Index

  • A
  • access management, cloud computing and, 598–600
  • acknowledgment number field, 36
  • actions on objective stage, of cyber kill chain, 7, 8
  • Active Directory (AD), 584–585
  • ad hoc network, 442–443
  • Address Resolution Protocol (ARP), 20, 390–394
  • addressing, IP and, 31–32
  • Advanced Audio Distribution (A2DP) profile, 462–463
  • Advanced Encryption Standard (AES), 225, 450, 523–524
  • advanced persistent threats (APTs), 69
  • African Network Information Center (AfriNIC), 105
  • aircrack tools, 455–456, 461–462
  • airgeddon tool, 458–459
  • airmon-ng program, 451–452, 461–462
  • airodump-ng program, 457
  • Akamai, 495
  • alterations, as an evasion technique, 212
  • alternate data streams (ADSs), 312–313
  • Amazon, 47
  • Amazon Machine Images (AMIs), 48
  • Amazon Web Services (AWS), 47, 559–560, 578, 581, 587, 592–593, 600
  • American Registry for Internet Numbers (ARIN), 105
  • American Standard Code for Information Interchange (ASCII), 19–20, 374, 484
  • amplification attacks, 493
  • analysis, of malware, 328–349
  • Ansible server, 591
  • antivirus solutions, 359–360
  • API gateway, 561
  • Apple, 467–468, 469
  • Apple Face ID, 416
  • application architecture, 553–563
  • application binary interface, 339
  • application exploitation, 497–502
  • Application layer (Layer 7), in OSI model, 19
  • application layer firewalls, 75–77
  • application programming interface (API), 112–113, 348
  • Arch Strike, 266
  • architecture, 40–44, 586–598. See also specific types
  • ARPAnet, 21
  • arpspoof, 391–392
  • Asia Pacific Network Information Centre (APNIC), 105
  • Assessment tab (Nessus), 198
  • asymmetric key cryptography, 524–527
  • attack and defense. See also specific types
    • application exploitation, 497–502
    • defense in depth/defense in breadth, 504–506
    • defensible network architecture, 506–508
    • denial-of-service (DoS) attacks, 492–497
    • lateral movement, 502–504
    • mobile device, 469–471
    • review question answers, 641–643
    • review questions, 510–514
    • slow, 495–496
    • web application attacks, 480–492
    • Wi-Fi, 451–462
  • attack lifecycle, 8–10, 566
  • auditing, 90–92
  • authentication, Wi-Fi, 445–446
  • authenticity, in Parkerian hexad, 63
  • authority, in theory of influence, 409
  • automating social engineering, 430–433
  • availability, in CIA triad, 62
  • B
  • badge access, 413–415
  • baiting, 418
  • bandwidth attacks, 492–495
  • base service set identifier (BSSID), 427, 445
  • Bell-LaPadula model, 552
  • Berkeley Packet Filter (BPF), 382–384
  • Biba, Kenneth, 551
  • Biba model, 551
  • biometrics, 416–417
  • birthday paradox, 280, 535
  • BitLocker, 539
  • black-box testing, 186
  • black-hat hackers, 4
  • Blaster, 323
  • blob storage, 581
  • block cipher, 522
  • bluebugging, 466
  • bluejacking, 465–466
  • bluesnarfing, 466
  • Bluetooth, 462–466
  • Bohannon, Daniel, 296
  • botnet, 324–325
  • Bring Your Own Device (BYOD), 450–451
  • brute force, 131–132
  • brute_dirs module, 251–252
  • btscanner program, 463–465
  • buffer, 498
  • buffer overflow, 498–500
  • built-in utilities, 233–236
  • Burp Suite, 595–596, 608
  • bus network, 22–23
  • bytes, 31
  • C
  • cacheability, 594
  • canonical name (CNAME) responses, 132
  • captive portal, 428
  • Cascading Style Sheets (CSS), 483
  • castle defense, 504
  • catastrophizing, 65
  • certificate authority (CA), 528–534
  • certification rules (CRs), 553
  • Certified Ethical Hacker (CEH) certification, 2
  • chance, 64–65
  • Chaos Computer Club, 8
  • CheckPoint, 116
  • checksum field, 31, 37
  • CIA triad, 59–63
  • Cialdini, Robert, 408–409
  • Cipher Block Chaining (CBC), 524
  • ciphersuite, 523
  • Cisco, 116
  • Clark-Wilson Integrity model, 552–553
  • client-server architecture, 593
  • client-side vulnerabilities, 288–291
  • cloning, 423–426
  • cloud computing
    • about, 44–45, 574–578
    • cloud architectures and deployment, 586–598
    • cloud services, 577–583
    • common threats, 598–604
    • infrastructure as a service (IaaS), 46–48
    • Internet of Things (IoT), 51
    • platform as a service (PaaS), 48–49
    • public vs. private cloud, 585
    • review question answers, 646–647
    • review questions, 614–615
    • shared responsibility model, 583–585
    • software as a service (SaaS), 49–51
    • storage as a service (StaaS), 45–46
  • cloud services, 577–583
  • cloud-based applications, 559–561
  • CloudFormation Designer, 592–593
  • cloud-native design, 589–590
  • Code Red worm, 323
  • collection stage, in ATT&CK Framework, 71
  • collision, 280
  • command and control stage, 7, 8, 71
  • command injection, 487–488
  • commitment, in theory of influence, 409
  • Common Internet File System (CIFS), 172
  • Common Object Request Broker Architecture (CORBA), 226
  • Common Vulnerabilities and Exposures (CVE), 173
  • communications models, 17–22
  • companies, open source intelligence and, 99–100
  • complete mission stage, 8, 9, 503
  • Confidential data classification, 549
  • confidentiality, in CIA triad, 59–60
  • Constrained Data Items (CDIs), 553
  • control bits field, 36
  • Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCM mode protocol (CCMP)), 450
  • covering tracks, 307–313
  • credential access stage, in ATT&CK Framework, 71
  • credential compromise, cloud computing and, 602–603
  • credential stuffing, 503, 602
  • cryptographic hashing, 534–536
  • cryptography. See also asymmetric key cryptography; symmetric key cryptography
    • about, 516–517
    • asymmetric key, 524–527
    • basic encryption, 517–521
    • certificate authorities and key management, 528–534
    • cryptographic hashing, 534–536
    • disk and file encryption, 538–541
    • Pretty Good Privacy (PGP), 536–537
    • review question answers, 643–645
    • review questions, 543–545
    • Secure/Multipurpose Internet Mai Extensions (S/MIME), 536–537
    • symmetric key, 521–524
  • Cuckoo Sandbox, 340–345
  • customer relationship management (CRM), 50, 579
  • Cutter, 332–333
  • cyber kill chain, 6–8
  • Cybersecurity Framework, 564
  • cyclic redundancy check (CRC), 447
  • D
  • Damn Vulnerable Web Application (DVWA), 492
  • dark web, 269
  • darknet, 269
  • data
    • classification of, 548–550
    • hiding, 311–313
    • at rest, 60, 538
    • in use, 537
  • data breach, cloud computing and, 600
  • Data Encryption Standard (DES), 522–523
  • Data Link layer (Layer 2), in OSI model, 19, 20
  • data offset field, 36
  • database considerations, 561–563
  • dead box access, 539
  • deauthentication attack, 455–458
  • debugging, dynamic analysis and, 345–349
  • Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) vulnerability, 173
  • deep packet inspection (DPI), 75
  • defense evasion stage, in ATT&CK Framework, 70
  • defense in breadth network design, 86–87, 504–506
  • defense in depth network design, 84–86, 504–506
  • defensible network architecture, 87, 506–508
  • delivery stage, of cyber kill chain, 7–8
  • demilitarized zone (DMZ), 42, 506
  • denial-of-service (DoS) attack, 62, 492–497
  • deployment, cloud, 586–598
  • destination address field, 31
  • destination port field, 36
  • Detect function, 565
  • detecting, 214–215
  • devices, 467–471, 606
  • DevOps, 87
  • DevSecOps, 87
  • Diffie, Whitfield, 225, 520
  • Diffie-Hellman (DH) algorithm, 225, 520–521, 523
  • dig tool, 129–130
  • directory traversal, 489–490
  • disassembly, static analysis and, 333–335
  • discovery stage, in ATT&CK Framework, 71
  • Discovery tab (Nessus), 197–198
  • Discretionary Security Property, 552
  • disk encryption, 538–541
  • distributed denial of service (DDoS), 494
  • Distributed Network Protocol (DNP), 146
  • dm-crypt, 540
  • DNS spoofing, 394–397
  • dnsrecon tool, 131–132
  • Document Object Model (DOM), 483–484
  • domain, 371
  • Domain Name System (DNS), 71, 124–136
  • domain registrars, open source intelligence and, 101–105
  • DomainManager, 102
  • dotted quads, 31–32
  • drives, encrypted, 539
  • dropper, 328
  • dynamic analysis, 340–349
  • Dynamic Host Configuration Protocol (DHCP) server, 428
  • E
  • EC-Council, 6
  • 802.1X standard, 446, 448
  • 802.11 standard, 440–441, 448
  • Elastic Compute Cloud (EC2), 47
  • Elastic Kubernetes Service (EKS), 559
  • Elastic Stack, 83
  • Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system, 100–101
  • Elk Cloner virus, 322
  • elliptic curve cryptography (ECC), 526–527
  • encrypted drives, 539
  • encryption
    • about, 517
    • Diffie-Hellman, 520–521
    • disk, 538–541
    • file, 538–541
    • substitution ciphers, 517–520
    • Wi-Fi, 446–450
  • encryptors, 331–333
  • endpoint detection and response (EDR), 81–83, 295–296, 360
  • enforcement rules (ERs), 553
  • enum4linux tool, 243–245
  • enumeration
    • about, 11, 222–223
    • remote procedure calls, 226–232
    • review question answers, 627–629
    • review questions, 259–262
    • Server Message Block (SMB), 232–245
    • service, 223–226
    • Simple Mail Transfer Protocol (SMTP), 247–250
    • Simple Network Management Protocol (SNMP), 245–247
    • web-based, 250–257
  • escalate privileges stage, 8, 9, 502
  • establish foothold stage, 8, 9, 502
  • EternalBlue vulnerability, 274–276, 326–327
  • Ethernet, 20
  • ethical hacking, 2, 5–13
  • ethics, 2–4
  • Ettercap, 394–395
  • evasion, 211–214, 295–296
  • event, 507
  • evil twin attack, 458–460
  • Executable and Linkable Format (ELF) file, 354
  • execution stage, in ATT&CK Framework, 70
  • exfiltration stage, in ATT&CK Framework, 72
  • exploitation. See system compromise
  • exploitation stage, of cyber kill chain, 7, 8
  • Exploit-DB package, 274–276
  • exploits, searching for, 265–269
  • Extended Binary Coded Decimal Interchange Code (EBCDIC), 19–20
  • Extensible Authentication Protocol (EAP), 447, 448
  • eXtensible Markup Language (XML), 482–483, 594
  • F
  • Face ID (Apple), 416
  • Facebook, 111–114, 580
  • Factory Interface Network Service (FINS), 146
  • false acceptance rates (FARs), 417
  • false negative, 184, 417
  • false positive, 183–184, 417
  • Farmer, Dan, 184
  • file encryption, 538–541
  • file path traversal, 489–490
  • file traversal, 489–490
  • FileVault, 538, 540
  • fingerprint scanners, 416
  • Firebug, 141
  • FireEye Labs Advanced Reverse Engineering (FLARE), 329
  • FireEye Mandiant, 8
  • firewalls, 72–73
  • Five Functions, 564
  • flags field, 30–31
  • footprinting and reconnaissance
    • about, 10, 98–99
    • Domain Name System (DNS), 124–136
    • open source intelligence, 99–124
    • passive reconnaissance, 136–139
    • review question answers, 622–624
    • review questions, 150–153
    • technology intelligence, 144–147
    • website intelligence, 139–143
  • forced browsing, 597
  • 419 scam, 411–412
  • fping, 157–159
  • Fraggle attack, 497
  • fragment offset field, 31
  • fragmentation, as an evasion technique, 212
  • fragroute, 209–211, 212
  • frame, 369
  • Frame Relay, 20
  • full mesh network, 26
  • fully qualified domain name (FQDN), 124
  • fuzzing, 292–295
  • G
  • gaining access, 11–12
  • Ghidra, 338–340
  • GoDaddy, 102
  • Google, 47, 467–468, 469, 580
  • Google Chrome, 142–143, 531
  • Google Compute, 598
  • Google Docs, 50
  • Google Drive, 45–46
  • Google hacking, 144–146
  • Google Rapid Response (GRR), 82
  • governmental data classification, 549
  • Graham, Robert, 176
  • gray-hat hackers, 4
  • Greenbone Security Assistant (GSA), 185
  • group temporal key (GTK), 448
  • guidelines, security, 68
  • H
  • H.323, 75–76
  • half-open scan, 162
  • hash algorithm, 280
  • hashdump command, 276
  • hashing, cryptographic, 534–536
  • header length field, 30
  • headers, in IP, 29–31
  • Health Insurance Portability and Accountability Act (HIPAA), 43
  • heap spraying, 500
  • Hellman, Martin, 225, 520
  • hide/obscure the data, as an evasion technique, 211–212, 311–313
  • Highway Addressable Remote Transducer Protocol, 146
  • honeypot, 506
  • host tool, 127–128
  • hostapd tool, 428
  • hping, 204–207
  • human interface device (HID), 611
  • human-machine interface (HMI), 611
  • hybrid cryptosystem, 525
  • hybrid network, 26–27
  • Hypertext Markup Language (HTML), 356, 481, 576–577
  • Hypertext Transport Protocol (HTTP), 19, 71, 555, 576–577, 585, 593
  • I
  • I Love You virus, 322, 409–410
  • IBM 360, 574–575
  • iCloud, 45–46
  • IDA Free, 345
  • IDA Pro, 345
  • identification field, 30
  • identity and access management (IAM), 583, 598
  • Identity function, 565
  • iDevices, 606–607
  • Immunity Debugger, 345
  • impact stage, in ATT&CK Framework, 72
  • impersonation, as a social engineering vector, 412
  • industrial, scientific, and medical (ISM) band, 440
  • Industrial Control Systems (ICSs), 146, 611–612
  • influence, theory of, 408–409
  • infrastructure, malware, 357–359
  • infrastructure as a code (IaC), 589, 591
  • infrastructure as a service (IaaS), 46–48, 578, 583
  • infrastructure network, 443
  • initial access stage, in ATT&CK Framework, 70
  • initial compromise stage, 8, 9, 502
  • initial reconnaissance stage, 8, 9, 502
  • initialization vector (IV), 524
  • insider threat, cloud computing and, 604
  • InSpy, 118
  • installation stage, of cyber kill chain, 7, 8
  • Institute of Electrical and Electronics Engineers (IEEE), 440, 446
  • integrity, in CIA triad, 61–62
  • Integrity Verification Procedure (IVP), 553
  • Intelius, 110
  • Interface Message Processor (IMP), 21
  • internal recon stage, 8, 9, 502
  • International Organization for Standardization (ISO), 18, 67
  • Internet Assigned Numbers Authority (IANA), 102–103
  • Internet Control Message Protocol (ICMP), 38–40, 71, 73
  • Internet Corporation for Assigned Names and Numbers (ICANN), 102
  • Internet Engineering Task Force (IETF), 29–30
  • Internet of Things (IoT), 51, 146–147, 574, 604–610, 614–615, 646–647
  • Internet Packet Exchange (IPX), 29
  • Internet Protocol (IP), 20, 29–34
  • Internet Relay Chat (IRC) protocol, 357–358
  • intrusion detection systems (IDSs), 77–80
  • intrusion prevention systems (IPSs), 80–81
  • Invocation Property, 551
  • Invoke-Obfuscation cmdlet, 296
  • IP Security (IPSec), 43
  • iptables tool, 428
  • IPv4, 31–32
  • IPv6, 31–32
  • iris scanning, 416
  • ISO 27001, 566
  • isolation, network, 41–43
  • J
  • Java Development Kit (JDK), 338
  • JavaScript Object Notation (JSON), 359, 562, 592
  • JBoss, 481, 578
  • job sites, 123–124
  • John the Ripper, 280–282
  • Joint Photographic Experts Group (JPEG), 20
  • jump, 334–335
  • junk mail providers, 105
  • Just Works, 463
  • K
  • Kaminsky, Dan, 3–4
  • Kerberoasting, 284–288
  • key distribution center (KDC), 286
  • key reinstallation, 460–461
  • Key Reinstallation Attack (KRACK), 451, 461
  • Kibana, 83
  • Krebs, Brian, 493–494, 495
  • L
  • Lambda, 560, 587
  • lateral movement stage, in ATT&CK Framework, 71, 502–504
  • Latin America and Caribbean Network Information Centre (LACNIC), 105
  • layered system, 594
  • legacy, 497
  • lift-and-shift approach, 586
  • Lightweight Extensible Authentication Protocol (LEAP), 450
  • liking, in theory of influence, 409
  • LinkedIn, 115–118
  • Linux, 610
  • Linux Unified Key Setup (LUKS), 540
  • listening services, 561
  • living off the land, 291–292, 504
  • load balancing, 589
  • Local Area Network (LAN), 41
  • local area network denial (LAND), 497
  • Lockheed Martin, 7
  • log manipulation, 310–311
  • logging, 88–90
  • logic bombs, 322
  • long-distance bluesnarfing, 466
  • low and slow, as an evasion technique, 212
  • Low Orbit Ion Cannon (LOIC), 494
  • LucidChart, 579, 584
  • M
  • mail marketing companies, 105
  • maintain presence stage, 8, 9, 503
  • maintaining access, 12
  • malformed data, as an evasion technique, 212
  • Maltego, 122
  • malware
    • about, 320–321
    • analysis, 328–349
    • antivirus solutions, 359–360
    • botnet, 324–325
    • creating, 329–357
    • dropper, 328
    • infrastructure, 357–359
    • persistence, 360–361
    • ransomware, 326–328
    • review question answers, 632–634
    • review questions, 363–366
    • Trojan, 324
    • types, 321–328
    • virus, 321–322
    • worm, 323–324
  • man traps, 415–416
  • management information bases (MIBs), 246–247
  • man-in-the-middle attack, 61
  • masscan, 176–178
  • maximum transmission unit (MTU), 369
  • Maze ransomware, 327
  • mdk3/4, 461–462
  • media access control (MAC) address, 20, 27–28, 390–391, 606
  • MegaPing, 159–161, 178–180
  • mesh network, 25–26
  • message authentication code (MAC), 447, 534
  • Message Digest 5 (MD5), 283, 336, 534–535
  • Message Queuing Telemetry Transport (MQTT), 51
  • Metasploit
    • about, 180–182, 240–242
    • creating malware using, 353–356
    • exploitation and, 300
    • looking for vulnerabilities with, 202–203
    • modules, 270–274
    • registry persistence from, 304–305
    • sunrpc scanner, 227–228
  • Meterpreter, 276–279, 305–306, 313
  • methodologies, for ethical hacking, 6–13
  • methods, 586
  • Metropolitan Area Network (MAN), 41
  • Microsoft, 47, 48, 50
  • Microsoft Azure, 48, 587, 609
  • Microsoft Hyper-V server, 590–591
  • Microsoft Office 365 (O365), 586
  • Microsoft security bulletins (MSSB), 297
  • mimikatz module, 277
  • Mitnick, Kevin, 8, 411
  • MITRE (website), 72
  • MITRE ATT&CK Framework, 69–72
  • mobile devices, 467–471
  • model-view-controller (MVC) design, 553–557
  • mod_security, 491
  • ModSecurity, 76
  • modules, Metasploit, 270–274
  • Morris, Robert T., 323
  • move laterally stage, 8, 9, 502
  • msfconsole, 253, 271–272, 276, 288–290, 353
  • msfvenom program, 305, 354
  • Multiprotocol Label Switching (MPLS), 43
  • multistation access units (MAUs), 24
  • multitenancy, 577
  • MySQL Server, 486–487
  • N
  • name lookups, 125–130
  • National Institute of Standards and Technology (NIST), 67, 522, 564
  • National Security Agency (NSA), 202
  • nbstat program, 233–235
  • nbtscan, scanning networks with, 242–243
  • near-field communication (NFC), 463
  • Nessus, 196–202
  • net utility, 235–236
  • NetBIOS, 232, 233–234, 239
  • netcat, 301, 353
  • NetFlow, 507
  • network access control (NAC), 450
  • Network Control Program (NCP), 21
  • Network File Server (NFS), 226–227
  • network interface cards (NICs), 369
  • Network layer (Layer 3), in OSI model, 19, 20
  • network stacks, 17
  • network vulnerability tests (NVTs), 187–188
  • networks/networking
    • about, 16
    • architectures, 40–44
    • cloud computing, 44–51
    • communications models, 17–22
    • Internet Control Message Protocol (ICMP), 39–40
    • IP, 29–34
    • network types, 40–41
    • physical, 27–29
    • review question answers, 618–619
    • review questions, 54–56
    • TCP, 34–38
    • testing, 451
    • topologies, 22–27
    • UDP, 38–39
    • Wi-Fi types, 442–444
  • Nigerian Prince scam, 411–412
  • Nimda worm, 323
  • NIST Special Publication 800-53, 566
  • nmap, 162, 223–226, 237–238
  • nmbd process, 232
  • Node.js, 358–359
  • nonrepudiation, 525–526
  • NoSQL, 123, 561, 563
  • Not Evil, 269
  • nslookup tool, 128–129
  • n-tier design, 553–557
  • O
  • obfuscating, 356–357
  • Object Exchange (OBEX), 466
  • octets, 31
  • Office Online, 50
  • Official data classification, 549
  • OllyDbg, 345, 346
  • OmniGraffle, 579
  • 100Base TX, 20
  • 1000BaseT, 20
  • Online Certificate Status Protocol (OCSP), 531
  • Open Authentication, 445
  • open source intelligence
    • about, 99
    • companies, 99–100
    • domain registrars, 101–105
    • Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system, 100–101
    • people, 108–111
    • regional Internet registries, 105–107
    • social networking, 111–124
  • Open Systems Interconnection (OSI) model, 18–21, 203, 369
  • Open Vulnerability Assessment System (OpenVAS), 184–195
  • Open Web Application Security Project (OWASP), 491, 601
  • OpenBSD system, 140
  • OpenStack, 585
  • operand, 333
  • operational technology, 610–612
  • options field, 37
  • Oracle, 561
  • organizationally unique identifier (OUI), 606
  • overlaps, as an evasion technique, 212
  • P
  • packers, 331–333
  • packet, 29
  • packet analysis, 385–390
  • packet capture, 368–384
  • packet capture (PCAP) file format, 375
  • packet crafting, 203–211
  • packet filtering, 73–74
  • packETH, 207–209
  • pairwise master key (PMK), 448
  • Palo Alto Networks, 116
  • Parker, Donn, 63
  • Parkerian hexad, 63
  • passive DNS, 133–136
  • passive reconnaissance, 136–139
  • password cracking, 279–288
  • passwords, gathering, 276–279
  • payload, 354, 369
  • Payment Card Industry (PCI), 43
  • PE Detective, 332
  • PeekYou, 110
  • penetration testing. See ethical hacking
  • people, open source intelligence and, 108–111
  • Perl-compatible regular expressions (PCRF), 490
  • persistence, 12, 304–307, 360–361
  • persistence stage, in ATT&CK Framework, 70
  • persistent cross-site scripting, 483
  • phishing attacks, 412, 418–422
  • phone calls, as a form of physical social engineering, 417–418
  • Physical layer (Layer 1), in OSI model, 19, 20
  • physical networking, 27–29
  • physical social engineering, 413–418
  • ping sweeps, 157–161
  • Pipl, 110
  • pivoting, 301–304
  • platform as a service (PaaS), 48–49, 578–579, 583
  • Plaxo, 115
  • Plugins tab (Nessus), 197
  • pointer (PTR) record, 370
  • policies, security, 66–67
  • polyalphabetic cipher, 519
  • polymorphisms, 212
  • port mirroring/spanning, 384
  • port scanning
    • about, 161–162
    • detailed information, 167–169
    • masscan, 176–178
    • MegaPing, 178–180
    • Metasploit, 180–182
    • nmap, 162
    • scripting, 169–174
    • TCP scanning, 162–165
    • UDP scanning, 165–167
    • Zenmap, 174–176
  • portable executable (PE) file format, 330, 354
  • possession (control), in Parkerian hexad, 63
  • post exploitation
    • about, 295
    • covering tracks, 307–313
    • evasion, 295–296
    • persistence, 304–307
    • pivoting, 301–304
    • privilege escalation, 296–301
  • Postel, Joe, 102
  • PowerShell, 291, 504, 591–592
  • Presentation layer (Layer 6), in OSI model, 19–20
  • pre-shared key (PSK), 428, 520
  • pretexting, 410–412
  • Pretty Good Privacy (PGP), 109, 536–537
  • private cloud, 585
  • Private data classification, 549
  • privilege escalation, 296–301
  • privilege escalation stage, in ATT&CK Framework, 70
  • probability, 64–65
  • procedures, 68, 586
  • process injection, 308–310
  • programmable logic controllers (PLCs), 611
  • Project Athena, 284
  • properties, static analysis and, 335–336
  • Protect function, 565
  • Protected Extensible Authentication Protocol (PEAP), 450
  • protecting, 214–215
  • protocol data units (PDUs), 27
  • protocol field, 31
  • protocol stacks. See network stacks
  • protocols, 18
  • public cloud, 585
  • Public data classification, 549
  • public key cryptography. See asymmetric key cryptography
  • public key infrastructure (PKI), 528
  • Python, 350
  • Q
  • quality of detection (QoD), 194
  • R
  • race condition, 65
  • radio frequency identification (RFID) device, 413–414
  • Rain Forest Puppy Policy (RFP/RFPolicy), 3
  • rainbow tables, 282–284
  • ransomware, 326–328
  • raw sockets, 206
  • rcrack, running with rainbow tables, 284
  • Real-time Transport Protocol (RTP), 76
  • reciprocity, in theory of influence, 409
  • Recon plugin, 139
  • reconnaissance stage, 7, 10, 69
  • Recover function, 565
  • recursive name query/resolution, 125
  • red teaming, 5–6
  • reduction function, 284
  • reflected cross-site scripting, 483
  • regex denial of service (ReDoS), 490–491
  • regional Internet registry (RIR), open source intelligence and, 105–107
  • register, 333
  • remote access, to networks, 43–44
  • remote method invocation (RMI), 228–232
  • Remote Method Invocation (RMI), 557
  • Remote Procedure Call (RPC), 20, 226–232, 557
  • Report tab (Nessus), 198
  • Representational State Transfer (REST), 358, 557, 593–594
  • request for comments (RFC) document, 29–30
  • Réseaux IP Européens Network Coordination Centre (RIPE NCC), 105
  • reserved field, 36
  • resource consumption, as an evasion technique, 213
  • resource development stage, in ATT&CK Framework, 69
  • Respond function, 565
  • responsible disclosure, 3
  • responsive design, 588–589
  • Restricted data classification, 549
  • retinal scanning, 416
  • reverse connection, 353
  • reverse lookup, 370
  • review questions/answers. See specific topics
  • Rijndael cipher, 523
  • ring network, 24–25
  • risk, 64–66
  • Rivest Cipher 4 (RC4) encryption algorithm, 446
  • Rivest-Shamir-Adleman (RSA) algorithm, 380, 524–525
  • rogue attacks, 426–427
  • rootkits, 307–308
  • rotation cipher, 517–520
  • routing, 20–21
  • rtgen, using for rainbow tables, 283–284
  • Rubeus tool, 286, 288
  • S
  • S3 buckets, 581, 601
  • Samba package, 232
  • sandboxing, 340, 469
  • scan configs, in OpenVAS, 187–190
  • scan results, 193–195
  • scan tasks, 190–192
  • scanning, 11, 463–465
  • scanning networks
    • about, 156–157
    • evasion techniques, 211–214
    • packet crafting and manipulation, 203–211
    • ping sweeps, 157–161
    • port scanning, 161–182
    • protecting and detecting, 214–215
    • review question answers, 624–626
    • review questions, 217–220
    • vulnerability scanning, 183–203
  • scarcity, in theory of influence, 409
  • screen blindness, as an evasion technique, 213
  • scripting, 169–174, 591
  • scripts, nmap, 237–238
  • searching, for exploits, 265–269
  • searchsploit program, 266–268, 274–275
  • Secret data classification, 549
  • Secure Hash Algorithm 1 (SHA-1), 535–536
  • Secure Shell (SSH), 503
  • Secure Sockets Layer (SSL), 43, 523
  • secure state, 552
  • Secure/Multipurpose Internet Mail Extensions (S/MIME), 537
  • security
    • about, 58
    • CIA triad, 59–63
    • guidelines, 68
    • organizing, 69–72
    • policies, 66–67
    • preparation, 84–92
    • procedures, 68
    • review question answers, 619–621
    • review questions, 93–96
    • risk, 64–66
    • standards, 67–68
    • technology, 72–84
  • Security Administrator's Integrated Network Tool (SAINT), 184
  • Security Analysis Tool for Auditing Networks (SATAN), 184
  • security architecture and design, 548–571, 645–646
  • Security Auditors Research Assistant (SARA), 184
  • security control, 565
  • security information and event management (SIEM), 83–84, 507
  • security models, 550–553
  • security operation center (SOC), 84
  • security support provider (SSP), 277
  • self-propagation, 323
  • self-signed certificates, 532–534
  • sequence number field, 36
  • Server Message Block (SMB) protocol, 172, 232–242
  • service enumeration, 223–226
  • service level agreement (SLA), 68
  • service set identifier (SSID), 445
  • service-oriented architecture, 557–559
  • services, 589–590
  • session border controller (SBC), 75–76
  • Session Initiation Protocol (SIP), 75–76
  • session key, 460–461
  • Session layer (Layer 5), in OSI model, 19, 20
  • sessions command, 299
  • Severe Hash Algorithm (SHA), 336
  • SHA-384, 450
  • Shadow Brokers, 202
  • shared responsibility model, 583–585
  • shell, 291, 489
  • shellcode, 267–268, 499, 502
  • Shodan, 146–147, 607
  • signature, 212
  • Simple Authority, 528, 532
  • simple data classification, 549
  • Simple Identity Property, 551
  • Simple List, 595
  • Simple Mail Transfer Protocol (SMTP), 88, 247–250
  • Simple Network Management Protocol (SNMP), 245–247
  • Simple Secure Pair (SSP), 463
  • Simple Security Property, 552
  • simple service discovery protocol (SSDP), 372
  • single crack mode, 280
  • slow attacks, 495–496
  • slowhttptest program, 495–496
  • smbd process, 232
  • smishing, 412, 470–471
  • Smurf attacks, 493
  • sniffing, 368–399, 402–405, 451–455, 635–636
  • Snort identification number (SID), 79
  • social engineering, 408–433, 435–438, 636–638
  • social networking, open source intelligence and, 111–124
  • social proof, in theory of influence, 409
  • Social-Engineer Toolkit (SET), 430–433
  • sockets, raw, 206
  • software as a service (SaaS), 49–51, 579–580, 584
  • Song, Dug, 391
  • source address field, 31
  • source port field, 35
  • split DNS, 130–131, 136
  • spoofing attacks, 390–399
  • spoofing detection, 398–399
  • SQL injection, 485–487, 561
  • SQLite database, 562
  • SSH2, 224–225
  • sslstrip program, 397–398, 459
  • SSL/TLS, 380
  • stack, 498
  • stack canary, 500
  • standards, security, 67–68
  • star network, 23–24
  • * (star) Property, 551, 552
  • start of authority record (SOA), 133
  • state machine model, 550–551
  • stateful filtering, 74–75
  • stateless, 594
  • static analysis, 329–340
  • storage as a service (StaaS), 45–46, 580, 584
  • stream cipher, 522
  • Structured Query Language (SQL), 481, 492, 602
  • subnetting, 33–34
  • substitution ciphers, 517–520
  • SunRPC, 226–228
  • supervisory control and data acquisition (SCADA), 611–612
  • Switched Port Analyzer (SPAN), 384
  • switching, 28–29
  • symmetric key cryptography, 521–524
  • SYN, 497
  • sysinfo command, 276
  • syslog, 88
  • system compromise, 269–276
  • system hacking
    • about, 264–265
    • client-side vulnerabilities, 289–291
    • fuzzing, 292–295
    • gathering passwords, 276–279
    • living off the land, 291–292
    • password cracking, 279–288
    • post exploitation, 295–313
    • review question answers, 629–632
    • review questions, 315–318
    • searching for exploits, 265–269
    • system compromise, 269–276
  • T
  • tactics, techniques, and procedures (TTPs), 69–72
  • targets, setting up in OpenVAS, 185–187
  • tcdump, 452–454
  • TCP, 20, 34–38
  • TCP scanning, 162–165
  • tcpdump, packet capture and, 369–376
  • TCP/IP architecture, 21–22
  • technology
    • operational, 610–612
    • security, 72–84
  • technology intelligence
    • about, 144
    • Google hacking, 144–146
    • Internet of Things (IoT), 146–147
  • Temporal Key Integrity Protocol (TKIP), 447
  • 10Base2, 20
  • 10BaseT, 20
  • terminators, 22
  • Terraform, 591
  • testing, 451, 492, 604
  • theHarvester, 108–110, 111
  • theory of influence, 408–409
  • The Onion Router (Tor), 269, 602
  • threat agent/actor, 65–66
  • threat vector, 65–66
  • three-way handshake, 37, 495
  • ticket granting service (TGS), 286
  • ticket granting ticket (TGT), 286
  • time management, 313
  • time to live (TTL), 133
  • time to live field, 31
  • Tomcat, 481, 578
  • Top Secret data classification, 549
  • top-level domains (TLDs), 124
  • topologies, 16, 22–27
  • total length field, 30
  • tracks, covering, 12–13
  • Transformation Procedures (TPs), 553
  • Transmission Control Protocol (TCP), 74, 161–162
  • Transport layer (Layer 4), in OSI model, 19, 20
  • Transport Layer Security (TLS), 43, 516, 523
  • Trend Micro software, 469
  • Triple DES (3DES), 522
  • Trojan, 324
  • true negative, 184
  • true positive, 184
  • trusted platform module (TPM), 538
  • trusted third party, 531–532
  • tshark, packet capture and, 376–378
  • tunneling, as an evasion technique, 213
  • Twitter, 118–122
  • Twitter Digger X, 122
  • type of service field, 30
  • typosquatting, 426
  • U
  • UDP, 20, 38–39
  • UDP scanning, 165–167
  • Unclassified data classification, 549
  • Unconstrained Data Items (UDIs), 553
  • Unicode, 19–20
  • unified threat management (UTM), 77, 506
  • uniform interface, 594
  • Uniform Resource Identifier (URI), 125
  • Uniform Resource Locator (URL), 250
  • universal plug and play (UPnP), 372
  • UPX packer, 332–333
  • urgent pointer field, 37
  • URL hijacking, 426
  • Usenet, 517
  • User Datagram Protocol (UDP), 74, 161–162
  • utility, in Parkerian hexad, 63
  • V
  • vectors, social engineering, 412
  • Venema, Wietse, 184
  • version field, 30
  • Vigenère, Blaise de, 519
  • Vigenère cipher, 519
  • Virtual Local Area Network (VLAN), 20, 41, 508
  • virtual machines (VMs), infrastructure as a service (IaaS) and, 47
  • Virtual Private Networks (VPNs), 43–44
  • virus, 321–322
  • VirusTotal, 336–338
  • vishing, as a social engineering vector, 412
  • Visio, 579
  • VMWare, 329
  • VMware ESXi server, 590–591
  • voiceprint, 417
  • VRFY command, 247–250
  • vulnerabilities, client-side, 288–291
  • vulnerability scanning, 183–203
  • W
  • WannaCry ransomware, 326–327
  • Wappalyzer plugin, 141
  • watering hole attack, 426
  • weaponization stage, of cyber kill chain, 7
  • web application attacks
    • about, 480–482
    • cloud computing and, 600–602
    • command injection, 487–488
    • cross-site scripting (XSS), 483–485
    • file traversal, 489–490
    • protections from, 490–492
    • SQL injection, 485–487
    • testing, 492
    • XML external entity processing, 482–483
  • web application firewall (WAF), 76–77, 491
  • web-based enumeration, 250–257
  • WebLogic, 481
  • website attacks, 422–427
  • website intelligence, 139–143
  • Welchia/Nachi worm, 323
  • white-hat hackers, 4
  • whoami command, 279
  • whole-disk encryption, 516
  • Wide Area Network (WAN), 41
  • Wi-Fi
    • about, 440–442
    • attacks, 451–462
    • authentication, 445–446
    • Bring Your Own Device (BYOD), 450–451
    • encryption, 446–450
    • network types, 442–444
  • Wi-Fi Alliance, 447
  • Wi-Fi Protected Access (WPA), 428, 447–448
  • Wi-Fi Protected Access 2 (WPA2), 448–450
  • Wi-Fi Protected Access 3 (WPA3), 450
  • Wi-Fi Protected Setup (WPS), 447–448
  • wifiphisher program, 428–430, 458
  • WildFly, 481
  • window field, 36
  • Windows Active Directory (AD), 285
  • Windows Internet Name Server (WINS), 234–235
  • Windows Registry, 361
  • Windows Remote Management (WinRM), 504
  • WinHTTtrack tool, 423–424
  • Wink, 110
  • Wired Equivalent Privacy (WEP), 428, 446–447
  • wireless ad hoc network, 442–443
  • wireless infrastructure network, 443
  • wireless security
    • about, 440
    • Bluetooth, 462–466
    • mobile devices, 467–471
    • review question answers, 638–640
    • review questions, 474–477
    • Wi-Fi, 440–462
  • wireless social engineering, 427–430
  • Wireshark, 378–382, 443–444
  • wordpress_login_enum module, 252–253
  • World Wide Web (WWW), 124
  • worm, 323–324
  • wpscan, 254–257
  • X
  • X.509 certification, 532–534, 536
  • XML external entity processing, 482–483
  • XML format, 176
  • Y
  • Yet Another Markup Language (YAML), 591
  • Z
  • Zed Attack Proxy (ZAP), 597
  • Zenmap, 174–176
  • ZeuS botnet, 325
  • Zimmerman, Phil, 536
  • zone transfers, 130–131
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.90.202.157