Description

Book Synopsis


Table of Contents

Introduction xvii

Assessment Test xxv

Chapter 1 Ethical Hacking 1

Overview of Ethics 2

Overview of Ethical Hacking 5

Attack Modeling 6

Cyber Kill Chain 7

Attack Lifecycle 8

MITRE ATT&CK Framework 10

Methodology of Ethical Hacking 12

Reconnaissance and Footprinting 12

Scanning and Enumeration 12

Gaining Access 13

Maintaining Access 14

Covering Tracks 14

Summary 15

Chapter 2 Networking Foundations 17

Communications Models 19

Open Systems Interconnection 20

TCP/IP Architecture 23

Topologies 24

Bus Network 24

Star Network 25

Ring Network 26

Mesh Network 27

Hybrid 28

Physical Networking 29

Addressing 29

Switching 30

IP 31

Headers 32

Addressing 34

Subnets 35

TCP 37

UDP 40

Internet Control Message Protocol 41

Network Architectures 42

Network Types 43

Isolation 44

Remote Access 45

Cloud Computing 46

Storage as a Service 47

Infrastructure as a Service 48

Platform as a Service 49

Software as a Service 51

Internet of Things 53

Summary 54

Review Questions 56

Chapter 3 Security Foundations 59

The Triad 61

Confidentiality 61

Integrity 63

Availability 64

Parkerian Hexad 65

Information Assurance and Risk 66

Policies, Standards, and Procedures 69

Security Policies 69

Security Standards 70

Procedures 71

Guidelines 72

Organizing Your Protections 72

Security Technology 75

Firewalls 76

Intrusion Detection Systems 80

Intrusion Prevention Systems 83

Endpoint Detection and Response 84

Security Information and Event Management 86

Being Prepared 87

Defense in Depth 87

Defense in Breadth 89

Defensible Network Architecture 90

Logging 91

Auditing 93

Summary 95

Review Questions 96

Chapter 4 Footprinting and Reconnaissance 101

Open Source Intelligence 103

Companies 103

People 112

Social Networking 115

Domain Name System 129

Name Lookups 130

Zone Transfers 136

Passive DNS 138

Passive Reconnaissance 142

Website Intelligence 145

Technology Intelligence 150

Google Hacking 150

Internet of Things (IoT) 152

Summary 154

Review Questions 157

Chapter 5 Scanning Networks 161

Ping Sweeps 163

Using fping 163

Using MegaPing 165

Port Scanning 167

nmap 168

masscan 184

MegaPing 186

Metasploit 188

Vulnerability Scanning 190

OpenVAS 192

Nessus 203

Looking for Vulnerabilities with Metasploit 209

Packet Crafting and Manipulation 210

hping 211

packETH 214

fragroute 217

Evasion Techniques 218

Evasion with nmap 221

Protecting and Detecting 223

Summary 224

Review Questions 226

Chapter 6 Enumeration 231

Service Enumeration 233

Countermeasures 236

Remote Procedure Calls 236

SunRPC 237

Remote Method Invocation 239

Server Message Block 242

Built- in Utilities 243

nmap Scripts 247

NetBIOS Enumerator 249

Metasploit 250

Other Utilities 254

Countermeasures 257

Simple Network Management Protocol 258

Countermeasures 259

Simple Mail Transfer Protocol 260

Countermeasures 263

Web- Based Enumeration 264

Countermeasures 271

Summary 272

Review Questions 274

Chapter 7 System Hacking 279

Searching for Exploits 281

System Compromise 285

Metasploit Modules 286

Exploit- DB 290

Gathering Passwords 292

Password Cracking 295

John the Ripper 296

Rainbow Tables 298

Kerberoasting 300

Client- Side Vulnerabilities 305

Living Off the Land 307

Fuzzing 308

Post Exploitation 313

Evasion 313

Privilege Escalation 314

Pivoting 319

Persistence 322

Covering Tracks 326

Summary 332

Review Questions 334

Chapter 8 Malware 339

Malware Types 341

Virus 341

Worm 342

Trojan 344

Botnet 344

Ransomware 345

Dropper 347

Fileless Malware 348

Polymorphic Malware 348

Malware Analysis 349

Static Analysis 350

Dynamic Analysis 361

Automated Malware Analysis 370

Creating Malware 371

Writing Your Own 372

Using Metasploit 375

Obfuscating 381

Malware Infrastructure 382

Antivirus Solutions 384

Persistence 385

Summary 386

Review Questions 388

Chapter 9 Sniffing 393

Packet Capture 394

tcpdump 395

tshark 401

Wireshark 403

Berkeley Packet Filter 408

Port Mirroring/Spanning 410

Detecting Sniffers 410

Packet Analysis 412

Spoofing Attacks 417

ARP Spoofing 418

DNS Spoofing 422

DHCP Starvation Attack 424

sslstrip 425

Spoofing Detection 426

Summary 428

Review Questions 430

Chapter 10 Social Engineering 435

Social Engineering 436

Pretexting 438

Social Engineering Vectors 440

Identity Theft 441

Physical Social Engineering 442

Badge Access 442

Man Traps 444

Biometrics 445

Phone Calls 446

Baiting 447

Tailgating 448

Phishing Attacks 448

Contact Spamming 452

Quid Pro Quo 452

Social Engineering for Social Networking 453

Website Attacks 454

Cloning 454

Rogue Attacks 457

Wireless Social Engineering 458

Automating Social Engineering 461

Summary 464

Review Questions 466

Chapter 11 Wireless Security 471

Wi- Fi 472

Wi- Fi Network Types 474

Wi- Fi Authentication 477

Wi- Fi Encryption 478

Bring Your Own Device 483

Wi- Fi Attacks 484

Bluetooth 495

Scanning 496

Bluejacking 498

Bluesnarfing 498

Bluebugging 498

Bluedump 499

Bluesmack 499

Mobile Devices 499

Mobile Device Attacks 500

Summary 504

Review Questions 506

Chapter 12 Attack and Defense 511

Web Application Attacks 512

OWASP Top 10 Vulnerabilities 514

Web Application Protections 524

Denial- of- Service Attacks 526

Bandwidth Attacks 527

Slow Attacks 529

Legacy 531

Application Exploitation 531

Buffer Overflow 532

Heap Spraying 534

Application Protections and Evasions 535

Lateral Movement 536

Defense in Depth/Defense in Breadth 538

Defensible Network Architecture 540

Summary 542

Review Questions 544

Chapter 13 Cryptography 549

Basic Encryption 551

Substitution Ciphers 551

Diffie–Hellman 553

Symmetric Key Cryptography 555

Data Encryption Standard 555

Advanced Encryption Standard 556

Asymmetric Key Cryptography 558

Hybrid Cryptosystem 559

Nonrepudiation 559

Elliptic Curve Cryptography 560

Certificate Authorities and Key Management 562

Certificate Authority 562

Trusted Third Party 565

Self- Signed Certificates 566

Cryptographic Hashing 569

PGP and S/MIME 571

Disk and File Encryption 572

Summary 576

Review Questions 578

Chapter 14 Security Architecture and Design 581

Data Classification 582

Security Models 584

State Machine 584

Biba 585

Bell–LaPadula 586

Clark–Wilson Integrity Model 586

Application Architecture 587

n- tier Application Design 588

Service- Oriented Architecture 591

Cloud- Based Applications 593

Database Considerations 595

Security Architecture 598

Zero- Trust Model 602

Summary 604

Review Questions 606

Chapter 15 Cloud Computing and the Internet of Things 611

Cloud Computing Overview 612

Cloud Services 616

Shared Responsibility Model 621

Public vs. Private Cloud 623

Grid Computing 624

Cloud Architectures and Deployment 625

Responsive Design 629

Cloud- Native Design 629

Deployment 631

Dealing with REST 633

Common Cloud Threats 639

Access Management 639

Data Breach 641

Web Application Compromise 642

Credential Compromise 643

Insider Threat 645

Internet of Things 646

Fog Computing 651

Operational Technology 652

The Purdue Model 654

Summary 655

Review Questions 657

Appendix Answers to Review Questions 661

Chapter 2: Networking Foundations 662

Chapter 3: Security Foundations 663

Chapter 4: Footprinting and Reconnaissance 666

Chapter 5: Scanning Networks 669

Chapter 6: Enumeration 672

Chapter 7: System Hacking 675

Chapter 8: Malware 678

Chapter 9: Sniffing 681

Chapter 10: Social Engineering 683

Chapter 11: Wireless Security 686

Chapter 12: Attack and Defense 688

Chapter 13: Cryptography 691

Chapter 14: Security Architecture and Design 693

Chapter 15: Cloud Computing and the Internet of Things 695

Index 699

CEH v12 Certified Ethical Hacker Study Guide with

    Product form

    £40.38

    Includes FREE delivery

    RRP £42.50 – you save £2.12 (4%)

    Order before 4pm today for delivery by Mon 22 Jun 2026.

    A Paperback / softback by Ric Messier

    1 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of CEH v12 Certified Ethical Hacker Study Guide with by Ric Messier

      Publisher: John Wiley & Sons Inc
      Publication Date: 18/05/2023
      ISBN13: 9781394186921, 978-1394186921
      ISBN10: 1394186924
      Also in:
      Computing Computer networking and communications

      Description

      Book Synopsis


      Table of Contents

      Introduction xvii

      Assessment Test xxv

      Chapter 1 Ethical Hacking 1

      Overview of Ethics 2

      Overview of Ethical Hacking 5

      Attack Modeling 6

      Cyber Kill Chain 7

      Attack Lifecycle 8

      MITRE ATT&CK Framework 10

      Methodology of Ethical Hacking 12

      Reconnaissance and Footprinting 12

      Scanning and Enumeration 12

      Gaining Access 13

      Maintaining Access 14

      Covering Tracks 14

      Summary 15

      Chapter 2 Networking Foundations 17

      Communications Models 19

      Open Systems Interconnection 20

      TCP/IP Architecture 23

      Topologies 24

      Bus Network 24

      Star Network 25

      Ring Network 26

      Mesh Network 27

      Hybrid 28

      Physical Networking 29

      Addressing 29

      Switching 30

      IP 31

      Headers 32

      Addressing 34

      Subnets 35

      TCP 37

      UDP 40

      Internet Control Message Protocol 41

      Network Architectures 42

      Network Types 43

      Isolation 44

      Remote Access 45

      Cloud Computing 46

      Storage as a Service 47

      Infrastructure as a Service 48

      Platform as a Service 49

      Software as a Service 51

      Internet of Things 53

      Summary 54

      Review Questions 56

      Chapter 3 Security Foundations 59

      The Triad 61

      Confidentiality 61

      Integrity 63

      Availability 64

      Parkerian Hexad 65

      Information Assurance and Risk 66

      Policies, Standards, and Procedures 69

      Security Policies 69

      Security Standards 70

      Procedures 71

      Guidelines 72

      Organizing Your Protections 72

      Security Technology 75

      Firewalls 76

      Intrusion Detection Systems 80

      Intrusion Prevention Systems 83

      Endpoint Detection and Response 84

      Security Information and Event Management 86

      Being Prepared 87

      Defense in Depth 87

      Defense in Breadth 89

      Defensible Network Architecture 90

      Logging 91

      Auditing 93

      Summary 95

      Review Questions 96

      Chapter 4 Footprinting and Reconnaissance 101

      Open Source Intelligence 103

      Companies 103

      People 112

      Social Networking 115

      Domain Name System 129

      Name Lookups 130

      Zone Transfers 136

      Passive DNS 138

      Passive Reconnaissance 142

      Website Intelligence 145

      Technology Intelligence 150

      Google Hacking 150

      Internet of Things (IoT) 152

      Summary 154

      Review Questions 157

      Chapter 5 Scanning Networks 161

      Ping Sweeps 163

      Using fping 163

      Using MegaPing 165

      Port Scanning 167

      nmap 168

      masscan 184

      MegaPing 186

      Metasploit 188

      Vulnerability Scanning 190

      OpenVAS 192

      Nessus 203

      Looking for Vulnerabilities with Metasploit 209

      Packet Crafting and Manipulation 210

      hping 211

      packETH 214

      fragroute 217

      Evasion Techniques 218

      Evasion with nmap 221

      Protecting and Detecting 223

      Summary 224

      Review Questions 226

      Chapter 6 Enumeration 231

      Service Enumeration 233

      Countermeasures 236

      Remote Procedure Calls 236

      SunRPC 237

      Remote Method Invocation 239

      Server Message Block 242

      Built- in Utilities 243

      nmap Scripts 247

      NetBIOS Enumerator 249

      Metasploit 250

      Other Utilities 254

      Countermeasures 257

      Simple Network Management Protocol 258

      Countermeasures 259

      Simple Mail Transfer Protocol 260

      Countermeasures 263

      Web- Based Enumeration 264

      Countermeasures 271

      Summary 272

      Review Questions 274

      Chapter 7 System Hacking 279

      Searching for Exploits 281

      System Compromise 285

      Metasploit Modules 286

      Exploit- DB 290

      Gathering Passwords 292

      Password Cracking 295

      John the Ripper 296

      Rainbow Tables 298

      Kerberoasting 300

      Client- Side Vulnerabilities 305

      Living Off the Land 307

      Fuzzing 308

      Post Exploitation 313

      Evasion 313

      Privilege Escalation 314

      Pivoting 319

      Persistence 322

      Covering Tracks 326

      Summary 332

      Review Questions 334

      Chapter 8 Malware 339

      Malware Types 341

      Virus 341

      Worm 342

      Trojan 344

      Botnet 344

      Ransomware 345

      Dropper 347

      Fileless Malware 348

      Polymorphic Malware 348

      Malware Analysis 349

      Static Analysis 350

      Dynamic Analysis 361

      Automated Malware Analysis 370

      Creating Malware 371

      Writing Your Own 372

      Using Metasploit 375

      Obfuscating 381

      Malware Infrastructure 382

      Antivirus Solutions 384

      Persistence 385

      Summary 386

      Review Questions 388

      Chapter 9 Sniffing 393

      Packet Capture 394

      tcpdump 395

      tshark 401

      Wireshark 403

      Berkeley Packet Filter 408

      Port Mirroring/Spanning 410

      Detecting Sniffers 410

      Packet Analysis 412

      Spoofing Attacks 417

      ARP Spoofing 418

      DNS Spoofing 422

      DHCP Starvation Attack 424

      sslstrip 425

      Spoofing Detection 426

      Summary 428

      Review Questions 430

      Chapter 10 Social Engineering 435

      Social Engineering 436

      Pretexting 438

      Social Engineering Vectors 440

      Identity Theft 441

      Physical Social Engineering 442

      Badge Access 442

      Man Traps 444

      Biometrics 445

      Phone Calls 446

      Baiting 447

      Tailgating 448

      Phishing Attacks 448

      Contact Spamming 452

      Quid Pro Quo 452

      Social Engineering for Social Networking 453

      Website Attacks 454

      Cloning 454

      Rogue Attacks 457

      Wireless Social Engineering 458

      Automating Social Engineering 461

      Summary 464

      Review Questions 466

      Chapter 11 Wireless Security 471

      Wi- Fi 472

      Wi- Fi Network Types 474

      Wi- Fi Authentication 477

      Wi- Fi Encryption 478

      Bring Your Own Device 483

      Wi- Fi Attacks 484

      Bluetooth 495

      Scanning 496

      Bluejacking 498

      Bluesnarfing 498

      Bluebugging 498

      Bluedump 499

      Bluesmack 499

      Mobile Devices 499

      Mobile Device Attacks 500

      Summary 504

      Review Questions 506

      Chapter 12 Attack and Defense 511

      Web Application Attacks 512

      OWASP Top 10 Vulnerabilities 514

      Web Application Protections 524

      Denial- of- Service Attacks 526

      Bandwidth Attacks 527

      Slow Attacks 529

      Legacy 531

      Application Exploitation 531

      Buffer Overflow 532

      Heap Spraying 534

      Application Protections and Evasions 535

      Lateral Movement 536

      Defense in Depth/Defense in Breadth 538

      Defensible Network Architecture 540

      Summary 542

      Review Questions 544

      Chapter 13 Cryptography 549

      Basic Encryption 551

      Substitution Ciphers 551

      Diffie–Hellman 553

      Symmetric Key Cryptography 555

      Data Encryption Standard 555

      Advanced Encryption Standard 556

      Asymmetric Key Cryptography 558

      Hybrid Cryptosystem 559

      Nonrepudiation 559

      Elliptic Curve Cryptography 560

      Certificate Authorities and Key Management 562

      Certificate Authority 562

      Trusted Third Party 565

      Self- Signed Certificates 566

      Cryptographic Hashing 569

      PGP and S/MIME 571

      Disk and File Encryption 572

      Summary 576

      Review Questions 578

      Chapter 14 Security Architecture and Design 581

      Data Classification 582

      Security Models 584

      State Machine 584

      Biba 585

      Bell–LaPadula 586

      Clark–Wilson Integrity Model 586

      Application Architecture 587

      n- tier Application Design 588

      Service- Oriented Architecture 591

      Cloud- Based Applications 593

      Database Considerations 595

      Security Architecture 598

      Zero- Trust Model 602

      Summary 604

      Review Questions 606

      Chapter 15 Cloud Computing and the Internet of Things 611

      Cloud Computing Overview 612

      Cloud Services 616

      Shared Responsibility Model 621

      Public vs. Private Cloud 623

      Grid Computing 624

      Cloud Architectures and Deployment 625

      Responsive Design 629

      Cloud- Native Design 629

      Deployment 631

      Dealing with REST 633

      Common Cloud Threats 639

      Access Management 639

      Data Breach 641

      Web Application Compromise 642

      Credential Compromise 643

      Insider Threat 645

      Internet of Things 646

      Fog Computing 651

      Operational Technology 652

      The Purdue Model 654

      Summary 655

      Review Questions 657

      Appendix Answers to Review Questions 661

      Chapter 2: Networking Foundations 662

      Chapter 3: Security Foundations 663

      Chapter 4: Footprinting and Reconnaissance 666

      Chapter 5: Scanning Networks 669

      Chapter 6: Enumeration 672

      Chapter 7: System Hacking 675

      Chapter 8: Malware 678

      Chapter 9: Sniffing 681

      Chapter 10: Social Engineering 683

      Chapter 11: Wireless Security 686

      Chapter 12: Attack and Defense 688

      Chapter 13: Cryptography 691

      Chapter 14: Security Architecture and Design 693

      Chapter 15: Cloud Computing and the Internet of Things 695

      Index 699

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account