Professional Documents
Culture Documents
Ethical Hackers - White hat(who work for a company, to find vulnerabilities in systems and help
them diagnose them and increase security)
Grey hat(who do out of their self interest, but they do not imply harm. Intentional harm is there
agenda, but sometimes it might happen)->harmful
Certified Ethical Hacker:- No. Of questions: 125, Test Duration: 4 Hrs, Test format: MCQ’s by a
council.
Terminology:
Threat agent:-The guys who choose to attack this agents become threat agents
Security Assessment:-Finding what is going at present in the system or what happened before
they came in.
Penetration test:-It’s a test, basically sends a signal and finds out how people are responding to
them. Testing the system in terms of resistance and resilience to penetration testing/attacks.
Assessment scope:-boundaries in time space which defines what is to be assed in a given period
of time. Narrow down to a specific target.
Pentest Report:-Producing clean and good reports is a very important point, report has to have
different types of points. It is a summary.
White box :-we do not spend time on reconnaissance at all, we have unlimited scope from the
very beginning
Reporting is a very important task, It has to simple and understandable to the company’s
manager or people with statement and scope of it and Moto and what level of hacker has been
imitated. Executive summary, summary of what level of scope has been executed in terms of
security and why. Then list the actions to be taken to limit the vulnerability.
Technical summary:-What you did to penetrate the vulnerability and recommendations for reduce
it.
Bug bounty program:-find bugs in facebook, google, etc which is based upon the report as shown
above.
Integrity:-lack of change, no external person has changed data other than the known people.