Showing posts with label ethical hacking. Show all posts
Showing posts with label ethical hacking. Show all posts

Monday, 20 January 2014

The benefits of the Certified Ethical Hacker certification


Certified Ethical Hacker, or CEH, certification is one of the hottest picks for IT security professionals pursuing a career in penetration testing. However, it’s often overlooked as a viable certification option by most information security pros. Although the certification is a must-have for penetration testers, its benefits are not limited only to this small niche of professionals.

The CEH exam is a relatively new credential in the IT certification industry, but its importance and influence have grown quickly. Provided by EC-Council, the CEH exam was the first certification to bring the so-called dark side of IT into the limelight. Before the CEH exam, there was no certification that taught the methods and tools that hackers use to penetrate computer systems. The CEH exam focuses on how hackers find and exploit vulnerabilities. The course includes everything from the tools of the trade to ethics.

What many security professionals do not yet realise is that the benefits of studying for and achieving this certification stretch beyond the field of penetration testing and into everyday network and application security. In addition to meeting the regulatory standards for employment for many top security positions, you can gain a wealth of knowledge that is otherwise not easy to obtain.  Besides your unique, new title, you’ll also get the following benefits, if you decide to get your CEH certification:

Understanding risks and vulnerabilities

The CEH course is made up of the following task and knowledge domains:

Task domains
  • System development and management
  • System analysis and design
  • Security testing
  • Reporting
  • Mitigation
  • Ethics

Knowledge domains
  • Background
  • Analysis/Assessment
  • Security
  • Tools
  • Procedures
  • Policy
  • Ethics

These domains are comprehensive and form a solid foundation for understanding how vulnerabilities affect organisations on a day-to-day basis.

Thinking like a hacker

The CEH course gives “white hat” IT professionals a glimpse into the mindset of a typical hacker. The focus of an IT professional is always on keeping bad guys out and maintaining secure systems. Over time, many IT pros develop a reactionary mindset. Battling with the bad guys will always involve reacting to threats and events as they occur, but it’s far more valuable and powerful to understand how the bad guys think and to be able to anticipate their moves. By learning the hacker mindset, you’ll be able to take a more proactive approach and see beyond current security tools and policies to know where and how an attacker might try to gain access to your network.

Learning how exploits evolve

Besides demonstrating the hacker mindset, the CEH course also provides valuable insight into the entire life cycle of an exploit. For many security professionals, the way exploits evolve to take advantage of vulnerabilities is a mystery. While security pros are trained to prevent and respond to known vulnerabilities, little attention is paid to the life cycle of the exploit itself, from its conception to its destructive use in the real world. The level of insight gained by becoming a CEH allows you to look at exploits and vulnerabilities objectively and to spot potential attack vectors and weaknesses before the hackers do.

Learning about the tools of the trade

Another overlooked benefit of the CEH certification is the amount of knowledge you can get regarding the tools of the hacker trade. While most IT pros have experience with at least some of the tools used by a CEH, they often lack the in-depth knowledge that’s required to use these tools for criminal purposes. Learning how malicious attackers use various tools allows you to better secure your networks, applications, and other assets.

To learn more about Ethical Hacking and its benefits, watch the following video with EC-Council President Jay Bavisi:

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 29 November 2013

Hacker Halted Europe Interviews Part 5 – Alexander Polyakov


In October, EC-Council’s Hacker Halted came to Europe for the first time. Firebrand attended the conference in Reykjavik, Iceland and interviewed industry experts about the hottest topics in cyber security.

Alexander Polyakov is the co-founder and CTO of ERPScan Security Monitoring Suite for SAP. He’s an expert on the security of enterprise business-critical software, such as ERP, CRM SR, as well as enterprise applications developed by SAP and Oracle. Alexander is the author of numerous surveys and whitepapers devoted to IT security research in SAP.

The conference organisers invited Alexander to speak about vulnerabilities, threats and trends of SAP in 2013. The presentation outlined the importance of raising awareness on securing ERP Systems based on SAP. As business critical data is often stored in the SAP system, it is absolutely essential to ensure that there are no vulnerabilities. Alexander also pointed out that the exposure of SAP systems to the internet can bear serious consequences, as cybercriminals might gain access to them, using simple vulnerabilities.

To learn more about the latest threats and trends of SAP systems, watch the full interview: 

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 6 November 2013

A story about how your life can get hacked


Have you ever wondered about what it’s like to be hacked? Investigative journalist Adam Penenberg has too, so he hired a group of hackers to find out how vulnerable he is. The ground rules to this experiment forbade the hackers to do anything unlawful, for instance breaking into Adam’s house, and they also had to leave his children out of it. Other than these two conditions, the hackers, led by SpiderLabs founder Nicholas J. Percoco, were allowed any technique to breach Penenberg’s privacy as much as possible.

“It’s my first class of the semester at New York University. I’m discussing the evils of plagiarism and falsifying sources with 11 graduate journalism students when, without warning, my computer freezes. I fruitlessly tap on the keyboard as my laptop takes on a life of its own and reboots. Seconds later the screen flashes a message. To receive the four-digit code I need to unlock it I’ll have to dial a number with a 312 area code. Then my iPhone, set on vibrate and sitting idly on the table, beeps madly.
I’m being hacked — and only have myself to blame.” – extract from Adam L. Penenberg’s article.

Percoco with his team spent a few weeks trying to hack Penenberg and despite some initial difficulties, their efforts were eventually rewarded. Within a relatively short period of time, the attackers gained all the information, including passwords, usernames, credit card details, etc. that would be more than enough to ruin someone’s life.

Facebook profile, Twitter account, Amazon account, online banking, you name it. The hackers gained access to all of them. They even did a little shopping on Amazon and ordered 100 plastic spiders to Penenberg’s house, at his expense of course.

At the end of the experiment Percoco gave a report to Penenberg, which listed their plans, as well as a log of their progress. To see the chilling results, read the full article

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 30 November 2012

Hacktober - Facebook hacks its employees

Employees for Facebook were put to the test this October on their now yearly 'Hacktober' event. 

So whats 'Hacktober'? It's when Facebook teaches its employees how to detect and prevent cyber attacks. But there's a twist, Facebook doesn't just take them on an IT security course... it hacks them. In other words, its the its the other way performing ethical hacking within the company.

Facebook Hacktober'Hacktober' lasts the entire 31 days of the month, and has a number of simulated security threats. The security threats includes attacks to employee computers to see if they fall victim to the attack and to see who identifies and reports the issue.

Those lucky enough to catch the phishing scam or security threat created by Facebook and report it (it can be to their private emails or throughout the site) receive a prize.

Prizes this year included Facebook-branded shirts, bandannas and stickers.

But if the employee was unlucky enough to fall for the security threat and/or not report it, they would under go further IT security training.

Facebook's Security Director Ryan McGeehan spoke to the publishers at Mashable about their yearly event:

“Webinars don’t exactly fit in well here, so we wanted to do something unique in line with our hacking culture to teach employees about cybersecurity,” 

“We took the theme of October, fear and pranks and created something that is both fun and educational.”

October is now celebrated as a National Cyber Security Awareness month in the US. 

Ryan McGeehan added "“People don’t always lock their doors until they have been robbed,” McGeehan said. “It’s easy for cyber security awareness month to go by like a trip to the dentist, so we wanted to do something with an impact and not have the security team talk down with tips to the rest of the staff.” 

With the increasing numbers of cyber attacks, we are starting to see more and more companies introduce innovative security measures to prevent the chaos seen in other companies like PayPalBharat Sanchar Nigam Limited (BSNL) and thousands of other companies. 

The security threats of 2011 were enough to scare even governments around the world. Because of this, opportunities are popping up everywhere for IT Security Professionals.

Find out the top 5 IT Certifications to go for here:

Wednesday, 15 August 2012

WikiLeaks back online & Assange granted Asylum in Ecuador

The whistleblowing website had been down for almost two weeks after a huge 10GBps DDOS (distributed denial-of-service) attack. WikiLeaks tweeted that the attack was over 10GBps with a bandwidth so huge; it was only possible to filter out with specialised hardware. 

They added :“Whoever is running it controls thousands of machines or is able to simulate them”. The attack happened moments after WikiLeaks published its Global Intelligence Files, which mentioned the use of the TrapWire surveillance software in the US public sectors. 
Julian Assange - WikiLeaks Leader
The site was able to come back online after signing up for the CloudFlare services. The attack also hit its donations infrastructure; Fund for Network Neutrality. 

The WikiLeaks leader, Julian Assange has been granted asylum by Ecuador's President, Rafael Correa. He officially requested political asylum in June 19 and is currently staying in Ecuador's London embassy. He faces arrest as soon as he leaves the embassy making it complicated to leave the country. 

Mr Patiño stated that "For Mr Assange to leave England, he should have a safe pass from the British (government). Will that be possible? That's an issue we have to take into account"

Friday, 3 August 2012

$2.5 billion taken from world banks: OPERATION HIGH ROLLER


In a recent report by McAfee and Guardian Analytics, it was found that a highly sophisticated and reoccurring cyber-attack has taken as much as $2.5 billion from bank accounts around Colombia, Europe and the U.S.A.

The report states that the organized criminal who deal with the malware have attempted to take $78 million  from accounts at 60 or more institutions, but it is stated that the total attempted fraud could go up to $2.5 billion if all were as successful as those discovered in the Netherlands.
It was named "Operation High Roller” and is formed by combination of a large understanding of banking transaction systems (highly possible from an insider) with a malicious code. The code requires no human interaction. 60 servers were found processing thousands of attempted thefts from high-value commercial accounts which included  large global banks, very rich individuals and credit unions.
The malware finds a victim automatically by searching for the highest value accounts and then transfers money to a prepaid debit card which is quickly emptied anonymously. It does this by altering the target's bank statement to conceal the theft. 
Reuters stated that “The new software allows the criminal to siphon money out at all hours, potentially increasing the number of hacked accounts and the speed with which they are drained.” It is said to be an advanced version of two existing malicious software, known as SpyEye and Zeus.

Thursday, 26 April 2012

Companies to spend 14% more on IT security

Information Shield, in its 2011 Information Security and Data Privacy Staffing Survey, which polled 190 organisations in 34 countries, reveals that IT security staffing budgets are expected to rise by 14%.

RSA chief Arthur Coviello stated that, “never have the attacks been as targeted, with the aim of breaching one organisation as a stepping stone to breaching others.” Cyber-attacks have reached scary levels of sophistication, and the demand for ethical hackers and other ‘cyber ninjas’ has been on the rise.