Introduction Chapter 1 An Introduction to Ethical Hacking "Do I Know This Already?" Quiz Security Fundamentals Goals of Security Risk, Assets, Threats, and Vulnerabilities Backing Up Data to Reduce Risk Defining an Exploit Risk Assessment Security Testing No-Knowledge Tests (Black Box) Full-Knowledge Testing (White Box) Partial-Knowledge Testing (Gray Box) Types of Security Tests Hacker and Cracker Descriptions Who Attackers Are Ethical Hackers Required Skills of an Ethical Hacker Modes of Ethical Hacking Test Plans-Keeping It Legal Test Phases Establishing Goals Getting Approval Ethical Hacking Report Vulnerability Research-Keeping Up with Changes Ethics and Legality Overview of U.S. Federal Laws Compliance Regulations Payment Card Industry Data Security Standard (PCI-DSS) Summary Review All Key Topics Define Key Terms Exercises 1-1 Searching for Exposed Passwords 1-2 Examining Security Policies Review Questions Suggested Reading and Resources Chapter 2 The Technical Foundations of Hacking "Do I Know This Already?" Quiz The Hacking Process Performing Reconnaissance and Footprinting Scanning and Enumeration Gaining Access Escalation of Privilege Maintaining Access Covering Tracks and Planting Backdoors The Ethical Hacker''s Process NIST SP 800-15 Operationally Critical Threat, Asset, and Vulnerability Evaluation Open Source Security Testing Methodology Manual Information Security Systems and the Stack The OSI Model Anatomy of TCP/IP Protocols The Application Layer The Transport Layer Transmission Control Protocol User Datagram Protocol The Internet Layer Traceroute The Network Access Layer Summary Review All Key Topics Define Key Terms Exercises 2.1 Install a Sniffer and Perform Packet Captures 2.2 List the Protocols, Applications, and Services Found at Each Layer of the Stack 2.3 Using Traceroute for Network Troubleshooting Review Questions Suggested Reading and Resources Chapter 3 Footprinting and Scanning "Do I Know This Already?" Quiz Overview of the Seven-Step Information-Gathering Process Information Gathering Documentation The Organization''s Website Job Boards Employee and People Searches EDGAR Database Google Hacking Usenet Registrar Query DNS Enumeration Determining the Network Range Traceroute Identifying Active Machines Finding Open Ports and Access Points Nmap SuperScan THC-Amap Hping Port Knocking War Driving OS Fingerprinting Active Fingerprinting Tools Fingerprinting Services Default Ports and Services Finding Open Services Mapping the Network Attack Surface Manual Mapping Automated Mapping Summary Review All Key Topics Define Key Terms Exercises 3.1 Performing Passive Reconnaissance 3.2 Performing Active Reconnaissance Review Questions Suggested Reading and Resources Chapter 4 Enumeration and System Hacking "Do I Know This Already?" Quiz Enumeration Windows Enumeration Windows Security NetBIOS and LDAP Enumeration NetBIOS Enumeration Tools SNMP Enumeration Linux/UNIX Enumeration NTP Enumeration SMTP Enumeration IPsec and VoIP Enumeration DNS Enumeration System Hacking Nontechnical Password Attacks Technical Password Attacks Password Guessing Automated Password Guessing Password Sniffing Keylogging Privilege Escalation and Exploiting Vulnerabilities Exploiting an Application Exploiting a Buffer Overflow Owning the Box Windows Authentication Types Cracking Windows Passwords Linux Authentication and Passwords Cracking Linux Passwords Hiding Files and Covering Tracks Rootkits File Hiding Summary Review All Key Topics Define Key Terms Exercise 4.

1 NTFS File Streaming Review Questions Suggested Reading and Resources Chapter 5 Social Engineering, Malware Threats, and Vulnerability Analysis "Do I Know This Already?" Quiz Social Engineering Phishing Pharming Malvertising Spear Phishing SMS Phishing Voice Phishing Whaling Elicitation, Interrogation, and Impersonation (Pretexting) Social Engineering Motivation Techniques Shoulder Surfing and USB Key Drop Malware Threats Viruses and Worms Types and Transmission Methods of Viruses and Malware Virus Payloads History of Viruses Well-Known Viruses and Worms Virus Creation Tools Trojans Trojan Types Trojan Ports and Communication Methods Trojan Goals Trojan Infection Mechanisms Effects of Trojans Trojan Tools Distributing Trojans Wrappers Packers Droppers Crypters Ransomware Covert Communication Tunneling via the Internet Layer Tunneling via the Transport Layer Tunneling via the Application Layer Port Redirection Keystroke Logging and Spyware Hardware Keyloggers Software Keyloggers Spyware Malware Countermeasures Detecting Malware Antivirus Analyzing Malware Static Analysis Dynamic Analysis Vulnerability Analysis Passive vs. Active Assessments External vs. Internal Assessments Vulnerability Assessment Solutions Tree-based vs. Inference-based Assessments Vulnerability Scoring Systems Vulnerability Scanning Tools Summary Review All Key Topics Define Key Terms Command Reference to Check Your Memory Exercises 5.1 Finding Malicious Programs 5.2 Using Process Explorer Review Questions Suggested Reading and Resources Chapter 6 Sniffers, Session Hijacking, and Denial of Service "Do I Know This Already?" Quiz Sniffers Passive Sniffing Active Sniffing Address Resolution Protocol ARP Poisoning and MAC Flooding Tools for Sniffing Wireshark Other Sniffing Tools Sniffing and Spoofing Countermeasures Session Hijacking Transport Layer Hijacking Identify and Find an Active Session Predict the Sequence Number Take One of the Parties Offline Take Control of the Session Application Layer Hijacking Session Sniffing Predictable Session Token ID Man-in-the-Middle Attacks Client-Side Attacks Man-in-the-Browser Attacks Session Replay Attacks Session Fixation Attacks Session Hijacking Tools Preventing Session Hijacking Denial of Service and Distributed Denial of Service DoS Attack Techniques Volumetric Attacks SYN Flood Attacks ICMP Attacks Peer-to-Peer Attacks Application-Level Attacks Permanent DoS Attacks Distributed Denial of Service DDoS Tools DoS and DDOS Countermeasures Summary Review All Key Topics Define Key Terms Exercises 6.1 Scanning for DDoS Programs 6.2 Using SMAC to Spoof Your MAC Address 6.

3 Using the KnowBe4 SMAC to Spoof Your MAC Address Review Questions Suggested Reading and Resources Chapter 7 Web Server Hacking, Web Applications, and Database Attacks "Do I Know This Already?" Quiz Web Server Hacking The HTTP Protocol Scanning Web Servers Banner Grabbing and Enumeration Web Server Vulnerability Identification Attacking the Web Server DoS/DDoS Attacks DNS Server Hijacking and DNS Amplification Attacks Directory Traversal Man-in-the-Middle Attacks Website Defacement Web Server Misconfiguration HTTP Response Splitting Understanding Cookie Manipulation Attacks Web Server Password Cracking Web Server--Specific Vulnerabilities Comments in Source Code Lack of Error Handling and Overly Verbose Error Handling Hard-Coded Credentials Race Conditions Unprotected APIs Hidden Elements Lack of Code Signing Automated Exploit Tools Securing Web Servers Harden Before Deploying Patch Management Disable Unneeded Services Lock Down the File System Log and Audit Provide Ongoing Vulnerability Scans Web Application Hacking Unvalidated Input Parameter/Form Tampering Injection Flaws Understanding Cross-site Scripting (XSS) Vulnerabilities Reflected XSS Stored XSS DOM-based XSS XSS Evasion Techniques XSS Mitigations Understanding Cross-site Request Forgery Vulnerabilities and Related Attacks Understanding Clickjacking Other Web Application Attacks Exploiting Web-Based Cryptographic Vulnerabilities and Insecure Configurations Web-Based Password Cracking and Authentication Attacks Understanding What Cookies Are and Their Use URL Obfuscation Intercepting Web Traffic Securing Web Applications Lack of Code Signing Database Hacking A Brief Introduction to SQL.