You are previewing CEH Certified Ethical Hacker All-in-One Exam Guide, Third Edition, 3rd Edition.
O'Reilly logo
CEH Certified Ethical Hacker All-in-One Exam Guide, Third Edition, 3rd Edition

Book Description

Fully up-to-date coverage of every topic on the CEH v9 certification exam

Thoroughly revised for current exam objectives, this integrated self-study system offers complete coverage of the EC Council's Certified Ethical Hacker v9 exam. Inside, IT security expert Matt Walker discusses all of the tools, techniques, and exploits relevant to the CEH exam. Readers will find learning objectives at the beginning of each chapter, exam tips, end-of-chapter reviews, and practice exam questions with in-depth answer explanations.

An integrated study system based on proven pedagogy, CEH Certified Ethical Hacker All-in-One Exam Guide, Third Edition, features brand-new explanations of cloud computing and mobile platforms and addresses vulnerabilities to the latest technologies and operating systems. Readers will learn about footprinting and reconnaissance, malware, hacking Web applications and mobile platforms, cloud computing vulnerabilities, and much more. Designed to help you pass the exam with ease, this authoritative resource will also serve as an essential on-the-job reference.

  • Features more than 400 accurate practice questions, including new performance-based questions
  • Electronic content includes 2 complete practice exams and a PDF copy of the book
  • Written by an experienced educator with more than 30 years of experience in the field

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents at a Glance
  6. Contents
  7. Acknowledgments
  8. Introduction
  9. Chapter 1 Getting Started: Essential Knowledge
    1. Security 101
      1. Essentials
      2. Security Basics
    2. Introduction to Ethical Hacking
      1. Hacking Terminology
      2. The Ethical Hacker
    3. Chapter Review
      1. Questions
      2. Answers
  10. Chapter 2 Reconnaissance: Information Gathering for the Ethical Hacker
    1. Footprinting
      1. Passive Footprinting
      2. Active Footprinting
    2. Footprinting Methods and Tools
      1. Search Engines
      2. Website and E-mail Footprinting
      3. DNS Footprinting
      4. Network Footprinting
      5. Other Tools
    3. Chapter Review
      1. Questions
      2. Answers
  11. Chapter 3 Scanning and Enumeration
    1. Fundamentals
      1. TCP/IP Networking
      2. Subnetting
    2. Scanning Methodology
      1. Identifying Targets
      2. Port Scanning
      3. Evasion
      4. Vulnerability Scanning
    3. Enumeration
      1. Windows System Basics
      2. Enumeration Techniques
    4. Chapter Review
      1. Questions
      2. Answers
  12. Chapter 4 Sniffing and Evasion
    1. Essentials
      1. Network Knowledge for Sniffing
      2. Active and Passive Sniffing
    2. Sniffing Tools and Techniques
      1. Techniques
      2. Tools
    3. Evasion
      1. Devices Aligned Against You
      2. Evasion Techniques
    4. Chapter Review
      1. Questions
      2. Answers
  13. Chapter 5 Attacking a System
    1. Getting Started
      1. Windows Security Architecture
      2. Linux Security Architecture
      3. Methodology
    2. Hacking Steps
      1. Authentication and Passwords
      2. Privilege Escalation and Executing Applications
      3. Hiding Files and Covering Tracks
    3. Chapter Review
      1. Questions
      2. Answers
  14. Chapter 6 Web-Based Hacking: Servers and Applications
    1. Web Servers
      1. Web Organizations
      2. Attack Methodology
      3. Web Server Architecture
      4. Web Server Attacks
    2. Attacking Web Applications
      1. Application Attacks
      2. Countermeasures
    3. Chapter Review
      1. Questions
      2. Answers
  15. Chapter 7 Wireless Network Hacking
    1. Wireless Networking
      1. Wireless Terminology, Architecture, and Standards
      2. Wireless Hacking
    2. The Mobile World
      1. Mobile Platforms and Attacks
      2. Mobile Attacks
    3. Chapter Review
      1. Questions
      2. Answers
  16. Chapter 8 Security in Cloud Computing
    1. Cloud Computing
      1. Cloud Security
      2. Threats and Attacks
    2. Chapter Review
      1. Questions
      2. Answers
  17. Chapter 9 Trojans and Other Attacks
    1. The “Malware” Attacks
      1. Trojans
      2. Viruses and Worms
    2. Remaining Attacks
      1. Denial of Service
      2. Session Hijacking
    3. Chapter Review
      1. Questions
      2. Answers
  18. Chapter 10 Cryptography 101
    1. Cryptography and Encryption Overview
      1. Encryption Algorithms and Techniques
    2. PKI, the Digital Certificate, and Digital Signatures
      1. The PKI System
      2. Digital Certificates
      3. Digital Signatures
    3. Encrypted Communication and Cryptography Attacks
      1. Encrypted Communication
      2. Cryptography Attacks
    4. Chapter Review
      1. Questions
      2. Answers
  19. Chapter 11 Low Tech: Social Engineering and Physical Security
    1. Social Engineering
      1. Human-Based Attacks
      2. Computer-Based Attacks
      3. Mobile-Based Attacks
    2. Physical Security
      1. Physical Security 101
    3. Chapter Review
      1. Questions
      2. Answers
  20. Chapter 12 The Pen Test: Putting It All Together
    1. Methodology and Steps
      1. The Security Assessments
      2. Security Assessment Deliverables
      3. Guidelines
      4. More Terminology
    2. Chapter Review
      1. Questions
      2. Answers
  21. Appendix A Tool, Sites, and References
    1. Vulnerability Research Sites
    2. Footprinting Tools
      1. People Search Tools
      2. Competitive Intelligence
      3. Tracking Online Reputation
      4. Website Research/Web Updates Tools
      5. DNS and Whois Tools
      6. Traceroute Tools and Links
      7. Website Mirroring Tools and Sites
      8. E-mail Tracking
      9. Google Hacking
    3. Scanning and Enumeration Tools
      1. Ping Sweep
      2. Scanning Tools
      3. Banner Grabbing 
      4. Vulnerability Scanning
      5. Network Mapping
      6. Proxy, Anonymizer, and Tunneling
      7. Enumeration
      8. SNMP Enumeration
      9. LDAP Enumeration
      10. NTP Enumeration
      11. Registry Tools
      12. Windows Service Monitoring Tools
      13. File/Folder Integrity Checkers
    4. System Hacking Tools
      1. Default Password Search Links
      2. Password Hacking Tools
      3. DoS/DDos
      4. Sniffing
      5. Keyloggers and Screen Capture
      6. Privilege Escalation
      7. Executing Applications
      8. Spyware
      9. Mobile Spyware
      10. Covering Tracks
      11. Packet Crafting/Spoofing
      12. Session Hijacking
      13. Clearing Tracks
    5. Cryptography and Encryption
      1. Encryption Tools
      2. Hash Tools
      3. Steganography
      4. Stego Detection
      5. Cryptanalysis
    6. Sniffing
      1. Packet Capture
      2. Wireless
      3. MAC Flooding/Spoofing
      4. ARP Poisoning
    7. Wireless
      1. Discovery
      2. Attack and Analysis
      3. Packet Sniffing
      4. WEP/WPA Cracking
      5. Bluetooth
      6. Mobile Attacks
      7. Mobile Wireless Discovery
      8. Mobile Device Tracking
      9. Rooting/Jailbreaking
      10. MDM
    8. Trojans and Malware
      1. Anti-Malware (AntiSpyware and Anitvirus)
      2. Crypters and Packers
      3. Monitoring Tools
      4. Attack Tools
    9. Web Attacks
      1. Attack tools
      2. SQL Injection
    10. Miscellaneous
      1. Cloud Security
      2. IDS
      3. Evasion Tools
      4. Pen Test Suites
      5. VPN/FW Scanner
      6. Social Engineering
      7. Extras
      8. Linux Distributions
    11. Tools, Sites, and References Disclaimer
  22. Appendix B About the Download
    1. System Requirements
    2. Installing and Running Total Tester
      1. About Total Tester
    3. Technical Support
  23. Glossary
  24. Index