ch 1

MODULE 01

Mirror Modifications

  • Mirror mod.mirror

  • Irroct mirror

  • Sierror in object

  • Marc mirror

Introduction to Ethical Hacking

  • Object to mirrormod.mirroror

  • Mirrormod = modifierob.

  • Mirror object to mirror

Operations

  • If Operation == "MIRROR_X":

    • irrormod.usex = True

    • irrormod.usey = False

    • mirrormod.usez = False

    • operation == "MIRROR"

LEARNING OBJECTIVES

  • LO#01: Explain Information Security Concepts

  • LO#02: Explain Hacking Methodologies and Frameworks

  • LO#03: Explain Hacking Concepts and Different Hacker Classes

  • LO#04: Explain Ethical Hacking Concepts and Scope

  • LO#05: Summarize the Techniques used in Information Security Controls

  • LO#06: Explain the Importance of Applicable Security Laws and Standards

LO#01: Explain Information Security Concepts

Elements of Information Security

  • Information security is defined as a state of well-being of information and infrastructure.

  • Main aspects include:

    • Confidentiality: Assurance that information is accessible only to those authorized.

    • Integrity: Trustworthiness of data or resources to prevent unauthorized changes.

    • Availability: Assurance that systems delivering, storing, and processing information are accessible when required.

    • Authenticity: Characteristic that ensures quality of being genuine.

    • Non-Repudiation: Guarantee that a sender cannot deny having sent a message, and the recipient cannot deny having received it.

Motives, Goals, and Objectives of Information Security Attacks

  • Formula: Attacks = Motive (Goal) + Method + Vulnerability

  • §Motive: Originates from the belief that the target system holds valuable data. This leads to threats against the system.

  • Common Motives:

    • Disrupting business continuity

    • Stealing and manipulating data

    • Creating chaos by disrupting critical infrastructures

    • Causing financial loss to targets

    • Promoting religious or political beliefs

    • Military objectives

    • Damaging reputations

    • Revenge

    • Demanding ransom

Classification of Attacks

  • Types of Attacks:

    • Passive Attacks: Do not interfere with data but involve intercepting and monitoring traffic (e.g., sniffing, eavesdropping).

    • Active Attacks: Manipulate data in transit or disrupt communication (e.g., DoS, Man-in-the-Middle).

    • Close-in Attacks: Conducted near the target system (e.g., eavesdropping, shoulder surfing).

    • Insider Attacks: Use of privileged access to harm the organization (e.g., theft of devices, installing malware).

    • Distribution Attacks: Tampering with hardware/software before installation.

Information Warfare

  • InfoWar: The use of information and communication technologies (ICT) to gain advantages over opponents.

    • Offensive Warfare: Involves attacks against opponent’s ICT.

    • Defensive Information Warfare: Strategies to defend against attacks.

LO#02: Explain Hacking Methodologies and Frameworks

CEH Hacking Methodology (CHM)

  • Key Stages:

    • Footprinting

    • Scanning

    • Enumeration

    • Gaining Access

    • Cracking Passwords

    • Vulnerability Exploitation

    • Escalating Privileges

    • Maintaining Access

    • Executing Applications

    • Hiding Files

    • Clearing Logs

    • Covering Tracks

Cyber Kill Chain Methodology

  • Purpose: Intelligence-driven defense tool for preventing intrusions.

  • Phases:

    • Reconnaissance: Data collection on the target.

    • Weaponization: Create deliverables using exploits and backdoors.

    • Delivery: Use methods like email to send malicious payloads.

    • Exploitation: Execute code on the victim's system.

    • Installation: Install malware.

    • Command and Control: Create a channel for communication.

    • Actions on Objectives: Perform actions to meet goals.

Tactics, Techniques, and Procedures (TTPs)

  • Definition: The patterns of activity related to specific threat actors.

    • Tactics: Guidelines on how attacks are performed.

    • Techniques: Technical methods used to achieve goals.

    • Procedures: Organizational approaches for attack launches.

MITRE ATT&CK Framework

  • Description: A knowledge base of adversary tactics and techniques based on real-world observations.

  • Categories: 14 tactic categories derived from later stages of Cyber Kill Chain.

    • Stages: Recon, Weaponize, Deliver, Exploit, Control, Execute, Maintain.

Diamond Model of Intrusion Analysis

  • Framework Purpose: Identifies events clusters correlated across systems.

  • Elements: Adversary, Capability, Infrastructure, Victim.

LO#03: Explain Hacking Concepts and Different Hacker Classes

Definition of Hacking

  • Hacking: Exploiting vulnerabilities to gain unauthorized access and modify system features.

Definition of a Hacker

  • Hacker Characteristics:

    • Intelligent individual with strong computer skills.

    • Activities range from hobbyist to malicious intent.

Classes of Hackers

  • Black Hats: Malicious hackers with exceptional computing skills, known for destructive activities.

  • White Hats: Security analysts using skills for defense.

  • Gray Hats: Operate in both offensive and defensive roles.

  • Suicide Hackers: Attack critical infrastructure for a cause.

  • Script Kiddies: Inexperienced hackers using tools created by others.

  • Cyber Terrorists: Use hacking for politically motivated disruption.

  • State-Sponsored Hackers: Government-employed hackers for espionage and disruption.

  • Hacktivist: Promote political agendas via hacking.

  • Hacker Teams: Consortia of skilled hackers performing complex projects.

  • Industrial Spies: Perform corporate espionage.

  • Insider: Utilize privileged access to harm the organization.

  • Criminal Syndicates: Planned criminal organizations engaging in cyber-activities.

  • Organized Hackers: Use rented devices or botnets for attacks.

LO#04: Explain Ethical Hacking Concepts and Scope

Definition of Ethical Hacking

  • Ethical Hacking: Use of tools to identify security vulnerabilities within systems.

Necessity of Ethical Hacking

  • Objective: Anticipate methods used by malicious hackers to counteract threats.

  • Reasons for Recruitment:

    • Prevent unauthorized access.

    • Provide preventive measures against breaches.

    • Explore system vulnerabilities.

    • Safeguard customer data.

    • Strengthen overall security.

    • Enhance security awareness.

Ethical Hacking Questions

  1. What can an intruder see on the target system?

  2. What can an intruder do with that information?

  3. Are intruder attempts noticed?

  4. Are components of the information system adequately protected?

  5. What resources are needed for protection?

  6. Is compliance with legal/industry standards achieved?

Scope and Limitations of Ethical Hacking

  • Scope: Risk assessment, auditing, and information security best practices.

  • Limitations: Understanding what to look for is crucial for effective engagement with ethical hackers.

Skills of an Ethical Hacker

  • Technical Skills: Include knowledge of OS, networking, security, and capabilities for sophisticated attacks.

  • Non-Technical Skills: Ability to adapt to new technology, strong ethics, problem-solving, and communication skills.

LO#05: Summarize the Techniques used in Information Security Controls

Information Assurance (IA)

  • IA Definition: Ensures the integrity, availability, confidentiality, and authenticity of information.

    • Processes Include:

    1. Developing local policies.

    2. Designing authentication strategies.

    3. Identifying network vulnerabilities.

    4. Creating resource plans.

    5. Applying assurance controls.

    6. Performing certification.

    7. Providing training.

Continual/Adaptive Security Strategy

  • Adaptive Security Strategy: Involves implementing multiple network security approaches:

    • Predict: Risk Assessment, Threat Intelligence.

    • Protect: Defense-in-depth strategies.

    • Detect: Continuous monitoring and incident response.

    • Respond: Handling incidents and emergencies.

Defense-in-Depth

  • Definition: Security strategy using layers to protect information systems.

  • Layers Include:

    • Physical, Perimeter, Internal Network, Host, Application, Data.

Risk Management

  • Definition: Process of maintaining risk at an acceptable level through an active security program.

  • Phases Include:

    1. Risk Identification

    2. Risk Assessment

    3. Risk Treatment

    4. Risk Tracking

    5. Risk Review

Cyber Threat Intelligence (CTI)

  • Definition: Collection and analysis of information about threats for decision-making.

  • Types:

    • Strategic: High-level risks for management.

    • Tactical: TTP information for IT managers.

    • Operational: Details on specific incoming attacks.

    • Technical: Indicators of compromise for security teams.

LO#06: Explain the Importance of Applicable Security Laws and Standards

Payment Card Industry Data Security Standard (PCI DSS)

  • Definition: Standard for organizations handling cardholder data.

  • Applicability: Merchants, processors, issuers, and service providers must comply.

  • High-Level Overview:

    • Build secure networks, access controls, protect data, monitor networks, maintain vulnerability management, and information security policies.

ISO/IEC 27001:2013

  • Purpose: Framework for establishing an information security management system.

  • Suitability: Can be used for cost-effective management of security risks and ensuring compliance with laws.

Health Insurance Portability and Accountability Act (HIPAA)

  • Elements include:

    • Privacy Rule: Federal protections for health information.

    • Security Rule: Safeguards for confidentiality and integrity of health data.

Sarbanes-Oxley Act (SOX)

  • Purpose: Protects investors and public by increasing accuracy of corporate disclosures; has 11 titles addressing different aspects of financial accountability.

Digital Millennium Copyright Act (DMCA) and Federal Information Security Management Act (FISMA)

  • DMCA: Prohibits circumvention of copyright protection measures and alteration of management information.

  • FISMA: Framework for ensuring effectiveness of information security controls in federal settings.

General Data Protection Regulation (GDPR)

  • Implementation: Enforced May 25, 2018, focusing on strict data protection and privacy principles.

Data Protection Act 2018 (DPA)

  • Definition: Framework for data protection law in the UK, enhancing rights of data subjects.

Cyber Laws in Various Countries

  • Provides a listing of laws and acts from various countries regarding cyber security and copyright, emphasizing global compliance.

Module Summary

  • This module covered information security elements, types of attacks, information warfare, various hacking methodologies, hacker types, the necessity and limitations of ethical hacking, risk management practices, incident management, AI/ML applications in cybersecurity, and a variety of international laws and standards governing information security. It sets the stage for deeper exploration into attacker methodologies in future discussions such as footprinting for evaluation before attacks or audits.