Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@undergroundwires
undergroundwires committed May 12, 2021
0 parents commit 00c776a
Show file tree
Hide file tree
Showing 155 changed files with 17,158 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .github/FUNDING.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
github: undergroundwires
ko_fi: undergroundwires
custom: https://undergroundwires.dev/donate
26 changes: 26 additions & 0 deletions .github/workflows/quality-checks.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: Quality checks

on: [push, pull_request]

jobs:

lint:
runs-on: ubuntu-latest
strategy:
matrix:
lint-command:
- npm run lint:md
- npm run lint:relative-urls
# - npm run lint:external-urls TODO:
- npm run lint:consistency
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup node
uses: actions/setup-node@v1
with:
node-version: '14.x'
- name: Install dependencies
run: npm ci
- name: Ensure consistency
run: ${{ matrix.lint-command }}
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
node_modules/
5 changes: 5 additions & 0 deletions .markdownlint.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
"default": true,
"MD033": false,
"MD013": false
}
153 changes: 153 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
# Certified ethical hacker in bullet points

[![Quality checks status](https://github.com/undergroundwires/CEH-in-bullet-points/workflows/Quality%20checks/badge.svg)](https://github.com/undergroundwires/CEH-in-bullet-points/actions)
[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/undergroundwires/CEH-in-bullet-points/issues)

- This repo contains study notes for Certified Ethical Hacker exam.
- The notes are comprehensive and written with goal of covering all exam areas.
- It includes many real-life tips and tricks to keep practical value in the content.
- Combines and summarizes a lot of education materials from many different sources.
- I passed the exam with 119/125 score with these notes.
- 💡 A good way is using material is using the search function extensively, there are many cross references throughout the material to help you navigate, feel free to ignore them if you're reading for the first time.
- Good luck & enjoy studying! ☕
- ✨ Contributions of any kind are welcome!

## Symbols

- There are some symbols used throughout the documentation:

| Symbol | Description |
|:------:|-------------|
| 💡 | Best practice or practical tips |
|| An important limitation, challenge or an exception |
| 📝 | Common exam area |
| 🤗 | Fact / trivia (most likely unrelated to the exam) |

## Content

1. Introduction
1. Information security
1. [Information security overview](./chapters/01-introduction/information-security-overview.md)
2. [Security threats and attacks](./chapters/01-introduction/security-threats-and-attacks.md)
3. Information security controls
1. [Information security controls overview](./chapters/01-introduction/information-security-controls.md)
2. [Risk management](./chapters/01-introduction/risk-management.md)
3. [Incident management](./chapters/01-introduction/incident-management.md)
4. [Network security](./chapters/01-introduction/network-security.md)
5. [Security policies](./chapters/01-introduction/security-policies.md)
6. [Physical security](./chapters/01-introduction/physical-security.md)
7. [Data leakage backup and recovery](./chapters/01-introduction/data-leakage-backup-and-recovery.md)
8. [Identity access management (IAM)](./chapters/01-introduction/identity-access-management-(iam).md)
4. [Threat intelligence and forensics](./chapters/01-introduction/threat-intelligence-and-forensics.md)
5. [Laws, standards and regulations](./chapters/01-introduction/laws-standards-and-regulations.md)
2. Hacking
1. [Hacker types](./chapters/01-introduction/hacker-types.md)
2. [Hacking stages](./chapters/01-introduction/hacking-stages.md)
3. Penetration testing
1. [Penetration testing overview](./chapters/01-introduction/penetration-testing.md)
2. [Penetration testing phases](./chapters/01-introduction/penetration-testing-phases.md)
2. Footprinting
1. [Footprinting overview](./chapters/02-footprinting/footprinting-overview.md)
2. [Search engines and online resources](./chapters/02-footprinting/search-engines-and-online-resources.md)
3. [WHOIS, GeoIpLocation and DNS interrogation](./chapters/02-footprinting/whois-geoiplocation-and-dns-interogation.md)
4. [Email footprinting](./chapters/02-footprinting/email-footprinting.md)
5. [Website footprinting](./chapters/02-footprinting/website-footprinting.md)
6. [Network footprinting](./chapters/02-footprinting/network-footprinting.md)
3. Scanning networks
1. [Scanning networks overview](./chapters/03-scanning-networks/scanning-networks-overview.md)
2. [TCP/IP basics](./chapters/03-scanning-networks/tcpip-basics.md)
3. [Scanning tools](./chapters/03-scanning-networks/scanning-tools.md)
4. [Scanning techniques](./chapters/03-scanning-networks/scanning-techniques.md)
5. [Bypassing IDS and firewall](./chapters/03-scanning-networks/bypassing-ids-and-firewall.md)
6. [Banner grabbing](./chapters/03-scanning-networks/banner-grabbing.md)
4. Enumeration
1. [Enumeration Overview](./chapters/04-enumaration/enumeration-overview.md)
2. [DNS enumeration](./chapters/04-enumaration/dns-enumeration.md)
5. Vulnerabilities
1. [Vulnerability analysis](./chapters/05-vulnerabilities/vulnerability-analysis.md)
2. [Common vulnerabilities](./chapters/05-vulnerabilities/common-vulnerabilities.md)
3. [Automated penetration testing tools](./chapters/05-vulnerabilities/automated-penetration-testing-tools.md)
6. System hacking
1. Cracking passwords
1. [Cracking passwords overview](./chapters/06-system-hacking/cracking-passwords-overview.md)
2. [Microsoft authentication](./chapters/06-system-hacking/microsoft-authentication.md)
3. [Password cracking tools](./chapters/06-system-hacking/password-cracking-tools.md)
2. [Linux basics](./chapters/06-system-hacking/linux-basics.md)
3. [Escalating privileges](./chapters/06-system-hacking/escalating-privileges.md)
4. [Executing applications](./chapters/06-system-hacking/executing-applications.md)
5. [Hiding files](./chapters/06-system-hacking/hiding-files.md)
6. [Covering tracks](./chapters/06-system-hacking/covering-tracks.md)
7. Malware overview
1. [Malware overview](./chapters/07-malware/malware-overview.md)
2. [Trojans](./chapters/07-malware/trojans.md)
3. [Viruses](./chapters/07-malware/viruses.md)
4. [Malware analysis](./chapters/07-malware/malware-analysis.md)
8. Sniffing
1. [Sniffing overview](./chapters/08-sniffing/sniffing-overview.md)
2. [Sniffing tools](./chapters/08-sniffing/sniffing-tools.md)
3. Sniffing attacks
1. [Sniffing attacks overview](./chapters/08-sniffing/sniffing-attacks-overview.md)
2. [Spoofing attacks](./chapters/08-sniffing/spoofing-attacks.md)
3. [ARP poisoning](./chapters/08-sniffing/arp-poisoning.md)
9. Wireless networks
1. [Wireless networks overview](./chapters/09-wireless-networks/wireless-networks-overview.md)
2. [AAA protocols](./chapters/09-wireless-networks/aaa-protocols.md)
3. [Wireless threats and attacks](./chapters/09-wireless-networks/wireless-threats-and-attacks.md)
4. [Wireless security tools](./chapters/09-wireless-networks/wireless-security-tools.md)
5. [Bluetooth](./chapters/09-wireless-networks/bluetooth.md)
10. Social engineering
1. [Social engineering overview](./chapters/10-social-engineering/social-engineering-overview.md)
2. [Social engineering types](./chapters/10-social-engineering/social-engineering-types.md)
11. Firewalls IDS and Honeypots
1. Intrusion detection system (IDS)
1. [Intrusion detection system (IDS) overview](./chapters/11-firewalls-ids-and-honeypots/intrusion-detection-system-(ids)-overview.md)
2. [Evading IDS](./chapters/11-firewalls-ids-and-honeypots/evading-ids.md)
2. Firewall
1. [Firewall overview](./chapters/11-firewalls-ids-and-honeypots/firewall-overview.md)
2. [Evading firewalls](./chapters/11-firewalls-ids-and-honeypots/evading-firewalls.md)
3. [Honeypot](./chapters/11-firewalls-ids-and-honeypots/honeypot.md)
12. Web servers
1. [Hacking web servers](./chapters/12-web-servers/hacking-web-servers.md)
2. [Web server threats and attacks](./chapters/12-web-servers/web-server-threats-and-attacks.md)
13. Web applications
1. [Hacking web applications](./chapters/13-web-applications/hacking-web-applications.md)
2. [OWASP top 10 threats](./chapters/13-web-applications/owasp-top-10-threats.md)
3. [Denial of service](./chapters/13-web-applications/denial-of-service.md)
4. [Session hijacking](./chapters/13-web-applications/session-hijacking.md)
14. SQL injection
1. [SQL injection overview](./chapters/14-sql-injection/sql-injection-overview.md)
2. [SQL injection types](./chapters/14-sql-injection/sql-injection-types.md)
15. Cryptography
1. [Cryptography overview](./chapters/15-cryptography/cryptography-overview.md)
2. [Encryption algorithms](./chapters/15-cryptography/encryption-algorithms.md)
3. [Hashing algorithms](./chapters/15-cryptography/hashing-algorithms.md)
4. Communication
1. [Encrypting communication](./chapters/15-cryptography/encrypting-communication.md)
2. [Tunneling protocols](./chapters/15-cryptography/tunneling-protocols.md)
5. [Encrypting disk](./chapters/15-cryptography/encrypting-disk.md)
6. [Cryptanalysis](./chapters/15-cryptography/cryptanalysis.md)
16. Cloud
1. [Cloud computing](./chapters/16-cloud-computing/cloud-computing.md)
2. [Cloud security](./chapters/16-cloud-computing/cloud-security.md)
3. [Container security](./chapters/16-cloud-computing/container-security.md)
17. Mobile platforms
1. [Mobile hacking](./chapters/17-mobile-platforms/mobile-hacking.md)
2. [Mobile attack vectors](./chapters/17-mobile-platforms/mobile-attack-vectors.md)
3. [Mobile attacks](./chapters/17-mobile-platforms/mobile-attacks.md)
18. IoT and OT
1. [IoT hacking](./chapters/18-iot-and-ot/iot-hacking.md)
2. [IoT security](./chapters/18-iot-and-ot/iot-security.md)
19. [Exam readiness](chapters/19-exam-readiness/exam-readiness.md)

[](#content)

## Support

- ⭐️ Simplest way to say thanks is just to it a star 🤩
- ❤️ To show more support:
- ☕️ [buy me a coffee](https://buymeacoffee.com/undergroundwire)
- 👏🏿 [sponsor me](https://github.com/sponsors/undergroundwires)
- 🎈 [donate using another way](https://undergroundwires.dev/donate)
- ✨ Contributions of any kind are welcome!

[](#content)
145 changes: 145 additions & 0 deletions chapters/01-introduction/data-leakage-backup-and-recovery.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
# Data leakage, backup and recovery

## Data leakage

- Any sort of unauthorized disclosure of sensitive information from anyone/any system.
- Includes emails, malicious links, device theft etc.
- Data leakage leads to
- loss of trust e.g. trust to governments decreased during late years
- loss of profit e.g. Sony lost profit of their movies after [they were leaked](https://en.wikipedia.org/wiki/Sony_Pictures_hack) before publishing

### Data leakage threats

#### External threats

- Corporate espionage, phishing, malware
- Business partners, consultants when company outsources
- Less surveilance than own employees.

#### Internal threats

- Also known as **insider threats**
- Dangers are greater than external threats as they'll have greater access to the company
- See also [insider attacks](./security-threats-and-attacks.md#insider-attacks)
- E.g. eavesdropping, shoulder surfing, [dumpster diving](./../10-social-engineering/social-engineering-types.md#dumpster-diving) can be used to acquire data.

## Data loss prevention

- Also known as **DLP**
- Identification and monitoring of important information that is not to be shared outside the organization.
- Can block, notify the sender or lets admins to analyze, react and report to sensitive data in transit.
- Important tool for enterprise message systems
- Uses different techniques of data access control
- E.g. when e-mailing where content is scanned for fingerprints, classifications and bank account numbers.

## Data backup

- Process of making a duplicate copy of data that already exists.
- Protects against data loss and corruption as it can lead to great financial damages.
- No backup = Far more suspectable to all sorts of attacks, especially ransomware.

### Backup mediums

#### Magnetic tapes

- Oldest form, still used by many enterprises.
- Retention time: ≈30 years
- 📝 To pull anything off the tape, you have to fast-forward to wherever the correct file is stored
- Good for restoring systems in one go.
- Bad for incremental backups or storing a few files.
- ❗ Only way to tell if backups are working is to fully restore from the tape and check if it's correctly restored.

#### Optical disks

- 2 to 3 times slower than hard drives
- Retention time: ≈25 years

#### Hard disks

- Cheaper, easily accessible
- Less stability than magnetic tapes
- Retention time: ≈9-20 years

#### SSD disks

- Includes also usb drives known as Flash storage or thumb-drive.
- Resistant to shock, temperature, being run through the washing machine
- Retention time: ≈10 years

#### Cloud storage

- Requires little infrastructure
- Depends on stable internet connection
- No retention time, high reliability

#### SD and micro-SD

- Little capacity and pricy.
- Retention time: ≈10 years

### Steps of data backup strategy

1. **Identify important data**
- because backing-up everything is too costly and takes up much storage.
2. **Choose appropriate backup media**
- Reliable, solid, preferably cheap
- E.g. USBs or portable media for personal users, and HDD/SDDs for companies with PCIs for more speed.
3. **Choose the appropriate backup strategy**
- Check features such as scheduling, monitoring file changes to update back-ups, protocols, integrations...
- Paid vs Free
- Free requires more knowledge and work, training costs (one time)
- E.g. in Linux, set cron job from point A to B
- Paid versions has recurring license costs including training
4. **Choose appropriate RAID levels**
- **RAID 1**
- 2 disks
- All that are written in disk A is also written to B, if one disk fails, other works
- **RAID 5**
- 3 disks
- If A fails you can reconstruct based on data in B and C
- RAIDing is not only for backups, can also use for faster read and writes
- E.g. BIG = Everything is seen as one drive. File is written two all of them. Crazy write & read speeds. If single disk dies all data is gone.
5. **Choose the appropiate backup method**
- **Cold backup**
- Performed while system is not in use.
- E.g. at nights, during weekends.
- **Hot backup**
- Performed when system is still used.
- E.g. you type a document, power shortage happens but it's still saved.
- **Warm backup**
- Hybrid of the two.
- Period backups while system is in use, but you might lose longer time period than hot backup.
6. **Choose the appropriate backup locations**
- Three options:
1. **On-site**: Same building / room
- Susceptible to same types of problems like other servers.
- If there's a breach, fire or earthquake = all data are gone
2. **Off-site**: backup is performed at a remote location
3. **Cloud**:
- Most secure: most cost effective and safe where data won't be loss, no electricity, no hardware, no maintainable.
- Can be replicated in same building, different buildings in same data center or different regions.
- Can have privacy/trust issues: encrypt
7. **Choose the backup type**
- **Full backup**: Costly, you back up everything
- **Incremental backup**
- Backs-up on each change of the previous back-up
- When restoring, you need to restore everything from the first full back-up
- **Differential backup**:
- Back-ups on difference to the initial backup on each backup.s
- Faster restoring time as you only need the last point and the initial full back-up
8. **Appropriate backup solution**: Combination of all of this
9. **Perform a recovery test**
- Ensure you can recover a data that's lost with DR tests e.g. twice a year.
- **Recovery drill**
- Simulating data tier outage
- Recovering
- Validate application integrity post recovery

## Data recovery

- Recovering lost data
- Reasons
- Accidental lost e.g. • natural disaster • corrupted data
- Or can be intentionally destroyed
- DR stands for "Disaster Recovery"
- Most of data is recoverable but you can have recovery failure if backed up data becomes corrupt.
Loading

0 comments on commit 00c776a

Please sign in to comment.