[ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Session Hijacking

This entry is part 21 of 29 in the series [ Certified Ethical Hacker Training ]

Chapter 10 cont’d: Session Hijacking First, read this Infosec Institute Session Hijacking Cheat Sheet: https://resources.infosecinstitute.com/session-hijacking-cheat-sheet/ Note session hijacking, session sidejacking and session fixation. ¬†Spoofing vs. Hijacking Be sure to recognize the difference between just lying about your IP address, and actually taking over a running user session. How do you get a session ID? Brute-forcing …

[ Certified Ethical Hacker v10 ] :: [ Chapter 11 ] :: Cryptography

This entry is part 22 of 29 in the series [ Certified Ethical Hacker Training ]

Cryptography History to Know for the Exam Polybius Square Caesar Cipher (ROT12) Vocabulary Cryptography: encoding/securing communications Cryptoanalysis: cracking encrypted communications Steganography Algorythms / Ciphers XOR –>Hashing is not Encryption! –>Encoding is not Encryption! Study and¬† Practice Sites Cryptool: A site to practice crypto and learn how it works https://www.cryptool.org/en/ Tools to Know CryptoBench: a Windows …

[ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Social Engineering

This entry is part 23 of 29 in the series [ Certified Ethical Hacker Training ]

Social Engineering Social engineering falls into the category of non-technical attacks. Quite bluntly, you’re not likely to see much or any of this on the CEH exam, other than the phishing topics. So we’ll give you targeted lists of words to recognize and topics to know. Vocabulary “Rebecca” and “Jessica” are the stereotype names for …

[ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Physical Security

This entry is part 24 of 29 in the series [ Certified Ethical Hacker Training ]

Like Social Engineering, Physical Security is a domain that’s very lightly covered in the CEH exam. Vocabulary FRR: False Rejection Rate FAR: False Acceptance Rate CER: Crossover Error Rate Security Measures Against Physical Threats Physical Measures (locks) Technical Measures (smart cards, biometrics) Operational Measures (policies and procedures) Interesting Inside Information Attacks Cyber lock locksmith codes …

[ Certified Ethical Hacker v10 ] :: [ Chapter 13 ] :: Pen Testing Methodology

This entry is part 25 of 29 in the series [ Certified Ethical Hacker Training ]

Methodology and Steps Vocabulary Security Assessment Security Audit Vulnerability Assessment Penetration Test External Assessment Internal Assessment Announced Testing Unannounced Testing Red Team Blue Team Purple Team Testing Automation Core Impact Pro Codenomicon Metasploit CANVAS – https://www.immunityinc.com/products/canvas/index.html Insider Threats Pure insider Insider associate (contractor) Insider affiliate (spouse, friend) Outside affiliate (not an employee, doesn’t know anyone) …

[ Review ] :: EC-Council’s iLabs Platform

Glenn Norman
This entry is part 28 of 29 in the series [ Certified Ethical Hacker Training ]

I’ve been trying to bring “hacker” training to UNM for over ten years without much success. Only in the past two semesters have I been able to run an Ethical Hacking class based on the CEH, but where my past efforts didn’t bring students, the CEH did. Red Team work has long interested me, likely …

[ Certified Ethical Hacker v10 ] :: Using ngrok to Set a Trap From Inside NAT

This entry is part 29 of 29 in the series [ Certified Ethical Hacker Training ]

In a lot of hacking examples, the instructor demonstrates a tool like BeEF that requires you to have a website to host the trapping script (for instance, acookie stealer). They’ll often use a localhost address (127.0.0.1) and effectively set a trap for themselves (it’s a demo, after all), without showing you how to use the …