Hugendubel.info - Die B2B Online-Buchhandlung 

Merkliste
Die Merkliste ist leer.
Bitte warten - die Druckansicht der Seite wird vorbereitet.
Der Druckdialog öffnet sich, sobald die Seite vollständig geladen wurde.
Sollte die Druckvorschau unvollständig sein, bitte schliessen und "Erneut drucken" wählen.

CEH Certified Ethical Hacker Cert Guide

TaschenbuchKartoniert, Paperback
752 Seiten
Englisch
Pearson Education (US)erschienen am20.06.2022
In this best-of-breed study guide, leading experts Michael Gregg and Omar Santos help you master all the topics you need to know to succeed on your Certified Ethical Hacker exam and advance your career in IT security. The authors' concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know. Every feature of this book supports both efficient exam preparation and long-term mastery:* Opening topics lists identify the topics you need to learn in each chapter and list EC-Council's official exam objectives * Key Topics figures, tables, and lists call attention to the information that's most crucial for exam success * Exam Preparation Tasks enable you to review key topics, define key terms, work through scenarios, and answer review questions...going beyond mere facts to master the concepts that are crucial to passing the exam and enhancing your career Key Terms are listed in each chapter and defined in a complete glossary, explaining all the field's essential terminology This study guide helps you master all the topics on the latest CEH exam, including* Ethical hacking basics * Technical foundations of hacking * Footprinting and scanning * Enumeration and system hacking * Social engineering, malware threats, and vulnerability analysis * Sniffers, session hijacking, and denial of service * Web server hacking, web applications, and database attacks * Wireless technologies, mobile security, and mobile attacks * IDS, firewalls, and honeypots * Cryptographic attacks and defenses * Cloud computing, IoT, and botnetsmehr
Verfügbare Formate
TaschenbuchKartoniert, Paperback
EUR58,50
E-BookEPUBePub WasserzeichenE-Book
EUR53,99
E-BookPDF1 - PDF WatermarkE-Book
EUR48,49

Produkt

KlappentextIn this best-of-breed study guide, leading experts Michael Gregg and Omar Santos help you master all the topics you need to know to succeed on your Certified Ethical Hacker exam and advance your career in IT security. The authors' concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know. Every feature of this book supports both efficient exam preparation and long-term mastery:* Opening topics lists identify the topics you need to learn in each chapter and list EC-Council's official exam objectives * Key Topics figures, tables, and lists call attention to the information that's most crucial for exam success * Exam Preparation Tasks enable you to review key topics, define key terms, work through scenarios, and answer review questions...going beyond mere facts to master the concepts that are crucial to passing the exam and enhancing your career Key Terms are listed in each chapter and defined in a complete glossary, explaining all the field's essential terminology This study guide helps you master all the topics on the latest CEH exam, including* Ethical hacking basics * Technical foundations of hacking * Footprinting and scanning * Enumeration and system hacking * Social engineering, malware threats, and vulnerability analysis * Sniffers, session hijacking, and denial of service * Web server hacking, web applications, and database attacks * Wireless technologies, mobile security, and mobile attacks * IDS, firewalls, and honeypots * Cryptographic attacks and defenses * Cloud computing, IoT, and botnets
Details
ISBN/GTIN978-0-13-748998-5
ProduktartTaschenbuch
EinbandartKartoniert, Paperback
Erscheinungsjahr2022
Erscheinungsdatum20.06.2022
Seiten752 Seiten
SpracheEnglisch
MasseBreite 239 mm, Höhe 195 mm, Dicke 48 mm
Gewicht1508 g
Artikel-Nr.9166748

Inhalt/Kritik

Inhaltsverzeichnis
Introduction xxviiChapter 1 An Introduction to Ethical Hacking 3"Do I Know This Already?" Quiz 3Foundation Topics 7Security Fundamentals 7 Goals of Security 8 Risk, Assets, Threats, and Vulnerabilities 9 Backing Up Data to Reduce Risk 11 Defining an Exploit 12 Risk Assessment 13Security Testing 14 No-Knowledge Tests (Black Box) 14 Full-Knowledge Testing (White Box) 15 Partial-Knowledge Testing (Gray Box) 15 Types of Security Tests 15 Incident Response 17Cyber Kill Chain 18Hacker and Cracker Descriptions 19 Who Attackers Are 20Ethical Hackers 21 Required Skills of an Ethical Hacker 22 Modes of Ethical Hacking 23Test Plans--Keeping It Legal 25 Test Phases 27 Establishing Goals 28 Getting Approval 29 Ethical Hacking Report 29 Vulnerability Research and Bug Bounties--Keeping Up with Changes 30Ethics and Legality 31 Overview of U.S. Federal Laws 32 Compliance Regulations 34 Payment Card Industry Data Security Standard (PCI-DSS) 36Summary 36Exam Preparation Tasks 37Review All Key Topics 37Define Key Terms 38Exercises 38 1-1 Searching for Exposed Passwords 38 1-2 Examining Security Policies 39Review Questions 39Suggested Reading and Resources 44Chapter 2 The Technical Foundations of Hacking 47"Do I Know This Already?" Quiz 47Foundation Topics 50The Hacking Process 50 Performing Reconnaissance and Footprinting 50 Scanning and Enumeration 51 Gaining Access 52 Escalating Privilege 53 Maintaining Access 53 Covering Tracks and Planting Backdoors 54The Ethical Hacker's Process 54 NIST SP 800-115 56 Operationally Critical Threat, Asset, and Vulnerability Evaluation 56 Open Source Security Testing Methodology Manual 56Information Security Systems and the Stack 57 The OSI Model 57 Anatomy of TCP/IP Protocols 60 The Application Layer 62 The Transport Layer 66 Transmission Control Protocol 66 User Datagram Protocol 68 The Internet Layer 69 Traceroute 74 The Network Access Layer 77Summary 78Exam Preparation Tasks 79Review All Key Topics 79Define Key Terms 79Exercises 80 2-1 Install a Sniffer and Perform Packet Captures 80 2-2 Using Traceroute for Network Troubleshooting 81Review Questions 81Suggested Reading and Resources 85Chapter 3 Footprinting, Reconnaissance, and Scanning 89"Do I Know This Already?" Quiz 89Foundation Topics 93Footprinting 93 Footprinting Methodology 93 Documentation 95 Footprinting Through Search Engines 96 Footprinting Through Social Networking Sites 101 Footprinting Through Web Services and Websites 103 Email Footprinting 106 Whois Footprinting 108 DNS Footprinting 112 Network Footprinting 118 Subnetting's Role in Mapping Networks 119 Traceroute 120 Footprinting Through Social Engineering 121 Footprinting Countermeasures 122Scanning 122 Host Discovery 123 Port and Service Discovery 124 Nmap 131 SuperScan 139 THC-Amap 139 Hping 140 Port Knocking 140 OS Discovery (Banner Grabbing/OS Fingerprinting) and Scanning Beyond IDS and Firewall 141 Active Fingerprinting Tools 143 Fingerprinting Services 145 Default Ports and Services 145 Finding Open Services 145 Draw Network Diagrams 148Summary 151Exam Preparation Tasks 152Review All Key Topics 152Define Key Terms 152Exercises 153 3-1 Performing Passive Reconnaissance 153 3-2 Performing Active Reconnaissance 154Review Questions 155Suggested Reading and Resources 159Chapter 4 Enumeration and System Hacking 161"Do I Know This Already?" Quiz 161Foundation Topics 164Enumeration 164 Windows Enumeration 164 Windows Security 166 NetBIOS and LDAP Enumeration 167 NetBIOS Enumeration Tools 169 SNMP Enumeration 177 Linux/UNIX Enumeration 183 NTP Enumeration 185 SMTP Enumeration 186 Additional Enumeration Techniques 191 DNS Enumeration 191 Enumeration Countermeasures 192System Hacking 193 Nontechnical Password Attacks 193 Technical Password Attacks 194 Password Guessing 195 Automated Password Guessing 197 Password Sniffing 197 Keylogging 198 Escalating Privilege and Exploiting Vulnerabilities 199 Exploiting an Application 200 Exploiting a Buffer Overflow 201 Owning the Box 203 Windows Authentication Types 203 Cracking Windows Passwords 205 Linux Authentication and Passwords 209 Cracking Linux Passwords 212 Hiding Files and Covering Tracks 213 Rootkits 214 File Hiding 217Summary 219Exam Preparation Tasks 220Review All Key Topics 220Define Key Terms 220Exercise 220 4-1 NTFS File Streaming 220Review Questions 221Suggested Reading and Resources 226Chapter 5 Social Engineering, Malware Threats, and Vulnerability Analysis 229"Do I Know This Already?" Quiz 229Foundation Topics 234Social Engineering 234 Phishing 235 Pharming 235 Malvertising 236 Spear Phishing 237 SMS Phishing 245 Voice Phishing 245 Whaling 245 Elicitation, Interrogation, and Impersonation (Pretexting) 246 Social Engineering Motivation Techniques 247 Shoulder Surfing and USB Baiting 248Malware Threats 248 Viruses and Worms 248 Types and Transmission Methods of Viruses and Malware 249 Virus Payloads 251 History of Viruses 252 Well-Known Viruses and Worms 253 Virus Creation Tools 255 Trojans 255 Trojan Types 256 Trojan Ports and Communication Methods 257 Trojan Goals 258 Trojan Infection Mechanisms 259 Effects of Trojans 260 Trojan Tools 261 Distributing Trojans 263 Wrappers 264 Packers 265 Droppers 265 Crypters 265 Ransomware 267 Covert Communications 268 Tunneling via the Internet Layer 269 Tunneling via the Transport Layer 272 Tunneling via the Application Layer 273 Port Redirection 274 Keystroke Logging and Spyware 276 Hardware Keyloggers 277 Software Keyloggers 277 Spyware 278 Malware Countermeasures 279 Detecting Malware 280 Antivirus 283 Analyzing Malware 286 Static Analysis 286 Dynamic Analysis 288Vulnerability Analysis 290 Passive vs. Active Assessments 290 External vs. Internal Assessments 290 Vulnerability Assessment Solutions 291 Tree-Based vs. Inference-Based Assessments 291 Vulnerability Scoring Systems 292 Vulnerability Scanning Tools 296Summary 297Exam Preparation Tasks 298Review All Key Topics 299Define Key Terms 300Command Reference to Check Your Memory 300Exercises 300 5-1 Finding Malicious Programs 300 5-2 Using Process Explorer 301Review Questions 303Suggested Reading and Resources 307Chapter 6 Sniffers, Session Hijacking, and Denial of Service 311"Do I Know This Already?" Quiz 311Foundation Topics 314Sniffers 314 Passive Sniffing 315 Active Sniffing 316 Address Resolution Protocol 316 ARP Poisoning and MAC Flooding 318 Tools for Sniffing and Packet Capturing 324 Wireshark 324 Other Sniffing Tools 328 Sniffing and Spoofing Countermeasures 328Session Hijacking 330 Transport Layer Hijacking 330 Identify and Find an Active Session 331 Predict the Sequence Number 332 Take One of the Parties Offline 333 Take Control of the Session 333 Application Layer Hijacking 334 Session Sniffing 334 Predictable Session Token ID 334 On-Path Attacks 335 Client-Side Attacks 335 Browser-Based On-Path Attacks 337 Session Replay Attacks 338 Session Fixation Attacks 338 Session Hijacking Tools 338 Preventing Session Hijacking 341Denial of Service and Distributed Denial of Service 341 DoS Attack Techniques 343 Volumetric Attacks 343 SYN Flood Attacks 344 ICMP Attacks 344 Peer-to-Peer Attacks 345 Application-Level Attacks 345 Permanent DoS Attacks 346 Distributed Denial of Service 347 DDoS Tools 348 DoS and DDoS Countermeasures 350Summary 353Exam Preparation Tasks 354Review All Key Topics 354Define Key Terms 354Exercises 355 6-1 Scanning for DDoS Programs 355 6-2 Spoofing Your MAC Address in Linux 355 6-3 Using the KnowBe4 SMAC to Spoof Your MAC Address 356Review Questions 356Suggested Reading and Resources 360Chapter 7 Web Server Hacking, Web Applications, and Database Attacks 363"Do I Know This Already?" Quiz 363Foundation Topics 366Web Server Hacking 366 The HTTP Protocol 366 Scanning Web Servers 374 Banner Grabbing and Enumeration 374 Web Server Vulnerability Identification 379 Attacking the Web Server 380 DoS/DDoS Attacks 380 DNS Server Hijacking and DNS Amplification Attacks 380 Directory Traversal 382 On-Path Attacks 384 Website Defacement 384 Web Server Misconfiguration 384 HTTP Response Splitting 385 Understanding Cookie Manipulation Attacks 385 Web Server Password Cracking 386 Web Server-Specific Vulnerabilities 386 Comments in Source Code 388 Lack of Error Handling and Overly Verbose Error Handling 389 Hard-Coded Credentials 389 Race Conditions 389 Unprotected APIs 390 Hidden Elements 393 Lack of Code Signing 393 Automated Exploit Tools 393 Securing Web Servers 395 Harden Before Deploying 395 Patch Management 395 Disable Unneeded Services 396 Lock Down the File System 396 Log and Audit 396 Provide Ongoing Vulnerability Scans 397Web Application Hacking 398 Unvalidated Input 398 Parameter/Form Tampering 399 Injection Flaws 399 Cross-Site Scripting (XSS) Vulnerabilities 400 Reflected XSS Attacks 401 Stored XSS Attacks 402 DOM-Based XSS Attacks 404 XSS Evasion Techniques 405 XSS Mitigations 406 Understanding Cross-Site Request Forgery Vulnerabilities and Related Attacks 408 Understanding Clickjacking 409 Other Web Application Attacks 410 Exploiting Web-Based Cryptographic Vulnerabilities and Insecure Configurations 411 Web-Based Password Cracking and Authentication Attacks 412 Understanding What Cookies Are and Their Use 414 URL Obfuscation 415 Intercepting Web Traffic 417 Securing Web Applications 419 Lack of Code Signing 421Database Hacking 421 A Brief Introduction to SQL and SQL Injection 422 SQL Injection Categories 427 Fingerprinting the Database 429 Surveying the UNION Exploitation Technique 430 Using Boolean in SQL Injection Attacks 431 Understanding Out-of-Band Exploitation 432 Exploring the Time-Delay SQL Injection Technique 433 Surveying Stored Procedure SQL Injection 434 Understanding SQL Injection Mitigations 434 SQL Injection Hacking Tools 435Summary 436Exam Preparation Tasks 437Review All Key Topics 437Exercise 438 7-1 Complete the Exercises in WebGoat 438Review Questions 438Suggested Reading and Resources 443Chapter 8 Wireless Technologies, Mobile Security, and Attacks 445"Do I Know This Already?" Quiz 445Foundation Topics 449Wireless and Mobile Device Technologies 449 Mobile Device Concerns 451 Mobile Device Platforms 452 Android 453 iOS 455 Windows Mobile Operating System 456 BlackBerry 457 Mobile Device Management and Protection 457 Bluetooth 458 Radio Frequency Identification (RFID) Attacks 461Wi-Fi 461 Wireless LAN Basics 462 Wireless LAN Frequencies and Signaling 463 Wireless LAN Security 464 Installing Rogue Access Points 467 Evil Twin Attacks 468 Deauthentication Attacks 468 Attacking the Preferred Network Lists 472 Jamming Wireless Signals and Causing Interference 472 War Driving 472 Attacking WEP 472 Attacking WPA 474 Wireless Networks Configured with Open Authentication 478 KRACK Attacks 479 Attacks Against WPA3 479 Attacking Wi-Fi Protected Setup (WPS) 480 KARMA Attack 481 Fragmentation Attacks 481 Additional Wireless Hacking Tools 482 Performing GPS Mapping 483 Wireless Traffic Analysis 483 Launch Wireless Attacks 483 Crack and Compromise the Wi-Fi Network 484 Securing Wireless Networks 485 Site Survey 485 Robust Wireless Authentication 485 Misuse Detection 486Summary 487Exam Preparation Tasks 488Review All Key Topics 488Define Key Terms 488Review Questions 488Suggested Reading and Resources 489Chapter 9 Evading IDS, Firewalls, and Honeypots 491"Do I Know This Already?" Quiz 491Foundation Topics 495Intrusion Detection and Prevention Systems 495 IDS Types and Components 495 Pattern Matching 497 Protocol Analysis 500 Heuristic-Based Analysis 500 Anomaly-Based Analysis 500 Global Threat Correlation Capabilities 502 Snort 502 IDS Evasion 506 Flooding 507 Insertion and Evasion 507 Session Splicing 508 Shellcode Attacks 508 Other IDS Evasion Techniques 509 IDS Evasion Tools 510Firewalls 511 Firewall Types 512 Network Address Translation 512 Packet Filters 513 Application and Circuit-Level Gateways 515 Stateful Inspection 515 Identifying Firewalls 516 Bypassing Firewalls 520Honeypots 526 Types of Honeypots 528 Detecting Honeypots 529Summary 530Exam Preparation Tasks 530Review All Key Topics 530Define Key Terms 531Review Questions 531Suggested Reading and Resources 536Chapter 10 Cryptographic Attacks and Defenses 539"Do I Know This Already?" Quiz 539Foundation Topics 543Cryptography History and Concepts 543Encryption Algorithms 545 Symmetric Encryption 546 Data Encryption Standard (DES) 548 Advanced Encryption Standard (AES) 550 Rivest Cipher 551 Asymmetric Encryption (Public Key Encryption) 551 RSA 552 Diffie-Hellman 552 ElGamal 553 Elliptic-Curve Cryptography (ECC) 553 Digital Certificates 553Public Key Infrastructure 554 Trust Models 555 Single-Authority Trust 556 Hierarchical Trust 556 Web of Trust 557Email and Disk Encryption 557Cryptoanalysis and Attacks 558 Weak Encryption 561 Encryption-Cracking Tools 563Security Protocols and Countermeasures 563 Steganography 566 Steganography Operation 567 Steganographic Tools 568 Digital Watermark 571 Hashing 571 Digital Signature 573Summary 574Exam Preparation Tasks 574Review All Key Topics 574Define Key Terms 575Exercises 575 10-1 Examining an SSL Certificate 575 10-2 Using PGP 576 10-3 Using a Steganographic Tool to Hide a Message 577Review Questions 577Suggested Reading and Resources 582Chapter 11 Cloud Computing, IoT, and Botnets 585"Do I Know This Already?" Quiz 585Foundation Topics 588Cloud Computing 588 Cloud Computing Issues and Concerns 590 Cloud Computing Attacks 592 Cloud Computing Security 593 DevOps, Continuous Integration (CI), Continuous Delivery (CD), and DevSecOps 593 CI/CD Pipelines 596 Serverless Computing 598 Containers and Container Orchestration 598 How to Scan Containers to Find Security Vulnerabilities 600IoT 601 IoT Protocols 604 IoT Implementation Hacking 606Botnets 606 Botnet Countermeasures 609Summary 612Exam Preparation Tasks 612Review All Key Topics 612Define Key Terms 613Review Questions 613Suggested Reading and Resources 615Chapter 12 Final Preparation 619Hands-on Activities 619Suggested Plan for Final Review and Study 620Summary 621Glossary of Key Terms 623Appendix A Answers to the "Do I Know This Already?" Quizzes and Review Questions 649Appendix B CEH Certified Ethical Hacker Cert Guide Exam Updates 685 Index 687 Online Elements:Appendix C Study PlannerGlossary of Key Terms9780137489985 TOC 12/15/2021mehr

Autor

Michael Gregg (CISSP, SSCP, CISA, MCSE, MCT, CTT+, A+, N+, Security+, CCNA, CASP, CISA, CISM, CEH, CHFI, and GSEC) directs the cybersecurity operations for a multinational organization that operates facilities worldwide. As the CISO, Michael is responsible for securing the organization's assets on a global scale. Michael is responsible for developing cost-effective and innovative technology solutions for security issues and for evaluating emerging technologies.

He has more than 20 years of experience in the IT field and holds two associate's degrees, a bachelor's degree, and a master's degree. In addition to coauthoring the first, second, and third editions of Security Administrator Street Smarts, Michael has written or coauthored more than 20 other books.

Michael has testified before a U.S. congressional committee, has been quoted in newspapers such as the New York Times, and was featured on various television and radio shows, including NPR, ABC, CBS, Fox News, and others, discussing cybersecurity and ethical hacking. He has created more than a dozen IT security training classes. He has created and performed video instruction on many security topics, such as cybersecurity, CISSP, CISA, Security+, and others.

When not working, speaking at security events, or writing, Michael enjoys 1960s muscle cars and has a slot in his garage for a new project car.

Omar Santos is an active member of the cybersecurity community. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of their critical infrastructure. Omar is the lead of the DEF CON Red Team Village, the chair of the OASIS Common Security Advisory Framework (CSAF), and has been the leader of several working groups in the Industry Consortium for Advancement of Security on the Internet (ICASI) and the Forum of Incident Response and Security Teams (FIRST).

Omar is the author of more than 20 books and video courses and numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities. Omar has been quoted by numerous media outlets, such as The Register, Wired, ZDNet, ThreatPost, CyberScoop, TechCrunch, Fortune, Ars Technica, and more. Additional information about Omar can be obtained from h4cker.org and omarsantos.io. You can follow Omar on Twitter at @santosomar.