- A
- access management, cloud computing and, 598–600
- acknowledgment number field, 36
- actions on objective stage, of cyber kill chain, 7, 8
- Active Directory (AD), 584–585
- ad hoc network, 442–443
- Address Resolution Protocol (ARP), 20, 390–394
- addressing, IP and, 31–32
- Advanced Audio Distribution (A2DP) profile, 462–463
- Advanced Encryption Standard (AES), 225, 450, 523–524
- advanced persistent threats (APTs), 69
- African Network Information Center (AfriNIC), 105
aircrack
tools, 455–456, 461–462
airgeddon
tool, 458–459
airmon-ng
program, 451–452, 461–462
airodump-ng
program, 457
- Akamai, 495
- alterations, as an evasion technique, 212
- alternate data streams (ADSs), 312–313
- Amazon, 47
- Amazon Machine Images (AMIs), 48
- Amazon Web Services (AWS), 47, 559–560, 578, 581, 587, 592–593, 600
- American Registry for Internet Numbers (ARIN), 105
- American Standard Code for Information Interchange (ASCII), 19–20, 374, 484
- amplification attacks, 493
- analysis, of malware, 328–349
- Ansible server, 591
- antivirus solutions, 359–360
- API gateway, 561
- Apple, 467–468, 469
- Apple Face ID, 416
- application architecture, 553–563
- application binary interface, 339
- application exploitation, 497–502
- Application layer (Layer 7), in OSI model, 19
- application layer firewalls, 75–77
- application programming interface (API), 112–113, 348
- Arch Strike, 266
- architecture, 40–44, 586–598. See also specific types
- ARPAnet, 21
arpspoof
, 391–392
- Asia Pacific Network Information Centre (APNIC), 105
- Assessment tab (Nessus), 198
- asymmetric key cryptography, 524–527
- attack and defense. See also specific types
- application exploitation, 497–502
- defense in depth/defense in breadth, 504–506
- defensible network architecture, 506–508
- denial-of-service (DoS) attacks, 492–497
- lateral movement, 502–504
- mobile device, 469–471
- review question answers, 641–643
- review questions, 510–514
- slow, 495–496
- web application attacks, 480–492
- Wi-Fi, 451–462
- attack lifecycle, 8–10, 566
- auditing, 90–92
- authentication, Wi-Fi, 445–446
- authenticity, in Parkerian hexad, 63
- authority, in theory of influence, 409
- automating social engineering, 430–433
- availability, in CIA triad, 62
- B
- badge access, 413–415
- baiting, 418
- bandwidth attacks, 492–495
- base service set identifier (BSSID), 427, 445
- Bell-LaPadula model, 552
- Berkeley Packet Filter (BPF), 382–384
- Biba, Kenneth, 551
- Biba model, 551
- biometrics, 416–417
- birthday paradox, 280, 535
- BitLocker, 539
- black-box testing, 186
- black-hat hackers, 4
- Blaster, 323
- blob storage, 581
- block cipher, 522
- bluebugging, 466
- bluejacking, 465–466
- bluesnarfing, 466
- Bluetooth, 462–466
- Bohannon, Daniel, 296
- botnet, 324–325
- Bring Your Own Device (BYOD), 450–451
- brute force, 131–132
brute_dirs
module, 251–252
btscanner
program, 463–465
- buffer, 498
- buffer overflow, 498–500
- built-in utilities, 233–236
- Burp Suite, 595–596, 608
- bus network, 22–23
- bytes, 31
- C
- cacheability, 594
- canonical name (CNAME) responses, 132
- captive portal, 428
- Cascading Style Sheets (CSS), 483
- castle defense, 504
- catastrophizing, 65
- certificate authority (CA), 528–534
- certification rules (CRs), 553
- Certified Ethical Hacker (CEH) certification, 2
- chance, 64–65
- Chaos Computer Club, 8
- CheckPoint, 116
- checksum field, 31, 37
- CIA triad, 59–63
- Cialdini, Robert, 408–409
- Cipher Block Chaining (CBC), 524
- ciphersuite, 523
- Cisco, 116
- Clark-Wilson Integrity model, 552–553
- client-server architecture, 593
- client-side vulnerabilities, 288–291
- cloning, 423–426
- cloud computing
- about, 44–45, 574–578
- cloud architectures and deployment, 586–598
- cloud services, 577–583
- common threats, 598–604
- infrastructure as a service (IaaS), 46–48
- Internet of Things (IoT), 51
- platform as a service (PaaS), 48–49
- public vs. private cloud, 585
- review question answers, 646–647
- review questions, 614–615
- shared responsibility model, 583–585
- software as a service (SaaS), 49–51
- storage as a service (StaaS), 45–46
- cloud services, 577–583
- cloud-based applications, 559–561
- CloudFormation Designer, 592–593
- cloud-native design, 589–590
- Code Red worm, 323
- collection stage, in ATT&CK Framework, 71
- collision, 280
- command and control stage, 7, 8, 71
- command injection, 487–488
- commitment, in theory of influence, 409
- Common Internet File System (CIFS), 172
- Common Object Request Broker Architecture (CORBA), 226
- Common Vulnerabilities and Exposures (CVE), 173
- communications models, 17–22
- companies, open source intelligence and, 99–100
- complete mission stage, 8, 9, 503
- Confidential data classification, 549
- confidentiality, in CIA triad, 59–60
- Constrained Data Items (CDIs), 553
- control bits field, 36
- Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCM mode protocol (CCMP)), 450
- covering tracks, 307–313
- credential access stage, in ATT&CK Framework, 71
- credential compromise, cloud computing and, 602–603
- credential stuffing, 503, 602
- cryptographic hashing, 534–536
- cryptography. See also asymmetric key cryptography; symmetric key cryptography
- about, 516–517
- asymmetric key, 524–527
- basic encryption, 517–521
- certificate authorities and key management, 528–534
- cryptographic hashing, 534–536
- disk and file encryption, 538–541
- Pretty Good Privacy (PGP), 536–537
- review question answers, 643–645
- review questions, 543–545
- Secure/Multipurpose Internet Mai Extensions (S/MIME), 536–537
- symmetric key, 521–524
- Cuckoo Sandbox, 340–345
- customer relationship management (CRM), 50, 579
- Cutter, 332–333
- cyber kill chain, 6–8
- Cybersecurity Framework, 564
- cyclic redundancy check (CRC), 447
- D
- Damn Vulnerable Web Application (DVWA), 492
- dark web, 269
- darknet, 269
- data
- classification of, 548–550
- hiding, 311–313
- at rest, 60, 538
- in use, 537
- data breach, cloud computing and, 600
- Data Encryption Standard (DES), 522–523
- Data Link layer (Layer 2), in OSI model, 19, 20
- data offset field, 36
- database considerations, 561–563
- dead box access, 539
- deauthentication attack, 455–458
- debugging, dynamic analysis and, 345–349
- Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) vulnerability, 173
- deep packet inspection (DPI), 75
- defense evasion stage, in ATT&CK Framework, 70
- defense in breadth network design, 86–87, 504–506
- defense in depth network design, 84–86, 504–506
- defensible network architecture, 87, 506–508
- delivery stage, of cyber kill chain, 7–8
- demilitarized zone (DMZ), 42, 506
- denial-of-service (DoS) attack, 62, 492–497
- deployment, cloud, 586–598
- destination address field, 31
- destination port field, 36
- Detect function, 565
- detecting, 214–215
- devices, 467–471, 606
- DevOps, 87
- DevSecOps, 87
- Diffie, Whitfield, 225, 520
- Diffie-Hellman (DH) algorithm, 225, 520–521, 523
dig
tool, 129–130
- directory traversal, 489–490
- disassembly, static analysis and, 333–335
- discovery stage, in ATT&CK Framework, 71
- Discovery tab (Nessus), 197–198
- Discretionary Security Property, 552
- disk encryption, 538–541
- distributed denial of service (DDoS), 494
- Distributed Network Protocol (DNP), 146
dm-crypt
, 540
- DNS spoofing, 394–397
dnsrecon
tool, 131–132
- Document Object Model (DOM), 483–484
- domain, 371
- Domain Name System (DNS), 71, 124–136
- domain registrars, open source intelligence and, 101–105
- DomainManager, 102
- dotted quads, 31–32
- drives, encrypted, 539
- dropper, 328
- dynamic analysis, 340–349
- Dynamic Host Configuration Protocol (DHCP) server, 428
- E
- EC-Council, 6
- 802.1X standard, 446, 448
- 802.11 standard, 440–441, 448
- Elastic Compute Cloud (EC2), 47
- Elastic Kubernetes Service (EKS), 559
- Elastic Stack, 83
- Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system, 100–101
- Elk Cloner virus, 322
- elliptic curve cryptography (ECC), 526–527
- encrypted drives, 539
- encryption
- about, 517
- Diffie-Hellman, 520–521
- disk, 538–541
- file, 538–541
- substitution ciphers, 517–520
- Wi-Fi, 446–450
- encryptors, 331–333
- endpoint detection and response (EDR), 81–83, 295–296, 360
- enforcement rules (ERs), 553
enum4linux
tool, 243–245
- enumeration
- about, 11, 222–223
- remote procedure calls, 226–232
- review question answers, 627–629
- review questions, 259–262
- Server Message Block (SMB), 232–245
- service, 223–226
- Simple Mail Transfer Protocol (SMTP), 247–250
- Simple Network Management Protocol (SNMP), 245–247
- web-based, 250–257
- escalate privileges stage, 8, 9, 502
- establish foothold stage, 8, 9, 502
- EternalBlue vulnerability, 274–276, 326–327
- Ethernet, 20
- ethical hacking, 2, 5–13
- ethics, 2–4
- Ettercap, 394–395
- evasion, 211–214, 295–296
- event, 507
- evil twin attack, 458–460
- Executable and Linkable Format (ELF) file, 354
- execution stage, in ATT&CK Framework, 70
- exfiltration stage, in ATT&CK Framework, 72
- exploitation. See system compromise
- exploitation stage, of cyber kill chain, 7, 8
- Exploit-DB package, 274–276
- exploits, searching for, 265–269
- Extended Binary Coded Decimal Interchange Code (EBCDIC), 19–20
- Extensible Authentication Protocol (EAP), 447, 448
- eXtensible Markup Language (XML), 482–483, 594
- F
- Face ID (Apple), 416
- Facebook, 111–114, 580
- Factory Interface Network Service (FINS), 146
- false acceptance rates (FARs), 417
- false negative, 184, 417
- false positive, 183–184, 417
- Farmer, Dan, 184
- file encryption, 538–541
- file path traversal, 489–490
- file traversal, 489–490
- FileVault, 538, 540
- fingerprint scanners, 416
- Firebug, 141
- FireEye Labs Advanced Reverse Engineering (FLARE), 329
- FireEye Mandiant, 8
- firewalls, 72–73
- Five Functions, 564
- flags field, 30–31
- footprinting and reconnaissance
- about, 10, 98–99
- Domain Name System (DNS), 124–136
- open source intelligence, 99–124
- passive reconnaissance, 136–139
- review question answers, 622–624
- review questions, 150–153
- technology intelligence, 144–147
- website intelligence, 139–143
- forced browsing, 597
- 419 scam, 411–412
fping
, 157–159
- Fraggle attack, 497
- fragment offset field, 31
- fragmentation, as an evasion technique, 212
fragroute
, 209–211, 212
- frame, 369
- Frame Relay, 20
- full mesh network, 26
- fully qualified domain name (FQDN), 124
- fuzzing, 292–295
- G
- gaining access, 11–12
- Ghidra, 338–340
- GoDaddy, 102
- Google, 47, 467–468, 469, 580
- Google Chrome, 142–143, 531
- Google Compute, 598
- Google Docs, 50
- Google Drive, 45–46
- Google hacking, 144–146
- Google Rapid Response (GRR), 82
- governmental data classification, 549
- Graham, Robert, 176
- gray-hat hackers, 4
- Greenbone Security Assistant (GSA), 185
- group temporal key (GTK), 448
- guidelines, security, 68
- H
- H.323, 75–76
- half-open scan, 162
- hash algorithm, 280
hashdump
command, 276
- hashing, cryptographic, 534–536
- header length field, 30
- headers, in IP, 29–31
- Health Insurance Portability and Accountability Act (HIPAA), 43
- heap spraying, 500
- Hellman, Martin, 225, 520
- hide/obscure the data, as an evasion technique, 211–212, 311–313
- Highway Addressable Remote Transducer Protocol, 146
- honeypot, 506
host
tool, 127–128
hostapd
tool, 428
hping
, 204–207
- human interface device (HID), 611
- human-machine interface (HMI), 611
- hybrid cryptosystem, 525
- hybrid network, 26–27
- Hypertext Markup Language (HTML), 356, 481, 576–577
- Hypertext Transport Protocol (HTTP), 19, 71, 555, 576–577, 585, 593
- I
- I Love You virus, 322, 409–410
- IBM 360, 574–575
- iCloud, 45–46
- IDA Free, 345
- IDA Pro, 345
- identification field, 30
- identity and access management (IAM), 583, 598
- Identity function, 565
- iDevices, 606–607
- Immunity Debugger, 345
- impact stage, in ATT&CK Framework, 72
- impersonation, as a social engineering vector, 412
- industrial, scientific, and medical (ISM) band, 440
- Industrial Control Systems (ICSs), 146, 611–612
- influence, theory of, 408–409
- infrastructure, malware, 357–359
- infrastructure as a code (IaC), 589, 591
- infrastructure as a service (IaaS), 46–48, 578, 583
- infrastructure network, 443
- initial access stage, in ATT&CK Framework, 70
- initial compromise stage, 8, 9, 502
- initial reconnaissance stage, 8, 9, 502
- initialization vector (IV), 524
- insider threat, cloud computing and, 604
- InSpy, 118
- installation stage, of cyber kill chain, 7, 8
- Institute of Electrical and Electronics Engineers (IEEE), 440, 446
- integrity, in CIA triad, 61–62
- Integrity Verification Procedure (IVP), 553
- Intelius, 110
- Interface Message Processor (IMP), 21
- internal recon stage, 8, 9, 502
- International Organization for Standardization (ISO), 18, 67
- Internet Assigned Numbers Authority (IANA), 102–103
- Internet Control Message Protocol (ICMP), 38–40, 71, 73
- Internet Corporation for Assigned Names and Numbers (ICANN), 102
- Internet Engineering Task Force (IETF), 29–30
- Internet of Things (IoT), 51, 146–147, 574, 604–610, 614–615, 646–647
- Internet Packet Exchange (IPX), 29
- Internet Protocol (IP), 20, 29–34
- Internet Relay Chat (IRC) protocol, 357–358
- intrusion detection systems (IDSs), 77–80
- intrusion prevention systems (IPSs), 80–81
- Invocation Property, 551
Invoke-Obfuscation
cmdlet, 296
- IP Security (IPSec), 43
iptables
tool, 428
- IPv4, 31–32
- IPv6, 31–32
- iris scanning, 416
- ISO 27001, 566
- isolation, network, 41–43
- J
- Java Development Kit (JDK), 338
- JavaScript Object Notation (JSON), 359, 562, 592
- JBoss, 481, 578
- job sites, 123–124
- John the Ripper, 280–282
- Joint Photographic Experts Group (JPEG), 20
- jump, 334–335
- junk mail providers, 105
- Just Works, 463
- K
- Kaminsky, Dan, 3–4
- Kerberoasting, 284–288
- key distribution center (KDC), 286
- key reinstallation, 460–461
- Key Reinstallation Attack (KRACK), 451, 461
- Kibana, 83
- Krebs, Brian, 493–494, 495
- L
- Lambda, 560, 587
- lateral movement stage, in ATT&CK Framework, 71, 502–504
- Latin America and Caribbean Network Information Centre (LACNIC), 105
- layered system, 594
- legacy, 497
- lift-and-shift approach, 586
- Lightweight Extensible Authentication Protocol (LEAP), 450
- liking, in theory of influence, 409
- LinkedIn, 115–118
- Linux, 610
- Linux Unified Key Setup (LUKS), 540
- listening services, 561
- living off the land, 291–292, 504
- load balancing, 589
- Local Area Network (LAN), 41
- local area network denial (LAND), 497
- Lockheed Martin, 7
- log manipulation, 310–311
- logging, 88–90
- logic bombs, 322
- long-distance bluesnarfing, 466
- low and slow, as an evasion technique, 212
- Low Orbit Ion Cannon (LOIC), 494
- LucidChart, 579, 584
- M
- mail marketing companies, 105
- maintain presence stage, 8, 9, 503
- maintaining access, 12
- malformed data, as an evasion technique, 212
- Maltego, 122
- malware
- about, 320–321
- analysis, 328–349
- antivirus solutions, 359–360
- botnet, 324–325
- creating, 329–357
- dropper, 328
- infrastructure, 357–359
- persistence, 360–361
- ransomware, 326–328
- review question answers, 632–634
- review questions, 363–366
- Trojan, 324
- types, 321–328
- virus, 321–322
- worm, 323–324
- man traps, 415–416
- management information bases (MIBs), 246–247
- man-in-the-middle attack, 61
masscan
, 176–178
- maximum transmission unit (MTU), 369
- Maze ransomware, 327
mdk3/4
, 461–462
- media access control (MAC) address, 20, 27–28, 390–391, 606
- MegaPing, 159–161, 178–180
- mesh network, 25–26
- message authentication code (MAC), 447, 534
- Message Digest 5 (MD5), 283, 336, 534–535
- Message Queuing Telemetry Transport (MQTT), 51
- Metasploit
- about, 180–182, 240–242
- creating malware using, 353–356
- exploitation and, 300
- looking for vulnerabilities with, 202–203
- modules, 270–274
- registry persistence from, 304–305
- sunrpc scanner, 227–228
- Meterpreter, 276–279, 305–306, 313
- methodologies, for ethical hacking, 6–13
- methods, 586
- Metropolitan Area Network (MAN), 41
- Microsoft, 47, 48, 50
- Microsoft Azure, 48, 587, 609
- Microsoft Hyper-V server, 590–591
- Microsoft Office 365 (O365), 586
- Microsoft security bulletins (MSSB), 297
mimikatz
module, 277
- Mitnick, Kevin, 8, 411
- MITRE (website), 72
- MITRE ATT&CK Framework, 69–72
- mobile devices, 467–471
- model-view-controller (MVC) design, 553–557
mod_security
, 491
- ModSecurity, 76
- modules, Metasploit, 270–274
- Morris, Robert T., 323
- move laterally stage, 8, 9, 502
msfconsole
, 253, 271–272, 276, 288–290, 353
msfvenom
program, 305, 354
- Multiprotocol Label Switching (MPLS), 43
- multistation access units (MAUs), 24
- multitenancy, 577
- MySQL Server, 486–487
- N
- name lookups, 125–130
- National Institute of Standards and Technology (NIST), 67, 522, 564
- National Security Agency (NSA), 202
nbstat
program, 233–235
nbtscan
, scanning networks with, 242–243
- near-field communication (NFC), 463
- Nessus, 196–202
- net utility, 235–236
- NetBIOS, 232, 233–234, 239
netcat
, 301, 353
- NetFlow, 507
- network access control (NAC), 450
- Network Control Program (NCP), 21
- Network File Server (NFS), 226–227
- network interface cards (NICs), 369
- Network layer (Layer 3), in OSI model, 19, 20
- network stacks, 17
- network vulnerability tests (NVTs), 187–188
- networks/networking
- about, 16
- architectures, 40–44
- cloud computing, 44–51
- communications models, 17–22
- Internet Control Message Protocol (ICMP), 39–40
- IP, 29–34
- network types, 40–41
- physical, 27–29
- review question answers, 618–619
- review questions, 54–56
- TCP, 34–38
- testing, 451
- topologies, 22–27
- UDP, 38–39
- Wi-Fi types, 442–444
- Nigerian Prince scam, 411–412
- Nimda worm, 323
- NIST Special Publication 800-53, 566
nmap
, 162, 223–226, 237–238
- nmbd process, 232
- Node.js, 358–359
- nonrepudiation, 525–526
- NoSQL, 123, 561, 563
- Not Evil, 269
nslookup
tool, 128–129
- n-tier design, 553–557
- O
- obfuscating, 356–357
- Object Exchange (OBEX), 466
- octets, 31
- Office Online, 50
- Official data classification, 549
- OllyDbg, 345, 346
- OmniGraffle, 579
- 100Base TX, 20
- 1000BaseT, 20
- Online Certificate Status Protocol (OCSP), 531
- Open Authentication, 445
- open source intelligence
- about, 99
- companies, 99–100
- domain registrars, 101–105
- Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system, 100–101
- people, 108–111
- regional Internet registries, 105–107
- social networking, 111–124
- Open Systems Interconnection (OSI) model, 18–21, 203, 369
- Open Vulnerability Assessment System (OpenVAS), 184–195
- Open Web Application Security Project (OWASP), 491, 601
- OpenBSD system, 140
- OpenStack, 585
- operand, 333
- operational technology, 610–612
- options field, 37
- Oracle, 561
- organizationally unique identifier (OUI), 606
- overlaps, as an evasion technique, 212
- P
- packers, 331–333
- packet, 29
- packet analysis, 385–390
- packet capture, 368–384
- packet capture (PCAP) file format, 375
- packet crafting, 203–211
- packet filtering, 73–74
- packETH, 207–209
- pairwise master key (PMK), 448
- Palo Alto Networks, 116
- Parker, Donn, 63
- Parkerian hexad, 63
- passive DNS, 133–136
- passive reconnaissance, 136–139
- password cracking, 279–288
- passwords, gathering, 276–279
- payload, 354, 369
- Payment Card Industry (PCI), 43
- PE Detective, 332
- PeekYou, 110
- penetration testing. See ethical hacking
- people, open source intelligence and, 108–111
- Perl-compatible regular expressions (PCRF), 490
- persistence, 12, 304–307, 360–361
- persistence stage, in ATT&CK Framework, 70
- persistent cross-site scripting, 483
- phishing attacks, 412, 418–422
- phone calls, as a form of physical social engineering, 417–418
- Physical layer (Layer 1), in OSI model, 19, 20
- physical networking, 27–29
- physical social engineering, 413–418
- ping sweeps, 157–161
- Pipl, 110
- pivoting, 301–304
- platform as a service (PaaS), 48–49, 578–579, 583
- Plaxo, 115
- Plugins tab (Nessus), 197
- pointer (PTR) record, 370
- policies, security, 66–67
- polyalphabetic cipher, 519
- polymorphisms, 212
- port mirroring/spanning, 384
- port scanning
- about, 161–162
- detailed information, 167–169
masscan
, 176–178
- MegaPing, 178–180
- Metasploit, 180–182
nmap
, 162
- scripting, 169–174
- TCP scanning, 162–165
- UDP scanning, 165–167
- Zenmap, 174–176
- portable executable (PE) file format, 330, 354
- possession (control), in Parkerian hexad, 63
- post exploitation
- about, 295
- covering tracks, 307–313
- evasion, 295–296
- persistence, 304–307
- pivoting, 301–304
- privilege escalation, 296–301
- Postel, Joe, 102
- PowerShell, 291, 504, 591–592
- Presentation layer (Layer 6), in OSI model, 19–20
- pre-shared key (PSK), 428, 520
- pretexting, 410–412
- Pretty Good Privacy (PGP), 109, 536–537
- private cloud, 585
- Private data classification, 549
- privilege escalation, 296–301
- privilege escalation stage, in ATT&CK Framework, 70
- probability, 64–65
- procedures, 68, 586
- process injection, 308–310
- programmable logic controllers (PLCs), 611
- Project Athena, 284
- properties, static analysis and, 335–336
- Protect function, 565
- Protected Extensible Authentication Protocol (PEAP), 450
- protecting, 214–215
- protocol data units (PDUs), 27
- protocol field, 31
- protocol stacks. See network stacks
- protocols, 18
- public cloud, 585
- Public data classification, 549
- public key cryptography. See asymmetric key cryptography
- public key infrastructure (PKI), 528
- Python, 350
- Q
- quality of detection (QoD), 194
- R
- race condition, 65
- radio frequency identification (RFID) device, 413–414
- Rain Forest Puppy Policy (RFP/RFPolicy), 3
- rainbow tables, 282–284
- ransomware, 326–328
- raw sockets, 206
rcrack
, running with rainbow tables, 284
- Real-time Transport Protocol (RTP), 76
- reciprocity, in theory of influence, 409
- Recon plugin, 139
- reconnaissance stage, 7, 10, 69
- Recover function, 565
- recursive name query/resolution, 125
- red teaming, 5–6
- reduction function, 284
- reflected cross-site scripting, 483
- regex denial of service (ReDoS), 490–491
- regional Internet registry (RIR), open source intelligence and, 105–107
- register, 333
- remote access, to networks, 43–44
- remote method invocation (RMI), 228–232
- Remote Method Invocation (RMI), 557
- Remote Procedure Call (RPC), 20, 226–232, 557
- Report tab (Nessus), 198
- Representational State Transfer (REST), 358, 557, 593–594
- request for comments (RFC) document, 29–30
- Réseaux IP Européens Network Coordination Centre (RIPE NCC), 105
- reserved field, 36
- resource consumption, as an evasion technique, 213
- resource development stage, in ATT&CK Framework, 69
- Respond function, 565
- responsible disclosure, 3
- responsive design, 588–589
- Restricted data classification, 549
- retinal scanning, 416
- reverse connection, 353
- reverse lookup, 370
- review questions/answers. See specific topics
- Rijndael cipher, 523
- ring network, 24–25
- risk, 64–66
- Rivest Cipher 4 (RC4) encryption algorithm, 446
- Rivest-Shamir-Adleman (RSA) algorithm, 380, 524–525
- rogue attacks, 426–427
- rootkits, 307–308
- rotation cipher, 517–520
- routing, 20–21
rtgen
, using for rainbow tables, 283–284
- Rubeus tool, 286, 288
- S
- S3 buckets, 581, 601
- Samba package, 232
- sandboxing, 340, 469
- scan configs, in OpenVAS, 187–190
- scan results, 193–195
- scan tasks, 190–192
- scanning, 11, 463–465
- scanning networks
- about, 156–157
- evasion techniques, 211–214
- packet crafting and manipulation, 203–211
- ping sweeps, 157–161
- port scanning, 161–182
- protecting and detecting, 214–215
- review question answers, 624–626
- review questions, 217–220
- vulnerability scanning, 183–203
- scarcity, in theory of influence, 409
- screen blindness, as an evasion technique, 213
- scripting, 169–174, 591
- scripts,
nmap
, 237–238
- searching, for exploits, 265–269
searchsploit
program, 266–268, 274–275
- Secret data classification, 549
- Secure Hash Algorithm 1 (SHA-1), 535–536
- Secure Shell (SSH), 503
- Secure Sockets Layer (SSL), 43, 523
- secure state, 552
- Secure/Multipurpose Internet Mail Extensions (S/MIME), 537
- security
- about, 58
- CIA triad, 59–63
- guidelines, 68
- organizing, 69–72
- policies, 66–67
- preparation, 84–92
- procedures, 68
- review question answers, 619–621
- review questions, 93–96
- risk, 64–66
- standards, 67–68
- technology, 72–84
- Security Administrator's Integrated Network Tool (SAINT), 184
- Security Analysis Tool for Auditing Networks (SATAN), 184
- security architecture and design, 548–571, 645–646
- Security Auditors Research Assistant (SARA), 184
- security control, 565
- security information and event management (SIEM), 83–84, 507
- security models, 550–553
- security operation center (SOC), 84
- security support provider (SSP), 277
- self-propagation, 323
- self-signed certificates, 532–534
- sequence number field, 36
- Server Message Block (SMB) protocol, 172, 232–242
- service enumeration, 223–226
- service level agreement (SLA), 68
- service set identifier (SSID), 445
- service-oriented architecture, 557–559
- services, 589–590
- session border controller (SBC), 75–76
- Session Initiation Protocol (SIP), 75–76
- session key, 460–461
- Session layer (Layer 5), in OSI model, 19, 20
sessions
command, 299
- Severe Hash Algorithm (SHA), 336
- SHA-384, 450
- Shadow Brokers, 202
- shared responsibility model, 583–585
- shell, 291, 489
- shellcode, 267–268, 499, 502
- Shodan, 146–147, 607
- signature, 212
- Simple Authority, 528, 532
- simple data classification, 549
- Simple Identity Property, 551
- Simple List, 595
- Simple Mail Transfer Protocol (SMTP), 88, 247–250
- Simple Network Management Protocol (SNMP), 245–247
- Simple Secure Pair (SSP), 463
- Simple Security Property, 552
- simple service discovery protocol (SSDP), 372
- single crack mode, 280
- slow attacks, 495–496
slowhttptest
program, 495–496
- smbd process, 232
- smishing, 412, 470–471
- Smurf attacks, 493
- sniffing, 368–399, 402–405, 451–455, 635–636
- Snort identification number (SID), 79
- social engineering, 408–433, 435–438, 636–638
- social networking, open source intelligence and, 111–124
- social proof, in theory of influence, 409
- Social-Engineer Toolkit (SET), 430–433
- sockets, raw, 206
- software as a service (SaaS), 49–51, 579–580, 584
- Song, Dug, 391
- source address field, 31
- source port field, 35
- split DNS, 130–131, 136
- spoofing attacks, 390–399
- spoofing detection, 398–399
- SQL injection, 485–487, 561
- SQLite database, 562
- SSH2, 224–225
sslstrip
program, 397–398, 459
- SSL/TLS, 380
- stack, 498
- stack canary, 500
- standards, security, 67–68
- star network, 23–24
- * (star) Property, 551, 552
- start of authority record (SOA), 133
- state machine model, 550–551
- stateful filtering, 74–75
- stateless, 594
- static analysis, 329–340
- storage as a service (StaaS), 45–46, 580, 584
- stream cipher, 522
- Structured Query Language (SQL), 481, 492, 602
- subnetting, 33–34
- substitution ciphers, 517–520
- SunRPC, 226–228
- supervisory control and data acquisition (SCADA), 611–612
- Switched Port Analyzer (SPAN), 384
- switching, 28–29
- symmetric key cryptography, 521–524
- SYN, 497
sysinfo
command, 276
- syslog, 88
- system compromise, 269–276
- system hacking
- about, 264–265
- client-side vulnerabilities, 289–291
- fuzzing, 292–295
- gathering passwords, 276–279
- living off the land, 291–292
- password cracking, 279–288
- post exploitation, 295–313
- review question answers, 629–632
- review questions, 315–318
- searching for exploits, 265–269
- system compromise, 269–276
- T
- tactics, techniques, and procedures (TTPs), 69–72
- targets, setting up in OpenVAS, 185–187
tcdump
, 452–454
- TCP, 20, 34–38
- TCP scanning, 162–165
tcpdump
, packet capture and, 369–376
- TCP/IP architecture, 21–22
- technology
- operational, 610–612
- security, 72–84
- technology intelligence
- about, 144
- Google hacking, 144–146
- Internet of Things (IoT), 146–147
- Temporal Key Integrity Protocol (TKIP), 447
- 10Base2, 20
- 10BaseT, 20
- terminators, 22
- Terraform, 591
- testing, 451, 492, 604
- theHarvester, 108–110, 111
- theory of influence, 408–409
- The Onion Router (Tor), 269, 602
- threat agent/actor, 65–66
- threat vector, 65–66
- three-way handshake, 37, 495
- ticket granting service (TGS), 286
- ticket granting ticket (TGT), 286
- time management, 313
- time to live (TTL), 133
- time to live field, 31
- Tomcat, 481, 578
- Top Secret data classification, 549
- top-level domains (TLDs), 124
- topologies, 16, 22–27
- total length field, 30
- tracks, covering, 12–13
- Transformation Procedures (TPs), 553
- Transmission Control Protocol (TCP), 74, 161–162
- Transport layer (Layer 4), in OSI model, 19, 20
- Transport Layer Security (TLS), 43, 516, 523
- Trend Micro software, 469
- Triple DES (3DES), 522
- Trojan, 324
- true negative, 184
- true positive, 184
- trusted platform module (TPM), 538
- trusted third party, 531–532
tshark
, packet capture and, 376–378
- tunneling, as an evasion technique, 213
- Twitter, 118–122
- Twitter Digger X, 122
- type of service field, 30
- typosquatting, 426
- U
- UDP, 20, 38–39
- UDP scanning, 165–167
- Unclassified data classification, 549
- Unconstrained Data Items (UDIs), 553
- Unicode, 19–20
- unified threat management (UTM), 77, 506
- uniform interface, 594
- Uniform Resource Identifier (URI), 125
- Uniform Resource Locator (URL), 250
- universal plug and play (UPnP), 372
- UPX packer, 332–333
- urgent pointer field, 37
- URL hijacking, 426
- Usenet, 517
- User Datagram Protocol (UDP), 74, 161–162
- utility, in Parkerian hexad, 63
- V
- vectors, social engineering, 412
- Venema, Wietse, 184
- version field, 30
- Vigenère, Blaise de, 519
- Vigenère cipher, 519
- Virtual Local Area Network (VLAN), 20, 41, 508
- virtual machines (VMs), infrastructure as a service (IaaS) and, 47
- Virtual Private Networks (VPNs), 43–44
- virus, 321–322
- VirusTotal, 336–338
- vishing, as a social engineering vector, 412
- Visio, 579
- VMWare, 329
- VMware ESXi server, 590–591
- voiceprint, 417
VRFY
command, 247–250
- vulnerabilities, client-side, 288–291
- vulnerability scanning, 183–203
- W
- WannaCry ransomware, 326–327
- Wappalyzer plugin, 141
- watering hole attack, 426
- weaponization stage, of cyber kill chain, 7
- web application attacks
- about, 480–482
- cloud computing and, 600–602
- command injection, 487–488
- cross-site scripting (XSS), 483–485
- file traversal, 489–490
- protections from, 490–492
- SQL injection, 485–487
- testing, 492
- XML external entity processing, 482–483
- web application firewall (WAF), 76–77, 491
- web-based enumeration, 250–257
- WebLogic, 481
- website attacks, 422–427
- website intelligence, 139–143
- Welchia/Nachi worm, 323
- white-hat hackers, 4
whoami
command, 279
- whole-disk encryption, 516
- Wide Area Network (WAN), 41
- Wi-Fi
- about, 440–442
- attacks, 451–462
- authentication, 445–446
- Bring Your Own Device (BYOD), 450–451
- encryption, 446–450
- network types, 442–444
- Wi-Fi Alliance, 447
- Wi-Fi Protected Access (WPA), 428, 447–448
- Wi-Fi Protected Access 2 (WPA2), 448–450
- Wi-Fi Protected Access 3 (WPA3), 450
- Wi-Fi Protected Setup (WPS), 447–448
wifiphisher
program, 428–430, 458
- WildFly, 481
- window field, 36
- Windows Active Directory (AD), 285
- Windows Internet Name Server (WINS), 234–235
- Windows Registry, 361
- Windows Remote Management (WinRM), 504
- WinHTTtrack tool, 423–424
- Wink, 110
- Wired Equivalent Privacy (WEP), 428, 446–447
- wireless ad hoc network, 442–443
- wireless infrastructure network, 443
- wireless security
- about, 440
- Bluetooth, 462–466
- mobile devices, 467–471
- review question answers, 638–640
- review questions, 474–477
- Wi-Fi, 440–462
- wireless social engineering, 427–430
- Wireshark, 378–382, 443–444
wordpress_login_enum
module, 252–253
- World Wide Web (WWW), 124
- worm, 323–324
wpscan
, 254–257
- X
- X.509 certification, 532–534, 536
- XML external entity processing, 482–483
- XML format, 176
- Y
- Yet Another Markup Language (YAML), 591
- Z
- Zed Attack Proxy (ZAP), 597
- Zenmap, 174–176
- ZeuS botnet, 325
- Zimmerman, Phil, 536
- zone transfers, 130–131
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.