ABOUT THE AUTHOR - Home - Linux Tutorial
ABOUT THE AUTHORMatt Walker is currently working as a member of the Cyber Defense and Security Strategy team within Hewlett-PackardEnterprise. An IT security and education professional for more than 20 years, he has served as the director of the NetworkTraining Center and a curriculum lead/senior instructor for Cisco Networking Academy on Ramstein AB, Germany, and as anetwork engineer for NASA’s Secure Network Systems (NSS), designing and maintaining secured data, voice, and videonetworking for the agency. Matt also worked as an instructor supervisor and senior instructor at Dynetics, Inc., in Huntsville,Alabama, providing on-site certification-awarding classes for ISC2, Cisco, and CompTIA, and after two years he came rightback to NASA as an IT security manager for UNITeS, SAIC, at Marshall Space Flight Center. He has written and contributedto numerous technical training books for NASA, Air Education and Training Command, and the U.S. Air Force, as well ascommercially, and he continues to train and write certification and college-level IT and IA security courses.About the Technical EditorBrad Horton currently works as an information security specialist with the U.S. Department of Defense. Brad has worked as asecurity engineer, commercial security consultant, penetration tester, and information systems researcher in both the private andpublic sectors.This has included work with several defense contractors, including General Dynamics C4S, SAIC, and Dynetics, Inc. Bradcurrently holds the Certified Information Systems Security Professional (CISSP), the CISSP – Information Systems SecurityManagement Professional (CISSP-ISSMP), the Certified Ethical Hacker (CEH), and the Certified Information Systems Auditor(CISA) trade certifications. Brad holds a bachelor’s degree in Commerce and Business Administration from the University ofAlabama, a master’s degree in Management of Information Systems from the University of Alabama in Huntsville (UAH), and agraduate certificate in Information Assurance from UAH. When not hacking, Brad can be found at home with his family or on alocal golf course.The views and opinions expressed in all portions of this publication belong solely to the author and/or editor and do notnecessarily state or reflect those of the Department of Defense or the United States Government. References within thispublication to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, donot necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government.
Copyright 2017 by McGraw-Hill Education. All rights reserved. Except as permitted under the United States Copyright Actof 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database orretrieval system, without the prior written permission of the publisher.ISBN: 978-1-25-983656-5MHID: 1-25-983656-8.The material in this eBook also appears in the print version of this title: ISBN: 978-1-25-983655-8,MHID: 1-25-983655-X.eBook conversion by codeMantraVersion 1.0All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of atrademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention ofinfringement of the trademark. Where such designations appear in this book, they have been printed with initial caps.McGraw-Hill Education eBooks are available at special quantity discounts to use as premiums and sales promotions or for usein corporate training programs. To contact a representative, please visit the Contact Us page at www.mhprofessional.com.The views and opinions expressed in all portions of this publication belong solely to the author and/or editor and do notnecessarily state or reflect those of the Department of Defense or the United States Government. References within thispublication to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, donot necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government.Some glossary terms included in this book may be considered public information as designated by The National Institute ofStandards and Technology (NIST). NIST is an agency of the U.S. Department of Commerce. Please visit www.nist.gov formore information.TERMS OF USEThis is a copyrighted work and McGraw-Hill Education and its licensors reserve all rights in and to the work. Use of thiswork is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copyof the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon,transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill Education’s priorconsent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited.Your right to use the work may be terminated if you fail to comply with these terms.THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION AND ITS LICENSORS MAKE NO GUARANTEESOR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINEDFROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORKVIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED,INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR APARTICULAR PURPOSE. McGraw-Hill Education and its licensors do not warrant or guarantee that the functions containedin the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-HillEducation nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, inthe work or for any damages resulting therefrom. McGraw-Hill Education has no responsibility for the content of anyinformation accessed through the work. Under no circumstances shall McGraw-Hill Education and/or its licensors be liablefor any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use thework, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to anyclaim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise.
This book is dedicated to my children—Faith, Hope, Christian, and Charity. I love you with all my heart,and I am so proud of the world-changing impact you’re making.
CONTENTS AT A GLANCEChapter 1Getting Started: Essential KnowledgeChapter 2Reconnaissance: Information Gathering for the Ethical HackerChapter 3Scanning and EnumerationChapter 4Sniffing and EvasionChapter 5Attacking a SystemChapter 6Web-Based Hacking: Servers and ApplicationsChapter 7Wireless Network HackingChapter 8Security in Cloud ComputingChapter 9Trojans and Other AttacksChapter 10Cryptography 101Chapter 11Low Tech: Social Engineering and Physical SecurityChapter 12The Pen Test: Putting It All TogetherAppendix A Tool, Sites, and ReferencesAppendix B About the DownloadGlossaryIndex
CONTENTSAcknowledgmentsIntroductionChapter 1Getting Started: Essential KnowledgeSecurity 101EssentialsSecurity BasicsIntroduction to Ethical HackingHacking TerminologyThe Ethical HackerChapter ReviewQuestionsAnswersChapter 2Reconnaissance: Information Gathering for the Ethical HackerFootprintingPassive FootprintingActive FootprintingFootprinting Methods and ToolsSearch EnginesWebsite and E-mail FootprintingDNS FootprintingNetwork FootprintingOther ToolsChapter ReviewQuestionsAnswersChapter 3Scanning and EnumerationFundamentalsTCP/IP NetworkingSubnettingScanning MethodologyIdentifying TargetsPort ScanningEvasionVulnerability ScanningEnumerationWindows System BasicsEnumeration TechniquesChapter ReviewQuestionsAnswersChapter 4Sniffing and EvasionEssentialsNetwork Knowledge for SniffingActive and Passive Sniffing
Sniffing Tools and TechniquesTechniquesToolsEvasionDevices Aligned Against YouEvasion TechniquesChapter ReviewQuestionsAnswersChapter 5Attacking a SystemGetting StartedWindows Security ArchitectureLinux Security ArchitectureMethodologyHacking StepsAuthentication and PasswordsPrivilege Escalation and Executing ApplicationsHiding Files and Covering TracksChapter ReviewQuestionsAnswersChapter 6Web-Based Hacking: Servers and ApplicationsWeb ServersWeb OrganizationsAttack MethodologyWeb Server ArchitectureWeb Server AttacksAttacking Web ApplicationsApplication AttacksCountermeasuresChapter ReviewQuestionsAnswersChapter 7Wireless Network HackingWireless NetworkingWireless Terminology, Architecture, and StandardsWireless HackingThe Mobile WorldMobile Platforms and AttacksMobile AttacksChapter ReviewQuestionsAnswersChapter 8Security in Cloud ComputingCloud ComputingCloud SecurityThreats and AttacksChapter Review
QuestionsAnswersChapter 9Trojans and Other AttacksThe “Malware” AttacksTrojansViruses and WormsRemaining AttacksDenial of ServiceSession HijackingChapter ReviewQuestionsAnswersChapter 10 Cryptography 101Cryptography and Encryption OverviewEncryption Algorithms and TechniquesPKI, the Digital Certificate, and Digital SignaturesThe PKI SystemDigital CertificatesDigital SignaturesEncrypted Communication and Cryptography AttacksEncrypted CommunicationCryptography AttacksChapter ReviewQuestionsAnswersChapter 11 Low Tech: Social Engineering and Physical SecuritySocial EngineeringHuman-Based AttacksComputer-Based AttacksMobile-Based AttacksPhysical SecurityPhysical Security 101Chapter ReviewQuestionsAnswersChapter 12 The Pen Test: Putting It All TogetherMethodology and StepsThe Security AssessmentsSecurity Assessment DeliverablesGuidelinesMore TerminologyChapter ReviewQuestionsAnswersAppendix A Tool, Sites, and ReferencesVulnerability Research SitesFootprinting ToolsPeople Search Tools
Competitive IntelligenceTracking Online ReputationWebsite Research/Web Updates ToolsDNS and Whois ToolsTraceroute Tools and LinksWebsite Mirroring Tools and SitesE-mail TrackingGoogle HackingScanning and Enumeration ToolsPing SweepScanning ToolsBanner GrabbingVulnerability ScanningNetwork MappingProxy, Anonymizer, and TunnelingEnumerationSNMP EnumerationLDAP EnumerationNTP EnumerationRegistry ToolsWindows Service Monitoring ToolsFile/Folder Integrity CheckersSystem Hacking ToolsDefault Password Search LinksPassword Hacking ToolsDoS/DDosSniffingKeyloggers and Screen CapturePrivilege EscalationExecuting ApplicationsSpywareMobile SpywareCovering TracksPacket Crafting/SpoofingSession HijackingClearing TracksCryptography and EncryptionEncryption ToolsHash ToolsSteganographyStego DetectionCryptanalysisSniffingPacket CaptureWirelessMAC Flooding/SpoofingARP PoisoningWirelessDiscoveryAttack and AnalysisPacket SniffingWEP/WPA Cracking
BluetoothMobile AttacksMobile Wireless DiscoveryMobile Device TrackingRooting/JailbreakingMDMTrojans and MalwareAnti-Malware (AntiSpyware and Anitvirus)Crypters and PackersMonitoring ToolsAttack ToolsWeb AttacksAttack toolsSQL InjectionMiscellaneousCloud SecurityIDSEvasion ToolsPen Test SuitesVPN/FW ScannerSocial EngineeringExtrasLinux DistributionsTools, Sites, and References DisclaimerAppendix B About the DownloadSystem RequirementsInstalling and Running Total TesterAbout Total TesterTechnical SupportGlossaryIndex
ACKNOWLEDGMENTSWhen I wrote the first edition of this book, one of the first people I gave a copy to was my mom. She didn’t, and still doesn’t,have a clue what most of it means, but she was thrilled and kept saying, “You’re an author ” like I had cured a disease orsaved a baby from a house fire. At the time I felt weird about it, and I still do. Looking back on the opportunity I was given—almost out of the blue—by Tim Green and McGraw-Hill Professional, I just can’t believe the entire thing came to pass. AndI’m even more surprised I had anything to do with it.Those who know me well understand what is meant when I say I’m just not capable of doing this. I don’t have the patiencefor it, I’m not anywhere near the smartest guy in the room (and right now the only one in this room with me is our cat, Neo), andmy Southern brand of English doesn’t always represent the clearest medium from which to provide knowledge and insight. Itstill amazes me it all worked then. And I’m floored we’re here again with another version.I tried with all that was in me to provide something useful to you, dear reader and CEH candidate, in previous versions ofthis book. I’ve learned a lot (like having a static study book for an ever-changing certification leaves you open to horrendousbook review cruelty), and hope this one helps me learn even more. We’ve put a lot of effort into tidying up loopholes andadding salient information in this version. In many cases I succeeded. In others, I probably failed miserably. Thankfully therewere many, many folks around me who picked up the slack and corrected—both technically and grammatically—any writingI’d screwed up. Somehow we all pulled it off, and there are tons of people to thanks for that.This book, and its previous editions, simply would not have been possible without our technical editor, Brad Horton. I’veknown Brad since 2005, when we both served time in “the vault” at Marshall Space Flight Center, and I am truly blessed tocall him a friend. I’ve said it before, and I’ll state it again here: Brad is, without doubt, the singularly most talented technicalmind I have ever met in my life. He has great taste in bourbon (although not so much with scotch), roots for the right team, andsmacks a golf ball straighter and truer than most guys I’ve seen—on and off TV. He is a loving husband to his beautiful wife, agreat father to his children, a one-of-a-kind pen tester, and a fantastic team lead. He even plays the piano and other musicalinstruments like a pro and, I hear, is a fantastic bowler. I hate him. ;)His insights as a pen-test lead were laser sharp and provided great fodder for more discussion. Want proof he’s one of thebest? I’d be willing to bet none of you reading this book has ever actually relished a full critique of your work. But I do.Brad’s edits are simultaneously witty, humorous, and cutting to the core. If someone had bet me four or five years ago that I’dnot only enjoy reading critiques of my work but would be looking forward to them, I would be paying off in spades today.You’re one of the absolute bests, my friend.for a government worker, anyway. Roll Tide.On another front, nothing like this can be accomplished without the support and understanding of a good employer. I wouldnot—could not—have even started this version without my employer’s acceptance and accommodation of the effort needed topull this off. HPE is a great company to work for and I’m blessed to be a part of the organization. My boss, Ruth Pine, is quitepossibly the best leader I’ve ever worked for, and the people I work with on a daily basis were instrumental in answeringquestions and helping with source material. Jack Schatoff, Brian Moore, and Daniel Carter are great people and helped outmore than they know.Finally, there is no way this book could have been started, much less completed, without the support of my lovely andtalented wife, Angie. In addition to the unending encouragement throughout the entire process, Angie was the greatestcontributing editor I could have ever asked for. Having someone as talented and intelligent as her sitting close by to run thingspast, or ask for a review on, was priceless. Not to mention, she’s adorable. Her insights, help, encouragement, and work whilethis project was ongoing sealed the deal. I can’t thank her enough.
INTRODUCTIONWelcome, dear reader! I sincerely hope you’ve found your way here to this introduction happy, healthy, and brimming withconfidence—or, at the very least, curiosity. I can see you there, standing in your bookstore flipping through the book or sittingin your living room clicking through virtual pages at some online retailer. And you’re wondering whether you’ll buy it—whether this is the book you need for your study guide. You probably have perused the outline, checked the chapter titles—heck, you may have even read that great author bio they forced me to write. And now you’ve found your way to this, theIntroduction. Sure, this intro is supposed to be designed to explain the ins and outs of the book—to lay out its beauty and craftywitticisms in such a way that you just can’t resist buying it. But I’m also going to take a moment and explain the realities of thesituation and let you know what you’re really getting yourself into.This isn’t a walk in the park. Certified Ethical Hacker (CEH) didn’t gain the reputation and value it has by being easy toattain. It’s a challenging examination that tests more than just simple memorization. Its worth has elevated it as one of the topcertifications a technician can attain, and it remains part of DoD 8570’s call for certification on DoD networks. In short, thiscertification actually means something to employers because they know the effort it takes to attain it. If you’re not willing toput in the effort, maybe you should pick up another line of study.If you’re new to the career field or you’re curious and want to expand your knowledge, you may be standing there, with theglow of innocent expectation on your face, reading this intro and wondering whether this is the book for you. To help youdecide, let’s take a virtual walk over to our entrance sign and have a look. Come on, you’ve seen one before—it’s just like theone in front of the roller coaster reading, “You must be this tall to enter the ride.” However, this one is just a little different.Instead of your height, I’m interested in your knowledge, and I have a question or two for you. Do you know the OSI referencemodel? What port does SMTP use by default? How about telnet? What transport protocol (TCP or UDP) do they use and why?Can you possibly run something else over those ports? What’s an RFC?Why am I asking these questions? Well, my new virtual friend, I’m trying to save you some agony. Just as you wouldn’t beallowed on a roller coaster that could potentially fling you off into certain agony and/or death, I’m not going to stand by and letyou waltz into something you’re not ready for. If any of the questions I asked seem otherworldly to you, you need to spend sometime studying the mechanics and inner workings of networking before attempting this certification. As brilliantly written as thislittle tome is, it is not—nor is any other book—a magic bullet, and if you’re looking for something you can read one night andbecome Super-Hacker by daybreak, you’re never going to find it.Don’t get me wrong—go ahead and buy this book. You’ll want it later, and I could use the sales numbers. All I’m saying isyou need to learn the basics before stepping up to this plate. I didn’t bother to drill down into the basics in this book because itwould have been 20,000 pages long and scared you off right there at the rack without you even picking it up. Instead, I wantyou to go learn the “101” stuff first so you can be successful with this book. It won’t take long, and it’s not rocket science. Iwas educated in the public school systems of Alabama and didn’t know what cable TV or VCR meant until I was nearly ateenager, and I figured it out—how tough can it be for you? There is plenty in here for the beginner, though, trust me. I wrote itin the same manner I learned it: simple, easy, and ideally fun. This stuff isn’t necessarily hard; you just need the basics out ofthe way first. I think you’ll find, then, this book perfect for your goals.For those of you who have already put your time in and know the basics, I think you’ll find this book pleasantly surprising.You’re ob
Management Professional (CISSP-ISSMP), the Certified Ethical Hacker (CEH), and the Certified Information Systems Auditor (CISA) trade certifications. Brad holds a bachelor’s degree in Commerce and Business Administration from the University of
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
Linux in a Nutshell Linux Network Administrator’s Guide Linux Pocket Guide Linux Security Cookbook Linux Server Hacks Linux Server Security Running Linux SELinux Understanding Linux Network Internals Linux Books Resource Center linux.oreilly.comis a complete catalog of O’Reilly’s books on Linux and Unix and related technologies .
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
Other Linux resources from O’Reilly Related titles Building Embedded Linux Systems Linux Device Drivers Linux in a Nutshell Linux Pocket Guide Running Linux Understanding Linux Network Internals Understanding the Linux Kernel Linux Books Resource Center linu
