Certified Ethical Hacker (CEH) v12 312-50 Exam Guide

Certified Ethical Hacker (CEH) v12 312-50 Exam Guide

by Dale Meredith
Released July 2022
Publisher(s): Packt Publishing
ISBN: 9781801813099

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Develop foundational skills in ethical hacking and penetration testing while getting ready to pass the certification exam

Key Features

  • Learn how to look at technology from the standpoint of an attacker
  • Understand the methods that attackers use to infiltrate networks
  • Prepare to take and pass the exam in one attempt with the help of hands-on examples and mock tests

Book Description

With cyber threats continually evolving, understanding the trends and using the tools deployed by attackers to determine vulnerabilities in your system can help secure your applications, networks, and devices. To outmatch attacks, developing an attacker's mindset is a necessary skill, which you can hone with the help of this cybersecurity book.

This study guide takes a step-by-step approach to helping you cover all the exam objectives using plenty of examples and hands-on activities. You'll start by gaining insights into the different elements of InfoSec and a thorough understanding of ethical hacking terms and concepts. You'll then learn about various vectors, including network-based vectors, software-based vectors, mobile devices, wireless networks, and IoT devices. The book also explores attacks on emerging technologies such as the cloud, IoT, web apps, and servers and examines prominent tools and techniques used by hackers. Finally, you'll be ready to take mock tests, which will help you test your understanding of all the topics covered in the book.

By the end of this book, you'll have obtained the information necessary to take the 312-50 exam and become a CEH v11 certified ethical hacker.

What you will learn

  • Get to grips with information security and ethical hacking
  • Undertake footprinting and reconnaissance to gain primary information about a potential target
  • Perform vulnerability analysis as a means of gaining visibility of known security weaknesses
  • Become familiar with the tools and techniques used by an attacker to hack into a target system
  • Discover how network sniffing works and ways to keep your information secure
  • Explore the social engineering techniques attackers use to compromise systems

Who this book is for

This ethical hacking book is for security professionals, site admins, developers, auditors, security officers, analysts, security consultants, and network engineers. Basic networking knowledge (Network+) and at least two years of experience working within the InfoSec domain are expected.

Table of contents

  1. Certified Ethical Hacker (CEH) v12 312-50 Exam Guide
  2. Foreword
  3. Contributors
  4. About the author
  5. About the reviewers
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the color images
    5. Conventions used
    6. Get in touch
    7. Share Your Thoughts
  7. Section 1: Where Every Hacker Starts
  8. Chapter 1: Understanding Ethical Hacking
    1. The benefits of the CEH certification
      1. Is the CEH certification right for you?
      2. The requirements and the skills you need to become a CEH
    2. Ethical hacking
    3. What is information security?
      1. An overview of information security
      2. The CIA triad
      3. Types of cyberattacks
      4. The technology triangle
      5. Types of hackers
      6. Hacking phases
      7. The purpose/goal of cyberattacks
      8. The Cyber Kill Chain – understanding attackers and their methods
      9. Tactics, techniques, and procedures
      10. Adversary behavior identification
      11. Indicators of compromise
    4. Information security controls
      1. Enter ethical hacking
      2. The importance of ethical hacking
      3. Understanding defense-in-depth strategies
    5. Information security laws and standards
      1. Payment Card Industry Data Security Standard
      2. ISO, IEC 2701 2013
      3. Health Insurance Portability and Accountability Act
      4. Privacy rules
      5. Security rule
      6. National identifier
      7. Enforcement rule
      8. The Sarbanes-Oxley (SOX) Act
      9. The Digital Millennium Copyright Act
      10. Federal Information Security Management Act
      11. General Data Protection Regulation
      12. The Data Protection Act 2018
    6. Summary
    7. Questions
  9. Chapter 2: Introduction to Reconnaissance
    1. Overview of reconnaissance
      1. Types of reconnaissance
      2. Goals of recon
      3. Overview of the tools of recon
    2. Search engines
      1. Let's start with the basics
    3. Google hacking
      1. Google operators
      2. Using Google operators
      3. Google Hacking Database
      4. Other Google hacking tools
    4. Using WHOIS
    5. Using ping and DNS
    6. Summary
    7. Questions
  10. Chapter 3: Reconnaissance – A Deeper Dive
    1. Investigating the target's website
      1. Advanced DNS tricks
      2. Netcraft
    2. The Wayback Machine
    3. What organizations give away for free
      1. Job sites
      2. Marketing and customer support
      3. Financial and competitive analysis data
    4. Employees – the weakest link
      1. Facebook
      2. LinkedIn
      3. Researching people
      4. Social engineering
      5. You've got mail = I've got you!
    5. Reconnaissance countermeasures
      1. Countermeasures
    6. Summary
    7. Questions
  11. Chapter 4: Scanning Networks
    1. Grasping scanning
      1. Types of scanning
      2. What's the goal?
      3. What techniques are used?
      4. Tools used for scanning
    2. Understanding the three-way handshake
      1. TCP and UDP communications
    3. Checking for live systems and their ports
      1. ICMP sweep/ping sweep
      2. Port scanning
      3. What's firewalking?
      4. Mobile apps that help
    4. Scanning by thinking outside the box
      1. Full scans
      2. Half-open scan
      3. Xmas scans
      4. FIN scans
      5. NULL scans
      6. UDP scans
      7. Idle scans
      8. Listing scanning
      9. SSDP scanning
      10. Countermeasures
      11. More IDS evasion methods
    5. Banner grabbing and OS fingerprinting
      1. OS fingerprinting
      2. Countermeasures
    6. Vulnerability scanning and drawing out the network
      1. What is vulnerability scanning?
      2. Types of scanners
      3. How does vulnerability scanning work?
      4. Vulnerability scanning tools
      5. After scanning
      6. Why draw out the network?
    7. Preparing proxies and other anonymizing techniques
      1. What is a proxy?
      2. How to use a proxy
      3. Proxy o'plenty
      4. HTTP tunneling
      5. Anonymizers
    8. Summary
    9. Questions
  12. Chapter 5: Enumeration
    1. What is enumeration?
      1. Some of my favorite enumeration weak points
    2. Ports and services to know about
    3. Enumerating via defaults
    4. NetBIOS enumeration
    5. Enumerating using SNMP
    6. Enumerating via LDAP
      1. Understanding LDAP
      2. Classes
      3. What can we learn from LDAP?
    7. Network Time Protocol
    8. Enumerating using SMTP
    9. The golden ticket – DNS
      1. Reverse lookups
      2. Zone transfers
      3. DNS records
      4. Sum it up
    10. Oh wait, there's more!
      1. IPsec
      2. VoIP enumeration
      3. Enumerating with Remote Procedure Call (RPC)
    11. The countermeasures
      1. Defaults and NetBIOS
      2. SNMP
      3. LDAP
      4. Network Time Protocol (NTP)
      5. Simple Mail Transfer Protocol (SMTP)
      6. DNS
    12. Summary
    13. Questions
  13. Chapter 6: Vulnerability Analysis
    1. Vulnerability analysis – where to start
    2. Vulnerability classifications
      1. The benefits of a vulnerability management program (VMP)
      2. Vulnerability assessments
      3. Types of vulnerability assessments
    3. The vulnerability life cycle
      1. Types of vulnerability assessment solutions
      2. Corporate policies and regulations
      3. The scope of scanning
      4. Scanning frequency
      5. Types of scans
      6. Scanner maintenance
      7. Classifying data
      8. Document management
    4. Ongoing scanning and monitoring
      1. Understanding which scanner you should use
      2. The difference between open source and commercial scanners
      3. On-premises versus the cloud
      4. Security Content Automation Protocol (SCAP)
      5. Exploit scanners
      6. Common Vulnerability Scoring System (CVSS)
      7. Trends
    5. Summary
    6. Questions
  14. Chapter 7: System Hacking
    1. Understanding our objectives
      1. The five phases
    2. Phase 1 – Gaining access and cracking passwords
      1. What's cracking?
      2. Complexity
      3. Password architecture
      4. Methods for cracking/password hacking
      5. Types of attacks
      6. Authentication methods designed to help
      7. Other cracking methods
    3. Phase 2 – Escalating privileges
      1. We've made it in. What now?
      2. Countermeasures
      3. Types of escalations
      4. Other Windows issues
      5. Scheduled tasks
      6. Apple issues
      7. Linux issues
      8. Web shells
      9. Buffer overflows
      10. Denial of service
    4. Phase 3 – Maintaining access and executing applications
      1. Spyware and backdoors
      2. Types of spyware
      3. More about backdoors
    5. Phase 4 – Maintaining access and hiding your tools
      1. Rootkits
      2. Horse Pill
      3. Alternate Data Streams
      4. Detecting rootkits
      5. Steganography
    6. Phase 5 – Covering your tracks – Clearing logs and evidence
      1. Basic method – Five things to do
      2. Advanced methods
    7. Summary
    8. Questions
  15. Chapter 8: Social Engineering
    1. Understanding social engineering
      1. Social engineering's most common victims
      2. The effects of a social engineering attack on a company
    2. Attack-vulnerable behaviors
      1. Factors that predispose businesses to attacks
    3. What makes social engineering work?
    4. Social engineering's attack phases
    5. Social engineering methods
      1. People-based social engineering
      2. Computer-based social engineering
      3. Mobile-based social engineering
    6. Threats from within
      1. Reasons for insider attacks
      2. Different kinds of insider threats
      3. Why are insider attacks so successful?
      4. Insider threat behavioral signs
      5. Impersonation on social networking sites
    7. Threats to corporate networks from social media
    8. Identity theft
      1. Different kinds of identity theft
      2. Identity theft warning signs
    9. Countermeasures
      1. Countermeasures against social engineering
      2. Policies for passwords
      3. Policies concerning physical security
      4. Planning for defense
      5. Discovering insider threats
      6. Countermeasures against insider threats
      7. Countermeasures against identity theft
      8. Countermeasures against phishing
    10. Summary
    11. Questions
    12. Further reading
  16. Section 2: A Plethora of Attack Vectors
  17. Chapter 9: Malware and Other Digital Attacks
    1. So, what is malware?
      1. What's the purpose of malware?
      2. Types of malware
      3. The life cycle of malware
      4. Phase 1 – Infection phase
      5. Phase 2 – Attack phase
      6. Phase 3 – Camouflage
      7. How is malware injected into a target system?
      8. Advanced persistent threats
    2. What is a Trojan?
      1. Types of Trojans
      2. Common Trojans
      3. So, what's the difference?
      4. Trojan creators' goals
      5. How Trojans communicate and hide
      6. Symptoms of Trojan infection
      7. How to infect a target with a Trojan
      8. How do Trojans get into our systems?
      9. How Trojans avoid being picked up by antivirus
    3. Viruses and worms
      1. Types of viruses and worms
      2. Why a virus and signs you've got one
      3. Signs of infection
      4. Deployment of viruses
      5. Investigation of malware
      6. Tools in our utility belt
    4. DoS threats
      1. Distributed DoS (DDoS) attack
      2. Botnets
      3. Mitigation strategies
    5. Session-hijacking threats
      1. Preventing session hijacking
    6. Master list of countermeasures
      1. Antivirus
      2. Creating a security policy
      3. Watching the download
      4. Updating your software
      5. Updating applications
      6. Attachment issues
      7. Legitimate source
      8. Keeping informed
      9. Antivirus
      10. Checking your media
      11. Watching your popups
      12. Chat files
      13. Firewall and UAC
    7. Summary
    8. Questions
  18. Chapter 10: Sniffing and Evading IDS, Firewalls, and Honeypots
    1. What is sniffing?
      1. Sniffing dangers
    2. Types of sniffing
      1. Spoofing attacks
      2. DHCP starvation attack
      3. DHCP server attack
      4. MAC flooding attack
      5. DNS poisoning
      6. ARP poisoning
      7. Password sniffing
      8. Switch-port stealing technique
    3. Hardware versus software sniffing
      1. Sniffing mobile apps
    4. DHCP assaults
      1. DHCP starvation attacks
      2. Going rogue
      3. Countermeasures
    5. MAC attacks
      1. CAM
      2. Flooding
      3. Countermeasures
    6. ARP poisoning
      1. ARP spoofing
      2. How to poison the network via ARP
      3. IRDP attacks
      4. Dangers of ARP attacks
      5. Countermeasures
    7. DNS poisoning
      1. Intranet poisoning
      2. Internet poisoning
      3. Proxy server poisoning
      4. Poisoning the cache
    8. Detecting sniffing methods
      1. Various techniques to detect sniffing attacks
      2. Sniffing attacks countermeasures
    9. Evading IDS
      1. So, how do hackers evade IDSs?
    10. Moving around firewalls
      1. Bastion host
      2. Screened subnet (or demilitarized zone (DMZ))
      3. Multi-homed firewall
      4. Software firewalls
      5. Hardware firewalls
      6. Application proxy
      7. A few techniques to evade firewalls
    11. Honeypots
      1. Detecting a honeypot
      2. Honeypot tools
    12. Summary
    13. Questions
  19. Chapter 11: Hacking Wireless Networks
    1. The wireless network and its types
      1. Frequency hopping spread spectrum
      2. Direct sequence spread spectrum
      3. Basic service set identifier
      4. SSID
      5. Global System for Mobile Communications
      6. Hotspot
      7. Association
      8. MIMO-OFDM
      9. The disadvantages of Wi-Fi
      10. The advantages of Wi-Fi
      11. Types of Wi-Fi networks
      12. Different Wi-Fi technologies
      13. Wi-Fi authentication modes
      14. Chalking – ways to identify Wi-Fi networks
      15. Antenna types
    2. The right encryption can help
      1. WEP encryption
      2. Wi-Fi Protected Access
      3. WPA2
      4. WPA3
      5. Weak initialization vectors
      6. Security measures
    3. A plethora of attack vectors
      1. Access control attacks
      2. Integrity attacks
      3. Confidentiality attacks
      4. Availability attacks
      5. Authentication attacks
      6. Attacks on the APs
      7. Attacks on clients
    4. Methodology of wireless hacking
      1. Step 1: Wi-Fi discovery
      2. Step 2: Wireless traffic analysis
      3. Step 3: In-depth reconnaissance
      4. Step 4: Launching the attack
      5. Step 5: Cracking the encryption
    5. Hacking Bluetooth
      1. More about Bluetooth
      2. Countermeasures for Bluetooth
    6. The six layers of wire security
    7. Countermeasures
      1. Disable SSID broadcasting
      2. Disable remote login and wireless administration to the device
      3. Enable MAC filtering
      4. Update drivers on Wi-Fi devices
      5. Create a centralized authentication server
      6. Secure Wi-Fi devices
      7. Best practices for the SSID settings
    8. Summary
    9. Questions
  20. Chapter 12: Hacking Mobile Platforms
    1. Vulnerabilities in mobile environments
    2. OWASP's Top 10 risks for mobile devices
    3. Hacking Android
      1. Android security
      2. Hacking techniques
      3. Locking down Android devices
    4. Hacking iOS
      1. The Apple architecture
      2. Jailbreaking
    5. Mobile device management
      1. Guidelines and cool tools
    6. Summary
    7. Questions
  21. Section 3: Cloud, Apps, and IoT Attacks
  22. Chapter 13: Hacking Web Servers and Web Apps
    1. Why web servers create security issues
      1. Components of a web server
    2. Types of architecture
      1. Why are web servers compromised?
      2. Adding web apps
    3. Threats to both servers and applications
      1. Web server attacks
      2. Authorization attacks
      3. Web application attacks
    4. The vulnerabilities of web APIs, web shells, and webhooks
      1. Web APIs
      2. Web shells
      3. Webhooks
    5. Detecting web server hacking attempts
      1. Web application security testing
    6. Summary
    7. Questions
  23. Chapter 14: Hacking IoT and OT
    1. Understanding IoT
      1. How does it all work?
      2. The architecture of IoT
      3. Protocols and technologies
      4. Operating systems for IoT
      5. The challenges that IoT presents
      6. Physical issues
    2. IoT hacking
      1. Types of IoT attacks
    3. Methods used for IoT
      1. Reconnaissance
      2. Vulnerability scanning
      3. Launching attacks
      4. Gaining and maintaining remote access
      5. Countermeasures to protect IoT devices
    4. OT and methods used to hack it
      1. Hacking OT – a threat to critical infrastructure
      2. Introduction to industrial control systems (ICSs)
    5. Summary
    6. Questions
  24. Chapter 15: Cloud Computing
    1. Living on Cloud 9
      1. Cloud computing models
      2. Separation of responsibilities in cloud computing
      3. Deployment models
      4. Container technology
      5. Cloud storage architecture
      6. Cloud storage services
      7. NIST cloud deployment reference architecture
    2. Attacking the cloud
      1. Cloud security
      2. Container vulnerabilities
    3. Tools and techniques of the attackers
      1. The tools
    4. Best practices for securing the cloud
    5. Summary
    6. Questions
  25. Chapter 16: Using Cryptography
    1. Understanding cryptography
      1. Why use cryptology?
      2. Types of cryptography
      3. Learning about ciphers
      4. Using other algorithms
    2. Standards and protocols
      1. DSA
      2. RSA
      3. Hashes
      4. Message digest
      5. Ciphers designed for messages
      6. PKI made simple
      7. SSL and TLS
    3. Countermeasures for cryptography
    4. Summary
    5. Questions
  26. Chapter 17: CEH Exam Practice Questions
    1. Exam questions
    2. Answer key
  27. Assessments
    1. Chapter 1 – Understanding Ethical Hacking
    2. Chapter 2 – Introduction to Reconnaissance
    3. Chapter 3 – Reconnaissance – a Deeper Dive
    4. Chapter 4 – Scanning Networks
    5. Chapter 5 – Enumeration
    6. Chapter 6 – Vulnerability Analysis
    7. Chapter 7 – System Hacking
    8. Chapter 8 – Social Engineering
    9. Chapter 9 – Malware and Other Digital Attacks
    10. Chapter 10 – Sniffing and Evading IDS, Firewalls, and Honeypots
    11. Chapter 11 – Hacking Wireless Networks
    12. Chapter 12 – Hacking Mobile Platforms
    13. Chapter 13 – Hacking Web Servers and Web Apps
    14. Chapter 14 – Hacking IoT and OT
    15. Chapter 15 – Cloud Computing
    16. Chapter 16 – Using Cryptography
    17. Why subscribe?
  28. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts

Product information

  • Title: Certified Ethical Hacker (CEH) v12 312-50 Exam Guide
  • Author(s): Dale Meredith
  • Release date: July 2022
  • Publisher(s): Packt Publishing
  • ISBN: 9781801813099