Preface

Ethical hacking is a special type of cybersecurity that aims to diagnose and find security flaws before malicious actors can. This guide will give you an overview of these threats as well as advice on how to prevent them, so you can start securing your network today!

As the use of and dependence on technology grows, so do the risks associated with it. While there are many challenges in maintaining a secure network environment, one of the biggest problems cyber attackers face is finding vulnerabilities to exploit. This is where ethical hacking comes in. Ethical hackers use the tools and techniques developed by malicious actors to find security weaknesses before they can be taken advantage of.

One of the most popular and well-known ethical hacking certifications is the Certified Ethical Hacker (CEH) credential offered by the International Council of Electronic Commerce Consultants (EC-Council). To become a CEH, individuals must pass an exam that covers a range of ethical hacking topics, including reconnaissance, footprinting, scanning, and enumeration, gaining access to systems (including Trojans and viruses), stealing data, hiding tracks, and social engineering.

This guide will give you the preparation for the CEH 312-50 exam. We'll cover the topics listed on the exam blueprint, as well as additional resources you can use to study for the test. By the end of this guide, you should have a good understanding of what ethical hacking is and how to perform it effectively.

Let's get started!

Who this book is for

This guide is for anyone who wants to learn more about ethical hacking and how to protect their organization from cyber attacks. This could include security professionals, IT administrators, and anyone else who wants to learn more about the basics of ethical hacking and how to become a more effective cybersecurity professional.

What this book covers

Chapter 1, Understanding Ethical Hacking, covers the elements of InfoSec, the cyber kill chain methodology, different hacking concepts, types, and phrases, as well as the concepts of ethical hacking.

Chapter 2, Introduction to Reconnaissance, is all about reconnaissance. Everything has a starting point, and the starting point for attackers when they target an organization is through the process of reconnaissance/footprinting.

Chapter 3, Reconnaissance – a Deeper Dive, delves into reconnaissance in more depth. Now that you've got a basic understanding of the information we're trying to gather during the reconnaissance stage, let's dive deeper by looking at OSINT and at publicly available data such as social media services, job sites, and even going back in time to view previous versions of a company's web page.

Chapter 4, Scanning Networks, tells us that scanning the network is the process of discovering this type of information. In some cases, we can remain undiscovered, while other techniques might alert a security team.

Chapter 5, Enumeration, explores how enumeration can expose things such as usernames and groups on systems, routing tables, system names, and network shares.

Chapter 6, Vulnerability Analysis, demonstrates how vulnerability analysis is key in providing security to any company's infrastructure from external as well as internal threats.

Chapter 7, System Hacking, focuses on the tools and techniques that can be used by attackers to hack the systems identified in our first four steps. This is the ultimate goal of attackers, and it will show you just how vulnerable you might be.

Chapter 8, Social Engineering, describes an easier method that attackers are discovering and actively using to avoid steps 2 to 5. Humans. We are the weakest link. There is no defense against social engineering; only constant vigilance and training of employees can help to circumvent these techniques.

Chapter 9, Malware and Other Digital Attacks, describes some of the most common attack vectors that hackers will exploit, including malware, viruses, ransomware, and denial-of-service (DoS).

Chapter 10, Sniffing and Evading IDS, Firewalls, and Honeypots, examines how sniffing can provide insights into the possibilities of different types of poisoning attacks taking place on a network. These types of attacks and information can help an attacker avoid honeypots and even get around firewalls and intrusion detection systems (IDSs).

Chapter 11, Hacking Wireless Networks, explains how wireless networks present a completely new attack vector that can be challenging to secure. Attackers will go after these networks as many times, lower encryption technologies are often used as well as the vulnerabilities associated with devices and software that are involved.

Chapter 12, Hacking Mobile Platforms, talks about how mobile devices are quickly replacing desktops and laptops as they allow users to not only do the same productivity tasks, but also store critical information such as contact lists, calendars, and credentials. This chapter will show the threats to mobile platforms that attract attackers to these targets.

Chapter 13, Hacking Web Servers and Web Apps, covers how the growth of the internet and web technologies, combined with rapidly increasing internet connectivity, has led to the emergence of a new business landscape. The interconnectivity of services, plugins, operating systems, APIs, and web shells creates an environment ripe for misconfigurations and missed patches.

Chapter 14, Hacking IoT and OT, explains why organizations using IoT or OT devices as part of their network need to protect both the devices and the information from attackers. All security professionals need to understand the landscape of cyber threats, industrial infrastructure, and business.

Chapter 15, Cloud Computing, examines how the push to cloud-based computing has been fast and advantageous for organizations; however, just like any technology, cloud environments also pose several threats and risks. Attackers are targeting vulnerabilities in the cloud software to gain unauthorized access to networks

Chapter 16, Using Cryptography, describes how cryptography and cryptographic (crypto) systems help in securing data from being compromised during online transmissions, but they are not unhackable. Careful deployment and maintaining a healthy environment will help keeps attackers out.

Chapter 17, CEH Exam Practice Questions, lets you see what you have learned!

To get the most out of this book

You should have an understanding of basic network functions and technologies. TCP/IP and the OSI model are key concepts. You should also be familiar with firewall types and functions and have a basic understanding of web servers, web applications, and the security vulnerabilities they present. Familiarity with cryptography basics should also be established before attempting the CEH exam.

The only software you might want to consider would be some type of virtualization solution such as VMware, VirtualBox, or Hyper-V to create a network to practice some of the techniques discussed, but it's not required.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781801813099_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "An attacker could exploit the application with the setuid or setgid flags to execute malicious code with elevated privileges."

Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Under the Research category, you can go to Threat Analysis and see what's currently going on in that area."

Tips or Important Notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at customercare@packtpub.com.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would...