Home Page Icon
Home Page
Table of Contents for
Title Page
Close
Title Page
by Nick Mitropoulos
GCIH GIAC Certified Incident Handler All-in-One Exam Guide
Cover
Title Page
Copyright Page
Dedication
Contents
Acknowledgments
Introduction
Chapter 1 Building a Lab
Creating a Kali Linux Virtual Machine
Creating a Metasploitable Virtual Machine
Testing External Connectivity from Kali Linux
Testing External Connectivity from Metasploitable
Testing Communication Between Kali Linux and Metasploitable
Creating a Windows Virtual Machine
Testing Communication Between Windows, Kali Linux, and Metasploitable VMs
Linux and Windows Commands
Chapter Review
Questions
Answers
References and Further Reading
Chapter 2 Intrusion Analysis and Incident Handling
Incident Handling Introduction
Incident Handling Phases
Preparation
Building a Team
Collecting Organizational Information
Responding to an Incident
Hardware
Software
Identification
Incident Sources
Data Collection for Incident Response
Windows Investigations
Linux Investigations
Containment
Tracking and Communicating an Incident
Containment Strategies
Eradication
Recovery
Lessons Learned
Chapter Review
Questions
Answers
References and Further Reading
Chapter 3 Information Gathering
Public Website Searching
Netcraft
theHarvester
Wget
Social Media Searching
Defending Against Public Website and Social Media Searching
Using Search Engines for Information Gathering
Search Engine Query Examples
Viewing Deleted Content Through the Wayback Machine
Using Tools for Search Engine Information Gathering Automation
Recon-NG
Metagoofil
Exiftool
FOCA (Fingerprinting Organizations with Collected Archives)
SearchDiggity
Defending Against Search Engine Information Gathering
Whois Lookups
Performing Whois Lookups Using IANA and Regional Registries
Performing Whois Lookups Using Online Tools
Performing Whois Lookups Using the Command Line
Defending Against Whois Lookups
DNS Lookups
Performing DNS Lookups Using Online Tools
Nslookup
Dig
Host
DNSRecon
Defending Against DNS Lookups
War Dialing
Defending Against War Dialing
War Driving
Wireless Network Introduction
Airmon-ng
Kismet
InSSIDer
Other Tools Worth Checking
Defending Against War Driving
General-Purpose Information Gathering Tools
Maltego
Shodan
Maps
Spokeo
Grayhat Warfare
Chapter Review
Questions
Answers
References and Further Reading
Chapter 4 Scanning, Enumeration, and Vulnerability Identification
Introduction to ARP, ICMP, IP, TCP, and UDP
ARP
ICMP
IP
TCP
UDP
Network Mapping
Arp-scan
Ping
Traceroute
Zenmap
Defending Against Network Mapping
Port Scanning
Nmap
Hping3
Additional Scanning Tools
Proxy Utilization
IDS/IPS Evasion
Defending Against Port Scanning and IDS Evasion
Vulnerability Identification
Nessus
Defending Against Vulnerability Identification
Commonly Exploited Protocols: A Few Useful Examples
FTP
Telnet
SMB
Defending Against SMB Sessions
Chapter Review
Questions
Answers
References and Further Reading
Chapter 5 Vulnerability Exploitation
Tcpdump
Scenario 1: Ping Scan
Scenario 2: Reaching the Web Server
Wireshark
Scenario 1: Capture Web Traffic to Metasploitable
Scenario 2: Capture Web Traffic to Multiple Metasploitable Webpages
Metasploit
Architecture
Modules
Information Gathering
Exploiting Services
Armitage
Netcat
Different Flavors
Basic Operation
Connecting to Open Ports
File Transfers
Backdoors
Port Scanning
Relays
SET
BeEF
Chapter Review
Questions
Answers
References and Further Reading
Chapter 6 Infrastructure and Endpoint Attacks
Infrastructure Attacks
DMA Attacks
USB Attacks
Defending Against Infrastructure Attacks
Password Cracking
Techniques
Stored Password Locations and Formats
Hydra
Cain
John the Ripper
Hashcat
Defending Against Password Cracking
Pass the Hash
Defending Against Pass-the-Hash Attacks
Buffer Overflows
Identifying Buffer Overflows
Adding Code in Memory
Running the Code
Defending Against Buffer Overflows
Bypassing Endpoint Security
Chapter Review
Questions
Answers
References and Further Reading
Chapter 7 Network Attacks
IP Address Spoofing
Defending Against IP Spoofing
Network Traffic Sniffing
Passive Traffic Sniffing
Active Traffic Sniffing
Upgraded SSL Attack: SSL Stripping
Defending Against Traffic Sniffing
Session Hijacking
Defending Against Session Hijacking
Chapter Review
Questions
Answers
References and Further Reading
Chapter 8 Denial of Service Attacks
Local DoS Attacks
Remote DoS Attacks
Protocol Attacks
Application-Layer Attacks
Volumetric Attacks
Botnets
DDoS Attacks
Reflected DDoS
Pulsing Zombies
DoS/DDoS Tools
Defending Against DoS/DDoS Attacks
Chapter Review
Questions
Answers
References and Further Reading
Chapter 9 Web Application Attacks
Web Proxies
OWASP (Open Web Application Security Project)
Command Injection
Defending Against Command Injection
Account Harvesting
Defending Against Account Harvesting
SQL Injection
Normal SQL Operation
Checking for SQL Injection
Testing Manual SQL Injection Strings
Automating SQL Injection Using Burp Suite
Defending Against SQL Injection
XSS (Cross-Site Scripting)
Reflected XSS
Stored XSS
Defending Against XSS
CSRF (Cross-Site Request Forgery)
Defending Against CSRF
Nikto
WPScan
Chapter Review
Questions
Answers
References and Further Reading
Chapter 10 Maintaining Access
Malware Categories
Backdoors and Trojans
Examples of Backdoors and Trojans
Legitimate Tools Used by Attackers for Remote Control
Rootkits
User Mode Rootkits
Kernel Mode Rootkits
Malware Wrapping, Packing, and Obfuscation
Malware Analysis
Defending Against Backdoors, Trojans, and Rootkits
Chapter Review
Questions
Answers
References and Further Reading
Chapter 11 Covering Tracks and Tunneling
Log Tampering and Shell History Manipulation
Windows Logs
Linux Logs
Shell History Manipulation
Defending Against Log Tampering and Shell History Manipulation
Hiding Files and Using Steganography
Hiding Files in Linux
Hiding Files in Windows
Steganography
Defending Against Hiding Files and Using Steganography
Tunneling
ICMP Tunneling
TCP/IP Tunneling
Defending Against Tunneling
Chapter Review
Questions
Answer
References and Further Reading
Chapter 12 Worms, Bots, and Botnets
Worms
Worm Examples
Bots/Botnets
Defending Against Worms, Bots, and Botnets
Chapter Review
Questions
Answers
References and Further Reading
Appendix A Commands Index
Appendix B Tools
Appendix C Exam Index
Appendix D About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Privacy Notice
Single User License Terms and Conditions
TotalTester Online
Technical Support
Glossary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cover
Next
Next Chapter
Copyright Page
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset