Teck Blogs

CEH V12 vs CEH V11 Difference

The EC-Council update launched on 7th September 2022 from its predecessor version 11 Certified Ethical Hacker Version 12 (CEH v12) is now a more up-scaled and advanced version of EC. There are various changes made in the new version 12 in the Certified Ethical Hacker credential. Understand the Difference Between CEH V11 and CEH V12

The attack methodologies and lab techniques have been enhanced and are given a new boost. The CEH v12 is one of the most sought-after and desired programs globally based on information security. In this new version, 500+ new threats and vulnerabilities are included, which can help learners work with better skills and knowledge.

Difference Between CEH v11 and CEH v12

	CEH V11	CEH V12

Total Number of Modules	20	20
Total Number of Slides	1640	1676
Total Number of Labs	200	220
Total Number of New Labs	92	33
Attack Techniques	420	519
New Technology Added	IoT Technology, Serverless Computing, WPA3 Encryption, APT, Fileless Malware, Web API, and Web Shell	MITRE ATT&CK Framework, Diamond Model of Intrusion Analysis, Techniques for Establishing Persistence, Evading NAC and Endpoint Security, Fog Computing, Edge Computing, and Grid Computing
OS Used for Labs	Windows 10, Windows Server Windows 11, Windows Server 2019, Parrot Security, Android, Ubuntu Linux	Windows 10, Windows Server 2022, Windows Server 2019, Parrot Security, Android, Ubuntu Linux
Exam	125 Questions (MCO)	125 Questions (MCO)
Exam Duration	4 Hours	4 Hours
Exam Delivery	VUE / ECCEXAM	VUE / ECCEXAM
NICE Compliance	Final NICE 2.0 Framework	Final NICE 2.0 Framework

Majorly, changes have been made in adding new threats and vulnerabilities along with new technology. The total number of modules is the same in both versions, that is, 20, and no changes are made. There are little changes in the slide number. In the CEH v11, there was a total of 1640 slides, but in the new version 12, there are 1676 slides. Also, there has been a significant increase in the number of labs from v11 to v12. The new version number is increased to 220 compared to the old version of 200.

There is an add-on in the attack techniques, too, in the newer version of the Certified Ethical Hacker Credential. Earlier, 420 techniques were a part of learning in course training, but this new version consists of 519 attack techniques. This will be going to give learners an edge in the learning process. Talking about new technology, CEH v11 consists of O.T. technology, WPA3 Encryption, APT, Fileless Malware, Web API, Serverless Computing Web API, and Web Shell. While in the CEH v12, new technologies are added, including Techniques for Establishing Persistence, MITRE ATT&CK Framework, Diamond Model of Intrusion Analysis, Evading NAC and Endpoint Security, Fog Computing, Edge Computing, & Grid Computing.

The operating system used for labs will be the same in both versions, i.e., Windows 10, Windows Server 2019, Parrot Security, Android, and Ubuntu Linux. Windows Server 2022 is now part of v12.

Well, coming on to the exam, there will be 125 questions that are going to get asked in both versions. The CEH exam duration is also the same for the version, i.e., 4 hours.

WhatsApp Bugs that Could Have Let Attackers Hack Devices Remotely

WhatsApp Bugs that Could Have Let Attackers Hack Devices Remotely Critical

WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices.

One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call.

The issue impacts the WhatsApp and WhatsApp Business for Android and iOS prior to versions 2.22.16.12.

Also patched by the Meta-owned messaging platform is an integer underflow bug, which refers to an opposite category of errors that occur when the result of an operation is too small for storing the value within the allocated memory space.

The high-severity issue, given the CVE identifier CVE-2022-27492 (CVSS score: 7.8), affects WhatsApp for Android prior to versions 2.22.16.2 and WhatsApp for iOS version 2.22.15.9, and could be triggered upon receiving a specially crafted video file.

Exploiting integer overflows and underflows are a stepping stone towards inducing undesirable behavior, causing unexpected crashes, memory corruption, and code execution.

WhatsApp did not share more specifics on the vulnerabilities, but cybersecurity firm Malwarebytes said that they reside in two components called Video Call Handler and Video File Handler, which could permit an attacker to seize control of the app.

A spokesperson for WhatsApp told The Hacker News that "we discovered [the flaws] ourselves and there was no evidence of exploitation."

Vulnerabilities on WhatsApp can be a lucrative attack vector for threat actors looking to plant malicious software on compromised devices. In 2019, an audio calling flaw was exploited by the Israeli spyware maker NSO Group to inject the Pegasus spyware.

LOG4J VULNERABILITY ASSESSMENT AND MITIGATION

What is Log4j?

Log4j, Zero-day exploit the popular Javalogginglibrarylog4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string.Log4j2 is an open-source, Java-based logging framework commonly incorporated into Apache webservers and Spring-Boot web applications. The vulnerability has been reported with CVE-2021-44228 against the log4j-corejar.CVE-2021-44228 is considered an acritical flaw, and it has a base CVSS score of 10, the highest possible severity rating.

Who is Impacted !!

Too many services are vulnerable to this exploit as log4j is a wild rang used Java-based logging utility. Cloud services like Steam, Apple iCloud, and applications like Minecraft have already been found to be vulnerable.

Anybody using Apache frameworks services or any Spring- Boot Java-based framework applications that uses log4j2 is likely to be vulnerable.

HOW THE EXPLOIT WORKS !!

The exploit works when there is a service or application running with a vulnerable version of log4j2.

An attacker who can control log messages or log message parameters can execute arbitrary code on the vulnerable server loaded from LDAP servers when message lookup substitution is enabled.

Info you have to know about LOG4SHELL exploit!

Affected Apache log4j2 Versions
Exploit Requirements
Exploit Steps

Affected Apache log4j2 Versions 2.0 <= Apache log4j <= 2.14.1

Exploit Requirements

A server with a vulnerable log4j version.
An endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send the exploit string.
log statement that logs out the string from that request.

Exploit Steps

Data from the User gets sent to the server (via any protocol),
The server logs the data in the request, containing the malicious payload.
The log4j vulnerability is triggered by this payload and the server makes a request to attacker.com via (JNDI),
This response contains a path to a remote Java class file which is injected into the server process, This injected payload triggers a second stage and allows an attacker to execute arbitrary code.

HOW TO MITIGATE

SPOT VULNERABLE APPLICATIONS

Ask admin/system team to run a search/grep command on all servers to spot any file with the name "log4j2", Then check if it is a vulnerable version or not.

PERMANENT MITIGATION

Version 2.15.0 of log4j has been released without the vulnerability. log4j-core.jar is available on Apache Log4j page below, You can download it and update your system

TEMPORARY MITIGATION

Add "log4j.format.msg.nolookups=true" to the global configuration of your server/web applications

How to Deploy Multiple Dist file to the Apache Server

To Deploy Multiple Dist file apache server the Easiest way i have describe below follow the instruction whether your project would be html, PHP or any dist file such as angular you can follow the below Steps.

To Deploy any project to the Apache Server We have to make changes in 2 files and one folder. Follow the below process to Deploy the dist file.

• Rename the dist file to the project name and copy the file to the Path /var/www/html/

• Make changes in the Index.html or Index.php by giving folder name in base href e.g., /foldername/

• Now Go to /etc/apache2/sites-available and make copy of 000-default.conf or any pervious file for example healthgiggle.conf

Copy command

cp -r healthgiggle.conf /etc/apache2/sites-available/pjname.conf

• Now open the file in vi editor vi pjname.conf and make changes

ServerName: Your project name which will appear in URL after main domain e.g., healthgiggle/projectname

DocumentRoot: Path of the project

Press Esc :wq Enter to save the vi file

• After saving the pj.conf go to /etc/apache2/apache2.conf and add the Directory and give the project path

Options Indexes FollowSymLinks

AllowOverride All

Require all granted

</Directory>

• Now restart the apache server

sudo service apache2 restart

• Now check in the browser your domainname/projectname the site will be appearing.

Note: Use same name for project folder and conf