Certified Ethical Hacker (CEH) Version 10 Cert Guide, Third Edition Michael Gregg Omar Santos Certified Ethical Hacker (CEH) Version 10 Cert Guide Third Edition Copyright © 2020 by Pearson Education, Inc. All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. ISBN-13: 978-0-7897-6052-4 ISBN-10: 0-7897-6052-5 Library of Congress Cataloging-in-Publication Data: 07 19 Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The authors and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book. Special Sales For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at [email protected] or (800) 382-3419. For government sales inquiries, please contact [email protected]. For questions about sales outside the U.S., please contact [email protected]. Publisher Mark L. Taub Product Line Manager Brett Bartow Acquisitions Editor Paul Carlstroem Development Editor Rick Kughen Managing Editor Sandra Schroeder Senior Project Editor Tonya Simpson Copy Editor MediaMix Productions, LLC Indexer Proofreader Technical Editors Michael Angelo Ron Taylor Publishing Coordinator Cindy Teeters Cover Designer Chuti Prasertsith Compositor Contents at a Glance About the Authors Dedication Acknowledgments We Want to Hear from You! Reader Services Introduction 1 An Introduction to Ethical Hacking 2 The Technical Foundations of Hacking 3 Footprinting and Scanning 4 Enumeration and System Hacking 5 Social Engineering, Malware Threats, and Vulnerability Analysis 6 Sniffers, Session Hijacking, and Denial of Service 7 Web Server Hacking, Web Applications, and Database Attacks 8 Wireless Technologies, Mobile Security, and Attacks 9 IDS, Firewalls, and Honeypots 10 Cryptographic Attacks and Defenses 11 Cloud Computing, IoT, and Botnets 12 Final Preparation Glossary A Answers to the “Do I Know This Already?” Quizzes and Review Questions Table of Contents About the Authors Dedication Acknowledgments We Want to Hear from You! Reader Services Introduction How to Use This Book Companion Website Pearson Test Prep Practice Test Software Goals and Methods Who Should Read This Book? Strategies for Exam Preparation How This Book Is Organized Chapter 1. An Introduction to Ethical Hacking “Do I Know This Already?” Quiz Foundation Topics Security Fundamentals Security Testing Hacker and Cracker Descriptions Ethical Hackers Test Plans—Keeping It Legal Ethics and Legality Summary Exam Preparation Tasks Review All Key Topics Define Key Terms Exercises Review Questions Suggested Reading and Resources Chapter 2. The Technical Foundations of Hacking “Do I Know This Already?” Quiz Foundation Topics The Hacking Process The Ethical Hacker’s Process Information Security Systems and the Stack Summary Exam Preparation Tasks Review All Key Topics Define Key Terms Exercises Review Questions Suggested Reading and Resources Chapter 3. Footprinting and Scanning “Do I Know This Already?” Quiz Foundation Topics Overview of the Seven-Step Information-Gathering Process Information Gathering Determining the Network Range Identifying Active Machines Finding Open Ports and Access Points OS Fingerprinting Fingerprinting Services Mapping the Network Attack Surface Summary Exam Preparation Tasks Review All Key Topics Define Key Terms Exercises Review Questions Suggested Reading and Resources Chapter 4. Enumeration and System Hacking “Do I Know This Already?” Quiz Foundation Topics Enumeration System Hacking Summary Exam Preparation Tasks Review All Key Topics Define Key Terms Exercise Review Questions Suggested Reading and Resources Chapter 5. Social Engineering, Malware Threats, and Vulnerability Analysis “Do I Know This Already?” Quiz Foundation Topics Social Engineering Malware Threats Vulnerability Analysis Summary