CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [1]
Understanding Different Types of Passwords 74
Passive Online Attacks 74
Active Online Attacks 75
Offline Attacks 77
Nonelectronic Attacks 78
Understanding Keyloggers and Other Spyware Technologies 78
Understand Escalating Privileges 79
Executing Applications 80
Buffer Overflows 80
Understanding Rootkits 81
Planting Rootkits on Windows 2000 and XP Machines 81
Rootkit Embedded TCP/IP Stack 82
Rootkit Countermeasures 82
Understanding How to Hide Files 83
NTFS File Streaming 83
NTFS Stream Countermeasures 83
Understanding Steganography Technologies 84
Understanding How to Cover Your Tracks and Erase Evidence 85
Disabling Auditing 85
Clearing the Event Log 86
Exam Essentials 86
Review Questions 87
Answers to Review Questions 89
Chapter 5 Trojans, Backdoors, Viruses, and Worms 91
Trojans and Backdoors 92
What Is a Trojan? 93
What Is Meant by Overt and Covert Channels? 94
List the Different Types of Trojans 94
How Do Reverse-Connecting Trojans Work? 94
Understand How the Netcat Trojan Works 96
What Are the Indications of a Trojan Attack? 97
What Is Meant by "Wrapping"? 97
Trojan Construction Kit and Trojan Makers 97
What Are the Countermeasure Techniques in Preventing Trojans? 98
Understand Trojan-Evading Techniques 98
System File Verification Subobjective to Trojan Countermeasures 99
Viruses and Worms 99
Understand the Difference between a Virus and a Worm 99
Understand the Types of Viruses 100
Understand Antivirus Evasion Techniques 101
Understand Virus Detection Methods 101
Exam Essentials 101
Review Questions 103
Answers to Review Questions 106
Chapter 6 Sniffers 107
Understand the Protocols Susceptible to Sniffing 108
Understand Active and Passive Sniffing 109
Understand ARP Poisoning 110
Understand Ethereal Capture and Display Filters 110
Understand MAC Flooding 111
Understand DNS Spoofing Techniques 111
Describe Sniffing Countermeasures 113
Exam Essentials 114
Review Questions 115
Answers to Review Questions 117
Chapter 7 Denial of Service and Session Hijacking 119
Denial of Service 120
Understand the Types of DoS Attacks 120
Understand How DDoS Attacks Work 122
Understand How BOTs/BOTNETs Work 123
What Is a "Smurf" Attack? 124
What Is "SYN" Flooding? 124
Describe the DoS/DDoS Countermeasures 124
Session Hijacking 125
Understand Spoofing vs. Hijacking 125
List the Types of Session Hijacking 126
Understand Sequence Prediction 126
What Are the Steps in Performing Session Hijacking? 128
Describe How You Would Prevent Session Hijacking 129
Exam Essentials 130
Review Questions 131
Answers to Review Questions 135
Chapter 8 Hacking Web Servers, Web Application Vulnerabilities, and Web-Based Password Cracking Techniques 137
Hacking Web Servers 138
List the Types of Web Server Vulnerabilities 138
Understand the Attacks against Web Servers 139
Understand IIS Unicode Exploits 139
Understand Patch Management Techniques 140
Describe Web Server Hardening Methods 140
Web Application Vulnerabilities 141
Understanding How Web Applications Work 141
Objectives of Web Application Hacking 142
Anatomy of an Attack 142
Web Application Threats 142
Understand Google Hacking 143
Understand Web Application Countermeasures 143
Web-Based Password Cracking Techniques 144
List the Authentication Types 144
What Is a Password Cracker? 144
How Does a Password Cracker Work? 144
Understand Password Attacks: Classification 145
Understand Password-Cracking Countermeasures 145
Exam Essentials 145
Review Questions 147
Answers to Review Questions 149
Chapter 9 SQL Injection and Buffer Overflows 151
SQL Injection 152
What Is SQL Injection? 152
Understand the Steps to Conduct SQL Injection 152
Understand SQL Server Vulnerabilities 153
Describe SQL Injection Countermeasures 153
Buffer Overflows 154
Identify the Different Types of Buffer Overflows and Methods of Detection 154
Overview of Stack-Based Buffer Overflows 154
Overview of Buffer Overflow Mutation Techniques 155
Exam Essentials 155
Review Questions 156
Answers to Review Questions 158
Chapter