CEH v9. Certified Ethical Hacker (3^rd Ed.)
Version 9. Study Guide (exam 312-50)

The CEH v9: Certified Ethical Hacker Version 9 Study Guide is your ideal companion for CEH v9 exam preparation. This comprehensive, in-depth review of CEH certification requirements is designed to help you internalize critical information using concise, to-the-point explanations and an easy-to-follow approach to the material. Covering all sections of the exam, the discussion highlights essential topics like intrusion detection, DDoS attacks, buffer overflows, and malware creation in detail, and puts the concepts into the context of real-world scenarios. Each chapter is mapped to the corresponding exam objective for easy reference, and the Exam Essentials feature helps you identify areas in need of further study. You also get access to online study tools including chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms to help you ensure full mastery of the exam material.

The Certified Ethical Hacker is one-of-a-kind in the cybersecurity sphere, allowing you to delve into the mind of a hacker for a unique perspective into penetration testing. This guide is your ideal exam preparation resource, with specific coverage of all CEH objectives and plenty of practice material.

Introduction xxi

Assessment Test xxxii

Chapter 1 Introduction to Ethical Hacking 1

Hacking: the Evolution 3

The Early Days of Hacking 3

Current Developments 4

Hacking: Fun or Criminal Activity? 5

The Evolution and Growth of Hacking 7

So, What Is an Ethical Hacker? 9

What Are Your Responsibilities? 9

Code of Conduct and Ethics 11

Ethical Hacking and Penetration Testing 12

Hacking Methodologies 17

Vulnerability Research and Tools 21

What Is Incident Response? 21

Business Continuity Plan 26

Ethics and the Law 33

Summary 34

Exam Essentials 35

Review Questions 36

Chapter 2 System Fundamentals 39

Exploring Network Topologies 40

Working with the Open Systems Interconnection Model 44

Dissecting the TCP/IP Suite 47

IP Subnetting 49

Hexadecimal vs. Binary 49

Exploring TCP/IP Ports 50

Domain Name System 53

Understanding Network Devices 53

Routers and Switches 53

Working with MAC Addresses 55

Proxies and Firewalls 56

Intrusion Prevention and Intrusion Detection Systems 57

Network Security 58

Knowing Operating Systems 60

Microsoft Windows 60

Mac OS 61

Android 62

Linux 62

Backups and Archiving 63

Summary 64

Exam Essentials 65

Review Questions 66

Chapter 3 Cryptography 71

Cryptography: Early Applications and Examples 73

History of Cryptography 73

Tracing the Evolution 75

Cryptography in Action 76

So How Does It Work? 77

Symmetric Cryptography 77

Asymmetric, or Public Key, Cryptography 80

Understanding Hashing 86

Issues with Cryptography 88

Applications of Cryptography 89

IPsec 90

Pretty Good Privacy 92

Secure Sockets Layer 93

Summary 94

Exam Essentials 94

Review Questions 95

Chapter 4 Footprinting 99

Understanding the Steps of Ethical Hacking 100

Phase 1: Footprinting 100

Phase 2: Scanning 101

Phase 3: Enumeration 101

Phase 4: System Hacking 102

What Is Footprinting? 102

Why Perform Footprinting? 103

Goals of the Footprinting Process 103

Terminology in Footprinting 106

Open Source and Passive Information Gathering 106

Passive Information Gathering 106

Pseudonymous Footprinting 106

Internet Footprinting 107

Threats Introduced by Footprinting 107

The Footprinting Process 108

Using Search Engines 108

Google Hacking 108

Public and Restricted Websites 111

Location and Geography 112

Social Networking and Information Gathering 113

Financial Services and Information Gathering 116

The Value of Job Sites 116

Working with Email 117

Competitive Analysis 118

Gaining Network Information 119

Social Engineering: the Art of Hacking Humans 120

Summary 121

Exam Essentials 121

Review Questions 123

Chapter 5 Scanning 127

What Is Scanning? 128

Types of Scans 129

Checking for Live Systems 130

Wardialing 131

Using Ping 133

Hping3: the Heavy Artillery 134

Checking the Status of Ports 135

The Family Tree of Scans 138

Full-Open Scan 138

Stealth or Half-Open Scan 138

Xmas Tree Scan 139

FIN Scan 140

NULL Scan 141

Idle Scanning 142

ACK Scanning 143

UDP Scanning 144

OS Fingerprinting 145

Active Fingerprinting with Nmap 146

Passive Fingerprinting an OS 147

Banner Grabbing 149

Countermeasures 151

Vulnerability Scanning 151

Mapping the Network 152

Using Proxies 153

Setting a Web Browser to Use a Proxy 154

Summary 155

Exam Essentials 155

Review Questions 156

Chapter 6 Enumeration 159

A Quick Review 160

Footprinting 160

Scanning 161

What Is Enumeration? 161

About Windows Enumeration 163

Users 163

Groups 164

Security Identifiers 166

Linux Basic 168

Users 168

Services and Ports of Interest 169

Commonly Exploited Services 170

NULL Sessions 173

SuperScan 174

DNS Zone Transfers 174

The PsTools Suite 177

Using finger 178

Enumeration with SNMP 178

Management Information Base 179

SNScan 180

Unix and Linux Enumeration 180

finger 180

rpcinfo 181

showmount 181

enum4linux 181

LDAP and Directory Service Enumeration 182

JXplorer 183

Preventing LDAP Enumeration 183

Enumeration Using NTP 184

SMTP Enumeration 184

Using VRFY 185

Using EXPN 185

Using RCPT TO 186

SMTP Relay 186

Summary 187

Exam Essentials 187

Review Questions 189

Chapter 7 System Hacking 193

Up to This Point 194

Footprinting 194

Scanning 195

Enumeration 195

System Hacking 196

Password Cracking 196

Authentication on Microsoft Platforms 209

Executing Applications 213

Covering Your Tracks 215

Summary 217

Exam Essentials 218

Review Questions 219

Chapter 8 Malware 223

Malware 224

Malware and the Law 226

Categories of Malware 227

Viruses 228

Worms 234

Spyware 236

Adware 237

Scareware 237

Ransomware 238

Trojans 238

Overt and Covert Channels 247

Summary 249

Exam Essentials 250

Review Questions 251

Chapter 9 Sniffers 255

Understanding Sniffers 256

Using a Sniffer 259

Sniffing Tools 259

Wireshark 260

Tcpdump 264

Reading Sniffer Output 266

Switched Network Sniffing 270

MAC Flooding 270

ARP Poisoning 271

MAC Spoofing 272

Port Mirror or SPAN Port 272

On the Defensive 273

Mitigating MAC Flooding 274

Detecting Sniffing Attacks 275

Summary 275

Exam Essentials 276

Review Questions 277

Chapter 10 Social Engineering 281

What Is Social Engineering? 282

Why Does Social Engineering Work? 283

The Power of Social Engineering 284

Social-Engineering Phases 285

What Is the Impact of Social Engineering? 285

Common Targets of Social Engineering 286

Social Networking to Gather Information? 287

Networking 289

Countermeasures for Social Networking 291

Commonly Employed Threats 293

Identity Theft 296

Protective Measures 297

Know What Information Is Available 298

Summary 298

Exam Essentials 299

Review Questions 300

Chapter 11 Denial of Service 305

Understanding DoS 306

DoS Targets 308

Types of Attacks 308

Buffer Overflow 314

Understanding DDoS 317

DDoS Attacks 318

DoS Tools 319

DDoS Tools 320

DoS Defensive Strategies 323

Botnet-Specific Defenses 323

DoS Pen-Testing Considerations 324

Summary 324

Exam Essentials 324

Review Questions 326

Chapter 12 Session Hijacking 331

Understanding Session Hijacking 332

Spoofing vs. Hijacking 334

Active and Passive Attacks 335

Session Hijacking and Web Apps 336

Types of Application-Level Session Hijacking 337

A Few Key Concepts 341

Network Session Hijacking 344

Exploring Defensive Strategies 352

Summary 353

Exam Essentials 353

Review Questions 355

Chapter 13 Web Servers and Applications 359

Exploring the Client‐Server Relationship 360

Looking Closely at Web Servers 361

Web Applications 363

The Client and the Server 364

A Look at the Cloud 365

Closer Inspection of a Web Application 366

Vulnerabilities of Web Servers and Applications 369

Common Flaws and Attack Methods 375

Testing Web Applications 383

Summary 384

Exam Essentials 384

Review Questions 385

Chapter 14 SQL Injection 389

Introducing SQL Injection 390

Results of SQL Injection 392

The Anatomy of a Web Application 393

Databases and Their Vulnerabilities 394

Anatomy of a SQL Injection Attack 396

Altering Data with a SQL Injection Attack 399

Injecting Blind 401

Information Gathering 402

Evading Detection Mechanisms 403

SQL Injection Countermeasures 404

Summary 405

Exam Essentials 405

Review Questions 406

Chapter 15 Hacking Wi‐Fi and Bluetooth 409

What Is a Wireless Network? 410

Wi‐Fi: an Overview 410

The Fine Print 411

Wireless Vocabulary 414

A Close Examination of Threats 425

Ways to Locate Wireless Networks 429

Choosing the Right Wireless Card 430

Hacking Bluetooth 431

Summary 433

Exam Essentials 434

Review Questions 435

Chapter 16 Mobile Device Security 439

Mobile OS Models and Architectures 440

Goals of Mobile Security 441

Device Security Models 442

Google Android OS 443

Apple iOS 446

Common Problems with Mobile Devices 447

Penetration Testing Mobile Devices 449

Penetration Testing Using Android 450

Countermeasures 454

Summary 455

Exam Essentials 456

Review Questions 457

Chapter 17 Evasion 461

Honeypots, IDSs, and Firewalls 462

The Role of Intrusion Detection Systems 462

Firewalls 467

What’s That Firewall Running? 470

Honeypots 473

Run Silent, Run Deep: Evasion Techniques 475

Evading Firewalls 477

Summary 480

Exam Essentials 481

Review Questions 482

Chapter 18 Cloud Technologies and Security 485

What Is the Cloud? 486

Types of Cloud Solutions 487

Forms of Cloud Services 488

Threats to Cloud Security 489

Cloud Computing Attacks 491

Controls for Cloud Security 494

Testing Security in the Cloud 495

Summary 496

Exam Essentials 497

Review Questions 498

Chapter 19 Physical Security 501

Introducing Physical Security 502

Simple Controls 503

Dealing with Mobile Device Issues 505

Data Storage Security 506

Securing the Physical Area 510

Entryways 517

Server Rooms and Networks 518

Other Items to Consider 519

Education and Awareness 519

Defense in Depth 519

Summary 520

Exam Essentials 521

Review Questions 522

Appendix A Answers to Review Questions 525

Chapter 1: Introduction to Ethical Hacking 526

Chapter 2: System Fundamentals 527

Chapter 3: Cryptography 528

Chapter 4: Footprinting 529

Chapter 5: Scanning 530

Chapter 6: Enumeration 532

Chapter 7: System Hacking 532

Chapter 8: Malware 533

Chapter 9: Sniffers 534

Chapter 10: Social Engineering 536

Chapter 11: Denial of Service 537

Chapter 12: Session Hijacking 539

Chapter 13: Web Servers and Applications 540

Chapter 14: SQL Injection 541

Chapter 15: Hacking Wi-Fi and Bluetooth 542

Chapter 16: Mobile Device Security 544

Chapter 17: Evasion 544

Chapter 18: Cloud Technologies and Security 546

Chapter 19: Physical Security 547

Appendix B Penetration Testing Frameworks 549

Overview of Alternative Methods 550

Penetration Testing Execution Standard 552

Working with PTES 553

Pre-Engagement Interactions 553

Contents of a Contract 555

Gaining Permission 556

Intelligence Gathering 557

Threat Modeling 558

Vulnerability Analysis 559

Exploitation 560

Post-Exploitation 560

Reporting 562

Mopping Up 563

Summary 563

Appendix C Building a Lab 565

Why Build a Lab? 566

The Build Process 566

What You Will Need 567

Creating a Test Setup 568

Virtualization Software Options 569

The Installation Process 569

Installing a Virtualized Operating System 570

Installing Tools 570

Summary 574

Index 575