CEH Certified Ethical Hacker Cert Guide Table of Contents
Return to CEH Certified Ethical Hacker Cert Guide, Security, DevOps Security - Security SRE - CI/CD Security, Cloud Native Security - Microservices Security - Serverless Security, DevSecOps, Parallel Programming and Security, Concurrency and Security, Database Security, Data Science Security, Machine Learning Security, Cybersecurity Bibliography, Cybersecurity Courses, Cybersecurity Glossary, Awesome Cybersecurity, Cybersecurity GitHub, Cybersecurity Topics
Fair Use Source: B09M86B259 (CEHsntos 2022)
Contents at a Glance
CHAPTER 1 An Introduction to Ethical Hacking
CHAPTER 2 The Technical Foundations of Hacking
CHAPTER 3 Footprinting, Reconnaissance, and Scanning
CHAPTER 4 Enumeration and System Hacking
CHAPTER 5 Social Engineering, Malware Threats, and Vulnerability Analysis
CHAPTER 6 Sniffers, Session Hijacking, and Denial of Service
CHAPTER 7 Web Server Hacking, Web Applications, and Database Attacks
CHAPTER 8 Wireless Technologies, Mobile Security, and Attacks
CHAPTER 9 Evading IDS, Firewalls, and Honeypots
CHAPTER 10 Cryptographic Attacks and Defenses
CHAPTER 11 Cloud Computing, IoT and Botnets
CHAPTER 12 Final Preparation
Appendix A Answers to the “Do I Know This Already?”Quizzes and Review Questions
Appendix B CEH Certified Ethical Hacker Cert Guide Exam Updates
Chapter 1 An Introduction to Ethical Hacking
“Do I Know This Already?” Quiz
Foundation Topics
Risk, Assets, Threats, and Vulnerabilities
Backing Up Data to Reduce Risk
Defining an Exploit
No-Knowl[[edge Tests (Black Box)
Full-Knowl[[edge Testing (White Box)
Partial-Knowl[[edge Testing (Gray Box)
Incident Response
Cyber Kill Chain
Hacker and Cracker Descriptions
Who Attackers Are
Required Skills of an Ethical Hacker
Modes of Ethical Hacking
Establishing Goals
Getting Approval
Vulnerability Research and Bug Bounties — Keeping Up with Changes
Compliance Regulations
Payment Card Industry Data Security Standard (PCI-DSS)
1-1 Searching for Exposed Passwords
1-2 Examining Security Policies
Suggested Reading and Resources
Chapter 2 The Technical Foundations of Hacking
“Do I Know This Already?” Quiz
Foundation Topics
Performing Reconnaissance and Footprinting
Scanning and Enumeration
Gaining Access
Escalating Privilege
Covering Tracks and Planting Backdoors
The Ethical Hacker’s Process
NIST SP 800-115
Operationally Critical Threat, Asset, and Vulnerability Evaluation
Open Source Security Testing Methodology Manual
Information Security Systems and the Stack
The Application Layer
2-1 Install a Sniffer and Perform Packet Captures
2-2 Using Traceroute for Network Troubleshooting
Suggested Reading and Resources
Chapter 3 Footprinting, Reconnaissance, and Scanning
“Do I Know This Already?” Quiz
Foundation Topics
Footprinting
Footprinting Methodology
Documentation
Footprinting Through Search Engines
Footprinting Through Social Networking Sites
Footprinting Through Web Service]]s and Websites
Email Footprinting
Subnetting’s Role in Mapping Networks
Footprinting Through Social Engineering
Footprinting Countermeasures
Nmap
Hping
OS Discovery (Banner Grabbing/OS Fingerprinting) and Scanning Beyond IDS and Firewall
Active Fingerprinting Tools
Fingerprinting Services
Draw Network Diagrams
3-1 Performing Passive Reconnaissance
3-2 Performing Active Reconnaissance
Suggested Reading and Resources
Chapter 4 Enumeration and System Hacking
“Do I Know This Already?” Quiz
Foundation Topics
NetBIOS and LDAP Enumeration
NetBIOS Enumeration Tools
SNMP Enumeration
NTP Enumeration
Additional Enumeration Techniques
Enumeration Countermeasures
Password Guessing
Escalating Privilege and Exploiting Vulnerabilities
Exploiting an Application
Exploiting a Buffer Overflow
Linux Authentication and Passwords
Hiding Files and Covering Tracks
Rootkits
File Hiding
Suggested Reading and Resources
Chapter 5 Social Engineering, Malware Threats, and Vulnerability Analysis
“Do I Know This Already?” Quiz
Foundation Topics
Social Engineering
Phishing
Pharming
Malvertising
Spear Phishing
Whaling
Elicitation, Interrogation, and Impersonation (Pretexting)
Social Engineering Motivation Techniques
Shoulder Surfing and USB Baiting
Types and Transmission Methods of Viruses and Malware
Trojan Ports and Communication Methods
Tunneling via the Internet Layer
Tunneling via the Transport Layer
Tunneling via the Application Layer
Spyware
Malware Countermeasures
Antivirus
Passive vs. Active Assessments
External vs. Internal Assessments
Vulnerability Assessment Solutions
Tree-Based vs. Inference-Based Assessments
Command Reference to Check Your Memory
5-1 Finding Malicious Programs
Suggested Reading and Resources
Chapter 6 Sniffers, Session Hijacking, and Denial of Service
“Do I Know This Already?” Quiz
Foundation Topics
Sniffers
Active Sniffing
ARP Poisoning and MAC Flooding
Tools for Sniffing and Packet Capturing
Wireshark
Sniffing and Spoofing Countermeasures
Identify and Find an Active Session
Take One of the Parties Offline
Application Layer Hijacking
Denial of Service and Distributed Denial of Service
Peer-to-Peer Attacks
6-1 Scanning for DDoS Programs
6-2 Spoofing Your MAC Address in Linux
6-3 Using the KnowBe4 SMAC to Spoof Your MAC Address
Suggested Reading and Resources
Chapter 7 Web Server Hacking, Web Applications, and Database Attacks
“Do I Know This Already?” Quiz
Foundation Topics
Banner Grabbing and Enumeration
Web Server Vulnerability Identification
DNS Server Hijacking and DNS Amplification Attacks
Understanding Cookie Manipulation Attacks
Web Server–Specific Vulnerabilities
Lack of Error Handling and Overly Verbose Error Handling
Patch Management
Disable Unneeded Services
Lock Down the File System
Provide Ongoing Vulnerability Scans
Cross-Site Scripting (XSS) Vulnerabilities
Understanding Cross-Site Request Forgery Vulnerabilities and Related Attacks
Understanding Clickjacking
Other Web Application Attacks
Exploiting Web-Based Cryptographic Vulnerabilities and Insecure Configurations
Web-Based Password Cracking and Authentication Attacks
Understanding What Cookies Are and Their Use
A Brief Introduction to SQL and SQL Injection
Fingerprinting the Database
Surveying the UNION Exploitation Technique
Using Boolean in SQL Injection Attacks
Understanding Out-of-Band Exploitation
Exploring the Time-Delay SQL Injection Technique
Surveying Stored Procedure SQL Injection
Understanding SQL Injection Mitigations
7-1 Complete the Exercises in WebGoat
Suggested Reading and Resources
Chapter 8 Wireless Technologies, Mobile Security, and Attacks
“Do I Know This Already?” Quiz
Foundation Topics
Wireless and Mobile Device Technologies
Mobile Device Concerns
Android
iOS
Windows Mobile Operating System
BlackBerry
Mobile Device Management and Protection
Radio Frequency Identification (RFID) Attacks
Wireless LAN Frequencies and Signaling
Installing Rogue Access Points
Attacking the Preferred Network Lists
Jamming Wireless Signals and Causing Interference
Wireless Networks Configured with Open Authentication
KRACK Attacks
Attacks Against WPA3
Attacking Wi-Fi Protected Setup (WPS)
Additional Wireless Hacking Tools
Performing GPS Mapping
Crack and Compromise the Wi-Fi Network
Robust Wireless Authentication
Suggested Reading and Resources
Chapter 9 Evading IDS, Firewalls, and Honeypots
“Do I Know This Already?” Quiz
Foundation Topics
Intrusion Detection and Prevention Systems
Global Threat Correlation Capabilities
Snort
Session Splicing
Application and Circuit-Level Gateways
Suggested Reading and Resources
Chapter 10 Cryptographic Attacks and Defenses
“Do I Know This Already?” Quiz
Foundation Topics
Cryptography History and Concepts
Data Encryption Standard (DES)
Advanced Encryption Standard (AES)
Asymmetric Encryption (Public Key Encryption)
ElGamal
Elliptic-Curve Cryptography (ECC)
Email and Disk Encryption
Encryption-Cracking Tools
Security Protocols and Countermeasures
Steganography
10-1 Examining an SSL Certificate
10-2 Using PGP
10-3 Using a Steganographic Tool to Hide a Message
Suggested Reading and Resources
Chapter 11 Cloud Computing, IoT, and Botnets
“Do I Know This Already?” Quiz
Foundation Topics
Cloud Computing Issues and Concerns
DevOps, Continuous Integration (CI), Continuous Delivery (CD), and DevSecOps
Containers and Container Orchestration
How to Scan Containers to Find Security Vulnerabilities
Botnet Countermeasures
Suggested Reading and Resources
Hands-on Activities
Suggested Plan for Final Review and Study
Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions
Appendix B CEH Certified Ethical Hacker Cert Guide Exam Updates
Pentesting: Vulnerability Assessment, Penetration Testing Frameworks, Ethical Hacking, Social Engineering Attacks, Network Penetration Testing, Web Application Penetration Testing, Wireless Network Penetration Testing, Physical Security Penetration Testing, Social Engineering Techniques, Phishing Techniques, Password Cracking Techniques, SQL Injection Attacks, Cross-Site Scripting (XSS) Attacks, Cross-Site Request Forgery (CSRF) Attacks, Security Misconfiguration Issues, Sensitive Data Exposure, Broken Authentication and Session Management, Insecure Direct Object References, Components with Known Vulnerabilities, Insufficient Logging and Monitoring, Mobile Application Penetration Testing, Cloud Security Penetration Testing, IoT Device Penetration Testing, API Penetration Testing, Encryption Flaws, Buffer Overflow Attacks, Denial of Service (DoS) Attacks, Distributed Denial of Service (DDoS) Attacks, Man-in-the-Middle (MitM) Attacks, Port Scanning Techniques, Firewall Evasion Techniques, Intrusion Detection System (IDS) Evasion Techniques, Penetration Testing Tools, Automated Penetration Testing Software, Manual Penetration Testing Techniques, Post-Exploitation Techniques, Privilege Escalation Techniques, Persistence Techniques, Security Patches and Updates Testing, Compliance Testing, Red Team Exercises, Blue Team Strategies, Purple Teaming, Threat Modeling, Risk Analysis, Vulnerability Scanning Tools, Exploit Development, Reverse Engineering, Malware Analysis, Digital Forensics in Penetration Testing
Mitre Framework, Common Vulnerabilities and Exposures (CVE), Pentesting by Programming Language (Angular Pentesting, Bash Pentesting, C Pentesting, C++ Pentesting, C# Pentesting, Clojure Pentesting, COBOL Pentesting, Dart Pentesting, Fortran Pentesting, Golang Pentesting, Java Pentesting, JavaScript Pentesting, Kotlin Pentesting, Python Pentesting, PowerShell Pentesting, React Pentesting, Ruby Pentesting, Rust Pentesting, Scala Pentesting, Spring Pentesting, Swift Pentesting - iOS Pentesting - macOS Pentesting, TypeScript Pentesting),
Pentesting by Cloud Provider, Pentesting by OS, Pentesting by Company, Awesome Pentesting, Pentesting Bibliography, Pentesting GitHub, Pentesting topics, Cybersecurity topics, Dictionary attack, Passwords, Hacking (Ethical hacking, White hat, Black hat, Grey hat), Pentesting, Rainbow table, Cybersecurity certifications (CEH), Awesome pentesting. (navbar_pentesting. See also navbar_passwords, navbar_security, navbar_encryption, navbar_iam, navbar_devsecops)
Cybersecurity: DevSecOps - Security Automation, Cloud Security - Cloud Native Security (AWS Security - Azure Security - GCP Security - IBM Cloud Security - Oracle Cloud Security, Container Security, Docker Security, Podman Security, Kubernetes Security, Google Anthos Security, Red Hat OpenShift Security); CIA Triad (Confidentiality - Integrity - Availability, Authorization - OAuth, Identity and Access Management (IAM), JVM Security (Java Security, Spring Security, Micronaut Security, Quarkus Security, Helidon Security, MicroProfile Security, Dropwizard Security, Vert.x Security, Play Framework Security, Akka Security, Ratpack Security, Netty Security, Spark Framework Security, Kotlin Security - Ktor Security, Scala Security, Clojure Security, Groovy Security;
, JavaScript Security, HTML Security, HTTP Security - HTTPS Security - SSL Security - TLS Security, CSS Security - Bootstrap Security - Tailwind Security, Web Storage API Security (localStorage Security, sessionStorage Security), Cookie Security, IndexedDB Security, TypeScript Security, Node.js Security, NPM Security, Deno Security, Express.js Security, React Security, Angular Security, Vue.js Security, Next.js Security, Remix.js Security, PWA Security, SPA Security, Svelts.js Security, Ionic Security, Web Components Security, Nuxt.js Security, Z Security, htmx Security
Python Security - Django Security - Flask Security - Pandas Security,
Database Security (Database Security on Kubernetes, Database Security on Containers / Database Security on Docker, Cloud Database Security - DBaaS Security, Concurrent Programming and Database Security, Functional Concurrent Programming and Database Security, Async Programming and Databases Security, MySQL Security, Oracle Database Security, Microsoft SQL Server Security, MongoDB Security, PostgreSQL Security, SQLite Security, Amazon RDS Security, IBM Db2 Security, MariaDB Security, Redis Security (Valkey Security), Cassandra Security, Amazon Aurora Security, Microsoft Azure SQL Database Security, Neo4j Security, Google Cloud SQL Security, Firebase Realtime Database Security, Apache HBase Security, Amazon DynamoDB Security, Couchbase Server Security, Elasticsearch Security, Teradata Database Security, Memcached Security, Infinispan Security, Amazon Redshift Security, SQLite Security, CouchDB Security, Apache Kafka Security, IBM Informix Security, SAP HANA Security, RethinkDB Security, InfluxDB Security, MarkLogic Security, ArangoDB Security, RavenDB Security, VoltDB Security, Apache Derby Security, Cosmos DB Security, Hive Security, Apache Flink Security, Google Bigtable Security, Hadoop Security, HP Vertica Security, Alibaba Cloud Table Store Security, InterSystems Caché Security, Greenplum Security, Apache Ignite Security, FoundationDB Security, Amazon Neptune Security, FaunaDB Security, QuestDB Security, Presto Security, TiDB Security, NuoDB Security, ScyllaDB Security, Percona Server for MySQL Security, Apache Phoenix Security, EventStoreDB Security, SingleStore Security, Aerospike Security, MonetDB Security, Google Cloud Spanner Security, SQream Security, GridDB Security, MaxDB Security, RocksDB Security, TiKV Security, Oracle NoSQL Database Security, Google Firestore Security, Druid Security, SAP IQ Security, Yellowbrick Data Security, InterSystems IRIS Security, InterBase Security, Kudu Security, eXtremeDB Security, OmniSci Security, Altibase Security, Google Cloud Bigtable Security, Amazon QLDB Security, Hypertable Security, ApsaraDB for Redis Security, Pivotal Greenplum Security, MapR Database Security, Informatica Security, Microsoft Access Security, Tarantool Security, Blazegraph Security, NeoDatis Security, FileMaker Security, ArangoDB Security, RavenDB Security, AllegroGraph Security, Alibaba Cloud ApsaraDB for PolarDB Security, DuckDB Security, Starcounter Security, EventStore Security, ObjectDB Security, Alibaba Cloud AnalyticDB for PostgreSQL Security, Akumuli Security, Google Cloud Datastore Security, Skytable Security, NCache Security, FaunaDB Security, OpenEdge Security, Amazon DocumentDB Security, HyperGraphDB Security, Citus Data Security, Objectivity/DB). Database drivers (JDBC Security, ODBC), ORM (Hibernate Security, Microsoft Entity Framework), SQL Operators and Functions Security, Database IDEs (JetBrains DataSpell Security, SQL Server Management Studio Security, MySQL Workbench Security, Oracle SQL Developer Security, SQLiteStudio),
Programming Language Security ((1. Python Security, 2. JavaScript Security, 3. Java Security, 4. C# Security, 5. C++ Security, 6. PHP Security, 7. TypeScript Security, 8. Ruby Security, 9. C Security, 10. Swift Security, 11. R Security, 12. Objective-C Security, 13. Scala Security, 14. Golang Security, 15. Kotlin Security, 16. Rust Security, 17. Dart Security, 18. Lua Security, 19. Perl Security, 20. Haskell Security, 21. Julia Security, 22. Clojure Security, 23. Elixir Security, 24. F# Security, 25. Assembly Language Security, 26. Shell Script Security / bash Security, 27. SQL Security, 28. Groovy Security, 29. PowerShell Security, 30. MATLAB Security, 31. VBA Security, 32. Racket Security, 33. Scheme Security, 34. Prolog Security, 35. Erlang Security, 36. Ada Security, 37. Fortran Security, 38. COBOL Security, 39. Lua Security, 40. VB.NET Security, 41. Lisp Security, 42. SAS Security, 43. D Security, 44. LabVIEW Security, 45. PL/SQL Security, 46. Delphi/Object Pascal Security, 47. ColdFusion Security, 49. CLIST Security, 50. REXX);
OS Security, Mobile Security: Android Security - Kotlin Security - Java Security, iOS Security - Swift Security; Windows Security - Windows Server Security, Linux Security (Ubuntu Security, Debian Security, RHEL Security, Fedora Security), UNIX Security (FreeBSD Security), IBM z Mainframe Security (RACF Security), Passwords (Windows Passwords, Linux Passwords, FreeBSD Passwords, Android Passwords, iOS Passwords, macOS Passwords, IBM z/OS Passwords), Passkeys, Hacking (Ethical Hacking, White Hat, Black Hat, Grey Hat), Pentesting (Red Team - Blue Team - Purple Team), Cybersecurity Certifications (CEH, GIAC, CISM, CompTIA Security Plus, CISSP), Mitre Framework, Common Vulnerabilities and Exposures (CVE), Cybersecurity Bibliography, Cybersecurity Courses, Firewalls, CI/CD Security (GitHub Actions Security, Azure DevOps Security, Jenkins Security, Circle CI Security), Functional Programming and Cybersecurity, Cybersecurity and Concurrency, Cybersecurity and Data Science - Cybersecurity and Databases, Cybersecurity and Machine Learning, Cybersecurity Glossary (RFC 4949 Internet Security Glossary), Awesome Cybersecurity, Cybersecurity GitHub, Cybersecurity Topics (navbar_security - see also navbar_aws_security, navbar_azure_security, navbar_gcp_security, navbar_k8s_security, navbar_docker_security, navbar_podman_security, navbar_mainframe_security, navbar_ibm_cloud_security, navbar_oracle_cloud_security, navbar_database_security, navbar_windows_security, navbar_linux_security, navbar_macos_security, navbar_android_security, navbar_ios_security, navbar_os_security, navbar_firewalls, navbar_encryption, navbar_passwords, navbar_iam, navbar_pentesting, navbar_privacy)
© 1994 - 2024 Cloud Monk Losang Jinpa or Fair Use. Disclaimers
SYI LU SENG E MU CHYWE YE. NAN. WEI LA YE. WEI LA YE. SA WA HE.