Book Image

CEH v10 Certified Ethical Hacker Study Guide

By : Ric Messier
Book Image

CEH v10 Certified Ethical Hacker Study Guide

By: Ric Messier

Overview of this book

As protecting information becomes a rapidly growing concern for today’s businesses, certifications in IT security have become highly desirable, even as the number of certifications has grown. Now you can set yourself apart with the Certified Ethical Hacker (CEH v10) certification. The CEH v10 Certified Ethical Hacker Study Guide offers a comprehensive overview of the CEH certification requirements using concise and easy-to-follow instructions. Chapters are organized by exam objective, with a handy section that maps each objective to its corresponding chapter, so you can keep a track of your progress. The text provides thorough coverage of all topics, along with challenging chapter review questions and Exam Essentials, a key feature that identifies critical study areas. Subjects include intrusion detection, DDoS attacks, buffer overflows, virus creation, and more. This study guide goes beyond test prep, providing practical hands-on exercises to reinforce vital skills and real-world scenarios that put what you’ve learned into the context of actual job roles. By the end of the book, you’ll have all the information and knowledge you need to pass this test with flying colors
Table of Contents (23 chapters)
Free Chapter
1
Cover
2
About the Author
3
Introduction
4
Assessment Test
5
Answers to Assessment Test
20
Index
21
Comprehensive Online Learning Environment
22
End User License Agreement

System Compromise

Exploitation, or system compromise, will serve two purposes for us. One of them is to demonstrate that vulnerabilities are legitimate and not just theoretical. After all, when we do vulnerability scanning, we get an indication that a system may have a vulnerability, but until the vulnerability has been exploited, it’s not guaranteed that the vulnerability exists, which means we aren’t sure whether it really needs to be fixed or not. The second reason is that exploiting a vulnerability and compromising a system can lead us further into the organization, potentially exposing additional vulnerabilities. This is, in part, because we may get further reachability deeper into the network but also because we may be able to harvest credentials that may be used on other systems.

I’m going to cover a couple of different ways to work on system compromise. I’m going to start with Metasploit since it’s such a common approach. It should be noted...