Module 02

Ethical Hacking Fundamentals

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Module Objectives
1
Creative idea
Understanding the Cyber Kill Chain Methodology

Understanding Tactics, Techniques, and Procedures

2
(TTPs)

3 Overview of Indicators of Compromise (IoCs)

4 Overview of Hacking Concepts and Hacker Classes

5 Understanding Different Phases of Hacking Cycle

6 Understanding Ethical Hacking Concepts and Its Scope

7 Overview of Ethical Hacking Tools

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Module Flow
3

Understand Different 4 5
Phases of Hacking
2 Cycle
Discuss Ethical Hacking
Concepts, Scope, and Ethical
Discuss Hacking Hacking Tools
1 Concepts and Hacker
Limitations
Classes

Understand Cyber
Kill Chain
Methodology

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Cyber Kill Chain Methodology
 The cyber kill chain methodology is a component of intelligence-driven defense for the identification and
prevention of malicious intrusion activities
 It helps security professionals to understand the adversary’s tactics, techniques, and procedures beforehand

Create a deliverable Exploit a vulnerability Create a command and control

malicious payload using by executing code on channel to communicate and
an exploit and a backdoor the victim’s system pass data back and forth
Weaponization Exploitation Command and Control

Reconnaissance Delivery Installation Actions on Objectives

Gather data on the target Send weaponized bundle to the Install malware on Perform actions to achieve
to probe for weak points victim using email, USB, etc. the target system intended objectives/goals

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Tactics, Techniques, and Procedures (TTPs)

The term Tactics, Techniques,

and Procedures (TTPs) refers to the
patterns of activities and methods
associated with specific threat actors
or groups of threat actors

Tactics
“Tactics” are the guidelines that describe the way an attacker performs the attack from beginning to the end

Techniques
“Techniques” are the technical methods used by an attacker to achieve intermediate results during the attack

Procedures
“Procedures” are organizational approaches that threat actors follow to launch an attack
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
 Adversary Behavioral Identification
 Adversary behavioral identification involves the identification of the common methods or techniques
followed by an adversary to launch attacks on or to penetrate an organization’s network
 It gives the security professionals insight into upcoming threats and exploits

Adversary Behaviors

Internal Reconnaissance Use of Command-Line Interface Use of DNS Tunneling

Use of PowerShell HTTP User Agent Use of Web Shell

Unspecified Proxy Activities Command and Control Server Data Staging

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Indicators of
Compromise (IoCs)

Indicators of Compromise (IoCs) are the clues, artifacts,

and pieces of forensic data found on the network or
01 operating system of an organization that indicate a
potential intrusion or malicious activity in the
organization’s infrastructure

IoCs act as a good source of information regarding the

02 threats that serve as data points in the intelligence
process

Security professionals need to perform continuous

03 monitoring of IoCs to effectively and efficiently detect
and respond to evolving cyber threats

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Categories of Indicators of
Compromise
Understanding IoCs helps security professionals to quickly detect the threats against the organization
and protect the organization from evolving threats
For this purpose, IoCs are divided into four
categories:

Email Indicators Network Indicators Host-Based Indicators Behavioral Indicators

 Used to send malicious  Useful for command and  Found by performing an  Used to identify specific
data to the target control, malware delivery, analysis of the infected behavior related to
organization or individual identifying the operating system within the malicious activities
system, and other tasks organizational network
 Examples include the  Examples include document
sender’s email address,  Examples include URLs,  Examples include filenames, executing PowerShell script,
email subject, and domain names, and IP file hashes, registry keys, and remote command
attachments or links addresses DLLs, and mutex execution

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Module Flow
3

Understand Different 4 5
Phases of Hacking
2 Cycle
Discuss Ethical Hacking
Concepts, Scope, and Ethical
Discuss Hacking Hacking Tools
1 Concepts and Hacker
Limitations
Classes

Understand Cyber
Kill Chain
Methodology

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 What is Hacking?

Hacking refers to exploiting It involves modifying Hacking can be used to

system vulnerabilities and system or application steal and redistribute
compromising security features to achieve a goal intellectual property,
controls to gain unauthorized outside of the creator’s leading to business loss
or inappropriate access to a original purpose
system’s resources

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Who is a Hacker?

An intelligent individual with For some hackers, hacking is a

excellent computer skills who 0 hobby to see how many
01 can create and explore computer computers or networks they
2
software and hardware can compromise

Some hackers’ intentions can Some hack with malicious intent such as to
either be to gain knowledge steal business data, credit card information,
03 or to probe and do illegal social security numbers, email passwords,
things and other sensitive data

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Hacker Classes/Threat
Actors

Black White Suicide Script

Gray Hats
Hats Hats Hackers Kiddies

Individuals with Individuals who Individuals who Individuals who An unskilled

extraordinary use their work both aim to bring hacker who
computing professed offensively and down the critical compromises a
skills; they hacking skills defensively at infrastructure for system by
resort to for defensive various times a "cause" and running scripts,
malicious or purposes and are not worried tools, and
destructive are also known about facing jail software that
activities and as security terms or any were developed
are also known analysts other kind of by real hackers
as crackers punishment

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

Hacker Classes/Threat Actors (Cont’d)

Individuals with a wide range of skills who are motivated by religious

Cyber Terrorists or political beliefs to create the fear through the large-scale
disruption of computer networks

State- Individuals employed by the government to penetrate and gain top-

Sponsored secret information from, and damage the information systems of
Hackers other governments

Hacktivist Individuals who promote a political agenda by hacking, especially

by using hacking to deface or disable website

A consortium of skilled hackers having their own resources and

Hacker Teams funding. They work together in synergy for researching the state-of-
the-art technologies

Individuals who perform corporate espionage by illegally spying on

Industrial Spies competitor organizations and focus on stealing information such as
blueprints and formulas
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
 Hacker Classes/Threat Actors
(Cont’d)

Insider Criminal Syndicates Organized Hackers

Any employee (trusted person) who Groups of individuals that are Miscreants or hardened
has access to critical assets of an involved in organized, planned, criminals who use rented
organization. They use privileged and prolonged criminal activities. devices or botnets to perform
access to violate rules or They illegally embezzle money by various cyber-attacks to pilfer
intentionally cause harm to the performing sophisticated cyber- money from victims
organization’s information system attacks

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Module Flow
3

Understand Different 4 5
Phases of Hacking
2 Cycle
Discuss Ethical Hacking
Concepts, Scope, and Ethical
Discuss Hacking Hacking Tools
1 Concepts and Hacker
Limitations
Classes

Understand Cyber
Kill Chain
Methodology

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Hacking Phase: Reconnaissance
 Reconnaissance refers to the preparatory phase
where an attacker seeks to gather information
about a target prior to launching an attack

Reconnaissance Types

Passive Reconnaissance Active Reconnaissance

 Involves acquiring information  Involves directly interacting
without directly interacting with the target by any means
with the target
 For example, telephone calls
 For example, searching public to the target’s help desk or
records or news releases technical department

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Hacking Phase: Scanning
Scanning refers to the pre-attack phase when the attacker scans the network for specific information
based on information gathered during reconnaissance

Scanning can include the use of dialers, port scanners, network mappers, ping tools, and vulnerability
scanners

Attackers extract information such as live machines, port, port status, OS details, device type, and
system uptime to launch attack

Sends
TCP/IP probes
Network
Scanning Gets network
Process information
Attacker Network

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Hacking Phase: Gaining Access

01
Gaining access refers to the 03
point where the attacker The attacker can escalate
obtains access to the operating privileges to obtain
system or applications on the complete control of the
target computer or network system

04
02 Examples include password
The attacker can gain access cracking, buffer overflows,
at the operating system, denial of service, and
application, or network session hijacking
levels

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Hacking Phase: Maintaining Access

Maintaining access refers to the phase when the attacker tries

to retain their ownership of the system 1
Attackers may prevent the system from being owned by other
attackers by securing their exclusive access with backdoors,
rootkits, or Trojans
2
Attackers can upload, download, or manipulate data,
applications, and configurations on the owned system 3
Attackers use the compromised system to launch further attacks
4
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
 Hacking Phase: Clearing Tracks

01 Clearing tracks refers to the activities carried out by an

attacker to hide malicious acts

The attacker’s intentions include obtaining continuing

02 access to the victim’s system, remaining unnoticed and

uncaught, and deleting evidence that might lead to their
prosecution

03 The attacker overwrites the server, system, and

application logs to avoid suspicion

Attackers always cover their tracks to hide their identity

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Module Flow
3

Understand Different 4 5
Phases of Hacking
2 Cycle
Discuss Ethical Hacking
Concepts, Scope, and Ethical
Discuss Hacking Hacking Tools
1 Concepts and Hacker
Limitations
Classes

Understand Cyber
Kill Chain
Methodology

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

What is
Ethical
Hacking?

Ethical hacking It focuses on simulating Ethical hackers

involves the use of the techniques used by perform security
hacking tools, tricks, attackers to verify the assessments for an
and techniques to existence of exploitable organization with the
identify vulnerabilities vulnerabilities in a permission of
and ensure system system’s security concerned authorities
security

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Why Ethical Hacking is
Necessary
To beat a hacker, you need to think like
one!
Ethical hacking is necessary as it allows for counter attacks against malicious hackers through anticipating
the methods used to break into the system

Reasons why organizations recruit ethical hackers

To prevent hackers from gaining access To provide adequate preventive measures

to the organization’s information systems in order to avoid security breaches

To uncover vulnerabilities in systems and

To help safeguard customer data
explore their potential as a security risk

To analyze and strengthen an organization’s To enhance security awareness at all

security posture levels in a business

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

Why Ethical Hacking is Necessary
(Cont’d)
Ethical Hackers Try to Answer the Following
Questions

1 2 3
What can an intruder What can an intruder Does anyone at the
see on the target do with that target organization
system? information? (Gaining notice the intruders’
(Reconnaissance and Access and attempts or successes?
Scanning phases) Maintaining Access (Reconnaissance and
phases) Covering Tracks
phases)

4 5 6
Are all components of How much time, Are the information
the information effort, and money are security measures in
system adequately required to obtain compliance with legal
protected, updated, adequate protection? and industry
and patched? standards?
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Scope and Limitations of Ethical
Hacking

Scope Limitations
 Ethical hacking is a crucial  Unless the businesses already know
component of risk assessment, what they are looking for and why
auditing, counter fraud, and they are hiring an outside vendor
information systems security best to hack systems in the first place,
practices chances are there would not be
much to gain from the experience
 It is used to identify risks and
highlight remedial actions. It also  An ethical hacker can only help the
reduces ICT costs by resolving organization to better understand its
vulnerabilities security system; it is up to the
organization to place the right
safeguards on the network

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Skills of an Ethical Hacker
Technical Skills Non-Technical Skills

In-depth knowledge of major The ability to learn and adopt new

operating environments such as technologies quickly
Windows, Unix, Linux, and Macintosh
Strong work ethics and good problem
In-depth knowledge of networking solving and communication skills
concepts, technologies, and related
Committed to the organization’s security
hardware and software
policies
A computer expert adept at technical
An awareness of local standards and laws
domains
Knowledgeable about security areas
and related issues
“High technical” knowledge for
launching sophisticated attacks

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Module Flow
3

Understand Different 4 5
Phases of Hacking
2 Cycle
Discuss Ethical Hacking
Concepts, Scope, and Ethical
Discuss Hacking Hacking Tools
1 Concepts and Hacker
Limitations
Classes

Understand Cyber
Kill Chain
Methodology

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

Reconnaissance Using
Advanced Google Hacking
Techniques
Google hacking refers to the use of advanced Google search
operators for creating complex search queries to extract sensitive
or hidden information that helps attackers find vulnerable targets

Popular Google advanced search operators

Search operators Description

[cache:] Displays the web pages stored in the Google cache
[link:] Lists web pages that have links to the specified web page
[related:] Lists web pages that are similar to the specified web page
[info:] Presents some information that Google has about a particular web page
[site:] Restricts the results to those websites in the given domain
[allintitle:] Restricts the results to those websites containing all the search keywords in the title
[intitle:] Restricts the results to documents containing the search keyword in the title
[allinurl:] Restricts the results to those containing all the search keywords in the URL
[inurl:] Restricts the results to documents containing the search keyword in the URL
[location:] Finds information for a specific location

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Reconnaissance
Tools
Web Data It extracts targeted contact data (email, phone, and fax)
Extractor from the website, extracts the URL and meta tags (title,
description, keyword) for website promotion, and so on

http://www.webextractor.com https://whois.domaintools.com

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

Reconnaissance Tools (Cont’d)
IMCP Traceroute TCP Traceroute

UDP Traceroute

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Scanning Tools
MegaPing

Includes scanners such as Comprehensive Security Scanner, Port

Nmap scanner (TCP and UDP ports), IP scanner, NetBIOS scanner, and
Use Nmap to extract information such as live hosts on Share Scanner
the network, open ports, services (application name and
version), types of packet filters/ firewalls, as well as
operating systems and versions used

https://nmap.org http://www.magnetosoft.com

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Scanning Tools (Cont’d)
Unicornscan
In Unicornscan, the OS of the target machine can be identified Hping2/Hping3
http://www.hping.org
by observing the TTL values in the acquired scan result

NetScanTools Pro
https://www.netscantools.com

SolarWinds Port Scanner

https://www.solarwinds.com

PRTG Network Monitor

https://www.paessler.com

Possible OS is Windows OmniPeek Network Protocol Analyzer

https://www.liveaction.com
https://sourceforge.net

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Enumeration Tools
NetBIOS Enumerator helps to enumerate Other NetBIOS
NetBIOS Enumeration
details, such as NetBIOS names, Usernames,
Enumerat Tools:
Domain names, and MAC addresses, for a
or given range of IP addresses
The nbtstat utility in Windows displays Global Network
NetBIOS over TCP/IP (NetBT) protocol Inventory
Nbtstat
statistics, NetBIOS name tables for http://www.magnetosoft.com
Utility both the local and remote computers,
and the NetBIOS name cache
Attackers specify an IP range to
enumerate NetBIOS information Advanced IP
Scanner
https://www.advanced-
ip-scanner.com

Hyena
https://www.systemtools.com
Obtain information, such
as NetBIOS names,
usernames, domain
names, and MAC
addresses Nsauditor Network
Security Auditor
https://www.nsauditor.com

http://nbtenum.sourceforge.net

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.

 Module Summary

It has discussed ethical hacking

This module has discussed the
concepts such as its scope and
1 cyber kill chain methodology, 4 limitations and the skills of an
TTPs, and IoCs in detail
ethical hacker

Finally, this module ended with

It also discussed hacking
2 concepts and hacker classes 5 an overview of ethical hacking
tools

In the next module, we will

This module also discussed in
discuss in detail on information
3 detail on different phases of 6 security threats, vulnerabilities,
hacking cycle
and malware concepts

Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.