EC-Council CEH v10 links

This page by David Papkin has information on EC-Council CEH course.

The Certified Ethical Hacker (CEH) program is the most comprehensive ethical hacking course on the globe to help information security professionals grasp the fundamentals of ethical hacking.

To master the hacking technologies, you will need to become one, but an ethical one! The accredited hacking course provides the advanced hacking tools and techniques used by hackers and information security professionals alike to break into an organization. As we put it, “To beat a hacker, you need to think like a hacker”.

 

Aspen Login

CEH Page

Your guide to Ethical Hacking from home.

CEH classroom attack website (www.certifiedhacker.com)

Terminology

Defense in Depth – Security strategy in which several protection layers are placed throughout an information system

Enumeration – The attacker establishes an active connection with the victim and try to discover as much attack vectors as possible, which can be used to exploit the systems further.

Enumeration can be used to gain information on −

  • Network shares
  • SNMP data, if they are not secured properly
  • IP tables
  • Usernames of different systems
  • Passwords policies lists

Enumerations depend on the services that the systems offer. They can be −

  • DNS enumeration
  • NTP enumeration
  • SNMP enumeration
  • Linux/Windows enumeration
  • SMB enumeration

 

5 phases of Hacking

  1. Reconnaissance – Preparatory phase where an attacker seeks to gather information about a target prior to launching an attack.
  2. Scanning – Scans the network based on information gathered during reconnaissance.
  3. Gaining Access – Hacker obtains access to the operating system or applications on the computer or network
  4. Maintaining Access – Hacker tries to retain his or her ownership of the system.
  5. Clearing Tracks – Hackers always cover their tracks to hide their identity.

 

Risk – Degree of uncertainty or expectation that an adverse event may cause damage to the system.

Vulnerability – Existence of a weakness, design or implementation error that can lead to an unexpected event compromising the security of the system.

Mobile

OWASP Mobile Top 10

SQL Injection

SQL Injection Prevention Cheat Sheet

OWASP Top 10 project

Advanced SQL Injection to Operating System Full Control (PDF)

OWASP Prevention Cheat Sheet

Blind XPath Injection

Log Injection

Command Injection

OWASP Appsec Tutorial Series – Episode 2: Injection Attacks

Wireshark

Wireshark HTTPS (Has 9 learning Activities.Very good!))

Wireshark SSL

https://wiki.wireshark.org/DisplayFilters

How to build Display Filters

Ethernet Capture

NMAP OS Detection

Understanding an Nmap Fingerprint

Healthcare ransomware attack: Prevention and backups are critical

Ten ways to stop a ransomware threat targeting healthcare data

How to Use SSH keys with Windows on Azure

Web shell

Questions