Certified Ethical Hacker (CEH) Version 10 Cert Guide

Michael Gregg (CISSP, SSCP, CISA, MCSE, MCT, CTT+, A+, N+, Security+, CCNA, CASP, CISA, CISM, CEH, CHFI, and GSEC) directs the cyber security operations for a multinational organization that operates facilities worldwide. As the CISO, Michael is responsible for securing the organization’s assets on a global scale. Michael is responsible for developing cost-effective and innovative technology solutions for security issues and for evaluating emerging technologies. He has more than 20 years of experience in the IT field and holds two associate’s degrees, a bachelor’s degree, and a master’s degree. In addition to coauthoring the first, second, and third editions of Security Administrator Street Smarts, Michael has written or coauthored 14 other books, including Build Your Own Security Lab: A Field Guide for Network Testing (Wiley, 2008); Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network (Syngress, 2006); Certified Ethical Hacker Exam Prep 2 (Que, 2006); and Inside Network Security Assessment: Guarding Your IT Infrastructure (Sams, 2005). Michael has testified before a U.S congressional committee, has been quoted in newspapers such as the New York Times, and was featured on various television and radio shows, including NPR, ABC, CBS, Fox News, and others, discussing cyber security and ethical hacking. He has created more than a dozen IT security training classes. He has created and performed video instruction on many security topics, such as cyber security, CISSP, CISA, Security+, and others. When not working, speaking at security events, or writing, Michael enjoys 1960s muscle cars and has a slot in his garage for a new project car. You can reach Michael by email at MikeG@thesolutionfirm.com. Omar Santos is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure. Omar is the author of more than 20 books and video courses and numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities. Omar has been quoted by numerous media outlets, such as The Register, Wired, ZDNet, ThreatPost, CyberScoop, TechCrunch, Fortune, Ars Technica, and more. Additional information about Omar can be obtained from h4cker.org and omarsantos.io. You can follow Omar on Twitter at @santosomar.

Introduction

Chapter 1 An Introduction to Ethical Hacking

“Do I Know This Already?” Quiz

Security Fundamentals

Goals of Security

Risk, Assets, Threats, and Vulnerabilities

Backing Up Data to Reduce Risk

Defining an Exploit

Risk Assessment

Security Testing

No-Knowledge Tests (Black Box)

Full-Knowledge Testing (White Box)

Partial-Knowledge Testing (Gray Box)

Types of Security Tests

Hacker and Cracker Descriptions

Who Attackers Are

Ethical Hackers

Required Skills of an Ethical Hacker

Modes of Ethical Hacking

Test Plans–Keeping It Legal

Test Phases

Establishing Goals

Getting Approval

Ethical Hacking Report

Vulnerability Research–Keeping Up with Changes

Ethics and Legality

Overview of U.S. Federal Laws

Compliance Regulations

Payment Card Industry Data Security Standard (PCI-DSS)

Summary

Review All Key Topics

Define Key Terms

Exercises

1-1 Searching for Exposed Passwords

1-2 Examining Security Policies

Review Questions

Suggested Reading and Resources

Chapter 2 The Technical Foundations of Hacking

“Do I Know This Already?” Quiz

The Hacking Process

Performing Reconnaissance and Footprinting

Scanning and Enumeration

Gaining Access

Escalation of Privilege

Maintaining Access

Covering Tracks and Planting Backdoors

The Ethical Hacker’s Process

NIST SP 800-15

Operationally Critical Threat, Asset, and Vulnerability Evaluation

Open Source Security Testing Methodology Manual

Information Security Systems and the Stack

The OSI Model

Anatomy of TCP/IP Protocols

The Application Layer

The Transport Layer

Transmission Control Protocol

User Datagram Protocol

The Internet Layer

Traceroute

The Network Access Layer

Summary

Review All Key Topics

Define Key Terms

Exercises

2.1 Install a Sniffer and Perform Packet Captures

2.2 List the Protocols, Applications, and Services Found at Each Layer of the Stack

2.3 Using Traceroute for Network Troubleshooting

Review Questions

Suggested Reading and Resources

Chapter 3 Footprinting and Scanning

“Do I Know This Already?” Quiz

Overview of the Seven-Step Information-Gathering Process

Information Gathering

Documentation

The Organization’s Website

Job Boards

Employee and People Searches

EDGAR Database

Google Hacking

Usenet

Registrar Query

DNS Enumeration

Determining the Network Range

Traceroute

Identifying Active Machines

Finding Open Ports and Access Points

Nmap

SuperScan

THC-Amap

Hping

Port Knocking

War Driving

OS Fingerprinting

Active Fingerprinting Tools

Fingerprinting Services

Default Ports and Services

Finding Open Services

Mapping the Network Attack Surface

Manual Mapping

Automated Mapping

Summary

Review All Key Topics

Define Key Terms

Exercises

3.1 Performing Passive Reconnaissance

3.2 Performing Active Reconnaissance

Review Questions

Suggested Reading and Resources

Chapter 4 Enumeration and System Hacking

“Do I Know This Already?” Quiz

Enumeration

Windows Enumeration

Windows Security

NetBIOS and LDAP Enumeration

NetBIOS Enumeration Tools

SNMP Enumeration

Linux/UNIX Enumeration

NTP Enumeration

SMTP Enumeration

IPsec and VoIP Enumeration

DNS Enumeration

System Hacking

Nontechnical Password Attacks

Technical Password Attacks

Password Guessing

Automated Password Guessing

Password Sniffing

Keylogging

Privilege Escalation and Exploiting Vulnerabilities

Exploiting an Application

Exploiting a Buffer Overflow

Owning the Box

Windows Authentication Types

Cracking Windows Passwords

Linux Authentication and Passwords

Cracking Linux Passwords

Hiding Files and Covering Tracks

Rootkits

File Hiding

Summary

Review All Key Topics

Define Key Terms

Exercise

4.1 NTFS File Streaming

Review Questions

Suggested Reading and Resources

Chapter 5 Social Engineering, Malware Threats, and Vulnerability Analysis

“Do I Know This Already?” Quiz

Social Engineering

Phishing

Pharming

Malvertising

Spear Phishing

SMS Phishing

Voice Phishing

Whaling

Elicitation, Interrogation, and Impersonation (Pretexting)

Social Engineering Motivation Techniques

Shoulder Surfing and USB Key Drop

Malware Threats

Viruses and Worms

Types and Transmission Methods of Viruses and Malware

Virus Payloads

History of Viruses

Well-Known Viruses and Worms

Virus Creation Tools

Trojans

Trojan Types

Trojan Ports and Communication Methods

Trojan Goals

Trojan Infection Mechanisms

Effects of Trojans

Trojan Tools

Distributing Trojans

Wrappers

Packers

Droppers

Crypters

Ransomware

Covert Communication

Tunneling via the Internet Layer

Tunneling via the Transport Layer

Tunneling via the Application Layer

Port Redirection

Keystroke Logging and Spyware

Hardware Keyloggers

Software Keyloggers

Spyware

Malware Countermeasures

Detecting Malware

Antivirus

Analyzing Malware

Static Analysis

Dynamic Analysis

Vulnerability Analysis

Passive vs. Active Assessments

External vs. Internal Assessments

Vulnerability Assessment Solutions

Tree-based vs. Inference-based Assessments

Vulnerability Scoring Systems

Vulnerability Scanning Tools

Summary

Review All Key Topics

Define Key Terms

Command Reference to Check Your Memory

Exercises

5.1 Finding Malicious Programs

5.2 Using Process Explorer

Review Questions

Suggested Reading and Resources

Chapter 6 Sniffers, Session Hijacking, and Denial of Service

“Do I Know This Already?” Quiz

Sniffers

Passive Sniffing

Active Sniffing

Address Resolution Protocol

ARP Poisoning and MAC Flooding

Tools for Sniffing

Wireshark

Other Sniffing Tools

Sniffing and Spoofing Countermeasures

Session Hijacking

Transport Layer Hijacking

Identify and Find an Active Session

Predict the Sequence Number

Take One of the Parties Offline

Take Control of the Session

Application Layer Hijacking

Session Sniffing

Predictable Session Token ID

Man-in-the-Middle Attacks

Client-Side Attacks

Man-in-the-Browser Attacks

Session Replay Attacks

Session Fixation Attacks

Session Hijacking Tools

Preventing Session Hijacking

Denial of Service and Distributed Denial of Service

DoS Attack Techniques

Volumetric Attacks

SYN Flood Attacks

ICMP Attacks

Peer-to-Peer Attacks

Application-Level Attacks

Permanent DoS Attacks

Distributed Denial of Service

DDoS Tools

DoS and DDOS Countermeasures

Summary

Review All Key Topics

Define Key Terms

Exercises

6.1 Scanning for DDoS Programs

6.2 Using SMAC to Spoof Your MAC Address

6.3 Using the KnowBe4 SMAC to Spoof Your MAC Address

Review Questions

Suggested Reading and Resources

Chapter 7 Web Server Hacking, Web Applications, and Database Attacks

“Do I Know This Already?” Quiz

Web Server Hacking

The HTTP Protocol

Scanning Web Servers

Banner Grabbing and Enumeration

Web Server Vulnerability Identification

Attacking the Web Server

DoS/DDoS Attacks

DNS Server Hijacking and DNS Amplification Attacks

Directory Traversal

Man-in-the-Middle Attacks

Website Defacement

Web Server Misconfiguration

HTTP Response Splitting

Understanding Cookie Manipulation Attacks

Web Server Password Cracking

Web Server—Specific Vulnerabilities

Comments in Source Code

Lack of Error Handling and Overly Verbose Error Handling

Hard-Coded Credentials

Race Conditions

Unprotected APIs

Hidden Elements

Lack of Code Signing

Automated Exploit Tools

Securing Web Servers

Harden Before Deploying

Patch Management

Disable Unneeded Services

Lock Down the File System

Log and Audit

Provide Ongoing Vulnerability Scans

Web Application Hacking

Unvalidated Input

Parameter/Form Tampering

Injection Flaws

Understanding Cross-site Scripting (XSS) Vulnerabilities

Reflected XSS

Stored XSS

DOM-based XSS

XSS Evasion Techniques

XSS Mitigations

Understanding Cross-site Request Forgery Vulnerabilities and Related Attacks

Understanding Clickjacking

Other Web Application Attacks

Exploiting Web-Based Cryptographic Vulnerabilities and Insecure Configurations

Web-Based Password Cracking and Authentication Attacks

Understanding What Cookies Are and Their Use

URL Obfuscation

Intercepting Web Traffic

Securing Web Applications

Lack of Code Signing

Database Hacking

A Brief Introduction to SQL and SQL Injection

SQL Injection Categories

Fingerprinting the Database

Surveying the UNION Exploitation Technique

Using Boolean in SQL Injection Attacks

Understanding Out-of-Band Exploitation

Exploring the Time-Delay SQL Injection Technique

Surveying Stored Procedure SQL Injection

Understanding SQL Injection Mitigations

SQL Injection Hacking Tools

Summary

Review All Key Topics

Exercise

7.1 Complete the Exercises in WebGoat

Review Questions

Suggested Reading and Resources

Chapter 8 Wireless Technologies, Mobile Security, and Attacks

“Do I Know This Already?” Quiz

Wireless Technologies

Mobile Device Operation and Security

Mobile Device Concerns

Mobile Device Platforms

Android

iOS

Windows Mobile Operating System

BlackBerry

Mobile Device Management and Protection

Bluetooth

Radio-frequency Identification (RFID) Attacks

Wireless LANs

Wireless LAN Basics

Wireless LAN Frequencies and Signaling

Wireless LAN Security

Installing Rogue Access Points

Evil Twin Attacks

Deauthentication Attacks

Attacking the Preferred Network Lists

Jamming Wireless Signals and Causing Interference

War Driving

Attacking WEP

Attacking WPA

Wireless Networks Configured with Open Authentication

KRACK Attacks

Attacking Wi-Fi Protected Setup (WPS)

KARMA Attack

Fragmentation Attacks

Additional Wireless Hacking Tools

Performing GPS Mapping

Wireless Traffic Analysis

Launch Wireless Attacks

Crack and Compromise the Wi-Fi Network

Securing Wireless Networks

Site Survey

Robust Wireless Authentication

Misuse Detection

Summary

Review All Key Topics

Define Key Terms

Review Questions

Suggested Reading and Resources

Chapter 9 IDS, Firewalls, and Honeypots

“Do I Know This Already?” Quiz

Intrusion Detection and Prevention Systems

IDS Types and Components

Pattern Matching

Protocol Analysis

Heuristic-Based Analysis

Anomaly-Based Analysis

Global Threat Correlation Capabilities

Snort

IDS Evasion

Flooding

Insertion and Evasion

Session Splicing

Shellcode Attacks

Other IDS Evasion Techniques

IDS Evasion Tools

Firewalls

Firewall Types

Network Address Translation

Packet Filters

Application and Circuit-Level Gateways

Stateful Inspection

Identifying Firewalls

Bypassing Firewalls

Honeypots

Types of Honeypots

Detecting Honeypots

Summary

Review All Key Topics

Define Key Terms

Review Questions

Suggested Reading and Resources

Chapter 10 Cryptographic Attacks and Defenses

“Do I Know This Already?” Quiz

Functions of Cryptography

History of Cryptography

Algorithms

Symmetric Encryption

Data Encryption Standard (DES)

Advanced Encryption Standard (AES)

Rivest Cipher

Asymmetric Encryption (Public Key Encryption)

RSA

Diffie-Hellman

ElGamal

Elliptic Curve Cryptography (ECC)

Hashing

Digital Signature

Steganography

Steganography Operation

Steganographic Tools

Digital Watermark

Digital Certificates

Public Key Infrastructure

Trust Models

Single-Authority Trust

Hierarchical Trust

Web of Trust

Protocols, Applications, and Attacks

Encryption Cracking and Tools

Weak Encryption

Encryption-Cracking Tools

Summary

Review All Key Topics

Define Key Terms

Exercises

10.1 Examining an SSL Certificate

10.2 Using PGP

10.3 Using a Steganographic Tool to Hide a Message

Review Questions

Suggested Reading and Resources

Chapter 11 Cloud Computing, IoT, and Botnets

“Do I Know This Already?” Quiz

Cloud Computing

Cloud Computing Issues and Concerns

Cloud Computing Attacks

Cloud Computing Security

IoT

IoT Protocols

Hacking IoT Implementations

Botnets

Botnet Countermeasures

Summary

Review All Key Topics

Define Key Terms

Exercise

11.1 Scanning for DDoS Programs

Review Questions

Suggested Reading and Resources

Chapter 12 Final Preparation

Hands-on Activities

Suggested Plan for Final Review and Study

Summary

Glossary

Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions

9780789760524 TOC 6/13/2019