Muutke küpsiste eelistusi

E-raamat: Certified Ethical Hacker (CEH) Preparation Guide: Lesson-Based Review of Ethical Hacking and Penetration Testing

  • Formaat: PDF+DRM
  • Ilmumisaeg: 27-Aug-2021
  • Kirjastus: APress
  • Keel: eng
  • ISBN-13: 9781484272589
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 67,91 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Certified Ethical Hacker (CEH) Preparation Guide: Lesson-Based Review of Ethical Hacking and Penetration TestingSuurem pilt
  • Formaat: PDF+DRM
  • Ilmumisaeg: 27-Aug-2021
  • Kirjastus: APress
  • Keel: eng
  • ISBN-13: 9781484272589
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Know the basic principles of ethical hacking. This book is designed to provide you with the knowledge, tactics, and tools needed to prepare for the Certified Ethical Hacker(CEH) exama qualification that tests the cybersecurity professionals baseline knowledge of security threats, risks, and countermeasures through lectures and hands-on labs.





You will review the organized certified hacking mechanism along with: stealthy network re-con; passive traffic detection; privilege escalation, vulnerability recognition, remote access, spoofing; impersonation, brute force threats, and cross-site scripting. The book covers policies for penetration testing and requirements for documentation.





This book uses a unique lesson format with objectives and instruction to succinctly review each major topic, including: footprinting and reconnaissance and scanning networks, system hacking, sniffers and social engineering, session hijacking, Trojans and backdoor viruses and worms, hacking webservers, SQL injection, buffer overflow, evading IDS, firewalls, and honeypots, and much more.











What You Will learn













Understand the concepts associated with Footprinting Perform active and passive reconnaissance Identify enumeration countermeasures Be familiar with virus types, virus detection methods, and virus countermeasures Know the proper order of steps used to conduct a session hijacking attack Identify defensive strategies against SQL injection attacks Analyze internal and external network traffic using an intrusion detection system































































Who This Book Is For





Security professionals looking to get this credential, including systems administrators, network administrators, security administrators, junior IT auditors/penetration testers, security specialists, security consultants,security engineers, and more
About the Author xvii
About the Technical Reviewer xix
Introduction xxi
Chapter 1 Introduction to Ethical Hacking 1(10)
Ethical Hacking
1(1)
Vulnerability
2(1)
Attack
3(1)
Security vs. Functionality and Ease of Use
3(1)
Phases of an Attack
4(2)
Types of Hacker Attacks
6(1)
Hacktivism
6(1)
Ethical Hackers
7(1)
Vulnerability Research
7(1)
Ethical Hacking Assignment
8(1)
Computer Crime
9(1)
Summary
9(1)
Resources
9(2)
Chapter 2 Footprinting and Reconnaissance/Scanning Networks 11(16)
Footprinting
12(1)
Information Gathering Methodology
12(1)
Archived Websites
13(11)
Searching Public Records
14(1)
Tools
14(1)
Locating the Network Range
15(1)
Conducting Active and Passive Reconnaissance Against a Target
16(1)
Scanning Networks
17(1)
Scanning Methodology
18(1)
Three-Way Handshake
19(1)
TCP Flags
20(1)
Types of Port Scans
20(1)
Using Nmap
21(1)
Zenmap
22(1)
Crafting Packets
23(1)
Scanning Countermeasures
24(1)
Summary
24(1)
Resources
24(3)
Chapter 3 Enumeration 27(8)
Steps to Compromise a System
27(1)
Enumeration
28(1)
NetBIOS Basics
29(1)
Command-Line Tools
30(1)
SNMP Enumeration
30(1)
Discovering Hosts with Windows Command Line Tools
31(1)
Discovering Hosts with Metasploit
32(1)
Using Cain
33(1)
Summary
34(1)
Resources
34(1)
Chapter 4 System Hacking 35(14)
Password Attacks: Passive Online Attacks
35(3)
Password Attack Example
38(1)
Null Sessions
38(1)
Authentication
39(1)
Kerberos Operation
40(2)
Password Cracking Countermeasures
42(1)
Escalating Privileges
42(1)
Password Cracking
43(1)
Keyloggers
44(1)
Hiding Files
44(1)
Rootkits
45(1)
Steganography
46(1)
Covering Tracks
46(1)
Summary
46(1)
Resources
47(2)
Chapter 5 Trojans, Backdoors, Viruses, and Worms 49(22)
Trojan Horses
50(1)
Indicators of a Trojan Attack
50(1)
Ports Used by Trojans
51(1)
Netstat Command
52(1)
Types of Trojans
52(1)
ICMP Tunneling
53(1)
Tools Used to Create Trojans
54(1)
Trojan Countermeasures
54(1)
Detecting Tools
55(1)
Backdoor Countermeasures
55(1)
Countermeasure Tools
56(1)
Process Monitor
56(1)
Malware Tool: Poison Ivy
57(1)
Viruses and Worms
58(1)
Symptoms of a Virus
59(1)
Stages of a Virus' Life
59(1)
Infection Phase
60(1)
Types of Viruses
61(1)
What Viruses Attack
62(1)
How Viruses Infect
62(1)
Self-Modification Viruses
63(1)
The Worst Computer Viruses
63(1)
File Extensions
64(1)
Countermeasures
65(1)
Antivirus Software
66(1)
Utilizing Malware
66(2)
Exploiting the Connection
68(1)
Summary
69(2)
Chapter 6 Sniffers and Social Engineering 71(14)
Sniffers
72(1)
Switched Ethernet
72(1)
Types of Sniffing
73(1)
Protocols Vulnerable to Sniffing
74(1)
Electronic Surveillance
74(1)
How to Detect Sniffing
75(1)
Wget
76(1)
Spearfish Attack
77(1)
Viewing Credentials
78(1)
Social Engineering
78(1)
Social Engineering Cycle
79(1)
Techniques
80(1)
Computer-Based Social Engineering
81(1)
Shark
82(1)
Prevention Recommendations
82(1)
General Defense Measures
83(1)
Countermeasures
83(1)
Summary
84(1)
Chapter 7 Denial of Service 85(8)
Denial-of-Service Attack
85(1)
Types of Attacks
86(1)
Botnets
86(1)
Conducting a DDoS Attack
87(1)
Distributed Denial of Service Attack
87(2)
Attack Classes
89(1)
Countermeasures
90(1)
Performing a DoS Attack
90(1)
Summary
91(2)
Chapter 8 Session Hijacking 93(10)
Session Hijacking
93(1)
The TCP Stack
94(1)
Three-Way Handshake
94(1)
Steps in Session Hijacking
95(1)
Types of Session Hijacking
96(1)
Network-Layer Hijacking
96(1)
Application-Layer Hijacking
97(1)
Countermeasures
98(1)
Browser Exploit
98(1)
Configured Settings
99(1)
Spear Phish Attack
100(1)
Exploiting the Victim Machine
101(1)
Summary
102(1)
Chapter 9 Hacking Webservers 103(12)
Web Server Security Vulnerabilities
103(1)
Types of Risk
104(1)
Web Server Attacks
104(1)
IIS Components
105(1)
IIS Logs
106(1)
Web Server Security
106(1)
Web Server Security Checklist
106(1)
Apache Web Server Security Checklist
107(1)
Using Armitage to Attack the Network
108(1)
Using Armitage
109(5)
Summary
114(1)
Chapter 10 Hacking Web Applications 115(10)
Web Application Attacks
115(1)
Cross-Site Scripting Attack
116(1)
Countermeasures
117(1)
SQL Injection
118(1)
Cookie/Session Poisoning
118(1)
Parameter/Form Tampering
119(1)
Buffer Overflow
119(1)
Error Message Interception
120(1)
Other Attacks
120(2)
Using Nmap
122(1)
Using ncat
123(1)
Establishing a Session
124(1)
Summary
124(1)
Chapter 11 SQL Injections 125(14)
Web Application Components
125(1)
SQL Injection Classifications
126(2)
Web Front End to SQL Server
128(1)
Manipulating the Input Fields
129(1)
Failed SQL Injection Attempt
129(1)
Using Client-Side Validation
130(1)
Successful Login
131(1)
Using a Stored Procedure
132(1)
Injection Results
133(2)
Injecting Username
135(1)
Countermeasures
136(1)
Preventing SQL Injection Attacks
136(1)
Summary
137(2)
Chapter 12 Hacking Wireless Networks 139(14)
Types of Wireless Networks
140(1)
Wireless Standards
140(1)
Service Set Identifier
141(1)
802.1x Authentication Process
141(2)
802.11 Vulnerabilities
143(1)
Wired Equivalent Privacy
144(1)
Wi-Fi Protected Access 2
144(1)
Temporal Key Integrity Protocol
144(1)
Four-Way Handshake
145(1)
Hacking Wireless Networks
146(1)
Rogue Access Points
146(1)
lwconfig Command
146(1)
Airodump -ng Command
147(2)
Aireplay -ng Command
149(1)
Monitoring an Unsecured WLAN
150(1)
Using Aircrack -ng
151(1)
Summary
152(1)
Resource
152(1)
Chapter 13 Evading Intrusion Detection Systems, Firewalls, and Honeypots 153(12)
Intrusion Detection Techniques
154(1)
IDS Types
154(1)
IDS Placement
155(1)
Indications of Intrusion
155(1)
After an IDS Detects an Attack
156(1)
IDS Attacks
156(1)
Intrusion Prevention Systems
157(1)
Information Flow
157(1)
Firewalls
158(1)
Types of Firewalls
158(1)
Firewall Identification
159(1)
Breeching Firewalls
159(1)
Honeypots and Honeynets
159(1)
Types of Honeypots
160(1)
Open Source Honeypots
160(1)
Responding to Attacks
161(1)
Intrusion Detection Tools
161(1)
Tools to Evade an IDS
162(1)
Packet Generators
162(1)
Tools to Breach a Firewall
163(1)
Tools for Testing
163(1)
Summary
164(1)
Chapter 14 Buffer Overflow 165(10)
Buffer Overflows
165(1)
Stack Buffer Overflow
166(1)
Heap-Based Buffer Overflow
166(1)
Detecting Buffer Overflow Vulnerabilities
166(1)
Defense Against Buffer Overflows
167(1)
Nmap
167(1)
TCP Scan
168(1)
Fingerprint of the OS
169(1)
Using Metasploit to Fingerprint
170(1)
Searching for Exploits
171(1)
Meterpreter
172(1)
Summary
173(1)
Resources
173(2)
Chapter 15 Cryptography 175(14)
Symmetric Encryption
175(1)
Symmetric Algorithms
176(1)
Asymmetric Encryption
177(2)
Asymmetric Algorithms
179(1)
Hashing Functions
179(1)
Hash Algorithms
180(1)
Cryptography Algorithm Use: Confidentiality
180(1)
Cryptography Algorithm Use: Digital Signatures
181(1)
Secure Sockets Layer (SSL)
182(1)
SSL Handshake
182(2)
Secure Shell (SSH)
184(1)
Cryptographic Applications
184(2)
Attacks Against Cryptography
186(1)
Encrypting Email
187(1)
Summary
188(1)
Chapter 16 Penetration Testing 189(8)
Penetration Testing Overview
189(1)
Security Assessments
190(1)
Phases of Penetration Testing
191(1)
Documentation
192(1)
Creating Payloads
193(1)
Exploiting a Victim Machine
194(1)
Summary
195(1)
Resources
196(1)
Index 197
Ahmed Sheikh is a Fulbright alumnus and has earned a master's degree in electrical engineering from Kansas State University, USA. He is a seasoned IT expert with a specialty in network security planning and skills in cloud computing. Currently, he is working as an IT Expert Engineer at a leading IT electrical company.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97814842725892e.html
Märksõnad: