312-50v13 Reviews Questions

CEH v13 explains that a keylogger is a type of spyware designed to capture user input covertly, often storing or transmitting captured data—such as passwords, emails, chat messages, and financial information—to an attacker. Keyloggers can be implemented as software, firmware, or hardware, and they operate silently in the background without affecting system performance, making them ideal for credential theft. CEH categorizes keyloggers under spying and monitoring malware frequently used in the System Hacking phase to escalate privileges or move laterally once credentials are harvested. Unlike rootkits, which hide processes, or ransomware, which encrypts files, a keylogger’s main purpose is passive surveillance. CEH emphasizes how attackers deploy keyloggers post-compromise or use phishing/social engineering to trick victims into installing them. Their covert nature and ability to bypass traditional AV solutions by masquerading as legitimate processes make identifying them crucial during forensics and incident response activities.

CEH defines spyware as malware designed to covertly observe user behavior and transmit sensitive information to attackers without the victim’s knowledge. Spyware commonly records keystrokes, browser activity, form submissions, application usage, and other personally identifiable information. CEH highlights that spyware often operates silently and may disguise itself as legitimate software, making detection difficult. Unlike rootkits—which hide processes and files—or worms that self-replicate, spyware focuses exclusively on monitoring and data exfiltration. It is frequently installed through phishing, drive-by downloads, browser vulnerabilities, or malicious installers. Spyware can serve as a stepping stone for further system compromise by providing attackers with credentials for privilege escalation, lateral movement, or financial theft. CEH emphasizes the need for endpoint hardening, updated anti-malware engines, and behavioral analysis tools to detect such stealthy monitoring programs.

Agent-based scanners reside on a single machine but can scan several machines on the same network.

Network-based scanner

A network-based vulnerability scanner, in simplistic terms, is the process of identifying loopholes on a computer’s network or IT assets, which hackers and threat actors can exploit. By implementing this process, one can successfully identify their organization’s current risk(s). This is not where the buck stops; one can also verify the effectiveness of your system's security measures while improving internal and external defenses. Through this review, an organization is well equipped to take an extensive inventory of all systems, including operating systems, installed software, security patches, hardware, firewalls, anti-virus software, and much more.

Agent-based scanner

Agent-based scanners make use of software scanners on each and every device; the results of the scans are reported back to the central server. Such scanners are well equipped to find and report out on a range of vulnerabilities.

NOTE: This option is not suitable for us, since for it to work, you need to install a special agent on each computer before you start collecting data from them.

Comprehensive and Detailed Explanation:

A rubber-hose attack refers to extracting cryptographic secrets by means of physical coercion, threats, or torture, rather than technical attacks on the algorithm or implementation.

From CEH v13 Official Study Guide:

Module 10: Cryptography → Types of Attacks

“A rubber-hose attack bypasses technical security by attacking the human element.”