EH-01-P1: Introduction

Question 1

Types of Hackers

Answer 1

Ethical, Unethical, Gray Hats

Question 2

What do Hackers do?

Answer 2

1. Alter Functionality,
2. Take Advantage,
3. Security Professionals must remain up-to-date.

Question 3

Hacker Teams

Answer 3

1. Red Team
2. Blue Team
3. Purple Team

Question 4

Hacker Attack Maps

Answer 4

1. Check Point
2. Fortinet
3. Talos Intelligence

Question 5

Certifications

Answer 5

1. CEH = Certified Ethical Hacker
2. OSCP = Offensive Security Certified Professional
3. OSWE = Offensive Security Web Expert
4. CISA = Cybersecurity and Infrastructure Security Agency
5. CISM = Certified Information Security Manager
6. CISSP = Certified Information Systems Security Professional

Question 6

Ethics: Penetration Testers

Answer 6

1. Principle : Get Permission
2. Integrity : Signing Non-disclosure agreements
3. Legal Awareness: Laws
4. Professionalism : Ethical and Professional Integrity
5. Responsibilities: No malicious activity

Question 7

Malware

Answer 7

Malicious Software to do:

1. Damage
2. Spy
3. Steal Information

Question 8

Malware Types

Answer 8

1. Virus : Replicates when executed
2. Ransomware : encrypts data until ransom is paid
3. Trojan Horse : Malware hidden in legitimate files
4. Worm : Self-replicating
5. Botnet : Zombie Network for DDoS

Question 9

Cyberattack Cycle
aka
Kill Chain

Answer 9

1. Reconnaissance: Check for vulnerabilities
2. Weaponization: Create payload
3. Delivery:
4. Exploit : Execute malware
5. Command and Control: Gain System access.

Question 10

Famous Cyber Attacks

Answer 10

1. Stuxnet worm : Iran’s Nuclear Program
2. Playstation : SQLi
3. WannaCry via EternalBlue(NSA)

Question 11

Unique Zero-Day Vulnerability

Answer 11

Newly Discovered vulnerability

Question 12

WannaCry Attack Chain

Answer 12

1. EternalBlue via SMB
2. WannaCry tries to connect to attacker C&C
3. Encrypted Personal Files