Table of Contents
Introduction
Chapter 1 An Introduction to Ethical Hacking
“Do I Know This Already?” Quiz
Security Fundamentals
Goals of Security
Risk, Assets, Threats, and Vulnerabilities
Backing Up Data to Reduce Risk
Defining an Exploit
Risk Assessment
Security Testing
No-Knowledge Tests (Black Box)
Full-Knowledge Testing (White Box)
Partial-Knowledge Testing (Gray Box)
Types of Security Tests
Hacker and Cracker Descriptions
Who Attackers Are
Ethical Hackers
Required Skills of an Ethical Hacker
Modes of Ethical Hacking
Test Plans—Keeping It Legal
Test Phases
Establishing Goals
Getting Approval
Ethical Hacking Report
Vulnerability Research—Keeping Up with Changes
Ethics and Legality
Overview of U.S. Federal Laws
Compliance Regulations
Payment Card Industry Data Security Standard (PCI-DSS)
Summary
Review All Key Topics
Define Key Terms
Exercises
1-1 Searching for Exposed Passwords
1-2 Examining Security Policies
Review Questions
Suggested Reading and Resources
Chapter 2 The Technical Foundations of Hacking
“Do I Know This Already?” Quiz
The Hacking Process
Performing Reconnaissance and Footprinting
Scanning and Enumeration
Gaining Access
Escalation of Privilege
Maintaining Access
Covering Tracks and Planting Backdoors
The Ethical Hacker’s Process
NIST SP 800-15
Operationally Critical Threat, Asset, and Vulnerability Evaluation
Open Source Security Testing Methodology Manual
Information Security Systems and the Stack
The OSI Model
Anatomy of TCP/IP Protocols
The Application Layer
The Transport Layer
Transmission Control Protocol
User Datagram Protocol
The Internet Layer
Traceroute
The Network Access Layer
Summary
Review All Key Topics
Define Key Terms
Exercises
2.1 Install a Sniffer and Perform Packet Captures
2.2 List the Protocols, Applications, and Services Found at Each Layer of the Stack
2.3 Using Traceroute for Network Troubleshooting
Review Questions
Suggested Reading and Resources
Chapter 3 Footprinting and Scanning
“Do I Know This Already?” Quiz
Overview of the Seven-Step Information-Gathering Process
Information Gathering
Documentation
The Organization’s Website
Job Boards
Employee and People Searches
EDGAR Database
Google Hacking
Usenet
Registrar Query
DNS Enumeration
Determining the Network Range
Traceroute
Identifying Active Machines
Finding Open Ports and Access Points
Nmap
SuperScan
THC-Amap
Hping
Port Knocking
War Driving
OS Fingerprinting
Active Fingerprinting Tools
Fingerprinting Services
Default Ports and Services
Finding Open Services
Mapping the Network Attack Surface
Manual Mapping
Automated Mapping
Summary
Review All Key Topics
Define Key Terms
Exercises
3.1 Performing Passive Reconnaissance
3.2 Performing Active Reconnaissance
Review Questions
Suggested Reading and Resources
Chapter 4 Enumeration and System Hacking
“Do I Know This Already?” Quiz
Enumeration
Windows Enumeration
Windows Security
NetBIOS and LDAP Enumeration
NetBIOS Enumeration Tools
SNMP Enumeration
Linux/UNIX Enumeration
NTP Enumeration
SMTP Enumeration
IPsec and VoIP Enumeration
DNS Enumeration
System Hacking
Nontechnical Password Attacks
Technical Password Attacks
Password Guessing
Automated Password Guessing
Password Sniffing
Keylogging
Privilege Escalation and Exploiting Vulnerabilities
Exploiting an Application
Exploiting a Buffer Overflow
Owning the Box
Windows Authentication Types
Cracking Windows Passwords
Linux Authentication and Passwords
Cracking Linux Passwords
Hiding Files and Covering Tracks
Rootkits
File Hiding
Summary
Review All Key Topics
Define Key Terms
Exercise
4.1 NTFS File Streaming
Review Questions
Suggested Reading and Resources
Chapter 5 Social Engineering, Malware Threats, and Vulnerability Analysis
“Do I Know This Already?” Quiz
Social Engineering
Phishing
Pharming
Malvertising
Spear Phishing
SMS Phishing
Voice Phishing
Whaling
Elicitation, Interrogation, and Impersonation (Pretexting)
Social Engineering Motivation Techniques
Shoulder Surfing and USB Key Drop
Malware Threats
Viruses and Worms
Types and Transmission Methods of Viruses and Malware
Virus Payloads
History of Viruses
Well-Known Viruses and Worms
Virus Creation Tools
Trojans
Trojan Types
Trojan Ports and Communication Methods
Trojan Goals
Trojan Infection Mechanisms
Effects of Trojans
Trojan Tools
Distributing Trojans
Wrappers
Packers
Droppers
Crypters
Ransomware
Covert Communication
Tunneling via the Internet Layer
Tunneling via the Transport Layer
Tunneling via the Application Layer
Port Redirection
Keystroke Logging and Spyware
Hardware Keyloggers
Software Keyloggers
Spyware
Malware Countermeasures
Detecting Malware
Antivirus
Analyzing Malware
Static Analysis
Dynamic Analysis
Vulnerability Analysis
Passive vs. Active Assessments
External vs. Internal Assessments
Vulnerability Assessment Solutions
Tree-based vs. Inference-based Assessments
Vulnerability Scoring Systems
Vulnerability Scanning Tools
Summary
Review All Key Topics
Define Key Terms
Command Reference to Check Your Memory
Exercises
5.1 Finding Malicious Programs
5.2 Using Process Explorer
Review Questions
Suggested Reading and Resources
Chapter 6 Sniffers, Session Hijacking, and Denial of Service
“Do I Know This Already?” Quiz
Sniffers
Passive Sniffing
Active Sniffing
Address Resolution Protocol
ARP Poisoning and MAC Flooding
Tools for Sniffing
Wireshark
Other Sniffing Tools
Sniffing and Spoofing Countermeasures
Session Hijacking
Transport Layer Hijacking
Identify and Find an Active Session
Predict the Sequence Number
Take One of the Parties Offline
Take Control of the Session
Application Layer Hijacking
Session Sniffing
Predictable Session Token ID
Man-in-the-Middle Attacks
Client-Side Attacks
Man-in-the-Browser Attacks
Session Replay Attacks
Session Fixation Attacks
Session Hijacking Tools
Preventing Session Hijacking
Denial of Service and Distributed Denial of Service
DoS Attack Techniques
Volumetric Attacks
SYN Flood Attacks
ICMP Attacks
Peer-to-Peer Attacks
Application-Level Attacks
Permanent DoS Attacks
Distributed Denial of Service
DDoS Tools
DoS and DDOS Countermeasures
Summary
Review All Key Topics
Define Key Terms
Exercises
6.1 Scanning for DDoS Programs
6.2 Using SMAC to Spoof Your MAC Address
6.3 Using the KnowBe4 SMAC to Spoof Your MAC Address
Review Questions
Suggested Reading and Resources
Chapter 7 Web Server Hacking, Web Applications, and Database Attacks
“Do I Know This Already?” Quiz
Web Server Hacking
The HTTP Protocol
Scanning Web Servers
Banner Grabbing and Enumeration
Web Server Vulnerability Identification
Attacking the Web Server
DoS/DDoS Attacks
DNS Server Hijacking and DNS Amplification Attacks
Directory Traversal
Man-in-the-Middle Attacks
Website Defacement
Web Server Misconfiguration
HTTP Response Splitting
Understanding Cookie Manipulation Attacks
Web Server Password Cracking
Web Server–Specific Vulnerabilities
Comments in Source Code
Lack of Error Handling and Overly Verbose Error Handling
Hard-Coded Credentials
Race Conditions
Unprotected APIs
Hidden Elements
Lack of Code Signing
Automated Exploit Tools
Securing Web Servers
Harden Before Deploying
Patch Management
Disable Unneeded Services
Lock Down the File System
Log and Audit
Provide Ongoing Vulnerability Scans
Web Application Hacking
Unvalidated Input
Parameter/Form Tampering
Injection Flaws
Understanding Cross-site Scripting (XSS) Vulnerabilities
Reflected XSS
Stored XSS
DOM-based XSS
XSS Evasion Techniques
XSS Mitigations
Understanding Cross-site Request Forgery Vulnerabilities and Related Attacks
Understanding Clickjacking
Other Web Application Attacks
Exploiting Web-Based Cryptographic Vulnerabilities and Insecure Configurations
Web-Based Password Cracking and Authentication Attacks
Understanding What Cookies Are and Their Use
URL Obfuscation
Intercepting Web Traffic
Securing Web Applications
Lack of Code Signing
Database Hacking
A Brief Introduction to SQL and SQL Injection
SQL Injection Categories
Fingerprinting the Database
Surveying the UNION Exploitation Technique
Using Boolean in SQL Injection Attacks
Understanding Out-of-Band Exploitation
Exploring the Time-Delay SQL Injection Technique
Surveying Stored Procedure SQL Injection
Understanding SQL Injection Mitigations
SQL Injection Hacking Tools
Summary
Review All Key Topics
Exercise
7.1 Complete the Exercises in WebGoat
Review Questions
Suggested Reading and Resources
Chapter 8 Wireless Technologies, Mobile Security, and Attacks
“Do I Know This Already?” Quiz
Wireless Technologies
Mobile Device Operation and Security
Mobile Device Concerns
Mobile Device Platforms
Android
iOS
Windows Mobile Operating System
BlackBerry
Mobile Device Management and Protection
Bluetooth
Radio-frequency Identification (RFID) Attacks
Wireless LANs
Wireless LAN Basics
Wireless LAN Frequencies and Signaling
Wireless LAN Security
Installing Rogue Access Points
Evil Twin Attacks
Deauthentication Attacks
Attacking the Preferred Network Lists
Jamming Wireless Signals and Causing Interference
War Driving
Attacking WEP
Attacking WPA
Wireless Networks Configured with Open Authentication
KRACK Attacks
Attacking Wi-Fi Protected Setup (WPS)
KARMA Attack
Fragmentation Attacks
Additional Wireless Hacking Tools
Performing GPS Mapping
Wireless Traffic Analysis
Launch Wireless Attacks
Crack and Compromise the Wi-Fi Network
Securing Wireless Networks
Site Survey
Robust Wireless Authentication
Misuse Detection
Summary
Review All Key Topics
Define Key Terms
Review Questions
Suggested Reading and Resources
Chapter 9 IDS, Firewalls, and Honeypots
“Do I Know This Already?” Quiz
Intrusion Detection and Prevention Systems
IDS Types and Components
Pattern Matching
Protocol Analysis
Heuristic-Based Analysis
Anomaly-Based Analysis
Global Threat Correlation Capabilities
Snort
IDS Evasion
Flooding
Insertion and Evasion
Session Splicing
Shellcode Attacks
Other IDS Evasion Techniques
IDS Evasion Tools
Firewalls
Firewall Types
Network Address Translation
Packet Filters
Application and Circuit-Level Gateways
Stateful Inspection
Identifying Firewalls
Bypassing Firewalls
Honeypots
Types of Honeypots
Detecting Honeypots
Summary
Review All Key Topics
Define Key Terms
Review Questions
Suggested Reading and Resources
Chapter 10 Cryptographic Attacks and Defenses
“Do I Know This Already?” Quiz
Functions of Cryptography
History of Cryptography
Algorithms
Symmetric Encryption
Data Encryption Standard (DES)
Advanced Encryption Standard (AES)
Rivest Cipher
Asymmetric Encryption (Public Key Encryption)
RSA
Diffie-Hellman
ElGamal
Elliptic Curve Cryptography (ECC)
Hashing
Digital Signature
Steganography
Steganography Operation
Steganographic Tools
Digital Watermark
Digital Certificates
Public Key Infrastructure
Trust Models
Single-Authority Trust
Hierarchical Trust
Web of Trust
Protocols, Applications, and Attacks
Encryption Cracking and Tools
Weak Encryption
Encryption-Cracking Tools
Summary
Review All Key Topics
Define Key Terms
Exercises
10.1 Examining an SSL Certificate
10.2 Using PGP
10.3 Using a Steganographic Tool to Hide a Message
Review Questions
Suggested Reading and Resources
Chapter 11 Cloud Computing, IoT, and Botnets
“Do I Know This Already?” Quiz
Cloud Computing
Cloud Computing Issues and Concerns
Cloud Computing Attacks
Cloud Computing Security
IoT
IoT Protocols
Hacking IoT Implementations
Botnets
Botnet Countermeasures
Summary
Review All Key Topics
Define Key Terms
Exercise
11.1 Scanning for DDoS Programs
Review Questions
Suggested Reading and Resources
Chapter 12 Final Preparation
Hands-on Activities
Suggested Plan for Final Review and Study
Summary
Glossary
Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions
Index
