undergroundwires / ceh-in-bullet-points Goto Github PK

View Code? Open in Web Editor NEW

937.0 39.0 276.0 3.78 MB

💻 Certified ethical hacker summary in bullet points

Home Page: https://cloudarchitecture.io/hacking

License: Creative Commons Attribution 4.0 International

cehv11 certified-ethical-hacker footprinting enumeration malware-overview penetration-testing

ceh-in-bullet-points's Introduction

Certified ethical hacker in bullet points

This repo contains study notes for Certified Ethical Hacker exam.
The notes are comprehensive and written with goal of covering all exam areas.
It includes many real-life tips and tricks to keep practical value in the content.
Combines and summarizes a lot of education materials from many different sources.
- I passed the exam with 119/125 score with these notes.
💡 A good way is using material is using the search function extensively, there are many cross references throughout the material to help you navigate, feel free to ignore them if you're reading for the first time.
Good luck & enjoy studying! ☕
✨ Contributions of any kind are welcome!

Symbols

There are some symbols used throughout the documentation:

Symbol	Description
💡	Best practice or practical tips
❗	An important limitation, challenge or an exception
📝	Common exam area
🤗	Fact / trivia (most likely unrelated to the exam)

Content

Introduction
1. Information security
2. Hacking
  1. Hacker types
  2. Hacking stages
3. Penetration testing
  1. Penetration testing overview
  2. Penetration testing phases
Footprinting
Scanning networks
Enumeration
1. Enumeration Overview
2. DNS enumeration
Vulnerabilities
System hacking
1. Cracking passwords
2. Linux basics
3. Escalating privileges
4. Executing applications
5. Hiding files
6. Covering tracks
Malware overview
Sniffing
1. Sniffing overview
2. Sniffing tools
3. Sniffing attacks
Wireless networks
Social engineering
1. Social engineering overview
2. Social engineering types
Firewalls IDS and Honeypots
1. Intrusion detection system (IDS)
  1. Intrusion detection system (IDS) overview
  2. Evading IDS
2. Firewall
  1. Firewall overview
  2. Evading firewalls
3. Honeypot
Web servers
1. Hacking web servers
2. Web server threats and attacks
Web applications
SQL injection
1. SQL injection overview
2. SQL injection types
Cryptography
1. Cryptography overview
2. Encryption algorithms
3. Hashing algorithms
4. Communication
  1. Encrypting communication
  2. Tunneling protocols
5. Encrypting disk
6. Cryptanalysis
Cloud
Mobile platforms
IoT and OT
1. IoT overview
2. IoT security
Exam readiness

↑

Support

⭐️ Simplest way to say thanks is just to it a star 🤩
❤️ To show more support:
- ☕️ buy me a coffee
- 👏🏿 sponsor me
- 🎈 donate using another way
✨ Contributions of any kind are welcome!

↑

ceh-in-bullet-points's People

Contributors

Stargazers

Watchers

Forkers

wjay-tec tempistrane nasirdevlani abdulmalikjalloh technicalboy29 jjj0n4th4n orientaldwarf alodha100 cassanof roydg johto89 kmdn89 yasodakrishnav markgillanders darthzeroproductions brimford cheahengsoon edwincervantes thambolo anandrajakumaran sh4ns shrutiuppin th3blackp3arl l0rdainz tunahorse swastik77 brendeneye31 josephma93 jabss rgh-paperchaser certification-training maymeow soulwinds claregracechua an0n1m1z3 akriosss47 anirudhkk el-kae boknows55 sq7obj anishnarang99 garner007 48h153k pachy78 ansh063 regist-os thibovdb teksec-louie sureshmelvinsigera asafahmadov vivid-rain7267 kitann extraordinaire1 daffyaman silentsoul04 suresh978 oadam11 yashsrivastavv ranryukohei krishnamurtyp chiboubys dusmana 1n1t6sh3ll nx6110a5100 xshadowfox8888 jellyfishxoxo naveenawsdevops kxwick j1h4sh ravindu-balasooriya-it20134594 mr-nayra adkmmm ansarifaiyaz28 maxvill212 luisit0 huwanyu sumodgeorge whobin cybersissons katgalraghu asierbarran vortigern203 saumyajeetdas vikasphonsa daominglee muchornqer n40r1s hugorc maheshnaganna jjsk9 arnausotis anshumansrivastavagit aloaiza12 ansh012 salem73616c656d cabecada mtarr6 queca shafr badalshiva

ceh-in-bullet-points's Issues

ARP poisoning attack steps

I think in the line "e.g. through host discovery using nmap e.g. nmap -sn 192.168.0.0" the Nmap scan is missing /16

IoT Architecture Layers have a different structure in the v11 book (No mention to business layer there, instead Access Gateway Layer is defined). This is often included in exam prep questions; Usually a definition is given and a name is required.

5 Layers of IoT Architecture are:

Edge Technology Layer
This layer consists of all the hardware components, including sensors, radio-frequency identification (RFID) tags, readers, or other soft sensors, and the device itself. These entities are the primary part of the data sensors that are deployed in the field for monitoring or sensing various phenomena. This layer plays an important part in data collection, and in connecting devices within the network and with the server.

Access Gateway Layer
This layer helps to bridge the gap between two endpoints, such as a device and a client. The initial data handling also takes place in this layer. This layer carries out message routing, message identification, and subscribing.

Internet Layer
This is a crucial layer as it serves as the main component in carrying out communication between two endpoints, such as device-to-device, device-to-cloud, device-to-gateway, or back-end data sharing.

Middleware Layer
This is one of the most critical layers that operates in two-way mode. As the name suggests, this layer sits in the middle of the application layer and the hardware layer, thus behaving as an interface between these two layers. It is responsible for important functions such as data management, device management, and various issues like data analysis, data aggregation, data filtering, device information discovery, and access control.

Application Layer
This layer, placed at the top of the stack, is responsible for the delivery of services to the relevant users from different sectors, including building, industrial, manufacturing, automobile, security, healthcare, etc.

Small Typo

/07-malware/trojans.md

Line 123

software that's ~~intend t~~ find it
software that's intended to find it

RST by Receiver not Sender

Hi Guys,

This site has been so helpful. I did notice the arrow for a closed port on the half-open scan is going from the attacker to the victim. But as the port is closed should it not be from the victim to the attacker. A Wireshark test confirmed it.
OR
I made a silly mistake and apologies for the interruption.
Thanks
Tim
https://github.com/undergroundwires/CEH-in-bullet-points/blob/master/chapters/03-scanning-networks/scanning-techniques.md

Can't access https://cloudarchitecture.io/hacking. DNS error.

Hello,

Just wanted to let you know that https://cloudarchitecture.io/hacking appears to be down.

help

hey thanks for developing it can you help me by sending a video tutorial how to use it?

Security Threats and Attacks

1.i.b Discusses OS attacks. One line states that unpatched operating systems can allow for zero days. If they are vulnerable due to a known issue that has a patch, it is not a zero day. Clarification is necessary to avoid confusion for new learners.

Reader-friendly modifications - help needed ?

Thanks for your effort!
However it's not very reader-friendly - have you thought about using any docs system for your project ? (with reading mode, etc ?).
Would you like your repo to be converted into reader-friendly site? (I thought about mkdocs with material).
This would adding indexes to files & commiting some code from mkdocs. Here is example screenshot of what I tried locally.

Note the features:

index on the left (unordered due to alphabetical sorting)
chapters on the right
page changes on the bottom

Please let me know if I should start working on it.
Then you can publish it on github pages & everyone can look at it in more reader-friendly mode.

Denial of Service / RST Attack

I think the sentence "Computer B in that case can send RST packet to computer B." needs to be reviewed. Author probably meant "to computer A"

Cryptography Overview / XOR cipher (Table)

Last row of XOR cipher table should indicate A = 1 ; B = 1 ; Output = 0

https://github.com/undergroundwires/CEH-in-bullet-points/blob/master/chapters/15-cryptography/cryptography-overview.md#xor-cipher

Scanning Networks / Xmas Scan Diagram - Arrow for closed port is pointing the wrong direction

While performing a Xmas Scan if target port is closed, target will send a packet with RST flag up to the attacker.
Arrow should point from Target to Attacker.
Thanks for the bullet-points. Really helpful. Great content! :)

Scanning Networks / Banner Grabbing - Nmap syntax

In Banner Grabbing Tools sections says:
"nmap -0 for OS automatic fingerprinting" but I think it should be "nmap -O " according to Nmap.org.

It could be a silly thing that has to do with github font or my browser (if so, I'm sorry for bringing this up) but might generate some confusion for newbies like me.
Thanks for the resources!

just a small fix

Thank you for that awesome repo!

03-scanning-networks/scanning-networks-overview.md

IP supports more addresses should be:
IPv6 supports more addresses (than IPv4)

Cloud attacks addition: Cloud Hopper and Cloudborne

In Cloud attacks I would add a couple more that are included in official course-ware (v11) and show in exam prep questions:

Cloud Attacks: Cloud Hopper Attack
Cloud Hopper attacks are triggered at the managed service providers (MSPs) and their users
Attackers initiate spear-phishing emails with custom-made malware to compromise the accounts of staff or cloud service firms to obtain confidential information

Cloud Attacks: Cloudborne Attack
Cloudborne is a vulnerability residing in a bare-metal cloud server that enables the attackers to implant a malicious backdoor in its firmware. The malicious backdoor can allow the attackers to bypass the security mechanisms and perform various activities such as watching new user’s activity or behavior, disabling the application or server, and intercepting or stealing the data.
Vulnerabilities in the bare-metal cloud server and inappropriate firmware re-flashing can pave the way for attackers to install and maintain backdoor persistence.