Introduction xxi
Chapter 1 An Introduction to Ethical Hacking
“Do I Know This Already?” Quiz
Foundation Topics
Security Fundamentals
Goals of Security
Risk, Assets, Threats, and Vulnerabilities
Backing Up Data to Reduce Risk
Defining an Exploit
Risk Assessment
Security Testing
No-Knowledge Tests (Black Box)
Full-Knowledge Testing (White Box)
Partial-Knowledge Testing (Gray Box)
Types of Security Tests
Hacker and Cracker Descriptions
Who Attackers Are
Ethical Hackers
Required Skills of an Ethical Hacker
Modes of Ethical Hacking
Test Plans–Keeping It Legal
Test Phases
Establishing Goals
Getting Approval
Ethical Hacking Report
Vulnerability Research–Keeping Up with Changes
Ethics and Legality
Overview of U.S. Federal Laws
Compliance Regulations
Payment Card Industry Data Security Standard (PCI-DSS)
Summary
Exam Preparation Tasks
Hands-On Labs
Lab 1-1 Examining Security Policies
Review Questions
Chapter 2 The Technical Foundations of Hacking
“Do I Know This Already?” Quiz
Foundation Topics
The Attacker’s Process
Performing Reconnaissance and Footprinting
Scanning and Enumeration
Gaining Access
Escalation of Privilege
Maintaining Access
Covering Tracks and Planting Backdoors
The Ethical Hacker’s Process
NIST SP 800-15
Operationally Critical Threat, Asset, and Vulnerability Evaluation
Open Source Security Testing Methodology Manual
Security and the Stack
The OSI Model
Anatomy of TCP/IP Protocols
The Application Layer
The Transport Layer
The Internet Layer
The Network Access Layer
Summary
Exam Preparation Tasks
Exercises
2.1 Install a Sniffer and Perform Packet Captures
2.2 List the Protocols, Applications, and Services Found at Each Layer of the Stack
Chapter 3 Footprinting and Scanning
“Do I Know This Already?” Quiz
Foundation Topics
Overview of the Seven-Step Information-Gathering Process
Information Gathering
Documentation
The Organization’s Website
Job Boards
Employee and People Searches
EDGAR Database
Google Hacking
Usenet
Registrar Query
DNS Enumeration
Determining the Network Range
Traceroute
Identifying Active Machines
Finding Open Ports and Access Points
Nmap
SuperScan
THC-Amap
Hping
Port Knocking
War Driving
OS Fingerprinting
Active Fingerprinting Tools
Fingerprinting Services
Default Ports and Services
Finding Open Services
Mapping the Network Attack Surface
Manual Mapping
Automated Mapping
Summary
Exam Preparation Tasks
Exercises
3.1 Performing Passive Reconnaissance
3.2 Performing Active Reconnaissance
Chapter 4 Enumeration and System Hacking
“Do I Know This Already?” Quiz
Foundation Topics
Enumeration
Windows Enumeration
Windows Security
NetBIOS and LDAP Enumeration
NetBIOS Enumeration Tools
SNMP Enumeration
Linux/UNIX Enumeration
NTP Enumeration
SMTP Enumeration
DNS Enumeration
System Hacking
Nontechnical Password Attacks
Technical Password Attacks
Password Guessing
Automated Password Guessing
Password Sniffing
Keylogging
Privilege Escalation and Exploiting Vulnerabilities
Exploiting an Application
Exploiting a Buffer Overflow
Owning the Box
Windows Authentication Types
Cracking Windows Passwords
Linux Authentication and Passwords
Cracking Linux Passwords
Hiding Files and Covering Tracks
Rootkits
File Hiding
Summary
Exam Preparation Tasks
Exercise
4.1 NTFS File Streaming
Review Questions
Chapter 5 Malware Threats
“Do I Know This Already?” Quiz
Foundation Topics
Viruses and Worms
Types and Transmission Methods of Viruses
Virus Payloads
History of Viruses
Well-Known Viruses
Virus Tools
Trojans
Trojan Types
Trojan Ports and Communication Methods
Trojan Goals
Trojan Infection Mechanisms
Effects of Trojans
Trojan Tools
Distributing Trojans
Covert Communication
Tunneling via the Internet Layer
Tunneling via the Transport Layer
Tunneling via the Application Layer
Port Redirection
Keystroke Logging and Spyware
Hardware Keyloggers
Software Keyloggers
Spyware
Malware Countermeasures
Detecting Malware
Antivirus
Analyzing Malware
Static Analysis
Dynamic Analysis
Summary
Exam Preparation Tasks
Exercises
5.1 Finding Malicious Programs
5.2 Using Process Explorer
Review Questions
Chapter 6 Sniffers, Session Hijacking, and Denial of Service
“Do I Know This Already?” Quiz
Foundation Topics
Sniffers
Passive Sniffing
Active Sniffing
Address Resolution Protocol
ARP Poisoning and MAC Flooding
Tools for Sniffing
Wireshark
Other Sniffing Tools
Sniffing and Spoofing Countermeasures
Session Hijacking
Transport Layer Hijacking
Identify and Find an Active Session
Predict the Sequence Number
Take One of the Parties Offline
Take Control of the Session
Application Layer Hijacking
Session Sniffing
Predictable Session Token ID
Man-in-the-Middle Attacks
Man-in-the-Browser Attacks
Client-Side Attacks
Session Replay Attacks
Session Fixation Attacks
Session Hijacking Tools
Preventing Session Hijacking
Denial of Service and Distributed Denial of Service
DoS Attack Techniques
Bandwidth Attacks
SYN Flood Attacks
ICMP Attacks
Peer-to-Peer Attacks
Program- and Application-Level Attacks
Permanent DoS Attacks
Distributed Denial of Service
DDoS Tools
DoS and DDOS Countermeasures
Summary
Exam Preparation Tasks
Exercises
6.1 Scanning for DDoS Programs
6.2 Using SMAC to Spoof Your MAC Address
Review Questions
Chapter 7 Web Server Hacking, Web Applications, and Database Attacks
“Do I Know This Already?” Quiz
Foundation Topics
Web Server Hacking
Scanning Web Servers
Banner Grabbing and Enumeration
Web Server Vulnerability Identification
Attacking the Web Server
DoS/DDoS Attacks
DNS Server Hijacking and DNS Amplification Attacks
Directory Traversal
Man-in-the-Middle Attacks
Website Defacement
Web Server Misconfiguration
HTTP Response Splitting
Web Server Password Cracking
IIS Vulnerabilities
Automated Exploit Tools
Securing Web Servers
Web Application Hacking
Unvalidated Input
Parameter/Form Tampering
Injection Flaws
Cross-Site Scripting and Cross-Site Request Forgery Attacks
Hidden Field Attacks
Other Web Application Attacks
Attacking Web-Based Authentication
Web-Based Password Cracking and Authentication Attacks
Cookies
URL Obfuscation
Intercepting Web Traffic
Securing Web Applications
Database Hacking
Identifying SQL Servers
SQL Injection Vulnerabilities
SQL Injection Hacking Tools
Summary
Exam Preparation Tasks
Exercise
7.1 Review CVEs and Buffer Overflows
Review Questions
Chapter 8 Wireless Technologies, Mobile Security, and Attacks
“Do I Know This Already?” Quiz
Foundation Topics
Wireless Technologies
Wireless History
Satellite TV
Cordless Phones
Mobile Device Operation and Security
Mobile Device Concerns
Mobile Device Platforms
Android
iOS
Windows Phone
BlackBerry
Mobile Device Management and Protection
Bluetooth
Wireless LANs
Wireless LAN Basics
Wireless LAN Frequencies and Signaling
Wireless LAN Security
Wireless LAN Threats
Eavesdropping
Configured as Open Authentication
Rogue and Unauthorized Access Points
Denial of Service (DoS)
Wireless Hacking Tools
Discover Wi-Fi Networks
Perform GPS Mapping
Wireless Traffic Analysis
Launch Wireless Attacks
Crack and Compromise the Wi-Fi Network
Securing Wireless Networks
Defense in Depth
Site Survey
Robust Wireless Authentication
Misuse Detection
Summary
Exam Preparation Tasks
Review Questions
Chapter 9 IDS, Firewalls, and Honeypots
“Do I Know This Already?” Quiz
Foundation Topics
Intrusion Detection Systems
IDS Types and Components
Pattern Matching and Anomaly Detection
Snort
IDS Evasion
Flooding
Insertion and Evasion
Session Splicing
Shellcode Attacks
Other IDS Evasion Techniques
IDS Evasion Tools
Firewalls
Firewall Types
Network Address Translation
Packet Filters
Application and Circuit-Level Gateways
Stateful Inspection
Identifying Firewalls
Bypassing Firewalls
Honeypots
Types of Honeypots
Detecting Honeypots
Summary
Exam Preparation Tasks
Review Questions
Chapter 10 Physical Security and Social Engineering
“Do I Know This Already?” Quiz
Foundation Topics
Physical Security
Threats to Physical Security
Physical Security for Documentation and Storage Media
Equipment Controls
Locks
Fax Machines
Area Controls
Location Data and Geotagging
Facility Controls
Personal Safety Controls
Fire Prevention, Detection, and Suppression
Physical Access Controls
Authentication
Defense in Depth
Social Engineering
Six Types of Social Engineering
Person-to-Person Social Engineering
Computer-Based Social Engineering
Phishing, Social Networking, and Targeted Attacks
Reverse Social Engineering
Policies and Procedures
Employee Hiring and Termination Policies
Help Desk Procedures and Password Change Policies
Employee Identification
Privacy Policies
Governmental and Commercial Data Classification
User Awareness
Summary
Exam Preparation Tasks
Exercise
10.1 Encrypting Data at Rest for Added Physical Security
Review Questions
Chapter 11 Cryptographic Attacks and Defenses
“Do I Know This Already?” Quiz
Foundation Topics
Functions of Cryptography
History of Cryptography
Algorithms
Symmetric Encryption
Data Encryption Standard (DES)
Advanced Encryption Standard (AES)
Rivest Cipher
Asymmetric Encryption (Public Key Encryption)
RSA
Diffie-Hellman
ElGamal
Elliptic Curve Cryptography (ECC)
Hashing
Digital Signature
Steganography
Digital Certificates
Public Key Infrastructure
Trust Models
Single-Authority Trust
Hierarchical Trust
Web of Trust
Protocols, Applications, and Attacks
Encryption Cracking and Tools
Weak Encryption
Encryption-Cracking Tools
Summary
Exam Preparation Tasks
Exercises
11.1 Examining an SSL Certificate
11.2 Using PGP
11.3 Using a Steganographic Tool to Hide a Message
Review Questions
Chapter 12 Cloud Computing and Botnets
“Do I Know This Already?” Quiz
Foundation Topics
Cloud Computing
Cloud Computing Issues and Concerns
Cloud Computing Attacks
Cloud Computing Security
Botnets
Botnet Countermeasures
Summary
Exam Preparation Tasks
Exercise
12.1 Scanning for DDoS Programs
Review Questions
Chapter 13 Final Preparation
Hands-on Activities
Suggested Plan for Final Review and Study
Summary
Glossary
Online Content:
Glossary
Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions
Appendix B Memory Tables
Appendix C Memory Tables Answer Key
9780789756916 TOC 3/10/2017
