SlideShare a Scribd company logo

Introduction to ceh

Download as PPT, PDF
Hemant Mittal, profile picture
Hemant Mittal

This document provides an introduction to certified ethical hacking (CEH). It explains that CEHs locate and repair security vulnerabilities to prevent exploitation by hackers. The document then outlines the typical steps for a penetration test: preparation, footprinting, enumeration and fingerprinting, identifying vulnerabilities, attacking by exploiting vulnerabilities, covering tracks, and reporting. It provides details on techniques used at each step like port scanning, banner grabbing, brute force password attacks, and using tools like Nmap and Metasploit. The document concludes with an overview of additional important hacking techniques like social engineering, denial of service attacks, and cryptography.

Technology
Related topics:
Ethical Hacking Courses
1 of 17
Downloaded 30 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
INTRODUCTION TO CEH PRESENTED BY:HEMANT MITAL
WHY SHOULD WE KNOW ABOUT CEH? • In this Tech-savvy world of 21st Century every one is engaged with internet, through whatsapp , twitter, facebook , net-banking & lots of other platforms are there. • And some criminal minded persons commit crimes here, which is included under cyber-crime. • We should be aware about crimes happening around in the cyber-space, so we can protect ourselves.
WHAT A CEH DO? •  A CEH is hired to locate and repair application and system security vulnerabilities to preempt exploitations by black hat hackers and others with potentially illegal intentions.  •Ethical hackers employ the same tools and techniques as the intruders.
EXAMPLES OF CYBER CRIME
STEPS FOR PEN TESTING 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities 6. Cover tracks
PREPARATION • Identification of Targets – company websites, mail servers, extranets, etc. • Signing of Contract • Agreement on protection against any legal issues • Contracts to clearly specifies the limits and dangers of the test • Specifics on Denial of Service Tests, Social Engineering, etc. • Time window for Attacks • Total time for the testing • Prior Knowledge of the systems • Key people who are made aware of the testing
FOOTPRINTING Collecting as much information about the target •DNS Servers •IP Ranges •Administrative Contacts •Problems revealed by administrators Information Sources •Search engines •Forums •Tools – PING, whois, Traceroute, nslookup,
ENUMERATION & FINGERPRINTING • Specific targets determined • Identification of Services / open ports • Operating System Enumeration • Methods • Banner grabbing • Responses to various protocol (ICMP &TCP) commands • Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. • Tools • Nmap, tcpdump, ssh, telnet
IDENTIFICATION OF VULNERABILITIES Vulnerabilities •Insecure Configuration •Weak passwords •Unpatched vulnerabilities in services, Operating systems, applications •Possible Vulnerabilities in Services, Operating Systems •Insecure programming •Weak Access Control
IDENTIFICATION OF VULNERABILITIES Methods •Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites •Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic •Insecure Programming – SQL Injection, Listening to Traffic •Weak Access Control – Using the Application Logic, SQL Injection
ATTACK – EXPLOIT THE VULNERABILITIES • Obtain as much information (trophies) from the Target Asset • Gaining Normal Access • Escalation of privileges • Obtaining access to other connected systems • Last Ditch Effort – Denial of Service
ATTACK – EXPLOIT THE VULNERABILITIES • Network Infrastructure Attacks • Connecting to the network through modem • Weaknesses in TCP / IP, NetBIOS • Flooding the network to cause DOS • Operating System Attacks • Application Specific Attacks • Exploiting implementations of HTTP, SMTP protocols
ATTACK – EXPLOIT THE VULNERABILITIES • Gaining access to application Databases • SQL Injection • Spamming Exploits • Free exploits from Hacker Websites • Customised free exploits • Internally Developed • Tools – Nessus, Metasploit Framework
REPORTING Methodology •Exploited Conditions & Vulnerabilities that could not be exploited •Proof for Exploits - Trophies •Practical Security solutions
OTHER IMPORTANT TECHNICES • Social Engineering • Denial of Service • Session Hijacking • SQL Injection • IDS, Firewalls and Honeypots
OTHER IMPORTANT TECHNICES(CONTINUED…) • Buffer Overflow • Cryptography • Hacking Wireless Networks • SNIFFING • Trojan horse
OTHER IMPORTANT TECHNICES(CONTINUED…) • Viruses and Worms • Hacking Web Applications • Hacking Mobile Platforms

More Related Content

PPTX
Cyber crime and security (1)
Tanikella Sai Abhijyan
 
PPTX
Cyber crimeppt1-samweg1 (1)
Samwed Jain
 
PPTX
Types of Attack in Information and Network Security
padmeshagrekar
 
PPTX
Cybercrime
TouqeerAhmed30
 
PDF
Voicemail_Protection
Ron Healy
 
PPT
ETHICAL HACKING
Sweta Leena Panda
 
PDF
Cs8792 cns - unit v
ArthyR3
 
PPT
Ethical hacking
shahhardik27
 
Cyber crime and security (1)
Tanikella Sai Abhijyan
 
Cyber crimeppt1-samweg1 (1)
Samwed Jain
 
Types of Attack in Information and Network Security
padmeshagrekar
 
Cybercrime
TouqeerAhmed30
 
Voicemail_Protection
Ron Healy
 
ETHICAL HACKING
Sweta Leena Panda
 
Cs8792 cns - unit v
ArthyR3
 
Ethical hacking
shahhardik27
 

What's hot (19)

PPTX
Design and Analyze Secure Networked Systems - 1
Don Kim
 
PPTX
Exfiltration slides-v1-release
Eric Koeppen
 
PPTX
computer viruses
dayasunny7
 
DOCX
Jeffrey_Smith_Resume_2016
Jeffrey Smith
 
PPT
Unit 3
abhishek srivastav
 
PPTX
Crontab Cyber Security session 3
gpioa
 
PPTX
CS8792 - Cryptography and Network Security
vishnukp34
 
PDF
DRC -- Cybersecurity concepts2015
T. J. Saotome
 
PPT
Module 1 Introduction
leminhvuong
 
PPTX
Ethical Hacking Redefined
Pawan Patil
 
ODP
Network Security Topic 1 intro
Khawar Nehal khawar.nehal@atrc.net.pk
 
PPT
Information Assurance Presentation
Rebecca Patient
 
PPTX
Security in Computer System
Manesh T
 
PPTX
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
PPTX
Computer Security
AkNirojan
 
PPTX
Software Security
AkNirojan
 
PPTX
Noorhidayu Yussof (Presentation 3)
Noorhidayu Yussof
 
PPTX
Hacking intro
Milind Mishra
 
PDF
Security in computer systems fundamentals
Manesh T
 
Design and Analyze Secure Networked Systems - 1
Don Kim
 
Exfiltration slides-v1-release
Eric Koeppen
 
computer viruses
dayasunny7
 
Jeffrey_Smith_Resume_2016
Jeffrey Smith
 
Unit 3
abhishek srivastav
 
Crontab Cyber Security session 3
gpioa
 
CS8792 - Cryptography and Network Security
vishnukp34
 
DRC -- Cybersecurity concepts2015
T. J. Saotome
 
Module 1 Introduction
leminhvuong
 
Ethical Hacking Redefined
Pawan Patil
 
Network Security Topic 1 intro
Khawar Nehal khawar.nehal@atrc.net.pk
 
Information Assurance Presentation
Rebecca Patient
 
Security in Computer System
Manesh T
 
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
Computer Security
AkNirojan
 
Software Security
AkNirojan
 
Noorhidayu Yussof (Presentation 3)
Noorhidayu Yussof
 
Hacking intro
Milind Mishra
 
Security in computer systems fundamentals
Manesh T
 
Ad

Similar to Introduction to ceh (20)

PDF
Certified Ethical Hacking - Book Summary
udemy course
 
PDF
Super1
neelakanteswarreddy
 
PPT
Ethical hacking
Sourabh Badve
 
PPT
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
ssuserde23af
 
PPT
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
PPT
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
PPT
Ethical hacking by shivam
Shivam Ðreamchazer
 
PPT
Ethical hacking-ppt-download4575
Gopal Rathod
 
PPT
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
champubhaiya8
 
PPTX
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
PPTX
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
PPTX
Hacking - penetration tools
JenishChauhan4
 
PPTX
Hacking and Penetration Testing - a beginners guide
Pankaj Dubey
 
PPTX
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
PDF
CEH Exam Practice Questions and Answers Part 2.pdf
infosecTrain
 
PDF
CEH Exam Practice Questions and Answers Part - 2.pdf
infosec train
 
PDF
CEH Exam Practice Q&A Part 2 by InfosecTrain
priyanshamadhwal2
 
PPTX
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
FerozaMirajkar1
 
PDF
Hacking - CEH Cheat Sheet Exercises.pdf
john485745
 
PDF
1435488539 221998
Shree Krishna Shrestha
 
Certified Ethical Hacking - Book Summary
udemy course
 
Super1
neelakanteswarreddy
 
Ethical hacking
Sourabh Badve
 
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
ssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
Ethical hacking by shivam
Shivam Ðreamchazer
 
Ethical hacking-ppt-download4575
Gopal Rathod
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
champubhaiya8
 
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
Hacking - penetration tools
JenishChauhan4
 
Hacking and Penetration Testing - a beginners guide
Pankaj Dubey
 
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
CEH Exam Practice Questions and Answers Part 2.pdf
infosecTrain
 
CEH Exam Practice Questions and Answers Part - 2.pdf
infosec train
 
CEH Exam Practice Q&A Part 2 by InfosecTrain
priyanshamadhwal2
 
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
FerozaMirajkar1
 
Hacking - CEH Cheat Sheet Exercises.pdf
john485745
 
1435488539 221998
Shree Krishna Shrestha
 
Ad

Recently uploaded (20)

PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Teaching material agriculture food technology
LiaRayya
 
Encapsulation theory and applications.pdf
gurumoop
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 

Introduction to ceh

  • 2. WHY SHOULD WE KNOW ABOUT CEH? • In this Tech-savvy world of 21st Century every one is engaged with internet, through whatsapp , twitter, facebook , net-banking & lots of other platforms are there. • And some criminal minded persons commit crimes here, which is included under cyber-crime. • We should be aware about crimes happening around in the cyber-space, so we can protect ourselves.
  • 3. WHAT A CEH DO? •  A CEH is hired to locate and repair application and system security vulnerabilities to preempt exploitations by black hat hackers and others with potentially illegal intentions.  •Ethical hackers employ the same tools and techniques as the intruders.
  • 5. STEPS FOR PEN TESTING 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities 6. Cover tracks
  • 6. PREPARATION • Identification of Targets – company websites, mail servers, extranets, etc. • Signing of Contract • Agreement on protection against any legal issues • Contracts to clearly specifies the limits and dangers of the test • Specifics on Denial of Service Tests, Social Engineering, etc. • Time window for Attacks • Total time for the testing • Prior Knowledge of the systems • Key people who are made aware of the testing
  • 7. FOOTPRINTING Collecting as much information about the target •DNS Servers •IP Ranges •Administrative Contacts •Problems revealed by administrators Information Sources •Search engines •Forums •Tools – PING, whois, Traceroute, nslookup,
  • 8. ENUMERATION & FINGERPRINTING • Specific targets determined • Identification of Services / open ports • Operating System Enumeration • Methods • Banner grabbing • Responses to various protocol (ICMP &TCP) commands • Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. • Tools • Nmap, tcpdump, ssh, telnet
  • 9. IDENTIFICATION OF VULNERABILITIES Vulnerabilities •Insecure Configuration •Weak passwords •Unpatched vulnerabilities in services, Operating systems, applications •Possible Vulnerabilities in Services, Operating Systems •Insecure programming •Weak Access Control
  • 10. IDENTIFICATION OF VULNERABILITIES Methods •Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites •Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic •Insecure Programming – SQL Injection, Listening to Traffic •Weak Access Control – Using the Application Logic, SQL Injection
  • 11. ATTACK – EXPLOIT THE VULNERABILITIES • Obtain as much information (trophies) from the Target Asset • Gaining Normal Access • Escalation of privileges • Obtaining access to other connected systems • Last Ditch Effort – Denial of Service
  • 12. ATTACK – EXPLOIT THE VULNERABILITIES • Network Infrastructure Attacks • Connecting to the network through modem • Weaknesses in TCP / IP, NetBIOS • Flooding the network to cause DOS • Operating System Attacks • Application Specific Attacks • Exploiting implementations of HTTP, SMTP protocols
  • 13. ATTACK – EXPLOIT THE VULNERABILITIES • Gaining access to application Databases • SQL Injection • Spamming Exploits • Free exploits from Hacker Websites • Customised free exploits • Internally Developed • Tools – Nessus, Metasploit Framework
  • 14. REPORTING Methodology •Exploited Conditions & Vulnerabilities that could not be exploited •Proof for Exploits - Trophies •Practical Security solutions
  • 15. OTHER IMPORTANT TECHNICES • Social Engineering • Denial of Service • Session Hijacking • SQL Injection • IDS, Firewalls and Honeypots
  • 16. OTHER IMPORTANT TECHNICES(CONTINUED…) • Buffer Overflow • Cryptography • Hacking Wireless Networks • SNIFFING • Trojan horse
  • 17. OTHER IMPORTANT TECHNICES(CONTINUED…) • Viruses and Worms • Hacking Web Applications • Hacking Mobile Platforms