Certified Ethical Hacker (CEH) v11 312-50 Exam Guide: Keep up to date with ethical hacking trends and hone your skills with hands-on activities

Cover
Title Page
Copyright and Credits
Dedication
Foreword
Contributors
Table of Contents
Preface
Section 1: Where Every Hacker Starts
Chapter 1: Understanding Ethical Hacking
	The benefits of the CEH certification
		Is the CEH certification right for you?
		The requirements and the skills you need to become a CEH
	Ethical hacking
	What is information security?
		An overview of information security
		The CIA triad
		Types of cyberattacks
		The technology triangle
		Types of hackers
		Hacking phases
		The purpose/goal of cyberattacks
		The Cyber Kill Chain – understanding attackers and their methods
		Tactics, techniques, and procedures
		Adversary behavior identification
		Indicators of compromise
	Information security controls
		Enter ethical hacking
		The importance of ethical hacking
		Understanding defense-in-depth strategies
	Information security laws and standards
		Payment Card Industry Data Security Standard
		ISO, IEC 2701 2013
		Health Insurance Portability and Accountability Act
		Privacy rules
		Security rule
		National identifier
		Enforcement rule
		The Sarbanes-Oxley (SOX) Act
		The Digital Millennium Copyright Act
		Federal Information Security Management Act
		General Data Protection Regulation
		The Data Protection Act 2018
	Summary
	Questions
Chapter 2: Introduction to Reconnaissance
	Overview of reconnaissance
		Types of reconnaissance
		Goals of recon
		Overview of the tools of recon
	Search engines
		Let\'s start with the basics
	Google hacking
		Google operators
		Using Google operators
		Google Hacking Database
		Other Google hacking tools
	Using WHOIS
	Using ping and DNS
	Summary
	Questions
Chapter 3: Reconnaissance – A Deeper Dive
	Investigating the target\'s website
		Advanced DNS tricks
		Netcraft
	The Wayback Machine
	What organizations give away for free
		Job sites
		Marketing and customer support
		Financial and competitive analysis data
	Employees – the weakest link
		Facebook
		LinkedIn
		Researching people
		Social engineering
		You\'ve got mail = I\'ve got you!
	Reconnaissance countermeasures
		Countermeasures
	Summary
	Questions
Chapter 4: Scanning Networks
	Grasping scanning
		Types of scanning
		What\'s the goal?
		What techniques are used?
		Tools used for scanning
	Understanding the three-way handshake
		TCP and UDP communications
	Checking for live systems and their ports
		ICMP sweep/ping sweep
		Port scanning
		What\'s firewalking?
		Mobile apps that help
	Scanning by thinking outside the box
		Full scans
		Half-open scan
		Xmas scans
		FIN scans
		NULL scans
		UDP scans
		Idle scans
		Listing scanning
		SSDP scanning
		Countermeasures
		More IDS evasion methods
	Banner grabbing and OS fingerprinting
		OS fingerprinting
		Countermeasures
	Vulnerability scanning and drawing out the network
		What is vulnerability scanning?
		Types of scanners
		How does vulnerability scanning work?
		Vulnerability scanning tools
		After scanning
		Why draw out the network?
	Preparing proxies and other anonymizing techniques
		What is a proxy?
		How to use a proxy
		Proxy o\'plenty
		HTTP tunneling
		Anonymizers
	Summary
	Questions
Chapter 5: Enumeration
	What is enumeration?
		Some of my favorite enumeration weak points
	Ports and services to know about
	Enumerating via defaults
	NetBIOS enumeration
	Enumerating using SNMP
	Enumerating via LDAP
		Understanding LDAP
		Classes
		What can we learn from LDAP?
	Network Time Protocol
	Enumerating using SMTP
	The golden ticket – DNS
		Reverse lookups
		Zone transfers
		DNS records
		Sum it up
	Oh wait, there\'s more!
		IPsec
		VoIP enumeration
		Enumerating with Remote Procedure Call (RPC)
	The countermeasures
		Defaults and NetBIOS
		SNMP
		LDAP
		Network Time Protocol (NTP)
		Simple Mail Transfer Protocol (SMTP)
		DNS
	Summary
	Questions
Chapter 6: Vulnerability Analysis
	Vulnerability analysis – where to start
	Vulnerability classifications
		The benefits of a vulnerability management program (VMP)
		Vulnerability assessments
		Types of vulnerability assessments
	The vulnerability life cycle
		Types of vulnerability assessment solutions
		Corporate policies and regulations
		The scope of scanning
		Scanning frequency
		Types of scans
		Scanner maintenance
		Classifying data
		Document management
	Ongoing scanning and monitoring
		Understanding which scanner you should use
		The difference between open source and commercial scanners
		On-premises versus the cloud
		Security Content Automation Protocol (SCAP)
		Exploit scanners
		Common Vulnerability Scoring System (CVSS)
		Trends
	Summary
	Questions
Chapter 7: System Hacking
	Understanding our objectives
		The five phases
	Phase 1 – Gaining access and cracking passwords
		What\'s cracking?
		Complexity
		Password architecture
		Methods for cracking/password hacking
		Types of attacks
		Authentication methods designed to help
		Other cracking methods
	Phase 2 – Escalating privileges
		We\'ve made it in. What now?
		Countermeasures
		Types of escalations
		Other Windows issues
		Scheduled tasks
		Apple issues
		Linux issues
		Web shells
		Buffer overflows
		Denial of service
	Phase 3 – Maintaining access and executing applications
		Spyware and backdoors
		Types of spyware
		More about backdoors
	Phase 4 – Maintaining access and hiding your tools
		Rootkits
		Horse Pill
		Alternate Data Streams
		Detecting rootkits
		Steganography
	Phase 5 – Covering your tracks – Clearing logs and evidence
		Basic method – Five things to do
		Advanced methods
	Summary
	Questions
Chapter 8: Social Engineering
	Understanding social engineering
		Social engineering\'s most common victims
		The effects of a social engineering attack on a company
	Attack-vulnerable behaviors
		Factors that predispose businesses to attacks
	What makes social engineering work?
	Social engineering\'s attack phases
	Social engineering methods
		People-based social engineering
		Computer-based social engineering
		Mobile-based social engineering
	Threats from within
		Reasons for insider attacks
		Different kinds of insider threats
		Why are insider attacks so successful?
		Insider threat behavioral signs
		Impersonation on social networking sites
	Threats to corporate networks from social media
	Identity theft
		Different kinds of identity theft
		Identity theft warning signs
	Countermeasures
		Countermeasures against social engineering
		Policies for passwords
		Policies concerning physical security
		Planning for defense
		Discovering insider threats
		Countermeasures against insider threats
		Countermeasures against identity theft
		Countermeasures against phishing
	Summary
	Questions
	Further reading
Section 2: A Plethora of Attack Vectors
Chapter 9: Malware and Other Digital Attacks
	So, what is malware?
		What\'s the purpose of malware?
		Types of malware
		The life cycle of malware
		Phase 1 – Infection phase
		Phase 2 – Attack phase
		Phase 3 – Camouflage
		How is malware injected into a target system?
		Advanced persistent threats
	What is a Trojan?
		Types of Trojans
		Common Trojans
		So, what\'s the difference?
		Trojan creators\' goals
		How Trojans communicate and hide
		Symptoms of Trojan infection
		How to infect a target with a Trojan
		How do Trojans get into our systems?
		How Trojans avoid being picked up by antivirus
	Viruses and worms
		Types of viruses and worms
		Why a virus and signs you\'ve got one
		Signs of infection
		Deployment of viruses
		Investigation of malware
		Tools in our utility belt
	DoS threats
		Distributed DoS (DDoS) attack
		Botnets
		Mitigation strategies
	Session-hijacking threats
		Preventing session hijacking
	Master list of countermeasures
		Antivirus
		Creating a security policy
		Watching the download
		Updating your software
		Updating applications
		Attachment issues
		Legitimate source
		Keeping informed
		Antivirus
		Checking your media
		Watching your popups
		Chat files
		Firewall and UAC
	Summary
	Questions
Chapter 10: Sniffing and Evading IDS, Firewalls, and Honeypots
	What is sniffing?
		Sniffing dangers
	Types of sniffing
		Spoofing attacks
		DHCP starvation attack
		DHCP server attack
		MAC flooding attack
		DNS poisoning
		ARP poisoning
		Password sniffing
		Switch-port stealing technique
	Hardware versus software sniffing
		Sniffing mobile apps
	DHCP assaults
		DHCP starvation attacks
		Going rogue
		Countermeasures
	MAC attacks
		CAM
		Flooding
		Countermeasures
	ARP poisoning
		ARP spoofing
		How to poison the network via ARP
		IRDP attacks
		Dangers of ARP attacks
		Countermeasures
	DNS poisoning
		Intranet poisoning
		Internet poisoning
		Proxy server poisoning
		Poisoning the cache
	Detecting sniffing methods
		Various techniques to detect sniffing attacks
		Sniffing attacks countermeasures
	Evading IDS
		So, how do hackers evade IDSs?
	Moving around firewalls
		Bastion host
		Screened subnet (or demilitarized zone (DMZ))
		Multi-homed firewall
		Software firewalls
		Hardware firewalls
		Application proxy
		A few techniques to evade firewalls
	Honeypots
		Detecting a honeypot
		Honeypot tools
	Summary
	Questions
Chapter 11: Hacking Wireless Networks
	The wireless network and its types
		Frequency hopping spread spectrum
		Direct sequence spread spectrum
		Basic service set identifier
		SSID
		Global System for Mobile Communications
		Hotspot
		Association
		MIMO-OFDM
		The disadvantages of Wi-Fi
		The advantages of Wi-Fi
		Types of Wi-Fi networks
		Different Wi-Fi technologies
		Wi-Fi authentication modes
		Chalking – ways to identify Wi-Fi networks
		Antenna types
	The right encryption can help
		WEP encryption
		Wi-Fi Protected Access
		WPA2
		WPA3
		Weak initialization vectors
		Security measures
	A plethora of attack vectors
		Access control attacks
		Integrity attacks
		Confidentiality attacks
		Availability attacks
		Authentication attacks
		Attacks on the APs
		Attacks on clients
	Methodology of wireless hacking
		Step 1: Wi-Fi discovery
		Step 2: Wireless traffic analysis
		Step 3: In-depth reconnaissance
		Step 4: Launching the attack
		Step 5: Cracking the encryption
	Hacking Bluetooth
		More about Bluetooth
		Countermeasures for Bluetooth
	The six layers of wire security
	Countermeasures
		Disable SSID broadcasting
		Disable remote login and wireless administration to the device
		Enable MAC filtering
		Update drivers on Wi-Fi devices
		Create a centralized authentication server
		Secure Wi-Fi devices
		Best practices for the SSID settings
	Summary
	Questions
Chapter 12: Hacking Mobile Platforms
	Vulnerabilities in mobile environments
	OWASP\'s Top 10 risks for mobile devices
	Hacking Android
		Android security
		Hacking techniques
		Locking down Android devices
	Hacking iOS
		The Apple architecture
		Jailbreaking
	Mobile device management
		Guidelines and cool tools
	Summary
	Questions
Section 3: Cloud, Apps, and IoT Attacks
Chapter 13: Hacking Web Servers and Web Apps
	Why web servers create security issues
		Components of a web server
	Types of architecture
		Why are web servers compromised?
		Adding web apps
	Threats to both servers and applications
		Web server attacks
		Authorization attacks
		Web application attacks
	The vulnerabilities of web APIs, web shells, and webhooks
		Web APIs
		Web shells
		Webhooks
	Detecting web server hacking attempts
		Web application security testing
	Summary
	Questions
Chapter 14: Hacking IoT and OT
	Understanding IoT
		How does it all work?
		The architecture of IoT
		Protocols and technologies
		Operating systems for IoT
		The challenges that IoT presents
		Physical issues
	IoT hacking
		Types of IoT attacks
	Methods used for IoT
		Reconnaissance
		Vulnerability scanning
		Launching attacks
		Gaining and maintaining remote access
		Countermeasures to protect IoT devices
	OT and methods used to hack it
		Hacking OT – a threat to critical infrastructure
		Introduction to industrial control systems (ICSs)
	Summary
	Questions
Chapter 15: Cloud Computing
	Living on Cloud 9
		Cloud computing models
		Separation of responsibilities in cloud computing
		Deployment models
		Container technology
		Cloud storage architecture
		Cloud storage services
		NIST cloud deployment reference architecture
	Attacking the cloud
		Cloud security
		Container vulnerabilities
	Tools and techniques of the attackers
		The tools
	Best practices for securing the cloud
	Summary
	Questions
Chapter 16: Using Cryptography
	Understanding cryptography
		Why use cryptology?
		Types of cryptography
		Learning about ciphers
		Using other algorithms
	Standards and protocols
		DSA
		RSA
		Hashes
		Message digest
		Ciphers designed for messages
		PKI made simple
		SSL and TLS
	Countermeasures for cryptography
	Summary
	Questions
Chapter 17: CEH Exam Practice Questions
	Exam questions
	Answer key
Assessments
	Chapter 1 – Understanding Ethical Hacking
	Chapter 2 – Introduction to Reconnaissance
	Chapter 3 – Reconnaissance – a Deeper Dive
	Chapter 4 – Scanning Networks
	Chapter 5 – Enumeration
	Chapter 6 – Vulnerability Analysis
	Chapter 7 – System Hacking
	Chapter 8 – Social Engineering
	Chapter 9 – Malware and Other Digital Attacks
	Chapter 10 – Sniffing and Evading IDS, Firewalls, and Honeypots
	Chapter 11 – Hacking Wireless Networks
	Chapter 12 – Hacking Mobile Platforms
	Chapter 13 – Hacking Web Servers and Web Apps
	Chapter 14 – Hacking IoT and OT
	Chapter 15 – Cloud Computing
	Chapter 16 – Using Cryptography
Index
About Packt
Other Books You May Enjoy