Muutke küpsiste eelistusi

GCIH GIAC Certified Incident Handler All-in-One Exam Guide [Pehme köide]

4.43/5 (10 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 464 pages, kaal: 649 g, 50 Illustrations
  • Ilmumisaeg: 11-Sep-2020
  • Kirjastus: McGraw-Hill Education
  • ISBN-10: 1260461629
  • ISBN-13: 9781260461626
Teised raamatud teemal:
GCIH GIAC Certified Incident Handler All-in-One Exam GuideSuurem pilt
  • Formaat: Paperback / softback, 464 pages, kaal: 649 g, 50 Illustrations
  • Ilmumisaeg: 11-Sep-2020
  • Kirjastus: McGraw-Hill Education
  • ISBN-10: 1260461629
  • ISBN-13: 9781260461626
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781260461626.html
Märksõnad:

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.

This self-study guide delivers complete coverage of every topic on the GIAC Certified Incident Handler exam

Prepare for the challenging GIAC Certified Incident Handler exam using the detailed information contained in this effective exam preparation guide. Written by a recognized cybersecurity expert and seasoned author, GCIH GIAC Certified Incident Handler All-in-One Exam Guide clearly explains all of the advanced security incident handling skills covered on the test. Detailed examples and chapter summaries throughout demonstrate real-world threats and aid in retention. You will get online access to 300 practice questions that match those on the live test in style, format, and tone. Designed to help you prepare for the exam, this resource also serves as an ideal on-the-job reference.

Covers all exam topics, including:

  • Intrusion analysis and incident handling
  • Information gathering
  • Scanning, enumeration, and vulnerability identification
  • Vulnerability exploitation
  • Infrastructure and endpoint attacks
  • Network, DoS, and Web application attacks
  • Maintaining access
  • Evading detection and covering tracks
  • Worms, bots, and botnets

Online content includes:

  • 300 practice exam questions
  • Test engine that provides full-length practice exams and customizable quizzes


Acknowledgments xii
Introduction xiii
Chapter 1 Building a Lab
1(18)
Creating a Kali Linux Virtual Machine
2(5)
Creating a Metasploitable Virtual Machine
7(2)
Testing External Connectivity from Kali Linux
7(1)
Testing External Connectivity from Metasploitable
8(1)
Testing Communication Between Kali Linux and Metasploitable
8(1)
Creating a Windows Virtual Machine
9(4)
Testing Communication Between Windows, Kali Linux, and Metasploitable VMs
12(1)
Linux and Windows Commands
13(1)
Chapter Review
14(3)
Questions
15(1)
Answers
16(1)
References and Further Reading
17(2)
Chapter 2 Intrusion Analysis and Incident Handling
19(58)
Incident Handling Introduction
19(1)
Incident Handling Phases
20(1)
Preparation
21(11)
Building a Team
21(3)
Collecting Organizational Information
24(1)
Responding to an Incident
25(4)
Hardware
29(2)
Software
31(1)
Identification
32(31)
Incident Sources
34(2)
Data Collection for Incident Response
36(1)
Windows Investigations
37(17)
Linux Investigations
54(9)
Containment
63(4)
Tracking and Communicating an Incident
63(2)
Containment Strategies
65(2)
Eradication
67(1)
Recovery
67(1)
Lessons Learned
68(1)
Chapter Review
68(6)
Questions
69(3)
Answers
72(2)
References and Further Reading
74(3)
Chapter 3 Information Gathering
77(48)
Public Website Searching
77(3)
Netcraft
78(2)
theHarvester
80(1)
Wget
80(1)
Social Media Searching
80(1)
Defending Against Public Website and Social Media Searching
81(1)
Using Search Engines for Information Gathering
81(11)
Search Engine Query Examples
83(2)
Viewing Deleted Content Through the Wayback Machine
85(1)
Using Tools for Search Engine Information Gathering Automation
86(1)
Recon-NG
86(1)
Metagoofil
87(1)
Exiftool
88(1)
FOCA (Fingerprinting Organizations with Collected Archives)
89(1)
SearchDiggity
90(1)
Defending Against Search Engine Information Gathering
90(2)
Whois Lookups
92(4)
Performing Whois Lookups Using IANA and Regional Registries
92(2)
Performing Whois Lookups Using Online Tools
94(1)
Performing Whois Lookups Using the Command Line
95(1)
Defending Against Whois Lookups
95(1)
DNS Lookups
96(4)
Performing DNS Lookups Using Online Tools
97(1)
Nslookup
97(1)
Dig
98(1)
Host
99(1)
DNSRecon
99(1)
Defending Against DNS Lookups
100(1)
War Dialing
100(3)
Defending Against War Dialing
103(1)
War Driving
103(13)
Wireless Network Introduction
103(3)
Airmon-ng
106(1)
Kismet
107(1)
InSSIDer
108(1)
Other Tools Worth Checking
109(2)
Defending Against War Driving
111(1)
General-Purpose Information Gathering Tools
112(1)
Maltego
112(1)
Shodan
113(1)
Maps
113(1)
Spokeo
114(1)
Grayhat Warfare
114(2)
Chapter Review
116(5)
Questions
116(3)
Answers
119(2)
References and Further Reading
121(4)
Chapter 4 Scanning, Enumeration, and Vulnerability Identification
125(40)
Introduction to ARP, ICMP, IP, TCP, and UDP
125(5)
ARP
126(1)
ICMP
126(1)
IP fc<
127(1)
TCP
128(1)
UDP
129(1)
Network Mapping
130(3)
Arp-scan
130(1)
Ping
130(1)
Traceroute
131(1)
Zenmap
132(1)
Defending Against Network Mapping
133(1)
Port Scanning
133(13)
Nmap
133(7)
Hping3
140(1)
Additional Scanning Tools
140(1)
Proxy Utilization
141(2)
IDS/IPS Evasion
143(2)
Defending Against Port Scanning and IDS Evasion
145(1)
Vulnerability Identification
146(4)
Nessus
146(3)
Defending Against Vulnerability Identification
149(1)
Commonly Exploited Protocols: A Few Useful Examples
150(6)
FTP
150(1)
Telnet
151(1)
SMB
152(4)
Defending Against SMB Sessions
156(1)
Chapter Review
156(5)
Questions
157(3)
Answers
160(1)
References and Further Reading
161(4)
Chapter 5 Vulnerability Exploitation
165(42)
Tcpdump
166(2)
Scenario 1 Ping Scan
166(1)
Scenario 2 Reaching the Web Server
167(1)
Wireshark
168(4)
Scenario 1 Capture Web Traffic to Metasploitable
169(2)
Scenario 2 Capture Web Traffic to Multiple Metasploitable Webpages
171(1)
Metasploit
172(11)
Architecture
173(1)
Modules
173(2)
Information Gathering
175(3)
Exploiting Services
178(5)
Armitage
183(4)
Netcat
187(8)
Different Flavors
188(1)
Basic Operation
188(2)
Connecting to Open Ports
190(1)
File Transfers
191(1)
Backdoors
192(1)
Port Scanning
193(1)
Relays
194(1)
SET
195(2)
BeEF
197(3)
Chapter Review
200(5)
Questions
200(4)
Answers
204(1)
References and Further Reading
205(2)
Chapter 6 Infrastructure and Endpoint Attacks
207(34)
Infrastructure Attacks
207(2)
DMA Attacks
207(1)
USB Attacks
208(1)
Defending Against Infrastructure Attacks
209(1)
Password Cracking
209(15)
Techniques
209(5)
Stored Password Locations and Formats
214(3)
Hydra
217(1)
Cain
217(3)
John the Ripper
220(1)
Hashcat
221(1)
Defending Against Password Cracking
222(1)
Pass the Hash
223(1)
Defending Against Pass-the-Hash Attacks
223(1)
Buffer Overflows
224(5)
Identifying Buffer Overflows
227(1)
Adding Code in Memory
228(1)
Running the Code
228(1)
Defending Against Buffer Overflows
228(1)
Bypassing Endpoint Security
229(6)
Chapter Review
235(4)
Questions
235(3)
Answers
238(1)
References and Further Reading
239(2)
Chapter 7 Network Attacks
241(26)
IP Address Spoofing
241(2)
Defending Against IP Spoofing
242(1)
Network Traffic Sniffing
243(16)
Passive Traffic Sniffing
244(1)
Active Traffic Sniffing
245(11)
Upgraded SSL Attack: SSL Stripping
256(2)
Defending Against Traffic Sniffing
258(1)
Session Hijacking
259(2)
Defending Against Session Hijacking
261(1)
Chapter Review
261(4)
Questions
262(2)
Answers
264(1)
References and Further Reading
265(2)
Chapter 8 Denial of Service Attacks
267(16)
Local DoS Attacks
267(1)
Remote DoS Attacks
268(4)
Protocol Attacks
268(1)
Application-Layer Attacks
269(1)
Volumetric Attacks
269(3)
Botnets
272(1)
DDoS Attacks
272(5)
Reflected DDoS
273(1)
Pulsing Zombies
273(1)
DoS/DDoS Tools
274(3)
Defending Against DoS/DDoS Attacks
277(1)
Chapter Review
277(5)
Questions
278(2)
Answers
280(2)
References and Further Reading
282(1)
Chapter 9 Web Application Attacks
283(42)
Web Proxies
283(1)
OWASP (Open Web Application Security Project)
284(2)
Command Injection
286(4)
Defending Against Command Injection
289(1)
Account Harvesting
290(6)
Defending Against Account Harvesting
296(1)
SQL Injection
296(9)
Normal SQL Operation
297(2)
Checking for SQL Injection
299(1)
Testing Manual SQL Injection Strings
300(2)
Automating SQL Injection Using Burp Suite
302(3)
Defending Against SQL Injection
305(1)
XSS (Cross-Site Scripting)
305(7)
Reflected XSS
307(2)
Stored XSS
309(3)
Defending Against XSS
312(1)
CSRF (Cross-Site Request Forgery)
312(5)
Defending Against CSRF
315(1)
Nikto
315(1)
WPScan
316(1)
Chapter Review
317(6)
Questions
318(3)
Answers
321(2)
References and Further Reading
323(2)
Chapter 10 Maintaining Access
325(28)
Malware Categories
325(2)
Backdoors and Trojans
327(4)
Examples of Backdoors and Trojans
327(1)
Legitimate Tools Used by Attackers for Remote Control
328(3)
Rootkits
331(15)
User Mode Rootkits
332(2)
Kernel Mode Rootkits
334(1)
Malware Wrapping, Packing, and Obfuscation
335(2)
Malware Analysis
337(7)
Defending Against Backdoors, Trojans, and Rootkits
344(2)
Chapter Review
346(3)
Questions
346(2)
Answers
348(1)
References and Further Reading
349(4)
Chapter 11 Covering Tracks and Tunneling
353(28)
Log Tampering and Shell History Manipulation
353(7)
Windows Logs
353(3)
Linux Logs
356(2)
Shell History Manipulation
358(1)
Defending Against Log Tampering and Shell History Manipulation
359(1)
Hiding Files and Using Steganography
360(7)
Hiding Files in Linux
361(1)
Hiding Files in Windows
361(1)
Steganography
362(3)
Defending Against Hiding Files and Using Steganography
365(2)
Tunneling
367(5)
ICMP Tunneling
367(3)
TCP/IP Tunneling
370(1)
Defending Against Tunneling
371(1)
Chapter Review
372(4)
Questions
373(2)
Answer
375(1)
References and Further Reading
376(5)
Chapter 12 Worms, Bots, and Botnets
381(12)
Worms
381(4)
Worm Examples
381(4)
Bots/Botnets
385(2)
Defending Against Worms, Bots, and Botnets
386(1)
Chapter Review
387(3)
Questions
387(2)
Answers
389(1)
References and Further Reading
390(3)
Appendix A Commands Index 393(8)
Appendix B Tools 401(12)
Appendix C Exam Index 413(2)
Appendix D About the Online Content 415(1)
System Requirements 415(1)
Your Total Seminars Training Hub Account 415(1)
Privacy Notice 415(1)
Single User License Terms and Conditions 415(2)
TotalTester Online 417(1)
Technical Support 417(2)
Glossary 419(12)
Index 431