ebook img

CEH v9: Certified Ethical Hacker Version 9 Study Guide PDF

648 Pages·2016·12.55 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview CEH v9: Certified Ethical Hacker Version 9 Study Guide

Title Page Page: iii Copyright Page: iv Acknowledgments Page: vi About the Author Page: vii Contents at a Glance Page: ix Contents Page: xi Introduction Page: xxi Assessment Test Page: xxxii Chapter 1 Introduction to Ethical Hacking Page: 1 Hacking: the Evolution Page: 3 The Early Days of Hacking Page: 3 Current Developments Page: 4 Hacking: Fun or Criminal Activity? Page: 5 The Evolution and Growth of Hacking Page: 7 So, What Is an Ethical Hacker? Page: 9 What Are Your Responsibilities? Page: 9 Code of Conduct and Ethics Page: 11 Ethical Hacking and Penetration Testing Page: 12 Hacking Methodologies Page: 17 Vulnerability Research and Tools Page: 21 What Is Incident Response? Page: 21 Business Continuity Plan Page: 26 Ethics and the Law Page: 33 Summary Page: 34 Exam Essentials Page: 35 Review Questions Page: 36 Chapter 2 System Fundamentals Page: 39 Exploring Network Topologies Page: 40 Working with the Open Systems Interconnection Model Page: 44 Dissecting the TCP/IP Suite Page: 47 IP Subnetting Page: 49 Hexadecimal vs. Binary Page: 49 Exploring TCP/IP Ports Page: 50 Domain Name System Page: 53 Understanding Network Devices Page: 53 Routers and Switches Page: 53 Working with MAC Addresses Page: 55 Proxies and Firewalls Page: 56 Intrusion Prevention and Intrusion Detection Systems Page: 57 Network Security Page: 58 Knowing Operating Systems Page: 60 Microsoft Windows Page: 60 Mac OS Page: 61 Android Page: 62 Linux Page: 62 Backups and Archiving Page: 63 Summary Page: 64 Exam Essentials Page: 65 Review Questions Page: 66 Chapter 3 Cryptography Page: 71 Cryptography: Early Applications and Examples Page: 73 History of Cryptography Page: 73 Tracing the Evolution Page: 75 Cryptography in Action Page: 76 So How Does It Work? Page: 77 Symmetric Cryptography Page: 77 Asymmetric, or Public Key, Cryptography Page: 80 Understanding Hashing Page: 86 Issues with Cryptography Page: 88 Applications of Cryptography Page: 89 IPsec Page: 90 Pretty Good Privacy Page: 92 Secure Sockets Layer Page: 93 Summary Page: 94 Exam Essentials Page: 94 Review Questions Page: 95 Chapter 4 Footprinting Page: 99 Understanding the Steps of Ethical Hacking Page: 100 Phase 1: Footprinting Page: 100 Phase 2: Scanning Page: 101 Phase 3: Enumeration Page: 101 Phase 4: System Hacking Page: 102 What Is Footprinting? Page: 102 Why Perform Footprinting? Page: 103 Goals of the Footprinting Process Page: 103 Terminology in Footprinting Page: 106 Open Source and Passive Information Gathering Page: 106 Passive Information Gathering Page: 106 Pseudonymous Footprinting Page: 106 Internet Footprinting Page: 107 Threats Introduced by Footprinting Page: 107 The Footprinting Process Page: 108 Using Search Engines Page: 108 Google Hacking Page: 108 Public and Restricted Websites Page: 111 Location and Geography Page: 112 Social Networking and Information Gathering Page: 113 Financial Services and Information Gathering Page: 116 The Value of Job Sites Page: 116 Working with Email Page: 117 Competitive Analysis Page: 118 Gaining Network Information Page: 119 Social Engineering: the Art of Hacking Humans Page: 120 Summary Page: 121 Exam Essentials Page: 121 Review Questions Page: 123 Chapter 5 Scanning Page: 127 What Is Scanning? Page: 128 Types of Scans Page: 129 Checking for Live Systems Page: 130 Wardialing Page: 131 Using Ping Page: 133 Hping3: the Heavy Artillery Page: 134 Checking the Status of Ports Page: 135 The Family Tree of Scans Page: 138 Full-Open Scan Page: 138 Stealth or Half-Open Scan Page: 138 Xmas Tree Scan Page: 139 FIN Scan Page: 140 NULL Scan Page: 141 Idle Scanning Page: 142 ACK Scanning Page: 143 UDP Scanning Page: 144 OS Fingerprinting Page: 145 Active Fingerprinting with Nmap Page: 146 Passive Fingerprinting an OS Page: 147 Banner Grabbing Page: 149 Countermeasures Page: 151 Vulnerability Scanning Page: 151 Mapping the Network Page: 152 Using Proxies Page: 153 Setting a Web Browser to Use a Proxy Page: 154 Summary Page: 155 Exam Essentials Page: 155 Review Questions Page: 156 Chapter 6 Enumeration Page: 159 A Quick Review Page: 160 Footprinting Page: 160 Scanning Page: 161 What Is Enumeration? Page: 161 About Windows Enumeration Page: 163 Users Page: 163 Groups Page: 164 Security Identifiers Page: 166 Linux Basic Page: 168 Users Page: 168 Services and Ports of Interest Page: 169 Commonly Exploited Services Page: 170 NULL Sessions Page: 173 SuperScan Page: 174 DNS Zone Transfers Page: 174 The PsTools Suite Page: 177 Using finger Page: 178 Enumeration with SNMP Page: 178 Management Information Base Page: 179 SNScan Page: 180 Unix and Linux Enumeration Page: 180 finger Page: 180 rpcinfo Page: 181 showmount Page: 181 enum4linux Page: 181 LDAP and Directory Service Enumeration Page: 182 JXplorer Page: 183 Preventing LDAP Enumeration Page: 183 Enumeration Using NTP Page: 184 SMTP Enumeration Page: 184 Using VRFY Page: 185 Using EXPN Page: 185 Using RCPT TO Page: 186 SMTP Relay Page: 186 Summary Page: 187 Exam Essentials Page: 187 Review Questions Page: 189 Chapter 7 System Hacking Page: 193 Up to This Point Page: 194 Footprinting Page: 194 Scanning Page: 195 Enumeration Page: 195 System Hacking Page: 196 Password Cracking Page: 196 Authentication on Microsoft Platforms Page: 209 Executing Applications Page: 213 Covering Your Tracks Page: 215 Summary Page: 217 Exam Essentials Page: 218 Review Questions Page: 219 Chapter 8 Malware Page: 223 Malware Page: 224 Malware and the Law Page: 226 Categories of Malware Page: 227 Viruses Page: 228 Worms Page: 234 Spyware Page: 236 Adware Page: 237 Scareware Page: 237 Ransomware Page: 238 Trojans Page: 238 Overt and Covert Channels Page: 247 Summary Page: 249 Exam Essentials Page: 250 Review Questions Page: 251 Chapter 9 Sniffers Page: 255 Understanding Sniffers Page: 256 Using a Sniffer Page: 259 Sniffing Tools Page: 259 Wireshark Page: 260 Tcpdump Page: 264 Reading Sniffer Output Page: 266 Switched Network Sniffing Page: 270 MAC Flooding Page: 270 ARP Poisoning Page: 271 MAC Spoofing Page: 272 Port Mirror or SPAN Port Page: 272 On the Defensive Page: 273 Mitigating MAC Flooding Page: 274 Detecting Sniffing Attacks Page: 275 Summary Page: 275 Exam Essentials Page: 276 Review Questions Page: 277 Chapter 10 Social Engineering Page: 281 What Is Social Engineering? Page: 282 Why Does Social Engineering Work? Page: 283 The Power of Social Engineering Page: 284 Social-Engineering Phases Page: 285 What Is the Impact of Social Engineering? Page: 285 Common Targets of Social Engineering Page: 286 Social Networking to Gather Information? Page: 287 Networking Page: 289 Countermeasures for Social Networking Page: 291 Commonly Employed Threats Page: 293 Identity Theft Page: 296 Protective Measures Page: 297 Know What Information Is Available Page: 298 Summary Page: 298 Exam Essentials Page: 299 Review Questions Page: 300 Chapter 11 Denial of Service Page: 305 Understanding DoS Page: 306 DoS Targets Page: 308 Types of Attacks Page: 308 Buffer Overflow Page: 314 Understanding DDoS Page: 317 DDoS Attacks Page: 318 DoS Tools Page: 319 DDoS Tools Page: 320 DoS Defensive Strategies Page: 323 Botnet-Specific Defenses Page: 323 DoS Pen-Testing Considerations Page: 324 Summary Page: 324 Exam Essentials Page: 324 Review Questions Page: 326 Chapter 12 Session Hijacking Page: 331 Understanding Session Hijacking Page: 332 Spoofing vs. Hijacking Page: 334 Active and Passive Attacks Page: 335 Session Hijacking and Web Apps Page: 336 Types of Application-Level Session Hijacking Page: 337 A Few Key Concepts Page: 341 Network Session Hijacking Page: 344 Exploring Defensive Strategies Page: 352 Summary Page: 353 Exam Essentials Page: 353 Review Questions Page: 355 Chapter 13 Web Servers and Applications Page: 359 Exploring the Client-Server Relationship Page: 360 Looking Closely at Web Servers Page: 361 Web Applications Page: 363 The Client and the Server Page: 364 A Look at the Cloud Page: 365 Closer Inspection of a Web Application Page: 366 Vulnerabilities of Web Servers and Applications Page: 369 Common Flaws and Attack Methods Page: 375 Testing Web Applications Page: 383 Summary Page: 384 Exam Essentials Page: 384 Review Questions Page: 385 Chapter 14 SQL Injection Page: 389 Introducing SQL Injection Page: 390 Results of SQL Injection Page: 392 The Anatomy of a Web Application Page: 393 Databases and Their Vulnerabilities Page: 394 Anatomy of a SQL Injection Attack Page: 396 Altering Data with a SQL Injection Attack Page: 399 Injecting Blind Page: 401 Information Gathering Page: 402 Evading Detection Mechanisms Page: 403 SQL Injection Countermeasures Page: 404 Summary Page: 405 Exam Essentials Page: 405 Review Questions Page: 406 Chapter 15 Hacking Wi-Fi and Bluetooth Page: 409 What Is a Wireless Network? Page: 410 Wi-Fi: an Overview Page: 410 The Fine Print Page: 411 Wireless Vocabulary Page: 414 A Close Examination of Threats Page: 425 Ways to Locate Wireless Networks Page: 429 Choosing the Right Wireless Card Page: 430 Hacking Bluetooth Page: 431 Summary Page: 433 Exam Essentials Page: 434 Review Questions Page: 435 Chapter 16 Mobile Device Security Page: 439 Mobile OS Models and Architectures Page: 440 Goals of Mobile Security Page: 441 Device Security Models Page: 442 Google Android OS Page: 443 Apple iOS Page: 446 Common Problems with Mobile Devices Page: 447 Penetration Testing Mobile Devices Page: 449 Penetration Testing Using Android Page: 450 Countermeasures Page: 454 Summary Page: 455 Exam Essentials Page: 456 Review Questions Page: 457 Chapter 17 Evasion Page: 461 Honeypots, IDSs, and Firewalls Page: 462 The Role of Intrusion Detection Systems Page: 462 Firewalls Page: 467 What’s That Firewall Running? Page: 470 Honeypots Page: 473 Run Silent, Run Deep: Evasion Techniques Page: 475 Evading Firewalls Page: 477 Summary Page: 480 Exam Essentials Page: 481 Review Questions Page: 482 Chapter 18 Cloud Technologies and Security Page: 485 What Is the Cloud? Page: 486 Types of Cloud Solutions Page: 487 Forms of Cloud Services Page: 488 Threats to Cloud Security Page: 489 Cloud Computing Attacks Page: 491 Controls for Cloud Security Page: 494 Testing Security in the Cloud Page: 495 Summary Page: 496 Exam Essentials Page: 497 Review Questions Page: 498 Chapter 19 Physical Security Page: 501 Introducing Physical Security Page: 502 Simple Controls Page: 503 Dealing with Mobile Device Issues Page: 505 Data Storage Security Page: 506 Securing the Physical Area Page: 510 Entryways Page: 517 Server Rooms and Networks Page: 518 Other Items to Consider Page: 519 Education and Awareness Page: 519 Defense in Depth Page: 519 Summary Page: 520 Exam Essentials Page: 521 Review Questions Page: 522 Appendix A Answers to Review Questions Page: 525 Chapter 1: Introduction to Ethical Hacking Page: 526 Chapter 2: System Fundamentals Page: 527 Chapter 3: Cryptography Page: 528 Chapter 4: Footprinting Page: 529 Chapter 5: Scanning Page: 530 Chapter 6: Enumeration Page: 532 Chapter 7: System Hacking Page: 532 Chapter 8: Malware Page: 533 Chapter 9: Sniffers Page: 534 Chapter 10: Social Engineering Page: 536 Chapter 11: Denial of Service Page: 537 Chapter 12: Session Hijacking Page: 539 Chapter 13: Web Servers and Applications Page: 540 Chapter 14: SQL Injection Page: 541 Chapter 15: Hacking Wi-Fi and Bluetooth Page: 542 Chapter 16: Mobile Device Security Page: 544 Chapter 17: Evasion Page: 544 Chapter 18: Cloud Technologies and Security Page: 546 Chapter 19: Physical Security Page: 547 Appendix B Penetration Testing Frameworks Page: 549 Overview of Alternative Methods Page: 550 Penetration Testing Execution Standard Page: 552 Working with PTES Page: 553 Pre-Engagement Interactions Page: 553 Contents of a Contract Page: 555 Gaining Permission Page: 556 Intelligence Gathering Page: 557 Threat Modeling Page: 558 Vulnerability Analysis Page: 559 Exploitation Page: 560 Post-Exploitation Page: 560 Reporting Page: 562 Mopping Up Page: 563 Summary Page: 563 Appendix C Building a Lab Page: 565 Why Build a Lab? Page: 566 The Build Process Page: 566 What You Will Need Page: 567 Creating a Test Setup Page: 568 Virtualization Software Options Page: 569 The Installation Process Page: 569 Installing a Virtualized Operating System Page: 570 Installing Tools Page: 570 Summary Page: 574 Index Page: 575 Advert Page: 608 EULA Page: a1

Description:
The ultimate preparation guide for the unique CEH exam.

The CEH v9: Certified Ethical Hacker Version 9 Study Guide is your ideal companion for CEH v9 exam preparation. This comprehensive, in-depth review of CEH certification requirements is designed to help you internalize critical information using concise, to-the-point explanations and an easy-to-follow approach to the material. Covering all sections of the exam, the discussion highlights essential topics like intrusion detection, DDoS attacks, buffer overflows, and malware creation in detail, and puts the concepts into the context of real-world scenarios. Each chapter is mapped to the corresponding exam objective for easy reference, and the Exam Essentials feature helps you identify areas in need of further study. You also get access to online study tools including chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms to help you ensure full mastery of the exam material.

The Certified Ethical Hacker is one-of-a-kind in the cybersecurity sphere, allowing you to delve into the mind of a hacker for a unique perspective into penetration testing. This guide is your ideal exam preparation resource, with specific coverage of all CEH objectives and plenty of practice material.

  • Review all CEH v9 topics systematically
  • Reinforce critical skills with hands-on exercises
  • Learn how concepts apply in real-world scenarios
  • Identify key proficiencies prior to the exam

The CEH certification puts you in professional demand, and satisfies the Department of Defense's 8570 Directive for all Information Assurance government positions. Not only is it a highly-regarded credential, but it's also an expensive exam—making the stakes even higher on exam day. The CEH v9: Certified Ethical Hacker Version 9 Study Guide gives you the intense preparation you need to pass with flying colors.

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.