Interdoction to CEH V-12
## INTERODUCTION TO ETHICAL HACKING: ##
What is Hacking = ethical hacking is the protection of inter-connnected system, including hardware , software and data , from cyber attacks.
Types of Hacker :
Black Hat Hacker = dark web hacker , deep web Hacker
White Hat Hacker = government staff ,
Gray Hat Hacker= white + black
Computer Virus ( software through attack e.g link , unauthorized software , transaction attack )
Computer Worm = e.g lottery , social engineering
Scareware = ( send you bell for update your software , os , remove virus , sell product etc. )
key logger = ( get user name & password , monitor your text data)
Adware = ( browser ads , redirect another browser )
malware
Backdoor = access your system any time without root user
Trojan = unkown software etc
Ransomware = encrypt your data , black hat hacker )
spyware = ( spy your system & data , monitor government system , )
Goals of Ethical Hacking ##########################################
Protect the Privacy of a Organization
Trasnsparently report all the identified bugs/wealkness / vulnerabilities to the organization.
inform the vendors about the security measures and patches.
Skills Required by Ethical Hackers ###################################
operating System
networking
programing language
Domain ####################################
web application Domain
mobile application Domain
Network Domain
cloud
Tools used by ethical hackers ###################################
nmap
nessus
acunetix
HashCat
metasploit
Ettercap ( man in the middle attack tool )
Airtcrack-ng
Brup Suite
wireshark Process of Ethical Hacking #################################
Reconnaissance ( Information gathering rg ns-lookup )
Scanning ( port , protocol , etc )
Gainning Access ( enter the system , etc )
maintaing Access
clearing Tracks ( clear track , hide ip , log delete )
Reporting
Ethical Hacking Across Domains #########################################
At is's core , Ethical hacking occupies a prominent role in varios verticle such as.
web application Environment
Mobile applications
Network architecture Domain
Two major Categories :
Client side vulnerabilies ( destroy company image , css )
server side vulenrabilities
############# All attacks can be categories into 3 mojar attack
parameter tampering
unvalidated input
directory traversal Attacks Common Web Application attacks ##################################
injection flaws eg, SQL injection , HTML injection . etc
Cross Site Scripting eg. Reflected , stored , etc
Web Services Attack eg, DNS Cache poising , file upload etc.
NMAP:
Nmap -PR IpAddress (shows the info after ping nmap)
Nmap -A ipaddress ( Aggressive scan )
Hydra -l xxxx/xxx/xxxx ftp://www.google.com( xxx is the file location and this command helps to match password from file and and hit the target)
