Ethical Hacking Flashcards
What is Ethical Hacking?
An authorised attempt to gain unauthorised access to a computer system, application or data.
What does the term “Cracker” Mean?
A hacker who uses their skills and toolset for destructive or offensive purposes.
What is the purpose of a security professional?
To test their network and systems security for vulnerabilities using the same tools that may be used against them in an offensive attack.
What is a White Hat Hacker?
An ethical hacker is a security expert employed by a company to carryout penetration testing without malicious intent.
What is a Grey Hat Hacker?
A blend of both black hat and white hat hacking. Their intention is not inherently malicious.
What is a Black Hat Hacker?
Unethical hackers who break into computer networks with malicious intent.
What are the Phases of ethical hacking?
1- Reconnaissance
2- Scanning
3- Gaining Access
4- Maintaining Access
5- Covering Tracks
What is Cyber Resilience?
How quickly and efficiently a person or company can recover from a cyber attack.
What are the elements of security?
1- Confidentiality (Inception - unauthorised access).
2- Integrity (Modification of data).
3- Availability (Interpretation of service).
What is reconnaissance?
The act of gathering preliminary data or intelligence on a specific target.
What is active reconnaissance?
In active recon the hacker engages directly with the target.
What is passive reconnaissance?
Non direct engagement with the target recon is preformed through an intermediary.
What are the reasons for hacking?
1- Sabotage - DOS/DDOS.
2- Fraud/Forgery - Financial theft, extortion/sextortion.
3- Hacktivist - Socially/ Politically motivated crime.
4- Publicity - To publicly demonstrate hacking skills by exposing security vulnerabilities
5- Curiosity - To uncover secret
government/organisational knowledge.
What are the different types of cyber attacks?
1- Buffer overflow.
2- Denial of service/distributed denial of service
(DOS/DDOS).
3- Brute force password attacks.
4- Back doors and trojans.
5- Man in the middle.
6- Rogue access point.
7- VLAN hopping.
8- Social engineering.What are the Computer Misuse Act fundamentals?
1- Unauthorised access to computer material.
2- Access to computer material with malicious intent.
3- Intent to impair computer operations.
4- Hacking and spreading viruses.
5- Only when you delete, move or copy a file have you committed an offence.
6- Obtaining details through criminal means.
What is Tailgating/Piggybacking?
The process of following an employee into a building to surpass any security the organisation may have to control access.
What is Baiting?
To exploit the greed or curiosity of an employee by planting usb devices pre-loaded with malware.
What is Spear Phishing?
Targets message based characteristics of the job positions or the contacts of a victim.
What is Whaling/CEO fraud?
Targeting high level decision makers within an organisation such as CEOS/CFOS.
What are the different types of Scanning ports?
1- ICMP: Internet control message protocol.
Uses ping sweeping to identify active IP
addresses.
2- TCP: Transmission control protocol
Used by networked computers to
communicate.
3- UDP: User Datagram Protocol.
Sends packets to UDP ports, one-way, no
response necessary.
4- SYN:
Searches for open ports, but does not
complete the handshake. The port
acknowledges packet, then forgets it received
it.
5- ACK:
This is a flag used to acknowledge packets
have been received.
6- FIN:
The FIN flag closes a connection to a port after the
packet has been received.
7- Telnet:
Telnet is used to establish a remote login connect on another computer.
8- SSH:
SSH is a linux equivalent of a telnet designed for remote log in via a secure channel.
What is stack finger printing?
scanning the target network so, the final foot printing step can be preformed.
What are the two primary methods of finger printing?
1- Banner grabbing.
2- Active stack fingerprinting.
What is DNS Enumeration?
The process of locating all DNS servers and their corresponding records for an organisation.
