Introduction xvii
Assessment Test xxv
Chapter 1 Ethical Hacking 1
Overview of Ethics 2
Overview of Ethical Hacking 5
Attack Modeling 6
Cyber Kill Chain 7
Attack Lifecycle 8
MITRE ATT&CK Framework 10
Methodology of Ethical Hacking 12
Reconnaissance and Footprinting 12
Scanning and Enumeration 12
Gaining Access 13
Maintaining Access 14
Covering Tracks 14
Summary 15
Chapter 2 Networking Foundations 17
Communications Models 19
Open Systems Interconnection 20
TCP/IP Architecture 23
Topologies 24
Bus Network 24
Star Network 25
Ring Network 26
Mesh Network 27
Hybrid 28
Physical Networking 29
Addressing 29
Switching 30
IP 31
Headers 32
Addressing 34
Subnets 35
TCP 37
UDP 40
Internet Control Message Protocol 41
Network Architectures 42
Network Types 43
Isolation 44
Remote Access 45
Cloud Computing 46
Storage as a Service 47
Infrastructure as a Service 48
Platform as a Service 49
Software as a Service 51
Internet of Things 53
Summary 54
Review Questions 56
Chapter 3 Security Foundations 59
The Triad 61
Confidentiality 61
Integrity 63
Availability 64
Parkerian Hexad 65
Information Assurance and Risk 66
Policies, Standards, and Procedures 69
Security Policies 69
Security Standards 70
Procedures 71
Guidelines 72
Organizing Your Protections 72
Security Technology 75
Firewalls 76
Intrusion Detection Systems 80
Intrusion Prevention Systems 83
Endpoint Detection and Response 84
Security Information and Event Management 86
Being Prepared 87
Defense in Depth 87
Defense in Breadth 89
Defensible Network Architecture 90
Logging 91
Auditing 93
Summary 95
Review Questions 96
Chapter 4 Footprinting and Reconnaissance 101
Open Source Intelligence 103
Companies 103
People 112
Social Networking 115
Domain Name System 129
Name Lookups 130
Zone Transfers 136
Passive DNS 138
Passive Reconnaissance 142
Website Intelligence 145
Technology Intelligence 150
Google Hacking 150
Internet of Things (IoT) 152
Summary 154
Review Questions 157
Chapter 5 Scanning Networks 161
Ping Sweeps 163
Using fping 163
Using MegaPing 165
Port Scanning 167
nmap 168
masscan 184
MegaPing 186
Metasploit 188
Vulnerability Scanning 190
OpenVAS 192
Nessus 203
Looking for Vulnerabilities with Metasploit 209
Packet Crafting and Manipulation 210
hping 211
packETH 214
fragroute 217
Evasion Techniques 218
Evasion with nmap 221
Protecting and Detecting 223
Summary 224
Review Questions 226
Chapter 6 Enumeration 231
Service Enumeration 233
Countermeasures 236
Remote Procedure Calls 236
SunRPC 237
Remote Method Invocation 239
Server Message Block 242
Built- in Utilities 243
nmap Scripts 247
NetBIOS Enumerator 249
Metasploit 250
Other Utilities 254
Countermeasures 257
Simple Network Management Protocol 258
Countermeasures 259
Simple Mail Transfer Protocol 260
Countermeasures 263
Web- Based Enumeration 264
Countermeasures 271
Summary 272
Review Questions 274
Chapter 7 System Hacking 279
Searching for Exploits 281
System Compromise 285
Metasploit Modules 286
Exploit- DB 290
Gathering Passwords 292
Password Cracking 295
John the Ripper 296
Rainbow Tables 298
Kerberoasting 300
Client- Side Vulnerabilities 305
Living Off the Land 307
Fuzzing 308
Post Exploitation 313
Evasion 313
Privilege Escalation 314
Pivoting 319
Persistence 322
Covering Tracks 326
Summary 332
Review Questions 334
Chapter 8 Malware 339
Malware Types 341
Virus 341
Worm 342
Trojan 344
Botnet 344
Ransomware 345
Dropper 347
Fileless Malware 348
Polymorphic Malware 348
Malware Analysis 349
Static Analysis 350
Dynamic Analysis 361
Automated Malware Analysis 370
Creating Malware 371
Writing Your Own 372
Using Metasploit 375
Obfuscating 381
Malware Infrastructure 382
Antivirus Solutions 384
Persistence 385
Summary 386
Review Questions 388
Chapter 9 Sniffing 393
Packet Capture 394
tcpdump 395
tshark 401
Wireshark 403
Berkeley Packet Filter 408
Port Mirroring/Spanning 410
Detecting Sniffers 410
Packet Analysis 412
Spoofing Attacks 417
ARP Spoofing 418
DNS Spoofing 422
DHCP Starvation Attack 424
sslstrip 425
Spoofing Detection 426
Summary 428
Review Questions 430
Chapter 10 Social Engineering 435
Social Engineering 436
Pretexting 438
Social Engineering Vectors 440
Identity Theft 441
Physical Social Engineering 442
Badge Access 442
Man Traps 444
Biometrics 445
Phone Calls 446
Baiting 447
Tailgating 448
Phishing Attacks 448
Contact Spamming 452
Quid Pro Quo 452
Social Engineering for Social Networking 453
Website Attacks 454
Cloning 454
Rogue Attacks 457
Wireless Social Engineering 458
Automating Social Engineering 461
Summary 464
Review Questions 466
Chapter 11 Wireless Security 471
Wi- Fi 472
Wi- Fi Network Types 474
Wi- Fi Authentication 477
Wi- Fi Encryption 478
Bring Your Own Device 483
Wi- Fi Attacks 484
Bluetooth 495
Scanning 496
Bluejacking 498
Bluesnarfing 498
Bluebugging 498
Bluedump 499
Bluesmack 499
Mobile Devices 499
Mobile Device Attacks 500
Summary 504
Review Questions 506
Chapter 12 Attack and Defense 511
Web Application Attacks 512
OWASP Top 10 Vulnerabilities 514
Web Application Protections 524
Denial- of- Service Attacks 526
Bandwidth Attacks 527
Slow Attacks 529
Legacy 531
Application Exploitation 531
Buffer Overflow 532
Heap Spraying 534
Application Protections and Evasions 535
Lateral Movement 536
Defense in Depth/Defense in Breadth 538
Defensible Network Architecture 540
Summary 542
Review Questions 544
Chapter 13 Cryptography 549
Basic Encryption 551
Substitution Ciphers 551
Diffie-Hellman 553
Symmetric Key Cryptography 555
Data Encryption Standard 555
Advanced Encryption Standard 556
Asymmetric Key Cryptography 558
Hybrid Cryptosystem 559
Nonrepudiation 559
Elliptic Curve Cryptography 560
Certificate Authorities and Key Management 562
Certificate Authority 562
Trusted Third Party 565
Self- Signed Certificates 566
Cryptographic Hashing 569
PGP and S/MIME 571
Disk and File Encryption 572
Summary 576
Review Questions 578
Chapter 14 Security Architecture and Design 581
Data Classification 582
Security Models 584
State Machine 584
Biba 585
Bell-LaPadula 586
Clark-Wilson Integrity Model 586
Application Architecture 587
n- tier Application Design 588
Service- Oriented Architecture 591
Cloud- Based Applications 593
Database Considerations 595
Security Architecture 598
Zero- Trust Model 602
Summary 604
Review Questions 606
Chapter 15 Cloud Computing and the Internet of Things 611
Cloud Computing Overview 612
Cloud Services 616
Shared Responsibility Model 621
Public vs. Private Cloud 623
Grid Computing 624
Cloud Architectures and Deployment 625
Responsive Design 629
Cloud- Native Design 629
Deployment 631
Dealing with REST 633
Common Cloud Threats 639
Access Management 639
Data Breach 641
Web Application Compromise 642
Credential Compromise 643
Insider Threat 645
Internet of Things 646
Fog Computing 651
Operational Technology 652
The Purdue Model 654
Summary 655
Review Questions 657
Appendix Answers to Review Questions 661
Chapter 2: Networking Foundations 662
Chapter 3: Security Foundations 663
Chapter 4: Footprinting and Reconnaissance 666
Chapter 5: Scanning Networks 669
Chapter 6: Enumeration 672
Chapter 7: System Hacking 675
Chapter 8: Malware 678
Chapter 9: Sniffing 681
Chapter 10: Social Engineering 683
Chapter 11: Wireless Security 686
Chapter 12: Attack and Defense 688
Chapter 13: Cryptography 691
Chapter 14: Security Architecture and Design 693
Chapter 15: Cloud Computing and the Internet of Things 695
Index 699
