Name: Certified Ethical Hacker (CEH) Version 10 Cert Guide By .Omar Santos
SKU: 9780789760524
Price: 18.83 USD
Availability: InStock

Certified Ethical Hacker (CEH) Version 10 Cert Guide Summary

Certified Ethical Hacker (CEH) Version 10 Cert Guide by .Omar Santos

In this best-of-breed study guide, leading experts Michael Gregg and Omar Santos help you master all the topics you need to know to succeed on your Certified Ethical Hacker Version 10 exam and advance your career in IT security. The authors' concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know. Every feature of this book supports both efficient exam preparation and long-term mastery: * Opening Topics Lists identify the topics you need to learn in each chapter and list EC-Council's official exam objectives * Key Topics figures, tables, and lists call attention to the information that's most crucial for exam success * Exam Preparation Tasks enable you to review key topics, define key terms, work through scenarios, and answer review questions...going beyond mere facts to master the concepts that are crucial to passing the exam and enhancing your career * Key Terms are listed in each chapter and defined in a complete glossary, explaining all the field's essential terminology This study guide helps you master all the topics on the latest CEH exam, including * Ethical hacking basics * Technical foundations of hacking * Footprinting and scanning * Enumeration and system hacking * Social engineering, malware threats, and vulnerability analysis * Sniffers, session hijacking, and denial of service * Web server hacking, web applications, and database attacks * Wireless technologies, mobile security, and mobile attacks * IDS, firewalls, and honeypots * Cryptographic attacks and defenses * Cloud computing, IoT, and botnets

About .Omar Santos

Michael Gregg (CISSP, SSCP, CISA, MCSE, MCT, CTT+, A+, N+, Security+, CCNA, CASP, CISA, CISM, CEH, CHFI, and GSEC) directs the cyber security operations for a multinational organization that operates facilities worldwide. As the CISO, Michael is responsible for securing the organization's assets on a global scale. Michael is responsible for developing cost-effective and innovative technology solutions for security issues and for evaluating emerging technologies. He has more than 20 years of experience in the IT field and holds two associate's degrees, a bachelor's degree, and a master's degree. In addition to coauthoring the first, second, and third editions of Security Administrator Street Smarts, Michael has written or coauthored 14 other books, including Build Your Own Security Lab: A Field Guide for Network Testing (Wiley, 2008); Hack the Stack: Using Snort and Ethereal to Master the 8 Layers of an Insecure Network (Syngress, 2006); Certified Ethical Hacker Exam Prep 2 (Que, 2006); and Inside Network Security Assessment: Guarding Your IT Infrastructure (Sams, 2005). Michael has testified before a U.S congressional committee, has been quoted in newspapers such as the New York Times, and was featured on various television and radio shows, including NPR, ABC, CBS, Fox News, and others, discussing cyber security and ethical hacking. He has created more than a dozen IT security training classes. He has created and performed video instruction on many security topics, such as cyber security, CISSP, CISA, Security+, and others. When not working, speaking at security events, or writing, Michael enjoys 1960s muscle cars and has a slot in his garage for a new project car. You can reach Michael by email at [email protected]. Omar Santos is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of the critical infrastructure. Omar is the author of more than 20 books and video courses and numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities. Omar has been quoted by numerous media outlets, such as The Register, Wired, ZDNet, ThreatPost, CyberScoop, TechCrunch, Fortune, Ars Technica, and more. Additional information about Omar can be obtained from h4cker.org and omarsantos.io. You can follow Omar on Twitter at @santosomar.

Introduction Chapter 1 An Introduction to Ethical Hacking Do I Know This Already? Quiz Security Fundamentals Goals of Security Risk, Assets, Threats, and Vulnerabilities Backing Up Data to Reduce Risk Defining an Exploit Risk Assessment Security Testing No-Knowledge Tests (Black Box) Full-Knowledge Testing (White Box) Partial-Knowledge Testing (Gray Box) Types of Security Tests Hacker and Cracker Descriptions Who Attackers Are Ethical Hackers Required Skills of an Ethical Hacker Modes of Ethical Hacking Test Plans-Keeping It Legal Test Phases Establishing Goals Getting Approval Ethical Hacking Report Vulnerability Research-Keeping Up with Changes Ethics and Legality Overview of U.S. Federal Laws Compliance Regulations Payment Card Industry Data Security Standard (PCI-DSS) Summary Review All Key Topics Define Key Terms Exercises 1-1 Searching for Exposed Passwords 1-2 Examining Security Policies Review Questions Suggested Reading and Resources Chapter 2 The Technical Foundations of Hacking Do I Know This Already? Quiz The Hacking Process Performing Reconnaissance and Footprinting Scanning and Enumeration Gaining Access Escalation of Privilege Maintaining Access Covering Tracks and Planting Backdoors The Ethical Hacker's Process NIST SP 800-15 Operationally Critical Threat, Asset, and Vulnerability Evaluation Open Source Security Testing Methodology Manual Information Security Systems and the Stack The OSI Model Anatomy of TCP/IP Protocols The Application Layer The Transport Layer Transmission Control Protocol User Datagram Protocol The Internet Layer Traceroute The Network Access Layer Summary Review All Key Topics Define Key Terms Exercises 2.1 Install a Sniffer and Perform Packet Captures 2.2 List the Protocols, Applications, and Services Found at Each Layer of the Stack 2.3 Using Traceroute for Network Troubleshooting Review Questions Suggested Reading and Resources Chapter 3 Footprinting and Scanning Do I Know This Already? Quiz Overview of the Seven-Step Information-Gathering Process Information Gathering Documentation The Organization's Website Job Boards Employee and People Searches EDGAR Database Google Hacking Usenet Registrar Query DNS Enumeration Determining the Network Range Traceroute Identifying Active Machines Finding Open Ports and Access Points Nmap SuperScan THC-Amap Hping Port Knocking War Driving OS Fingerprinting Active Fingerprinting Tools Fingerprinting Services Default Ports and Services Finding Open Services Mapping the Network Attack Surface Manual Mapping Automated Mapping Summary Review All Key Topics Define Key Terms Exercises 3.1 Performing Passive Reconnaissance 3.2 Performing Active Reconnaissance Review Questions Suggested Reading and Resources Chapter 4 Enumeration and System Hacking Do I Know This Already? Quiz Enumeration Windows Enumeration Windows Security NetBIOS and LDAP Enumeration NetBIOS Enumeration Tools SNMP Enumeration Linux/UNIX Enumeration NTP Enumeration SMTP Enumeration IPsec and VoIP Enumeration DNS Enumeration System Hacking Nontechnical Password Attacks Technical Password Attacks Password Guessing Automated Password Guessing Password Sniffing Keylogging Privilege Escalation and Exploiting Vulnerabilities Exploiting an Application Exploiting a Buffer Overflow Owning the Box Windows Authentication Types Cracking Windows Passwords Linux Authentication and Passwords Cracking Linux Passwords Hiding Files and Covering Tracks Rootkits File Hiding Summary Review All Key Topics Define Key Terms Exercise 4.1 NTFS File Streaming Review Questions Suggested Reading and Resources Chapter 5 Social Engineering, Malware Threats, and Vulnerability Analysis Do I Know This Already? Quiz Social Engineering Phishing Pharming Malvertising Spear Phishing SMS Phishing Voice Phishing Whaling Elicitation, Interrogation, and Impersonation (Pretexting) Social Engineering Motivation Techniques Shoulder Surfing and USB Key Drop Malware Threats Viruses and Worms Types and Transmission Methods of Viruses and Malware Virus Payloads History of Viruses Well-Known Viruses and Worms Virus Creation Tools Trojans Trojan Types Trojan Ports and Communication Methods Trojan Goals Trojan Infection Mechanisms Effects of Trojans Trojan Tools Distributing Trojans Wrappers Packers Droppers Crypters Ransomware Covert Communication Tunneling via the Internet Layer Tunneling via the Transport Layer Tunneling via the Application Layer Port Redirection Keystroke Logging and Spyware Hardware Keyloggers Software Keyloggers Spyware Malware Countermeasures Detecting Malware Antivirus Analyzing Malware Static Analysis Dynamic Analysis Vulnerability Analysis Passive vs. Active Assessments External vs. Internal Assessments Vulnerability Assessment Solutions Tree-based vs. Inference-based Assessments Vulnerability Scoring Systems Vulnerability Scanning Tools Summary Review All Key Topics Define Key Terms Command Reference to Check Your Memory Exercises 5.1 Finding Malicious Programs 5.2 Using Process Explorer Review Questions Suggested Reading and Resources Chapter 6 Sniffers, Session Hijacking, and Denial of Service Do I Know This Already? Quiz Sniffers Passive Sniffing Active Sniffing Address Resolution Protocol ARP Poisoning and MAC Flooding Tools for Sniffing Wireshark Other Sniffing Tools Sniffing and Spoofing Countermeasures Session Hijacking Transport Layer Hijacking Identify and Find an Active Session Predict the Sequence Number Take One of the Parties Offline Take Control of the Session Application Layer Hijacking Session Sniffing Predictable Session Token ID Man-in-the-Middle Attacks Client-Side Attacks Man-in-the-Browser Attacks Session Replay Attacks Session Fixation Attacks Session Hijacking Tools Preventing Session Hijacking Denial of Service and Distributed Denial of Service DoS Attack Techniques Volumetric Attacks SYN Flood Attacks ICMP Attacks Peer-to-Peer Attacks Application-Level Attacks Permanent DoS Attacks Distributed Denial of Service DDoS Tools DoS and DDOS Countermeasures Summary Review All Key Topics Define Key Terms Exercises 6.1 Scanning for DDoS Programs 6.2 Using SMAC to Spoof Your MAC Address 6.3 Using the KnowBe4 SMAC to Spoof Your MAC Address Review Questions Suggested Reading and Resources Chapter 7 Web Server Hacking, Web Applications, and Database Attacks Do I Know This Already? Quiz Web Server Hacking The HTTP Protocol Scanning Web Servers Banner Grabbing and Enumeration Web Server Vulnerability Identification Attacking the Web Server DoS/DDoS Attacks DNS Server Hijacking and DNS Amplification Attacks Directory Traversal Man-in-the-Middle Attacks Website Defacement Web Server Misconfiguration HTTP Response Splitting Understanding Cookie Manipulation Attacks Web Server Password Cracking Web Server-Specific Vulnerabilities Comments in Source Code Lack of Error Handling and Overly Verbose Error Handling Hard-Coded Credentials Race Conditions Unprotected APIs Hidden Elements Lack of Code Signing Automated Exploit Tools Securing Web Servers Harden Before Deploying Patch Management Disable Unneeded Services Lock Down the File System Log and Audit Provide Ongoing Vulnerability Scans Web Application Hacking Unvalidated Input Parameter/Form Tampering Injection Flaws Understanding Cross-site Scripting (XSS) Vulnerabilities Reflected XSS Stored XSS DOM-based XSS XSS Evasion Techniques XSS Mitigations Understanding Cross-site Request Forgery Vulnerabilities and Related Attacks Understanding Clickjacking Other Web Application Attacks Exploiting Web-Based Cryptographic Vulnerabilities and Insecure Configurations Web-Based Password Cracking and Authentication Attacks Understanding What Cookies Are and Their Use URL Obfuscation Intercepting Web Traffic Securing Web Applications Lack of Code Signing Database Hacking A Brief Introduction to SQL and SQL Injection SQL Injection Categories Fingerprinting the Database Surveying the UNION Exploitation Technique Using Boolean in SQL Injection Attacks Understanding Out-of-Band Exploitation Exploring the Time-Delay SQL Injection Technique Surveying Stored Procedure SQL Injection Understanding SQL Injection Mitigations SQL Injection Hacking Tools Summary Review All Key Topics Exercise 7.1 Complete the Exercises in WebGoat Review Questions Suggested Reading and Resources Chapter 8 Wireless Technologies, Mobile Security, and Attacks Do I Know This Already? Quiz Wireless Technologies Mobile Device Operation and Security Mobile Device Concerns Mobile Device Platforms Android iOS Windows Mobile Operating System BlackBerry Mobile Device Management and Protection Bluetooth Radio-frequency Identification (RFID) Attacks Wireless LANs Wireless LAN Basics Wireless LAN Frequencies and Signaling Wireless LAN Security Installing Rogue Access Points Evil Twin Attacks Deauthentication Attacks Attacking the Preferred Network Lists Jamming Wireless Signals and Causing Interference War Driving Attacking WEP Attacking WPA Wireless Networks Configured with Open Authentication KRACK Attacks Attacking Wi-Fi Protected Setup (WPS) KARMA Attack Fragmentation Attacks Additional Wireless Hacking Tools Performing GPS Mapping Wireless Traffic Analysis Launch Wireless Attacks Crack and Compromise the Wi-Fi Network Securing Wireless Networks Site Survey Robust Wireless Authentication Misuse Detection Summary Review All Key Topics Define Key Terms Review Questions Suggested Reading and Resources Chapter 9 IDS, Firewalls, and Honeypots Do I Know This Already? Quiz Intrusion Detection and Prevention Systems IDS Types and Components Pattern Matching Protocol Analysis Heuristic-Based Analysis Anomaly-Based Analysis Global Threat Correlation Capabilities Snort IDS Evasion Flooding Insertion and Evasion Session Splicing Shellcode Attacks Other IDS Evasion Techniques IDS Evasion Tools Firewalls Firewall Types Network Address Translation Packet Filters Application and Circuit-Level Gateways Stateful Inspection Identifying Firewalls Bypassing Firewalls Honeypots Types of Honeypots Detecting Honeypots Summary Review All Key Topics Define Key Terms Review Questions Suggested Reading and Resources Chapter 10 Cryptographic Attacks and Defenses Do I Know This Already? Quiz Functions of Cryptography History of Cryptography Algorithms Symmetric Encryption Data Encryption Standard (DES) Advanced Encryption Standard (AES) Rivest Cipher Asymmetric Encryption (Public Key Encryption) RSA Diffie-Hellman ElGamal Elliptic Curve Cryptography (ECC) Hashing Digital Signature Steganography Steganography Operation Steganographic Tools Digital Watermark Digital Certificates Public Key Infrastructure Trust Models Single-Authority Trust Hierarchical Trust Web of Trust Protocols, Applications, and Attacks Encryption Cracking and Tools Weak Encryption Encryption-Cracking Tools Summary Review All Key Topics Define Key Terms Exercises 10.1 Examining an SSL Certificate 10.2 Using PGP 10.3 Using a Steganographic Tool to Hide a Message Review Questions Suggested Reading and Resources Chapter 11 Cloud Computing, IoT, and Botnets Do I Know This Already? Quiz Cloud Computing Cloud Computing Issues and Concerns Cloud Computing Attacks Cloud Computing Security IoT IoT Protocols Hacking IoT Implementations Botnets Botnet Countermeasures Summary Review All Key Topics Define Key Terms Exercise 11.1 Scanning for DDoS Programs Review Questions Suggested Reading and Resources Chapter 12 Final Preparation Hands-on Activities Suggested Plan for Final Review and Study Summary Glossary Appendix A Answers to the Do I Know This Already? Quizzes and Review Questions 9780789760524 TOC 6/13/2019

Additional information

Sku

CIN0789760525G

ISBN 13

9780789760524

ISBN 10

0789760525

Title

Certified Ethical Hacker (CEH) Version 10 Cert Guide by .Omar Santos

Author

.Omar Santos

Series

Certification Guide

Condition

Used - Good

Binding type

Hardback

Publisher

Pearson Education (US)

Year published

20190918

Number of pages

704

Prizes

N/A

Cover note

Book picture is for illustrative purposes only, actual binding, cover or edition may vary.

Note

This is a used book - there is no escaping the fact it has been read by someone else and it will show signs of wear and previous use. Overall we expect it to be in good condition, but if you are not entirely satisfied please get in touch with us

Certified Ethical Hacker (CEH) Version 10 Cert Guide .Omar Santos

Certified Ethical Hacker (CEH) Version 10 Cert Guide by .Omar Santos

Faster Shipping

Certified Ethical Hacker (CEH) Version 10 Cert Guide Summary

Certified Ethical Hacker (CEH) Version 10 Cert Guide by .Omar Santos

About .Omar Santos

Table of Contents

Additional information

Customer Reviews - Certified Ethical Hacker (CEH) Version 10 Cert Guide