CEH Certified Ethical Hacker Cert Guide

by ;
Edition: 4th
Format: Hardcover
Pub. Date: 2022-04-07
Publisher(s): Pearson IT Certification
  • Complimentary 7-Day eTextbook Access - Read more
    When you rent or buy this book, you will receive complimentary 7-day online access to the eTextbook version from your PC, Mac, tablet, or smartphone. Feature not included on Marketplace Items.
List Price: $59.99

Buy New

Usually Ships in 7-10 Business Days

Rent Book

Select for Price
There was a problem. Please try again later.

Rent Digital

Online: 1825 day access
Downloadable: Lifetime Access

Used Book

We're Sorry
Sold Out

This item is being sold by an Individual Seller and will not ship from the Online Bookstore's warehouse. The Seller must confirm the order within two business days. If the Seller refuses to sell or fails to confirm within this time frame, then the order is cancelled.

Please be sure to read the Description offered by the Seller.


In this best-of-breed study guide, leading experts Michael Gregg and Omar Santos help you master all the topics you need to know to succeed on your Certified Ethical Hacker exam and advance your career in IT security. The authors' concise, focused approach explains every exam objective from a real-world perspective, helping you quickly identify weaknesses and retain everything you need to know.

Every feature of this book supports both efficient exam preparation and long-term mastery:

* Opening topics lists identify the topics you need to learn in each chapter and list EC-Council's official exam objectives
* Key Topics figures, tables, and lists call attention to the information that's most crucial for exam success
* Exam Preparation Tasks enable you to review key topics, define key terms, work through scenarios, and answer review questions...going beyond mere facts to master the concepts that are crucial to passing the exam and enhancing your career
* Key Terms are listed in each chapter and defined in a complete glossary, explaining all the field's essential terminology

This study guide helps you master all the topics on the latest CEH exam, including

* Ethical hacking basics
* Technical foundations of hacking
* Footprinting and scanning
* Enumeration and system hacking
* Social engineering, malware threats, and vulnerability analysis
* Sniffers, session hijacking, and denial of service
* Web server hacking, web applications, and database attacks
* Wireless technologies, mobile security, and mobile attacks
* IDS, firewalls, and honeypots
* Cryptographic attacks and defenses
* Cloud computing, IoT, and botnets

Author Biography

Michael Gregg (CISSP, SSCP, CISA, MCSE, MCT, CTT+, A+, N+, Security+, CCNA, CASP, CISA, CISM, CEH, CHFI, and GSEC) directs the cybersecurity operations for a multinational organization that operates facilities worldwide. As the CISO, Michael is responsible for securing the organization's assets on a global scale. Michael is responsible for developing cost-effective and innovative technology solutions for security issues and for evaluating emerging technologies.

He has more than 20 years of experience in the IT field and holds two associate's degrees, a bachelor's degree, and a master's degree. In addition to coauthoring the first, second, and third editions of Security Administrator Street Smarts, Michael has written or coauthored more than 20 other books.

Michael has testified before a U.S. congressional committee, has been quoted in newspapers such as the New York Times, and was featured on various television and radio shows, including NPR, ABC, CBS, Fox News, and others, discussing cybersecurity and ethical hacking. He has created more than a dozen IT security training classes. He has created and performed video instruction on many security topics, such as cybersecurity, CISSP, CISA, Security+, and others.

When not working, speaking at security events, or writing, Michael enjoys 1960s muscle cars and has a slot in his garage for a new project car.

Omar Santos is an active member of the cybersecurity community. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants that are dedicated to increasing the security of their critical infrastructure. Omar is the lead of the DEF CON Red Team Village, the chair of the OASIS Common Security Advisory Framework (CSAF), and has been the leader of several working groups in the Industry Consortium for Advancement of Security on the Internet (ICASI) and the Forum of Incident Response and Security Teams (FIRST).

Omar is the author of more than 20 books and video courses and numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of security vulnerabilities. Omar has been quoted by numerous media outlets, such as The Register, Wired, ZDNet, ThreatPost, CyberScoop, TechCrunch, Fortune, Ars Technica, and more. Additional information about Omar can be obtained from h4cker.org and omarsantos.io. You can follow Omar on Twitter at @santosomar.

Table of Contents

Introduction xxvii
Chapter 1 An Introduction to Ethical Hacking 3
"Do I Know This Already?" Quiz 3
Foundation Topics 7
Security Fundamentals 7
    Goals of Security 8
    Risk, Assets, Threats, and Vulnerabilities 9
    Backing Up Data to Reduce Risk 11
    Defining an Exploit 12
    Risk Assessment 13
Security Testing 14
    No-Knowledge Tests (Black Box) 14
    Full-Knowledge Testing (White Box) 15
    Partial-Knowledge Testing (Gray Box) 15
    Types of Security Tests 15
    Incident Response 17
Cyber Kill Chain 18
Hacker and Cracker Descriptions 19
    Who Attackers Are 20
Ethical Hackers 21
    Required Skills of an Ethical Hacker 22
    Modes of Ethical Hacking 23
Test Plans--Keeping It Legal 25
    Test Phases 27
    Establishing Goals 28
    Getting Approval 29
    Ethical Hacking Report 29
    Vulnerability Research and Bug Bounties--Keeping Up with Changes 30
Ethics and Legality 31
    Overview of U.S. Federal Laws 32
    Compliance Regulations 34
    Payment Card Industry Data Security Standard (PCI-DSS) 36
Summary 36
Exam Preparation Tasks 37
Review All Key Topics 37
Define Key Terms 38
Exercises 38
    1-1 Searching for Exposed Passwords 38
    1-2 Examining Security Policies 39
Review Questions 39
Suggested Reading and Resources 44
Chapter 2 The Technical Foundations of Hacking 47
"Do I Know This Already?" Quiz 47
Foundation Topics 50
The Hacking Process 50
    Performing Reconnaissance and Footprinting 50
    Scanning and Enumeration 51
    Gaining Access 52
    Escalating Privilege 53
    Maintaining Access 53
    Covering Tracks and Planting Backdoors 54
The Ethical Hacker's Process 54
    NIST SP 800-115 56
    Operationally Critical Threat, Asset, and Vulnerability Evaluation 56
    Open Source Security Testing Methodology Manual 56
Information Security Systems and the Stack 57
    The OSI Model 57
    Anatomy of TCP/IP Protocols 60
    The Application Layer 62
    The Transport Layer 66
    Transmission Control Protocol 66
    User Datagram Protocol 68
    The Internet Layer 69
    Traceroute 74
    The Network Access Layer 77
Summary 78
Exam Preparation Tasks 79
Review All Key Topics 79
Define Key Terms 79
Exercises 80
    2-1 Install a Sniffer and Perform Packet Captures 80
    2-2 Using Traceroute for Network Troubleshooting 81
Review Questions 81
Suggested Reading and Resources 85
Chapter 3 Footprinting, Reconnaissance, and Scanning 89
"Do I Know This Already?" Quiz 89
Foundation Topics 93
Footprinting 93
    Footprinting Methodology 93
    Documentation 95
    Footprinting Through Search Engines 96
    Footprinting Through Social Networking Sites 101
    Footprinting Through Web Services and Websites 103
    Email Footprinting 106
    Whois Footprinting 108
    DNS Footprinting 112
    Network Footprinting 118
    Subnetting's Role in Mapping Networks 119
    Traceroute 120
    Footprinting Through Social Engineering 121
    Footprinting Countermeasures 122
Scanning 122
    Host Discovery 123
    Port and Service Discovery 124
    Nmap 131
    SuperScan 139
    THC-Amap 139
    Hping 140
    Port Knocking 140
    OS Discovery (Banner Grabbing/OS Fingerprinting) and Scanning
    Beyond IDS and Firewall 141
    Active Fingerprinting Tools 143
    Fingerprinting Services 145
        Default Ports and Services 145
        Finding Open Services 145
    Draw Network Diagrams 148
Summary 151
Exam Preparation Tasks 152
Review All Key Topics 152
Define Key Terms 152
Exercises 153
    3-1 Performing Passive Reconnaissance 153
    3-2 Performing Active Reconnaissance 154
Review Questions 155
Suggested Reading and Resources 159
Chapter 4 Enumeration and System Hacking 161
"Do I Know This Already?" Quiz 161
Foundation Topics 164
Enumeration 164
    Windows Enumeration 164
    Windows Security 166
    NetBIOS and LDAP Enumeration 167
    NetBIOS Enumeration Tools 169
    SNMP Enumeration 177
    Linux/UNIX Enumeration 183
    NTP Enumeration 185
    SMTP Enumeration 186
    Additional Enumeration Techniques 191
    DNS Enumeration 191
    Enumeration Countermeasures 192
System Hacking 193
    Nontechnical Password Attacks 193
    Technical Password Attacks 194
    Password Guessing 195
    Automated Password Guessing 197
    Password Sniffing 197
    Keylogging 198
    Escalating Privilege and Exploiting Vulnerabilities 199
    Exploiting an Application 200
    Exploiting a Buffer Overflow 201
    Owning the Box 203
    Windows Authentication Types 203
    Cracking Windows Passwords 205
    Linux Authentication and Passwords 209
    Cracking Linux Passwords 212
    Hiding Files and Covering Tracks 213
    Rootkits 214
    File Hiding 217
Summary 219
Exam Preparation Tasks 220
Review All Key Topics 220
Define Key Terms 220
Exercise 220
    4-1 NTFS File Streaming 220
Review Questions 221
Suggested Reading and Resources 226
Chapter 5 Social Engineering, Malware Threats, and Vulnerability Analysis 229
"Do I Know This Already?" Quiz 229
Foundation Topics 234
Social Engineering 234
    Phishing 235
    Pharming 235
    Malvertising 236
    Spear Phishing 237
    SMS Phishing 245
    Voice Phishing 245
    Whaling 245
    Elicitation, Interrogation, and Impersonation (Pretexting) 246
    Social Engineering Motivation Techniques 247
    Shoulder Surfing and USB Baiting 248
Malware Threats 248
    Viruses and Worms 248
    Types and Transmission Methods of Viruses and Malware 249
    Virus Payloads 251
    History of Viruses 252
    Well-Known Viruses and Worms 253
    Virus Creation Tools 255
    Trojans 255
    Trojan Types 256
    Trojan Ports and Communication Methods 257
    Trojan Goals 258
    Trojan Infection Mechanisms 259
    Effects of Trojans 260
    Trojan Tools 261
    Distributing Trojans 263
    Wrappers 264
    Packers 265
    Droppers 265
    Crypters 265
    Ransomware 267
    Covert Communications 268
    Tunneling via the Internet Layer 269
    Tunneling via the Transport Layer 272
    Tunneling via the Application Layer 273
    Port Redirection 274
    Keystroke Logging and Spyware 276
    Hardware Keyloggers 277
    Software Keyloggers 277
    Spyware 278
    Malware Countermeasures 279
    Detecting Malware 280
    Antivirus 283
    Analyzing Malware 286
    Static Analysis 286
    Dynamic Analysis 288
Vulnerability Analysis 290
    Passive vs. Active Assessments 290
    External vs. Internal Assessments 290
    Vulnerability Assessment Solutions 291
    Tree-Based vs. Inference-Based Assessments 291
    Vulnerability Scoring Systems 292
    Vulnerability Scanning Tools 296
Summary 297
Exam Preparation Tasks 298
Review All Key Topics 299
Define Key Terms 300
Command Reference to Check Your Memory 300
Exercises 300
    5-1 Finding Malicious Programs 300
    5-2 Using Process Explorer 301
Review Questions 303
Suggested Reading and Resources 307
Chapter 6 Sniffers, Session Hijacking, and Denial of Service 311
"Do I Know This Already?" Quiz 311
Foundation Topics 314
Sniffers 314
    Passive Sniffing 315
    Active Sniffing 316
    Address Resolution Protocol 316
    ARP Poisoning and MAC Flooding 318
    Tools for Sniffing and Packet Capturing 324
    Wireshark 324
    Other Sniffing Tools 328
    Sniffing and Spoofing Countermeasures 328
Session Hijacking 330
    Transport Layer Hijacking 330
        Identify and Find an Active Session 331
        Predict the Sequence Number 332
        Take One of the Parties Offline 333
        Take Control of the Session 333
    Application Layer Hijacking 334
        Session Sniffing 334
        Predictable Session Token ID 334
        On-Path Attacks 335
        Client-Side Attacks 335
        Browser-Based On-Path Attacks 337
        Session Replay Attacks 338
        Session Fixation Attacks 338
    Session Hijacking Tools 338
    Preventing Session Hijacking 341
Denial of Service and Distributed Denial of Service 341
    DoS Attack Techniques 343
    Volumetric Attacks 343
    SYN Flood Attacks 344
    ICMP Attacks 344
    Peer-to-Peer Attacks 345
    Application-Level Attacks 345
    Permanent DoS Attacks 346
    Distributed Denial of Service 347
    DDoS Tools 348
    DoS and DDoS Countermeasures 350
Summary 353
Exam Preparation Tasks 354
Review All Key Topics 354
Define Key Terms 354
Exercises 355
    6-1 Scanning for DDoS Programs 355
    6-2 Spoofing Your MAC Address in Linux 355
    6-3 Using the KnowBe4 SMAC to Spoof Your MAC Address 356
Review Questions 356
Suggested Reading and Resources 360
Chapter 7 Web Server Hacking, Web Applications, and Database Attacks 363
"Do I Know This Already?" Quiz 363
Foundation Topics 366
Web Server Hacking 366
    The HTTP Protocol 366
    Scanning Web Servers 374
    Banner Grabbing and Enumeration 374
    Web Server Vulnerability Identification 379
    Attacking the Web Server 380
    DoS/DDoS Attacks 380
    DNS Server Hijacking and DNS Amplification Attacks 380
    Directory Traversal 382
    On-Path Attacks 384
    Website Defacement 384
    Web Server Misconfiguration 384
    HTTP Response Splitting 385
    Understanding Cookie Manipulation Attacks 385
    Web Server Password Cracking 386
    Web Server-Specific Vulnerabilities 386
    Comments in Source Code 388
    Lack of Error Handling and Overly Verbose Error Handling 389
    Hard-Coded Credentials 389
    Race Conditions 389
    Unprotected APIs 390
    Hidden Elements 393
    Lack of Code Signing 393
    Automated Exploit Tools 393
    Securing Web Servers 395
        Harden Before Deploying 395
        Patch Management 395
        Disable Unneeded Services 396
        Lock Down the File System 396
        Log and Audit 396
        Provide Ongoing Vulnerability Scans 397
Web Application Hacking 398
    Unvalidated Input 398
    Parameter/Form Tampering 399
    Injection Flaws 399
    Cross-Site Scripting (XSS) Vulnerabilities 400
    Reflected XSS Attacks 401
    Stored XSS Attacks 402
    DOM-Based XSS Attacks 404
    XSS Evasion Techniques 405
    XSS Mitigations 406
    Understanding Cross-Site Request Forgery Vulnerabilities and Related Attacks 408
    Understanding Clickjacking 409
    Other Web Application Attacks 410
    Exploiting Web-Based Cryptographic Vulnerabilities and Insecure Configurations 411
    Web-Based Password Cracking and Authentication Attacks 412
    Understanding What Cookies Are and Their Use 414
    URL Obfuscation 415
    Intercepting Web Traffic 417
    Securing Web Applications 419
    Lack of Code Signing 421
Database Hacking 421
    A Brief Introduction to SQL and SQL Injection 422
        SQL Injection Categories 427
        Fingerprinting the Database 429
        Surveying the UNION Exploitation Technique 430
        Using Boolean in SQL Injection Attacks 431
        Understanding Out-of-Band Exploitation 432
        Exploring the Time-Delay SQL Injection Technique 433
        Surveying Stored Procedure SQL Injection 434
        Understanding SQL Injection Mitigations 434
    SQL Injection Hacking Tools 435
Summary 436
Exam Preparation Tasks 437
Review All Key Topics 437
Exercise 438
    7-1 Complete the Exercises in WebGoat 438
Review Questions 438
Suggested Reading and Resources 443
Chapter 8 Wireless Technologies, Mobile Security, and Attacks 445
"Do I Know This Already?" Quiz 445
Foundation Topics 449
Wireless and Mobile Device Technologies 449
    Mobile Device Concerns 451
    Mobile Device Platforms 452
    Android 453
    iOS 455
    Windows Mobile Operating System 456
    BlackBerry 457
    Mobile Device Management and Protection 457
    Bluetooth 458
    Radio Frequency Identification (RFID) Attacks 461
Wi-Fi 461
    Wireless LAN Basics 462
    Wireless LAN Frequencies and Signaling 463
    Wireless LAN Security 464
        Installing Rogue Access Points 467
        Evil Twin Attacks 468
        Deauthentication Attacks 468
    Attacking the Preferred Network Lists 472
    Jamming Wireless Signals and Causing Interference 472
    War Driving 472
        Attacking WEP 472
        Attacking WPA 474
    Wireless Networks Configured with Open Authentication 478
        KRACK Attacks 479
        Attacks Against WPA3 479
        Attacking Wi-Fi Protected Setup (WPS) 480
        KARMA Attack 481
        Fragmentation Attacks 481
    Additional Wireless Hacking Tools 482
    Performing GPS Mapping 483
    Wireless Traffic Analysis 483
    Launch Wireless Attacks 483
    Crack and Compromise the Wi-Fi Network 484
    Securing Wireless Networks 485
    Site Survey 485
        Robust Wireless Authentication 485
    Misuse Detection 486
Summary 487
Exam Preparation Tasks 488
Review All Key Topics 488
Define Key Terms 488
Review Questions 488
Suggested Reading and Resources 489
Chapter 9 Evading IDS, Firewalls, and Honeypots 491
"Do I Know This Already?" Quiz 491
Foundation Topics 495
Intrusion Detection and Prevention Systems 495
    IDS Types and Components 495
    Pattern Matching 497
    Protocol Analysis 500
    Heuristic-Based Analysis 500
    Anomaly-Based Analysis 500
    Global Threat Correlation Capabilities 502
    Snort 502
    IDS Evasion 506
    Flooding 507
    Insertion and Evasion 507
    Session Splicing 508
    Shellcode Attacks 508
    Other IDS Evasion Techniques 509
    IDS Evasion Tools 510
Firewalls 511
    Firewall Types 512
    Network Address Translation 512
    Packet Filters 513
    Application and Circuit-Level Gateways 515
    Stateful Inspection 515
    Identifying Firewalls 516
    Bypassing Firewalls 520
Honeypots 526
    Types of Honeypots 528
    Detecting Honeypots 529
Summary 530
Exam Preparation Tasks 530
Review All Key Topics 530
Define Key Terms 531
Review Questions 531
Suggested Reading and Resources 536
Chapter 10 Cryptographic Attacks and Defenses 539
"Do I Know This Already?" Quiz 539
Foundation Topics 543
Cryptography History and Concepts 543
Encryption Algorithms 545
    Symmetric Encryption 546
    Data Encryption Standard (DES) 548
    Advanced Encryption Standard (AES) 550
    Rivest Cipher 551
    Asymmetric Encryption (Public Key Encryption) 551
    RSA 552
    Diffie-Hellman 552
    ElGamal 553
    Elliptic-Curve Cryptography (ECC) 553
    Digital Certificates 553
Public Key Infrastructure 554
    Trust Models 555
    Single-Authority Trust 556
    Hierarchical Trust 556
    Web of Trust 557
Email and Disk Encryption 557
Cryptoanalysis and Attacks 558
    Weak Encryption 561
    Encryption-Cracking Tools 563
Security Protocols and Countermeasures 563
    Steganography 566
        Steganography Operation 567
        Steganographic Tools 568
    Digital Watermark 571
    Hashing 571
    Digital Signature 573
Summary 574
Exam Preparation Tasks 574
Review All Key Topics 574
Define Key Terms 575
Exercises 575
    10-1 Examining an SSL Certificate 575
    10-2 Using PGP 576
    10-3 Using a Steganographic Tool to Hide a Message 577
Review Questions 577
Suggested Reading and Resources 582
Chapter 11 Cloud Computing, IoT, and Botnets 585
"Do I Know This Already?" Quiz 585
Foundation Topics 588
Cloud Computing 588
    Cloud Computing Issues and Concerns 590
    Cloud Computing Attacks 592
    Cloud Computing Security 593
    DevOps, Continuous Integration (CI), Continuous Delivery (CD), and DevSecOps 593
    CI/CD Pipelines 596
    Serverless Computing 598
    Containers and Container Orchestration 598
    How to Scan Containers to Find Security Vulnerabilities 600
IoT 601
    IoT Protocols 604
    IoT Implementation Hacking 606
Botnets 606
    Botnet Countermeasures 609
Summary 612
Exam Preparation Tasks 612
Review All Key Topics 612
Define Key Terms 613
Review Questions 613
Suggested Reading and Resources 615
Chapter 12 Final Preparation 619
Hands-on Activities 619
Suggested Plan for Final Review and Study 620
Summary 621
Glossary of Key Terms 623
Appendix A Answers to the "Do I Know This Already?" Quizzes and Review Questions 649
Appendix B CEH Certified Ethical Hacker Cert Guide Exam Updates 685
Index 687

Online Elements:
Appendix C Study Planner
Glossary of Key Terms

9780137489985    TOC    12/15/2021

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.