Book Image

Certified Ethical Hacker (CEH) v12 312-50 Exam Guide

By : Dale Meredith
Book Image

Certified Ethical Hacker (CEH) v12 312-50 Exam Guide

By: Dale Meredith

Overview of this book

With cyber threats continually evolving, understanding the trends and using the tools deployed by attackers to determine vulnerabilities in your system can help secure your applications, networks, and devices. To outmatch attacks, developing an attacker's mindset is a necessary skill, which you can hone with the help of this cybersecurity book. This study guide takes a step-by-step approach to helping you cover all the exam objectives using plenty of examples and hands-on activities. You'll start by gaining insights into the different elements of InfoSec and a thorough understanding of ethical hacking terms and concepts. You'll then learn about various vectors, including network-based vectors, software-based vectors, mobile devices, wireless networks, and IoT devices. The book also explores attacks on emerging technologies such as the cloud, IoT, web apps, and servers and examines prominent tools and techniques used by hackers. Finally, you'll be ready to take mock tests, which will help you test your understanding of all the topics covered in the book. By the end of this book, you'll have obtained the information necessary to take the 312-50 exam and become a CEH v11 certified ethical hacker.

Related Content you might be interested in

Current Title:

Small book image
Certified Ethical Hacker (CEH) v12 312-50 Exam Guide
Dale Meredith
Jul, 2022 | 664 pages
Small book image
Hands-On Penetration Testing with Kali NetHunter
Glen D Singh | SeanPhilip Oriyano
Feb, 2019 | 302 pages
Small book image
Applied Network Security
Michael McLafferty | Warun Levesque | Arthur Salmon
Apr, 2017 | 350 pages
Small book image
Learn Kali Linux 2019
Glen D Singh
Nov, 2019 | 550 pages
Table of Contents (23 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Where Every Hacker Starts
Section 1: Where Every Hacker Starts
Free Chapter
2
Chapter 1: Understanding Ethical Hacking
Chapter 1: Understanding Ethical Hacking
The benefits of the CEH certification
Ethical hacking
What is information security?
Information security controls
Information security laws and standards
Summary
Questions
3
Chapter 2: Introduction to Reconnaissance
Chapter 2: Introduction to Reconnaissance
Overview of reconnaissance
Search engines
Google hacking
Using WHOIS
Using ping and DNS
Summary
Questions
4
Chapter 3: Reconnaissance – A Deeper Dive
Chapter 3: Reconnaissance – A Deeper Dive
Investigating the target's website
The Wayback Machine
What organizations give away for free
Employees – the weakest link
Reconnaissance countermeasures
Summary
Questions
5
Chapter 4: Scanning Networks
Chapter 4: Scanning Networks
Grasping scanning
Understanding the three-way handshake
Checking for live systems and their ports
Scanning by thinking outside the box
Banner grabbing and OS fingerprinting
Vulnerability scanning and drawing out the network
Preparing proxies and other anonymizing techniques
Summary
Questions
6
Chapter 5: Enumeration
Chapter 5: Enumeration
What is enumeration?
Ports and services to know about
Enumerating via defaults
NetBIOS enumeration
Enumerating using SNMP
Enumerating via LDAP
Network Time Protocol
Enumerating using SMTP
The golden ticket – DNS
Oh wait, there's more!
The countermeasures
Summary
Questions
7
Chapter 6: Vulnerability Analysis
Chapter 6: Vulnerability Analysis
Vulnerability analysis – where to start
Vulnerability classifications
The vulnerability life cycle
Ongoing scanning and monitoring
Summary
Questions
8
Chapter 7: System Hacking
Chapter 7: System Hacking
Understanding our objectives
Phase 1 – Gaining access and cracking passwords
Phase 2 – Escalating privileges
Phase 3 – Maintaining access and executing applications
Phase 4 – Maintaining access and hiding your tools
Phase 5 – Covering your tracks – Clearing logs and evidence
Summary
Questions
9
Chapter 8: Social Engineering
Chapter 8: Social Engineering
Understanding social engineering
Attack-vulnerable behaviors
What makes social engineering work?
Social engineering's attack phases
Social engineering methods
Threats from within
Threats to corporate networks from social media
Identity theft
Countermeasures
Summary
Questions
Further reading
10
Section 2: A Plethora of Attack Vectors
Section 2: A Plethora of Attack Vectors
11
Chapter 9: Malware and Other Digital Attacks
Chapter 9: Malware and Other Digital Attacks
So, what is malware?
What is a Trojan?
Viruses and worms
DoS threats
Session-hijacking threats
Master list of countermeasures
Summary
Questions
12
Chapter 10: Sniffing and Evading IDS, Firewalls, and Honeypots
Chapter 10: Sniffing and Evading IDS, Firewalls, and Honeypots
What is sniffing?
Types of sniffing
Hardware versus software sniffing
DHCP assaults
MAC attacks
ARP poisoning
DNS poisoning
Detecting sniffing methods
Evading IDS
Moving around firewalls
Honeypots
Summary
Questions
13
Chapter 11: Hacking Wireless Networks
Chapter 11: Hacking Wireless Networks
The wireless network and its types
The right encryption can help
A plethora of attack vectors
Methodology of wireless hacking
Hacking Bluetooth
The six layers of wire security
Countermeasures
Summary
Questions
14
Chapter 12: Hacking Mobile Platforms
Chapter 12: Hacking Mobile Platforms
Vulnerabilities in mobile environments
OWASP's Top 10 risks for mobile devices
Hacking Android
Hacking iOS
Mobile device management
Summary
Questions
15
Section 3: Cloud, Apps, and IoT Attacks
Section 3: Cloud, Apps, and IoT Attacks
16
Chapter 13: Hacking Web Servers and Web Apps
Chapter 13: Hacking Web Servers and Web Apps
Why web servers create security issues
Types of architecture
Threats to both servers and applications
The vulnerabilities of web APIs, web shells, and webhooks
Detecting web server hacking attempts
Summary
Questions
17
Chapter 14: Hacking IoT and OT
Chapter 14: Hacking IoT and OT
Understanding IoT
IoT hacking
Methods used for IoT
OT and methods used to hack it
Summary
Questions
18
Chapter 15: Cloud Computing
Chapter 15: Cloud Computing
Living on Cloud 9
Attacking the cloud
Tools and techniques of the attackers
Best practices for securing the cloud
Summary
Questions
19
Chapter 16: Using Cryptography
Chapter 16: Using Cryptography
Understanding cryptography
Standards and protocols
Countermeasures for cryptography
Summary
Questions
20
Chapter 17: CEH Exam Practice Questions
Chapter 17: CEH Exam Practice Questions
Exam questions
Answer key
21
Assessments
Assessments
Chapter 1 – Understanding Ethical Hacking
Chapter 2 – Introduction to Reconnaissance
Chapter 3 – Reconnaissance – a Deeper Dive
Chapter 4 – Scanning Networks
Chapter 5 – Enumeration
Chapter 6 – Vulnerability Analysis
Chapter 7 – System Hacking
Chapter 8 – Social Engineering
Chapter 9 – Malware and Other Digital Attacks
Chapter 10 – Sniffing and Evading IDS, Firewalls, and Honeypots
Chapter 11 – Hacking Wireless Networks
Chapter 12 – Hacking Mobile Platforms
Chapter 13 – Hacking Web Servers and Web Apps
Chapter 14 – Hacking IoT and OT
Chapter 15 – Cloud Computing
Chapter 16 – Using Cryptography
Why subscribe?
22
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

What this book covers

Chapter 1, Understanding Ethical Hacking, covers the elements of InfoSec, the cyber kill chain methodology, different hacking concepts, types, and phrases, as well as the concepts of ethical hacking.

Chapter 2, Introduction to Reconnaissance, is all about reconnaissance. Everything has a starting point, and the starting point for attackers when they target an organization is through the process of reconnaissance/footprinting.

Chapter 3, Reconnaissance – a Deeper Dive, delves into reconnaissance in more depth. Now that you've got a basic understanding of the information we're trying to gather during the reconnaissance stage, let's dive deeper by looking at OSINT and at publicly available data such as social media services, job sites, and even going back in time to view previous versions of a company's web page.

Chapter 4, Scanning Networks, tells us that scanning the network is the process of discovering this type of information. In some cases, we can remain undiscovered, while other techniques might alert a security team.

Chapter 5, Enumeration, explores how enumeration can expose things such as usernames and groups on systems, routing tables, system names, and network shares.

Chapter 6, Vulnerability Analysis, demonstrates how vulnerability analysis is key in providing security to any company's infrastructure from external as well as internal threats.

Chapter 7, System Hacking, focuses on the tools and techniques that can be used by attackers to hack the systems identified in our first four steps. This is the ultimate goal of attackers, and it will show you just how vulnerable you might be.

Chapter 8, Social Engineering, describes an easier method that attackers are discovering and actively using to avoid steps 2 to 5. Humans. We are the weakest link. There is no defense against social engineering; only constant vigilance and training of employees can help to circumvent these techniques.

Chapter 9, Malware and Other Digital Attacks, describes some of the most common attack vectors that hackers will exploit, including malware, viruses, ransomware, and denial-of-service (DoS).

Chapter 10, Sniffing and Evading IDS, Firewalls, and Honeypots, examines how sniffing can provide insights into the possibilities of different types of poisoning attacks taking place on a network. These types of attacks and information can help an attacker avoid honeypots and even get around firewalls and intrusion detection systems (IDSs).

Chapter 11, Hacking Wireless Networks, explains how wireless networks present a completely new attack vector that can be challenging to secure. Attackers will go after these networks as many times, lower encryption technologies are often used as well as the vulnerabilities associated with devices and software that are involved.

Chapter 12, Hacking Mobile Platforms, talks about how mobile devices are quickly replacing desktops and laptops as they allow users to not only do the same productivity tasks, but also store critical information such as contact lists, calendars, and credentials. This chapter will show the threats to mobile platforms that attract attackers to these targets.

Chapter 13, Hacking Web Servers and Web Apps, covers how the growth of the internet and web technologies, combined with rapidly increasing internet connectivity, has led to the emergence of a new business landscape. The interconnectivity of services, plugins, operating systems, APIs, and web shells creates an environment ripe for misconfigurations and missed patches.

Chapter 14, Hacking IoT and OT, explains why organizations using IoT or OT devices as part of their network need to protect both the devices and the information from attackers. All security professionals need to understand the landscape of cyber threats, industrial infrastructure, and business.

Chapter 15, Cloud Computing, examines how the push to cloud-based computing has been fast and advantageous for organizations; however, just like any technology, cloud environments also pose several threats and risks. Attackers are targeting vulnerabilities in the cloud software to gain unauthorized access to networks

Chapter 16, Using Cryptography, describes how cryptography and cryptographic (crypto) systems help in securing data from being compromised during online transmissions, but they are not unhackable. Careful deployment and maintaining a healthy environment will help keeps attackers out.

Chapter 17, CEH Exam Practice Questions, lets you see what you have learned!

Previous Section
Next Section