CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [5]
■ Understand reverse social engineering.
■ Understand insider attacks.
■ Understand identity theft.
■ Describe phishing attacks.
■ Understand online scams.
■ Understand URL obfuscation.
■ Social engineering countermeasures.
Session Hijacking
■ Understand spoofing vs. hijacking.
■ List the types of session hijacking.
■ Understand sequence prediction.
■ What are the steps in performing session hijacking?
■ Describe how you would prevent session hijacking.
Hacking Web Servers
■ List the types of web server vulnerabilities.
■ Understand the attacks against web servers.
■ Understand IIS Unicode exploits.
■ Understand patch management techniques.
■ Understand Web Application Scanner.
■ What is Metasploit Framework?
■ Describe web server hardening methods.
Web Application Vulnerabilities
■ Understand how web application works.
■ Objectives of web application hacking.
■ Anatomy of an attack.
■ Web application threats.
■ Understand Google hacking.
■ Understand web application countermeasures.
Web-Based Password-Cracking Techniques
■ List the authentication types
■ What is a password cracker?
■ How does a password cracker work?
■ Understand password attacks-classification
■ Understand password cracking countermeasures
SQL Injection
■ What is SQL injection?
■ Understand the steps to conduct SQL injection.
■ Understand SQL Server vulnerabilities.
■ Describe SQL injection countermeasures.
Wireless Hacking
■ Overview of WEP, WPA authentication systems and cracking techniques.
■ Overview of wireless sniffers and SSID, MAC spoofing.
■ Understand rogue access points.
■ Understand wireless hacking techniques.
■ Describe the methods in securing wireless networks.
Virus and Worms
■ Understand the difference between a virus and a worm.
■ Understand the types of viruses.
■ How a virus spreads and infects the system.
■ Understand antivirus evasion techniques.
■ Understand virus detection methods.
Physical Security
■ Physical security breach incidents.
■ Understand physical security.
■ What is the need for physical security?
■ Who is accountable for physical security?
■ Factors affecting physical security.
Linux Hacking
■ Understand how to compile a Linux kernel.
■ Understand GCC compilation commands.
■ Understand how to install LKM modules.
■ Understand Linux hardening methods.
Evading IDS, Honeypots, and Firewalls
■ List the types of intrusion detection systems and evasion techniques.
■ List firewall and honeypot evasion techniques.
Buffer Overflows
■ Overview of stack based buffer overflows.
■ Identify the different types of buffer overflows and methods of detection.
■ Overview of buffer overflow mutation techniques.
Cryptography
■ Overview of cryptography and encryption techniques.
■ Describe how public and private keys are generated.
■ Overview of MDS, SHA, RC4, RC5, Blowfish algorithms.
Penetration Testing Methodologies
■ Overview of penetration testing methodologies.
■ List the penetration testing steps.
■ Overview of the Pen-Test legal framework.
■ Overview of the Pen-Test deliverables.
■ List the automated penetration testing tools.
How to Contact the Publisher
Sybex welcomes feedback on all of its titles. Visit the Sybex website at www. sybex. com for book updates and additional certification information. You'll also find forms you can use to submit comments or suggestions regarding this or any other Sybex title.
About the Author
Kimberly Graves has over 10 years of IT experience. She currently works with Symbol Technologies and other leading wireless and security vendors as an instructor. She has served various educational institutions in Washington, D.C., as an adjunct professor while simultaneously serving as a subject-matter expert for several certification programs such as the Certified Wireless Network Professional (CWNP) and Intel Certified Network Engineer. Recently, Kimberly has been utilizing her CWNA, Certified Wireless Security Professional (CWSP), and Certified Ethical Hacker (CEH) certificates to teach and develop course material