CEH v11 Exam 2021

Authentication - The process of identifying a user's identity, making sure that they can have access to the system and/or files. This can be accomplished either by a password, retina scan, or fingerprint scan, sometimes even a combination of the above. Botnet - A network of computers that have been infected with a virus, and now are working continuously in order to create security breaches. DDoS - Using multiple hosts and users, hackers bombard a website with a tidal wave of requests to such an extent that it locks up the system and forces it to temporarily shut down. Domain - A series of computers and associated peripherals (routers, printers, scanners), that are all connected as one entity. Encryption - Coding used to protect your information from hackers. Malware - malicious software that damages or disables computer systems and gives limited or full control of the systems to the creator for malicious activities such as theft or fraud. Spoofing - When a hacker changes the IP address of an email so that it seems to come from a trusted source Spyware - A type of malware that attackers install on a computer to secretly gather information about its users without their knowledge. Trojan Horse - A form of malware, this one a misleading computer program that looks innocent, but in fact allows the hacker into your system via a back door, allowing them to control your computer. Virus - It infects a system by inserting itself into a file or executable program. Malware which changes, corrupts, or destroys information, and is then passed on to other systems, usually by otherwise benign means. VPN - creates a safe and encrypted tunnel over a public network to securely send and receive sensitive information. It creates a subnet by using key-based encryption for secure communication between endpoints. Worm - Malware that can reproduce itself for the purposes of spreading itself to other computers in the network. Hack Value - The notion among hackers that something is worth doing or is interesting. Vulnerability - An existence of a weakness, design, or implementation error that may lead to compromising the security of the system. Exploit - A breach of IT system security through vulnerabilities. It is the part the malware that contains code or a sequence of commands that can take advantage of a bug or vulnerability in a digital system or device. Payload - Payload Daisy Chaining - Gaining access to one network and/or computer to obtain information that will enable them to gain access to multiple other computers and/or networks. Doxing - Publishing personally identifiable information about an individual that was obtain from public databases and social media. Bot - A software application that can be remotely controlled to execute/automate predefined tasks. Information Security - A state of infrastructure and information well-being to keep the possibility of theft, tampering, disruption of information and services kept tolerable and low. Confidentiality - The assurance that information is only accessible to authorized individuals. Integrity - The trustworthiness of preventing improper and unauthorized changes of data or resources. Availability - The assurance that the system which is responsible for the processing, delivering and storing of information is accessible to the authorized users when required. Authenticity - Any data, communication or document characteristics which ensures the quality of being genuine. Non-Repudiation - Guarantees that an individual cannot later deny sending a message and the recipient cannot deny receiving a message. Cloud Computing - An on-demand delivery of IT capabilities where infrastructure and applications are provided to subscribers as a metered service over a network. Advanced Persistent Threats (APT) - An attack vector focuses on stealing data from a victims machine without their knowledge. Cloud Computing Threats - An attack vector is a flaw in within a client's application cloud which can enable attackers to access other client's data. Insider Attacks - An attack is performed on a network or single computer by an entrusted individual who has authorized access. Web Application Threats - A security attack vector that threatens the performance of a website and hampers its security to steal user credentials, set up a phishing site or acquire private data by targeting web applications. SHA-1 - A Secure Hashing Algorithm (SHA) that produces a 160-bit digest from a message with a maximum length of (264 - 1) bits, and resembles the MD5 algorithm. Software as a Service (SaaS) - Offers software to subscribers on-demand over the internet. Platform as a Service (PaaS) - Offers development tools, configuration management, and deployment platforms on-demand that can be used by subscribers to develop custom applications. Infrastructure as a Service (IaaS) - Provides virtual machines and other abstracted hardware and operating systems which may be controlled through a service API. Identify as a Service (IDaaS) - Offers IAM services including SSO, MFA, IGA and intelligence collection. Security as a Service (SECaaS) - Provides Penetration testing, authentication, intrusion detection, anti-malware, security incident, and event management services. Container as a Service (CaaS) - Offers Virtualization of container engines, management of containers, applications and clusters through a web portal or API. Function as a Service (FaaS) - Provides a platform for developing, running and managing application functionality for microservices. Public Cloud - Services are rendered over a network that is open for public use. Private Cloud - Cloud infrastructure is operated for a single organization only. Community Cloud - Shared Infrastructure between several organizations from a specific community with common concerns. Hybrid Cloud - Combination of two or more clouds that remain unique entities but are bound together, thereby offering the benefits of multiple deployment models. Multi Cloud - Dynamic heterogeneous environment that combines workloads across multiple cloud vendors, managed via one proprietary interface to achieve long term business goals. Cloud Consumer - A person or organization that uses cloud computing services. Cloud Provider - A person or organization that provides services to the interested parties. Cloud Carrier - Providing connectivity and transport services between cloud consumers and providers. Cloud Auditor - A party that can conduct independent assessment of cloud service controls and taking an opinion thereon. Cloud Broker - An entity that manages the use, performance and delivery of cloud services, and maintains relationships between cloud providers and consumers. Virtualization - The ability to run multiple operating systems on a single physical system. or multiple instances of one operating system and share the underlining resources such as a server, storage device or network. Containers - Placed on the top of one physical server and host operating system, and share the operating systems kernel binaries and libraries, thereby reducing the need for reproducing the OS. Docker - An open source technology used for developing, packaging and running applications and all its dependencies in the form of containers, to ensure that the application works in a seamless environment. It provides a PaaS through OS level virtualization and delivers containerized software packages. Kubernetes - An open source, portable, extensible, orchestration platform developed by Google for managing containerized applications and microservices. It provides a resilient framework for managing distributed containers, generating deployment patterns, and performing failover and redundancy for the applications. Network Sniffing - Interception and monitoring of network traffic which is being sent between the two cloud nodes. Packet Sniffers - Programs that capture data from information packets as they travel over the Internet or company networks. Captured data is sifted to find confidential or proprietary information. Side Channel Attack - An attack where an attacker runs a virtual machine on the same physical host as the victims virtual machine and takes advantage of the shared physical resources (processor cache) to steal data ( cryptographic keys) from the victim. Wrapping Attack - Performed during the translation of SOAP message in the TLS layer where attackers duplicate the body of the message and send it to the server as a legitimate user. Man in the Cloud (MITC) - An attacker abuses cloud file synchronization services such as Google Drive or Drop Box for data comprise, command and control, data exfiltration and remote access. Cloud Hopper Attack - Triggered at the managed service providers (MSPs) and their users, by initiating spear-phishing emails with common made malware to compromise the accounts of staff or cloud service firms to obtain confidential information. Cloud Cryptojacking - Unauthorized use of the victims computer to stealthily mine digital currency. Cloudborne Attack - A vulnerability residing in a bare-metal cloud server that enables the attackers to implant a malicious backdoor in its firmware, which allows the attackers to bypass the security mechanisms and perform various activities such as watching new user activity or behavior, disabling the application or server, and intercepting and stealing the data. Cloud Hacking - Attackers exploit vulnerabilities existing in cloud technologies to perform various targeted high-profile attacks on cloud storage systems, compromising the corporate and customers data, with the objective of gaining access to users data and blocking access to cloud services. Container Image - Consists of Operating System, application, runtime, etc. packaged together. They are widely reused and may contain open sourced framework with vulnerability issues. Trivy, Clair, Dadga, Nessus - Tools to scan and identify vulnerabilities in containers. Simple Storage Service (S3) - A scalable cloud storage service used by Amazon AWS where files, folders and objects are stored via web APIs. Attacker try to find the buckets location and name to test its security and identify vulnerabilities in the bucket implementation. Inspecting HTML - Attackers analyze the source code of the HTML web pages in the background, to find URLS's to the target S3 buckets. Brute-Forcing URL - Attackers use Burp Suite to perform brute forcing attacks on the target buckets URL to identify the correct URL to the bucket. Finding Subdomains - Attackers use tools such as Findsubdoamins, or Robtex to identify subdomains related to the target bucket. S3Scanner - Used to identify open S3 buckets of cloud services such as Amazon AWS and retrieve their content for malicious purposes. S3Scanner, Lazys3, Bucker Finder, S3-buckets-bruteforcer - Tools used to find URLs of AWS S3 buckets. Volume - A directory that stores files and is accessible to all containers in a pod. Hacking Container Volumes - Attackers exploit weak and default configurations in volumes to launch privilege escalation attacks and perform lateral movement in the internal network. Assessing master nodes - Attackers gain access to the API or etcd, they can easily retrieve configuration details of the mounted volumes. Accessing nodes - Kublet manages pods, so if attackers can access a node in a pod, they can easily gain access to all of the volumes used within the pod. Accessing container - Attackers can configure a hostpath volume type to retrieve sensitive information from the node. AWS pwn - AWS hacking tool that includes carious automated scripts for hacking phases such as reconnaissance, escalating privileges, maintaining access and clearing tracks. GCPBucketBrute - A script-based tool that allows attackers to enumerate Google storage buckets, determine what kind of access they have for them, and check whether they can be privilege escalated. Misconfiguration Attack - An attack that affects the web servers, application platforms, databases, networks, or frameworks that can lead towards illegal access or even the possibility of owning the system. Operating System Attack - An attack where an attacker search's for OS vulnerabilities and exploits them to gain access to the system. Application Level Attack - An attack that exploits vulnerabilities in applications that are running on a company's information system in order to steal or manipulate the data or gain unauthorized access. Shrink Wrap Code Attack - An attack that will exploit default configurations and settings of off- the-shelf libraries and code. Information Warfare (InfoWar) - The utilization of information and communication technologies (ICT) for a competitive advantage over an opponent. Defensive Information Warfare - Refers to all of the strategies/actions used to to defend against ICT asset attacks. Offensive Information Warfare - Refers to information warfare which involves the attacks against the opponents ICT assets. Reconnaissance - Refers to the preparatory phase where an attacker seeks to gather information about a target prior to launching an attack. Scanning - a procedure used for identifying active hosts, open ports, and unnecessary services enabled on particular hosts. Gaining Access - refers to the point where the attacker obtains access to the operating system or application. Maintaining Access - Refers to the phase when the attacker tries to retain his or her ownership of the system. Clearing Tracks - Refers to the activities carried out by an attacker to hide malicious acts. Information Assurance (AI) - Refers to the assurance that the integrity, availability, confidentiality and authenticity of information and information systems are protected during usage, processing, storage, and transmission of information. Information Security Management Program - A well-defined level of information security that includes policies, processes, procedures, standards and guidelines. Enterprise Information Security Architecture (EISA) - A set of requirements, processes, principles and models that determines the structure and behavior of an organization's information systems Network Security Zoning - A mechanism that allows an organization to manage a secure network environment by selecting the appropriate security levels for the different zones of internet and intranet networks. Internet Zone - An uncontrolled zone, as it is outside the boundaries of an organization. Internet DMZ - A controlled zone, as it provides a barrier between internal networks and internet. Production Network Zone - A restricted zone, as it strictly controls direct access for uncontrolled networks. Intranet Zone - A controlled zone with no heavy restrictions. Management Network Zone - A secured zone with strict policies. Defense-in-Depth - A security strategy in which several protection layers are placed throughout an information system. Security Policies - The foundation of the security infrastructure. Information Security Policies - Defines the basic security requirements and rules to be implemented in order to protect and secure an organization's systems. Promiscuous Policy - Policy that has no restrictions on usage of systems resources. Permissive Policy - Policy is wide open and only known dangerous services/ attacks or behaviors are blocked. Prudent Policy - Policy that provides maximum security by blocking all services, only individually enabling safe/ necessary services and everything is logged. Paranoid Policy - Policy that forbids everything, no internet connection, or severely limited internet usage. Access Control Policy - Policy defines the resources being protected and the rules that control access to them. Remote-Access Policy - Policy defines who can have remote access. User- Account Policy - Policy that defines the account creation process, authority, and rights and responsibility of the users accounts. Information-Protection Policy - Policy that defines the sensitivity levels of information. Firewall- Management Policy - Policy that defines the access, management, and monitoring and monitoring of firewalls in an organization. Special-Access Policy - Policy that defines the terms and conditions of granting special access to system resources. Email Security Policy - Policy that is created to govern the proper usage of corporate email. Acceptable-Use Policy - Policy that defines the acceptable use of system resources. Passwords Policy - Policy that provides guidelines for using strong password protection on organizations resources. Network-Connection Policy - Policy that defines who can install new resources on the network, approve the installation of new devices, and document network changes. Risk - Refers to a degree of uncertainty or expectation that adverse event may cause damage to the system. Risk Management - The process of reducing and maintaining risk at an acceptable level. Threat Modeling - A risk assessment approach for analyzing security of an application by capturing, organizing, and analyzing all the information that affects the security of an application. Incident Management - A set of defined processes to identify, analyze, prioritize, and resolve security incidents to restore normal service operations as quickly as possible and prevent future recurrence of the incident. End of Line Comment - An attacker uses the SELECT* FROM user WHERE name = 'x' AND userid IS NULL; --; Fuzzing - to send a large amount of data to the target server so that it experiences buffer overflow and overwrites the EIP register. It helps in identifying the number of bytes required to crash the target server. This information helps in determining the exact location of the EIP register, which further helps in injecting malicious shellcode Service Oriented Architecture (SOA) - A design pattern based on distinct pieces of software providing application functionality as service to other applications. Watering Hole Attack - An attack against targeted businesses and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. Heartbleed Bug - A serious vulnerability in the popular OpenSSL cryptographic software library. USB Dumper - A tool can be used to silently copy files from USB devices. Cavity virus - A virus that attempts to install itself inside of the file it is infecting. Cross-Site Scripting (XSS) - A web application attack where attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users. Public Keys - Shared keys during the process of encryption and decryption. Cross-site request forgery - A vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server. [site:] - Google advance search operator that allows an attacker to restrict the results to those websites in the given domain. File checksums - An approach that is commonly used to automatically detect host intrusions. Network Time Protocol (NTP) port - TCP port 123 Hash - Insures integrity of data Evaluation Assurance Level (EAL) - Set standard of controls and testing method. Phreaker - Someone who manipulates telecommunications systems in order to make free calls. Preparation Phase - The phase defines the time period during which the actual contract is hammered out. The scope of the test, the types of attacks allowed, and the individuals assigned to perform the activity are all agreed upon in this phase. Assessment Phase - The actual assaults on the security controls are conducted during this time. Conclusion Phase - The phase that defines the time when final reports are prepared for the customer, detailing the findings of the tests (including the types of tests performed) and many times even providing recommendations to improve security. Payment Card Industry Data Security Standard (PCI-DSS) - A security standard for organizations handling credit cards, ATM cards, and other point-of sales cards. FISMA - Enacted in 2002, this U.S. law requires every Federal agency to implement information security programs, including significant reporting on compliance and accreditation. SRV (Service) - Defines the hostname and port number of servers providing specific services, such as a Directory Services server. SOA (Start of Authority) - Identifies the primary name server for the zone. PTR (Pointer) - Maps an IP address to a hostname (providing for reverse DNS lookups). NS (Name Server) - Defines the name servers within your namespace. MX (Mail Exchange) - Identifies the e-mail servers within your domain. CNAME (Canonical Name) - Provides for domain name aliases within your zone. A (Address) - Maps an IP address to a hostname and is used most often for DNS lookups. Computer Security Incident Response Team (CSIRT) - Provides incident response services for any user, company, agency, or organization in partnership with the Department of Homeland Security. allintitle: - Google search command which returns sites that contain the search terms in the page title. CNAME - The DNS record that allows you to alias both services to the same record (IP address). 514 - The port number that is used by default for syslog. Honeypot - a computer system on the Internet intended to attract and trap those who attempt unauthorized or illicit utilization of the host system to penetrate an organization's network. It is a fake proxy run to frame attackers by logging traffic through it and then sending complaints to the victims' ISPs. WinPcap - The library used for Windows devices. Libpcap - The library used for Linux devices. Steganography - Hiding a covert message within an overt message Security through obscurity. HIPAA - A regulation that has a set of guidelines for anyone who handles electronic medical data and that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure. Test Automation - Can accelerate tests and repeat them with a consistent setup. But it cannot replace manual testing completely. site: filetype:xls username password email - Google query that would find .xls files on the site containing usernames, passwords, and email addresses. Split DNS - Maintaining a DNS server in the DMZ and a second DNS server on the intranet Maltego - Tool that allows examination of links between data using graphs and link analysis. WHOIS - A public database containing domain name registration information. Zone transfer request - Dig axfr @172.16.10.200 445 - Port that Windows file sharing uses. 515 - Host for Line Printer Daemon (LPD) 631 - Host for Internet Printing Protocol (IPP) 9100 - Host for HP Jet Direct Net view - Lists file shares AXFR or IXFR - DNS zone transfers CHNTPW - Linux based tool to change any Windows user's password or to activate disabled accounts. Counter-Based Authentication System - Creates secret key encrypted one-time passwords. Password Crackers - John the ripper, Hydra Rainbowcrack, Lophtcrack, Cain & Abel Shadow file - Contains the passwords themselves. /etc/passwd - Does not contain the passwords themselves. USER:RID:LM:NTLM - Pwdump SAM file hash dump format Vertical Privilege Escalation - Acquiring administrative privileges. Horizontal Privilege Escalation - Acquiring access to another account's files. Boot Sector Virus - Moves MBR to another location on the hard disk and copies itself to the original location of MBR. Ransomware - a type of malware that restricts access to the computer system's files and folders and demands an online ransom payment to the malware creator(s) to remove the restrictions