Description

Book Synopsis


Table of Contents

Introduction xvii

Assessment Test xxv

Chapter 1 Ethical Hacking 1

Overview of Ethics 2

Overview of Ethical Hacking 5

Attack Modeling 6

Cyber Kill Chain 7

Attack Lifecycle 8

MITRE ATT&CK Framework 10

Methodology of Ethical Hacking 12

Reconnaissance and Footprinting 12

Scanning and Enumeration 12

Gaining Access 13

Maintaining Access 14

Covering Tracks 14

Summary 15

Chapter 2 Networking Foundations 17

Communications Models 19

Open Systems Interconnection 20

TCP/IP Architecture 23

Topologies 24

Bus Network 24

Star Network 25

Ring Network 26

Mesh Network 27

Hybrid 28

Physical Networking 29

Addressing 29

Switching 30

IP 31

Headers 32

Addressing 34

Subnets 35

TCP 37

UDP 40

Internet Control Message Protocol 41

Network Architectures 42

Network Types 43

Isolation 44

Remote Access 45

Cloud Computing 46

Storage as a Service 47

Infrastructure as a Service 48

Platform as a Service 49

Software as a Service 51

Internet of Things 53

Summary 54

Review Questions 56

Chapter 3 Security Foundations 59

The Triad 61

Confidentiality 61

Integrity 63

Availability 64

Parkerian Hexad 65

Information Assurance and Risk 66

Policies, Standards, and Procedures 69

Security Policies 69

Security Standards 70

Procedures 71

Guidelines 72

Organizing Your Protections 72

Security Technology 75

Firewalls 76

Intrusion Detection Systems 80

Intrusion Prevention Systems 83

Endpoint Detection and Response 84

Security Information and Event Management 86

Being Prepared 87

Defense in Depth 87

Defense in Breadth 89

Defensible Network Architecture 90

Logging 91

Auditing 93

Summary 95

Review Questions 96

Chapter 4 Footprinting and Reconnaissance 101

Open Source Intelligence 103

Companies 103

People 112

Social Networking 115

Domain Name System 129

Name Lookups 130

Zone Transfers 136

Passive DNS 138

Passive Reconnaissance 142

Website Intelligence 145

Technology Intelligence 150

Google Hacking 150

Internet of Things (IoT) 152

Summary 154

Review Questions 157

Chapter 5 Scanning Networks 161

Ping Sweeps 163

Using fping 163

Using MegaPing 165

Port Scanning 167

nmap 168

masscan 184

MegaPing 186

Metasploit 188

Vulnerability Scanning 190

OpenVAS 192

Nessus 203

Looking for Vulnerabilities with Metasploit 209

Packet Crafting and Manipulation 210

hping 211

packETH 214

fragroute 217

Evasion Techniques 218

Evasion with nmap 221

Protecting and Detecting 223

Summary 224

Review Questions 226

Chapter 6 Enumeration 231

Service Enumeration 233

Countermeasures 236

Remote Procedure Calls 236

SunRPC 237

Remote Method Invocation 239

Server Message Block 242

Built- in Utilities 243

nmap Scripts 247

NetBIOS Enumerator 249

Metasploit 250

Other Utilities 254

Countermeasures 257

Simple Network Management Protocol 258

Countermeasures 259

Simple Mail Transfer Protocol 260

Countermeasures 263

Web- Based Enumeration 264

Countermeasures 271

Summary 272

Review Questions 274

Chapter 7 System Hacking 279

Searching for Exploits 281

System Compromise 285

Metasploit Modules 286

Exploit- DB 290

Gathering Passwords 292

Password Cracking 295

John the Ripper 296

Rainbow Tables 298

Kerberoasting 300

Client- Side Vulnerabilities 305

Living Off the Land 307

Fuzzing 308

Post Exploitation 313

Evasion 313

Privilege Escalation 314

Pivoting 319

Persistence 322

Covering Tracks 326

Summary 332

Review Questions 334

Chapter 8 Malware 339

Malware Types 341

Virus 341

Worm 342

Trojan 344

Botnet 344

Ransomware 345

Dropper 347

Fileless Malware 348

Polymorphic Malware 348

Malware Analysis 349

Static Analysis 350

Dynamic Analysis 361

Automated Malware Analysis 370

Creating Malware 371

Writing Your Own 372

Using Metasploit 375

Obfuscating 381

Malware Infrastructure 382

Antivirus Solutions 384

Persistence 385

Summary 386

Review Questions 388

Chapter 9 Sniffing 393

Packet Capture 394

tcpdump 395

tshark 401

Wireshark 403

Berkeley Packet Filter 408

Port Mirroring/Spanning 410

Detecting Sniffers 410

Packet Analysis 412

Spoofing Attacks 417

ARP Spoofing 418

DNS Spoofing 422

DHCP Starvation Attack 424

sslstrip 425

Spoofing Detection 426

Summary 428

Review Questions 430

Chapter 10 Social Engineering 435

Social Engineering 436

Pretexting 438

Social Engineering Vectors 440

Identity Theft 441

Physical Social Engineering 442

Badge Access 442

Man Traps 444

Biometrics 445

Phone Calls 446

Baiting 447

Tailgating 448

Phishing Attacks 448

Contact Spamming 452

Quid Pro Quo 452

Social Engineering for Social Networking 453

Website Attacks 454

Cloning 454

Rogue Attacks 457

Wireless Social Engineering 458

Automating Social Engineering 461

Summary 464

Review Questions 466

Chapter 11 Wireless Security 471

Wi- Fi 472

Wi- Fi Network Types 474

Wi- Fi Authentication 477

Wi- Fi Encryption 478

Bring Your Own Device 483

Wi- Fi Attacks 484

Bluetooth 495

Scanning 496

Bluejacking 498

Bluesnarfing 498

Bluebugging 498

Bluedump 499

Bluesmack 499

Mobile Devices 499

Mobile Device Attacks 500

Summary 504

Review Questions 506

Chapter 12 Attack and Defense 511

Web Application Attacks 512

OWASP Top 10 Vulnerabilities 514

Web Application Protections 524

Denial- of- Service Attacks 526

Bandwidth Attacks 527

Slow Attacks 529

Legacy 531

Application Exploitation 531

Buffer Overflow 532

Heap Spraying 534

Application Protections and Evasions 535

Lateral Movement 536

Defense in Depth/Defense in Breadth 538

Defensible Network Architecture 540

Summary 542

Review Questions 544

Chapter 13 Cryptography 549

Basic Encryption 551

Substitution Ciphers 551

Diffie–Hellman 553

Symmetric Key Cryptography 555

Data Encryption Standard 555

Advanced Encryption Standard 556

Asymmetric Key Cryptography 558

Hybrid Cryptosystem 559

Nonrepudiation 559

Elliptic Curve Cryptography 560

Certificate Authorities and Key Management 562

Certificate Authority 562

Trusted Third Party 565

Self- Signed Certificates 566

Cryptographic Hashing 569

PGP and S/MIME 571

Disk and File Encryption 572

Summary 576

Review Questions 578

Chapter 14 Security Architecture and Design 581

Data Classification 582

Security Models 584

State Machine 584

Biba 585

Bell–LaPadula 586

Clark–Wilson Integrity Model 586

Application Architecture 587

n- tier Application Design 588

Service- Oriented Architecture 591

Cloud- Based Applications 593

Database Considerations 595

Security Architecture 598

Zero- Trust Model 602

Summary 604

Review Questions 606

Chapter 15 Cloud Computing and the Internet of Things 611

Cloud Computing Overview 612

Cloud Services 616

Shared Responsibility Model 621

Public vs. Private Cloud 623

Grid Computing 624

Cloud Architectures and Deployment 625

Responsive Design 629

Cloud- Native Design 629

Deployment 631

Dealing with REST 633

Common Cloud Threats 639

Access Management 639

Data Breach 641

Web Application Compromise 642

Credential Compromise 643

Insider Threat 645

Internet of Things 646

Fog Computing 651

Operational Technology 652

The Purdue Model 654

Summary 655

Review Questions 657

Appendix Answers to Review Questions 661

Chapter 2: Networking Foundations 662

Chapter 3: Security Foundations 663

Chapter 4: Footprinting and Reconnaissance 666

Chapter 5: Scanning Networks 669

Chapter 6: Enumeration 672

Chapter 7: System Hacking 675

Chapter 8: Malware 678

Chapter 9: Sniffing 681

Chapter 10: Social Engineering 683

Chapter 11: Wireless Security 686

Chapter 12: Attack and Defense 688

Chapter 13: Cryptography 691

Chapter 14: Security Architecture and Design 693

Chapter 15: Cloud Computing and the Internet of Things 695

Index 699

CEH v12 Certified Ethical Hacker Study Guide with

Product form

£40.38

Includes FREE delivery

RRP £42.50 – you save £2.12 (4%)

Order before 4pm today for delivery by Fri 9 Jan 2026.

A Paperback / softback by Ric Messier

1 in stock


    View other formats and editions of CEH v12 Certified Ethical Hacker Study Guide with by Ric Messier

    Publisher: John Wiley & Sons Inc
    Publication Date: 18/05/2023
    ISBN13: 9781394186921, 978-1394186921
    ISBN10: 1394186924
    Also in:
    Computing Computer networking and communications

    Description

    Book Synopsis


    Table of Contents

    Introduction xvii

    Assessment Test xxv

    Chapter 1 Ethical Hacking 1

    Overview of Ethics 2

    Overview of Ethical Hacking 5

    Attack Modeling 6

    Cyber Kill Chain 7

    Attack Lifecycle 8

    MITRE ATT&CK Framework 10

    Methodology of Ethical Hacking 12

    Reconnaissance and Footprinting 12

    Scanning and Enumeration 12

    Gaining Access 13

    Maintaining Access 14

    Covering Tracks 14

    Summary 15

    Chapter 2 Networking Foundations 17

    Communications Models 19

    Open Systems Interconnection 20

    TCP/IP Architecture 23

    Topologies 24

    Bus Network 24

    Star Network 25

    Ring Network 26

    Mesh Network 27

    Hybrid 28

    Physical Networking 29

    Addressing 29

    Switching 30

    IP 31

    Headers 32

    Addressing 34

    Subnets 35

    TCP 37

    UDP 40

    Internet Control Message Protocol 41

    Network Architectures 42

    Network Types 43

    Isolation 44

    Remote Access 45

    Cloud Computing 46

    Storage as a Service 47

    Infrastructure as a Service 48

    Platform as a Service 49

    Software as a Service 51

    Internet of Things 53

    Summary 54

    Review Questions 56

    Chapter 3 Security Foundations 59

    The Triad 61

    Confidentiality 61

    Integrity 63

    Availability 64

    Parkerian Hexad 65

    Information Assurance and Risk 66

    Policies, Standards, and Procedures 69

    Security Policies 69

    Security Standards 70

    Procedures 71

    Guidelines 72

    Organizing Your Protections 72

    Security Technology 75

    Firewalls 76

    Intrusion Detection Systems 80

    Intrusion Prevention Systems 83

    Endpoint Detection and Response 84

    Security Information and Event Management 86

    Being Prepared 87

    Defense in Depth 87

    Defense in Breadth 89

    Defensible Network Architecture 90

    Logging 91

    Auditing 93

    Summary 95

    Review Questions 96

    Chapter 4 Footprinting and Reconnaissance 101

    Open Source Intelligence 103

    Companies 103

    People 112

    Social Networking 115

    Domain Name System 129

    Name Lookups 130

    Zone Transfers 136

    Passive DNS 138

    Passive Reconnaissance 142

    Website Intelligence 145

    Technology Intelligence 150

    Google Hacking 150

    Internet of Things (IoT) 152

    Summary 154

    Review Questions 157

    Chapter 5 Scanning Networks 161

    Ping Sweeps 163

    Using fping 163

    Using MegaPing 165

    Port Scanning 167

    nmap 168

    masscan 184

    MegaPing 186

    Metasploit 188

    Vulnerability Scanning 190

    OpenVAS 192

    Nessus 203

    Looking for Vulnerabilities with Metasploit 209

    Packet Crafting and Manipulation 210

    hping 211

    packETH 214

    fragroute 217

    Evasion Techniques 218

    Evasion with nmap 221

    Protecting and Detecting 223

    Summary 224

    Review Questions 226

    Chapter 6 Enumeration 231

    Service Enumeration 233

    Countermeasures 236

    Remote Procedure Calls 236

    SunRPC 237

    Remote Method Invocation 239

    Server Message Block 242

    Built- in Utilities 243

    nmap Scripts 247

    NetBIOS Enumerator 249

    Metasploit 250

    Other Utilities 254

    Countermeasures 257

    Simple Network Management Protocol 258

    Countermeasures 259

    Simple Mail Transfer Protocol 260

    Countermeasures 263

    Web- Based Enumeration 264

    Countermeasures 271

    Summary 272

    Review Questions 274

    Chapter 7 System Hacking 279

    Searching for Exploits 281

    System Compromise 285

    Metasploit Modules 286

    Exploit- DB 290

    Gathering Passwords 292

    Password Cracking 295

    John the Ripper 296

    Rainbow Tables 298

    Kerberoasting 300

    Client- Side Vulnerabilities 305

    Living Off the Land 307

    Fuzzing 308

    Post Exploitation 313

    Evasion 313

    Privilege Escalation 314

    Pivoting 319

    Persistence 322

    Covering Tracks 326

    Summary 332

    Review Questions 334

    Chapter 8 Malware 339

    Malware Types 341

    Virus 341

    Worm 342

    Trojan 344

    Botnet 344

    Ransomware 345

    Dropper 347

    Fileless Malware 348

    Polymorphic Malware 348

    Malware Analysis 349

    Static Analysis 350

    Dynamic Analysis 361

    Automated Malware Analysis 370

    Creating Malware 371

    Writing Your Own 372

    Using Metasploit 375

    Obfuscating 381

    Malware Infrastructure 382

    Antivirus Solutions 384

    Persistence 385

    Summary 386

    Review Questions 388

    Chapter 9 Sniffing 393

    Packet Capture 394

    tcpdump 395

    tshark 401

    Wireshark 403

    Berkeley Packet Filter 408

    Port Mirroring/Spanning 410

    Detecting Sniffers 410

    Packet Analysis 412

    Spoofing Attacks 417

    ARP Spoofing 418

    DNS Spoofing 422

    DHCP Starvation Attack 424

    sslstrip 425

    Spoofing Detection 426

    Summary 428

    Review Questions 430

    Chapter 10 Social Engineering 435

    Social Engineering 436

    Pretexting 438

    Social Engineering Vectors 440

    Identity Theft 441

    Physical Social Engineering 442

    Badge Access 442

    Man Traps 444

    Biometrics 445

    Phone Calls 446

    Baiting 447

    Tailgating 448

    Phishing Attacks 448

    Contact Spamming 452

    Quid Pro Quo 452

    Social Engineering for Social Networking 453

    Website Attacks 454

    Cloning 454

    Rogue Attacks 457

    Wireless Social Engineering 458

    Automating Social Engineering 461

    Summary 464

    Review Questions 466

    Chapter 11 Wireless Security 471

    Wi- Fi 472

    Wi- Fi Network Types 474

    Wi- Fi Authentication 477

    Wi- Fi Encryption 478

    Bring Your Own Device 483

    Wi- Fi Attacks 484

    Bluetooth 495

    Scanning 496

    Bluejacking 498

    Bluesnarfing 498

    Bluebugging 498

    Bluedump 499

    Bluesmack 499

    Mobile Devices 499

    Mobile Device Attacks 500

    Summary 504

    Review Questions 506

    Chapter 12 Attack and Defense 511

    Web Application Attacks 512

    OWASP Top 10 Vulnerabilities 514

    Web Application Protections 524

    Denial- of- Service Attacks 526

    Bandwidth Attacks 527

    Slow Attacks 529

    Legacy 531

    Application Exploitation 531

    Buffer Overflow 532

    Heap Spraying 534

    Application Protections and Evasions 535

    Lateral Movement 536

    Defense in Depth/Defense in Breadth 538

    Defensible Network Architecture 540

    Summary 542

    Review Questions 544

    Chapter 13 Cryptography 549

    Basic Encryption 551

    Substitution Ciphers 551

    Diffie–Hellman 553

    Symmetric Key Cryptography 555

    Data Encryption Standard 555

    Advanced Encryption Standard 556

    Asymmetric Key Cryptography 558

    Hybrid Cryptosystem 559

    Nonrepudiation 559

    Elliptic Curve Cryptography 560

    Certificate Authorities and Key Management 562

    Certificate Authority 562

    Trusted Third Party 565

    Self- Signed Certificates 566

    Cryptographic Hashing 569

    PGP and S/MIME 571

    Disk and File Encryption 572

    Summary 576

    Review Questions 578

    Chapter 14 Security Architecture and Design 581

    Data Classification 582

    Security Models 584

    State Machine 584

    Biba 585

    Bell–LaPadula 586

    Clark–Wilson Integrity Model 586

    Application Architecture 587

    n- tier Application Design 588

    Service- Oriented Architecture 591

    Cloud- Based Applications 593

    Database Considerations 595

    Security Architecture 598

    Zero- Trust Model 602

    Summary 604

    Review Questions 606

    Chapter 15 Cloud Computing and the Internet of Things 611

    Cloud Computing Overview 612

    Cloud Services 616

    Shared Responsibility Model 621

    Public vs. Private Cloud 623

    Grid Computing 624

    Cloud Architectures and Deployment 625

    Responsive Design 629

    Cloud- Native Design 629

    Deployment 631

    Dealing with REST 633

    Common Cloud Threats 639

    Access Management 639

    Data Breach 641

    Web Application Compromise 642

    Credential Compromise 643

    Insider Threat 645

    Internet of Things 646

    Fog Computing 651

    Operational Technology 652

    The Purdue Model 654

    Summary 655

    Review Questions 657

    Appendix Answers to Review Questions 661

    Chapter 2: Networking Foundations 662

    Chapter 3: Security Foundations 663

    Chapter 4: Footprinting and Reconnaissance 666

    Chapter 5: Scanning Networks 669

    Chapter 6: Enumeration 672

    Chapter 7: System Hacking 675

    Chapter 8: Malware 678

    Chapter 9: Sniffing 681

    Chapter 10: Social Engineering 683

    Chapter 11: Wireless Security 686

    Chapter 12: Attack and Defense 688

    Chapter 13: Cryptography 691

    Chapter 14: Security Architecture and Design 693

    Chapter 15: Cloud Computing and the Internet of Things 695

    Index 699

    Recently viewed products

    © 2026 Book Curl

      • American Express
      • Apple Pay
      • Diners Club
      • Discover
      • Google Pay
      • Maestro
      • Mastercard
      • PayPal
      • Shop Pay
      • Union Pay
      • Visa

      Login

      Forgot your password?

      Don't have an account yet?
      Create account