Publisher: John Wiley & Sons
Release Date: 2016-04-22
The ultimate preparation guide for the unique CEH exam. The CEH v10: Certified Ethical Hacker Version 10 Study Guide is your ideal companion for CEH v10 exam preparation. This comprehensive, in-depth review of CEH certification requirements is designed to help you internalize critical information using concise, to-the-point explanations and an easy-to-follow approach to the material. Covering all sections of the exam, the discussion highlights essential topics like intrusion detection, DDoS attacks, buffer overflows, and malware creation in detail, and puts the concepts into the context of real-world scenarios. Each chapter is mapped to the corresponding exam objective for easy reference, and the Exam Essentials feature helps you identify areas in need of further study. You also get access to online study tools including chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms to help you ensure full mastery of the exam material. The Certified Ethical Hacker is one-of-a-kind in the cybersecurity sphere, allowing you to delve into the mind of a hacker for a unique perspective into penetration testing. This guide is your ideal exam preparation resource, with specific coverage of all CEH objectives and plenty of practice material. Review all CEH v10 topics systematically Reinforce critical skills with hands-on exercises Learn how concepts apply in real-world scenarios Identify key proficiencies prior to the exam The CEH certification puts you in professional demand, and satisfies the Department of Defense's 8570 Directive for all Information Assurance government positions. Not only is it a highly-regarded credential, but it's also an expensive exam—making the stakes even higher on exam day. The CEH v10: Certified Ethical Hacker Version 10 Study Guide gives you the intense preparation you need to pass with flying colors.
Author: Raymond Blockmon
Publisher: John Wiley & Sons
Release Date: 2016-05-02
Master CEH v9 and identify your weak spots CEH: Certified Ethical Hacker Version 9 Practice Tests are the ideal preparation for this high-stakes exam. Five complete, unique practice tests are designed to help you identify weak spots in your understanding, so you can direct your preparation efforts efficiently and gain the confidence—and skills—you need to pass. These tests cover all five sections of the exam, allowing you to test your knowledge of Assessment; Security; Tools and Systems; Procedures and Methodology; and Regulation, Policy, and Ethics. Coverage aligns with CEH version 9, including material on cloud, tablet, and mobile phone security and attacks, as well as the latest vulnerabilities including Heartbleed, shellshock, and Poodle. The exams are designed to familiarize CEH candidates with the test format, allowing them to become more comfortable reading a Wireshark .pcap file or viewing visual depictions of network attacks. The ideal companion for the Sybex CEH v9 Study Guide, this book is an invaluable tool for anyone aspiring to this highly-regarded certification. Offered by the International Council of Electronic Commerce Consultants, the Certified Ethical Hacker certification is unique in the penetration testing sphere, and requires preparation specific to the CEH exam more than general IT security knowledge. This book of practice tests help you steer your study where it needs to go by giving you a glimpse of exam day while there's still time to prepare. Practice all five sections of the CEH v9 exam Test your knowledge of security, tools, procedures, and regulations Gauge your understanding of new vulnerabilities and threats Master the material well in advance of exam day By getting inside the mind of a hacker, you gain a one-of-a-kind perspective that dramatically boosts your marketability and advancement potential. If you're ready to attempt this unique certification, the CEH: Certified Ethical Hacker Version 9 Practice Tests are the major preparation tool you should not be without.
Author: Sean & Philip Oriyano
Release Date: 2016-11-16
If you’re preparing to take the CEH exam, you’ll undoubtedly want to find as much information as you can about computers, networks, applications, and physical security. The more information you have at your disposal and the more hands-on experience you gain, the better off you’ll be when taking the exam. This study guide was written with that goal in mind—to provide enough information to prepare you for the test, but not so much that you’ll be overloaded with information that is too far outside the scope of the exam. To make the information more understandable, I’ve included practical examples and experience that supplement the theory. This book presents the material at an advanced technical level. An understanding of network concepts and issues, computer hardware and operating systems, and applications will come in handy when you read this book. While every attempt has been made to present the concepts and exercises in an easy-to-understand format, you will need to have experience with IT and networking technology to get the best results. I’ve included review questions at the end of each chapter to give you a taste of what it’s like to take the exam. If you’re already working in the security field, check out these questions first to gauge your level of expertise. You can then use the book to fill in the gaps in your current knowledge. This study guide will help you round out your knowledge base before tackling the exam itself. If you can answer 85 percent to 90 percent or more of the review questions correctly for a given chapter, you can feel safe moving on to the next chapter. If you’re unable to answer that many questions correctly, reread the chapter and try the questions again. Your score should improve. Don’t just study the questions and answers! The questions on the actual exam will be different from the practice questions included in this book. The exam is designed to test your knowledge of a concept or objective, so use this book to learn the objectives behind the questions. Before You Begin Studying Before you begin preparing for the exam, it’s imperative that you understand a few things about the CEH certification. CEH is a certification from the International Council of Electronic Commerce Consultants (EC-Council) granted to those who obtain a passing score on a single exam (number 312-50). The exam is predominantly multiple choice, with some questions including diagrams and sketches that you must analyze to arrive at an answer. This exam requires intermediate- to advanced-level experience; you’re expected to know a great deal about security from an implementation and theory perspective as well as a practical perspective. In many books, the glossary is filler added to the back of the text; this book’s glossary (included as part of the online test bank at sybextestbanks.wiley.com) should be considered necessary reading. You’re likely to see a question on the exam about what a black- or white-box test is—not how to specifically implement it in a working environment. Spend your study time learning the various security solutions and identifying potential security vulnerabilities and where they are applicable. Also spend time thinking outside the box about how things work—the exam is also known to alter phrases and terminology—but keep the underlying concept as a way to test your thought process. The EC-Council is known for presenting concepts in unexpected ways on their exam. The exam tests whether you can apply your knowledge rather than just commit information to memory and repeat it back. Use your analytical skills to visualize the situation and then determine how it works. The questions throughout this book make every attempt to recreate the structure and appearance of the CEH exam questions. Why Become CEH Certified? There are a number of reasons for obtaining the CEH certification. These include the following: Provides Proof of Professional Achievement Specialized certifications are the best way to stand out from the crowd. In this age of technology certifications, you’ll find hundreds of thousands of administrators who have successfully completed the Microsoft and Cisco certification tracks. To set yourself apart from the crowd, you need a bit more. The CEH exam is part of the EC-Council certification track, which includes other securitycentric certifications if you wish to attempt those. Increases Your Marketability The CEH for several years has provided a valuable benchmark of the skills of a pentester to potential employers or clients. Once you hold the CEH certification, you’ll have the credentials to prove your competency. Moreover, certifications can’t be taken from you when you change jobs—you can take that certification with you to any position you accept. Provides Opportunity for Advancement Individuals who prove themselves to be competent and dedicated are the ones who will most likely be promoted. Becoming certified is a great way to prove your skill level and show your employer that you’re committed to improving your skill set. Look around you at those who are certified: They are probably the people who receive good pay raises and promotions. Fulfills Training Requirements Many companies have set training requirements for their staff so that they stay up to date on the latest technologies. Having a certification program in security provides administrators with another certification path to follow when they have exhausted some of the other industry-standard certifications. Raises Customer Confidence Many companies, small businesses, and the governments of various countries have long discovered the advantages of being a CEH. Many organizations require that employees and contractors hold the credential in order to engage in certain work activities. How to Become a CEH-Certified Professional The first place to start on your way to certification is to register for the exam at any Pearson VUE testing center. Exam pricing might vary by country or by EC-Council membership. You can contact Pearson VUE by going to their website (www.vue.com) or in the United States and Canada by calling toll-free (877)-551-7587. When you schedule the exam, you’ll receive instructions about appointment and cancellation procedures, ID requirements, and information about the testing center location. In addition, you will be required to provide a special EC-Council–furnished code in order to complete the registration process. Finally, you will also be required to fill out a form describing your professional experience and background before a code will be issued for you to register. Exam prices and codes may vary based on the country in which the exam is administered. For detailed pricing and exam registration procedures, refer to ECCouncil’s website at www.eccouncil.org/certification. After you’ve successfully passed your CEH exam, the EC-Council will award you with certification. Within four to six weeks of passing the exam, you’ll receive your official ECCouncil CEH certificate. Who Should Read This Book? If you want to acquire solid information in hacking and pen-testing techniques and your goal is to prepare for the exam by learning how to develop and improve security, this book is for you. You’ll find clear explanations of the concepts you need to grasp and plenty of help to achieve the high level of professional competency you need to succeed in your chosen field. If you want to become certified, this book is definitely what you need. However, if you just want to attempt to pass the exam without really understanding security, this study guide isn’t for you. You must be committed to learning the theory and concepts in this book to be successful. In addition to reading this book, consider downloading and reading the white papers on security that are scattered throughout the Internet. What Does This Book Cover? This book covers everything you need to know to pass the CEH exam. Here’s a breakdown chapter by chapter: Chapter 1: Introduction to Ethical Hacking This chapter covers the purpose of ethical hacking, defines the ethical hacker, and describes how to get started performing security audits. Chapter 2: System Fundamentals This chapter presents a look at the various components that make up a system and how they are affected by security. Chapter 3: Cryptography This chapter explores the art and science of cryptography; you’ll learn how cryptography works and how it supports security. Chapter 4: Footprinting In this chapter, you’ll learn how to gain information from a target using both passive and active methods. Chapter 5: Scanning This chapter shows you how to gain information about the hosts and devices on a network as well as what the information means. Chapter 6: Enumeration In this chapter, you’ll learn how to probe the various services present on a given host and how to process the information to determine what it means and how to use it for later actions. Chapter 7: System Hacking This chapter shows you how to use the information gained from footprinting, scanning, and earlier examinations in order to break into or gain access to a system. Chapter 8: Malware This chapter covers the varieties of malware and how each can be created, used, or defended against. Chapter 9: Sniffers This chapter discusses using packet sniffers to gather information that is flowing across the network. You’ll learn how to dissect this information for immediate or later use. Chapter 10: Social Engineering This chapter covers how to manipulate human beings in order to gain sensitive information. Chapter 11: Denial of Service This chapter includes an analysis of attacks that are designed to temporarily or permanently shut down a target. Chapter 12: Session Hijacking This chapter covers how to disrupt communications as well as take over legitimate sessions between two parties. Chapter 13: Web Servers and Applications This chapter explains how to break into and examine web servers and applications as well as the various methods of attack. Chapter 14: SQL Injection In this chapter, you’ll learn how to attack databases and data stores using SQL injection to alter, intercept, view, or destroy information. Chapter 15: Hacking Wi-Fi and Bluetooth In this chapter, you’ll learn how to target, analyze, disrupt, and shut down wireless networks either temporarily or permanently. Chapter 16: Mobile Device Security In this chapter, you’ll learn how to target, analyze, and work with mobile devices. Chapter 17: Evasion This chapter covers how to deal with the common protective measures that a system administrator may put into place; these measures include intrusion detection systems (IDSs), firewalls, and honeypots. Chapter 18: Cloud Technologies and Security In this chapter, you’ll learn how to integrate and secure cloud technologies. Chapter 19: Physical Security This chapter deals with the aspects of physical security and how to protect assets from being stolen, lost, or otherwise compromised. Appendix A: Answers to Review Questions In this appendix, you can find all the answers to the review questions throughout the book. Appendix B: Penetration Testing Frameworks In this appendix, you will explore an alternative penetration testing framework. Appendix C: Building a Lab In this appendix, you’ll learn how to build a lab to test and experiment with your penetration testing skills. Tips for Taking the CEH Exam Here are some general tips for taking your exam successfully: Bring two forms of ID with you. One must be a photo ID, such as a driver’s license. The other can be a major credit card or a passport. Both forms must include a signature. Arrive early at the exam center so that you can relax and review your study materials, particularly tables and lists of exam-related information. When you are ready to enter the testing room, you will need to leave everything outside; you won’t be able to bring any materials into the testing area. Read the questions carefully. Don’t be tempted to jump to an early conclusion. Make sure that you know exactly what each question is asking. Don’t leave any unanswered questions. Unanswered questions are scored against you. There will be questions with multiple correct responses. When there is more than one correct answer, a message at the bottom of the screen will prompt you either to “Choose two” or “Choose all that apply.” Be sure to read the messages displayed to know how many correct answers you must choose. When answering multiple-choice questions about which you’re unsure, use a process of elimination to get rid of the obviously incorrect answers first. Doing so will improve your odds if you need to make an educated guess. On form-based tests (nonadaptive), because the hard questions will take the most time, save them for last. You can move forward and backward through the exam. For the latest pricing on the exams and updates to the registration procedures, visit the EC-Council’s website at www.eccouncil.org/certification. What’s Included in the Book I’ve included several testing features in this book and on the online test bank for the book at sybextestbanks.wiley.com. These tools will help you retain vital exam content as well as prepare you to sit for the actual exam: Assessment Test At the end of this introduction is an assessment test that you can use to check your readiness for the exam. Take this test before you start reading the book; it will help you determine the areas in which you might need to brush up. The answers to the assessment test questions appear on a separate page after the last question of the test. Objective Map and Opening List of Objectives In the book’s front matter, I have included a detailed exam objective map showing you where each of the exam objectives is covered in this book. In addition, each chapter opens with a list of the exam objectives it covers. Use these to see exactly where each of the exam topics is covered. Exam Essentials Each chapter, just before the summary, includes a number of exam essentials. These are the key topics you should take from the chapter in terms of areas to focus on when preparing for the exam. Chapter Review Questions To test your knowledge as you progress through the book, there are review questions at the end of each chapter. As you finish each chapter, answer the review questions and then check your answers. The correct answers and explanations are in Appendix A. You can go back to reread the section that deals with each question you got wrong to ensure that you answer correctly the next time you’re tested on the material. Interactive Online Learning Environment and Test Bank I’ve included a number of additional study tools that can be found on the book’s online test bank at sybextestbanks.wiley.com. All of these electronic study aids will run in your browser and you should work through them as you study for the test: Sybex Test Engine The main site for the online study aids is sybextestbanks.wiley.com. After registration, you’ll get access to the Sybex Test Engine. In addition to taking the assessment test and the chapter review questions via the electronic test engine, you’ll find practice exams. Take these practice exams just as if you were taking the actual exam (without any reference material). When you’ve finished the first exam, move on to the next one to solidify your test-taking skills. If you get more than 90 percent of the answers correct, you’re ready to take the certification exam.
Man kann es eigentlich kaum glauben: Diese mächtige Programmiersprache soll in ein kleines Taschenbuch passen? Nun, eine ausführliche Einführung in die Sprache ist Java – kurz & gut natürlich nicht, auch keine vollständige Referenz von A-Z. Dafür findet der erfahrene Programmierer hier aber alles Wichtige, was er bei der täglichen Arbeit braucht. Wie war das mit den Neuerungen in Java 8? Und wie hieß diese Kommandozeilenoption noch einmal genau? Auch ein Profi braucht manchmal eine Gedächtnisstütze. Da kommt diese klug organisierte Spickzettelsammlung gerade recht!
In Zukunft werden Milliarden "Dinge" über das Internet miteinander verbunden sein. Hierdurch entstehen jedoch auch gigantische Sicherheitsrisiken. In diesem Buch beschreibt der international renommierte IT-Sicherheitsexperte Nitesh Dhanjani, wie Geräte im Internet of Things von Angreifern missbraucht werden können – seien es drahtlose LED-Lampen, elektronische Türschlösser, Babyfone, Smart-TVs oder Autos mit Internetanbindung. Wenn Sie Anwendungen für Geräte entwickeln, die mit dem Internet verbunden sind, dann unterstützt Dhanjani Sie mit diesem Leitfaden bei der Erkennung und Behebung von Sicherheitslücken. Er erklärt Ihnen nicht nur, wie Sie Schwachstellen in IoT-Systemen identifizieren, sondern bietet Ihnen auch einen umfassenden Einblick in die Taktiken der Angreifer. In diesem Buch werden Sie • Design, Architektur und sicherheitstechnische Aspekte drahtloser Beleuchtungssysteme analysieren, • verstehen, wie elektronische Türschlösser geknackt werden, • Mängel im Sicherheitsaufbau von Babyfonen untersuchen, • die Sicherheitsfunktionen von Smart-Home-Geräten bewerten, • Schwachstellen von Smart-TVs kennenlernen, • Sicherheitslücken "intelligenter" Autos erforschen, • realistische Angriffsszenarios verstehen, die auf der gängigen Nutzung von IoT-Geräten durch Anwender beruhen. Darüber hinaus zeigt Ihnen Nitesh Dhanjani Prototyping-Methoden, die Sicherheitsfragen bereits bei den allerersten Entwürfen berücksichtigen. Schließlich erhalten Sie einen Ausblick auf neue Angriffsformen, denen IoTSysteme in Zukunft ausgesetzt sein werden. Stimmen zur Originalausgabe: "Dieses Buch enthüllt Sicherheitslücken, mit denen schon in naher Zukunft Milliarden vernetzter Geräte infiziert sein werden. Es bietet praktische Anleitungen zur Bewältigung aufkommender Sicherheitsrisiken für Verbraucher, Entwickler und Studierende gleichermaßen." Prof. em.
Author: Kevin Beaver
Publisher: John Wiley & Sons
Release Date: 2016-11-10
Fürchten Sie um Ihre Unternehmensdaten? Machen Sie sich Sorgen um Ihre IT-Systeme, wenn Sie wieder einmal lesen, dass unbekannte Hacker ein Unternehmen für Wochen lahmgelegt haben? Warten Sie nicht ab, bis es auch in Ihren Systemen passiert, sondern tun Sie etwas! Dabei hilft Ihnen dieses Buch. Versetzen Sie sich als erstes in die Rolle des Schurken und lernen Sie zu denken wie ein Krimineller! Wo sind die Hürden am niedrigsten? Welche grundlegenden Hackertechniken gibt es? Kevin Beaver zeigt Ihnen, wo Ihre Systeme verwundbar sein könnten, sodass Sie im Rennen um die IT-Sicherheit die Nase vorn behalten.
Wenn es um die Entwicklung leistungsfähiger und effizienter Hacking-Tools geht, ist Python für die meisten Sicherheitsanalytiker die Sprache der Wahl. Doch wie genau funktioniert das? In dem neuesten Buch von Justin Seitz - dem Autor des Bestsellers »Hacking mit Python« - entdecken Sie Pythons dunkle Seite. Sie entwickeln Netzwerk-Sniffer, manipulieren Pakete, infizieren virtuelle Maschinen, schaffen unsichtbare Trojaner und vieles mehr. Sie lernen praktisch, wie man • einen »Command-and-Control«-Trojaner mittels GitHub schafft • Sandboxing erkennt und gängige Malware-Aufgaben wie Keylogging und Screenshotting automatisiert • Windows-Rechte mittels kreativer Prozesskontrolle ausweitet • offensive Speicherforensik-Tricks nutzt, um Passwort-Hashes abzugreifen und Shellcode in virtuelle Maschinen einzuspeisen • das beliebte Web-Hacking-Tool Burp erweitert • die Windows COM-Automatisierung nutzt, um einen Man-in-the-Middle-Angriff durchzuführen • möglichst unbemerkt Daten aus einem Netzwerk abgreift Eine Reihe von Insider-Techniken und kreativen Aufgaben zeigen Ihnen, wie Sie die Hacks erweitern und eigene Exploits entwickeln können.
Author: G. Alan Wang
Release Date: 2017-05-11
This book constitutes the refereed proceedings of the 12th Pacific Asia Workshop on Intelligence and Security Informatics, PAISI 2017, held in Jeju Island, South Korea, in May 2017 in conjunction with PAKDD 2017, the 21st Pacific-Asia Conference on Knowledge Discovery and Data Mining. The 8 revised full papers and one short paper were carefully reviewed and selected from 13 submissions. The papers cover topics such as information access and security, cybersecurity and infrastructure protection, data and text mining, and network based data analytics.
Author: Christopher Hadnagy
Publisher: MITP-Verlags GmbH & Co. KG
Release Date: 2012-06-20
Dieses Buch ist mehr als eine Sammlung cooler Stories, toller Hacks oder abgefahrener Ideen. Wissenschaftlich fundiert (dabei höchst unterhaltsam), stellt es das weltweit erste Framework für Social Engineering vor, auf dessen Grundlage der Autor genau analysiert, geradezu seziert, was einen guten Social Engineer ausmacht. Mit praktischen Ratschlägen wird der Leser befähigt, skills zu entwickeln, die es ihm ermöglichen, die nachweislich größte Schwachstelle in IT-Sicherheitssystemen auf die Probe zu stellen: den Menschen.