Ethical Hacking Flashcards
What is the Computer Misuse Act?
It states that unethical hacking is against the law which includes unauthorized access to computer material, intent to commit or facilitate a crime, or modification of computer material.
What is the key point of the Computer Misuse Act?
Unauthorized is the keyword.
What are the types of hackers?
- Whitehat: authorized to conduct hacking, uses skills to help, hack as a job to secure system and provide insights.
- Blackhat: hack without authorization, uses skills to steal, damage and destroy for personal gain.
- Greyhat: sometimes good, sometimes bad - methods may cross legal and ethical boundaries, transfers knowledge to system owners or other blackhats.
What is leetspeak?
For coded communication, avoid detection by search engine, creates stronger password.
What are the two types of pen testing?
Blackbox & Whitebox
What is black box pentesting?
- Hackers attack covertly.
- No prior knowledge of system.
- Employees are tested.
What is white box pentesting?
- Aims to be thorough
- All aspects of system is known, attacks are not covert.
- Detailed information about target is known.
What are the typical pentesting activities?
- Reconaissance
- Scanning / Enumeration
- Exploitation / Gaining Access
- Post-Exploit / Maintaining Access
- Covering Tracks
What are some tools for reconnaissance?
- Google dorks
- WHOIS Lookup
- DNS Lookup
- HTTrack
- Tracert
What are some tools for scanning?
- Pings
- Port Scanning (Zenmap)
- Nmap Scripting Engine
- Test default passwords on remote access
What are some tools for exploiting?
- Cain & Abel
- Wireshark
- Metasploit
What are some tools for maintaining access?
- Backdoors (Remote Administration Tools)
What to do to cover tracks?
- Hide payload files
- Delete logs
- Install rootkits
What is a pen test report?
Contains:
- Pentest scope & objective
- Records of findings
- Specific advice on how to close vulns
- Steps to be followed
delivered directly to an officer of the organisation
