Download CEH V9: Certified Ethical Hacker Version 9 Study Guide PDF

TitleCEH V9: Certified Ethical Hacker Version 9 Study Guide
File Size38.2 MB
Total Pages651
Table of Contents
                            Cover
Title Page
Copyright
Acknowledgments
About the Author
Contents at a Glance
Contents
Introduction
Assessment Test
Chapter 1 Introduction to Ethical Hacking
	Hacking: the Evolution
		The Early Days of Hacking
		Current Developments
		Hacking: Fun or Criminal Activity?
		The Evolution and Growth of Hacking
	So, What Is an Ethical Hacker?
		What Are Your Responsibilities?
		Code of Conduct and Ethics
		Ethical Hacking and Penetration Testing
		Hacking Methodologies
		Vulnerability Research and Tools
		What Is Incident Response?
		Business Continuity Plan
		Ethics and the Law
	Summary
	Exam Essentials
	Review Questions
Chapter 2 System Fundamentals
	Exploring Network Topologies
	Working with the Open Systems Interconnection Model
	Dissecting the TCP/IP Suite
	IP Subnetting
	Hexadecimal vs. Binary
	Exploring TCP/IP Ports
		Domain Name System
	Understanding Network Devices
		Routers and Switches
	Working with MAC Addresses
		Proxies and Firewalls
	Intrusion Prevention and Intrusion Detection Systems
	Network Security
	Knowing Operating Systems
		Microsoft Windows
		Mac OS
		Android
		Linux
	Backups and Archiving
	Summary
	Exam Essentials
	Review Questions
Chapter 3 Cryptography
	Cryptography: Early Applications and Examples
		History of Cryptography
		Tracing the Evolution
	Cryptography in Action
		So How Does It Work?
		Symmetric Cryptography
		Asymmetric, or Public Key, Cryptography
	Understanding Hashing
	Issues with Cryptography
	Applications of Cryptography
		IPsec
		Pretty Good Privacy
		Secure Sockets Layer
	Summary
	Exam Essentials
	Review Questions
Chapter 4 Footprinting
	Understanding the Steps of Ethical Hacking
		Phase 1: Footprinting
		Phase 2: Scanning
		Phase 3: Enumeration
		Phase 4: System Hacking
	What Is Footprinting?
		Why Perform Footprinting?
		Goals of the Footprinting Process
	Terminology in Footprinting
		Open Source and Passive Information Gathering
		Passive Information Gathering
		Pseudonymous Footprinting
		Internet Footprinting
	Threats Introduced by Footprinting
	The Footprinting Process
		Using Search Engines
		Google Hacking
		Public and Restricted Websites
		Location and Geography
		Social Networking and Information Gathering
		Financial Services and Information Gathering
		The Value of Job Sites
		Working with Email
		Competitive Analysis
		Gaining Network Information
		Social Engineering: the Art of Hacking Humans
	Summary
	Exam Essentials
	Review Questions
Chapter 5 Scanning
	What Is Scanning?
		Types of Scans
	Checking for Live Systems
		Wardialing
		Using Ping
		Hping3: the Heavy Artillery
	Checking the Status of Ports
	The Family Tree of Scans
		Full-Open Scan
		Stealth or Half-Open Scan
		Xmas Tree Scan
		FIN Scan
		NULL Scan
		Idle Scanning
		ACK Scanning
		UDP Scanning
	OS Fingerprinting
		Active Fingerprinting with Nmap
		Passive Fingerprinting an OS
		Banner Grabbing
	Countermeasures
	Vulnerability Scanning
	Mapping the Network
	Using Proxies
		Setting a Web Browser to Use a Proxy
	Summary
	Exam Essentials
	Review Questions
Chapter 6 Enumeration
	A Quick Review
		Footprinting
		Scanning
	What Is Enumeration?
	About Windows Enumeration
		Users
		Groups
		Security Identifiers
	Linux Basic
		Users
		Services and Ports of Interest
		Commonly Exploited Services
		NULL Sessions
		SuperScan
		DNS Zone Transfers
		The PsTools Suite
		Using finger
	Enumeration with SNMP
		Management Information Base
		SNScan
	Unix and Linux Enumeration
		finger
		rpcinfo
		showmount
		enum4linux
	LDAP and Directory Service Enumeration
		JXplorer
		Preventing LDAP Enumeration
	Enumeration Using NTP
	SMTP Enumeration
		Using VRFY
		Using EXPN
		Using RCPT TO
		SMTP Relay
	Summary
	Exam Essentials
	Review Questions
Chapter 7 System Hacking
	Up to This Point
		Footprinting
		Scanning
		Enumeration
	System Hacking
		Password Cracking
		Authentication on Microsoft Platforms
		Executing Applications
		Covering Your Tracks
	Summary
	Exam Essentials
	Review Questions
Chapter 8 Malware
	Malware
		Malware and the Law
		Categories of Malware
		Viruses
		Worms
		Spyware
		Adware
		Scareware
		Ransomware
		Trojans
	Overt and Covert Channels
	Summary
	Exam Essentials
	Review Questions
Chapter 9 Sniffers
	Understanding Sniffers
	Using a Sniffer
		Sniffing Tools
		Wireshark
		Tcpdump
		Reading Sniffer Output
	Switched Network Sniffing
		MAC Flooding
		ARP Poisoning
		MAC Spoofing
		Port Mirror or SPAN Port
		On the Defensive
		Mitigating MAC Flooding
		Detecting Sniffing Attacks
	Summary
	Exam Essentials
	Review Questions
Chapter 10 Social Engineering
	What Is Social Engineering?
		Why Does Social Engineering Work?
		The Power of Social Engineering
		Social-Engineering Phases
		What Is the Impact of Social Engineering?
		Common Targets of Social Engineering
	Social Networking to Gather Information?
		Networking
		Countermeasures for Social Networking
	Commonly Employed Threats
	Identity Theft
		Protective Measures
		Know What Information Is Available
	Summary
	Exam Essentials
	Review Questions
Chapter 11 Denial of Service
	Understanding DoS
		DoS Targets
		Types of Attacks
		Buffer Overflow
	Understanding DDoS
		DDoS Attacks
	DoS Tools
	DDoS Tools
	DoS Defensive Strategies
		Botnet-Specific Defenses
	DoS Pen-Testing Considerations
	Summary
	Exam Essentials
	Review Questions
Chapter 12 Session Hijacking
	Understanding Session Hijacking
		Spoofing vs. Hijacking
		Active and Passive Attacks
		Session Hijacking and Web Apps
		Types of Application-Level Session Hijacking
		A Few Key Concepts
		Network Session Hijacking
	Exploring Defensive Strategies
	Summary
	Exam Essentials
	Review Questions
Chapter 13 Web Servers and Applications
	Exploring the Client-Server Relationship
		Looking Closely at Web Servers
		Web Applications
		The Client and the Server
		A Look at the Cloud
		Closer Inspection of a Web Application
		Vulnerabilities of Web Servers and Applications
		Common Flaws and Attack Methods
		Testing Web Applications
	Summary
	Exam Essentials
	Review Questions
Chapter 14 SQL Injection
	Introducing SQL Injection
		Results of SQL Injection
		The Anatomy of a Web Application
		Databases and Their Vulnerabilities
		Anatomy of a SQL Injection Attack
		Altering Data with a SQL Injection Attack
		Injecting Blind
		Information Gathering
		Evading Detection Mechanisms
		SQL Injection Countermeasures
	Summary
	Exam Essentials
	Review Questions
Chapter 15 Hacking Wi-Fi and Bluetooth
	What Is a Wireless Network?
		Wi-Fi: an Overview
		The Fine Print
		Wireless Vocabulary
		A Close Examination of Threats
		Ways to Locate Wireless Networks
		Choosing the Right Wireless Card
		Hacking Bluetooth
	Summary
	Exam Essentials
	Review Questions
Chapter 16 Mobile Device Security
	Mobile OS Models and Architectures
	Goals of Mobile Security
	Device Security Models
		Google Android OS
		Apple iOS
		Common Problems with Mobile Devices
		Penetration Testing Mobile Devices
		Penetration Testing Using Android
	Countermeasures
	Summary
	Exam Essentials
	Review Questions
Chapter 17 Evasion
	Honeypots, IDSs, and Firewalls
		The Role of Intrusion Detection Systems
		Firewalls
		What’s That Firewall Running?
		Honeypots
		Run Silent, Run Deep: Evasion Techniques
		Evading Firewalls
	Summary
	Exam Essentials
	Review Questions
Chapter 18 Cloud Technologies and Security
	What Is the Cloud?
		Types of Cloud Solutions
		Forms of Cloud Services
		Threats to Cloud Security
		Cloud Computing Attacks
		Controls for Cloud Security
		Testing Security in the Cloud
	Summary
	Exam Essentials
	Review Questions
Chapter 19 Physical Security
	Introducing Physical Security
		Simple Controls
		Dealing with Mobile Device Issues
		Data Storage Security
		Securing the Physical Area
		Entryways
		Server Rooms and Networks
		Other Items to Consider
		Education and Awareness
		Defense in Depth
	Summary
	Exam Essentials
	Review Questions
Appendix A Answers to Review Questions
	Chapter 1: Introduction to Ethical Hacking
	Chapter 2: System Fundamentals
	Chapter 3: Cryptography
	Chapter 4: Footprinting
	Chapter 5: Scanning
	Chapter 6: Enumeration
	Chapter 7: System Hacking
	Chapter 8: Malware
	Chapter 9: Sniffers
	Chapter 10: Social Engineering
	Chapter 11: Denial of Service
	Chapter 12: Session Hijacking
	Chapter 13: Web Servers and Applications
	Chapter 14: SQL Injection
	Chapter 15: Hacking Wi-Fi and Bluetooth
	Chapter 16: Mobile Device Security
	Chapter 17: Evasion
	Chapter 18: Cloud Technologies and Security
	Chapter 19: Physical Security
Appendix B Penetration Testing Frameworks
	Overview of Alternative Methods
	Penetration Testing Execution Standard
		Working with PTES
		Pre-Engagement Interactions
		Contents of a Contract
		Gaining Permission
		Intelligence Gathering
		Threat Modeling
		Vulnerability Analysis
		Exploitation
		Post-Exploitation
		Reporting
		Mopping Up
	Summary
Appendix C Building a Lab
	Why Build a Lab?
		The Build Process
		What You Will Need
	Creating a Test Setup
		Virtualization Software Options
	The Installation Process
		Installing a Virtualized Operating System
		Installing Tools
	Summary
Index
Advert
EULA
                        

Similer Documents