Certified Ethical Hacker (CEH) v12 312-50 Exam Guide (eBook)
664 Seiten
Packt Publishing (Verlag)
978-1-80181-545-1 (ISBN)
With cyber threats continually evolving, understanding the trends and using the tools deployed by attackers to determine vulnerabilities in your system can help secure your applications, networks, and devices. To outmatch attacks, developing an attacker's mindset is a necessary skill, which you can hone with the help of this cybersecurity book.
This study guide takes a step-by-step approach to helping you cover all the exam objectives using plenty of examples and hands-on activities. You'll start by gaining insights into the different elements of InfoSec and a thorough understanding of ethical hacking terms and concepts. You'll then learn about various vectors, including network-based vectors, software-based vectors, mobile devices, wireless networks, and IoT devices. The book also explores attacks on emerging technologies such as the cloud, IoT, web apps, and servers and examines prominent tools and techniques used by hackers. Finally, you'll be ready to take mock tests, which will help you test your understanding of all the topics covered in the book.
By the end of this book, you'll have obtained the information necessary to take the 312-50 exam and become a CEH v11 certified ethical hacker.
Develop foundational skills in ethical hacking and penetration testing while getting ready to pass the certification examKey FeaturesLearn how to look at technology from the standpoint of an attackerUnderstand the methods that attackers use to infiltrate networksPrepare to take and pass the exam in one attempt with the help of hands-on examples and mock testsBook DescriptionWith cyber threats continually evolving, understanding the trends and using the tools deployed by attackers to determine vulnerabilities in your system can help secure your applications, networks, and devices. To outmatch attacks, developing an attacker's mindset is a necessary skill, which you can hone with the help of this cybersecurity book. This study guide takes a step-by-step approach to helping you cover all the exam objectives using plenty of examples and hands-on activities. You'll start by gaining insights into the different elements of InfoSec and a thorough understanding of ethical hacking terms and concepts. You'll then learn about various vectors, including network-based vectors, software-based vectors, mobile devices, wireless networks, and IoT devices. The book also explores attacks on emerging technologies such as the cloud, IoT, web apps, and servers and examines prominent tools and techniques used by hackers. Finally, you'll be ready to take mock tests, which will help you test your understanding of all the topics covered in the book. By the end of this book, you'll have obtained the information necessary to take the 312-50 exam and become a CEH v11 certified ethical hacker.What you will learnGet to grips with information security and ethical hackingUndertake footprinting and reconnaissance to gain primary information about a potential targetPerform vulnerability analysis as a means of gaining visibility of known security weaknessesBecome familiar with the tools and techniques used by an attacker to hack into a target systemDiscover how network sniffing works and ways to keep your information secureExplore the social engineering techniques attackers use to compromise systemsWho this book is forThis ethical hacking book is for security professionals, site admins, developers, auditors, security officers, analysts, security consultants, and network engineers. Basic networking knowledge (Network+) and at least two years of experience working within the InfoSec domain are expected.]]>
Preface
Ethical hacking is a special type of cybersecurity that aims to diagnose and find security flaws before malicious actors can. This guide will give you an overview of these threats as well as advice on how to prevent them, so you can start securing your network today!
As the use of and dependence on technology grows, so do the risks associated with it. While there are many challenges in maintaining a secure network environment, one of the biggest problems cyber attackers face is finding vulnerabilities to exploit. This is where ethical hacking comes in. Ethical hackers use the tools and techniques developed by malicious actors to find security weaknesses before they can be taken advantage of.
One of the most popular and well-known ethical hacking certifications is the Certified Ethical Hacker (CEH) credential offered by the International Council of Electronic Commerce Consultants (EC-Council). To become a CEH, individuals must pass an exam that covers a range of ethical hacking topics, including reconnaissance, footprinting, scanning, and enumeration, gaining access to systems (including Trojans and viruses), stealing data, hiding tracks, and social engineering.
This guide will give you the preparation for the CEH 312-50 exam. We'll cover the topics listed on the exam blueprint, as well as additional resources you can use to study for the test. By the end of this guide, you should have a good understanding of what ethical hacking is and how to perform it effectively.
Let's get started!
Who this book is for
This guide is for anyone who wants to learn more about ethical hacking and how to protect their organization from cyber attacks. This could include security professionals, IT administrators, and anyone else who wants to learn more about the basics of ethical hacking and how to become a more effective cybersecurity professional.
What this book covers
Chapter 1, Understanding Ethical Hacking, covers the elements of InfoSec, the cyber kill chain methodology, different hacking concepts, types, and phrases, as well as the concepts of ethical hacking.
Chapter 2, Introduction to Reconnaissance, is all about reconnaissance. Everything has a starting point, and the starting point for attackers when they target an organization is through the process of reconnaissance/footprinting.
Chapter 3, Reconnaissance – a Deeper Dive, delves into reconnaissance in more depth. Now that you've got a basic understanding of the information we're trying to gather during the reconnaissance stage, let's dive deeper by looking at OSINT and at publicly available data such as social media services, job sites, and even going back in time to view previous versions of a company's web page.
Chapter 4, Scanning Networks, tells us that scanning the network is the process of discovering this type of information. In some cases, we can remain undiscovered, while other techniques might alert a security team.
Chapter 5, Enumeration, explores how enumeration can expose things such as usernames and groups on systems, routing tables, system names, and network shares.
Chapter 6, Vulnerability Analysis, demonstrates how vulnerability analysis is key in providing security to any company's infrastructure from external as well as internal threats.
Chapter 7, System Hacking, focuses on the tools and techniques that can be used by attackers to hack the systems identified in our first four steps. This is the ultimate goal of attackers, and it will show you just how vulnerable you might be.
Chapter 8, Social Engineering, describes an easier method that attackers are discovering and actively using to avoid steps 2 to 5. Humans. We are the weakest link. There is no defense against social engineering; only constant vigilance and training of employees can help to circumvent these techniques.
Chapter 9, Malware and Other Digital Attacks, describes some of the most common attack vectors that hackers will exploit, including malware, viruses, ransomware, and denial-of-service (DoS).
Chapter 10, Sniffing and Evading IDS, Firewalls, and Honeypots, examines how sniffing can provide insights into the possibilities of different types of poisoning attacks taking place on a network. These types of attacks and information can help an attacker avoid honeypots and even get around firewalls and intrusion detection systems (IDSs).
Chapter 11, Hacking Wireless Networks, explains how wireless networks present a completely new attack vector that can be challenging to secure. Attackers will go after these networks as many times, lower encryption technologies are often used as well as the vulnerabilities associated with devices and software that are involved.
Chapter 12, Hacking Mobile Platforms, talks about how mobile devices are quickly replacing desktops and laptops as they allow users to not only do the same productivity tasks, but also store critical information such as contact lists, calendars, and credentials. This chapter will show the threats to mobile platforms that attract attackers to these targets.
Chapter 13, Hacking Web Servers and Web Apps, covers how the growth of the internet and web technologies, combined with rapidly increasing internet connectivity, has led to the emergence of a new business landscape. The interconnectivity of services, plugins, operating systems, APIs, and web shells creates an environment ripe for misconfigurations and missed patches.
Chapter 14, Hacking IoT and OT, explains why organizations using IoT or OT devices as part of their network need to protect both the devices and the information from attackers. All security professionals need to understand the landscape of cyber threats, industrial infrastructure, and business.
Chapter 15, Cloud Computing, examines how the push to cloud-based computing has been fast and advantageous for organizations; however, just like any technology, cloud environments also pose several threats and risks. Attackers are targeting vulnerabilities in the cloud software to gain unauthorized access to networks
Chapter 16, Using Cryptography, describes how cryptography and cryptographic (crypto) systems help in securing data from being compromised during online transmissions, but they are not unhackable. Careful deployment and maintaining a healthy environment will help keeps attackers out.
Chapter 17, CEH Exam Practice Questions, lets you see what you have learned!
To get the most out of this book
You should have an understanding of basic network functions and technologies. TCP/IP and the OSI model are key concepts. You should also be familiar with firewall types and functions and have a basic understanding of web servers, web applications, and the security vulnerabilities they present. Familiarity with cryptography basics should also be established before attempting the CEH exam.
The only software you might want to consider would be some type of virtualization solution such as VMware, VirtualBox, or Hyper-V to create a network to practice some of the techniques discussed, but it's not required.
Download the color images
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781801813099_ColorImages.pdf.
Conventions used
There are a number of text conventions used throughout this book.
Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "An attacker could exploit the application with the setuid or setgid flags to execute malicious code with elevated privileges."
Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Under the Research category, you can go to Threat Analysis and see what's currently going on in that area."
Tips or Important Notes
Appear like this.
Get in touch
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at customercare@packtpub.com.
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the internet, we would...
Erscheint lt. Verlag | 8.7.2022 |
---|---|
Vorwort | Christopher Rees |
Sprache | englisch |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
Mathematik / Informatik ► Informatik ► Web / Internet | |
Informatik ► Weitere Themen ► Zertifizierung | |
ISBN-10 | 1-80181-545-3 / 1801815453 |
ISBN-13 | 978-1-80181-545-1 / 9781801815451 |
Haben Sie eine Frage zum Produkt? |
Digital Rights Management: ohne DRM
Dieses eBook enthält kein DRM oder Kopierschutz. Eine Weitergabe an Dritte ist jedoch rechtlich nicht zulässig, weil Sie beim Kauf nur die Rechte an der persönlichen Nutzung erwerben.
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür die kostenlose Software Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür eine kostenlose App.
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich