Certified Ethical Hacker (CEH) Cert Guide

and Scanning 77 "Do I Know This Already?" Quiz 77 Foundation Topics 80 The Seven-Step Information-Gathering Process 80 Information Gathering 80 Documentation 80 The Organization's Website 81 Job Boards 83 Employee and People Searches 84 EDGAR Database 87 Google Hacking 88 Usenet 92 Registrar Query 93 DNS Enumeration 96 Determine the Network Range 101 Traceroute 101 Identifying Active Machines 104 Finding Open Ports and Access Points 105 Nmap 112 SuperScan 115 THC-Amap 115 Scanrand 116 Hping 116 Port Knocking 117 War Dialers 117 War Driving 118 OS Fingerprinting 118 Active Fingerprinting Tools 120 Fingerprinting Services 122 Default Ports and Services 122 Finding Open Services 123 Mapping the Network Attack Surface 125 Manual Mapping 125 Automated Mapping 125 Chapter Summary 127 Exam Preparation Tasks 127 Review All Key Topics 127 Define Key Terms 128 Command Reference to Check Your Memory 128 Exercises 129 3.1 Performing Passive Reconnaissance 129 3.2 Performing Active Reconnaissance 130 Review Questions 131 Suggested Reading and Resources 134 Chapter 4 Enumeration and System Hacking 137 "Do I Know This Already?" Quiz 137 Foundation Topics 140 Enumeration 140 Windows Enumeration 140 Windows Security 142 NetBIOS and LDAP Enumeration 143 NetBIOS Enumeration Tools 145 SNMP Enumeration 148 Linux/UNIX Enumeration 149 NTP Enumeration 150 SMTP Enumeration 150 DNS Enumeration 151 System Hacking 151 Nontechnical Password Attacks 151 Technical Password Attacks 152 Password Guessing 152 Automated Password Guessing 153 Password Sniffing 154 Keystroke Loggers 155 Privilege Escalation and Exploiting Vulnerabilities 155 Exploiting an Application 156 Exploiting a Buffer Overflow 156 Owning the Box 157 Authentication Types 158 Cracking the Passwords 159 Hiding Files and Covering Tracks 162 File Hiding 163 Chapter Summary 165 Exam Preparation Tasks 165 Review All Key Topics 165 Define Key Terms 166 Command Reference to Check Your Memory 166 Exercise 166 4.1 NTFS File Streaming 166 Review Questions 167 Suggested Reading and Resources 171 Chapter 5 Linux and Automated Assessment Tools 173 "Do I Know This Already?" Quiz 173 Foundation Topics 176 Linux 176 Linux or Windows? Picking the Right Platform 176 Linux File Structure 177 Linux Basics 179 Passwords and the Shadow File 182 Linux Passwords 183 Compressing, Installing, and Compiling Linux 185 Hacking Linux 186 Reconnaissance 186 Scanning 186 Enumeration 188 Gaining Access 188 Privilege Escalation 190 Maintaining Access and Covering Tracks 191 Hardening Linux 194 Automated Assessment Tools 196 Automated Assessment Tools 196 Source Code Scanners 197 Application-Level Scanners 197 System-Level Scanners 198 Automated Exploit Tools 201 Chapter Summary 203 Exam Preparation Tasks 204 Review All Key Topics 204 Define Key Terms 204 Command Reference to Check Your Memory 205 Exercises 205 5.1 Downloading and Running Backtrack 205 5.2 Using Backtrack to Perform a Port Scan 206 5.3 Creating a Virtual Machine 206 5.4 Cracking Passwords with John the Ripper 207 Review Questions 208 Suggested Reading and Resources 210 Chapter 6 Trojans and Backdoors 213 "Do I Know This Already?" Quiz 213 Foundation Topics 216 Trojans 216 Trojan Types 216 Trojan Ports and Communication Methods 217 Trojan Goals 219 Trojan Infection Mechanisms 219 Effects of Trojans 220 Trojan Tools 221 Distributing Trojans 225 Trojan Tool Kits 226 Covert Communication 227 Covert Communication Tools 231 Port Redirection 232 Other Redirection and Covert Tools 234 Keystroke Logging and Spyware 235 Hardware 236 Software 236 Spyware 237 Trojan and Backdoor Countermeasures 238 Chapter Summary 240 Exam Preparation Tasks 241 Review All Key Topics 241 Define Key Terms 242 Command Reference to Check Your Memory 242 Exercises 243 6.1 Finding Malicious Programs 243 6.2 Using a Scrap Document to Hide Malicious Code 244 6.3 Using Process Explorer 244 Review Questions 246 Suggested Reading and Resources 248 Chapter 7 Sniffers, Session Hijacking, and Denial of Service 251 "Do I Know This Already?" Quiz 251 Foundation Topics 254 Sniffers 254 Passive Sniffing 254 Active Sniffing 255 Address Resolution Protocol 255 ARP Poisoning and Flooding 256 Tools for Sniffing 260 Wireshark 260 Other Sniffing Tools 262 Sniffing and Spoofing Countermeasures 263 Session Hijacking 264 Transport Layer Hijacking 264 Predict the Sequence Number 265 Take One of the Parties Offline 267 Take Control of the Session 267 Application Layer Hijacking 267 Session Sniffing 267 Predictable Session Token ID 268 Man-in-the-Middle Attacks 268 Man-in-the-Browser Attacks 269 Client-Side Attacks 269 Session-Hijacking Tools 271 Preventing Session Hijacking 273 Denial of Service, Distributed Denial of Service, and Botnets 274 Types of DoS 275 Bandwidth Attacks 276 SYN Flood Attacks 277 Program and Application Attacks 277 Distributed Denial of Service 278 DDoS Tools 280 Botnets 282 DoS, DDOS, and Botnet Countermeasures 285 Summary 288 Exam Preparation Tasks 289 Review All Key Topics 289 Define Key Terms 290 Exercises 290 7.1 Scanning for DDoS Programs 290 7.2 Using SMAC to Spoof Your MAC Address 291 Review Questions 291 Suggested Reading and Resources 294 Chapter 8 Web Server Hacking, Web Applications, and Database Attacks 297 "Do I Know This Already?" Quiz 297 Foundation Topics 300 Web Server Hacking 300 Scanning Web Servers 302 Banner Grabbing and Enumeration 302 Web Server Vulnerability Identification 306 Attacks Against Web Servers 307 IIS Vulnerabilities 308 Securing IIS and Apache Web Servers 312 Web Application Hacking 314 Unvalidated Input 315 Parameter/Form Tampering 315 Injection Flaws 315 Cross-Site Scripting and Cross-Site Request Forgery Attacks 316 Hidden Field Attacks 317 Other Web Application Attacks 318 Web-Based Authentication 319 Web-Based Password Cracking and Authentication Attacks 320 Cookies 324 URL Obfuscation 324 Intercepting Web Traffic 326 Database Hacking 329 Identifying SQL Servers 330 SQL Injection Vulnerabilities 331 SQL Injection Hacking Tools 333 Summary 334 Exam Preparation Tasks 335 Review All Key Topics 335 Define Key Terms 336 Exercise 336 8.1 Hack the Bank 336 Review Questions 337 Suggested Reading and Resources 339 Chapter 9 Wireless Technologies, Mobile Security, and Attacks 341 "Do I Know This Already?" Quiz 341 Foundation Topics 344 Wireless Technologies 344 Wireless History 344 Satellite TV 344 Cordless Phones 346 Cell Phones and Mobile Devices 346 Mobile Devices 348 Smartphone Vulnerabilities and Attack Vectors 349 Android 350 iOS 352 Windows Phone 8 352 BlackBerry 353 Mobile Device Management and Protection 353 Bluetooth 354 Wireless LANs 355 Wireless LAN Basics 355 Wireless LAN Frequencies and Signaling 357 Wireless LAN Security 358 Wireless LAN Threats 361 Eavesdropping 362 Configured as Open Authentication 363 Rogue and Unauthorized Access Points 363 Denial of Service (DoS) 365 Wireless Hacking Tools 366 Discover WiFi Networks 366 Perform GPS Mapping 367 Wireless Traffic Analysis 367 Launch Wireless Attacks 368 Crack and Compromise the WiFi Network 368 Securing Wireless Networks 369 Defense in Depth 369 Site Survey 371 Robust Wireless Authentication 372 Misuse Detection 373 Summary 374 Exam Preparation Tasks 374 Review All Key Topics 375 Define Key Terms 375 Review Questions 375 Suggested Reading and Resources 378 Chapter 10 IDS, Firewalls, and Honeypots 381 "Do I Know This Already?" Quiz 381 Intrusion Detection Systems 385 IDS Types and Components 385 Pattern Matching and Anomaly Detection 387 Snort 388 IDS Evasion 392 IDS Evasion Tools 394 Firewalls 395 Firewall Types 395 Network Address Translation 395 Packet Filters 396 Application and Circuit-Level Gateways 398 Stateful Inspection 399 Identifying Firewalls 400 Bypassing Firewalls 402 Honeypots 407 Types of Honeypots 408 Detecting Honeypots 409 Summary 410 Exam Preparation Tasks 411 Review All Key Topics 411 Define Key Terms 411 Review Questions 412 Suggested Reading and Resources 414 Chapter 11 Buffer Overflows, Viruses, and Worms 417 "Do I Know This Already?" Quiz 417 Foundation Topics 420 Buffer Overflows 420 What Is a Buffer Overflow? 420 Why Are Programs Vulnerable? 421 Understanding Buffer-Overflow Attacks 423 Common Buffer-Overflow Attacks 426 Preventing Buffer Overflows 427 Viruses and Worms 429 Types and Transmission Methods of Viruses 429 Virus Payloads 431 History of Viruses 432 Well-Known Viruses 434 The Late 1980s 434 The 1990s 434 2000 and Beyond 435 Virus Tools 438 Preventing Viruses 439 Antivirus 440 Malware Analysis 442 Static Analysis 442 Dynamic Analysis 445 Summary 446 Exam Preparation Tasks 447 Review All Key Topics 447 Define Key Terms 447 Exercises 448 11.1 Locating Known Buffer Overflows 448 11.2 Review CVEs and Buffer Overflows 449 Review Questions 449 Suggested Reading and Resources 451 Chapter 12 Cryptographic Attacks and Defenses 453 "Do I Know This Already?" Quiz 453 Foundation Topics 456 Functions of Cryptography 456 History of Cryptography 457 Algorithms 459 Symmetric Encryption 460 Data Encryption Standard (DES) 461 Advanced Encryption Standard (AES) 463 Rivest Cipher (RC) 463 Asymmetric Encryption (Public Key Encryption) 464 RSA 465 Diffie-Hellman 465 ElGamal 466 Elliptic Curve Cryptography (ECC) 466 Hashing 466 Digital Signature 467 Steganography 468 Steganography Operation 469 Steganographic Tools 470 Digital Watermark 472 Digital Certificates 473 Public Key Infrastructure 474 Trust Models 475 Single Authority 475 Hierarchical Trust 476 Web of Trust 476 Protocols, Standards, and Applications 477 Encryption Cracking and Tools 479 Weak Encryption 481 Encryption-Cracking Tools 482 Summary 483 Exam Preparation Tasks 484 Review All Key Topics 484 Define Key Terms 484 Exercises 485 12.1 Examining an SSL Certificate 485 12.2 Using PGP 486 12.3 Using a Steganographic Tool to Hide a Message 487 Review Questions 487 Suggested Reading and Resources 490 Chapter 13 Physical Security and Social Engineering 493 "Do I Know This Already?" Quiz 493 Foundation Topics 496 Physical Security 496 Threats to Physical Security 496 Equipment Controls 499 Locks 499 Fax Machines 504 Area Controls 505 Location Data and Geotagging 506 Facility Controls 508 Personal Safety Controls 510 Fire Prevention, Detection, and Suppression 510 Physical Access Controls 511 Authentication 511 Defense in Depth 512 Social Engineering 513 Six Types of Social Engineering 513 Person-to-Person Social Engineering 514 Computer-Based Social Engineering 514 Reverse Social Engineering 515 Policies and Procedures 515 Employee Hiring and Termination Policies 516 Help Desk Procedures and Password Change Policies 516 Employee Identification 516 Privacy Policies 517 Governmental and Commercial Data Classification 518 User Awareness 519 Summary 519 Exam Preparation Tasks 520 Review All Key Topics 520 Define Key Terms 521 Exercises 521 13.1 Biometrics and Fingerprint Recognition 521 Review Questions 522 Suggested Reading and Resources 524 Chapter 14 Final Preparation 527 Tools for Final Preparation 527 Pearson Cert Practice Test Engine and Questions on the CD 527 Install the Software from the CD 527 Activate and Download the Practice Exam 528 Activating Other Exams 529 Premium Edition 529 Memory Tables 530 End-of-Chapter Review Tools 530 Suggested Plan for Final Review and Study 530 Summary 532 Glossary 535 Practice Exam 1 EC-Council CEH 312-50 561 Practice Exam 2 EC-Council CEH 312-50 603 Appendix A Answers to the "Do I Know This Already?" Quizzes and Review Questions (CD only) Appendix B Memory Tables (CD only) Appendix C Memory Table Answer Key (CD only) 9780789751270 TOC 11/4/2013