第1页 / 共730页
第2页 / 共730页
第3页 / 共730页
第4页 / 共730页
第5页 / 共730页
第6页 / 共730页
第7页 / 共730页
第8页 / 共730页
CEH Certified Ethical Hacker All-in-One Exam Guide 3rd Edition.pdf
Cover
Title Page
Copyright Page
Dedication
Contents at a Glance
Contents
Acknowledgments
Introduction
Chapter 1 Getting Started: Essential Knowledge
Security 101
Essentials
Security Basics
Introduction to Ethical Hacking
Hacking Terminology
The Ethical Hacker
Chapter Review
Questions
Answers
Chapter 2 Reconnaissance: Information Gathering for the Ethical Hacker
Footprinting
Passive Footprinting
Active Footprinting
Footprinting Methods and Tools
Search Engines
Website and E-mail Footprinting
DNS Footprinting
Network Footprinting
Other Tools
Chapter Review
Questions
Answers
Chapter 3 Scanning and Enumeration
Fundamentals
TCP/IP Networking
Subnetting
Scanning Methodology
Identifying Targets
Port Scanning
Evasion
Vulnerability Scanning
Enumeration
Windows System Basics
Enumeration Techniques
Chapter Review
Questions
Answers
Chapter 4 Sniffing and Evasion
Essentials
Network Knowledge for Sniffing
Active and Passive Sniffing
Sniffing Tools and Techniques
Techniques
Tools
Evasion
Devices Aligned Against You
Evasion Techniques
Chapter Review
Questions
Answers
Chapter 5 Attacking a System
Getting Started
Windows Security Architecture
Linux Security Architecture
Methodology
Hacking Steps
Authentication and Passwords
Privilege Escalation and Executing Applications
Hiding Files and Covering Tracks
Chapter Review
Questions
Answers
Chapter 6 Web-Based Hacking: Servers and Applications
Web Servers
Web Organizations
Attack Methodology
Web Server Architecture
Web Server Attacks
Attacking Web Applications
Application Attacks
Countermeasures
Chapter Review
Questions
Answers
Chapter 7 Wireless Network Hacking
Wireless Networking
Wireless Terminology, Architecture, and Standards
Wireless Hacking
The Mobile World
Mobile Platforms and Attacks
Mobile Attacks
Chapter Review
Questions
Answers
Chapter 8 Security in Cloud Computing
Cloud Computing
Cloud Security
Threats and Attacks
Chapter Review
Questions
Answers
Chapter 9 Trojans and Other Attacks
The “Malware” Attacks
Trojans
Viruses and Worms
Remaining Attacks
Denial of Service
Session Hijacking
Chapter Review
Questions
Answers
Chapter 10 Cryptography 101
Cryptography and Encryption Overview
Encryption Algorithms and Techniques
PKI, the Digital Certificate, and Digital Signatures
The PKI System
Digital Certificates
Digital Signatures
Encrypted Communication and Cryptography Attacks
Encrypted Communication
Cryptography Attacks
Chapter Review
Questions
Answers
Chapter 11 Low Tech: Social Engineering and Physical Security
Social Engineering
Human-Based Attacks
Computer-Based Attacks
Mobile-Based Attacks
Physical Security
Physical Security 101
Chapter Review
Questions
Answers
Chapter 12 The Pen Test: Putting It All Together
Methodology and Steps
The Security Assessments
Security Assessment Deliverables
Guidelines
More Terminology
Chapter Review
Questions
Answers
Appendix A Tool, Sites, and References
Vulnerability Research Sites
Footprinting Tools
People Search Tools
Competitive Intelligence
Tracking Online Reputation
Website Research/Web Updates Tools
DNS and Whois Tools
Traceroute Tools and Links
Website Mirroring Tools and Sites
E-mail Tracking
Google Hacking
Scanning and Enumeration Tools
Ping Sweep
Scanning Tools
Banner Grabbing
Vulnerability Scanning
Network Mapping
Proxy, Anonymizer, and Tunneling
Enumeration
SNMP Enumeration
LDAP Enumeration
NTP Enumeration
Registry Tools
Windows Service Monitoring Tools
File/Folder Integrity Checkers
System Hacking Tools
Default Password Search Links
Password Hacking Tools
DoS/DDos
Sniffing
Keyloggers and Screen Capture
Privilege Escalation
Executing Applications
Spyware
Mobile Spyware
Covering Tracks
Packet Crafting/Spoofing
Session Hijacking
Clearing Tracks
Cryptography and Encryption
Encryption Tools
Hash Tools
Steganography
Stego Detection
Cryptanalysis
Sniffing
Packet Capture
Wireless
MAC Flooding/Spoofing
ARP Poisoning
Wireless
Discovery
Attack and Analysis
Packet Sniffing
WEP/WPA Cracking
Bluetooth
Mobile Attacks
Mobile Wireless Discovery
Mobile Device Tracking
Rooting/Jailbreaking
MDM
Trojans and Malware
Anti-Malware (AntiSpyware and Anitvirus)
Crypters and Packers
Monitoring Tools
Attack Tools
Web Attacks
Attack tools
SQL Injection
Miscellaneous
Cloud Security
IDS
Evasion Tools
Pen Test Suites
VPN/FW Scanner
Social Engineering
Extras
Linux Distributions
Tools, Sites, and References Disclaimer
Appendix B About the Download
System Requirements
Installing and Running Total Tester
About Total Tester
Technical Support
Glossary
Index
Download from finelybook www.finelybook.com
ABOUT THE AUTHOR
Matt Walker is currently working as a member of the Cyber Defense and
Security Strategy team within Hewlett-Packard Enterprise. An IT security
and education professional for more than 20 years, he has served as the
director of the Network Training Center and a curriculum lead/senior
instructor for Cisco Networking Academy on Ramstein AB, Germany, and as
a network engineer for NASA’s Secure Network Systems (NSS), designing
and maintaining secured data, voice, and video networking for the agency.
Matt also worked as an instructor supervisor and senior instructor at
Dynetics, Inc., in Huntsville, Alabama, providing on-site certification-
awarding classes for ISC2, Cisco, and CompTIA, and after two years he
came right back to NASA as an IT security manager for UNITeS, SAIC, at
Marshall Space Flight Center. He has written and contributed to numerous
technical training books for NASA, Air Education and Training Command,
and the U.S. Air Force, as well as commercially, and he continues to train
and write certification and college-level IT and IA security courses.
About the Technical Editor
Brad Horton currently works as an information security specialist with the
U.S. Department of Defense. Brad has worked as a security engineer,
commercial security consultant, penetration tester, and information systems
researcher in both the private and public sectors.
This has included work with several defense contractors, including
General Dynamics C4S, SAIC, and Dynetics, Inc. Brad currently holds the
Certified Information Systems Security Professional (CISSP), the CISSP –
Information Systems Security Management Professional (CISSP-ISSMP), the
Certified Ethical Hacker (CEH), and the Certified Information Systems
Auditor (CISA) trade certifications. Brad holds a bachelor’s degree in
Commerce and Business Administration from the University of Alabama, a
2
Download from finelybook www.finelybook.com
master’s degree in Management of Information Systems from the University
of Alabama in Huntsville (UAH), and a graduate certificate in Information
Assurance from UAH. When not hacking, Brad can be found at home with
his family or on a local golf course.
The views and opinions expressed in all portions of this publication belong
solely to the author and/or editor and do not necessarily state or reflect those
of the Department of Defense or the United States Government. References
within this publication to any specific commercial product, process, or
service by trade name, trademark, manufacturer, or otherwise, do not
necessarily constitute or imply its endorsement, recommendation, or favoring
by the United States Government.
3
Download from finelybook www.finelybook.com
4
Download from finelybook www.finelybook.com
Copyright © 2017 by McGraw-Hill Education. All rights reserved. Except as
permitted under the United States Copyright Act of 1976, no part of this
publication may be reproduced or distributed in any form or by any means, or
stored in a database or retrieval system, without the prior written permission
of the publisher.
ISBN: 978-1-25-983656-5
MHID: 1-25-983656-8.
The material in this eBook also appears in the print version of this title:
ISBN: 978-1-25-983655-8,
MHID: 1-25-983655-X.
eBook conversion by codeMantra
Version 1.0
All trademarks are trademarks of their respective owners. Rather than put a
trademark symbol after every occurrence of a trademarked name, we use
names in an editorial fashion only, and to the benefit of the trademark owner,
with no intention of infringement of the trademark. Where such designations
appear in this book, they have been printed with initial caps.
McGraw-Hill Education eBooks are available at special quantity discounts to
use as premiums and sales promotions or for use in corporate training
programs. To contact a representative, please visit the Contact Us page at
www.mhprofessional.com.
The views and opinions expressed in all portions of this publication belong
solely to the author and/or editor and do not necessarily state or reflect those
of the Department of Defense or the United States Government. References
within this publication to any specific commercial product, process, or
service by trade name, trademark, manufacturer, or otherwise, do not
necessarily constitute or imply its endorsement, recommendation, or favoring
by the United States Government.
Some glossary terms included in this book may be considered public
information as designated by The National Institute of Standards and
5
Download from finelybook www.finelybook.com
Technology (NIST). NIST is an agency of the U.S. Department of
Commerce. Please visit www.nist.gov for more information.
TERMS OF USE
This is a copyrighted work and McGraw-Hill Education and its licensors
reserve all rights in and to the work. Use of this work is subject to these
terms. Except as permitted under the Copyright Act of 1976 and the right to
store and retrieve one copy of the work, you may not decompile, disassemble,
reverse engineer, reproduce, modify, create derivative works based upon,
transmit, distribute, disseminate, sell, publish or sublicense the work or any
part of it without McGraw-Hill Education’s prior consent. You may use the
work for your own noncommercial and personal use; any other use of the
work is strictly prohibited. Your right to use the work may be terminated if
you fail to comply with these terms.
THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION
AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES
AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR
RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING
ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE
WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY
DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
McGraw-Hill Education and its licensors do not warrant or guarantee that the
functions contained in the work will meet your requirements or that its
operation will be uninterrupted or error free. Neither McGraw-Hill Education
nor its licensors shall be liable to you or anyone else for any inaccuracy, error
or omission, regardless of cause, in the work or for any damages resulting
therefrom. McGraw-Hill Education has no responsibility for the content of
any information accessed through the work. Under no circumstances shall
McGraw-Hill Education and/or its licensors be liable for any indirect,
incidental, special, punitive, consequential or similar damages that result
from the use of or inability to use the work, even if any of them has been
advised of the possibility of such damages. This limitation of liability shall
apply to any claim or cause whatsoever whether such claim or cause arises in
6
Download from finelybook www.finelybook.com
contract, tort or otherwise.
7
Download from finelybook www.finelybook.com
This book is dedicated to my children—
Faith, Hope, Christian, and Charity. I love you with all my heart,
and I am so proud of the world-changing impact you’re making.
8
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
