Description
Get the smartest, fastest, most effective preparation for the latest EC-Council Certified Ethical Hacker Exam (v11)
- Covers all the critical information you need to know to score higher on the updated CEH exam
- Addresses all exam objectives associated with ethical hacking and penetration testing
- Assumes no prior knowledge: readers without experience can obtain the real-world knowledge to succeed
- Designed to help you rapidly assess where you stand, and quickly master what you need to learn
- Includes test-taking strategies, time-saving tips, Exam Notes, and two full practice exams
Dr. Chuck Easttom is the author of 34 books, including several on computer security, forensics, and cryptography. He holds a doctor of science degree in cybersecurity, a Ph.D. in nanotechnology, a Ph.D. in computer science, and three master’s degrees (one in applied computer science, one in education, and one in systems engineering). He is also an inventor with 23 patents. He is a senior member of both the IEEE and the ACM. He is also a Distinguished Speaker of the ACM and a Distinguished Visitor of the IEEE. Dr. Easttom is currently an adjunct professor for Georgetown University and for University of Dallas.
Chuck Easttom assumes no prior knowledge: students with little or no experience in ethical hacking and penetration testing can obtain the knowledge they need to take and pass the exam. He thoroughly covers every CEH v11 topic, including:
- Reconnaissance and scanning
- Enumeration and vulnerability scanning
- System and session hacking
- Malware, sniffing, social engineering, and DOS attacks
- Evading security measures
- Hacking web servers, applications, wireless, mobile, IoT, and OT Cloud computing, cryptography, and more
Extensive preparation tools include topic overviews, exam alerts, CramSavers, CramQuizzes, chapter-ending review questions, author notes and tips, and an extensive glossary. The handy Cram Sheet tear-out brings together tips, acronyms, and memory joggers not available anywhere else—perfect for last-minute study.
Powerful Pearson Test Prep practice test software offers an extensive collection of exam-realistic practice questions, with many customization and reporting features: practice in study mode, practice exam mode, or flash card mode. The companion website also provides access to several digital assets including the Glossary and Cram Sheet.
Introduction. . . . . . . . . . . . . . . . . . . . . . . xx
CHAPTER 1:
Reconnaissance and Scanning.. . . . . . . . . . . . . . . . . 1
Reconnaissance Types.. . . . . . . . . . . . . . . . . . 1
Active Reconnaissance Techniques. . . . . . . . . . . . . . 22
What Next?.. . . . . . . . . . . . . . . . . . . . . 32
CHAPTER 2:
Enumeration and Vulnerability Scanning.. . . . . . . . . . . . . 33
Scanning.. . . . . . . . . . . . . . . . . . . . . . 33
Scanning Process.. . . . . . . . . . . . . . . . . . . 43
Network Packet Capture.. . . . . . . . . . . . . . . . . 52
Vulnerability Scanning. . . . . . . . . . . . . . . . . . 57
What Next?.. . . . . . . . . . . . . . . . . . . . . 63
CHAPTER 3:
System Hacking. . . . . . . . . . . . . . . . . . . . . . 65
CEH Methodology.. . . . . . . . . . . . . . . . . . . 65
Pass the Hash.. . . . . . . . . . . . . . . . . . . . . 73
Spyware. . . . . . . . . . . . . . . . . . . . . . . 79
What Next?.. . . . . . . . . . . . . . . . . . . . . 92
CHAPTER 4:
Malware.. . . . . . . . . . . . . . . . . . . . . . . . 93
Malware Types.. . . . . . . . . . . . . . . . . . . . 94
Viruses. . . . . . . . . . . . . . . . . . . . . . . 108
Protecting Against Malware.. . . . . . . . . . . . . . . . 115
What Next?.. . . . . . . . . . . . . . . . . . . . . 122
CHAPTER 5:
Packet Sniffing and Social Engineering.. . . . . . . . . . . . . 123
Social Engineering.. . . . . . . . . . . . . . . . . . . 123
Packet Sniffing.. . . . . . . . . . . . . . . . . . . . 138
What Next?.. . . . . . . . . . . . . . . . . . . . . 150
CHAPTER 6:
Denial of Service and Session Hijacking.. . . . . . . . . . . . . 151
Denial of Service. . . . . . . . . . . . . . . . . . . . 151
Session Hijacking.. . . . . . . . . . . . . . . . . . . 165
What Next?.. . . . . . . . . . . . . . . . . . . . . 172
CHAPTER 7:
Evading Security Measures. . . . . . . . . . . . . . . . . . 173
Intrusion Detection Systems. . . . . . . . . . . . . . . . 173
Firewalls and Honeypots.. . . . . . . . . . . . . . . . . 183
Virtual Private Networks.. . . . . . . . . . . . . . . . . 189
IDS Evasion Techniques.. . . . . . . . . . . . . . . . . 192
Firewall Evasion Techniques. . . . . . . . . . . . . . . . 198
What Next?.. . . . . . . . . . . . . . . . . . . . . 204
CHAPTER 8:
Hacking Web Servers and Web Applications.. . . . . . . . . . . 205
Web Servers.. . . . . . . . . . . . . . . . . . . . . 205
Web Applications.. . . . . . . . . . . . . . . . . . . 214
What Next?.. . . . . . . . . . . . . . . . . . . . . 232
CHAPTER 9:
Hacking Wireless.. . . . . . . . . . . . . . . . . . . . . 233
Wireless Technology.. . . . . . . . . . . . . . . . . . 233
Hacking Wireless.. . . . . . . . . . . . . . . . . . . 245
What Next?.. . . . . . . . . . . . . . . . . . . . . 258
CHAPTER 10:
Hacking Mobile.. . . . . . . . . . . . . . . . . . . . . . 259
Mobile Technologies.. . . . . . . . . . . . . . . . . . 259
Mobile Threats. . . . . . . . . . . . . . . . . . . . 274
What Next?.. . . . . . . . . . . . . . . . . . . . . 282
CHAPTER 11:
IOT and OT Hacking. . . . . . . . . . . . . . . . . . . . 283
IoT Fundamentals. . . . . . . . . . . . . . . . . . . 283
What Next?.. . . . . . . . . . . . . . . . . . . . . 308
CHAPTER 12:
Cloud Computing and Hacking.. . . . . . . . . . . . . . . . 309
Cloud Fundamentals.. . . . . . . . . . . . . . . . . . 309
What Next?.. . . . . . . . . . . . . . . . . . . . . 331
CHAPTER 13:
Cryptography. . . . . . . . . . . . . . . . . . . . . . . 333
Cryptography Concepts.. . . . . . . . . . . . . . . . . 333
PKI. . . . . . . . . . . . . . . . . . . . . . . . 349
Cryptographic Attacks.. . . . . . . . . . . . . . . . . . 357
What Next?.. . . . . . . . . . . . . . . . . . . . . 365
Glossary.. . . . . . . . . . . . . . . . . . . . . . . . 367
Index. . . . . . . . . . . . . . . . . . . . . . . . . . 391
12/7/2021, TOC, 978137513444
- Covers all the critical information students need to know to score higher on the updated CEH exam
- Addresses all exam objectives associated with ethical hacking and penetration testing
- Assumes no prior knowledge: those without experience can obtain the real-world knowledge to succeed
- Designed to help students rapidly assess where they stand, and quickly master what they need to learn
- Includes test-taking strategies, time-saving tips, Exam Notes, and two full practice exams
CEH Certified Ethical Hacker Exam Cram is the perfect study guide to help you pass the updated CEH exam. Dr. Chuck Easttom’s expert real-world approach reflects both his expertise as one of the world’s leading cybersecurity practitioners and instructors, as well as test-taking insights he has gained from teaching CEH preparation courses worldwide, including courses taught directly for EC-Council. Easttom assumes no prior knowledge: his expert coverage of every exam topic can help readers with little ethical hacking experience to obtain the knowledge they need to succeed.
Covers the critical information you’ll need to score higher on your CEH exam!
- Review the core principles and concepts of ethical hacking
- Perform key pre-attack tasks, including reconnaissance and footprinting
- Master enumeration, vulnerability scanning, and vulnerability analysis
- Learn system hacking methodologies, how to cover your tracks, and more
- Utilize modern malware threats, including ransomware and financial malware
- Exploit packet sniffing and social engineering
- Master denial of service and session hacking attacks, tools, and countermeasures
- Evade security measures, including IDS, firewalls, and honeypots
- Hack web servers and applications, and perform SQL injection attacks
- Compromise wireless and mobile systems, from wireless encryption to recent Android exploits
- Hack Internet of Things (IoT) and Operational Technology (OT) devices and systems
- Attack cloud computing systems, misconfigurations, and containers
- Use cryptanalysis tools and attack cryptographic systems
Fully updated throughout for the latest version of the exam.