- [ Certified Ethical Hacker v10 ] :: [ TOC ]
- [ Certified Ethical Hacker v10 ] :: [ Syllabus ]
- [ Certified Ethical Hacker v10 ] :: [ Chapters 1 & 2 ] :: Footprinting and Reconnaissance
- [ Certified Ethical Hacker v10 ] :: [ Chapter 3 ] :: Scanning
- [ Certified Ethical Hacker v10 ] :: [ Chapter 3 cont’d ] :: Enumeration
- [ Certified Ethical Hacker v10 ] :: [ Chapter 3 cont’d ] :: Vulnerability Analysis
- [ Certified Ethical Hacker v10 ] :: [ Chapter 4 ] :: Sniffing, Evasion and Packet Analysis
- [ Certified Ethical Hacker v10 ] :: [ Chapter 5 ] :: System Hacking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 5 cont’d] :: Hash Cracking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 ] :: Web Servers and Applications
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 cont’d] :: SQL Injection
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 cont’d] :: sqlmap
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 cont’d] :: Burp Suite
- [ Certified Ethical Hacker v10 ] :: [ Chapter 7 ] :: WiFi Hacking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 8 ] :: Hacking Mobile Devices
- [ Certified Ethical Hacker v10 ] :: [ Chapter 8 cont’d ] :: Hacking the Internet of Things
- [ Certified Ethical Hacker v10 ] :: [ Chapter 9 ] :: Hacking in the Cloud
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 ] :: Trojans, Backdoors, Viruses and Worms
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Denial of Service
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Buffer Overflow
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Session Hijacking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 11 ] :: Cryptography
- [ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Social Engineering
- [ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Physical Security
- [ Certified Ethical Hacker v10 ] :: [ Chapter 13 ] :: Pen Testing Methodology
- [ CEH Training ] :: [ Day 7 ]
- Using the GNU Debugger: John Hammond
- [ Review ] :: EC-Council’s iLabs Platform
- [ Certified Ethical Hacker v10 ] :: Using ngrok to Set a Trap From Inside NAT
- [ Certified Ethical Hacker v10 ] :: [ Practical ] :: Become a CEH Master
Cryptography
History to Know for the Exam
Polybius Square
Caesar Cipher (ROT12)
Vocabulary
Cryptography: encoding/securing communications
Cryptoanalysis: cracking encrypted communications
Steganography
Algorythms / Ciphers
XOR
–>Hashing is not Encryption!
–>Encoding is not Encryption!
Study and Practice Sites
Cryptool: A site to practice crypto and learn how it works
https://www.cryptool.org/en/
Tools to Know
CryptoBench: a Windows GUI tool that lets you create hashes, and encrypt and decrypt using both symmetric and asymmetric algorithms.
Cryptoforge is a free-trial/commercial tool for Windows, for encrypting/decrypting files:
https://www.cryptoforge.com/download/
Cryptr is a command-line tool that comes with Kali, and can encrypt/decrypt files using OpenSSL.
https://www.youtube.com/watch?v=JZvqqd942N4
Types of Encryption
Symmetric
Asymmetric
Other Algorythms
Substitution Ciphers, like the Caesar Cipher, which is an alphabet rotation (ROT) tool.
See ROT in action at https://www.dcode.fr/rot-cipher
There’s a nice tool to unscramble these at https://quipqiup.com/
ROT Ciphers, like Morse Code. Is it encryption? Loosely speaking, yes. Try it out.
https://md5decrypt.net/en/Morse-code/
https://www.theproblemsite.com/reference/mathematics/codes/morse-code
The Atbash Cypher uses a reversed alphabet as the key.
https://www.hanginghyena.com/solvers_a/atbash-cipher-decoder
Uses for Encryption
Confidentiality
…of course
Key Exchange
Diffie-Hellman
Signatures
DSA
RSA
PKI and Certificates (X.509)
CAs
RAs
CRLs
OCSP
Parts of a Cert:
-
- Version
- Serial number
- Subject
- Algorithm ID (Structure Algorithm)
- Issuer
- Valid From / Valid To
- Key usage (purpose of key, encryption or signature)
- Subject’s Public Key (the whole purpose)
- Optional fields
Things That Are Like Crypto, But Are Not Crypto
Hashing
MD5
SHA
Steganography (Stego)
steghide (command)
Encoding
Encoding is not encryption, though it used to be used for “secure” password storage and similar crappy confidentiality.
For example, Base64 encoding is a common tool:
“Base64 is not encryption — it’s an encoding. It’s a way of representing binary data using only printable (text) characters.” – https://stackoverflow.com/questions/4070693/what-is-the-purpose-of-base-64-encoding-and-why-it-used-in-http-basic-authentica
Most Linuxes will have a Base64 encoding/decoding tool built in:
# To encode a file base64 <filename> # To decode an encoded file base64 -d <filename>
For more examples, like encoding a string instead of a file:
https://askubuntu.com/questions/178521/how-can-i-decode-a-base64-string-from-the-command-line
You will also run into:
HTML Encoding (for within page text)
https://www.urldecoder.org/
URL Encoding (for URLs, of course)
Hex Encoding
Unicode
Check out this primer:
https://skorks.com/2009/08/different-types-of-encoding-schemes-a-primer/