- ffirs.indd 2 22-07-2014 17:23:
- ffirs.indd 2 22-07-2014 17:23:
- ffirs.indd 6 22-07-2014 17:23:
- Chapter 1 Getting Started with Ethical Hacking Assessment Test xxx
- Chapter 2 System Fundamentals
- Chapter 3 Cryptography
- Chapter 4 Footprinting and Reconnaissance
- Chapter 5 Scanning Networks
- Chapter 6 Enumeration of Services
- Chapter 7 Gaining Access to a System
- Chapter 8 Trojans, Viruses, Worms, and Covert Channels
- Chapter 9 Sniffers
- Chapter 10 Social Engineering
- Chapter 11 Denial of Service
- Chapter 12 Session Hijacking
- Chapter 13 Web Servers and Web Applications
- Chapter 14 SQL Injection
- Chapter 15 Wireless Networking
- Chapter 16 Evading IDSs, Firewalls, and Honeypots
- Chapter 17 Physical Security
- Appendix A Answers to Review Questions
- Appendix B About the Additional Study Tools
- Index
- ffirs.indd 9 22-07-2014 17:23:
- ffirs.indd 10 22-07-2014 17:23:
- Chapter 1 Getting Started with Ethical Hacking Assessment Test xxx
- Hacking: A Short History
- The Early Days of Hacking
- Current Developments
- Hacking: Fun or Criminal Activity?
- The Evolution and Growth of Hacking
- What Is an Ethical Hacker?
- Ethical Hacking and Penetration Testing
- Hacking Methodologies
- Vulnerability Research and Tools
- Ethics and the Law
- Summary
- Exam Essentials
- Review Questions
- Chapter 2 System Fundamentals
- Exploring Network Topologies
- Working with the Open Systems Interconnection Model
- Dissecting the TCP/IP Suite
- IP Subnetting
- Hexadecimal vs. Binary
- Exploring TCP/IP Ports
- Domain Name System
- Understanding Network Devices
- Routers and Switches
- Working with MAC Addresses
- Proxies and Firewalls
- Intrusion Prevention and Intrusion Detection Systems
- Network Security
- Knowing Operating Systems
- Windows
- Mac OS
- Linux
- Backups and Archiving
- Summary
- Exam Essentials
- Review Questions
- ftoc.indd 11 22-07-2014 16:58:
- Chapter 3 Cryptography xii Contents
- Cryptography: Early Applications and Examples
- History of Cryptography
- Tracing the Evolution
- Cryptography in Action
- So How Does It Work?
- Symmetric Cryptography
- Asymmetric, or Public Key, Cryptography
- Understanding Hashing
- Issues with Cryptography
- Applications of Cryptography
- IPSec
- Pretty Good Privacy
- Secure Sockets Layer (SSL)
- Summary
- Exam Essentials
- Review Questions
- Chapter 4 Footprinting and Reconnaissance
- Ethical Hacking Understanding the Steps of
- Phase 1: Footprinting
- Phase 2: Scanning
- Phase 3: Enumeration
- Phase 4: System Hacking
- What Is Footprinting?
- Why Perform Footprinting?
- Goals of the Footprinting Process
- Terminology in Footprinting
- Open Source and Passive Information Gathering
- Active Information Gathering
- Pseudonymous Footprinting
- Internet Footprinting
- Threats Introduced by Footprinting
- The Footprinting Process
- Using Search Engines
- Location and Geography
- Social Networking and Information Gathering
- Financial Services and Information Gathering
- The Value of Job Sites
- Working with E-mail
- Competitive Analysis
- Google Hacking
- ftoc.indd 12 22-07-2014 16:58:
- Gaining Network Information Contents xiii
- Social Engineering: The Art of Hacking Humans
- Summary
- Exam Essentials
- Review Questions
- Chapter 5 Scanning Networks
- What Is Network Scanning?
- Checking for Live Systems
- Wardialing
- Wardriving
- Pinging
- Port Scanning
- Checking for Open Ports
- Types of Scans
- Full Open Scan
- Stealth Scan, or Half-open Scan
- Xmas Tree Scan
- FIN Scan
- NULL Scan
- ACK Scanning
- UDP Scanning
- OS Fingerprinting
- Banner Grabbing
- Countermeasures
- Vulnerability Scanning
- Drawing Network Diagrams
- Using Proxies
- Setting a Web Browser to Use a Proxy
- Summary
- Exam Essentials
- Review Questions
- Chapter 6 Enumeration of Services
- A Quick Review
- Footprinting
- Scanning
- What Is Enumeration?
- Windows Basics
- Users
- Groups
- Security Identifiers
- Services and Ports of Interest
- ftoc.indd 13 22-07-2014 16:58:
- Commonly Exploited Services xiv Contents
- NULL Sessions
- SuperScan
- The PsTools Suite
- Enumeration with SNMP
- Management Information Base
- SNScan
- Unix and Linux Enumeration
- finger
- rpcinfo
- showmount
- Enum4linux
- LDAP and Directory Service Enumeration
- Enumeration Using NTP
- SMTP Enumeration
- Using VRFY
- Using EXPN
- Using RCPT TO
- SMTP Relay
- Summary
- Exam Essentials
- Review Questions
- Chapter 7 Gaining Access to a System
- Up to This Point
- System Hacking
- Authentication on Microsoft Platforms
- Executing Applications
- Covering Your Tracks
- Summar y
- Exam Essentials
- Review Questions
- Chapter 8 Trojans, Viruses, Worms, and Covert Channels
- Malware
- Malware and the Law
- Categories of Malware
- Viruses
- Worms
- Spyware
- Adware
- Scareware
- Trojans
- ftoc.indd 14 22-07-2014 16:58:
- Overt and Covert Channels Contents xv
- Summary
- Exam Essentials
- Review Questions
- Chapter 9 Sniffers
- Understanding Sniffers
- Using a Sniffer
- Sniffing Tools
- Wireshark
- TCPdump
- Reading Sniffer Output
- Switched Network Sniffing
- MAC Flooding
- ARP Poisoning
- MAC Spoofing
- Port Mirror or SPAN Port
- On the Defensive
- Mitigating MAC Flooding
- Detecting Sniffing Attacks
- Exam Essentials
- Summary
- Review Questions
- Chapter 10 Social Engineering
- What Is Social Engineering?
- Why Does Social Engineering Work?
- Why is Social Engineering Successful?
- Social-Engineering Phases
- What Is the Impact of Social Engineering?
- Common Targets of Social Engineering
- What Is Social Networking?
- Mistakes in Social Media and Social Networking
- Countermeasures for Social Networking
- Commonly Employed Threats
- Identity Theft
- Protective Measures
- Know What Information Is Available
- Summary
- Exam Essentials
- Review Questions
- ftoc.indd 15 22-07-2014 16:58:
- Chapter 11 Denial of Service xvi Contents
- Understanding DoS
- DoS Targets
- Types of Attacks
- Buffer Overflow
- Understanding DDoS
- DDoS Attacks
- DoS Tools
- DDoS Tools
- DoS Defensive Strategies
- Botnet-Specific Defenses
- DoS Pen Testing Considerations
- Summary
- Exam Essentials
- Review Questions
- Chapter 12 Session Hijacking
- Understanding Session Hijacking
- Spoofing vs. Hijacking
- Active and Passive Attacks
- Session Hijacking and Web Apps
- Types of Application-Level Session Hijacking
- A Few Key Concepts
- Network Session Hijacking
- Exploring Defensive Strategies
- Summary
- Exam Essentials
- Review Questions
- Chapter 13 Web Servers and Web Applications
- Exploring the Client-Server Relationship
- The Client and the Server
- Closer Inspection of a Web Application
- Applications Vulnerabilities of Web Servers and
- Common Flaws and Attack Methods
- Summary
- Exam Essentials
- Review Questions
- Chapter 14 SQL Injection
- Introducing SQL Injection
- Results of SQL Injection
- The Anatomy of a Web Application
- ftoc.indd 16 22-07-2014 16:58:
- Databases and Their Vulnerabilities
- Anatomy of a SQL Injection Attack
- Injection Attack Altering Data with a SQL
- Injecting Blind
- Information Gathering
- Evading Detection Mechanisms
- SQL Injection Countermeasures
- Summary
- Exam Essentials
- Review Questions
- Chapter 15 Wireless Networking
- What Is a Wireless Network?
- Wi-Fi: An Overview
- The Fine Print
- Wireless Vocabulary
- A Close Examination of Threats
- Ways to Locate Wireless Networks
- Choosing the Right Wireless Card
- Hacking Bluetooth
- Summary
- Exam Essentials
- Review Questions
- Honeypots Chapter 16 Evading IDSs, Firewalls, and
- Honeypots, IDSs, and Firewalls
- The Role of Intrusion Detection Systems
- Firewalls
- What’s That Firewall Running?
- Honeypots
- Techniques Run Silent, Run Deep: Evasion
- Evading Firewalls
- Summary
- Exam Essentials
- Review Questions
- Chapter 17 Physical Security
- Introducing Physical Security
- Simple Controls
- Dealing with Mobile Device Issues
- ftoc.indd 17 22-07-2014 16:58: Contents xvii
- Securing the Physical Area xviii Contents
- Defense in Depth
- Summary
- Exam Essentials
- Review Questions
- Appendix A Answers to Review Questions
- Appendix B About the Additional Study Tools
- Index
- ftoc.indd 18 22-07-2014 16:58:
jeff_l
(Jeff_L)
#1