1. CEHv10 Module 01 Introduction to Ethical Hacking

2. We will start defining ● Program bugs ● Buffer overflows ● Viruses
● Worms
● Trojan Horses
● Denial of Service
● Social Engineering

3. Different methods used to Attack:
● Footprinting
● Scanning
● Enumeration
● Penetration – (Individuals that are unsuccessful at this step may opt for a Denial of Service attack)
● Escalation of Privilege
● Cover Tracks
● Backdoors

4. ●Confidentiality ●Integrity ●Availability
The Security Functionality Triangle
The CIA triangle or triad comprises the three fundamental pillars of security. These include:
●Confidentiality
●Integrity
●Availability

5. Different Types of Attacks
● LAN Attack
● WAN Attack
● Physical Entry
● Stolen Equipment
● Unsecured Wireless Access
● DialUp Attack

6. Security evaluation plan
It is a very important part at the time of making an audit, it requires a document in which is the client's authorization, the rules of the game and scope. it consists of the following:
1. Authorized signature of the client to perform the auditing.
2. How and when is the audit carried out?
3. What would be the scope of the audit that can be accessed and that can not be accessed?

7. Type of tests ● Internal Evaluations ● External Evaluations
● Stolen Equipment Evaluations

8. Ethical Hacking Report
● Preparation
● Result
● Conclusion

9. Penetration test methodologies
1. AsseE among other assessment
2. Policy
3. Implementation
4. Training
5. Audit

10. CEHv10 Module 02 Footprinting and Reconnaissance

11. Most important phase of testing – very time consuming
Footprinting
Most important phase of testing – very time consuming

12. Footprinting tools
Steps for gathering information Some of the most well-known tools used for information gathering include:
● WHOIS
● Nslookup
● Web-Based Tools

13. WHOIS
WHOIS allows you to query the information an organization entered when they registered their domain.

14. Nslookup
Nslookup is employed to query domain name servers. A nslookup query can be used to resolve IP addresses to hostnames.

15. Web-based Tools
Many web-based tools are available to help you get hidden domain information. These services provide whois information, DNS information, and network queries.

16. IANA
IANA is an excellent starting point for determining details about a domain.

17. RIR’s (Regional Internet Registries)
These databases provide an excellent resource to use to research a domain further, once you have decided what area of the world it is located in.

18. Domain Location and Path Discovery:
If you are unsure of a domain’s location, the best way to determine its position is by use of the traceroute command. Traceroute identifies a path to a domain by incrementing the TTL field of the IP header.

19. The first step in security testing Google hacking may be employed
Reconnaissance
The first step in security testing
Google hacking may be employed

20. CEHv10 Module 03
Scanning

21. War Dialing War Driving Pinging Port Scanning
Identification Processes
There are numerous ways that this identification process can take place that includes:
War Dialing
War Driving
Pinging
Port Scanning

22. War Dialing
While some may see war dialing as a dated art, it still has its place in the hacker’s arsenal of tools. If a thorough footprint has been performed, phone numbers were most likely found that can be associated with the organization.

23. War Driving
This mode of penetration relies on identifying unsecured wireless access points.

24. ICMP Ping
Ping is an ICMP (Internet Control Message Protocol) echo request- response

25. ICMP could be disabled on the target – try a TCP ping instead
No ping response???
ICMP could be disabled on the target – try a TCP ping instead

26. Port Scanning
Port scanning allows a hacker to determine what all services are running on the system. Identification of vulnerable or insecure services let the hacker to exploit unauthorized access.

27. Ping Scan SYN Scan Full Scan ACK Scan XMAS SCAN UDP Basics
TCP Scan Types
Ping Scan
SYN Scan
Full Scan
ACK Scan
XMAS SCAN
UDP Basics

28. Nmap
Nmap (network mapper) is an open source port scanner that can craft packets in numerous ways allowing the program to determine what services an OS is running.
Find out what ports are open
OS Scan requires root privileges
nmap -T4 -F /24 – enumerates machines quickly
nmap -sV host.domain.com -p 80 – attempts banner grabbing
nmap -sS -sU -Pn -p – scans udp
To save time, ping sweep to identify live hosts and then port scan the live hosts.

29. Port Scan Countermeasures
Practice the principle of providing least privilege. Don’t leave ports open and block ICMP echo requests at the firewall or external router. Allow traffic through the external router to only specific hosts.

30. Active Stack Fingerprinting
Active stack fingerprinting relies on subtle differences in the responses to specially crafted packets.

31. Nessus or another vulnerability scanner
Is one of the best approaches for discovering vulnerabilities on a Windows-based computer
Shows missing patches and weak passwords

32. Determining the attack surface of an organization
Run a scan to detect network services in the corporate DMZ

33. The port will ignore the packets if the port is open
XMAS, FIN, NULL scans
The port will ignore the packets if the port is open
RST if port is closed

34. TCP three way handshake connection establishment and termination
Connection Establishment: SYN, SYN-ACK, ACK
Connection Termination: FIN, ACK-FIN, ACK

35. HTTP/1.1 200 OK Server: MIcrosoft IIS/6 Expires Wed, 26
Banner grabbing
HTTP/ OK Server: MIcrosoft IIS/6 Expires Wed, 26
Feb :41:33 GMT Date: Wed, 26 Feb :06:13 GMT Content-Type: text/html Accept- Ranges: bytes
Last-Modified: Wed, 26 Feb :12:11 GMT ETag: “50ba0543e25c31:89d" Content-Length: 8156

36. Netcraft
This is a handy site for legitimate and illegitimate purposes. Its most used feature is that it shows how long a particular site has been up and what the site is running

37. Telnet
Telnet can easily be used for banner grabbing from various applications simply by specifying the target and port.

38. TCP SYN scanning
Will not evade IDS

39. TOR network with multi-node
Surf the internet anonymously

40. Log of Port scan targeting 172.17.17.206
Time:Mar 13 17:30:15 Port 20 Source: Destination Protocol TCP
Time Mar 13 17:30:17 Port 21 Source: Destination: Protocol TCP
Time Mar 1317 :30 ;19 Port 22 Source Destination: Protocol TCP
Time: Feb 29 13:21:31 Port23 Source Destination Protocol TCP
Time Feb 29 13:21:32 Port 25 Source Destination Protocol TCP
Time Feb 29 13:21:33 Port 80 Source Destination Protocol TCP
Time Feb 29 13:21:30 Port 443 Source Destination Protocol TCP

41. Active OS fingerprinting
sends specially crafted packets to the remote OS and analyzes the
received response

42. ICMP scan using hping2
hping2 -1 host.domain.com

43. Xmas scan using NMAP
nmap -sX

44. CEHv10 Module 04 Enumeration

45. Enumeration
Enumeration is the process of discovering each domain that is located within the LAN.

46. Port and services 135 - MS-RPC Endmapper 137 - NetBIOS Name Service
138 - NetBIOS Datagram Service
139 - NetBIOS Session Service
445 - SMB over TCP / IP (Windows 2K and above)

47. NetBIOS Null Sessions
The legitimate purpose of a Null Session is to grant unauthenticated computers to obtain browse lists from servers, permit system accounts access to network resources, or to allow a null session pipe.

48. The Inter-Process Communication Share
Windows computers make communications with each other over the IPC$ “Inter-Process Communication” share.
The Inter-Process Communication Share

49. 515, 631 and 9100 515 is Line Printer Daemon (LPD)
631 is Internet Printing Protocol (IPP)
9100 HP Jet Direct
This host is most likely a printer

50. net view
Lists file shares

51. AXFR or IXFR
DNS zone transfers

52. CEHv10 Module 05 System Hacking

53. System hacking
System Hacking - System hacking is the point at which an actual connection is made. It is the first true attack phase, breaking and entering by an attacker using the administrative connection or by an enumerated share.

54. Create User Account Install backdoor
Maintain Access
Create User Account
Install backdoor

55. Dictionary – least time and effort Brute force – most time and effort
Password Cracking
Dictionary – least time and effort
Brute force – most time and effort

56. The maximum password length is 14 characters No case sensitivity
LM Hash
The maximum password length is 14 characters
No case sensitivity

57. Steganography Hiding a covert message within an overt message
Security through obscurity

58. Linux based tool to change any Windows user's password or to activate
CHNTPW
Linux based tool to change any Windows user's password or to activate
disabled accounts

59. Counter-based authentication system
creates secret key encrypted one-time passwords

60. John the ripper Hydra Rainbowcrack Lophtcrack Cain
Password crackers
John the ripper
Hydra
Rainbowcrack
Lophtcrack
Cain

61. Basic syntax is: john passwordfile.txt
Using john the ripper
Basic syntax is: john passwordfile.txt

62. Does not contain the passwords themselves. The shadow file does.
/etc/passwd
Does not contain the passwords themselves. The shadow file does.

63. Pwdump SAM file hash dump format
USER:RID:LM:NTLM

64. Uses a list of commonly used passwords
Dictionary attack
Uses a list of commonly used passwords

65. Defeats rainbow tables
Salting
Defeats rainbow tables

66. Privilege Escalation Vertical - acquiring administrative privileges
Horizontal – acquiring access to another account's files

67. Multi-factor authentication
Something you remember – password or pin
Something you have – smart card or token
Something you are - biometric

68. Uses a precomputed table of hashed passwords
Rainbow Table Attack
Uses a precomputed table of hashed passwords

69. Doesn’t affect Windows
Shellshock
Doesn’t affect Windows

70. Dumps files from USB devices without alerting the user.
USB Dumper
Dumps files from USB devices without alerting the user.

71. CEHv10 Module 06 Malware Threats

72. Boot Sector Virus
Copies itself to the original location of the MBR after relocating the original to another location on the disk

73. Locks your computer and demands payment to unlock it.
Ransomware
Locks your computer and demands payment to unlock it.

74. Botnet Trojans Send junk mail Participate in coordinated attacks
Host unauthorized content

75. User Access Control (UAC)
Prevents a user from accidentally executing a potentially malicious program

76. Actively alters and corrupts service call interruptions
Tunneling virus
Actively alters and corrupts service call interruptions

77. Blocks execution in a non-executable memory location
DEP
Blocks execution in a non-executable memory location

78. Infects Microsoft Office files
Macro virus
Infects Microsoft Office files

79. CEHv10 Module 07 Sniffing

80. Can be used for DNS poisoning to direct the user to a phishing site
Hosts file
Can be used for DNS poisoning to direct the user to a phishing site

81. Best defense against sniffing
Encryption Protocols
Best defense against sniffing

82. Syslog
Uses UDP port 514

83. ip.src ip.dst tcp.port tcp.srcport tcp.dstport
Wireshark filters
ip.src
ip.dst
tcp.port
tcp.srcport
tcp.dstport

84. Used to analyze packet capture files
tcptrace
Used to analyze packet capture files

85. Sends a broadcast for the MAC address from a specific IP address.
ARP
Sends a broadcast for the MAC address from a specific IP address.

86. Sniffers Work at Layer 2 and Layer 3 of the OSI model.
Can be used to read PCAP files from IDS’s or other utilities.
Wireshark is a very popular sniffer for both wired and wireless traffic
Tcpdump is a popular command line packet sniffer

87. Promiscuous mode
Passes all traffic to the CPU vs. only traffic to the local MAC address or broadcasts

88. Application layer vulnerabilities
Are identical in IPv6 and IPv4

89. redirects traffic to attacker’s computer
STP manipulation
redirects traffic to attacker’s computer

90. Protocols should be configured with authentication
Network routers
Protocols should be configured with authentication

91. Provides authentication of DNS traffic
DNSSEC
Provides authentication of DNS traffic

92. CEHv10 Module 08 Social Engineering

93. Social engineering
low-tech methods

94. Piggybacking / Tailgating
Following someone closely through a secure entrance

95. a transparent iframe in front of the URL
Click jacking attack
a transparent iframe in front of the URL

96. modifying host configuration files or exploiting DNS
Pharming
modifying host configuration files or exploiting DNS

97. URL misspelled or similar to the actual domain name
Phishing
URL misspelled or similar to the actual domain name

98. Looking for useful information in the trash
Dumpster diving
Looking for useful information in the trash

99. CEHv10 Module 09 Denial-of-Service

100. Denial of Service
A DoS attack is a special type of attack that brings a system offline compromised or otherwise makes a host’s service unavailable to legitimate users.

101. Common DoS Attack
Popular DoS attacks can be separated into three categories:
1. Bandwidth
2. Protocol
3. Logic

102. Common DoS Strategies:
Ping of Death
SSPing
Land
Smurf
SYN Flood
Win Nuke
Jolt2
Bubonic
Targa
Teardrop

103. Mass Intrusion Attack Phase
DDoS Attack Sequence
Mass Intrusion
Attack Phase

104. Preventing DoS Attacks
No solution provides complete protection against the threat of DoS attacks. However, there are things you can do to minimize the effect of a DoS attack

105. Find_ddos SARA DDoSPing RID Zombie Zapper
DoS Scanning Tools
Find_ddos
SARA
DDoSPing
RID
Zombie Zapper

106. DoS and DDoS
Denial of Services (DoS) and Distributed Denial of Service (DDoS) attacks are embarrassing and inconvenient. Both attacks are extremely difficult to prevent from being attempted. The best defense is a well-designed network that is hard to overwhelm.

107. CEHv10 Module 10 Session Hijacking

108. Spoofing
Spoofing is an act of masquerading or impersonating as another user, whereas session hijacking tries to attack and take over an existing connection.

109. Session Hijacking
Session hijacking attacks can range differently from basic sniffing, to capture the traffic of an authenticated traffic between a client and server, to hijacking the established session to fool the server into thinking it has an authenticated session with the server.

110. Session Hijacking Steps
The attacker must be able to track and intercept the traffic
The attacker must be able to desynchronize the connection
The attacker must be able to inject his traffic in place of the victim’s

111. Passive Session Hijacking Active Session Hijacking TCP Concepts
Types of Hijacking:
Passive Session Hijacking
Active Session Hijacking
TCP Concepts

112. TCP must set up the session. This setup is comprised of three steps.
Client -- SYN -→ Server Client ←- SYN / ACK -- Server Client -- ACK -→ Server

113. IPSec Operates at Layer 3 Transport mode is used on the LAN
Tunnel mode is used on the internet (VPNs)
ESP provides confidentiality
AH provides authenticity

114. CEHv10 Module 11 Hacking Webservers

115. Hacking Web Servers
Web hacking is an important topic because much of the Internet is devoted to e-commerce.

116. Web Server Identification
While standard web servers run on ports 80 (HTTP) or 443 (HTTPS), there are similar ports that should be scanned while looking for web-based applications. These include the following ports:
● – Kerberos
● Windows 2000 Web Server
● – Squid
● – Alternate Web Server

117. Web Server Scanning Tools
Nmap
Netscan Tools
Superscan

118. Web Server Enumeration
Once all the possible web servers have been discovered, the attacker will usually attempt to enumerate the web server vendor.

119. Vulnerability Identification
Once the attacker has identified the vendor and version of the web server, he will then search for vulnerabilities.

120. Vulnerability Exploitation:
IIS has been noticed to be the target of many attacks, but this is partly because it is so widely used. Others such as Apache, have also been targeted for attack and have their share of vulnerabilities.

121. Types of Web Server Attacks:
ISAPI DLL Buffer Overflows
IPP Printer Overflow
Directory Listing
Shoveling the Shell
Types of Web Server Attacks:

122. NMAP http-methods script
Can detect all http methods (GET, POST, HEAD, PUT, DELETE, TRACE)

123. Msfencode / msfvenom
Can help evade AV

124. Exploitation framework
Metasploit
Exploitation framework

125. CEHv10 Module 12 Hacking Web Applications

126. Attacking Web Application Server
Web servers typically listen on TCP port 80 (HTTP) and TCP port 443 (HTTPS). Because those ports must be open and available to web clients, any firewalls or packet filtering devices between the web client and web server must pass traffic destined for those ports. Web application software sits on top of the web server software and allows access to additional ports

127. Basic Attacks Steps for Web Application Server
Hacking web applications is similar to hacking other systems. Hackers follow a five-step process:
Scan the network
Gather information
Test different attack scenarios
Planning the attack
Launch an attack

128. #1 on the OWASP Top Ten List
Injection
#1 on the OWASP Top Ten List

129. Web vulnerability scanner
Nikto
Web vulnerability scanner

130. Insufficient input validation
A software design problem where unexpected input can be entered into an application

131. Burpsuite
Web proxy tool

132. Input validation Escape input
XSS prevention
Input validation
Escape input

133. Simple Object Access Protocol (SOAP)
Provides a structured model for messaging
Based on XML
Exchanges data between web services

134. CEHv10 Module 13 SQL Injection

135. SQL Injection
SQL injection occurs when an attacker can insert SQL statements into a query using a SQL injection vulnerability.

136. SQL Injection Vulnerabilities
Unpatched Systems
Blank SA Password

137. Used to attempt to breaking a valid SQL request
Single quote
Used to attempt to breaking a valid SQL request

138. Generic error page True/False questions Time delay
Blind SQLi
Generic error page
True/False questions
Time delay

139. CEHv10 Module 14 Hacking Wireless Networks

140. Wireless DoS Access Point Spoofing
Wireless Attacks
Wireless DoS
Access Point Spoofing

141. Wireless detection tool
Kismet
Wireless detection tool

142. Wireless Intrusion Prevention System
Used to detect and restrict network access to unauthorized wireless devices, also capable of searching for and locating rogue access points

143. RADIUS Authentication, Authorization, and Accounting (AAA) server
Used in 802.1x authentication

144. Bluetooth
short-range wireless

145. Wired Equivalent Privacy (WEP)
Can be attacked by capturing enough packets to crack the key in seconds

146. MAC filtering
WAP must recognize the client’s MAC address as being authorized to connect

147. Bluesnarfing Bluejacking Bluesmacking Bluebugging
Bluetooth attacks
Bluesnarfing
Bluejacking
Bluesmacking
Bluebugging

148. 802.11 WEP and WPA cracking tool
Aircrack-ng
WEP and WPA cracking tool

149. Evil twin attack
Access point that appears to be a legitimate set up to eavesdrop on wireless communications.

150. WPA2
AES 128 bit
CCMP

151. CEHv10 Module 15 Hacking Mobile Platforms

152. BBProxy Blackjacking tool QUESTION 1
Bob received this text message on his mobile phone: ""Hello, this is Scott Smelby from the Yahoo Bank. Kindly
contact me for a vital transaction on: Which statement below is true?
A. This is a scam as everybody can get address, not the Yahoo customer service employees.
B. Bob should write to to verify the identity of Scott.
C. This is a scam because Bob does not know Scott
D. This is probably a legitimate message as it comes from a respectable organization.
Correct Answer: C

153. CEHv10 Module 16 Evading IDS, Firewalls, and Honeypots

154. Web vulnerability scanner with session splicing capabilities
Whisker
Web vulnerability scanner with session splicing capabilities

155. Facilitates separation of duties
Bastion host
Facilitates separation of duties

156. Encryption Flooding Unicode Characters
IDS evasion
Encryption
Flooding
Unicode Characters

157. Stateful inspection firewall
Verifies packets belong to an established session

158. Capable of inspecting content
Application firewall
Capable of inspecting content

159. alert tcp any any -> 10.0.0.0/24 23 (msg: “Telnet traffic";)
IDS rule example
alert tcp any any -> /24 23 (msg: “Telnet traffic";)

160. Intrusion Detection System
Identifies malicious activities

161. No alarm is triggered when one should be triggered
False Negative
No alarm is triggered when one should be triggered

162. Allows for encrypted passing of data over the network
Cryptcat
Allows for encrypted passing of data over the network

163. Network based intrusion detection system (NIDS)
Monitors all network traffic
ideal for observing sensitive network segments

164. Firewalking
Determines which ports are open and if the packets can pass
through the packet filter and the firewall
Receipt of “Time-to-live exceeded” message indicates port was not blocked at firewall
QUESTION 14
What does a firewall check to prevent particular ports and applications from getting the packets into an
organization?
A. Application layer port numbers and the transport layer headers
B. Transport layer port numbers and application layer headers
C. Network layer headers and session layer port numbers
D. Presentation layer headers and the session layer port numbers
Correct Answer: B

165. Alarm is triggered when one should not be triggered
False positive
Alarm is triggered when one should not be triggered

166. CEHv10 Module 17 Cloud Computing

167. Cloud Computing
Cloud Computing is an on-demand delivery of IT where IT infrastructure and applications are provided to subscribers as a metered services over a network.capabilities

168. Characteristics of Cloud Computing
On-demand self service.
Distributed storage.
Rapid elasticity.
Automated management.
Broad network access.
Resource pooling.
Measured service.
Virtualization technology.

169. CEHv10 Module 18 Cryptography

170. Uses product of two large prime numbers
RSA
Uses product of two large prime numbers

171. Designed to verify and authenticate the identity of individuals
PKI
Designed to verify and authenticate the identity of individuals

172. XOR
1 XOR 1=0
1 XOR 0=1
0 XOR 1=1
0 XOR 0=0

173. Heartbleed Serious vulnerability in OpenSSL (TLS/SSL)
Exposes private key of the server

174. Two inputs producing the same hash
Collision attack
Two inputs producing the same hash

175. Public Key (Asymmetric)
PGP
SSL
IKE
RSA

176. Insures integrity of data
Hash
Insures integrity of data

177. TLS
Successor to SSL

178. Disk Encryption
Best protection against data compromise in the event of physical theft of the device.

179. asymmetric key pair is used to deliver the shared session key
SSL
asymmetric key pair is used to deliver the shared session key

180. Private Key (Symmetric)
Faster than Asymmetric
AES
DES
RC4

181. Hash of the document encrypted with the private key of the signer
Digital signature
Hash of the document encrypted with the private key of the signer

182. Certificate Authority (CA)
Vouches for the identity of an individual or company

183. CEHv10 Module 19 Ethics, Process, General Knowledge

184. Risks = Threats x Vulnerabilities
Risk equation
Risks = Threats x Vulnerabilities

185. Most secure retention method is an offsite location
Backup tapes
Most secure retention method is an offsite location

186. host -t a targetdomain.org
Host command
host -t a targetdomain.org

187. Can never be fully eliminated, but can be reduced to acceptable levels
Risk
Can never be fully eliminated, but can be reduced to acceptable levels

188. Should be considered in a risk assessment
Physical security
Should be considered in a risk assessment

189. Shellshock
GNU bash shell vulnerability often exploited through a malformed environment variable

190. Five basic responses to risk
accept
avoid
mitigate
share
transfer

191. Vulnerability scanner
May be used to audit compliance with security policies

192. Ensures log file event correlation is accurate
Time synchronization
Ensures log file event correlation is accurate

193. An entity or event with the potential to adversely impact a system
Threat
An entity or event with the potential to adversely impact a system

194. Residual risk
Risk that remains after the vulnerabilities are classified and the
countermeasures have been deployed

195. Launches Computer Management Console
compmgmt.msc
Launches Computer
Management Console

196. If you encounter evidence of a crime:
Immediately stop and contact law enforcement

197. A restricted OS for testing code
Sandbox
A restricted OS for testing code

198. Responsible for moving and processing data between tiers
Application Layer
Responsible for moving and processing data between tiers

199. If you discover a vulnerability
Notify the web site owner

200. Permits users to authenticate once and gain access to multiple systems
Single sign-on
Permits users to authenticate once and gain access to multiple systems

201. Biometric processing speed
The time it takes to be accepted or rejected from when an individual provides identification and authentication information

202. Civil liability
Executives are liable for not reasonably protecting company's assets in information systems

203. Must be authentic and incapable of being forged
Digital signature
Must be authentic and incapable of being forged

204. deny tcp any any permit tcp any any
All tcp traffic would be blocked since the first rule applies and others are disregarded
QUESTION 42
A beta stores and processes sensitive privacy information related to home loans. However, auditing has never
been enabled on the system. What is the first step that the bank should take before enabling the audit
feature?
A. Allocate funds for staffing of audit log review
B. Determine the impact of enabling the audit feature
C. Perform a cost/benefit analysis of the audit feature
D. Perform a vulnerability scan of the system

205. A security solution which filters data packets
Stateful firewall
A security solution which filters data packets

206. PCI compliance
Use a firewall between the public network and the payment card data
Limit access to card holder data to as few individuals as possible
Use encryption to protect all transmission of card holder data over any public network

207. Most susceptible to buffer overflows

208. Employees must be informed that they are being monitored
Monitoring Employees
Employees must be informed that they are being monitored

209. The probability that a threat-source will exploit a vulnerability
Likelihood
The probability that a threat-source will exploit a vulnerability

210. To verify that a backup can be restored
Perform a full restore

211. CEHv10 Module 20 Performing a Penetration Test

212. Defining Security Assessments
A penetration tester assesses the security posture of the organization as a whole to reveal the potential consequences of a real attacker compromising a network or application. Security assessments can be categorized as security audits, vulnerability assessments, or penetration testing.

213. Penetration Testing Steps
Penetration testing includes three phases:
Preattack phase
Attack phase
Postattack phase

214. CEHv10 Module 21 IoT Security

215. IoT Security
IoT Security is key for the secure development and secure operation of scalable IoT applications and services that connect the real and virtual worlds between objects, systems, and people.

216. IoT Introduces an Increased Number of Security Threats
One of the big differences between the Internet of Things and previous internet technology is that the number of possible threats is much larger.

217. IoT Security Happens on Four Different Layers
IoT solution architectures require multi-layered security approaches that seamlessly work together to provide complete end-to-end security from device to cloud and everything in between throughout the lifecycle of the solution.

218. Increasing Automation of IoT Security Tasks
With forecasted growth to billions of IoT devices, manually handling security tasks (e.g., revoking certificates, isolating compromised devices), as is still the case in many solutions today, will not be feasible.

219. END