CEH v9: Certified Ethical Hacker Version 9 Study Guide

The ultimate preparation guide for the unique CEH exam. The CEH v9: Certified Ethical Hacker Version 9 Study Guide is your ideal companion for CEH v9 exam preparation. This comprehensive, in-depth review of CEH certification requirements is designed to help you internalize critical information using concise, to-the-point explanations and an easy-to-follow approach to the material. Covering all sections of the exam, the discussion highlights essential topics like intrusion detection, DDoS attacks, buffer overflows, and malware creation in detail, and puts the concepts into the context of real-world scenarios. Each chapter is mapped to the corresponding exam objective for easy reference, and the Exam Essentials feature helps you identify areas in need of further study. You also get access to online study tools including chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms to help you ensure full mastery of the exam material. The Certified Ethical Hacker is one-of-a-kind in the cybersecurity sphere, allowing you to delve into the mind of a hacker for a unique perspective into penetration testing. This guide is your ideal exam preparation resource, with specific coverage of all CEH objectives and plenty of practice material. Review all CEH v9 topics systematically Reinforce critical skills with hands-on exercises Learn how concepts apply in real-world scenarios Identify key proficiencies prior to the exam The CEH certification puts you in professional demand, and satisfies the Department of Defense's 8570 Directive for all Information Assurance government positions. Not only is it a highly-regarded credential, but it's also an expensive exam—making the stakes even higher on exam day. The CEH v9: Certified Ethical Hacker Version 9 Study Guide gives you the intense preparation you need to pass with flying colors.

Table of Contents:
Introduction xxi Assessment Test xxxii Chapter 1 Introduction to Ethical Hacking 1 Hacking: the Evolution 3 The Early Days of Hacking 3 Current Developments 4 Hacking: Fun or Criminal Activity? 5 The Evolution and Growth of Hacking 7 So, What Is an Ethical Hacker? 9 What Are Your Responsibilities? 9 Code of Conduct and Ethics 11 Ethical Hacking and Penetration Testing 12 Hacking Methodologies 17 Vulnerability Research and Tools 21 What Is Incident Response? 21 Business Continuity Plan 26 Ethics and the Law 33 Summary 34 Exam Essentials 35 Review Questions 36 Chapter 2 System Fundamentals 39 Exploring Network Topologies 40 Working with the Open Systems Interconnection Model 44 Dissecting the TCP/IP Suite 47 IP Subnetting 49 Hexadecimal vs. Binary 49 Exploring TCP/IP Ports 50 Domain Name System 53 Understanding Network Devices 53 Routers and Switches 53 Working with MAC Addresses 55 Proxies and Firewalls 56 Intrusion Prevention and Intrusion Detection Systems 57 Network Security 58 Knowing Operating Systems 60 Microsoft Windows 60 Mac OS 61 Android 62 Linux 62 Backups and Archiving 63 Summary 64 Exam Essentials 65 Review Questions 66 Chapter 3 Cryptography 71 Cryptography: Early Applications and Examples 73 History of Cryptography 73 Tracing the Evolution 75 Cryptography in Action 76 So How Does It Work? 77 Symmetric Cryptography 77 Asymmetric, or Public Key, Cryptography 80 Understanding Hashing 86 Issues with Cryptography 88 Applications of Cryptography 89 IPsec 90 Pretty Good Privacy 92 Secure Sockets Layer 93 Summary 94 Exam Essentials 94 Review Questions 95 Chapter 4 Footprinting 99 Understanding the Steps of Ethical Hacking 100 Phase 1: Footprinting 100 Phase 2: Scanning 101 Phase 3: Enumeration 101 Phase 4: System Hacking 102 What Is Footprinting? 102 Why Perform Footprinting? 103 Goals of the Footprinting Process 103 Terminology in Footprinting 106 Open Source and Passive Information Gathering 106 Passive Information Gathering 106 Pseudonymous Footprinting 106 Internet Footprinting 107 Threats Introduced by Footprinting 107 The Footprinting Process 108 Using Search Engines 108 Google Hacking 108 Public and Restricted Websites 111 Location and Geography 112 Social Networking and Information Gathering 113 Financial Services and Information Gathering 116 The Value of Job Sites 116 Working with Email 117 Competitive Analysis 118 Gaining Network Information 119 Social Engineering: the Art of Hacking Humans 120 Summary 121 Exam Essentials 121 Review Questions 123 Chapter 5 Scanning 127 What Is Scanning? 128 Types of Scans 129 Checking for Live Systems 130 Wardialing 131 Using Ping 133 Hping3: the Heavy Artillery 134 Checking the Status of Ports 135 The Family Tree of Scans 138 Full-Open Scan 138 Stealth or Half-Open Scan 138 Xmas Tree Scan 139 FIN Scan 140 NULL Scan 141 Idle Scanning 142 ACK Scanning 143 UDP Scanning 144 OS Fingerprinting 145 Active Fingerprinting with Nmap 146 Passive Fingerprinting an OS 147 Banner Grabbing 149 Countermeasures 151 Vulnerability Scanning 151 Mapping the Network 152 Using Proxies 153 Setting a Web Browser to Use a Proxy 154 Summary 155 Exam Essentials 155 Review Questions 156 Chapter 6 Enumeration 159 A Quick Review 160 Footprinting 160 Scanning 161 What Is Enumeration? 161 About Windows Enumeration 163 Users 163 Groups 164 Security Identifiers 166 Linux Basic 168 Users 168 Services and Ports of Interest 169 Commonly Exploited Services 170 NULL Sessions 173 SuperScan 174 DNS Zone Transfers 174 The PsTools Suite 177 Using finger 178 Enumeration with SNMP 178 Management Information Base 179 SNScan 180 Unix and Linux Enumeration 180 finger 180 rpcinfo 181 showmount 181 enum4linux 181 LDAP and Directory Service Enumeration 182 JXplorer 183 Preventing LDAP Enumeration 183 Enumeration Using NTP 184 SMTP Enumeration 184 Using VRFY 185 Using EXPN 185 Using RCPT TO 186 SMTP Relay 186 Summary 187 Exam Essentials 187 Review Questions 189 Chapter 7 System Hacking 193 Up to This Point 194 Footprinting 194 Scanning 195 Enumeration 195 System Hacking 196 Password Cracking 196 Authentication on Microsoft Platforms 209 Executing Applications 213 Covering Your Tracks 215 Summary 217 Exam Essentials 218 Review Questions 219 Chapter 8 Malware 223 Malware 224 Malware and the Law 226 Categories of Malware 227 Viruses 228 Worms 234 Spyware 236 Adware 237 Scareware 237 Ransomware 238 Trojans 238 Overt and Covert Channels 247 Summary 249 Exam Essentials 250 Review Questions 251 Chapter 9 Sniffers 255 Understanding Sniffers 256 Using a Sniffer 259 Sniffing Tools 259 Wireshark 260 Tcpdump 264 Reading Sniffer Output 266 Switched Network Sniffing 270 MAC Flooding 270 ARP Poisoning 271 MAC Spoofing 272 Port Mirror or SPAN Port 272 On the Defensive 273 Mitigating MAC Flooding 274 Detecting Sniffing Attacks 275 Summary 275 Exam Essentials 276 Review Questions 277 Chapter 10 Social Engineering 281 What Is Social Engineering? 282 Why Does Social Engineering Work? 283 The Power of Social Engineering 284 Social-Engineering Phases 285 What Is the Impact of Social Engineering? 285 Common Targets of Social Engineering 286 Social Networking to Gather Information? 287 Networking 289 Countermeasures for Social Networking 291 Commonly Employed Threats 293 Identity Theft 296 Protective Measures 297 Know What Information Is Available 298 Summary 298 Exam Essentials 299 Review Questions 300 Chapter 11 Denial of Service 305 Understanding DoS 306 DoS Targets 308 Types of Attacks 308 Buffer Overflow 314 Understanding DDoS 317 DDoS Attacks 318 DoS Tools 319 DDoS Tools 320 DoS Defensive Strategies 323 Botnet-Specific Defenses 323 DoS Pen-Testing Considerations 324 Summary 324 Exam Essentials 324 Review Questions 326 Chapter 12 Session Hijacking 331 Understanding Session Hijacking 332 Spoofing vs. Hijacking 334 Active and Passive Attacks 335 Session Hijacking and Web Apps 336 Types of Application-Level Session Hijacking 337 A Few Key Concepts 341 Network Session Hijacking 344 Exploring Defensive Strategies 352 Summary 353 Exam Essentials 353 Review Questions 355 Chapter 13 Web Servers and Applications 359 Exploring the Client‐Server Relationship 360 Looking Closely at Web Servers 361 Web Applications 363 The Client and the Server 364 A Look at the Cloud 365 Closer Inspection of a Web Application 366 Vulnerabilities of Web Servers and Applications 369 Common Flaws and Attack Methods 375 Testing Web Applications 383 Summary 384 Exam Essentials 384 Review Questions 385 Chapter 14 SQL Injection 389 Introducing SQL Injection 390 Results of SQL Injection 392 The Anatomy of a Web Application 393 Databases and Their Vulnerabilities 394 Anatomy of a SQL Injection Attack 396 Altering Data with a SQL Injection Attack 399 Injecting Blind 401 Information Gathering 402 Evading Detection Mechanisms 403 SQL Injection Countermeasures 404 Summary 405 Exam Essentials 405 Review Questions 406 Chapter 15 Hacking Wi‐Fi and Bluetooth 409 What Is a Wireless Network? 410 Wi‐Fi: an Overview 410 The Fine Print 411 Wireless Vocabulary 414 A Close Examination of Threats 425 Ways to Locate Wireless Networks 429 Choosing the Right Wireless Card 430 Hacking Bluetooth 431 Summary 433 Exam Essentials 434 Review Questions 435 Chapter 16 Mobile Device Security 439 Mobile OS Models and Architectures 440 Goals of Mobile Security 441 Device Security Models 442 Google Android OS 443 Apple iOS 446 Common Problems with Mobile Devices 447 Penetration Testing Mobile Devices 449 Penetration Testing Using Android 450 Countermeasures 454 Summary 455 Exam Essentials 456 Review Questions 457 Chapter 17 Evasion 461 Honeypots, IDSs, and Firewalls 462 The Role of Intrusion Detection Systems 462 Firewalls 467 What’s That Firewall Running? 470 Honeypots 473 Run Silent, Run Deep: Evasion Techniques 475 Evading Firewalls 477 Summary 480 Exam Essentials 481 Review Questions 482 Chapter 18 Cloud Technologies and Security 485 What Is the Cloud? 486 Types of Cloud Solutions 487 Forms of Cloud Services 488 Threats to Cloud Security 489 Cloud Computing Attacks 491 Controls for Cloud Security 494 Testing Security in the Cloud 495 Summary 496 Exam Essentials 497 Review Questions 498 Chapter 19 Physical Security 501 Introducing Physical Security 502 Simple Controls 503 Dealing with Mobile Device Issues 505 Data Storage Security 506 Securing the Physical Area 510 Entryways 517 Server Rooms and Networks 518 Other Items to Consider 519 Education and Awareness 519 Defense in Depth 519 Summary 520 Exam Essentials 521 Review Questions 522 Appendix A Answers to Review Questions 525 Chapter 1: Introduction to Ethical Hacking 526 Chapter 2: System Fundamentals 527 Chapter 3: Cryptography 528 Chapter 4: Footprinting 529 Chapter 5: Scanning 530 Chapter 6: Enumeration 532 Chapter 7: System Hacking 532 Chapter 8: Malware 533 Chapter 9: Sniffers 534 Chapter 10: Social Engineering 536 Chapter 11: Denial of Service 537 Chapter 12: Session Hijacking 539 Chapter 13: Web Servers and Applications 540 Chapter 14: SQL Injection 541 Chapter 15: Hacking Wi-Fi and Bluetooth 542 Chapter 16: Mobile Device Security 544 Chapter 17: Evasion 544 Chapter 18: Cloud Technologies and Security 546 Chapter 19: Physical Security 547 Appendix B Penetration Testing Frameworks 549 Overview of Alternative Methods 550 Penetration Testing Execution Standard 552 Working with PTES 553 Pre-Engagement Interactions 553 Contents of a Contract 555 Gaining Permission 556 Intelligence Gathering 557 Threat Modeling 558 Vulnerability Analysis 559 Exploitation 560 Post-Exploitation 560 Reporting 562 Mopping Up 563 Summary 563 Appendix C Building a Lab 565 Why Build a Lab? 566 The Build Process 566 What You Will Need 567 Creating a Test Setup 568 Virtualization Software Options 569 The Installation Process 569 Installing a Virtualized Operating System 570 Installing Tools 570 Summary 574 Index 575

About the Author :
Sean-Philip Oriyano, CEH, CISSP, is an IT veteran with experience in the aerospace, defense, and cybersecurity industries. He has consulted and instructed on topics across the IT and cybersecurity fields for both small clients and large enterprises, and has taught at such locations as the U.S. Air Force Academy and the U.S. Naval War College. Sean is a member of the California State Military Reserve, where he serves as a warrant officer specializing in networking and security.