Open in app

Sign in

Write

Sign in

CEH Note

Jovan
4 min readJul 24, 2022

--

Module 1 — Introduction to Ethical Hacking

Flow Module 1
- Information Security Overview
- Cyberkill chain concepts
- Hacking consepts
- E. Hacking concepts
- Infosec controls
- Infosec Law & standards

Element Of Infosec :
- Confidentality
Dapat di akses oleh user yang mempunyai otoritas.
- Integrity
Kepercayaan terhadap data/sumber
- Availability
Ketersediaan informasi saat akan diakses oleh user yang memiliki otoritas.
- Authenticity
Mengidentifikasi bahwa user tersebut adalah user yang sesungguhnya/asli.
- Non Repudiation
Menjamin kemutlakan pada setiap action yang di lakukan pada masing masing user.

Attack = Motive + Method + Vulne

Classification Of Attacks :

- Passive Attacks
Pasif >< Aktif, passive attack merupakan serangan yang bersifat pasif dan cenderung hanya melakukan intercept pada network (monitoring & intercepting). Example : Sniffing

- Active Attacks
Aktif >< Pasif, active attack merupakan serangan yang bersifat aktif seperti melakukan exploit pada suatu app / melakukan hijacking pada suatu session. Example : XSS, SQLi, etc.

- Close-in Attacks
Serangan yang dapat dilakukan jika berada dekat secara fisik pada target (perangkat system maupun jaringan), dengan goal mendapatkan & merubah informasi, serta menganggu akses pada target. Example : SOCENG.

- Insider Attacks
Serangan yang dilakukan menggunakan user yang memiliki otoritas ke assets target. Example : SOCENG, keylogger.

- Distribution Attacks
Serangan yang dilakukan dengan melakukan modifikasi pada software/hardware, seperti memasukkan backdoor pada software.

Cyberkill Chain Methodology :

- Recon
Recon

- Weaponization
Create payload

- Delivery
Sent payload

- Exploitation
exploit vulne

- Installation
Install payload

- C2
C2

- Action Of Objectives
achieve goals.

Tactics, Techniques, and Procedures (TTPs) :

- Tactic
jalur attacker menyerang & info gath.

- Techniques
metode serangan yang dilakukan attacker.

- Procedures
pola penyerangan yang dilakukan attacker (base on target).

Adversary Behavioral Identification (Identify common method) :

- Internal Recon

- Use .ps1

- Sus proxy activity

- Use cli

- Http user agent

- c2

- Dns tunneling

- use shell

- Data staging

Indicators of Compromise (IoCS)
Clue, artifacts & piece of forensic data.

Categories of IoCs :

- E-mail

- Network

- Host-based

- Behavioral

Hacking ?
exploit vulne, modify app feature, achieve goals(business loss).

Hacker ?

- Individual skill

- Hobby

- Do Illegal things

Hacker classes :

- Black Hat

- White Hat

- Gray Hat

- Suicide Hacker

- Script Kiddie

- Cyber Terrorist

- State-Sponsored Hackers

- Hackitivist

Hacking Phase :

Recon

- Passive Recon
Passive >< Active, indirectly

- Active Recon
Active >< Passive, directly

Scanning

- Pre-attack phase
Info gath

- Port scan

- Extract Info

Gaining Access

- Route to gain access

- Gaining Access (Low)

- Esca priv

- Crack Credential

Maintaining Access

- Retain their ownership of the assets

- Secure their exclusive access

- Download / Modify Assets data.

- Launch further attacks.

Clearing Tracks

- Hide malicious acts

- Obtaining continue access

- Avoid suspicion (overwrite logs)

E.Hacking ?

- Identify Vulne

- Verify Vulne

- VA with permission of concerned authorities

##Beberapa point soal ethical hacking di skip, karena udah di luar kepala.

Information Assrance (IA)
refers to assurance to element of infosec (except non repudiatation) of information.
Processes that help IA achieve the goals :

- Developing local policy,porcess, and guidance
- Designing network & user auth
- Identify network vuln & threat
- Identify problem & resource requirments
- Create plans of identified resource requirements
- Applying info assurance controls
- Performing Certification
- Providing Info assurance training

Risk ?
- RISK = Threats x Vulne x Impact
- RISK = Threat x Vulne x Assets Value

Level of Risk
Level of Risk = Consequence x Likelihood

Risk Management
Reducing and maintaining risk at an acceptable level.

Risk Managemenet Phase :
- Risk Identification
Identifies the sources.

- Risk Assessment
Assesses org risk.

- Risk Treatment
Select & Implementing appropriate controls.

- Risk Tracking
Ensure appropriate controls are implemented.

- Risk Review
Evaluates the performance.

Cyber Threat Intelligence (CTI)
Collection & analysis of info about threat / identify & mitigate various business risk.

Type of CTI :

Long term Use :

- Srategic (High level)
Consume by hi-level Executive & Management (Hi-Level info)

- Tactical (Low Level)
Consume by IT Service, SOC Managers, Admin (Info attackers TTP’s)

Short Term Use :

- Operational (High level)
Consume by Sec Managers & Network Def (Spesific incoming attack info)

- Technical (Low Level)
Consume by SOC & IR Teams (Info spesific IOC’s)

Threat Modeling
“Risk Assessment approach”

Threat Modeling Process :

- Identify Sec Objective
Menentukan objektif

- App Overview
Component

- Decompose App
threats details

- Identify Threats
identify threats using step 2 & 3 info

- Identify Vulne
Identify threats weakness using vulne category

Incident Handling & Resp
Step IH&R Process :

- Preparation
- Incident Recording & Assignment
- Incident Triage
- Notif
- Containment
- Evidence Gath & Forensic Analysis
- Eradiction
- Recovery
- Post-Incident Activities (Documentation)

How do AI & ML prevent Cyber Attack :

- Password Attack & Auth
- Phising detection
- Threat detection
- Vulne Management
- Behavioral Analytic
- Network Sec
- AI-based AV
- Fraud Detection
- Botnet Detection
- AI to Combat AI Threats

PCI Data Sec Standard :

- Build & Maintain a Secure Network
Install & maintain firewall conf, re-check default conf (ex :auth).

- Protect Cardholder Data
Protect stored data, encrypt data.

- Maintain a Vulne Management Program
Keep update a software, develope & maintain secure sys & app.

- Implement Strong Access Control Measures.
Restrict spesific access to cardholder data, assign unique ID.

- Regularly Monitor & Test Networks
Monitor access, test sec system.

- Maintain an InfoSec Policy
Maintain a policy.

ISO/IEC 27001:2013
estabilishing, implementing, maintaining & improving info sec managamenet system.

Diffrent type of use :

- Sec requirements & objectives
- Risk = cost-effectively managed
- Ensure compliance with laws and regulations
- Definition of InfoSec Management Process
- Identification of InfoSec Management Process
- Status of InfoSec Management activities
- Implement business enabling infosec
- Provide info about infosec

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA’s admin state & rule :

- Electronic Transaction and Code set Standards
Use health care transactions,code & identifier.\

- Privacy Rule
Provide federal protections for the personal health information.

- Security Rule
ensure infosec elements & protect e-info

- National Identifier Requirements
Standard Transactions

- Enforcement Rule
Administrator Simplification Rule

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

Jovan
Jovan

Written by Jovan

10 Followers
15 Following

Security Nerd | CSA | ECIH | eWPT | More info about me : https://ener1-s3c.github.io/me/

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams