CSM and EC-Council collaborate On Asean CISO workshop

CYBERSECURITY Malaysia (CSM) has teamed up with EC-Council to organise the Asean CCISO Workshop 2015, which CSM said would strengthen the information security landscape of Asean countries. This joint collaborative workshop will be a training and certification event where participants will go through a four-day intensive Certified Chief Information Security Officer training (CCISO) programme, one of EC-Council's most prominent certification programme, CSM said in a statement. CSM is an agency under Malaysia’s Ministry of Science, Technology and Innovation (Mosti), while EC-Council Group comprises a global group of companies that operate in over 140 countries and specialise in information security training, education, certification, events and services.

Information security is an industry that evolved as a reactive measure to the evolution of cybercrime and fraud,” said EC-Council executive director Danish Arshad.
However, with colossal implications of information security breaches to organisations and countries in general, it is high time for information security to be a proactive element.
Thus, EC-Council and CyberSecurity Malaysia have taken the initiative to gather the movers and shakers of information security within Asean organisations in a single platform, and enable them to build a proactive information security maturity roadmap leading to greater info security sustainability,” he added.

Arshad said the biggest challenge facing Asean countries now is the lack of focused leadership for information security within organisations, caused by a “drastically low number” of CISOs (chief information security officers) within the government and corporate sectors. CSM chief executive officer Dr Amirudin Abdul Wahab said his agency was supporting the Asean CCISO workshop because the programme addresses current threats affecting the information security industry, particularly the shortage of certified cybersecurity professionals.
The CCISO certification programme enables prospective information security leaders to enhance their technical knowledge in areas like information security risk management, controls, auditing, core concepts and competencies.
More importantly: it also focuses on areas which are extremely integral but often not catered for information security leaders, such has information security governance, compliance, regulations, information security leadership, project management, operations and … information security planning and finance,” he added. The main mentor and instructor for the Asean CCISO Workshop 2015 is the EC-Council’s lead CCISO instructor Keyaan Williams, who has more than 15 years’ professional experience in the Information Security Management field.

Read More

312-50v8 Certification Sample Questions

QUESTION 15

Vulnerability mapping occurs after which phase of a penetration test?

A. Host scanning
B. Passive information gathering
C. Analysis of host scanning
D. Network level discovery

Answer: C

Read More

CEH (Certified Ethical Hacking) Course Description + Version 8 Outline

Course Description

This class immerse students in an interactive environment that will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin to understand how perimeter defenses and thus lead to exploration and attacking their own networks, no real network is damaged. Students then learn how intruders scaled privileges and what steps can be taken to secure a system. Students also learn Intrusion Detection, Policy Creation, Social Engineering, DDoS attacks, buffer overflows and virus creation. When a student leaves this intensive class five days will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50 ANSI Accredited.



Legal Agreement
 

 Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes. Before attending this course, you will be asked to sign an agreement stating that they will use their newly acquired skills for illegal or malicious attacks and do not use these tools in an attempt to compromise any computer system, and to indemnify EC-Council with regard to the use or misuse of these tools, regardless of intent.

Course Outline Version 8

 
CEH v8 Curriculum consists of instructor-led training and self-study. The instructor will provide details of self-learning modules for beginners class.

01 Introduction to Ethical Hacking
02 Footprinting and Reconnaissance
03 Scanning Networks
04 Enumeration
05 System Hacking
06 Trojans and Backdoors
07 Viruses and Worms
08 Sniffers
09 Social Engineering
10 Denial of Service
11 Session Hijacking
12 Hacking Webservers
13 Hacking Web Applications
14 SQL Injection
15 Hacking Wireless Networks
16 Hacking Mobile Platforms
17 Evading IDS, Firewalls, and Honeypots
18 Buffer Overflow
19 Cryptography
20 Penetration Testing

Read More

Ethical Hackers in Huntsville Help Defend America

Huntsville, Alabama. Make no mistake, the world leader in military technology is the United States. This is one thing, both the military and the average American can expect. The problem is that there are people trying to steal the work that gives us the advantage.

"All our opponents are doing, and all you have to really do is wait until you find the one innovative solution and then mine if our network," says CEO Jonathan tough Jonathan Huntsville H2L Solutions.As He says that you can take to bank. The bad penetrate our websites and data storage. We Hack.

"It 's amazing. It' an adrenaline rush by exploiting another team, another company. Do you realize the power you have and the possession of an ethical hacker could have," says Scott Busby. Scott is a certified ethical hacker, a security engineer for H2L.

The small company started a year and a half ago. The company name, H2L Solutions is the three men who founded hard Jonathan, Jeff and Stan Hartsfield Lazovsky. They met at Marion Military Institute, and later served together on a deployment of the National Guard.

The founders of the security company found it was a great course. "Cyber ​​never go away. Cyber ​​will always be a problem. It must be dealt with everything, and really this is the only item in the budget of the Department of Defense has increased," he says hard.

Obviously there is a lot of work for four employees of H2L. They spend their time looking for weak computer. "If you do not know what the problem is, you really can not solve, and what a hacker is someone who finds these problems," says Stan Lazovsky.

Of course we are talking about ethical hacking, and if done to a business client or a Department of Defense contractor is more than just a job. "They are not just protecting the financial information of the identity of the people are protecting their lives. And you know, that is a very exciting and scary to work on," says Stan.

For H2L, a day at the office could be almost across the country with their last client defense. This company maintains ethical hackers busy. His work has pointed out to them. H2L has been nominated for an award from the county Small Business Chamber of Commerce of Huntsville-Madison.

Read More

312-50v8 Certification Sample Questions

Question No:14

StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft's
/GS option use _____ defense against buffer overflow attacks.

A. Canary
B. Hex editing
C. Format checking
D. Non-executing stack

Answer: A

Read More

Hackers Can Remotely Steal Fingerprints From Some Android Devices

Researchers from FireEye have revealed that it is possible to attack Android smartphone to remotely steal user’s fingerprints on a “large scale.” 

Security experts have repeatedly expressed concern about the management of the fingerprint deployed by major mobile service providers. Hackers have proved difficult to implement the vulnerabilities in the systems that manage fingerprints, in order to bypass the authentication mechanisms in April 2015, a group of security researchers have discovered a vulnerability FireEye in the Galaxy Samsung S5 that allows hackers to clone fingerprints.

Now FireEye security experts have discovered four new ways to hack Android devices and remove user fingerprint researchers remotely.The Tao Wei and Zhang Yulong has presented the results of her makeup in a speech titled, mobile devices, digital fingerprints: Abuse and losses in the Black Hat conference last week.

The techniques are very insidious because the victim may not notice the theft of their puzzling researchers fingerprints.The dubbed the attack "attack Espionage fingerprint sensor" and could allow hackers to "fingerprint remote gathered on a large scale the receiver of the main manufacturers such as HTC, Samsung and Huawei.

Experts refused to give any "proof of concept" for Android devices reasons.The attack obvious targets are equipped with fingerprint sensors that allow users to authenticate by simply touching the screen of your smartphone.We note that Google still does not officially support the authentication mechanism based on fingerprint based on its mobile operating system, but the company will soon implement support in the next version of Android M.

The researchers tested their attack on the HTC One Max and Galaxy S5 Samsung's got to steal a fingerprint image of the device due to lack of proper implementation of a locking mechanism for fingerprint sensor.

I explained several times the risks arising from the misapplication of biometric authentication, the theft of biometric data such as fingerprints would be more dangerous compared to the theft of a stolen password.Users committed can reset your password, but can not change their fingerprints or iris in case of a violation of data.

"In this attack, victims of fingerprint data into the hands of the attackers. For the rest of the life of the victim, the attacker can still use the fingerprint data for other harmful things," said Zhang.The The security problem discovered is quite easy to solve, for example by encrypting fingerprint data on Android devices, and a number of vendors are already working on a security update.

The measure has already been adopted by Apple iOS which encrypts the data acquired by the touch sensor ID. The experts explained that Apple's iOS is "fairly certain" because fingerprint scanner encrypts data with an encryption key, making it unreadable, even if hackers have access.

Read More

312-50v8 Certification Sample Questions

Question No:13

The following exploit code is extracted from what kind of attack?

 
A. Remote password cracking attack
B. SQL Injection
C. Distributed Denial of Service
D. Cross Site Scripting
E. Buffer Overflow

Answer: E

Read More

Certified Ethical Hacker 312-50v8 Complete Information (Course Otline + Exam Details)

                                          CEH 312-50v8 Exam Information

Certified Ethical Hacker 8

- Exam Details :-

1.Number of Questions: 125

2.Passing Score: 70%
3.Test Duration: 4 hours
4.Test Format: Multiple choice
5.Test Delivery:

Web based via Prometric Prime (Exam Prefix - 312-50)

Vue Testing Center (Exam Prefix - 312-50)

-Exam Code :-

The exam code varies when taken at different testing centers.

1.Exam 312-50: Web based ‘Prometric Prime’ at Accredited Training Centers (ATC).

2.Exam 312-50: VUE Testing centers

 

- Skills Measured :- 

The exam 312-50 tests CEH candidates on the following 19 domains.

1. Introduction to Ethical Hacking
2. Footprinting and Reconnaissance     

3. Scanning Networks
4. Enumeration
5. System Hacking
6. Trojans and Backdoors
7. Viruses and Worms
8. Sniffers
9. Social Engineering
10.Denial of Service               
11.Session Hijacking
12.Hacking Webservers
13.Hacking Web Applications
14.SQL Injection
15.Hacking Wireless Networks
16.Evading IDS, Firewalls, and Honeypots
17.Buffer Overflow
18.Cryptography
19.Penetration Testing

Complete Outline & Exam Question Percentage and Weight:

Background  (4% of Exam and 5 Questions)

A     networking technologies (e.g., hardware, infrastructure)
B     webtechnologies (e.g., web 2.0, skype)
C     systems technologies
D     communication protocols                                                       
E     malware operations
F     mobile technologies (e.g., smart phones)
G     telecommunication technologies
H     backups and archiving (e.g., local, network)

Analysis/Assessment   (13% of Exam and 16 Questions) 

A     data analysis
B     systems analysis
C     risk assessments
D     technical assessment methods

Security   (25% of Exam and 31 Questions)
 
A     systems security controls
B     application/fileserver
C     firewalls
D     cryptography
E     network security
F     physical security
G     threat modeling
H     verification procedures (e.g.,false positive/negative validation)
I     social engineering (human factors manipulation)
J     vulnerability scanners
K     security policy implications
L     privacy/confidentiality (with regard to engagement)
M     biometrics
N     wireless access technology (e.g., networking, RFID, Blue tooth)
O     trusted networks
P     vulnerabilities

Tools/Systems/Programs (32% of Exam and 40 Questions)
 
A     network/host based intrusion
B     network/wireless sniffers (e.g., WireShark, Airsnort)
C     access control mechanisms (e.g., smart cards)
D     cryptography techniques (e.g., IPsec, SSL, PGP)
E     programming languages (e.g. C++, Java, C#, C)
F     scripting languages (e.g., PHP, Java script)
G     boundary protection appliances (e.g., DMZ)
H     network topologies
I     subnetting
J     port scanning (e.g., NMAP)
K     domain name system (DNS)
L     routers/modems/switches
M     vulnerability scanner (e.g., Nessus, Retina)
N     vulnerability management and protection systems (e.g., Foundstone, Ecora)
O     operating environments (e.g., Linux, Windows, Mac)
P     antivirus systems and programs
Q     log analysis tools
R     security models
S     exploitation tools
T     database structures

Procedures/Methodology (20% of Exam and 25 Questions)

 
A     cryptography
B     public key infrastructure (PKI)
C     Security Architecture (SA)
D     Service Oriented Architecture (SOA)
E     information security incident management
F     N-tier application design
G     TCP/IP networking (e.g., network routing)
H     security testing methodology

Regulation/Policy (4% of Exam and 5 Questions)
 

A     security policies
B     compliance regulations (e.g., PCI)

Ethics (2% of Exam and 3 Questions)
 

A     professional code of conduct
B     appropriateness of hacking activities

 

Read More

312-50v8 Certification Sample Questions

Question No:12

A buffer overflow occurs when a program or process tries to store more data in a buffer
(temporary data storage area) then it was intended to hold.

What is the most common cause of buffer overflow in software today?

A. Bad permissions on files.
B. High bandwidth and large number of users.
C. Usage of non standard programming languages.
D. Bad quality assurance on software produced.

Answer: D
 

Read More

Ethical Hacker Course Enables CSM Student to ‘lock down’ Exciting Career

 

Young IT professional says continuing education is key to success in ‘constantly changing, constantly evolving’ industry:

At 21, Zachary Weaver is in a good place.He has a job with benefits including training and travel opportunities employer paid; he bought a car and moved out of his childhood home; and saving for a down payment on a house.He is a little amazed at how his career came together, but the Southern Maryland College student also realizes that without discipline, a passion for her field, and to be ready when the opportunity came, the situation could be very different.

At a young age, Weaver, of Drayden developed an interest in the choices computers.Through he did in high school, college and as a professional in information technology, he cultivated his budding interest in a career.IT is not a static field, and Weaver knows that for continued success, it will need to acquire knowledge and skills through diplomas and certificates.

"I'm interested in my life computers. When I'm not working on network security to my work or learning on computer systems of CSM, I tinker and reconstruction of computers at home, "said Weaver in a college news release." I love be part of an industry that is constantly evolving constantly changing. I think it's one of the things that interests me most in a career in this field. You have to work to stay on your toes and maintain, leave alone to gain a competitive advantage. "

Review chose to take courses at the Technology Center in Leonardtown Dr. James A. Forrest Career and and as a student at Leonardtown High School, he started taking classes through CSM dual enrollment program. With CSM courses, internships criticism gained in his junior and senior years. When he graduated from high school in 2012, Weaver had 36 university credits of CSM, and decided to continue to lead to an associate degree rather than transferring elsewhere as a sophomore.

"It was a calculated decision that I would like to work with a partner to refine and then I wanted to go with computers," said Weaver, obtaining a degree in business administration in January 2014. He continued his studies at a .HIS second degree in computer class science from the company provided the foundation of customer service that has served him well when he worked for Best Buy in high school, he said. Including customer service experience had a lasting impact for Weaver and the customer.

"I gave the same level of customer service and expertise to every person I was working with, if the interaction is no different for me. [The customer] asked me if I could come in for an interview with her employer, Smartronix. When I arrived, I felt like I had already been committed, "said Weaver." This work has opened so many doors for me. "

 

Read More

312-50v8 Certification Sample Questions

Question No:11

The programmers on your team are analyzing the free, open source software being used to
run FTP services on a server. They notice that there is an excessive number of fgets() and
gets() on the source code. These C++ functions do not check bounds.

What kind of attack is this program susceptible to?

A. Buffer of Overflow
B. Denial of Service
C. Shatter Attack
D. Password Attack

Answer: A

Read More