CEH v11 EXAM | Questions And Answers Latest {2024- 2025} A+ Graded | 100% Verified
Confidentiality - the assurance that messages and information are available only to those who are
authorized to view them. Method of assurance is encryption
integrity - Data has not been changed or modified (in an unauthorized way). True to what it should be.
Done with hashin algortihms
Availability - Ability to access the data or information systems when you need to access it
Authenticity - Everything is as it says it was in the metadata (i.e: the private key of a user that accessed
the data actually belongs to that user)
Non-repudiation - The security principle of providing proof that a transaction occurred between
identified parties. Repudiation occurs when one party in a transaction denies that the transaction took
place. Relates to the sender of information. They cannot deny that they sent it based on a variety of
factors.
Motives/Goals/Objectives - Curiosity, bragging rights, disruption of business, hacktivism (campion a
cause), political, religious, terrorism (impact critical infrastructure that cases human casualties), revenge,
cyber crime ($$)
Passive Attack - Attack Classification - Attack where the attacker does not interact with processing or
communication activities, but only carries out observation and data collection, as in network sniffing.
Sensitive information in clear text on the network. Think Wireshark. HARD TO DETECT
Active Attack - Attack Classification - Manipulation of data, disruption of services, compromising
individual systems or network at large. Easier to detect (e.x.: DoS, DDoS, password attacks, session
hijacking, privilege escalation, SQL injection, remote code execution)
Close-In Attack - Attack Classification - Through proximity (typically physical) you gather sensitive
information. Shoulder surfing is an example.
,Insider Attack - Attack Classification - Trusted individual who abuses their trust on a network to gain
information. More devastating. (e.x.: pod slurping where you exfil incognito on a digital storage device)
Distribution Attacks - Attack Classification - Supply chain attacks. Access to software or hardware of a
vendor an attacker's target is going to use. Install malware onto a device the end target will use.
Typically nation state actors, APTs
Information Warfare - An attacker trying to gain a competitive edge over opponents or adversaries.
C2 warfare - Command and control warfare is the control over compromised targets or their systems
and you have some sort of centralized management to control those compromised systems.
Intelligence-Based Warfare - Design and protection of systems that seek knowledge to dominate the
battlespace and denial of knowledge to adversaries. Stopping adversaries from also gaining the same
knowledge as you.
Electronic Warfare - Signal jamming, radar jamming. Stop communications of an adversary talking to
each other
psychological warfare - The use of propaganda, threats and other psychological techniques to mislead,
intimidate, demoralize, or otherwise influence the thinking or behavior of an opponent. Disinformation
campaign, scare tactics. Attack morale and mental resolve
Hacker Warfare - This type of InfoWar varies from shutdown of systems, data errors, theft of
information, theft of services, system monitoring, false messaging, and access to data.
Economic Warfare - Financially disrupt and adversaries economy. Can be in terms of bringing down
information systems so people can't use their business or harming reputation so people choose another
source for service.
cyber warfare - information terrorism and semantic attacks where an attacker takes over a target
system but the appearance of normalcy is maintained.
,Offensive Information Warfare - web-based attacked system hacking, MITM
Defensive Information Warfare - Techniques we use to try and stop attacked. Detection (IDS),
prevention (IPS), alerting
Cyber Kill Chain - Reconnaissance (1) - Gathering and putting information together about the target.
Getting public info (email accounts, technologies used, DNS spaces)
Cyber Kill Chain - Weaponization (2) - Finding possible exploitable vulnerabilities in target system Create
malicious deliverable payloads
Cyber Kill Chain - Delivery (3) - Handing malicious payload to target (e.x.: email spearphishing, USB,
website watering hole)
Cyber Kill Chain - Exploitation (4) - Target actually interacts with the deliverable
Cyber Kill Chain - Installation (5) - Delivered malicious code will download more "dirty" code. More
functionality downloaded. Maintaining access.
Cyber Kill Chain - Command and Control (6) - Ability of attacker to control target. Use encryption to hide
communication, privilege escalation. Hide presence.
Cyber Kill Chain - Actions & Objectives (7) - Why did he attacker care to gain access to the system? What
do they want? Doing the thing that led them to want to get on to the network.
TTP - Tactics
Techniques
Procedures
Tactics - Guiding principles. Objective attacker is initially going for. Gather networking information,
finding out running services. What do I do as a threat actor? What vulnerabilities do i want to exploit?
, Techniques - How do you do it. Execution of guiding principle. If tactic is looking for vulnerabilities,
technique will be use a vulnerability scanner. Ways to achieve objective.
Procedures - Couple of steps to achieve end goal. Method by which they employ (scan against particular
web vulnerability, specific scanner, scan a certain way)
Adversarial Behaviors - Internal Recon - Once an attacker gains access they want to figure out what else
than can get to. Looking for hosts, services, configurations, pivoting & lateral movement, scanning
internally, stange bash files, PowerShell commands, changing config files
Adversarial Behaviors - PowerShell Use - Living off the land because it is already installed. Scripting,
explore systems with it, connect to external resources, exfil data. Lock down to admin only. Alerting
when regular users attempt to use it. Log and monitor all use.
Adversarial Behaviors - CLI/Terminal - Use of command line and what is in bash. Log commands
executed
Adversarial Behaviors - HTTP User Agent - Header inside web requests. Contains what browser you are
using. Can be manipulated with Burp Suite or ZAP. Modify string to contain a certain command & web
app might not know what to do with it so it will execute to command. Defend against with firewalls and
blacklisting and whitelisting strings.
Adversarial Behaviors - Web Shell Use - Once gained access to a system, have the ability to upload or
insert certain pieces of information. Attacker can interact with the target system through a web
browser.
Adversarial Behaviors - C2 Use - Central area for control over bots owning a network. Issue command or
interact with specific bots and they report back. Block IPs and commands known for C2
Adversarial Behaviors - DNS tunneling - Popular because DNS is allowed by most firewalls. Register a
domain that points to an attackers server where tunneling malware program is installed. Someone
requests the site & C2 server is resolved where tunneling program is installed. Connection is established
through DNS resolver. Monitor for more DNS traffic than normal.