Académique Documents
Professionnel Documents
Culture Documents
This course is mapped to the popular Ethical Hacking and Prevention course from the US-Council (www.us-
council.com). Zoom Technologies are the official training partners of US-Council.
This course is meant for those professionals who are looking for comprehensive and total knowledge in the network
security domain. This is the only course which teaches both hacking and countermeasure techniques. And in keeping
with Zoom's standards, this course is entirely hands on and real time oriented. And need we say, the instructors are
network security and intrusion specialists with several years of experience.
Brief Overview:
Introduction to Ethical Hacking
Footprinting, Scanning, and Enumeration
Hacking Web servers and Web applications
DoS, SQL injection, Buffer overflow attacks
Cryptography
Wireless hacking
Linux Hacking
Phishing
Prevention
FootPrinting
What is FootPrinting
Objectives of FootPrinting
Finding a company's details
Finding a company's domain name
Finding a company's Internal URLs
Finding a company's Public and Restricted URLs
Finding a company's Server details
Finding the details of domain registration
Finding the range of IP Address
Finding the DNS information
Finding the services running on the server
Finding the location of servers
Traceroute analysis
Tracking e-mail communications
Scanning
What is network scanning
Objectives of network scanning
Finding the live hosts in a network
SNMP Enumeration
SMTP Enumeration
DNS Enumeration
Finding open ports on a server
Finding the services on a server
OS fingerprinting
Server Banner grabbing tools
What is a Vulnerability Scanning
Vulnerability Scanner tools
Finding more details about a vulnerability
What is a proxy server
How does proxy server work
Types of proxy servers
How to find proxy servers
Why do hackers use proxy servers
What is a TOR network
Why hackers prefer to use TOR networks
Session Hijacking
What is session hijacking
Dangers of session hijacking attacks
Session hijacking techniques
Cross-Site scripting attack
Session hijacking tools
How to defend against session hijacking
SQL Injection
What is SQL Injection
Effects of SQL Injection attacks
Types of SQL Injection attacks
SQL Injection detection tools
Buffer Overflow
What is a buffer
Understanding usage of buffers in applications
What is buffer overflow
Simple buffer overflow in C programming
How to detect a buffer overflow
How to defend against buffer overflow attacks
Denial of Service
What is a DoS attack
What is a DDoS attack
Symptoms of a Dos attack
DoS attack techniques
What is a Botnet
Defending DoS attacks
Cryptography
What is Cryptography
Types of cryptography
Cipher algorithms
Public key infrastructure
What is a Hash
Cryptography attacks
System Hacking
What is system Hacking
Goals of System Hacking
Password Cracking
Password complexity
Finding the default passwords of network devices and softwares
Password cracking methods
o Online password cracking
Man-in-the-middle attack
Password guessing
o Offline password cracking
Brute force cracking
Dictionary based cracking
Hybrid attack
USB password stealers
Elcomsoft Distributed password recovery tools
Active password changer
What is a keylogger
How to deploy a keylogger to a remote pc
How to defend against a keylogger
Sniffers
What is a sniffer
How sniffer works
Types of sniffing
o Active sniffing
o Passive Sniffing
What is promiscuous mode
How to put a PC into promiscuous mode
What is ARP
ARP poison attack
Threats of ARP poison attack
How MAC spoofing works
MAC Flooding
What is a CAM Table
How to defend against MAC Spoofing attacks
How to defend against Sniffers in network
Phishing
What is Phishing
How Phishing website is hosted
How victims are tricked to access Phishing websites
How to differentiate a Phishing webpage from the original webpage
How to defend against Phishing attacks
Malware
What is malware
Types of malware
o Virus
What is a virus program
What are the properties of a virus program
How does a computer get infected by virus
Types of virus
Virus making tools
How to defend against virus attacks
o Worm
What is a worm program
How worms are different from virus
Trojan
What is a Trojan horse
How does a Trojan operate
Types of Trojans
Identifying Trojan infections
How to defend against Trojans
o Spyware
What is a spyware
Types of spywares
How to defend against spyware
Rootkits
What is a Rootkit
Types of Rootkits
How does Rootkit operate
How to defend against Rootkits
Wireless Hacking
Types of wireless networks
Wi-Fi usage statistics
Finding a Wi-Fi network
Types of Wi-Fi authentications
o Using a centralized authentication server
o Using local authentication
Types of Wi-Fi encryption methods
o WEP
o WPA
o WPA2
How does WEP work
Weakness of WEP encryption
How does WPA work
How does WPA2 work
Hardware and software required to crack Wi-Fi networks
How to crack WEP encryption
How to crack WPA encryption
How to crack WPA2 encryption
How to defend against Wi-Fi cracking attacks
Kali Linux
What is Kali Linux
How Kali Linux is different from other Linux distributions
What are the uses of Kali Linux
Tools for Footprinting, Scanning & Sniffing
What is Metasploit framework
Using Metasploit framework to attack Wiindows machines
Using Metasploit framework to attack Android devices
Penetration Testing
What is Penetration Testing
Types of Penetration Testing
What is to be tested
o Testing the network devices for mis-configuration
o Testing the servers and hosting applications for mis-configuration
o Testing the servers and hosting applications for vulnerabilities
o Testing wireless networks
o Testing for Denial of Service attacks
Following are frequently asked questions in interviews for freshers as well as experienced
cyber security certification candidates.
1) What is cybersecurity?
Cybersecurity refers to the protection of hardware, software, and data from attackers. The
primary purpose of cyber security is to protect against cyberattacks like accessing,
changing, or destroying sensitive information.
Information security
Network security
Operational security
Application security
End-user education
Business continuity planning
4) Define Cryptography.
Intrusion Detection System (IDS) detects intrusions. The administrator has to be careful
while preventing the intrusion. In the Intrusion Prevention System (IPS), the system finds
the intrusion and prevent it.
6) What is CIA?
7) What is a Firewall?
It is a security system designed for the network. A firewall is set on the boundaries of any
system or network which monitors and controls network traffic. Firewalls are mostly used to
protect the system or network from malware, worms, and viruses. Firewalls can also
prevent content filtering and remote access.
8) Explain Traceroute
It is a tool that shows the packet path. It lists all the points that the packet passes through.
Traceroute is used mostly when the packet does not reach the destination. Traceroute is
used to check where the connection breaks or stops or to identify the failure.
9) Differentiate between HIDS and NIDS.
Usage HIDS is used to detect the intrusions. NIDS is used for the netwo
What does it do? It monitors suspicious system activities and traffic of a specific device. It monitors the traffic of a
SSL stands for Secure Sockets Layer. It is a technology creating encrypted connections
between a web server and a web browser. It is used to protect the information in online
transactions and digital payments to maintain data privacy.
Data leakage is an unauthorized transfer of data to the outside world. Data leakage occurs
via email, optical media, laptops, and USB keys.
It is a trial-and-error method to find out the right password or PIN. Hackers repetitively try all
the combinations of credentials. In many cases, brute force attacks are automated where
the software automatically works to login with credentials. There are ways to prevent Brute
Force attacks. They are:
Setting password length.
Increase password complexity.
Set limit on login failures.
It is the technique for identifying open ports and service available on a specific host.
Hackers use port scanning technique to find information for malicious purposes.
1. Physical Layer
2. Data Link Layer
3. Network Layer
4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer
VPN stands for Virtual Private Network. It is a network connection method for creating an
encrypted and safe connection. This method protects data from interference, snooping,
censorship.
Black hat hackers are people who have a good knowledge of breaching network security.
These hackers can generate malware for personal financial gain or other malicious reasons.
They break into a secure network to modify, steal, or destroy data so that the network can
not be used by authorized network users.
White hat hackers or security specialist are specialized in penetration testing. They protect
the information system of an organization.
Grey hat hackers are computer hacker who sometimes violate ethical standards, but they
do not have malicious intent.
There are various ways to reset BIOS password. Some of them are as follows:
Remove CMOS battery.
By utilizing the software.
By utilizing a motherboard jumper.
By utilizing MS-DOS.
It is a protocol used for finding MAC address associated with IPv4 address. This protocol
work as an interface between the OSI network and OSI link layer.
It's a number of internet-connected devices like servers, mobile devices, IoT devices, and
PCs that are infected and controlled by malware.
The main difference between these two is that SSL verifies the identity of the sender. SSL
helps you to track the person you are communicating to. TLS offers a secure channel
between two clients.
TFA stands for Two Factor Authentication. It is a security process to identify the person who
is accessing an online account. The user is granted access only after presenting evidence
to the authentication device.
Symmetric encryption requires the same key for encryption and decryption. On the other
hand, asymmetric encryption needs different keys for encryption and decryption.
A Hacker is a person who finds and exploits the weakness in computer systems,
smartphones, tablets, or networks to gain access. Hackers are well experienced computer
programmers with knowledge of computer security.
Network sniffing is a tool used for analyzing data packets sent over a network. This can be
done by the specialized software program or hardware equipment. Sniffing can be used to:
Yong domains are easily infected with malicious software. You need to use DNS monitoring
tools to identify malware.
Salting is that process to extend the length of passwords by using special characters. To
use salting, it is very important to know the entire mechanism of salting. The use of salting
is to safeguard passwords. It also prevents attackers testing known words across the
system.
SSH stands for Secure Socket Shell or Secure Shell. It is a utility suite that provides system
administrators secure way to access the data on a network.
Black box testing: It is a software testing method in which the internal structure or
program code is hidden.
White box testing: A software testing method in which internal structure or program
is known by tester.
Vulnerabilities refer to the weak point in software code which can be exploited by a threat
actor. They are most commonly found in an application like SaaS (Software as a service)
software.
It is a process used in a network to make a connection between a local host and server.
This method requires the client and server to negotiate synchronization and
acknowledgment packets before starting communication.
39) Define the term residual risk. What are three ways to deal with risk?
It is a threat that balances risk exposure after finding and eliminating threats.
1. Reduce it
2. Avoid it
3. Accept it.
Data exfiltration refers to the unauthorized transfer of data from a computer system. This
transmission may be manual and carried out by anyone having physical access to a
computer.
Following are the common cyber-attacks which can be used by hackers to damage network:
Malware
Phishing
Password attacks
DDoS
Man in the middle
Drive-by downloads
Malvertising
Rogue software
In order to authenticate users, they have to provide their identity. The ID and Key can be
used to confirm the user's identity. This is an ideal way how the system should authorize the
user.
Cross-site scripting refers to a network security vulnerability in which malicious scripts are
injected into websites. This attack occurs when attackers allow an untrusted source to inject
code into a web application.
46) Name the protocol that broadcast the information across all the devices.
Use cipher algorithm to protect email, credit card information, and corporate data.
Public Wi-Fi has many security issues. Wi-Fi attacks include karma attack, sniffing, war-
driving, brute force attack, etc.
Public Wi-Fi may identify data that is passed through a network device like emails, browsing
history, passwords, and credit card data.
Data encryption is a technique in which the sender converts the message into a code. It
allows only authorized user to gain access.
50) Explain the main difference between Diffie-Hellman and RSA.
Diffie-Hellman is a protocol used while exchanging key between two parties while RSA is an
algorithm that works on the basis two keys called private and public key.
Remote Desktop Protocol (RDP) is developed by Microsoft, which provides GUI to connect
two devices over a network.
The user uses RDP client software to serve this purpose while other device must run RDP
server software. This protocol is specifically designed for remote management and to
access virtual PCs, applications, and terminal server.
Forward Secrecy is a security measure that ensures the integrity of unique session key in
event that long term key is compromised.
IV stands for the initial vector is an arbitrary number that is used to ensures that identical
text encrypted to different ciphertexts. Encryption program uses this number only once per
session.
54) Explain the difference between stream cipher and block cipher.
How does it work? Stream cipher operates on small plaintext units Block cipher works on large da
Usage Stream cipher is used to implement hardware. Block cipher is used to implem
The full form of ECB is Electronic Codebook, and the full form of CBC is Cipher Block
Chaining.
Buffer overflow attack is an attack that takes advantage of a process that attempts to write
more data to a fixed-length memory block.
Spyware is a malware that aims to steal data about the organization or person. This
malware can damage the organization's computer system.
SRM stands for Security Reference Monitor provides routines for computer drivers to grant
access rights to object.
A virus is a malicious software that is executed without the user's consent. Viruses can
consume computer resources, such as CPU time and memory. Sometimes, the virus makes
changes in other computer programs and insert its own code to harm the computer system.
Ethical hacking is a method to improve the security of a network. In this method, hackers fix
vulnerabilities and weakness of computer or network. Ethical hackers use software tools to
secure the system.
Social engineering is the term used to convince people to reveal confidential information.
There are mainly three types of social engineering attacks: 1) Human-based, 2) Mobile-
based, and 3) Computer-based.
Human-based attack: They may pretend like a genuine user who requests higher
authority to reveal private and confidential information of the organization.
Computer-based attack: In this attack, attackers send fake emails to harm the
computer. They ask people to forward such email.
Mobile-based attack: Attacker may send SMS to others and collect important
information. If any user downloads a malicious app, then it can be misused to access
authentication information.
IP Address is the acronym for Internet Protocol address. An internet protocol address is
used to uniquely identify a computer or device such as printers, storage disks on a
computer network.
MAC Address is the acronym for Media Access Control address. MAC addresses are used
to uniquely identify network interfaces for communication at the physical layer of the
network.
69) What do you mean by a worm?
Tcpdump
Kismet
Wireshark
NetworkMiner
Dsniff
Antivirus is software tool that is used to identify, prevent, or remove the viruses present in
the computer. They perform system checks and increase the security of the computer
regularly.
Protocol Sniffing
Web password sniffing
Application-level sniffing
TCP Session stealing
LAN Sniffing
ARP Sniffing
It is an attack in which multiple computers attack website, server, or any network resource.
TCP session hijacking is the misuse of a valid computer session. IP spoofing is the most
common method of session hijacking. In this method, attackers use IP packets to insert a
command between two nodes of the network.
Hacking Tools are computer programs and scripts that help you find and exploit
weaknesses in computer systems, web applications, servers, and networks. There are
varieties of such tools available on the market. Some of them are open source, while others
are a commercial solution.
Honeypot is a decoy computer system which records all the transactions, interactions, and
actions with users.
RSA
Twofish
AES
Triple DES
It is not right to send login credentials through email because if you send someone userid
and password in the mail, chances of email attacks are high.
This rule is based on the percentage of network traffic, in which 80% of all network traffic
should remain local while the rest of the traffic should be routed towards a permanent VPN.
Aircrack
WebDecrypt
Kismet
WEPCrack
Security auditing is an internal inspection of applications and operating systems for security
flaws. An audit can also be done via line by line inspection of code.
It is a technique used to obtain a username, password, and credit card details from other
users.
Nano encryption is a research area which provides robust security to computers and
prevents them from hacking.
Security Testing is defined as a type of Software Testing that ensures software systems and
applications are free from any vulnerabilities, threats, risks that may cause a big loss.
Security scanning involves identifying network and system weaknesses and later provides
solutions for reducing these risks. This scanning can be performed for both Manual as well
as Automated scanning.
Acunetix
WebInspect
Probably
Netsparker
Angry IP scanner:
Burp Suite
Savvius
Financial sectors like stock trading exchanges, investment banking, want their data
to be secured, and penetration testing is essential to ensure security.
In case if the software system is already hacked and the organization would like to
determine whether any threats are still present in the system to avoid future hacks.
Security threat is defined as a risk which can steal confidential data and harm computer
systems as well as organization.
A physical threat is a potential cause of an incident that may result in loss or physical
damage to the computer systems.
98) List security vulnerabilities as per Open Web Application Security Project
(OWASP).
Security vulnerabilities as per open web application security project are as follows:
SQL Injection
Cross-site request forgery
Insecure cryptographic storage
Broken authentication and session management
Insufficient transport layer protection
Unvalidated redirects and forwards
Failure to restrict URL access
An access token is a credential which is used by the system to check whether the API
should be granted to a particular object or not.
ARP poisoning is sending fake addresses to the switch so that it can associate the fake
addresses with the IP address of a genuine computer on a network and hijack the traffic.
Trojans
Adware
Worms
Spyware
Denial of Service Attacks
Distributed Denial of Service Attacks
Virus
Key loggers
Unauthorized access to computer systems resources
Phishing
102) Explain the sequence of a TCP connection.
Hybrid attack is a blend of dictionary method and brute force attack. This attack is used to
crack passwords by making a change of a dictionary word with symbols and numbers.
Nmap is a tool which is used for finding networks and in security auditing.
EtterPeak is a network analysis tool that is used for sniffing packets of network traffic.
There are two types of cyberattacks: 1) Web-based attacks, 2) System based attacks.
Some web-based attacks are: 1) SQL Injection attacks, 2) Phishing, 3) Brute Force, 4) DNS
Spoofing, 4) Denial of Service, and 5) Dictionary attacks.
Virus
Backdoors
Bots
Worm
There are four types of cyber attackers. They are: 1) cybercriminals, 2) hacktivists, 3)
insider threats, 4) state-sponsored attackers.
They are threats that are accidently done by organization employees. In these threats, an
employee unintentionally deletes any file or share confidential data with outsiders or a
business partner going beyond the policy of the company.