Certified Ethical Hacker (CEH) Preparation Guide : Lesson-Based Review of Ethical Hacking and Penetration Testing
معرفی کتاب «Certified Ethical Hacker (CEH) Preparation Guide : Lesson-Based Review of Ethical Hacking and Penetration Testing» نوشتهٔ Kim Sagwa، Bruce Fulton (translation)، Ju-Chan Fulton (translation) و Ahmed Sheikh (auth.)، منتشرشده توسط نشر Apress : Imprint: Apress در سال 2021. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
Table of Contents About the Author About the Technical Reviewer Introduction Chapter 1: Introduction to Ethical Hacking Ethical Hacking Vulnerability Attack Security vs. Functionality and Ease of Use Phases of an Attack Types of Hacker Attacks Hacktivism Ethical Hackers Vulnerability Research Ethical Hacking Assignment Computer Crime Summary Resources Chapter 2: Footprinting and Reconnaissance/Scanning Networks Footprinting Information Gathering Methodology Archived Websites Searching Public Records Tools Locating the Network Range Conducting Active and Passive Reconnaissance Against a Target Scanning Networks Scanning Methodology Three-Way Handshake TCP Flags Types of Port Scans Using Nmap Zenmap Crafting Packets Scanning Countermeasures Summary Resources Chapter 3: Enumeration Steps to Compromise a System Enumeration NetBIOS Basics Command-Line Tools SNMP Enumeration Discovering Hosts with Windows Command Line Tools Discovering Hosts with Metasploit Using Cain Summary Resources Chapter 4: System Hacking Password Attacks: Passive Online Attacks Password Attack Example Null Sessions Authentication Kerberos Operation Password Cracking Countermeasures Escalating Privileges Password Cracking Keyloggers Hiding Files Rootkits Steganography Covering Tracks Summary Resources Chapter 5: Trojans, Backdoors, Viruses, and Worms Trojan Horses Indicators of a Trojan Attack Ports Used by Trojans Netstat Command Types of Trojans ICMP Tunneling Tools Used to Create Trojans Trojan Countermeasures Detecting Tools Backdoor Countermeasures Countermeasure Tools Process Monitor Malware Tool: Poison Ivy Viruses and Worms Symptoms of a Virus Stages of a Virus’ Life Infection Phase Types of Viruses What Viruses Attack How Viruses Infect Self-Modification Viruses The Worst Computer Viruses File Extensions Countermeasures Antivirus Software Utilizing Malware Exploiting the Connection Summary Chapter 6: Sniffers and Social Engineering Sniffers Switched Ethernet Types of Sniffing Protocols Vulnerable to Sniffing Electronic Surveillance How to Detect Sniffing Wget Spearfish Attack Viewing Credentials Social Engineering Social Engineering Cycle Techniques Computer-Based Social Engineering Shark Prevention Recommendations General Defense Measures Countermeasures Summary Chapter 7: Denial of Service Denial-of-Service Attack Types of Attacks Botnets Conducting a DDoS Attack Distributed Denial of Service Attack Attack Classes Countermeasures Performing a DoS Attack Summary Chapter 8: Session Hijacking Session Hijacking The TCP Stack Three-Way Handshake Steps in Session Hijacking Types of Session Hijacking Network-Layer Hijacking Application-Layer Hijacking Countermeasures Browser Exploit Configured Settings Spear Phish Attack Exploiting the Victim Machine Summary Chapter 9: Hacking Webservers Web Server Security Vulnerabilities Types of Risk Web Server Attacks IIS Components IIS Logs Web Server Security Web Server Security Checklist Apache Web Server Security Checklist Using Armitage to Attack the Network Using Armitage Summary Chapter 10: Hacking Web Applications Web Application Attacks Cross-Site Scripting Attack Countermeasures SQL Injection Cookie/Session Poisoning Parameter/Form Tampering Buffer Overflow Error Message Interception Other Attacks Using Nmap Using ncat Establishing a Session Summary Chapter 11: SQL Injections Web Application Components SQL Injection Classifications Web Front End to SQL Server Manipulating the Input Fields Failed SQL Injection Attempt Using Client-Side Validation Successful Login Using a Stored Procedure Injection Results Injecting Username Countermeasures Preventing SQL Injection Attacks Summary Chapter 12: Hacking Wireless Networks Types of Wireless Networks Wireless Standards Service Set Identifier 802.1x Authentication Process 802.11 Vulnerabilities Wired Equivalent Privacy Wi-Fi Protected Access 2 Temporal Key Integrity Protocol Four-Way Handshake Hacking Wireless Networks Rogue Access Points Iwconfig Command Airodump -ng Command Aireplay -ng Command Monitoring an Unsecured WLAN Using Aircrack –ng Summary Resource Chapter 13: Evading Intrusion Detection Systems, Firewalls, and Honeypots Intrusion Detection Techniques IDS Types IDS Placement Indications of Intrusion After an IDS Detects an Attack IDS Attacks Intrusion Prevention Systems Information Flow Firewalls Types of Firewalls Firewall Identification Breeching Firewalls Honeypots and Honeynets Types of Honeypots Open Source Honeypots Responding to Attacks Intrusion Detection Tools Tools to Evade an IDS Packet Generators Tools to Breach a Firewall Tools for Testing Summary Chapter 14: Buffer Overflow Buffer Overflows Stack Buffer Overflow Heap-Based Buffer Overflow Detecting Buffer Overflow Vulnerabilities Defense Against Buffer Overflows Nmap TCP Scan Fingerprint of the OS Using Metasploit to Fingerprint Searching for Exploits Meterpreter Summary Resources Chapter 15: Cryptography Symmetric Encryption Symmetric Algorithms Asymmetric Encryption Asymmetric Algorithms Hashing Functions Hash Algorithms Cryptography Algorithm Use: Confidentiality Cryptography Algorithm Use: Digital Signatures Secure Sockets Layer (SSL) SSL Handshake Secure Shell (SSH) Cryptographic Applications Attacks Against Cryptography Encrypting Email Summary Chapter 16: Penetration Testing Penetration Testing Overview Security Assessments Phases of Penetration Testing Documentation Creating Payloads Exploiting a Victim Machine Summary Resources Index Know the basic principles of ethical hacking. This book is designed to provide you with the knowledge, tactics, and tools needed to prepare for the Certified Ethical Hacker(CEH) exam―a qualification that tests the cybersecurity professional’s baseline knowledge of security threats, risks, and countermeasures through lectures and hands-on labs. You will review the organized certified hacking mechanism along with: stealthy network re-con; passive traffic detection; privilege escalation, vulnerability recognition, remote access, spoofing; impersonation, brute force threats, and cross-site scripting. The book covers policies for penetration testing and requirements for documentation. This book uses a unique “lesson” format with objectives and instruction to succinctly review each major topic, including: footprinting and reconnaissance and scanning networks, system hacking, sniffers and social engineering, session hijacking, Trojans and backdoor viruses and worms, hacking webservers, SQL injection, buffer overflow, evading IDS, firewalls, and honeypots, and much more. What You Will learn Understand the concepts associated with Footprinting Perform active and passive reconnaissance Identify enumeration countermeasures Be familiar with virus types, virus detection methods, and virus countermeasures Know the proper order of steps used to conduct a session hijacking attack Identify defensive strategies against SQL injection attacks Analyze internal and external network traffic using an intrusion detection system Who This Book Is For Security professionals looking to get this credential, including systems administrators, network administrators, security administrators, junior IT auditors/penetration testers, security specialists, security consultants, security engineers, and more Know the basic principles of ethical hacking. This book is designed to provide you with the knowledge, tactics, and tools needed to prepare for the Certified Ethical Hacker(CEH) exam -- a qualification that tests the cybersecurity professional's baseline knowledge of security threats, risks, and countermeasures through lectures and hands-on labs. You will review the organized certified hacking mechanism along with: stealthy network re-con; passive traffic detection; privilege escalation, vulnerability recognition, remote access, spoofing; impersonation, brute force threats, and cross-site scripting. The book covers policies for penetration testing and requirements for documentation. This book uses a unique "lesson" format with objectives and instruction to succinctly review each major topic, including: footprinting and reconnaissance and scanning networks, system hacking, sniffers and social engineering, session hijacking, Trojans and backdoor viruses and worms, hacking webservers, SQL injection, buffer overflow, evading IDS, firewalls, and honeypots, and much more. You will: Understand the concepts associated with Footprinting Perform active and passive reconnaissance Identify enumeration countermeasures Be familiar with virus types, virus detection methods, and virus countermeasures Know the proper order of steps used to conduct a session hijacking attack Identify defensive strategies against SQL injection attacks Analyze internal and external network traffic using an intrusion detection system
دانلود کتاب Certified Ethical Hacker (CEH) Preparation Guide : Lesson-Based Review of Ethical Hacking and Penetration Testing