Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
CEH Certified Ethical Hacker Cert Guide
Taschenbuch von Michael Gregg (u. a.)
Sprache: Englisch

59,50 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

Aktuell nicht verfügbar

Kategorien:
Beschreibung

Every feature of this book supports both efficient exam preparation and long-term mastery:

  • Opening Topics Lists identify the topics students need to learn in each chapter and list EC-CouncilGÇÖs official exam objectives
  • Key Topics figures, tables, and lists call attention to the information that is most crucial for exam success
  • Exam Preparation Tasks enable students to review key topics, define key terms, work through scenarios, and answer review questionsGǪgoing beyond mere facts to master the concepts that are crucial to passing the exam and enhancing career credentials
  • Key Terms are listed in each chapter and defined in a complete glossary, explaining essential terminology within the field

This study guide helps students master all the topics on the latest CEH exam, including:

  • Ethical hacking basics
  • Technical foundations of hacking
  • Footprinting and scanning
  • Enumeration and system hacking
  • Social engineering, malware threats, and vulnerability analysis
  • Sniffers, session hijacking, and denial of service
  • Web server hacking, web applications, and database attacks
  • Wireless technologies, mobile security, and mobile attacks
  • IDS, firewalls, and honeypots
  • Cryptographic attacks and defenses
  • Cloud computing, IoT, and botnets

Every feature of this book supports both efficient exam preparation and long-term mastery:

  • Opening Topics Lists identify the topics students need to learn in each chapter and list EC-CouncilGÇÖs official exam objectives
  • Key Topics figures, tables, and lists call attention to the information that is most crucial for exam success
  • Exam Preparation Tasks enable students to review key topics, define key terms, work through scenarios, and answer review questionsGǪgoing beyond mere facts to master the concepts that are crucial to passing the exam and enhancing career credentials
  • Key Terms are listed in each chapter and defined in a complete glossary, explaining essential terminology within the field

This study guide helps students master all the topics on the latest CEH exam, including:

  • Ethical hacking basics
  • Technical foundations of hacking
  • Footprinting and scanning
  • Enumeration and system hacking
  • Social engineering, malware threats, and vulnerability analysis
  • Sniffers, session hijacking, and denial of service
  • Web server hacking, web applications, and database attacks
  • Wireless technologies, mobile security, and mobile attacks
  • IDS, firewalls, and honeypots
  • Cryptographic attacks and defenses
  • Cloud computing, IoT, and botnets
Über den Autor

Michael Gregg (CISSP, SSCP, CISA, MCSE, MCT, CTT+, A+, N+, Security+, CCNA, CASP, CISA, CISM, CEH, CHFI, and GSEC) directs the cybersecurity operations for a multinational organization that operates facilities worldwide. As the CISO, Michael is responsible for securing the organization's assets on a global scale. Michael is responsible for developing cost-effective and innovative technology solutions for security issues and for evaluating emerging technologies.

He has more than 20 years of experience in the IT field and holds two associate's degrees, a bachelor's degree, and a master's degree. In addition to coauthoring the first, second, and third editions of Security Administrator Street Smarts, Michael has written or coauthored more than 20 other books.

Michael has testified before a U.S. congressional committee, has been quoted in newspapers such as the New York Times, and was featured on various television and radio shows, including NPR, ABC, CBS, Fox News, and others, discussing cybersecurity and ethical hacking. He has created more than a dozen IT security training classes. He has created and performed video instruction on many security topics, such as cybersecurity, CISSP, CISA, Security+, and others.

When not working, speaking at security events, or writing, Michael enjoys 1960s muscle cars and has a slot in his garage for a new project car.

Omar Santos is an active member of the cybersecurity community. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of their critical infrastructure. Omar is the lead of the DEF CON Red Team Village, the chair of the OASIS Common Security Advisory Framework (CSAF), and has been the leader of several working groups in the Industry Consortium for Advancement of Security on the Internet (ICASI) and the Forum of Incident Response and Security Teams (FIRST).

Omar is the author of more than 20 books and video courses and numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities. Omar has been quoted by numerous media outlets, such as The Register, Wired, ZDNet, ThreatPost, CyberScoop, TechCrunch, Fortune, Ars Technica, and more. Additional information about Omar can be obtained from [...] and [...]. You can follow Omar on Twitter at [...]

Inhaltsverzeichnis

Introduction xxvii
Chapter 1 An Introduction to Ethical Hacking 3
"Do I Know This Already?" Quiz 3
Foundation Topics 7
Security Fundamentals 7
Goals of Security 8
Risk, Assets, Threats, and Vulnerabilities 9
Backing Up Data to Reduce Risk 11
Defining an Exploit 12
Risk Assessment 13
Security Testing 14
No-Knowledge Tests (Black Box) 14
Full-Knowledge Testing (White Box) 15
Partial-Knowledge Testing (Gray Box) 15
Types of Security Tests 15
Incident Response 17
Cyber Kill Chain 18
Hacker and Cracker Descriptions 19
Who Attackers Are 20
Ethical Hackers 21
Required Skills of an Ethical Hacker 22
Modes of Ethical Hacking 23
Test Plans--Keeping It Legal 25
Test Phases 27
Establishing Goals 28
Getting Approval 29
Ethical Hacking Report 29
Vulnerability Research and Bug Bounties--Keeping Up with Changes 30
Ethics and Legality 31
Overview of U.S. Federal Laws 32
Compliance Regulations 34
Payment Card Industry Data Security Standard (PCI-DSS) 36
Summary 36
Exam Preparation Tasks 37
Review All Key Topics 37
Define Key Terms 38
Exercises 38
1-1 Searching for Exposed Passwords 38
1-2 Examining Security Policies 39
Review Questions 39
Suggested Reading and Resources 44
Chapter 2 The Technical Foundations of Hacking 47
"Do I Know This Already?" Quiz 47
Foundation Topics 50
The Hacking Process 50
Performing Reconnaissance and Footprinting 50
Scanning and Enumeration 51
Gaining Access 52
Escalating Privilege 53
Maintaining Access 53
Covering Tracks and Planting Backdoors 54
The Ethical Hacker's Process 54
NIST SP 800-115 56
Operationally Critical Threat, Asset, and Vulnerability Evaluation 56
Open Source Security Testing Methodology Manual 56
Information Security Systems and the Stack 57
The OSI Model 57
Anatomy of TCP/IP Protocols 60
The Application Layer 62
The Transport Layer 66
Transmission Control Protocol 66
User Datagram Protocol 68
The Internet Layer 69
Traceroute 74
The Network Access Layer 77
Summary 78
Exam Preparation Tasks 79
Review All Key Topics 79
Define Key Terms 79
Exercises 80
2-1 Install a Sniffer and Perform Packet Captures 80
2-2 Using Traceroute for Network Troubleshooting 81
Review Questions 81
Suggested Reading and Resources 85
Chapter 3 Footprinting, Reconnaissance, and Scanning 89
"Do I Know This Already?" Quiz 89
Foundation Topics 93
Footprinting 93
Footprinting Methodology 93
Documentation 95
Footprinting Through Search Engines 96
Footprinting Through Social Networking Sites 101
Footprinting Through Web Services and Websites 103
Email Footprinting 106
Whois Footprinting 108
DNS Footprinting 112
Network Footprinting 118
Subnetting's Role in Mapping Networks 119
Traceroute 120
Footprinting Through Social Engineering 121
Footprinting Countermeasures 122
Scanning 122
Host Discovery 123
Port and Service Discovery 124
Nmap 131
SuperScan 139
THC-Amap 139
Hping 140
Port Knocking 140
OS Discovery (Banner Grabbing/OS Fingerprinting) and Scanning
Beyond IDS and Firewall 141
Active Fingerprinting Tools 143
Fingerprinting Services 145
Default Ports and Services 145
Finding Open Services 145
Draw Network Diagrams 148
Summary 151
Exam Preparation Tasks 152
Review All Key Topics 152
Define Key Terms 152
Exercises 153
3-1 Performing Passive Reconnaissance 153
3-2 Performing Active Reconnaissance 154
Review Questions 155
Suggested Reading and Resources 159
Chapter 4 Enumeration and System Hacking 161
"Do I Know This Already?" Quiz 161
Foundation Topics 164
Enumeration 164
Windows Enumeration 164
Windows Security 166
NetBIOS and LDAP Enumeration 167
NetBIOS Enumeration Tools 169
SNMP Enumeration 177
Linux/UNIX Enumeration 183
NTP Enumeration 185
SMTP Enumeration 186
Additional Enumeration Techniques 191
DNS Enumeration 191
Enumeration Countermeasures 192
System Hacking 193
Nontechnical Password Attacks 193
Technical Password Attacks 194
Password Guessing 195
Automated Password Guessing 197
Password Sniffing 197
Keylogging 198
Escalating Privilege and Exploiting Vulnerabilities 199
Exploiting an Application 200
Exploiting a Buffer Overflow 201
Owning the Box 203
Windows Authentication Types 203
Cracking Windows Passwords 205
Linux Authentication and Passwords 209
Cracking Linux Passwords 212
Hiding Files and Covering Tracks 213
Rootkits 214
File Hiding 217
Summary 219
Exam Preparation Tasks 220
Review All Key Topics 220
Define Key Terms 220
Exercise 220
4-1 NTFS File Streaming 220
Review Questions 221
Suggested Reading and Resources 226
Chapter 5 Social Engineering, Malware Threats, and Vulnerability Analysis 229
"Do I Know This Already?" Quiz 229
Foundation Topics 234
Social Engineering 234
Phishing 235
Pharming 235
Malvertising 236
Spear Phishing 237
SMS Phishing 245
Voice Phishing 245
Whaling 245
Elicitation, Interrogation, and Impersonation (Pretexting) 246
Social Engineering Motivation Techniques 247
Shoulder Surfing and USB Baiting 248
Malware Threats 248
Viruses and Worms 248
Types and Transmission Methods of Viruses and Malware 249
Virus Payloads 251
History of Viruses 252
Well-Known Viruses and Worms 253
Virus Creation Tools 255
Trojans 255
Trojan Types 256
Trojan Ports and Communication Methods 257
Trojan Goals 258
Trojan Infection Mechanisms 259
Effects of Trojans 260
Trojan Tools 261
Distributing Trojans 263
Wrappers 264
Packers 265
Droppers 265
Crypters 265
Ransomware 267
Covert Communications 268
Tunneling via the Internet Layer 269
Tunneling via the Transport Layer 272
Tunneling via the Application Layer 273
Port Redirection 274
Keystroke Logging and Spyware 276
Hardware Keyloggers 277
Software Keyloggers 277
Spyware 278
Malware Countermeasures 279
Detecting Malware 280
Antivirus 283
Analyzing Malware 286
Static Analysis 286
Dynamic Analysis 288
Vulnerability Analysis 290
Passive vs. Active Assessments 290
External vs. Internal Assessments 290
Vulnerability Assessment Solutions 291
Tree-Based vs. Inference-Based Assessments 291
Vulnerability Scoring Systems 292
Vulnerability Scanning Tools 296
Summary 297
Exam Preparation Tasks 298
Review All Key Topics 299
Define Key Terms 300
Command Reference to Check Your Memory 300
Exercises 300
5-1 Finding Malicious Programs 300
5-2 Using Process Explorer 301
Review Questions 303
Suggested Reading and Resources 307
Chapter 6 Sniffers, Session Hijacking, and Denial of Service 311
"Do I Know This Already?" Quiz 311
Foundation Topics 314
Sniffers 314
Passive Sniffing 315
Active Sniffing 316
Address Resolution Protocol 316
ARP Poisoning and MAC Flooding 318
Tools for Sniffing and Packet Capturing 324
Wireshark 324
Other Sniffing Tools 328
Sniffing and Spoofing Countermeasures 328
Session Hijacking 330
Transport Layer Hijacking 330
Identify and Find an Active Session 331
Predict the Sequence Number 332
Take One of the Parties Offline 333
Take Control of the Session 333
Application Layer Hijacking 334
Session Sniffing 334
Predictable Session Token ID 334
On-Path Attacks 335
Client-Side Attacks 335
Browser-Based On-Path Attacks 337
Session Replay Attacks 338
Session Fixation Attacks 338
Session Hijacking Tools 338
Preventing Session Hijacking 341
Denial of Service and Distributed Denial of Service 341
DoS Attack Techniques 343
Volumetric Attacks 343
SYN Flood Attacks 344
ICMP Attacks 344
Peer-to-Peer Attacks 345
Application-Level Attacks 345
Permanent DoS Attacks 346
Distributed Denial of Service 347
DDoS Tools 348
DoS and DDoS Countermeasures 350
Summary 353
Exam Preparation Tasks 354
Review All Key Topics 354
Define Key Terms 354
Exercises 355
6-1 Scanning for DDoS Programs 355
6-2 Spoofing Your MAC Address in Linux 355
6-3 Using the KnowBe4 SMAC to Spoof Your MAC Address 356
Review Questions 356
Suggested Reading and Resources 360
Chapter 7 Web Server Hacking, Web Applications, and Database Attacks 363
"Do I Know This Already?" Quiz 363
Foundation Topics 366
Web Server Hacking 366
The HTTP Protocol 366
Scanning Web Servers 374
Banner Grabbing and Enumeration 374
Web Server Vulnerability Identification 379
Attacking the Web Server 380
DoS/DDoS Attacks 380
DNS Server Hijacking and DNS Amplification Attacks 380
Directory Traversal 382
On-Path Attacks 384
Website Defacement 384
Web Server Misconfiguration 384
HTTP Response Splitting 385
Understanding Cookie Manipulation Attacks 385
Web Server Password Cracking 386
Web Server-Specific Vulnerabilities 386
Comments in Source Code 388
Lack of Error Handling and Overly Verbose Error Handling 389
Hard-Coded Credentials 389
Race Conditions 389
Unprotected APIs 390
Hidden Elements 393
Lack of Code Signing 393
Automated Exploit Tools 393
Securing Web Servers 395
Harden Before Deploying 395
Patch Management 395
Disable Unneeded Services 396
Lock Down the File System 396
Log and Audit 396
Provide Ongoing Vulnerability Scans 397
Web Application Hacking 398
Unvalidated Input 398
...

Details
Erscheinungsjahr: 2022
Fachbereich: Datenkommunikation, Netze & Mailboxen
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
ISBN-13: 9780137489985
ISBN-10: 0137489986
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Gregg, Michael
Santos, Omar
Hersteller: Pearson Education (US)
Verantwortliche Person für die EU: preigu, Ansas Meyer, Lengericher Landstr. 19, D-49078 Osnabrück, mail@preigu.de
Maße: 238 x 200 x 45 mm
Von/Mit: Michael Gregg (u. a.)
Erscheinungsdatum: 20.06.2022
Gewicht: 1,514 kg
Artikel-ID: 128252340
Über den Autor

Michael Gregg (CISSP, SSCP, CISA, MCSE, MCT, CTT+, A+, N+, Security+, CCNA, CASP, CISA, CISM, CEH, CHFI, and GSEC) directs the cybersecurity operations for a multinational organization that operates facilities worldwide. As the CISO, Michael is responsible for securing the organization's assets on a global scale. Michael is responsible for developing cost-effective and innovative technology solutions for security issues and for evaluating emerging technologies.

He has more than 20 years of experience in the IT field and holds two associate's degrees, a bachelor's degree, and a master's degree. In addition to coauthoring the first, second, and third editions of Security Administrator Street Smarts, Michael has written or coauthored more than 20 other books.

Michael has testified before a U.S. congressional committee, has been quoted in newspapers such as the New York Times, and was featured on various television and radio shows, including NPR, ABC, CBS, Fox News, and others, discussing cybersecurity and ethical hacking. He has created more than a dozen IT security training classes. He has created and performed video instruction on many security topics, such as cybersecurity, CISSP, CISA, Security+, and others.

When not working, speaking at security events, or writing, Michael enjoys 1960s muscle cars and has a slot in his garage for a new project car.

Omar Santos is an active member of the cybersecurity community. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of their critical infrastructure. Omar is the lead of the DEF CON Red Team Village, the chair of the OASIS Common Security Advisory Framework (CSAF), and has been the leader of several working groups in the Industry Consortium for Advancement of Security on the Internet (ICASI) and the Forum of Incident Response and Security Teams (FIRST).

Omar is the author of more than 20 books and video courses and numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities. Omar has been quoted by numerous media outlets, such as The Register, Wired, ZDNet, ThreatPost, CyberScoop, TechCrunch, Fortune, Ars Technica, and more. Additional information about Omar can be obtained from [...] and [...]. You can follow Omar on Twitter at [...]

Inhaltsverzeichnis

Introduction xxvii
Chapter 1 An Introduction to Ethical Hacking 3
"Do I Know This Already?" Quiz 3
Foundation Topics 7
Security Fundamentals 7
Goals of Security 8
Risk, Assets, Threats, and Vulnerabilities 9
Backing Up Data to Reduce Risk 11
Defining an Exploit 12
Risk Assessment 13
Security Testing 14
No-Knowledge Tests (Black Box) 14
Full-Knowledge Testing (White Box) 15
Partial-Knowledge Testing (Gray Box) 15
Types of Security Tests 15
Incident Response 17
Cyber Kill Chain 18
Hacker and Cracker Descriptions 19
Who Attackers Are 20
Ethical Hackers 21
Required Skills of an Ethical Hacker 22
Modes of Ethical Hacking 23
Test Plans--Keeping It Legal 25
Test Phases 27
Establishing Goals 28
Getting Approval 29
Ethical Hacking Report 29
Vulnerability Research and Bug Bounties--Keeping Up with Changes 30
Ethics and Legality 31
Overview of U.S. Federal Laws 32
Compliance Regulations 34
Payment Card Industry Data Security Standard (PCI-DSS) 36
Summary 36
Exam Preparation Tasks 37
Review All Key Topics 37
Define Key Terms 38
Exercises 38
1-1 Searching for Exposed Passwords 38
1-2 Examining Security Policies 39
Review Questions 39
Suggested Reading and Resources 44
Chapter 2 The Technical Foundations of Hacking 47
"Do I Know This Already?" Quiz 47
Foundation Topics 50
The Hacking Process 50
Performing Reconnaissance and Footprinting 50
Scanning and Enumeration 51
Gaining Access 52
Escalating Privilege 53
Maintaining Access 53
Covering Tracks and Planting Backdoors 54
The Ethical Hacker's Process 54
NIST SP 800-115 56
Operationally Critical Threat, Asset, and Vulnerability Evaluation 56
Open Source Security Testing Methodology Manual 56
Information Security Systems and the Stack 57
The OSI Model 57
Anatomy of TCP/IP Protocols 60
The Application Layer 62
The Transport Layer 66
Transmission Control Protocol 66
User Datagram Protocol 68
The Internet Layer 69
Traceroute 74
The Network Access Layer 77
Summary 78
Exam Preparation Tasks 79
Review All Key Topics 79
Define Key Terms 79
Exercises 80
2-1 Install a Sniffer and Perform Packet Captures 80
2-2 Using Traceroute for Network Troubleshooting 81
Review Questions 81
Suggested Reading and Resources 85
Chapter 3 Footprinting, Reconnaissance, and Scanning 89
"Do I Know This Already?" Quiz 89
Foundation Topics 93
Footprinting 93
Footprinting Methodology 93
Documentation 95
Footprinting Through Search Engines 96
Footprinting Through Social Networking Sites 101
Footprinting Through Web Services and Websites 103
Email Footprinting 106
Whois Footprinting 108
DNS Footprinting 112
Network Footprinting 118
Subnetting's Role in Mapping Networks 119
Traceroute 120
Footprinting Through Social Engineering 121
Footprinting Countermeasures 122
Scanning 122
Host Discovery 123
Port and Service Discovery 124
Nmap 131
SuperScan 139
THC-Amap 139
Hping 140
Port Knocking 140
OS Discovery (Banner Grabbing/OS Fingerprinting) and Scanning
Beyond IDS and Firewall 141
Active Fingerprinting Tools 143
Fingerprinting Services 145
Default Ports and Services 145
Finding Open Services 145
Draw Network Diagrams 148
Summary 151
Exam Preparation Tasks 152
Review All Key Topics 152
Define Key Terms 152
Exercises 153
3-1 Performing Passive Reconnaissance 153
3-2 Performing Active Reconnaissance 154
Review Questions 155
Suggested Reading and Resources 159
Chapter 4 Enumeration and System Hacking 161
"Do I Know This Already?" Quiz 161
Foundation Topics 164
Enumeration 164
Windows Enumeration 164
Windows Security 166
NetBIOS and LDAP Enumeration 167
NetBIOS Enumeration Tools 169
SNMP Enumeration 177
Linux/UNIX Enumeration 183
NTP Enumeration 185
SMTP Enumeration 186
Additional Enumeration Techniques 191
DNS Enumeration 191
Enumeration Countermeasures 192
System Hacking 193
Nontechnical Password Attacks 193
Technical Password Attacks 194
Password Guessing 195
Automated Password Guessing 197
Password Sniffing 197
Keylogging 198
Escalating Privilege and Exploiting Vulnerabilities 199
Exploiting an Application 200
Exploiting a Buffer Overflow 201
Owning the Box 203
Windows Authentication Types 203
Cracking Windows Passwords 205
Linux Authentication and Passwords 209
Cracking Linux Passwords 212
Hiding Files and Covering Tracks 213
Rootkits 214
File Hiding 217
Summary 219
Exam Preparation Tasks 220
Review All Key Topics 220
Define Key Terms 220
Exercise 220
4-1 NTFS File Streaming 220
Review Questions 221
Suggested Reading and Resources 226
Chapter 5 Social Engineering, Malware Threats, and Vulnerability Analysis 229
"Do I Know This Already?" Quiz 229
Foundation Topics 234
Social Engineering 234
Phishing 235
Pharming 235
Malvertising 236
Spear Phishing 237
SMS Phishing 245
Voice Phishing 245
Whaling 245
Elicitation, Interrogation, and Impersonation (Pretexting) 246
Social Engineering Motivation Techniques 247
Shoulder Surfing and USB Baiting 248
Malware Threats 248
Viruses and Worms 248
Types and Transmission Methods of Viruses and Malware 249
Virus Payloads 251
History of Viruses 252
Well-Known Viruses and Worms 253
Virus Creation Tools 255
Trojans 255
Trojan Types 256
Trojan Ports and Communication Methods 257
Trojan Goals 258
Trojan Infection Mechanisms 259
Effects of Trojans 260
Trojan Tools 261
Distributing Trojans 263
Wrappers 264
Packers 265
Droppers 265
Crypters 265
Ransomware 267
Covert Communications 268
Tunneling via the Internet Layer 269
Tunneling via the Transport Layer 272
Tunneling via the Application Layer 273
Port Redirection 274
Keystroke Logging and Spyware 276
Hardware Keyloggers 277
Software Keyloggers 277
Spyware 278
Malware Countermeasures 279
Detecting Malware 280
Antivirus 283
Analyzing Malware 286
Static Analysis 286
Dynamic Analysis 288
Vulnerability Analysis 290
Passive vs. Active Assessments 290
External vs. Internal Assessments 290
Vulnerability Assessment Solutions 291
Tree-Based vs. Inference-Based Assessments 291
Vulnerability Scoring Systems 292
Vulnerability Scanning Tools 296
Summary 297
Exam Preparation Tasks 298
Review All Key Topics 299
Define Key Terms 300
Command Reference to Check Your Memory 300
Exercises 300
5-1 Finding Malicious Programs 300
5-2 Using Process Explorer 301
Review Questions 303
Suggested Reading and Resources 307
Chapter 6 Sniffers, Session Hijacking, and Denial of Service 311
"Do I Know This Already?" Quiz 311
Foundation Topics 314
Sniffers 314
Passive Sniffing 315
Active Sniffing 316
Address Resolution Protocol 316
ARP Poisoning and MAC Flooding 318
Tools for Sniffing and Packet Capturing 324
Wireshark 324
Other Sniffing Tools 328
Sniffing and Spoofing Countermeasures 328
Session Hijacking 330
Transport Layer Hijacking 330
Identify and Find an Active Session 331
Predict the Sequence Number 332
Take One of the Parties Offline 333
Take Control of the Session 333
Application Layer Hijacking 334
Session Sniffing 334
Predictable Session Token ID 334
On-Path Attacks 335
Client-Side Attacks 335
Browser-Based On-Path Attacks 337
Session Replay Attacks 338
Session Fixation Attacks 338
Session Hijacking Tools 338
Preventing Session Hijacking 341
Denial of Service and Distributed Denial of Service 341
DoS Attack Techniques 343
Volumetric Attacks 343
SYN Flood Attacks 344
ICMP Attacks 344
Peer-to-Peer Attacks 345
Application-Level Attacks 345
Permanent DoS Attacks 346
Distributed Denial of Service 347
DDoS Tools 348
DoS and DDoS Countermeasures 350
Summary 353
Exam Preparation Tasks 354
Review All Key Topics 354
Define Key Terms 354
Exercises 355
6-1 Scanning for DDoS Programs 355
6-2 Spoofing Your MAC Address in Linux 355
6-3 Using the KnowBe4 SMAC to Spoof Your MAC Address 356
Review Questions 356
Suggested Reading and Resources 360
Chapter 7 Web Server Hacking, Web Applications, and Database Attacks 363
"Do I Know This Already?" Quiz 363
Foundation Topics 366
Web Server Hacking 366
The HTTP Protocol 366
Scanning Web Servers 374
Banner Grabbing and Enumeration 374
Web Server Vulnerability Identification 379
Attacking the Web Server 380
DoS/DDoS Attacks 380
DNS Server Hijacking and DNS Amplification Attacks 380
Directory Traversal 382
On-Path Attacks 384
Website Defacement 384
Web Server Misconfiguration 384
HTTP Response Splitting 385
Understanding Cookie Manipulation Attacks 385
Web Server Password Cracking 386
Web Server-Specific Vulnerabilities 386
Comments in Source Code 388
Lack of Error Handling and Overly Verbose Error Handling 389
Hard-Coded Credentials 389
Race Conditions 389
Unprotected APIs 390
Hidden Elements 393
Lack of Code Signing 393
Automated Exploit Tools 393
Securing Web Servers 395
Harden Before Deploying 395
Patch Management 395
Disable Unneeded Services 396
Lock Down the File System 396
Log and Audit 396
Provide Ongoing Vulnerability Scans 397
Web Application Hacking 398
Unvalidated Input 398
...

Details
Erscheinungsjahr: 2022
Fachbereich: Datenkommunikation, Netze & Mailboxen
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
ISBN-13: 9780137489985
ISBN-10: 0137489986
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Gregg, Michael
Santos, Omar
Hersteller: Pearson Education (US)
Verantwortliche Person für die EU: preigu, Ansas Meyer, Lengericher Landstr. 19, D-49078 Osnabrück, mail@preigu.de
Maße: 238 x 200 x 45 mm
Von/Mit: Michael Gregg (u. a.)
Erscheinungsdatum: 20.06.2022
Gewicht: 1,514 kg
Artikel-ID: 128252340
Sicherheitshinweis