathering Network and Host
Information: Scanning and Enumeration
• Chapter 4: System Hacking: Password
Cracking, Escalating Privileges, and Hiding Files
• Chapter 5: Trojans, Backdoors, Viruses, and
Worms

2
 Course Overview (cont.)
• Chapter 6: Gathering Data from Networks:
Sniffers
• Chapter 7: Denial of Service and Session
Hijacking
• Chapter 8: Web Hacking: Google, Web
Servers, Web Application Vulnerabilities, and
Web-Based Password Cracking Techniques
• Chapter 9: Attacking Applications: SQL
Injection and Buffer Overflows
• Chapter 10: Wireless Network Hacking

3
 Course Overview (cont.)
• Chapter 11: Physical Security
• Chapter 12: Hacking Linux Systems
• Chapter 13: Bypassing Network Security:
Evading IDSs, Honeypots, and Firewalls
• Chapter 14: Cryptography
• Chapter 15: Performing a Penetration Test

4
 Student Introduction
• Name
• Company / Organization
• Job Position / Title
• Security Related Experience

5
Introduction to CEH Exam
• Multiple Choice Exam
– 150 Questions
– 4 Hours
• Eligibility requirements
• Register at www.eccouncil.org

6
 Chapter 1: Introduction to Ethical
Hacking, Ethics, and Legality
• Understand ethical hacking terminology
• Define the Job role of an ethical hacker
• Understand the different phases involved in ethical
hacking
• Identify different types of hacking technologies
• List the five stages of ethical hacking
• What is hacktivism?
• List different types of hacker classes
• Define the skills required to become an ethical hacker
• What is vulnerability research?
• Describe the ways of conducting ethical hacking
• Understand the legal implications of hacking
• Understand 18 USC §1030 US federal law

7
 Types of Hackers
• Hackers can be divided into three
groups:
– White Hats - Good guys, ethical
hackers
– Black Hats - Bad guys, malicious
hackers
– Gray Hats - Good or bad hacker;
depends on the situation

8
Basic elements of Security
• Confidentiality
• Authenticity
• Integrity
• Availability

9
Types of Attacks

10
Security vs. Usability

11
Security Audit Steps

12
5 step Hacking Cycle

13
 Hacker Terminology
• Threat - An environment or situation that
could lead to a potential breach of security.
• Exploit - A piece of software or technology
that takes advantage of a bug, glitch, or
vulnerability, leading to unauthorized access,
privilege escalation, or denial of service on a
computer system.
• Vulnerability - The existence of a software
flaw, logic design, or implementation error
that can lead to an unexpected and
undesirable event executing bad or damaging
instructions to the system.

14
Hacker Terminology (cont.)
• Target of Evaluation (TOE) - A system,
program, or network that is the subject of a
security analysis or attack.
• Attack - An attack occurs when a system is
compromised based on a vulnerability..

15
 Types of Testing
• Black Box - Black-box testing involves
performing a security evaluation and testing
with no prior knowledge of the network
infrastructure or system to be tested.
• White Box - White-box testing involves
performing a security evaluation and testing
with complete knowledge of the network
infrastructure such as a network administrator
would have.
• Gray Box - Gray-box testing involves
performing a security evaluation and testing
internally.

16
 Pen Testing
• Gain authorization from the client and have a
signed contract giving the tester permission to
perform the test.
• Maintain and follow a nondisclosure
agreement (NDA) with the client in the case of
confidential information disclosed during the
test.
• Maintain confidentiality when performing the
test. Information gathered may contain
sensitive information
• Perform the test up to but not beyond the
agreed-upon limits.

17
 Performing a Security Evaluation
• Preparation - This phase involves a formal
agreement between the ethical hacker and
the organization.
• Conduct Security Evaluation - During this
phase, the tests are conducted, after which
the tester prepares a formal report of
vulnerabilities and other findings.
• Conclusion - The findings are presented to the
organization in this phase, along with any
recommendations to improve security.

18
 Legal Issues
• Cyber Security Enhancement Act and SPY ACT
- mandates life sentences for hackers who
“recklessly” endanger the lives of others.
• 18 USC §1029 and 1030 –
– Title 18 details “Crimes and Criminal
Procedure.” Section 1029, “Fraud and
related activity in connection with access
devices”.
– Section 1030, “Fraud and related activity in
connection with computers,” prohibits
accessing protected computers without
permission and causing damage.

19