CEH v12 Certified Ethical Hacker Study Guide with 750 Practice Test Questions (2023)

Preview (16 of 763 Pages)

100%

Purchase to unlock

Loading page image...

CERTIFIEDETHICALHACKERIncludesinteractiveonlinelearningenvironmentandstudytools:750practicequestions100electronicflashcardsSearchablekeytermglossaryRICMESSIER,CEH,GSEC,CISSP+study|

Loading page image...

DownloadedfromStudyXY.com®+StudyXYSdYe.o>\|iF’prE\3SStudyAnythingThisContentHasbeenPostedOnStudyXY.comassupplementarylearningmaterial.StudyXYdoesnotendroseanyuniversity,collegeorpublisher.Allmaterialspostedareundertheliabilityofthecontributors.wv8)www.studyxy.com

Loading page image...

CertifiedEthicalHackerStudyGuidei_AP|STSalas=aaRicMessier,CEH,GSEC,CISSP

Loading page image...

Copyright©2023byJohnWiley&Sons,Inc.Allrightsreserved.PublishedbyJohnWiley&Sons,Inc.,Hoboken,NewJersey.PublishedsimultaneouslyinCanadaandtheUnitedKingdom.ISBN:978-1-394-18692-1ISBN:978-1-394-18687-7(ebk.)ISBN:978-1-394-18691-4(ebk.)Nopartofthispublicationmaybereproduced,storedinaretrievalsystem,ortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanning,orotherwise,exceptaspermittedunderSection107or108ofthe1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermissionofthePublisher,orauthorizationthroughpaymentoftheappropriateper-copyfeetotheCopyrightClearanceCenter,Inc.,222RosewoodDrive,Danvers,MA01923,(978)750-8400,fax(978)750-4470,oronthewebatwww.copyright.com.RequeststothePublisherforpermissionshouldbeaddressedtothePermissionsDepartment,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011,fax(201)748-6008,oronlineatwww.wiley.com/go/permission.Trademarks:WILEY,theWileylogo,andtheSybexlogoaretrademarksorregisteredtrademarksofJohnWiley&Sons,Inc.and/oritsaffiliates,intheUnitedStatesandothercountries,andmaynotbeusedwithoutwrittenpermission.CEHisatrademarkofEC-Council.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWiley&Sons,Inc.isnotassociatedwithanyproductorvendormentionedinthisbook.LimitofLiability/DisclaimerofWarranty:Whilethepublisherandauthorhaveusedtheirbesteffortsinpreparingthisbook,theymakenorepresentationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthisbookandspecificallydisclaimanyimpliedwarrantiesofmerchantabilityorfitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysalesrepresentativesorwrittensalesmaterials.Theadviceandstrategiescontainedhereinmaynotbesuitableforyoursituation.Youshouldconsultwithaprofessionalwhereappropriate.Further,readersshouldbeawarethatwebsiteslistedinthisworkmayhavechangedordisappearedbetweenwhenthisworkwaswrittenandwhenitisread.Neitherthepublishernorauthorshallbeliableforanylossofprofitoranyothercommercialdamages,includingbutnotlimitedtospecial,incidental,consequential,orotherdamages.Forgeneralinformationonourotherproductsandservicesorfortechnicalsupport,pleasecontactourCustomerCareDepartmentwithintheUnitedStatesat(800)762-2974,outsidetheUnitedStatesat(317)572-3993orfax(317)572-4002.Wileyalsopublishesitsbooksinavarietyofelectronicformats.Somecontentthatappearsinprintmaynotbeavailableinelectronicformats.FormoreinformationaboutWileyproducts,visitourwebsiteatwna.wiley.com.LibraryofCongressControlNumber:2023932588Coverimage:©GettyImagesInc./JeremyWoodhouseCoverdesign:WileyStudy

Loading page image...

AbouttheAuthorRicMessier,GCIH,CCSP,GSEC,CEH,CISSP,MS,hasentirelytoomanylettersafterhisname,asthoughhespendstimegatheringupstraysthatfollowhimhomeattheendoftheday.HisinterestininformationsecuritybeganinhighschoolbutwascementedwhenhewasafreshmanattheUniversityofMaine,Orono,whenhetookadvantageofavulnera-bilityinajailedenvironmenttobreakoutofthejailandgainelevatedprivilegesonanIBMmainframeintheearly1980s.HisfirstexperiencewithUnixwasinthemid-1980sandwithLinuxinthemid-1990s.Ricisanauthor,trainer,educator,andsecurityprofessionalwithmultipledecadesofexperience.HeiscurrentlyaPrincipalConsultantwithMandiantandhasdevelopedgraduateprogramsandcoursesininformationsecurityatdifferentcollegesanduniversities.AbouttheTechnicalEditorJamesMichaelStewart,CISSP,CEH,CHFI,ECSA,CND,ECIH,CySA+,PenTest+,CASP+,Security+,Network+,A+,CISM,andCFR,hasbeenwritingandtrainingformorethan25years,withacurrentfocusonsecurity.HehasbeenteachingCISSPtrainingcoursessince2002,nottomentionothercoursesoninternetsecurityandethicalhacking/penetrationtesting.Heistheauthorofandcontributortomorethan75booksonsecuritycertification,Microsofttopics,andnetworkadministration,includingCompTIASecurity+ReviewGuide.MoreinformationaboutMichaelcanbefoundathiswebsite,www.impactonline.com.

Loading page image...

ContentsataGlanceIntroductionxviiAssessmentTestxxvChapter1EthicalHacking1Chapter2NetworkingFoundations17Chapter3SecurityFoundations59Chapter4FootprintingandReconnaissance101Chapter5ScanningNetworks161Chapter6Enumeration231Chapter7SystemHacking279Chapter8Malware339Chapter9Sniffing393Chapter10SocialEngineering435Chapter11WirelessSecurity471Chapter12AttackandDefense51Chapter13Cryptography549Chapter14SecurityArchitectureandDesign581Chapter15CloudComputingandtheInternetofThings611AppendixAnswerstoReviewQuestions661Index699

Loading page image...

ContentsIntroductionxviiAssessmentTestxxvChapter1EthicalHacking1OverviewofEthics2OverviewofEthicalHacking5AttackModeling,6CyberKillChain7AttackLifecycle8MITREATT&CKFramework10MethodologyofEthicalHacking12ReconnaissanceandFootprinting12ScanningandEnumeration12GainingAccess13MaintainingAccess14CoveringTracks14Summary15Chapter2NetworkingFoundations17CommunicationsModels19OpenSystemsInterconnection20TCP/IPArchitecture23Topologies24BusNetwork24StarNetwork25RingNetwork26MeshNetwork27Hybrid28PhysicalNetworking29Addressing29Switching30P31Headers32Addressing34Subnets35TCP37UDP40InternetControlMessageProtocol41

Loading page image...

xContentsNetworkArchitectures42NetworkTypes43Isolation44RemoteAccess45CloudComputing46StorageasaService47InfrastructureasaService48PlatformasaService49SoftwareasaService51InternetofThings53Summary54ReviewQuestions56Chapter3SecurityFoundations59TheTriad61Confidentiality61Integrity63Availability64ParkerianHexad65InformationAssuranceandRisk66Policies,Standards,andProcedures69SecurityPolicies69SecurityStandards70Procedures71Guidelines72OrganizingYourProtections72SecurityTechnology75Firewalls76IntrusionDetectionSystems80IntrusionPreventionSystems83EndpointDetectionandResponse84SecurityInformationandEventManagement86BeingPrepared87DefenseinDepth87DefenseinBreadth89DefensibleNetworkArchitecture90Logging91Auditing93Summary95ReviewQuestions9Chapter4FootprintingandReconnaissance101OpenSourceIntelligence103Companies103People112

Loading page image...

ContentsxiSocialNetworking115DomainNameSystem129NameLookups130ZoneTransfers136PassiveDNS138PassiveReconnaissance142WebsiteIntelligence145TechnologyIntelligence150GoogleHacking150InternetofThings(IoT)152Summary154ReviewQuestions157Chapter5ScanningNetworks161PingSweeps163Usingfping163UsingMegaPing165PortScanning167nmap168masscan184MegaPing186Metasploit188VulnerabilityScanning190OpenVAS192Nessus203LookingforVulnerabilitieswithMetasploit209PacketCraftingandManipulation210hping211packETH214fragroute217EvasionTechniques218Evasionwithnmap221ProtectingandDetecting223Summary224ReviewQuestions226Chapter6Enumeration231ServiceEnumeration233Countermeasures236RemoteProcedureCalls236SunRPC237RemoteMethodInvocation239ServerMessageBlock242Built-inUtilities243nmapScripts247

Loading page image...

xiiContentsNetBIOSEnumerator249Metasploit250OtherUtilities254Countermeasures257SimpleNetworkManagementProtocol258Countermeasures259SimpleMailTransferProtocol260Countermeasures263‘Web-BasedEnumeration264Countermeasures271Summary272ReviewQuestions274Chapter7SystemHacking279SearchingforExploits281SystemCompromise285MetasploitModules286Exploit-DB290GatheringPasswords292PasswordCracking295JohntheRipper296RainbowTables298Kerberoasting300Client-SideVulnerabilities305LivingOfftheLand307Fuzzing308PostExploitation313Evasion313PrivilegeEscalation314Pivoting319Persistence322CoveringTracks326Summary332ReviewQuestions334Chapter8Malware339MalwareTypes341Virus341Worm342Trojan344Botnet344Ransomware345Dropper347

Loading page image...

ContentsxiiiFilelessMalware348PolymorphicMalware348MalwareAnalysis349StaticAnalysis350DynamicAnalysis361AutomatedMalwareAnalysis370CreatingMalware371WritingYourOwn372UsingMetasploit375Obfuscating381MalwareInfrastructure382AntivirusSolutions384Persistence385Summary386ReviewQuestions388Chapter9Sniffing393PacketCapture394tcpdump395tshark401Wireshark403BerkeleyPacketFilter408PortMirroring/Spanning410DetectingSniffers410PacketAnalysis412SpoofingAttacks417ARPSpoofing418DNSSpoofing422DHCPStarvationAttack424sslstrip425SpoofingDetection426Summary428ReviewQuestions430Chapter10SocialEngineering435SocialEngineering436Pretexting438SocialEngineeringVectors440IdentityTheft441PhysicalSocialEngineering442BadgeAccess442ManTraps444Biometrics445PhoneCalls446

Loading page image...

xivContentsBaiting447Tailgating448PhishingAttacks448ContactSpamming452QuidProQuo452SocialEngineeringforSocialNetworking453WebsiteAttacks454Cloning454RogueAttacks457WirelessSocialEngineering458AutomatingSocialEngineering461Summary464ReviewQuestions466Chapter11WirelessSecurity471Wi-Fi472Wi-FiNetworkTypes474‘Wi-FiAuthentication477Wi-FiEncryption478BringYourOwnDevice483Wi-FiAttacks484Bluetooth495Scanning496Bluejacking498Bluesnarfing498Bluebugging498Bluedump499Bluesmack499MobileDevices499MobileDeviceAttacks500Summary504ReviewQuestions506Chapter12AttackandDefense511WebApplicationAttacks512OWASPTop10Vulnerabilities514WebApplicationProtections524Denial-of-ServiceAttacks526BandwidthAttacks527SlowAttacks529Legacy531ApplicationExploitation531BufferOverflow532HeapSpraying534ApplicationProtectionsandEvasions535

Loading page image...

ContentsxvLateralMovement536DefenseinDepth/DefenseinBreadth538DefensibleNetworkArchitecture540Summary542ReviewQuestionsS44Chapter13Cryptography549BasicEncryption551SubstitutionCiphers551Diffie-Hellman553SymmetricKeyCryptography555DataEncryptionStandard555AdvancedEncryptionStandard556AsymmetricKeyCryptography558HybridCryptosystem559Nonrepudiation559EllipticCurveCryptography560CertificateAuthoritiesandKeyManagement562CertificateAuthority562TrustedThirdParty565Self-SignedCertificates566CryptographicHashing569PGPandS/MIME571DiskandFileEncryption572Summary576ReviewQuestions578Chapter14SecurityArchitectureandDesign581DataClassification582SecurityModels584StateMachine584Biba585Bell-LaPadula586Clark-WilsonIntegrityModel586ApplicationArchitecture587n-tierApplicationDesign588Service-OrientedArchitecture591Cloud-BasedApplications593DatabaseConsiderations595SecurityArchitecture598Zero-TrustModel602Summary604ReviewQuestions606

Preview Mode

This document has 763 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

Certified Ethical Hacker CEH Exam Cram (2022)

Company

Explore

Study Tools