Cover image for GCIH GIAC Certified Incident Handler All-in-One Exam Guide

GCIH GIAC Certified Incident Handler All-in-One Exam Guide

Author Nick Mitropoulos
Release Date: 2020/08/01
Topic:
0%
27
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

This self-study guide delivers complete coverage of every topic on the GIAC Certified Incident Handler exam

Prepare for the challenging GIAC Certified Incident Handler exam using the detailed information contained in this effective exam preparation guide. Written by a recognized cybersecurity expert and seasoned author, GCIH GIAC Certified Incident Handler All-in-One Exam Guide clearly explains all of the advanced security incident handling skills covered on the test. Detailed examples and chapter summaries throughout demonstrate real-world threats and aid in retention. You will get online access to 300 practice questions that match those on the live test in style, format, and tone. Designed to help you prepare for the exam, this resource also serves as an ideal on-the-job reference.

Covers all exam topics, including:

  • Intrusion analysis and incident handling
  • Information gathering
  • Scanning, enumeration, and vulnerability identification
  • Vulnerability exploitation
  • Infrastructure and endpoint attacks
  • Network, DoS, and Web application attacks
  • Maintaining access
  • Evading detection and covering tracks
  • Worms, bots, and botnets

Online content includes:

  • 300 practice exam questions
  • Test engine that provides full-length practice exams and customizable quizzes

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents
  6. Acknowledgments
  7. Introduction
  8. Chapter 1 Building a Lab
    1. Creating a Kali Linux Virtual Machine
    2. Creating a Metasploitable Virtual Machine
      1. Testing External Connectivity from Kali Linux
      2. Testing External Connectivity from Metasploitable
      3. Testing Communication Between Kali Linux and Metasploitable
    3. Creating a Windows Virtual Machine
      1. Testing Communication Between Windows, Kali Linux, and Metasploitable VMs
    4. Linux and Windows Commands
    5. Chapter Review
      1. Questions
      2. Answers
    6. References and Further Reading
  9. Chapter 2 Intrusion Analysis and Incident Handling
    1. Incident Handling Introduction
    2. Incident Handling Phases
    3. Preparation
      1. Building a Team
      2. Collecting Organizational Information
      3. Responding to an Incident
      4. Hardware
      5. Software
    4. Identification
      1. Incident Sources
      2. Data Collection for Incident Response
      3. Windows Investigations
      4. Linux Investigations
    5. Containment
      1. Tracking and Communicating an Incident
      2. Containment Strategies
      3. Eradication
    6. Recovery
    7. Lessons Learned
    8. Chapter Review
      1. Questions
      2. Answers
    9. References and Further Reading
  10. Chapter 3 Information Gathering
    1. Public Website Searching
      1. Netcraft
      2. theHarvester
      3. Wget
    2. Social Media Searching
      1. Defending Against Public Website and Social Media Searching
    3. Using Search Engines for Information Gathering
      1. Search Engine Query Examples
      2. Viewing Deleted Content Through the Wayback Machine
      3. Using Tools for Search Engine Information Gathering Automation
      4. Recon-NG
      5. Metagoofil
      6. Exiftool
      7. FOCA (Fingerprinting Organizations with Collected Archives)
      8. SearchDiggity
      9. Defending Against Search Engine Information Gathering
    4. Whois Lookups
      1. Performing Whois Lookups Using IANA and Regional Registries
      2. Performing Whois Lookups Using Online Tools
      3. Performing Whois Lookups Using the Command Line
      4. Defending Against Whois Lookups
    5. DNS Lookups
      1. Performing DNS Lookups Using Online Tools
      2. Nslookup
      3. Dig
      4. Host
      5. DNSRecon
      6. Defending Against DNS Lookups
    6. War Dialing
      1. Defending Against War Dialing
    7. War Driving
      1. Wireless Network Introduction
      2. Airmon-ng
      3. Kismet
      4. InSSIDer
      5. Other Tools Worth Checking
      6. Defending Against War Driving
      7. General-Purpose Information Gathering Tools
      8. Maltego
      9. Shodan
      10. Maps
      11. Spokeo
      12. Grayhat Warfare
    8. Chapter Review
      1. Questions
      2. Answers
    9. References and Further Reading
  11. Chapter 4 Scanning, Enumeration, and Vulnerability Identification
    1. Introduction to ARP, ICMP, IP, TCP, and UDP
      1. ARP
      2. ICMP
      3. IP
      4. TCP
      5. UDP
    2. Network Mapping
      1. Arp-scan
      2. Ping
      3. Traceroute
      4. Zenmap
      5. Defending Against Network Mapping
    3. Port Scanning
      1. Nmap
      2. Hping3
      3. Additional Scanning Tools
      4. Proxy Utilization
      5. IDS/IPS Evasion
      6. Defending Against Port Scanning and IDS Evasion
    4. Vulnerability Identification
      1. Nessus
      2. Defending Against Vulnerability Identification
    5. Commonly Exploited Protocols: A Few Useful Examples
      1. FTP
      2. Telnet
      3. SMB
      4. Defending Against SMB Sessions
    6. Chapter Review
      1. Questions
      2. Answers
    7. References and Further Reading
  12. Chapter 5 Vulnerability Exploitation
    1. Tcpdump
      1. Scenario 1: Ping Scan
      2. Scenario 2: Reaching the Web Server
    2. Wireshark
      1. Scenario 1: Capture Web Traffic to Metasploitable
      2. Scenario 2: Capture Web Traffic to Multiple Metasploitable Webpages
    3. Metasploit
      1. Architecture
      2. Modules
      3. Information Gathering
      4. Exploiting Services
    4. Armitage
    5. Netcat
      1. Different Flavors
      2. Basic Operation
      3. Connecting to Open Ports
      4. File Transfers
      5. Backdoors
      6. Port Scanning
      7. Relays
    6. SET
    7. BeEF
    8. Chapter Review
      1. Questions
      2. Answers
    9. References and Further Reading
  13. Chapter 6 Infrastructure and Endpoint Attacks
    1. Infrastructure Attacks
      1. DMA Attacks
      2. USB Attacks
      3. Defending Against Infrastructure Attacks
    2. Password Cracking
      1. Techniques
      2. Stored Password Locations and Formats
      3. Hydra
      4. Cain
      5. John the Ripper
      6. Hashcat
      7. Defending Against Password Cracking
      8. Pass the Hash
      9. Defending Against Pass-the-Hash Attacks
    3. Buffer Overflows
      1. Identifying Buffer Overflows
      2. Adding Code in Memory
      3. Running the Code
      4. Defending Against Buffer Overflows
    4. Bypassing Endpoint Security
    5. Chapter Review
      1. Questions
      2. Answers
    6. References and Further Reading
  14. Chapter 7 Network Attacks
    1. IP Address Spoofing
      1. Defending Against IP Spoofing
    2. Network Traffic Sniffing
      1. Passive Traffic Sniffing
      2. Active Traffic Sniffing
      3. Upgraded SSL Attack: SSL Stripping
      4. Defending Against Traffic Sniffing
    3. Session Hijacking
      1. Defending Against Session Hijacking
    4. Chapter Review
      1. Questions
      2. Answers
    5. References and Further Reading
  15. Chapter 8 Denial of Service Attacks
    1. Local DoS Attacks
    2. Remote DoS Attacks
      1. Protocol Attacks
      2. Application-Layer Attacks
      3. Volumetric Attacks
    3. Botnets
    4. DDoS Attacks
      1. Reflected DDoS
      2. Pulsing Zombies
      3. DoS/DDoS Tools
      4. Defending Against DoS/DDoS Attacks
    5. Chapter Review
      1. Questions
      2. Answers
    6. References and Further Reading
  16. Chapter 9 Web Application Attacks
    1. Web Proxies
    2. OWASP (Open Web Application Security Project)
    3. Command Injection
      1. Defending Against Command Injection
    4. Account Harvesting
      1. Defending Against Account Harvesting
    5. SQL Injection
      1. Normal SQL Operation
      2. Checking for SQL Injection
      3. Testing Manual SQL Injection Strings
      4. Automating SQL Injection Using Burp Suite
      5. Defending Against SQL Injection
    6. XSS (Cross-Site Scripting)
      1. Reflected XSS
      2. Stored XSS
      3. Defending Against XSS
    7. CSRF (Cross-Site Request Forgery)
      1. Defending Against CSRF
      2. Nikto
      3. WPScan
    8. Chapter Review
      1. Questions
      2. Answers
    9. References and Further Reading
  17. Chapter 10  Maintaining Access
    1. Malware Categories
    2. Backdoors and Trojans
      1. Examples of Backdoors and Trojans
      2. Legitimate Tools Used by Attackers for Remote Control
    3. Rootkits
      1. User Mode Rootkits
      2. Kernel Mode Rootkits
      3. Malware Wrapping, Packing, and Obfuscation
      4. Malware Analysis
      5. Defending Against Backdoors, Trojans, and Rootkits
    4. Chapter Review
      1. Questions
      2. Answers
    5. References and Further Reading
  18. Chapter 11  Covering Tracks and Tunneling
    1. Log Tampering and Shell History Manipulation
      1. Windows Logs
      2. Linux Logs
      3. Shell History Manipulation
      4. Defending Against Log Tampering and Shell History Manipulation
    2. Hiding Files and Using Steganography
      1. Hiding Files in Linux
      2. Hiding Files in Windows
      3. Steganography
      4. Defending Against Hiding Files and Using Steganography
    3. Tunneling
      1. ICMP Tunneling
      2. TCP/IP Tunneling
      3. Defending Against Tunneling
    4. Chapter Review
      1. Questions
      2. Answer
    5. References and Further Reading
  19. Chapter 12  Worms, Bots, and Botnets
    1. Worms
      1. Worm Examples
    2. Bots/Botnets
      1. Defending Against Worms, Bots, and Botnets
    3. Chapter Review
      1. Questions
      2. Answers
    4. References and Further Reading
  20. Appendix A Commands Index
  21. Appendix B Tools
  22. Appendix C Exam Index
  23. Appendix D About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
      1. Privacy Notice
    3. Single User License Terms and Conditions
    4. TotalTester Online
    5. Technical Support
  24. Glossary
  25. Index
18.224.39.32