Ethical Hacking

Ethical Hacking Fundamentals

Elements of InfoSec

InfoSec Attack Vectors

Laws and Regulations

Types of threat actors

100

this is a state of well-being of information and infrastructure where the possibility of theft, tampering, and disruption of information/services is low or tolerable

Information security

100

Assurance that the information is accessible only to authorized individuals

Confidentiality

100

Capable of infecting a network within seconds

Viruses and worms

100

Protects information regarding health

HIPPA

100

unskilled hacker who compromises a systems by running scripts, tools, and software developed by real hackers

Script Kiddies

200

Three Security Challenges

Compliance Lack of qualified professionals non-centralized computing environment Fragmented/complex privacy/data protection BYOD policies and legacy data centers without proper cloud configuration

200

Assurance that the systems responsible for delivering, storing, and processing information are accessible

Availability

200

Attack that is focused on stealing information from the victim without the user being aware of it

Advanced persistant threats (APTs)

200

Protects financial card information including debit, credit, prepaid, atm, etc.

PCI-DSS

200

individuals employed by governments to hack top-secret information (normally from other governments)

State-Sponsored Hackers

300

An attack that does not tamper with the data and involves intercepting and monitoring of data/ data traffic

Passive attacks

300

Trustworthiness of data/resources in terms of preventing unauthorized changes

Integrity

300

Restricts access to the systems files/folders and demands a payment

Ransomware

300

Designed to protect investors/public by increasing the accuracy and reliability of corporate disclosures. Contains 11 parts

Sarbanes Oxley Act (SOX)

300

Hackers who are promoting some kind of agenda or cause

Hacktivists

400

Attacks that disrupt the communication of services between the systems to bypass or break into secured systems

Active Attacks

400

Gaurantee that the sender can't deny sending the message/file

Non-Repudiation

400

allows attackers to access another clients data on a cloud platform

flaw in application

400

Defines legal prohibitions against copyright infringement

Digital Millenium Copyright Act (DMCA)

400

an employee who uses privileged access to violate rules

malicious insiders

500

What is the cyber kill chain

Reconaissance Weaponization delivery exploitation installation command/control actions on objectives

500

Five Elements of Information Security

Confidentiality Integrity Availability Authenticity Non-Repudiation

500

Five infosec attack vectors

Cloud computing

APTs

Viruses/Worms

Ransomware and Mobile threats

500

Specifes requirements for establishing, implementing, maintaining, and improving insec management systems and is suitable for several types of use

ISO/IEC 27001:2013

500

individuals who are motivated by religious/political beliefs in order to create fear through disruption of computer networks

cyber terrorists