Exploit: A piece of software or technology that takes advantage of a bug, glitch, or vulnerability, leading to unauthorized access, privilege escalation, or denial of service on a computer system. Malicious hackers are looking for exploits in computer systems to open the door to an initial attack. Most exploits are small strings of computer code that, when executed on a system, expose vulnerability. Experienced hackers create their own exploits, but it is not necessary to have any programming skills to be an ethical hacker as many hacking software programs have ready-made exploits that can be launched against a computer system or network. An exploit is a defined way to breach the security of an IT system through a vulnerability.
Vulnerability: The existence of a software flaw, logic design, or implementation error that can lead to an unexpected and undesirable event executing bad or damaging instructions to the system. Exploit code is written to target a vulnerability and cause a fault in the system in order to retrieve valuable data.
Target of Evaluation (TOE): A system, program, or network that is the subject of a security analysis or attack. Ethical hackers are usually concerned with high-value TOEs, systems that contain sensitive information such as account numbers, passwords, Social Security numbers, or other confidential data. It is the goal of the ethical hacker to test hacking tools against the high-value TOEs to determine the vulnerabilities and patch them to protect against exploits and exposure of sensitive data.
Attack: An attack occurs when a system is compromised based on a vulnerability. Many attacks are perpetuated via an exploit. Ethical hackers use tools to find systems that may be vulnerable to an exploit because of the operating system, network configuration, or applications installed on the systems, and to prevent an attack.
There are two primary methods of delivering exploits to computer systems:
Remote: The exploit is sent over a network and exploits security vulnerabilities without any prior access to the vulnerable system. Hacking attacks against corporate computer systems or networks initiated from the outside world are considered remote. Most people think of this type of attack when they hear the term hacker, but in reality most attacks are in the next category.
Local: The exploit is delivered directly to the computer system or network, which requires prior access to the vulnerable system to increase privileges. Information security policies should be created in such a way that only those who need access to information should be allowed access and they should have the lowest level of access to perform their job function. These concepts are commonly referred as “need to know” and “least privilege” and, when used properly, would prevent local exploits. Most hacking attempts occur from within an organization and are perpetuated by employees, contractors, or others in a trusted position. In order for an insider to launch an attack, they must have higher privileges than necessary based on the concept of “need to know.” This can be accomplished by privilege escalation or weak security safeguards.
NOTE: In order to be comfortable with the CEH training, Learners should have good knowledge on below per-requisites:
- Know the basics of Information security
- Concepts such as "CIA (Confidentiality, Integrity, Availability)
- Coverage would have come during CompTIA or CISSP training
- Know the basics of networking
Physical layer, cabling, hardware devices, The function of switches, routers, firewalls, IP Addressing, Subnetting and CIDR notation
- Know how to convert numbers
Decimal, Octal, Binary; in all directions and combinations
- Know the basics of Cryptography
- There is a module in the class on Crypto, but there may not be time to cover it in class.
- Sufficient coverage would have come during CompTIA Security+ or CISSP.
- Know the OSI model
Application 7 Service protocols
Presentation 6 Data formats
Session 5 Authentication, Cryptographic agreements
Transport 4 Ports, logical service to service connections
Network 3 Network to network delivery
Data Link 2 Host to host links, contention
Physical 1 Media
- Know how to use a Windows PC
Be familiar with the Windows Graphical User Interface, Find toolbar icons, manage folders and files, use network shares etc....
Ethical Hacking "Terms & Definitions" :
Term DefinitionHax0r Hacker
Uberhacker Good hacker
L33t Sp33k Replacing characters to avoid filters
Full disclosure Revealing vulnerabilities
Hacktivism Hacking for a cause
Suicide Hacker Hopes to be caught
Ethical Hacker Hacks for defensive purposes
Penetration Test Determine true security risks
Vulnerability Assessment Basic idea of security levels
Vulnerabilty Researcher Tracks down vulnerabilities
White hat Hacks with permission
Grey hat Believes in full disclosure
Black hat Hacks without permission
White Box A test everyone knows about
Grey Box A test with a very specific goal but unspecific means
Black Box A test no one knows is happening
Threat Potential event
Vulnerability Weakness
Exposure Accessibility
Exploit Act of attacking
TOE Target of Evaluation
Rootkit Hides processes that create backdoors
Botnet Robot network that can be commanded remotely
Buffer Overflow Hijack the execution steps of a program
Shrinkwrap Code Reused code with vulnerabilities
