Certified Cybersecurity Technician - Module 01 - Information Security Threats and Vulnerabilities - Lab (EC-Council) (Z-Library)

📄 File Format: PDF

💾 File Size: 8.7 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

Copyrights @ 2022 EC-Council International Ltd. 1Certified Cybersecurity Technician CHAPTER 1 INFORMATION SECURITY THREATS AND VULNERABILITIES CERTIFIED CYBERSECURITY TECHNICIAN

📄 Page 2

Copyrights @ 2022 EC-Council International Ltd. 2Certified Cybersecurity Technician INDEX Chapter 1: Information Security Threats and Vulnerabilities Exercise 1: Create a Trojan to Gain Access to the Target System Exercise 2: Create a Virus to Infect the Target System Exercise 3: Create a Worm using the Internet Worm Maker Thing Exercise 4: User System Monitoring and Surveillance using Spytech SpyAgent 05 22 39 48 Exercise 5: Find Vulnerabilities on Exploit Sites 80

📄 Page 3

Copyrights @ 2022 EC-Council International Ltd. 3Certified Cybersecurity Technician SCENARIO The recent trends in cyber security breaches illustrate that no system or network is immune to attacks. All organizations that store, transmit, and handle data must enforce strong security mechanisms to continuously monitor their IT environment to identify the vulnerabilities and resolve them before exploitation. It is important to understand the difference between a security threat and a vulnerability. Security threats are incidents that have a negative impact on the organization’s IT infrastructure. Whereas vulnerabilities are security gaps or flaws in a system or network that enable attacks, tempting hackers to exploit them. Hence, security professionals must have the required knowledge of information security threats and vulnerabilities to safeguard the organization’s sensitive data against unauthorized access or theft. OBJECTIVE The objective of this lab is to provide expert knowledge about the information security threats and vulnerabilities. This includes knowledge of the following tasks: • Creating a trojan, virus, and worm to gain access to the target machine • Monitoring user activities on a remote machine • Finding vulnerabilities using exploit sites OVERVIEW INTERRUPTED SESSIONS A threat is the potential occurrence of an undesirable event that can eventually damage and disrupt the operational and functional activities of an organization. A threat can be any type of entity or action performed on physical or intangible assets that can disrupt security. The existence of threats may be accidental, intentional, or due to the impact of another action. A vulnerability refers to a weakness in the design or implementation of a system that can be exploited to compromise the security of the system. It is frequently a security loophole that enables an attacker to enter the system by bypassing user authentication.

📄 Page 4

Copyrights @ 2022 EC-Council International Ltd. 4Certified Cybersecurity Technician LAB TASKS The recommended labs to assist you in learning various information security threats and vulnerabilities include the following: Note: Turn on PfSense Firewall virtual machine and keep it running throughout the lab exercises. Create a Trojan to Gain Access to the Target System01 Create a Worm using the Internet Worm Maker Thing03 Create a Virus to Infect the Target System02 Find Vulnerabilities on Exploit Sites05 User System Monitoring and Surveillance using Spytech SpyAgent04

📄 Page 5

Copyrights @ 2022 EC-Council International Ltd. 5Certified Cybersecurity Technician EXERCISE 1: CREATE A TROJAN TO GAIN ACCESS TO THE TARGET SYSTEM A computer Trojan is a program in which malicious or harmful code is packed inside an apparently harmless program or data. LAB SCENARIO A Trojan is wrapped within or attached to a legitimate program, implying that the program may have functionality that is not apparent to the user. Furthermore, attackers use victims as unwitting intermediaries to attack others. They can use a victim’s computer to commit illegal Denial-of-service (DoS) attacks. A compromised system can affect other systems on the network. Systems that transmit authentication credentials such as passwords over shared networks in clear text or a trivially encrypted form are particularly vulnerable. If an intruder compromises a system on such a network, they may be able to record usernames and passwords or other sensitive information. Additionally, a Trojan, depending on the actions it performs, may falsely implicate a remote system as the source of an attack by spoofing, causing a liability to the remote system. Trojans enter a system by means such as email attachments, downloads, and instant messages. The lab tasks in this exercise demonstrate how easily hackers can gain access to the target systems in an organization and create a covert communication channel for transferring sensitive data between the victim computer and the attacker. OBJECTIVE This lab demonstrates how to do create a Trojan Server using Theef RAT Trojan. OVERVIEW OF TROJAN Attackers use Remote Access Trojans (RATs) to infect the target machine to gain administrative access. RATs help an attacker remotely access the complete Graphical User Interface (GUI) of the victim’s computer and control without his/her awareness. They can perform screening and camera capture, code execution, keylogging, file access, password sniffing, registry management, and other tasks. The Trojan infects victims via phishing attacks and drive-by downloads and propagates through infected USB keys or networked drives. It can download and execute additional malware, execute shell commands, read and write registry keys, capture screenshots, log keystrokes, and spy on webcams. Theef is a RAT written in Delphi. It allows remote attackers access to the system via port 9871. Theef is a Windows-based application for both client and server. The Theef server is a Trojan that can be installed on a target computer, and the Theef client is then used to control the Trojan. Security professional can use the Theef Tool as a proof of concept to audit perimeter security controls in an organization.

📄 Page 6

Copyrights @ 2022 EC-Council International Ltd. 6Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM Note: The versions of the created client or host, as well as the appearance of its website, may differ from that of this lab. However, the actual process of creating the server and the client is the same. Note: Ensure that PfSense Firewall virtual machine is running. 1. Generally, an attacker might send a server executable to the victim machine and entice the victim into running it. In this lab, for demonstration purposes, we are directly executing the file on the victim machine, Web Server virtual machine. 2. Turn on Admin Machine-1 and Web Server virtual machines. 3. Switch to the Web Server virtual machine. 4. In the Web Server virtual machine, log in with the credentials Administrator and admin@123.

📄 Page 7

Copyrights @ 2022 EC-Council International Ltd. 7Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM 5. Navigate to Z:\CCT Module 01 Information Security Threats and Vulnerabilities\Remote Access Trojans (RAT)\Theef and double-click Server210.exe to run the Trojan on the victim machine. Note: If an Open File - Security Warning pop-up appears, click Run.

📄 Page 8

Copyrights @ 2022 EC-Council International Ltd. 8Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM 6. Now, switch to the Admin Machine-1 virtual machine and log in with the credentials Username: Admin and Password: Pa$$w0rd (as an attacker). Note: If the Welcome to Windows wizard appears, click Continue and in the Sign in with Microsoft wizard, click Cancel. A Networks screen appears. Click Yes to allow the PC to be discoverable by other PCs and devices on the network.

📄 Page 9

Copyrights @ 2022 EC-Council International Ltd. 9Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM 7. Navigate to Z:\CCT-Tools\CCT Module 01 Information Security Threats and Vulnerabilities\Remote Access Trojans (RAT)\Theef and double- click Client210.exe to access the victim machine remotely.

📄 Page 10

Copyrights @ 2022 EC-Council International Ltd. 10Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM 8. The Theef main window appears, as shown in the screenshot below.

📄 Page 11

Copyrights @ 2022 EC-Council International Ltd. 11Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM 9. Enter the IP address of the target machine (here, Web Server) in the IP field (10.10.1.16) and leave the Port and FTP fields set to default. Click Connect.

📄 Page 12

Copyrights @ 2022 EC-Council International Ltd. 12Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM 10. Now, from the Admin Machine-1 virtual machine, a remote connection with the Web Server machine has been successfully established. 11. To view the computer’s information, click the Computer Information icon from the lower part of the window.

📄 Page 13

Copyrights @ 2022 EC-Council International Ltd. 13Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM 12. In Computer Information, PC Details, OS Info, Home, and Network can be viewed by clicking their respective buttons. 13. Here, for example, selecting PC Details reveals computer-related information. Note: The Computer Information might differ when you perform the lab.

📄 Page 14

Copyrights @ 2022 EC-Council International Ltd. 14Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM 14. Click the Spy icon to perform various operations on the target machine.

📄 Page 15

Copyrights @ 2022 EC-Council International Ltd. 15Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM 15. You can perform various operations such as capture screens, log keys, view processes, view the task manager, use the webcam, and use the microphone on the victim machine by selecting their respective options. 16. Here, for instance, selecting Task Manager displays the tasks running on the target machine.

📄 Page 16

Copyrights @ 2022 EC-Council International Ltd. 16Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM 17. In the Task Manager window, click the Refresh icon to obtain the list of running processes.

📄 Page 17

Copyrights @ 2022 EC-Council International Ltd. 17Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM 18. Select a process (task); click the Close window icon to end the task on the target machine.

📄 Page 18

Copyrights @ 2022 EC-Council International Ltd. 18Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM 19. Close the Task Manager window. Note: The tasks running in the task manager may vary in your lab environment. 20. From the Spy menu, click Keylogger to record the keystrokes made on the victim machine.

📄 Page 19

Copyrights @ 2022 EC-Council International Ltd. 19Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM 21. The Keylogger pop-up appears; click the Start icon to read the keystrokes of the victim machine.

📄 Page 20

Copyrights @ 2022 EC-Council International Ltd. 20Certified Cybersecurity Technician EX ER C IS E 1: C R E A TE A T R O JA N TO G A IN A C C ES S TO T H E TA R G ET SY ST EM Note: If you are already logged into the Web Server machine, then skip to Step#23. 22. Switch to the Web Server virtual machine and log in with the credentials Administrator and admin@123. Note: If a Shut Down Windows window appears click on Cancel. 23. Open a text document and enter some sensitive information. 24. Switch back to the attacker machine (Admin Machine-1) to view the recorded keystrokes of the victim machine in the Theef Keylogger window.