This is your CHEAT SHEET CEH v10

Chapter ONE what you need to know

Things you should know the following:
Elements of Information Security Functionality and Usability Triangle.

MOTIVES, GOALS, AND OBJECTIVES OF INFORMATION SECURITY ATTACKS

TOP INFORMATION SECURITY ATTACK VECOTRS
What is hacking?
Who is a Hacker?
Hacking Phases
1. Reconnaissance
2. Scanning
3. Gaining Access
4. Maintaining Access
5. Clearing Tracks

What is an Ethical Hacker?

Why is Ethical Hacking Necessary?
Scope and Limitations of Ethical Hacking
Skills of an Ethical Hacker
Information Security Controls

Hack Value:
Attractiveness interest or something that is worthy
Zero-Day Attack:
Threats and vulnerabilities that can exploit the victim before the develop identify or addresses
any patches
Vulnerability:
weak point loophole or cause in any system or network which can be helpful and utilized by the
attackers
Daisy Chaining:
Sequential process of several hacking or attacking attempts to gain access to network or systems
No
Exploit:
Exploit is a beach of security of a system through Vulnerabilities, Zero-Day Attacks or other
techniques
Doxing:
Publishing information or a set of information associated with an individual.
Payload:
The payload refers to the actual section of information or data in a frame as opposed to
automatically generated metadata
Bot:
Software that is used to control the target remotely and to execute predefined task.

Additional Notes:

Passive Reconnaissance, the hacker is acquiring the information about target without interacting
the target directly. An example of passive reconnaissance is public or social media searching for
gaining information about the target.

Active Reconnaissance is gaining information by acquiring the target directly. Examples of active
reconnaissance are via calls, emails, help desk or technical departments.
Notes and Answers Module 01:

CEH methodology is laid out this way: reconnaissance (footprinting), scanning and enumeration,
gaining access, escalating privileges, maintaining access, and covering tracks. While you may be
groaning about scanning and enumeration both appearing as answers, they're placed here in this
way on purpose. This exam is not only testing your rote memorization of the methodology but
also how the methodology actually works. Remember, after scoping out the recon on your
target, your next step is to scan it. After all, you have to know what targets are there first before
enumerating information about them.

is incorrect because the annualized loss expectancy (ALE) is a mathematical measurement of the
cost of replacing or repairing a specific resource. ALE is calculated by multiplying the single loss
expectancy (SLE) by the annualized rate of occurrence (ARO). For example, if the total cost of a
single loss of a resource is calculated at $1000 and you calculate there is a 10 percent chance it
will fail in any given year, your ALE would be $100.

The three-way handshake will definitely show up on your exam, and in much trickier wording
than this. It's easy enough to memorize "SYN, SYN/ACK, ACK," but you'll need more than that for
the exam.

When performing business impact analysis (or any other value analysis for that matter), the
annualized loss expectancy (ALE) is an important measurement for every asset. To compute the
ALE, multiply the annualized rate of occurrence (ARO) by the single loss expectancy (SLE). The
ARO is the frequency at which a failure occurs on an annual basis. In this example, servers fail
once every five years, so the ARO would be 1 failure/5 years = 20 percent.
is incorrect because this value equates to the ALE for the example. ALE = ARO × SLE. In this
example, the ARO is 20 percent and the SLE is $1480: cost of a server ($1000) plus the cost of
technician work to replace it ($80) plus lost time for workers (10 employees × 2 hours × $20 an
hour, which works out to $400). Therefore, ALE = 20 percent × $1480, or $296.

CIA Triad
Confidentiality: loss of privacy unauthorized access CONTROL is encryption authentication
access
Integrity: Information is no longer reliable or accurate CONTROL Maker/Checker QA, Audit Logs
Availability: Business disruption loss of customer confidence Loss of revenue CONTROL: Business
continuity plans, and test. backup storage

Authenticity
Non-Repudiation:

Attack =Motive +Method +Vulnerability

Top Information Security Attack Vectors:

Cloud Computing Threats

Insecure Interface or API's
ABUSE
Malicious insider
Unknown Risk
Hijacking
Software Access
Data Separation
Data Leakage/Loss
Hijacking

Advanced Persistent Threats

Viruses and Worms
Mobile Threats
Insider Attack
Botnets
Information security Threat Categories
Network Threats
Information gathering
Sniffing & Eavesdropping
Spoofing
Session hijacking
Man-in-the-middle Attach
DNS & ARP Poisoning
Password-based Attacks
Denial of Service Attacks
Compromised Key Attacks
Firewall & IDS Attacks

Host Threats

Host Threats are focused on system software; Applications share built or running over this
software such as Windows 2000 .NET Framework, SQL Server, and others.
Module 02

Footprinting and Reconnaissance

1. Footprinting concepts
2. Foot printing methodology
3. Footprinting countermeasures
4. Footprinting penetration testing
Notes and Answers Module 02:
Concepts of Foot Printing
Search Engines
Advanced Google Hacks

Advanced Google Hacks

Google Hack Database
VoIP and VPN search through Google Database

Top Level Domain (Web Search)

Geographical Target
People Search on Social Networking sites and People Search Services

Linked IN
Financial Services

Job Sites
Setting up Targets with Google Alerts

Forms and Blogs

Determining the OS

VoIP and VPN Foot printing through Shodan

Email Foot Printing (Tracking Email Communication)
Collecting Information for Email Header
Competitive Intelligence

When did this company Begin How

What are the company’s plans

Competitive Intelligence What expert Opinions say about the Company

Monitoring
TOOLS for Foot Printing
READ
Scanning Tools
READ
READ
Module 4

Enumeration
READ
Module 5
Vulnerability Assessment

Must know Linux read write codes

0 == --- == no access
1 == --x == execute
2 == -w- == write
3 == -wx == write / execute
4 == r-- == read
5 == r-x == read / execute
6 == rw- == read / write
7 == rwx == read / write / execute
Module 6

System Hacking
Module 7

Malware Threats