CEH Certified Ethical Hacker Cert Guide

<p>Introduction xxvii<br><strong>Chapter 1</strong> An Introduction to Ethical Hacking 3<br>"Do I Know This Already?" Quiz 3<br>Foundation Topics 7<br>Security Fundamentals 7<br> Goals of Security 8<br> Risk, Assets, Threats, and Vulnerabilities 9<br> Backing Up Data to Reduce Risk 11<br> Defining an Exploit 12<br> Risk Assessment 13<br>Security Testing 14<br> No-Knowledge Tests (Black Box) 14<br> Full-Knowledge Testing (White Box) 15<br> Partial-Knowledge Testing (Gray Box) 15<br> Types of Security Tests 15<br> Incident Response 17<br>Cyber Kill Chain 18<br>Hacker and Cracker Descriptions 19<br> Who Attackers Are 20<br>Ethical Hackers 21<br> Required Skills of an Ethical Hacker 22<br> Modes of Ethical Hacking 23<br>Test Plans--Keeping It Legal 25<br> Test Phases 27<br> Establishing Goals 28<br> Getting Approval 29<br> Ethical Hacking Report 29<br> Vulnerability Research and Bug Bounties--Keeping Up with Changes 30<br>Ethics and Legality 31<br> Overview of U.S. Federal Laws 32<br> Compliance Regulations 34<br> Payment Card Industry Data Security Standard (PCI-DSS) 36<br>Summary 36<br>Exam Preparation Tasks 37<br>Review All Key Topics 37<br>Define Key Terms 38<br>Exercises 38<br> 1-1 Searching for Exposed Passwords 38<br> 1-2 Examining Security Policies 39<br>Review Questions 39<br>Suggested Reading and Resources 44<br><strong>Chapter 2</strong> The Technical Foundations of Hacking 47<br>"Do I Know This Already?" Quiz 47<br>Foundation Topics 50<br>The Hacking Process 50<br> Performing Reconnaissance and Footprinting 50<br> Scanning and Enumeration 51<br> Gaining Access 52<br> Escalating Privilege 53<br> Maintaining Access 53<br> Covering Tracks and Planting Backdoors 54<br>The Ethical Hacker's Process 54<br> NIST SP 800-115 56<br> Operationally Critical Threat, Asset, and Vulnerability Evaluation 56<br> Open Source Security Testing Methodology Manual 56<br>Information Security Systems and the Stack 57<br> The OSI Model 57<br> Anatomy of TCP/IP Protocols 60<br> The Application Layer 62<br> The Transport Layer 66<br> Transmission Control Protocol 66<br> User Datagram Protocol 68<br> The Internet Layer 69<br> Traceroute 74<br> The Network Access Layer 77<br>Summary 78<br>Exam Preparation Tasks 79<br>Review All Key Topics 79<br>Define Key Terms 79<br>Exercises 80<br> 2-1 Install a Sniffer and Perform Packet Captures 80<br> 2-2 Using Traceroute for Network Troubleshooting 81<br>Review Questions 81<br>Suggested Reading and Resources 85<br><strong>Chapter 3</strong> Footprinting, Reconnaissance, and Scanning 89<br>"Do I Know This Already?" Quiz 89<br>Foundation Topics 93<br>Footprinting 93<br> Footprinting Methodology 93<br> Documentation 95<br> Footprinting Through Search Engines 96<br> Footprinting Through Social Networking Sites 101<br> Footprinting Through Web Services and Websites 103<br> Email Footprinting 106<br> Whois Footprinting 108<br> DNS Footprinting 112<br> Network Footprinting 118<br> Subnetting's Role in Mapping Networks 119<br> Traceroute 120<br> Footprinting Through Social Engineering 121<br> Footprinting Countermeasures 122<br>Scanning 122<br> Host Discovery 123<br> Port and Service Discovery 124<br> Nmap 131<br> SuperScan 139<br> THC-Amap 139<br> Hping 140<br> Port Knocking 140<br> OS Discovery (Banner Grabbing/OS Fingerprinting) and Scanning<br> Beyond IDS and Firewall 141<br> Active Fingerprinting Tools 143<br> Fingerprinting Services 145<br> Default Ports and Services 145<br> Finding Open Services 145<br> Draw Network Diagrams 148<br>Summary 151<br>Exam Preparation Tasks 152<br>Review All Key Topics 152<br>Define Key Terms 152<br>Exercises 153<br> 3-1 Performing Passive Reconnaissance 153<br> 3-2 Performing Active Reconnaissance 154<br>Review Questions 155<br>Suggested Reading and Resources 159<br><strong>Chapter 4</strong> Enumeration and System Hacking 161<br>"Do I Know This Already?" Quiz 161<br>Foundation Topics 164<br>Enumeration 164<br> Windows Enumeration 164<br> Windows Security 166<br> NetBIOS and LDAP Enumeration 167<br> NetBIOS Enumeration Tools 169<br> SNMP Enumeration 177<br> Linux/UNIX Enumeration 183<br> NTP Enumeration 185<br> SMTP Enumeration 186<br> Additional Enumeration Techniques 191<br> DNS Enumeration 191<br> Enumeration Countermeasures 192<br>System Hacking 193<br> Nontechnical Password Attacks 193<br> Technical Password Attacks 194<br> Password Guessing 195<br> Automated Password Guessing 197<br> Password Sniffing 197<br> Keylogging 198<br> Escalating Privilege and Exploiting Vulnerabilities 199<br> Exploiting an Application 200<br> Exploiting a Buffer Overflow 201<br> Owning the Box 203<br> Windows Authentication Types 203<br> Cracking Windows Passwords 205<br> Linux Authentication and Passwords 209<br> Cracking Linux Passwords 212<br> Hiding Files and Covering Tracks 213<br> Rootkits 214<br> File Hiding 217<br>Summary 219<br>Exam Preparation Tasks 220<br>Review All Key Topics 220<br>Define Key Terms 220<br>Exercise 220<br> 4-1 NTFS File Streaming 220<br>Review Questions 221<br>Suggested Reading and Resources 226<br><strong>Chapter 5</strong> Social Engineering, Malware Threats, and Vulnerability Analysis 229<br>"Do I Know This Already?" Quiz 229<br>Foundation Topics 234<br>Social Engineering 234<br> Phishing 235<br> Pharming 235<br> Malvertising 236<br> Spear Phishing 237<br> SMS Phishing 245<br> Voice Phishing 245<br> Whaling 245<br> Elicitation, Interrogation, and Impersonation (Pretexting) 246<br> Social Engineering Motivation Techniques 247<br> Shoulder Surfing and USB Baiting 248<br>Malware Threats 248<br> Viruses and Worms 248<br> Types and Transmission Methods of Viruses and Malware 249<br> Virus Payloads 251<br> History of Viruses 252<br> Well-Known Viruses and Worms 253<br> Virus Creation Tools 255<br> Trojans 255<br> Trojan Types 256<br> Trojan Ports and Communication Methods 257<br> Trojan Goals 258<br> Trojan Infection Mechanisms 259<br> Effects of Trojans 260<br> Trojan Tools 261<br> Distributing Trojans 263<br> Wrappers 264<br> Packers 265<br> Droppers 265<br> Crypters 265<br> Ransomware 267<br> Covert Communications 268<br> Tunneling via the Internet Layer 269<br> Tunneling via the Transport Layer 272<br> Tunneling via the Application Layer 273<br> Port Redirection 274<br> Keystroke Logging and Spyware 276<br> Hardware Keyloggers 277<br> Software Keyloggers 277<br> Spyware 278<br> Malware Countermeasures 279<br> Detecting Malware 280<br> Antivirus 283<br> Analyzing Malware 286<br> Static Analysis 286<br> Dynamic Analysis 288<br>Vulnerability Analysis 290<br> Passive vs. Active Assessments 290<br> External vs. Internal Assessments 290<br> Vulnerability Assessment Solutions 291<br> Tree-Based vs. Inference-Based Assessments 291<br> Vulnerability Scoring Systems 292<br> Vulnerability Scanning Tools 296<br>Summary 297<br>Exam Preparation Tasks 298<br>Review All Key Topics 299<br>Define Key Terms 300<br>Command Reference to Check Your Memory 300<br>Exercises 300<br> 5-1 Finding Malicious Programs 300<br> 5-2 Using Process Explorer 301<br>Review Questions 303<br>Suggested Reading and Resources 307<br><strong>Chapter 6</strong> Sniffers, Session Hijacking, and Denial of Service 311<br>"Do I Know This Already?" Quiz 311<br>Foundation Topics 314<br>Sniffers 314<br> Passive Sniffing 315<br> Active Sniffing 316<br> Address Resolution Protocol 316<br> ARP Poisoning and MAC Flooding 318<br> Tools for Sniffing and Packet Capturing 324<br> Wireshark 324<br> Other Sniffing Tools 328<br> Sniffing and Spoofing Countermeasures 328<br>Session Hijacking 330<br> Transport Layer Hijacking 330<br> Identify and Find an Active Session 331<br> Predict the Sequence Number 332<br> Take One of the Parties Offline 333<br> Take Control of the Session 333<br> Application Layer Hijacking 334<br> Session Sniffing 334<br> Predictable Session Token ID 334<br> On-Path Attacks 335<br> Client-Side Attacks 335<br> Browser-Based On-Path Attacks 337<br> Session Replay Attacks 338<br> Session Fixation Attacks 338<br> Session Hijacking Tools 338<br> Preventing Session Hijacking 341<br>Denial of Service and Distributed Denial of Service 341<br> DoS Attack Techniques 343<br> Volumetric Attacks 343<br> SYN Flood Attacks 344<br> ICMP Attacks 344<br> Peer-to-Peer Attacks 345<br> Application-Level Attacks 345<br> Permanent DoS Attacks 346<br> Distributed Denial of Service 347<br> DDoS Tools 348<br> DoS and DDoS Countermeasures 350<br>Summary 353<br>Exam Preparation Tasks 354<br>Review All Key Topics 354<br>Define Key Terms 354<br>Exercises 355<br> 6-1 Scanning for DDoS Programs 355<br> 6-2 Spoofing Your MAC Address in Linux 355<br> 6-3 Using the KnowBe4 SMAC to Spoof Your MAC Address 356<br>Review Questions 356<br>Suggested Reading and Resources 360<br><strong>Chapter 7</strong> Web Server Hacking, Web Applications, and Database Attacks 363<br>"Do I Know This Already?" Quiz 363<br>Foundation Topics 366<br>Web Server Hacking 366<br> The HTTP Protocol 366<br> Scanning Web Servers 374<br> Banner Grabbing and Enumeration 374<br> Web Server Vulnerability Identification 379<br> Attacking the Web Server 380<br> DoS/DDoS Attacks 380<br> DNS Server Hijacking and DNS Amplification Attacks 380<br> Directory Traversal 382<br> On-Path Attacks 384<br> Website Defacement 384<br> Web Server Misconfiguration 384<br> HTTP Response Splitting 385<br> Understanding Cookie Manipulation Attacks 385<br> Web Server Password Cracking 386<br> Web Server-Specific Vulnerabilities 386<br> Comments in Source Code 388<br> Lack of Error Handling and Overly Verbose Error Handling 389<br> Hard-Coded Credentials 389<br> Race Conditions 389<br> Unprotected APIs 390<br> Hidden Elements 393<br> Lack of Code Signing 393<br> Automated Exploit Tools 393<br> Securing Web Servers 395<br> Harden Before Deploying 395<br> Patch Management 395<br> Disable Unneeded Services 396<br> Lock Down the File System 396<br> Log and Audit 396<br> Provide Ongoing Vulnerability Scans 397<br>Web Application Hacking 398<br> Unvalidated Input 398<br> Parameter/Form Tampering 399<br> Injection Flaws 399<br> Cross-Site Scripting (XSS) Vulnerabilities 400<br> Reflected XSS Attacks 401<br> Stored XSS Attacks 402<br> DOM-Based XSS Attacks 404<br> XSS Evasion Techniques 405<br> XSS Mitigations 406<br> Understanding Cross-Site Request Forgery Vulnerabilities and Related Attacks 408<br> Understanding Clickjacking 409<br> Other Web Application Attacks 410<br> Exploiting Web-Based Cryptographic Vulnerabilities and Insecure Configurations 411<br> Web-Based Password Cracking and Authentication Attacks 412<br> Understanding What Cookies Are and Their Use 414<br> URL Obfuscation 415<br> Intercepting Web Traffic 417<br> Securing Web Applications 419<br> Lack of Code Signing 421<br>Database Hacking 421<br> A Brief Introduction to SQL and SQL Injection 422<br> SQL Injection Categories 427<br> Fingerprinting the Database 429<br> Surveying the UNION Exploitation Technique 430<br> Using Boolean in SQL Injection Attacks 431<br> Understanding Out-of-Band Exploitation 432<br> Exploring the Time-Delay SQL Injection Technique 433<br> Surveying Stored Procedure SQL Injection 434<br> Understanding SQL Injection Mitigations 434<br> SQL Injection Hacking Tools 435<br>Summary 436<br>Exam Preparation Tasks 437<br>Review All Key Topics 437<br>Exercise 438<br> 7-1 Complete the Exercises in WebGoat 438<br>Review Questions 438<br>Suggested Reading and Resources 443<br><strong>Chapter 8</strong> Wireless Technologies, Mobile Security, and Attacks 445<br>"Do I Know This Already?" Quiz 445<br>Foundation Topics 449<br>Wireless and Mobile Device Technologies 449<br> Mobile Device Concerns 451<br> Mobile Device Platforms 452<br> Android 453<br> iOS 455<br> Windows Mobile Operating System 456<br> BlackBerry 457<br> Mobile Device Management and Protection 457<br> Bluetooth 458<br> Radio Frequency Identification (RFID) Attacks 461<br>Wi-Fi 461<br> Wireless LAN Basics 462<br> Wireless LAN Frequencies and Signaling 463<br> Wireless LAN Security 464<br> Installing Rogue Access Points 467<br> Evil Twin Attacks 468<br> Deauthentication Attacks 468<br> Attacking the Preferred Network Lists 472<br> Jamming Wireless Signals and Causing Interference 472<br> War Driving 472<br> Attacking WEP 472<br> Attacking WPA 474<br> Wireless Networks Configured with Open Authentication 478<br> KRACK Attacks 479<br> Attacks Against WPA3 479<br> Attacking Wi-Fi Protected Setup (WPS) 480<br> KARMA Attack 481<br> Fragmentation Attacks 481<br> Additional Wireless Hacking Tools 482<br> Performing GPS Mapping 483<br> Wireless Traffic Analysis 483<br> Launch Wireless Attacks 483<br> Crack and Compromise the Wi-Fi Network 484<br> Securing Wireless Networks 485<br> Site Survey 485<br> Robust Wireless Authentication 485<br> Misuse Detection 486<br>Summary 487<br>Exam Preparation Tasks 488<br>Review All Key Topics 488<br>Define Key Terms 488<br>Review Questions 488<br>Suggested Reading and Resources 489<br><strong>Chapter 9</strong> Evading IDS, Firewalls, and Honeypots 491<br>"Do I Know This Already?" Quiz 491<br>Foundation Topics 495<br>Intrusion Detection and Prevention Systems 495<br> IDS Types and Components 495<br> Pattern Matching 497<br> Protocol Analysis 500<br> Heuristic-Based Analysis 500<br> Anomaly-Based Analysis 500<br> Global Threat Correlation Capabilities 502<br> Snort 502<br> IDS Evasion 506<br> Flooding 507<br> Insertion and Evasion 507<br> Session Splicing 508<br> Shellcode Attacks 508<br> Other IDS Evasion Techniques 509<br> IDS Evasion Tools 510<br>Firewalls 511<br> Firewall Types 512<br> Network Address Translation 512<br> Packet Filters 513<br> Application and Circuit-Level Gateways 515<br> Stateful Inspection 515<br> Identifying Firewalls 516<br> Bypassing Firewalls 520<br>Honeypots 526<br> Types of Honeypots 528<br> Detecting Honeypots 529<br>Summary 530<br>Exam Preparation Tasks 530<br>Review All Key Topics 530<br>Define Key Terms 531<br>Review Questions 531<br>Suggested Reading and Resources 536<br><strong>Chapter 10</strong> Cryptographic Attacks and Defenses 539<br>"Do I Know This Already?" Quiz 539<br>Foundation Topics 543<br>Cryptography History and Concepts 543<br>Encryption Algorithms 545<br> Symmetric Encryption 546<br> Data Encryption Standard (DES) 548<br> Advanced Encryption Standard (AES) 550<br> Rivest Cipher 551<br> Asymmetric Encryption (Public Key Encryption) 551<br> RSA 552<br> Diffie-Hellman 552<br> ElGamal 553<br> Elliptic-Curve Cryptography (ECC) 553<br> Digital Certificates 553<br>Public Key Infrastructure 554<br> Trust Models 555<br> Single-Authority Trust 556<br> Hierarchical Trust 556<br> Web of Trust 557<br>Email and Disk Encryption 557<br>Cryptoanalysis and Attacks 558<br> Weak Encryption 561<br> Encryption-Cracking Tools 563<br>Security Protocols and Countermeasures 563<br> Steganography 566<br> Steganography Operation 567<br> Steganographic Tools 568<br> Digital Watermark 571<br> Hashing 571<br> Digital Signature 573<br>Summary 574<br>Exam Preparation Tasks 574<br>Review All Key Topics 574<br>Define Key Terms 575<br>Exercises 575<br> 10-1 Examining an SSL Certificate 575<br> 10-2 Using PGP 576<br> 10-3 Using a Steganographic Tool to Hide a Message 577<br>Review Questions 577<br>Suggested Reading and Resources 582<br><strong>Chapter 11</strong> Cloud Computing, IoT, and Botnets 585<br>"Do I Know This Already?" Quiz 585<br>Foundation Topics 588<br>Cloud Computing 588<br> Cloud Computing Issues and Concerns 590<br> Cloud Computing Attacks 592<br> Cloud Computing Security 593<br> DevOps, Continuous Integration (CI), Continuous Delivery (CD), and DevSecOps 593<br> CI/CD Pipelines 596<br> Serverless Computing 598<br> Containers and Container Orchestration 598<br> How to Scan Containers to Find Security Vulnerabilities 600<br>IoT 601<br> IoT Protocols 604<br> IoT Implementation Hacking 606<br>Botnets 606<br> Botnet Countermeasures 609<br>Summary 612<br>Exam Preparation Tasks 612<br>Review All Key Topics 612<br>Define Key Terms 613<br>Review Questions 613<br>Suggested Reading and Resources 615<br><strong>Chapter 12</strong> Final Preparation 619<br>Hands-on Activities 619<br>Suggested Plan for Final Review and Study 620<br>Summary 621<br><strong>Glossary of Key Terms </strong>623<br><strong>Appendix A</strong> Answers to the "Do I Know This Already?" Quizzes and Review Questions 649<br><strong>Appendix B</strong> CEH Certified Ethical Hacker Cert Guide Exam Updates 685<br></p> <p>Index 687</p> <p><strong>Online Elements:</strong><br><strong>Appendix C</strong> Study Planner<br>Glossary of Key Terms<br>9780137489985 TOC 12/15/2021</p>