Certified Ethical Hacker (CEH) Study Guide. In-Depth Guidance and Practice - Helion

ebook

Autor: Matt Walker
ISBN: 9781098174781
stron: 482, Format: ebook
Data wydania: 2025-07-08
Księgarnia: Helion

Cena książki: 186,15 zł (poprzednio: 216,45 zł)
Oszczędzasz: 14% (-30,30 zł)

Osoby, które kupiły tę książkę, wybierały także »

The CEH exam is not an enjoyable undertaking. This grueling, exhaustive, challenging, and taxing exam will either leave you better prepared to be the best cyber security professional you can be. But preparing for the exam itself needn't be that way.

In this book, IT security and education professional Matt Walker will not only guide you through everything you need to pass the exam, but do so in a way that is actually enjoyable. The subject matter need not be dry and exhausting, and we won't make it that way. You should finish this book looking forward to your exam and your future.

To help you successfully complete the CEH certification, this book will bring penetration testers, cybersecurity engineers, and cybersecurity analysts up to speed on:

Information security and ethical hacking fundamentals
Reconnaissance techniques
System hacking phases and attack techniques
Network and perimeter hacking
Web application hacking
Wireless network hacking
Mobile, platform, IoT, and OT hacking
Cloud computing
Cryptography
Penetration testing techniques

Matt Walker is an IT security and education professional with more than 20 years of experience. He's served in a variety of cyber security, education, and leadership roles throughout his career.

Osoby które kupowały "Certified Ethical Hacker (CEH) Study Guide. In-Depth Guidance and Practice", wybierały także:

Jak zhakowa 125,00 zł, (10,00 zł -92%)
Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
Efekt piaskownicy. Jak szefować żeby roboty nie zabrały ci roboty 59,50 zł, (11,90 zł -80%)
Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)

Spis treści

Certified Ethical Hacker (CEH) Study Guide. In-Depth Guidance and Practice eBook -- spis treści

Preface
- How to Use This Book
- Getting Ready: Preparing and Registering for the Exam
  - Preparing for the Exam
  - Registering for the Exam
- The Certification: More Than Just a Test
- Taking the Exam
- Conventions Used in This Book
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
- Disclaimer
1. Getting Started: Essential Knowledge
- Security 101
  - Essentials
    - The OSI reference model
    - TCP/IP overview
    - Vulnerabilities
  - Security Basics
    - A security story
    - CIA
    - Risk and risk management
    - Incidents
  - Methodologies and Frameworks
    - Hacking phases
      - Phase 1: Footprinting
      - Phases 2 and 3: Scanning and enumeration
      - Phase 4: Vulnerability analysis
      - Phase 5: System hacking
    - The Cyber Kill Chain
    - MITRE ATT&CK framework
    - Diamond Model of Intrusion Analysis
- Introduction to Ethical Hacking
  - Hacking Terminology
    - Hacker classifications: Hats and types
    - Attack types
  - The Ethical Hacker
    - The pen test
    - Laws and standards
- Conclusion
2. Information Gathering for the Ethical Hacker
- Search Engines
  - Google Hacking
  - Other Search Engine Techniques
  - Shodan
- Using Web Services and Social Networking Sites
  - Web Services
  - Social Networking Sites
- Website and Email Footprinting
- DNS and Whois Footprinting
- Network Footprinting
- Other Tools
- Conclusion
3. Scanning and Enumeration
- Fundamentals
  - TCP/IP Networking
    - Connectionless communication
    - Connection-oriented communication
      - Port numbering
  - Subnetting
- Identifying Targets
  - ICMP
  - ARP
- Port Scanning
  - Port Scan Types
  - Nmap
  - Hping3
- Evasion
- Vulnerability Scanning
- Enumeration
  - Windows System Basics
  - Unix/Linux System Basics
  - Enumeration Techniques
    - Banner grabbing
    - NetBIOS enumeration
    - SNMP enumeration
    - Other enumeration options
4. Sniffing and Evasion
- Essentials
  - Network Knowledge for Sniffing
    - Protocols susceptible to sniffing
    - Address Resolution Protocol
    - IPv6
    - Wiretapping
  - Active and Passive Sniffing
- Sniffing Tools and Techniques
  - Techniques
    - MAC flooding
    - ARP poisoning
    - DHCP starvation
    - Spoofing
  - Tools
- Evasion
  - Devices Aligned Against You
    - Snort
    - Firewall
  - Evasion Techniques
    - Firewall evasion
    - Honeypots
- Conclusion
5. Attacking a System
- Getting Started
  - Windows Security Architecture
    - The registry
    - Microsoft Management Consoles
    - Spectre and Meltdown
  - Linux Security Architecture
  - Methodology
- Hacking Steps
  - Authentication and Passwords
    - Password attacks
  - Buffer Overflows
  - Privilege Escalation and Executing Applications
    - Escalating privileges
    - Executing applications
  - Hiding Files and Covering Tracks
    - Rootkits
    - Dreams: The Parrot OS story
6. Web-Based Hacking: Servers and Applications
- Web Servers
  - Web Organizations
  - Attack Methodology
    - Information gathering/footprinting
    - Website mirroring
    - Vulnerability scanning
    - Session hijacking and password cracking
  - Web Server Architecture
    - The web server architecture landscape
    - HTTP and HTML
  - Web Server Attacks
    - DNS attacks
    - Directory traversal
- Attacking Web Applications
  - Injection Attacks Not Named SQL
  - XSS
  - Cross-Site Request Forgery (CSRF)
  - Cookies
  - HTTP Attack
- SQL Injection
  - SQL Queries
  - How SQL Injection Attacks Work
  - Types of SQL Injection Attacks
  - Countermeasures
7. Wireless Network Hacking
- Wireless Terminology, Architecture, and Standards
- Wireless Encryption
  - WEP
  - WPA and WPA2
  - WPA3
- Wireless Hacking
  - Attacks
    - Rogue access points
    - Ad hoc connection
    - Denial of service (DoS)
    - Spoofing
  - Wireless Encryption Attacks
    - WEP
    - WPA and WPA2
  - Wireless Sniffing
8. Mobile Communications and the Internet of Things
- The Mobile World
  - Mobile Vulnerabilities and Risks
  - OWASPs Top 10 Mobile Risks
  - Mobile Platforms
  - Mobile Attacks
    - Android attacks
    - iOS attacks
    - Bluetooth attacks
- The Internet of Things
  - IoT Architecture
  - IoT Vulnerabilities and Attacks
  - CEHs IoT Hacking Methodology
    - Information gathering/footprinting
    - Vulnerability scanning
    - Launching attacks
    - Gaining and maintaining access
- Operational Technology Hacking
  - OT Architecture
  - CEHs OT Attack Methodology
9. Security in Cloud Computing
- Cloud Computing
  - Cloud Computing Service Types
  - Cloud Terminology
  - Cloud Governance
- Cloud Security
- Attacks and Hacks
- Conclusion
10. Trojans and Other Attacks
- The Malware Attacks
  - Definitions
    - Wrappers
    - Packers and crypters
    - Exploit kits
  - Trojans
  - Viruses and Worms
  - Fileless Malware
  - Malware Analysis
  - Mitigation
- Remaining Attacks
  - Denial of Service
  - Session Hijacking
11. Cryptography
- Cryptography and Encryption: An Overview
- Encryption Algorithms and Techniques
  - Symmetric Encryption
  - Asymmetric Encryption
  - Hashing Algorithms
  - Steganography
  - Hardware Encryption
- PKI, the Digital Certificate, and Digital Signatures
  - The PKI System
  - Digital Certificates
  - Digital Signatures
- Encrypted Communication and Cryptography Attacks
  - Encrypted Communication
    - Heartbleed
    - POODLE
    - DROWN
  - Cryptography Attacks
12. Low Tech: Social Engineering and Physical Security
- Social Engineering
  - Human-Based Attacks
    - Dumpster diving
    - Impersonation
    - Shoulder surfing and eavesdropping
    - Tailgating and piggybacking
    - RFID skimming
    - Reverse social engineering
    - Insider attacks
  - Computer-Based Attacks
    - Phishing
    - Spear phishing
    - Pop-ups and chat attacks
    - Prevention
  - Mobile-Based Attacks
- Physical Security
  - Mitigation
  - Access Controls
  - Setting Up Physical Security
13. Artificial Intelligence for the Ethical Hacker
- AI, Machine Learning, and LLMs
- AI and Security
- Using AI as an Ethical Hacker
  - Footprinting and Enumeration
  - Vulnerability Analysis
  - Social Engineering
  - AI and Malware
- AI Attacks
  - OWASP Top 10s
  - The Injection Attacks
14. The Pen Test: Putting It All Together
- Types of Security Assessments
- Pen-Testing Tools
- The Pen Test
- Security Assessment Deliverables
- Guidelines
- What to Do If You Find Something Illegal
- Conclusion
A. Practice Exam
B. Answer Key
Index