Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Michael G. Solomon, Sean-Philip Oriyano
Hacker Techniques, Tools, and Incident Handling, 3rd Edition
Cover
Title Page
Copyright Page
Contents
Preface
Acknowledgments
About the Authors
CHAPTER 1 Hacking: The Next Generation
Profiles and Motives of Different Types of Hackers
Controls
The Hacker Mindset
Motivation
A Look at the History of Computer Hacking
Ethical Hacking and Penetration Testing
The Role of Ethical Hacking
Ethical Hackers and the C-I-A Triad
Common Hacking Methodologies
Performing a Penetration Test
The Role of the Law and Ethical Standards
CHAPTER 2 TCP/IP Review
Exploring the OSI Reference Model
The Role of Protocols
Layer 1: Physical Layer
Layer 2: Data Link Layer
Layer 3: Network Layer
Layer 4: Transport Layer
Layer 5: Session Layer
Layer 6: Presentation Layer
Layer 7: Application Layer
Mapping the OSI Model to Functions and Protocols
TCP/IP: A Layer-by-Layer Review
Physical or Network Access Layer
Network or Internet Layer
Host-to-Host Layer
Application Layer
CHAPTER 3 Cryptographic Concepts
Cryptographic Basics
Authentication
Integrity
Nonrepudiation
Symmetric and Asymmetric Cryptography
Cryptographic History
What Is an Algorithm or Cipher?
Symmetric Encryption
Asymmetric Encryption
Digital Signatures
Purpose of Public Key Infrastructure
The Role of Certificate Authorities (CAs)
PKI Attacks
Hashing
Common Cryptographic Systems
Cryptanalysis
Future Forms of Cryptography
CHAPTER 4 Physical Security
Basic Equipment Controls
Hard Drive and Mobile Device Encryption
Fax Machines and Printers
Voice over IP (VoIP)
Physical Area Controls
Fences
Perimeter Intrusion Detection and Assessment System (PIDAS)
Gates
Bollards
Facility Controls
Doors, Mantraps, and Turnstiles
Walls, Ceilings, and Floors
Windows
Guards and Dogs
Construction
Personal Safety Controls
Lighting
Alarms and Intrusion Detection
Closed-Circuit TV (CCTV)/Remote Monitoring
Physical Access Controls
Locks
Lock Picking
Tokens and Biometrics
Avoiding Common Threats to Physical Security
Natural, Human, and Technical Threats
Physical Keystroke Loggers and Sniffers
Wireless Interception and Rogue Access Points
Defense in Depth
CHAPTER 5 Footprinting Tools and Techniques
The Information-Gathering Process
The Information on a Company Website
Discovering Financial Information
Google Hacking
Exploring Domain Information Leakage
Manual Registrar Query
Automatic Registrar Query
Whois
Nslookup
Internet Assigned Numbers Authority (IANA)
Determining a Network Range
Tracking an Organization’s Employees
Exploiting Insecure Applications
Using Social Networks
Using Basic Countermeasures
CHAPTER 6 Port Scanning
Determining the Network Range
Identifying Active Machines
Wardialing
Wardriving and Related Activities
Pinging
Port Scanning
Mapping Open Ports
Nmap
SuperScan
Scanrand
THC-Amap
OS Fingerprinting
Active OS Fingerprinting
Passive OS Fingerprinting
Mapping the Network
Analyzing the Results
CHAPTER 7 Enumeration and Computer System Hacking
Windows Basics
Controlling Access
Users
Groups
Security Identifiers
Commonly Attacked and Exploited Services
Enumeration
How to Perform Enumeration Tasks
NULL Session
Working with nbtstat
SuperScan
Angry IP Scanner
SNScan
System Hacking
Types of Password Cracking
Passive Online Attacks
Active Online Attacks
Offline Attacks
Nontechnical Attacks
Using Password Cracking
Privilege Escalation
Planting Backdoors
Using PsTools
Rootkits
Covering Tracks
Disabling Auditing
Data Hiding
CHAPTER 8 Wireless Vulnerabilities
The Importance of Wireless Security
Emanations
Common Support and Availability
A Brief History of Wireless Technologies
802.11
802.11b
802.11a
802.11g
802.11n
802.11ac
Other 802.11 Variants
Other Wireless Technologies
Working with and Securing Bluetooth
Bluetooth Security
Working with Wireless LANs
CSMA/CD Versus CSMA/CA
Role of APs
Service Set Identifier (SSID)
Association with an AP
The Importance of Authentication
Working with RADIUS
Network Setup Options
Threats to Wireless LANs
Wardriving
Misconfigured Security Settings
Unsecured Connections
Rogue APs
Promiscuous Clients
Wireless Network Viruses
Countermeasures
Internet of Things (IoT)
Wireless Hacking Tools
NetStumbler
The inSSIDer Program
Protecting Wireless Networks
Default AP Security
Placement
Dealing with Emanations
Dealing with Rogue APs
Use Protection for Transmitted Data
MAC Filtering
CHAPTER 9 Web and Database Attacks
Attacking Web Servers
Categories of Risk
Vulnerabilities of Web Servers
Improper or Poor Web Design
Buffer Overflow
Denial of Service (DoS) Attack
Distributed Denial of Service (DDoS) Attack
Banner Information
Permissions
Error Messages
Unnecessary Features
User Accounts
Structured Query Language (SQL) Injections
Examining a SQL Injection
Vandalizing Web Servers
Input Validation
Cross-Site Scripting (XSS) Attack
Anatomy of Web Applications
Insecure Logon Systems
Scripting Errors
Session Management Issues
Encryption Weaknesses
Database Vulnerabilities
Database Types
Vulnerabilities
Locating Databases on the Network
Database Server Password Cracking
Locating Vulnerabilities in Databases
Out of Sight, Out of Mind
Cloud Computing
CHAPTER 10 Malware
Malware
Malware’s Legality
Types of Malware
Malware’s Targets
Viruses and How They Function
Viruses: A History
Types of Viruses
Prevention Techniques
Worms and How They Function
How Worms Work
Stopping Worms
The Power of Education
Antivirus and Firewalls
Significance of Trojans
Methods to Get Trojans onto a System
Targets of Trojans
Known Symptoms of an Infection
Detection of Trojans and Viruses
Vulnerability Scanners
Antivirus/Anti-Malware
Trojan Tools
Distribution Methods
Using Wrappers to Install Trojans
Trojan Construction Kits
Backdoors
Covert Communication
The Role of Keystroke Loggers
Software
Port Redirection
Spyware
Methods of Infection
Bundling with Software
Adware
Scareware
Ransomware
CHAPTER 11 Sniffers, Session Hijacking, and Denial of Service Attacks
Sniffers
Passive Sniffing
Active Sniffing
Sniffing Tools
What Can Be Sniffed?
Session Hijacking
Identifying an Active Session
Seizing Control of a Session
Session Hijacking Tools
Thwarting Session Hijacking Attacks
Denial of Service (DoS) Attacks
Categories of DoS Attacks
Tools for DoS Attacks
Distributed Denial of Service (DDoS) Attacks
Some Characteristics of DDoS Attacks
Tools for DDoS Attacks
Botnets and the Internet of Things (IoT)
CHAPTER 12 Linux and Penetration Testing
Linux
Introducing Kali Linux
Some of the Basics of Working with Linux
A Look at the Interface
Basic Linux Navigation
Important Linux Directories
Commonly Used Commands
The Basic Command Structure of Linux
Live CDs
Special-Purpose Live CDs/DVDs
Virtual Machines
CHAPTER 13 Social Engineering
What Is Social Engineering?
Types of Social Engineering Attacks
Phone-Based Attacks
Dumpster Diving
Shoulder Surfing
Attacks Through Social Media
Persuasion/Coercion
Reverse Social Engineering
Technology and Social Engineering
Your Browser as a Defense Against Social Engineering
Other Good Practices for Safe Computing
Best Practices for Passwords
Know What the Web Knows About You
Creating and Managing Your Passwords
Invest in a Password Manager
Social Engineering and Social Networking
Questions to Ask Before You Post
An Overview of the Risks in Social Networking
Social Networking in a Corporate Setting
Particular Concerns in a Corporate Setting
Facebook Security
CHAPTER 14 Incident Response
What Is a Security Incident?
The Incident Response Process
Incident Response Policies, Procedures, and Guidelines
Phases of an Incident and Response
Incident Response Team
Incident Response Plans
The Role of Business Continuity Plans
Recovering Systems
Business Impact Analysis
Planning for Disaster and Recovery
Testing and Evaluation
Preparation and Staging of Testing Procedures
Frequency of Tests
Analysis of Test Results
Evidence Handling and Administration
Evidence Collection Techniques
Security Reporting Options and Guidelines
Requirements of Regulated Industries
CHAPTER 15 Defensive Technologies
Defense in Depth
Intrusion Detection Systems
IDS Components
Components of a NIDS
Components of a HIDS
Setting Goals
Accountability
Limitations of an IDS
Investigation of an Event
Analysis of Information Collected
Intrusion Prevention Systems
The Purpose of Firewalls
How Firewalls Work
Firewall Methodologies
Limitations of a Firewall
Implementing a Firewall
Authoring a Firewall Policy
Honeypots/Honeynets
Goals of Honeypots
Legal Issues
The Role of Controls
Administrative Controls
Technical Controls
Physical Controls
Security Best Practices
Security Information and Event Management (SIEM)
Sources for Guidance
APPENDIX A Answer Key
APPENDIX B Standard Acronyms
Glossary of Key Terms
References
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Title Page
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset