Table of Contents
- Cyber Security, Ethical Hacking, and Penetration Testing
Introduction
Structure
Objectives
The Ten Thousand Feet View
Cyber Security
Free comic strip subscription service
Electronic health record service
Ethical Hacking
Phases of a Hack
Penetration testing
Conclusion
- CEH v11 Prerequisites and Syllabus
Introduction
Structure
Objectives
Certified Ethical Hacker
Version 10 & 11
Prerequisites
Modes of study and examination
Option 1: ECC Exam voucher
Option 2: VUE Exam voucher
Conclusion
- Self-Assessment
Introduction
Structure
Objectives
SECTION 'A'
Information Security and Penetration Testing
SECTION 'B'
EC-Council CEH
Answers
Conclusion
- Reconnaissance
Introduction
Structure
Objectives
Understanding Reconnaissance
Financial Information
Technology Stack
Workforce and Clientele
Operating Environment
Network Configurations
Web content
Conclusion
Test Your Understanding
Answers
- Social Engineering
Introduction
Structure
Objectives
Social Engineering: The Bookie Story
Social Engineering Methodology
Social Engineering Techniques
Tools of Social Engineering
Social Engineering Countermeasures
Conclusion
Test Your Understanding
Answers
- Scanning Networks
Introduction
Structure
Objectives
Anatomy of a Computer Network
Live Host Discovery
Port Scan and Service Discovery
TCP Scan
UDP Scan
Banner Grabbing
Network Mapping
Conclusion
Test Your Understanding
Answers
- Enumeration
Introduction
Structure
Objectives
Enumeration as a successor to network scan
NetBIOS enumeration
SNMP Enumeration
LDAP enumeration
NTP enumeration
NTP enumeration commands
SMTP enumeration
DNS enumeration
Conclusion
Test Your Understanding
Answers
- Vulnerability Assessment
Introduction
Structure
Objectives
Process Overview
Residual Risk
DevSecOps
Conclusion
Test Your Understanding
Answers
- System Hacking
Introduction
Structure
Objectives
System hacking stages
Password cracking
Password storage in modern systems
Security Account Manager (SAM)
NTLM Authentication
Kerberos authentication
Rainbow tables
Backdoor Entry β Trojans
Password cracking defense checklist
Privilege escalation
Horizontal privilege escalation
Vertical privilege escalation
DLL hijacking
Executing application
Remote execution tools
Hiding files and covering tracks
Conclusion
Test Your Understanding
Answers
- Session Hijacking
Introduction
Structure
Objectives
TCP and Web sessions
Network-level session hijacking
TCP session hijacking
UDP hijacking
Application-level session hijacking
Countermeasures to session hijacking
Conclusion
Test Your Understanding
Answers
- Web Server Hacking
Introduction
Structure
Objectives
Web server
Tools for web server hacking
Conclusion
Test Your Understanding
Answers
- Web Application Hacking
Introduction
Structure
Objectives
Tools used in web application hacking
Conclusion
Test Your Understanding
Answers
- Hacking Wireless Networks
Introduction
Structure
Objectives
The wireless connectivity
Wireless standards
802.11a
802.11b
802.11g
IEEE 802.11ac (Wi-Fi)
802.16 (WiMAX)
Bluetooth
Wired Equivalent Privacy (WEP)
Wi-Fi Protected Access (WPA)
WPA2
WPA3
Wireless Hacking Methodology
Wireless network discovery
Wireless network mapping
Wireless network analysis
Wireless network attacks
Deauthentication attack
WPA Handshake Capture
Man-in-the-Middle Attack (MITM)
Wireless Honeypots
Conclusion
Test Your Understanding
Answers
- Hacking Mobile Platforms
Introduction
Structure
Objectives
Mobile platform landscape
Attack vectors in mobile platforms
Android OS architecture
iOS architecture
Jailbreaking/Rooting mobile devices
Mobile application repackaging
Mobile device management
Mobile spyware and privacy concerns
Security guidelines for mobile devices and platforms
Conclusion
Test Your Understanding
Answers
- Hacking Cloud, IoT, and OT Platforms
Introduction
Structure
Objectives
Cloud Computing
Cloud Infrastructure
Cloud Deployment Models
Virtualization
Containers
NIST Cloud Computing Reference Architecture
Cloud computing threats
Cloud attack vectors
Internet of Things (IoT)
IoT Architecture
IoT communication models
Threats to IoT Networks
IoT attack vectors
Operational Technologies (OT) and Industrial Internet of Things (IIoT)
OT and IIoT attack vectors
Cloud, IoT, and OT hacking tools
Conclusion
Test Your Understanding
Answers
- Cryptography
Introduction
Structure
Objectives
Cryptographic primitives
Cryptanalysis tools
Conclusion
Multiple Choice Questions
Answers
- Evading Security Measures
Introduction
Structure
Objectives
Security of an information system
Threat Modelling
Intrusion Detection System (IDS)
Intrusion Prevention System (IPS)
Evading security measures
Detection by Association
Conclusion
Test Your Understanding
Answers
- Practical Exercises on Penetration Testing and Malware Attacks
Structure
Objectives
Exercise 1
Solution
Exercise 2
Solution
Exercise 3
Solution
Exercise 4
Solution
Exercise 5
Solution
Exercise 6
Solution
Exercise 7
Solution
Exercise 8
Solution
Exercise 9
Solution
Exercise 10
Solution
Exercise 11
Solution
Exercise 12
Solution
Exercise 13
Solution
Conclusion
- Roadmap for a Security Professional
Introduction
Structure
Objectives
Cybersecurity Landscape
Network Security
Cyber Forensics
Penetration Testing
Cyber Auditing
Software Professional
Conclusion
- Digital Compliances and Cyber Laws
Introduction
Structure
Objectives
Need for Compliances and Cyber Laws
The privacy debate
Activity
Conclusion
- Self-Assessment 1
Objective
Instructions
Assessment
Answers
- Self-Assessment 2
Objective
Instructions
Assessment
Answers
Index