Switch content of the page by the Role togglethe content would be changed according to the role
CEH Certified Ethical Hacker Cert Guide, 4th edition
Published by Pearson IT Certification (April 12, 2022) © 2022
- Omar Santos Best-selling Cisco Press author, expert trainer, and Principal Engineer at Cisco (PSIRT)
- Michael Gregg
- Omar Santos Best-selling Cisco Press author, expert trainer, and Principal Engineer at Cisco (PSIRT)
eTextbook
/moper month
- Anytime, anywhere learning with the Pearson+ app
- Easy-to-use search, navigation and notebook
- Simpler studying with flashcards
$47.99
- A print text (hardcover or paperback)Â
- Free shipping
- Also available for purchase as an ebook from all major ebook resellers, including InformIT.com
uCertify
$140.00
- Includes the full Pearson e-text, pre- and post-assessments, quizzes, videos, and more
- Provides hands-on skills to bridge conceptual knowledge and real-world application
- Powerful student management tools yet easy to implement, customize, and manage
Every feature of this book supports both efficient exam preparation and long-term mastery:
- Opening Topics Lists identify the topics students need to learn in each chapter and list EC-Council's official exam objectives
- Key Topics figures, tables, and lists call attention to the information that is most crucial for exam success
- Exam Preparation Tasks enable students to review key topics, define key terms, work through scenarios, and answer review questions…going beyond mere facts to master the concepts that are crucial to passing the exam and enhancing career credentials
- Key Terms are listed in each chapter and defined in a complete glossary, explaining essential terminology within the field
This study guide helps students master all the topics on the latest CEH exam, including:
- Ethical hacking basics
- Technical foundations of hacking
- Footprinting and scanning
- Enumeration and system hacking
- Social engineering, malware threats, and vulnerability analysis
- Sniffers, session hijacking, and denial of service
- Web server hacking, web applications, and database attacks
- Wireless technologies, mobile security, and mobile attacks
- IDS, firewalls, and honeypots
- Cryptographic attacks and defenses
- Cloud computing, IoT, and botnets
- Master CEH v11 exam topics
- Assess knowledge with chapter-ending quizzes
- Review key concepts with exam preparation tasks
- Practice with realistic exam questions on the practice test engine
This edition has been fully updated for the latest version of the CEH Certified Ethical Hacker certification exam.Â
Introduction xxvii
Chapter 1 An Introduction to Ethical Hacking 3
"Do I Know This Already?" Quiz 3
Foundation Topics 7
Security Fundamentals 7
   Goals of Security 8
   Risk, Assets, Threats, and Vulnerabilities 9
   Backing Up Data to Reduce Risk 11
   Defining an Exploit 12
   Risk Assessment 13
Security Testing 14
   No-Knowledge Tests (Black Box) 14
   Full-Knowledge Testing (White Box) 15
   Partial-Knowledge Testing (Gray Box) 15
   Types of Security Tests 15
   Incident Response 17
Cyber Kill Chain 18
Hacker and Cracker Descriptions 19
   Who Attackers Are 20
Ethical Hackers 21
   Required Skills of an Ethical Hacker 22
   Modes of Ethical Hacking 23
Test Plans--Keeping It Legal 25
   Test Phases 27
   Establishing Goals 28
   Getting Approval 29
   Ethical Hacking Report 29
   Vulnerability Research and Bug Bounties--Keeping Up with Changes 30
Ethics and Legality 31
   Overview of U.S. Federal Laws 32
   Compliance Regulations 34
   Payment Card Industry Data Security Standard (PCI-DSS) 36
Summary 36
Exam Preparation Tasks 37
Review All Key Topics 37
Define Key Terms 38
Exercises 38
   1-1 Searching for Exposed Passwords 38
   1-2 Examining Security Policies 39
Review Questions 39
Suggested Reading and Resources 44
Chapter 2 The Technical Foundations of Hacking 47
"Do I Know This Already?" Quiz 47
Foundation Topics 50
The Hacking Process 50
   Performing Reconnaissance and Footprinting 50
   Scanning and Enumeration 51
   Gaining Access 52
   Escalating Privilege 53
   Maintaining Access 53
   Covering Tracks and Planting Backdoors 54
The Ethical Hacker's Process 54
   NIST SP 800-115 56
   Operationally Critical Threat, Asset, and Vulnerability Evaluation 56
   Open Source Security Testing Methodology Manual 56
Information Security Systems and the Stack 57
   The OSI Model 57
   Anatomy of TCP/IP Protocols 60
   The Application Layer 62
   The Transport Layer 66
   Transmission Control Protocol 66
   User Datagram Protocol 68
   The Internet Layer 69
   Traceroute 74
   The Network Access Layer 77
Summary 78
Exam Preparation Tasks 79
Review All Key Topics 79
Define Key Terms 79
Exercises 80
   2-1 Install a Sniffer and Perform Packet Captures 80
   2-2 Using Traceroute for Network Troubleshooting 81
Review Questions 81
Suggested Reading and Resources 85
Chapter 3 Footprinting, Reconnaissance, and Scanning 89
"Do I Know This Already?" Quiz 89
Foundation Topics 93
Footprinting 93
   Footprinting Methodology 93
   Documentation 95
   Footprinting Through Search Engines 96
   Footprinting Through Social Networking Sites 101
   Footprinting Through Web Services and Websites 103
   Email Footprinting 106
   Whois Footprinting 108
   DNS Footprinting 112
   Network Footprinting 118
   Subnetting's Role in Mapping Networks 119
   Traceroute 120
   Footprinting Through Social Engineering 121
   Footprinting Countermeasures 122
Scanning 122
   Host Discovery 123
   Port and Service Discovery 124
   Nmap 131
   SuperScan 139
   THC-Amap 139
   Hping 140
   Port Knocking 140
   OS Discovery (Banner Grabbing/OS Fingerprinting) and Scanning
   Beyond IDS and Firewall 141
   Active Fingerprinting Tools 143
   Fingerprinting Services 145
       Default Ports and Services 145
       Finding Open Services 145
   Draw Network Diagrams 148
Summary 151
Exam Preparation Tasks 152
Review All Key Topics 152
Define Key Terms 152
Exercises 153
   3-1 Performing Passive Reconnaissance 153
   3-2 Performing Active Reconnaissance 154
Review Questions 155
Suggested Reading and Resources 159
Chapter 4 Enumeration and System Hacking 161
"Do I Know This Already?" Quiz 161
Foundation Topics 164
Enumeration 164
   Windows Enumeration 164
   Windows Security 166
   NetBIOS and LDAP Enumeration 167
   NetBIOS Enumeration Tools 169
   SNMP Enumeration 177
   Linux/UNIX Enumeration 183
   NTP Enumeration 185
   SMTP Enumeration 186
   Additional Enumeration Techniques 191
   DNS Enumeration 191
   Enumeration Countermeasures 192
System Hacking 193
   Nontechnical Password Attacks 193
   Technical Password Attacks 194
   Password Guessing 195
   Automated Password Guessing 197
   Password Sniffing 197
   Keylogging 198
   Escalating Privilege and Exploiting Vulnerabilities 199
   Exploiting an Application 200
   Exploiting a Buffer Overflow 201
   Owning the Box 203
   Windows Authentication Types 203
   Cracking Windows Passwords 205
   Linux Authentication and Passwords 209
   Cracking Linux Passwords 212
   Hiding Files and Covering Tracks 213
   Rootkits 214
   File Hiding 217
Summary 219
Exam Preparation Tasks 220
Review All Key Topics 220
Define Key Terms 220
Exercise 220
   4-1 NTFS File Streaming 220
Review Questions 221
Suggested Reading and Resources 226
Chapter 5 Social Engineering, Malware Threats, and Vulnerability Analysis 229
"Do I Know This Already?" Quiz 229
Foundation Topics 234
Social Engineering 234
   Phishing 235
   Pharming 235
   Malvertising 236
   Spear Phishing 237
   SMS Phishing 245
   Voice Phishing 245
   Whaling 245
   Elicitation, Interrogation, and Impersonation (Pretexting) 246
   Social Engineering Motivation Techniques 247
   Shoulder Surfing and USB Baiting 248
Malware Threats 248
   Viruses and Worms 248
   Types and Transmission Methods of Viruses and Malware 249
   Virus Payloads 251
   History of Viruses 252
   Well-Known Viruses and Worms 253
   Virus Creation Tools 255
   Trojans 255
   Trojan Types 256
   Trojan Ports and Communication Methods 257
   Trojan Goals 258
   Trojan Infection Mechanisms 259
   Effects of Trojans 260
   Trojan Tools 261
   Distributing Trojans 263
   Wrappers 264
   Packers 265
   Droppers 265
   Crypters 265
   Ransomware 267
   Covert Communications 268
   Tunneling via the Internet Layer 269
   Tunneling via the Transport Layer 272
   Tunneling via the Application Layer 273
   Port Redirection 274
   Keystroke Logging and Spyware 276
   Hardware Keyloggers 277
   Software Keyloggers 277
   Spyware 278
   Malware Countermeasures 279
   Detecting Malware 280
   Antivirus 283
   Analyzing Malware 286
   Static Analysis 286
   Dynamic Analysis 288
Vulnerability Analysis 290
   Passive vs. Active Assessments 290
   External vs. Internal Assessments 290
   Vulnerability Assessment Solutions 291
   Tree-Based vs. Inference-Based Assessments 291
   Vulnerability Scoring Systems 292
   Vulnerability Scanning Tools 296
Summary 297
Exam Preparation Tasks 298
Review All Key Topics 299
Define Key Terms 300
Command Reference to Check Your Memory 300
Exercises 300
   5-1 Finding Malicious Programs 300
   5-2 Using Process Explorer 301
Review Questions 303
Suggested Reading and Resources 307
Chapter 6 Sniffers, Session Hijacking, and Denial of Service 311
"Do I Know This Already?" Quiz 311
Foundation Topics 314
Sniffers 314
   Passive Sniffing 315
   Active Sniffing 316
   Address Resolution Protocol 316
   ARP Poisoning and MAC Flooding 318
   Tools for Sniffing and Packet Capturing 324
   Wireshark 324
   Other Sniffing Tools 328
   Sniffing and Spoofing Countermeasures 328
Session Hijacking 330
   Transport Layer Hijacking 330
       Identify and Find an Active Session 331
       Predict the Sequence Number 332
       Take One of the Parties Offline 333
       Take Control of the Session 333
   Application Layer Hijacking 334
       Session Sniffing 334
       Predictable Session Token ID 334
       On-Path Attacks 335
       Client-Side Attacks 335
       Browser-Based On-Path Attacks 337
       Session Replay Attacks 338
       Session Fixation Attacks 338
   Session Hijacking Tools 338
   Preventing Session Hijacking 341
Denial of Service and Distributed Denial of Service 341
   DoS Attack Techniques 343
   Volumetric Attacks 343
   SYN Flood Attacks 344
   ICMP Attacks 344
   Peer-to-Peer Attacks 345
   Application-Level Attacks 345
   Permanent DoS Attacks 346
   Distributed Denial of Service 347
   DDoS Tools 348
   DoS and DDoS Countermeasures 350
Summary 353
Exam Preparation Tasks 354
Review All Key Topics 354
Define Key Terms 354
Exercises 355
   6-1 Scanning for DDoS Programs 355
   6-2 Spoofing Your MAC Address in Linux 355
   6-3 Using the KnowBe4 SMAC to Spoof Your MAC Address 356
Review Questions 356
Suggested Reading and Resources 360
Chapter 7 Web Server Hacking, Web Applications, and Database Attacks 363
"Do I Know This Already?" Quiz 363
Foundation Topics 366
Web Server Hacking 366
   The HTTP Protocol 366
   Scanning Web Servers 374
   Banner Grabbing and Enumeration 374
   Web Server Vulnerability Identification 379
   Attacking the Web Server 380
   DoS/DDoS Attacks 380
   DNS Server Hijacking and DNS Amplification Attacks 380
   Directory Traversal 382
   On-Path Attacks 384
   Website Defacement 384
   Web Server Misconfiguration 384
   HTTP Response Splitting 385
   Understanding Cookie Manipulation Attacks 385
   Web Server Password Cracking 386
   Web Server-Specific Vulnerabilities 386
   Comments in Source Code 388
   Lack of Error Handling and Overly Verbose Error Handling 389
   Hard-Coded Credentials 389
   Race Conditions 389
   Unprotected APIs 390
   Hidden Elements 393
   Lack of Code Signing 393
   Automated Exploit Tools 393
   Securing Web Servers 395
       Harden Before Deploying 395
       Patch Management 395
       Disable Unneeded Services 396
       Lock Down the File System 396
       Log and Audit 396
       Provide Ongoing Vulnerability Scans 397
Web Application Hacking 398
   Unvalidated Input 398
   Parameter/Form Tampering 399
   Injection Flaws 399
   Cross-Site Scripting (XSS) Vulnerabilities 400
   Reflected XSS Attacks 401
   Stored XSS Attacks 402
   DOM-Based XSS Attacks 404
   XSS Evasion Techniques 405
   XSS Mitigations 406
   Understanding Cross-Site Request Forgery Vulnerabilities and Related Attacks 408
   Understanding Clickjacking 409
   Other Web Application Attacks 410
   Exploiting Web-Based Cryptographic Vulnerabilities and Insecure Configurations 411
   Web-Based Password Cracking and Authentication Attacks 412
   Understanding What Cookies Are and Their Use 414
   URL Obfuscation 415
   Intercepting Web Traffic 417
   Securing Web Applications 419
   Lack of Code Signing 421
Database Hacking 421
   A Brief Introduction to SQL and SQL Injection 422
       SQL Injection Categories 427
       Fingerprinting the Database 429
       Surveying the UNION Exploitation Technique 430
       Using Boolean in SQL Injection Attacks 431
       Understanding Out-of-Band Exploitation 432
       Exploring the Time-Delay SQL Injection Technique 433
       Surveying Stored Procedure SQL Injection 434
       Understanding SQL Injection Mitigations 434
   SQL Injection Hacking Tools 435
Summary 436
Exam Preparation Tasks 437
Review All Key Topics 437
Exercise 438
   7-1 Complete the Exercises in WebGoat 438
Review Questions 438
Suggested Reading and Resources 443
Chapter 8 Wireless Technologies, Mobile Security, and Attacks 445
"Do I Know This Already?" Quiz 445
Foundation Topics 449
Wireless and Mobile Device Technologies 449
   Mobile Device Concerns 451
   Mobile Device Platforms 452
   Android 453
   iOS 455
   Windows Mobile Operating System 456
   BlackBerry 457
   Mobile Device Management and Protection 457
   Bluetooth 458
   Radio Frequency Identification (RFID) Attacks 461
Wi-Fi 461
   Wireless LAN Basics 462
   Wireless LAN Frequencies and Signaling 463
   Wireless LAN Security 464
       Installing Rogue Access Points 467
       Evil Twin Attacks 468
       Deauthentication Attacks 468
   Attacking the Preferred Network Lists 472
   Jamming Wireless Signals and Causing Interference 472
   War Driving 472
       Attacking WEP 472
       Attacking WPA 474
   Wireless Networks Configured with Open Authentication 478
       KRACK Attacks 479
       Attacks Against WPA3 479
       Attacking Wi-Fi Protected Setup (WPS) 480
       KARMA Attack 481
       Fragmentation Attacks 481
   Additional Wireless Hacking Tools 482
   Performing GPS Mapping 483
   Wireless Traffic Analysis 483
   Launch Wireless Attacks 483
   Crack and Compromise the Wi-Fi Network 484
   Securing Wireless Networks 485
   Site Survey 485
       Robust Wireless Authentication 485
   Misuse Detection 486
Summary 487
Exam Preparation Tasks 488
Review All Key Topics 488
Define Key Terms 488
Review Questions 488
Suggested Reading and Resources 489
Chapter 9 Evading IDS, Firewalls, and Honeypots 491
"Do I Know This Already?" Quiz 491
Foundation Topics 495
Intrusion Detection and Prevention Systems 495
   IDS Types and Components 495
   Pattern Matching 497
   Protocol Analysis 500
   Heuristic-Based Analysis 500
   Anomaly-Based Analysis 500
   Global Threat Correlation Capabilities 502
   Snort 502
   IDS Evasion 506
   Flooding 507
   Insertion and Evasion 507
   Session Splicing 508
   Shellcode Attacks 508
   Other IDS Evasion Techniques 509
   IDS Evasion Tools 510
Firewalls 511
   Firewall Types 512
   Network Address Translation 512
   Packet Filters 513
   Application and Circuit-Level Gateways 515
   Stateful Inspection 515
   Identifying Firewalls 516
   Bypassing Firewalls 520
Honeypots 526
   Types of Honeypots 528
   Detecting Honeypots 529
Summary 530
Exam Preparation Tasks 530
Review All Key Topics 530
Define Key Terms 531
Review Questions 531
Suggested Reading and Resources 536
Chapter 10 Cryptographic Attacks and Defenses 539
"Do I Know This Already?" Quiz 539
Foundation Topics 543
Cryptography History and Concepts 543
Encryption Algorithms 545
   Symmetric Encryption 546
   Data Encryption Standard (DES) 548
   Advanced Encryption Standard (AES) 550
   Rivest Cipher 551
   Asymmetric Encryption (Public Key Encryption) 551
   RSA 552
   Diffie-Hellman 552
   ElGamal 553
   Elliptic-Curve Cryptography (ECC) 553
   Digital Certificates 553
Public Key Infrastructure 554
   Trust Models 555
   Single-Authority Trust 556
   Hierarchical Trust 556
   Web of Trust 557
Email and Disk Encryption 557
Cryptoanalysis and Attacks 558
   Weak Encryption 561
   Encryption-Cracking Tools 563
Security Protocols and Countermeasures 563
   Steganography 566
       Steganography Operation 567
       Steganographic Tools 568
   Digital Watermark 571
   Hashing 571
   Digital Signature 573
Summary 574
Exam Preparation Tasks 574
Review All Key Topics 574
Define Key Terms 575
Exercises 575
   10-1 Examining an SSL Certificate 575
   10-2 Using PGP 576
   10-3 Using a Steganographic Tool to Hide a Message 577
Review Questions 577
Suggested Reading and Resources 582
Chapter 11 Cloud Computing, IoT, and Botnets 585
"Do I Know This Already?" Quiz 585
Foundation Topics 588
Cloud Computing 588
   Cloud Computing Issues and Concerns 590
   Cloud Computing Attacks 592
   Cloud Computing Security 593
   DevOps, Continuous Integration (CI), Continuous Delivery (CD), and DevSecOps 593
   CI/CD Pipelines 596
   Serverless Computing 598
   Containers and Container Orchestration 598
   How to Scan Containers to Find Security Vulnerabilities 600
IoT 601
   IoT Protocols 604
   IoT Implementation Hacking 606
Botnets 606
   Botnet Countermeasures 609
Summary 612
Exam Preparation Tasks 612
Review All Key Topics 612
Define Key Terms 613
Review Questions 613
Suggested Reading and Resources 615
Chapter 12 Final Preparation 619
Hands-on Activities 619
Suggested Plan for Final Review and Study 620
Summary 621
Glossary of Key Terms 623
Appendix A Answers to the "Do I Know This Already?" Quizzes and Review Questions 649
Appendix B CEH Certified Ethical Hacker Cert Guide Exam Updates 685
Online Elements:
Appendix C Study Planner
Glossary of Key Terms
9780137489985Â Â Â TOCÂ Â Â 12/15/2021
Chapter 1 An Introduction to Ethical Hacking 3
"Do I Know This Already?" Quiz 3
Foundation Topics 7
Security Fundamentals 7
   Goals of Security 8
   Risk, Assets, Threats, and Vulnerabilities 9
   Backing Up Data to Reduce Risk 11
   Defining an Exploit 12
   Risk Assessment 13
Security Testing 14
   No-Knowledge Tests (Black Box) 14
   Full-Knowledge Testing (White Box) 15
   Partial-Knowledge Testing (Gray Box) 15
   Types of Security Tests 15
   Incident Response 17
Cyber Kill Chain 18
Hacker and Cracker Descriptions 19
   Who Attackers Are 20
Ethical Hackers 21
   Required Skills of an Ethical Hacker 22
   Modes of Ethical Hacking 23
Test Plans--Keeping It Legal 25
   Test Phases 27
   Establishing Goals 28
   Getting Approval 29
   Ethical Hacking Report 29
   Vulnerability Research and Bug Bounties--Keeping Up with Changes 30
Ethics and Legality 31
   Overview of U.S. Federal Laws 32
   Compliance Regulations 34
   Payment Card Industry Data Security Standard (PCI-DSS) 36
Summary 36
Exam Preparation Tasks 37
Review All Key Topics 37
Define Key Terms 38
Exercises 38
   1-1 Searching for Exposed Passwords 38
   1-2 Examining Security Policies 39
Review Questions 39
Suggested Reading and Resources 44
Chapter 2 The Technical Foundations of Hacking 47
"Do I Know This Already?" Quiz 47
Foundation Topics 50
The Hacking Process 50
   Performing Reconnaissance and Footprinting 50
   Scanning and Enumeration 51
   Gaining Access 52
   Escalating Privilege 53
   Maintaining Access 53
   Covering Tracks and Planting Backdoors 54
The Ethical Hacker's Process 54
   NIST SP 800-115 56
   Operationally Critical Threat, Asset, and Vulnerability Evaluation 56
   Open Source Security Testing Methodology Manual 56
Information Security Systems and the Stack 57
   The OSI Model 57
   Anatomy of TCP/IP Protocols 60
   The Application Layer 62
   The Transport Layer 66
   Transmission Control Protocol 66
   User Datagram Protocol 68
   The Internet Layer 69
   Traceroute 74
   The Network Access Layer 77
Summary 78
Exam Preparation Tasks 79
Review All Key Topics 79
Define Key Terms 79
Exercises 80
   2-1 Install a Sniffer and Perform Packet Captures 80
   2-2 Using Traceroute for Network Troubleshooting 81
Review Questions 81
Suggested Reading and Resources 85
Chapter 3 Footprinting, Reconnaissance, and Scanning 89
"Do I Know This Already?" Quiz 89
Foundation Topics 93
Footprinting 93
   Footprinting Methodology 93
   Documentation 95
   Footprinting Through Search Engines 96
   Footprinting Through Social Networking Sites 101
   Footprinting Through Web Services and Websites 103
   Email Footprinting 106
   Whois Footprinting 108
   DNS Footprinting 112
   Network Footprinting 118
   Subnetting's Role in Mapping Networks 119
   Traceroute 120
   Footprinting Through Social Engineering 121
   Footprinting Countermeasures 122
Scanning 122
   Host Discovery 123
   Port and Service Discovery 124
   Nmap 131
   SuperScan 139
   THC-Amap 139
   Hping 140
   Port Knocking 140
   OS Discovery (Banner Grabbing/OS Fingerprinting) and Scanning
   Beyond IDS and Firewall 141
   Active Fingerprinting Tools 143
   Fingerprinting Services 145
       Default Ports and Services 145
       Finding Open Services 145
   Draw Network Diagrams 148
Summary 151
Exam Preparation Tasks 152
Review All Key Topics 152
Define Key Terms 152
Exercises 153
   3-1 Performing Passive Reconnaissance 153
   3-2 Performing Active Reconnaissance 154
Review Questions 155
Suggested Reading and Resources 159
Chapter 4 Enumeration and System Hacking 161
"Do I Know This Already?" Quiz 161
Foundation Topics 164
Enumeration 164
   Windows Enumeration 164
   Windows Security 166
   NetBIOS and LDAP Enumeration 167
   NetBIOS Enumeration Tools 169
   SNMP Enumeration 177
   Linux/UNIX Enumeration 183
   NTP Enumeration 185
   SMTP Enumeration 186
   Additional Enumeration Techniques 191
   DNS Enumeration 191
   Enumeration Countermeasures 192
System Hacking 193
   Nontechnical Password Attacks 193
   Technical Password Attacks 194
   Password Guessing 195
   Automated Password Guessing 197
   Password Sniffing 197
   Keylogging 198
   Escalating Privilege and Exploiting Vulnerabilities 199
   Exploiting an Application 200
   Exploiting a Buffer Overflow 201
   Owning the Box 203
   Windows Authentication Types 203
   Cracking Windows Passwords 205
   Linux Authentication and Passwords 209
   Cracking Linux Passwords 212
   Hiding Files and Covering Tracks 213
   Rootkits 214
   File Hiding 217
Summary 219
Exam Preparation Tasks 220
Review All Key Topics 220
Define Key Terms 220
Exercise 220
   4-1 NTFS File Streaming 220
Review Questions 221
Suggested Reading and Resources 226
Chapter 5 Social Engineering, Malware Threats, and Vulnerability Analysis 229
"Do I Know This Already?" Quiz 229
Foundation Topics 234
Social Engineering 234
   Phishing 235
   Pharming 235
   Malvertising 236
   Spear Phishing 237
   SMS Phishing 245
   Voice Phishing 245
   Whaling 245
   Elicitation, Interrogation, and Impersonation (Pretexting) 246
   Social Engineering Motivation Techniques 247
   Shoulder Surfing and USB Baiting 248
Malware Threats 248
   Viruses and Worms 248
   Types and Transmission Methods of Viruses and Malware 249
   Virus Payloads 251
   History of Viruses 252
   Well-Known Viruses and Worms 253
   Virus Creation Tools 255
   Trojans 255
   Trojan Types 256
   Trojan Ports and Communication Methods 257
   Trojan Goals 258
   Trojan Infection Mechanisms 259
   Effects of Trojans 260
   Trojan Tools 261
   Distributing Trojans 263
   Wrappers 264
   Packers 265
   Droppers 265
   Crypters 265
   Ransomware 267
   Covert Communications 268
   Tunneling via the Internet Layer 269
   Tunneling via the Transport Layer 272
   Tunneling via the Application Layer 273
   Port Redirection 274
   Keystroke Logging and Spyware 276
   Hardware Keyloggers 277
   Software Keyloggers 277
   Spyware 278
   Malware Countermeasures 279
   Detecting Malware 280
   Antivirus 283
   Analyzing Malware 286
   Static Analysis 286
   Dynamic Analysis 288
Vulnerability Analysis 290
   Passive vs. Active Assessments 290
   External vs. Internal Assessments 290
   Vulnerability Assessment Solutions 291
   Tree-Based vs. Inference-Based Assessments 291
   Vulnerability Scoring Systems 292
   Vulnerability Scanning Tools 296
Summary 297
Exam Preparation Tasks 298
Review All Key Topics 299
Define Key Terms 300
Command Reference to Check Your Memory 300
Exercises 300
   5-1 Finding Malicious Programs 300
   5-2 Using Process Explorer 301
Review Questions 303
Suggested Reading and Resources 307
Chapter 6 Sniffers, Session Hijacking, and Denial of Service 311
"Do I Know This Already?" Quiz 311
Foundation Topics 314
Sniffers 314
   Passive Sniffing 315
   Active Sniffing 316
   Address Resolution Protocol 316
   ARP Poisoning and MAC Flooding 318
   Tools for Sniffing and Packet Capturing 324
   Wireshark 324
   Other Sniffing Tools 328
   Sniffing and Spoofing Countermeasures 328
Session Hijacking 330
   Transport Layer Hijacking 330
       Identify and Find an Active Session 331
       Predict the Sequence Number 332
       Take One of the Parties Offline 333
       Take Control of the Session 333
   Application Layer Hijacking 334
       Session Sniffing 334
       Predictable Session Token ID 334
       On-Path Attacks 335
       Client-Side Attacks 335
       Browser-Based On-Path Attacks 337
       Session Replay Attacks 338
       Session Fixation Attacks 338
   Session Hijacking Tools 338
   Preventing Session Hijacking 341
Denial of Service and Distributed Denial of Service 341
   DoS Attack Techniques 343
   Volumetric Attacks 343
   SYN Flood Attacks 344
   ICMP Attacks 344
   Peer-to-Peer Attacks 345
   Application-Level Attacks 345
   Permanent DoS Attacks 346
   Distributed Denial of Service 347
   DDoS Tools 348
   DoS and DDoS Countermeasures 350
Summary 353
Exam Preparation Tasks 354
Review All Key Topics 354
Define Key Terms 354
Exercises 355
   6-1 Scanning for DDoS Programs 355
   6-2 Spoofing Your MAC Address in Linux 355
   6-3 Using the KnowBe4 SMAC to Spoof Your MAC Address 356
Review Questions 356
Suggested Reading and Resources 360
Chapter 7 Web Server Hacking, Web Applications, and Database Attacks 363
"Do I Know This Already?" Quiz 363
Foundation Topics 366
Web Server Hacking 366
   The HTTP Protocol 366
   Scanning Web Servers 374
   Banner Grabbing and Enumeration 374
   Web Server Vulnerability Identification 379
   Attacking the Web Server 380
   DoS/DDoS Attacks 380
   DNS Server Hijacking and DNS Amplification Attacks 380
   Directory Traversal 382
   On-Path Attacks 384
   Website Defacement 384
   Web Server Misconfiguration 384
   HTTP Response Splitting 385
   Understanding Cookie Manipulation Attacks 385
   Web Server Password Cracking 386
   Web Server-Specific Vulnerabilities 386
   Comments in Source Code 388
   Lack of Error Handling and Overly Verbose Error Handling 389
   Hard-Coded Credentials 389
   Race Conditions 389
   Unprotected APIs 390
   Hidden Elements 393
   Lack of Code Signing 393
   Automated Exploit Tools 393
   Securing Web Servers 395
       Harden Before Deploying 395
       Patch Management 395
       Disable Unneeded Services 396
       Lock Down the File System 396
       Log and Audit 396
       Provide Ongoing Vulnerability Scans 397
Web Application Hacking 398
   Unvalidated Input 398
   Parameter/Form Tampering 399
   Injection Flaws 399
   Cross-Site Scripting (XSS) Vulnerabilities 400
   Reflected XSS Attacks 401
   Stored XSS Attacks 402
   DOM-Based XSS Attacks 404
   XSS Evasion Techniques 405
   XSS Mitigations 406
   Understanding Cross-Site Request Forgery Vulnerabilities and Related Attacks 408
   Understanding Clickjacking 409
   Other Web Application Attacks 410
   Exploiting Web-Based Cryptographic Vulnerabilities and Insecure Configurations 411
   Web-Based Password Cracking and Authentication Attacks 412
   Understanding What Cookies Are and Their Use 414
   URL Obfuscation 415
   Intercepting Web Traffic 417
   Securing Web Applications 419
   Lack of Code Signing 421
Database Hacking 421
   A Brief Introduction to SQL and SQL Injection 422
       SQL Injection Categories 427
       Fingerprinting the Database 429
       Surveying the UNION Exploitation Technique 430
       Using Boolean in SQL Injection Attacks 431
       Understanding Out-of-Band Exploitation 432
       Exploring the Time-Delay SQL Injection Technique 433
       Surveying Stored Procedure SQL Injection 434
       Understanding SQL Injection Mitigations 434
   SQL Injection Hacking Tools 435
Summary 436
Exam Preparation Tasks 437
Review All Key Topics 437
Exercise 438
   7-1 Complete the Exercises in WebGoat 438
Review Questions 438
Suggested Reading and Resources 443
Chapter 8 Wireless Technologies, Mobile Security, and Attacks 445
"Do I Know This Already?" Quiz 445
Foundation Topics 449
Wireless and Mobile Device Technologies 449
   Mobile Device Concerns 451
   Mobile Device Platforms 452
   Android 453
   iOS 455
   Windows Mobile Operating System 456
   BlackBerry 457
   Mobile Device Management and Protection 457
   Bluetooth 458
   Radio Frequency Identification (RFID) Attacks 461
Wi-Fi 461
   Wireless LAN Basics 462
   Wireless LAN Frequencies and Signaling 463
   Wireless LAN Security 464
       Installing Rogue Access Points 467
       Evil Twin Attacks 468
       Deauthentication Attacks 468
   Attacking the Preferred Network Lists 472
   Jamming Wireless Signals and Causing Interference 472
   War Driving 472
       Attacking WEP 472
       Attacking WPA 474
   Wireless Networks Configured with Open Authentication 478
       KRACK Attacks 479
       Attacks Against WPA3 479
       Attacking Wi-Fi Protected Setup (WPS) 480
       KARMA Attack 481
       Fragmentation Attacks 481
   Additional Wireless Hacking Tools 482
   Performing GPS Mapping 483
   Wireless Traffic Analysis 483
   Launch Wireless Attacks 483
   Crack and Compromise the Wi-Fi Network 484
   Securing Wireless Networks 485
   Site Survey 485
       Robust Wireless Authentication 485
   Misuse Detection 486
Summary 487
Exam Preparation Tasks 488
Review All Key Topics 488
Define Key Terms 488
Review Questions 488
Suggested Reading and Resources 489
Chapter 9 Evading IDS, Firewalls, and Honeypots 491
"Do I Know This Already?" Quiz 491
Foundation Topics 495
Intrusion Detection and Prevention Systems 495
   IDS Types and Components 495
   Pattern Matching 497
   Protocol Analysis 500
   Heuristic-Based Analysis 500
   Anomaly-Based Analysis 500
   Global Threat Correlation Capabilities 502
   Snort 502
   IDS Evasion 506
   Flooding 507
   Insertion and Evasion 507
   Session Splicing 508
   Shellcode Attacks 508
   Other IDS Evasion Techniques 509
   IDS Evasion Tools 510
Firewalls 511
   Firewall Types 512
   Network Address Translation 512
   Packet Filters 513
   Application and Circuit-Level Gateways 515
   Stateful Inspection 515
   Identifying Firewalls 516
   Bypassing Firewalls 520
Honeypots 526
   Types of Honeypots 528
   Detecting Honeypots 529
Summary 530
Exam Preparation Tasks 530
Review All Key Topics 530
Define Key Terms 531
Review Questions 531
Suggested Reading and Resources 536
Chapter 10 Cryptographic Attacks and Defenses 539
"Do I Know This Already?" Quiz 539
Foundation Topics 543
Cryptography History and Concepts 543
Encryption Algorithms 545
   Symmetric Encryption 546
   Data Encryption Standard (DES) 548
   Advanced Encryption Standard (AES) 550
   Rivest Cipher 551
   Asymmetric Encryption (Public Key Encryption) 551
   RSA 552
   Diffie-Hellman 552
   ElGamal 553
   Elliptic-Curve Cryptography (ECC) 553
   Digital Certificates 553
Public Key Infrastructure 554
   Trust Models 555
   Single-Authority Trust 556
   Hierarchical Trust 556
   Web of Trust 557
Email and Disk Encryption 557
Cryptoanalysis and Attacks 558
   Weak Encryption 561
   Encryption-Cracking Tools 563
Security Protocols and Countermeasures 563
   Steganography 566
       Steganography Operation 567
       Steganographic Tools 568
   Digital Watermark 571
   Hashing 571
   Digital Signature 573
Summary 574
Exam Preparation Tasks 574
Review All Key Topics 574
Define Key Terms 575
Exercises 575
   10-1 Examining an SSL Certificate 575
   10-2 Using PGP 576
   10-3 Using a Steganographic Tool to Hide a Message 577
Review Questions 577
Suggested Reading and Resources 582
Chapter 11 Cloud Computing, IoT, and Botnets 585
"Do I Know This Already?" Quiz 585
Foundation Topics 588
Cloud Computing 588
   Cloud Computing Issues and Concerns 590
   Cloud Computing Attacks 592
   Cloud Computing Security 593
   DevOps, Continuous Integration (CI), Continuous Delivery (CD), and DevSecOps 593
   CI/CD Pipelines 596
   Serverless Computing 598
   Containers and Container Orchestration 598
   How to Scan Containers to Find Security Vulnerabilities 600
IoT 601
   IoT Protocols 604
   IoT Implementation Hacking 606
Botnets 606
   Botnet Countermeasures 609
Summary 612
Exam Preparation Tasks 612
Review All Key Topics 612
Define Key Terms 613
Review Questions 613
Suggested Reading and Resources 615
Chapter 12 Final Preparation 619
Hands-on Activities 619
Suggested Plan for Final Review and Study 620
Summary 621
Glossary of Key Terms 623
Appendix A Answers to the "Do I Know This Already?" Quizzes and Review Questions 649
Appendix B CEH Certified Ethical Hacker Cert Guide Exam Updates 685
Index 687
Appendix C Study Planner
Glossary of Key Terms
9780137489985Â Â Â TOCÂ Â Â 12/15/2021
Michael Gregg (CISSP, SSCP, CISA, MCSE, MCT, CTT+, A+, N+, Security+, CCNA, CASP, CISA, CISM, CEH, CHFI, and GSEC) directs the cybersecurity operations for a multinational organization that operates facilities worldwide. As the CISO, Michael is responsible for securing the organization's assets on a global scale. Michael is responsible for developing cost-effective and innovative technology solutions for security issues and for evaluating emerging technologies.
He has more than 20 years of experience in the IT field and holds two associate's degrees, a bachelor's degree, and a master's degree. In addition to coauthoring the first, second, and third editions of Security Administrator Street Smarts, Michael has written or coauthored more than 20 other books.
Michael has testified before a U.S. congressional committee, has been quoted in newspapers such as the New York Times, and was featured on various television and radio shows, including NPR, ABC, CBS, Fox News, and others, discussing cybersecurity and ethical hacking. He has created more than a dozen IT security training classes. He has created and performed video instruction on many security topics, such as cybersecurity, CISSP, CISA, Security+, and others.
When not working, speaking at security events, or writing, Michael enjoys 1960s muscle cars and has a slot in his garage for a new project car.
Omar Santos is an active member of the cybersecurity community. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of their critical infrastructure. Omar is the lead of the DEF CON Red Team Village, the chair of the OASIS Common Security Advisory Framework (CSAF), and has been the leader of several working groups in the Industry Consortium for Advancement of Security on the Internet (ICASI) and the Forum of Incident Response and Security Teams (FIRST).
Need help? Get in touch
Play
Privacy and cookies
By watching, you agree Pearson can share your viewership data for marketing and analytics for one year, revocable by deleting your cookies.