|
|
Авторизация |
|
|
Поиск по указателям |
|
|
|
|
|
|
|
|
|
|
Graves K. — CEH: Official Certified Ethical Hacker Review Guide |
|
|
Предметный указатель |
007 Shell program 190
802.11i standard 161
A (address) record type 27
Access points, rogue 163
ACK (acknowledgment) packets 127 127
ACK flag 49—50 49
ACK scans 46
AckCmd program 190
Active attacks 3 4 75
Active Directory viruses 100
Active reconnaissance 5
Active session hijacking 126
Active sniffing 109
Active stack fingerprinting 52
Acunetix Web Vulnerability Scanner tool 143
Address (A) record type 27
Address range of networks 27
Address Resolution Protocol (ARP), poisoning 110
Address Resolution Protocol (ARP), spoofing 109
Address spoofing See spoofing
Administrator account passwords 79
ADMutate tool 189
Adore rootkit 181
Advanced Encryption Standard (AES) 161
Aircrack tool 162
AirSnort tool 160 162
alternate data streams 83
Anonymizers 53—54
Anti-honeypot software 190
Antivirus evasion techniques 101
Application-level rootkits 81
Applications, executing 80
Applications, weaknesses in 3
ARIN database 24—25 25
Armored viruses 100
ARP (Address Resolution Protocol), poisoning 110
ARP (Address Resolution Protocol), spoofing 109
Arpspoof tool 112
Art of manipulation 31—32
Assessments, security 204—205
Asymmetric key cryptography 196
Attachments 34
Attack phase in penetration, testing 206
Attacks, defined 2
Attrib command 83
Audit disabling 85
AuditPol tool 85
Authentication, hijacking 142 144
authentication, two-factor 76
Authentication, types 144
Authentication, wireless networks 161 163
Automated network-tracing tools 124
Automated password guessing 76
Backdoors 81 91—93
BackOrifice 2000 tool 95
BackOrifice Trojan 93
BackStealth tool 54
Banner grabbing 52
Basic HTTP authentication 144
Beast tool 96
Biometrics 76
Bit-flipping attacks 9
Black Hats 7
black-box testing 12
Black-hat tests 205
BlackWidow tool 143
Blindside application 84
Blowfish algorithm 197—198
BoSniffer tool 95
botnets 123
BOTs 123
Breach incidents 170—171
brute-force attacks 77 145
Bubonic tool 121
buffer overflows 80—81 151 154
Buffer overflows, exam essentials 155
Buffer overflows, mutation techniques 155
Buffer overflows, review questions 156—158
Buffer overflows, stack-based 154—155
Buffer overflows, types and detection 154
Buffer overflows, web application 142—143
Burp tool 143
C/C++ functions, buffer overflows for 155
C2MYAZZ tool 71
cache poisoning 111
Cain & Abel tool 112
Camera/Shy tool 84
Camouflage viruses 100
Canonical name (CNAME) record type 27
Canvas tool 208
Cavity viruses 100
Change intervals, password 73
Channels in Trojans 94
Cheops tool 52
Clearing event logs 86
CNAME (canonical name) record type 27
Command injection 142—143
Competitive intelligence 22—23
Compiling Linux kernel 179—180
Computer-based social engineering 32—33
ComputerSpy Key Logger tool 96
Conclusion phase in security evaluation plans 12
Conduct Security Evaluation Plan phase 12
Construction kits, Trojans 97
Cookie poisoning and snooping 142—143
CORE IMPACT tool 140 207
Cottrell, Lance 53
Countermeasures, DoS attacks 124—125
Countermeasures, IDS and honeypots 191
Countermeasures, NTFS streams 83—84
Countermeasures, null sessions 57—58
Countermeasures, password-cracking techniques 72—73 145
countermeasures, port scanning 45—46
Countermeasures, rootkits 82
Countermeasures, session hijacking 129
Countermeasures, SMB attacks 71—72 71
Countermeasures, sniffers 113
Countermeasures, SNMP enumeration 59
Countermeasures, social engineering 35—36
Countermeasures, SQL injection attacks 153—154
Countermeasures, steganography 85
Countermeasures, Trojans 98—99
Countermeasures, web application hacking 143—144
Countermeasures, wireless hacking 164
Covering tracks 6 85—86
covert channels 94
Covert_TCP program 190
CPU Hog tool 121
crackers 7—8
Cracking passwords techniques 68—69
Cracking passwords techniques, countermeasures 72—73
Cracking passwords techniques, Lan Manager hashing 69—70
Cracking passwords techniques, SMB redirection 70—72 71
Cracking passwords techniques, web-based See web-based password cracking techniques
Cracking passwords techniques, Windows 2000 70
Cross-site scripting 142—143
Cryptography 195—196
Cryptography algorithms 197—198
Cryptography, exam essentials 198
Cryptography, keys 197
Cryptography, review questions 199—201
Cyber Security Enhancement Act of 2002 13
CyberSpy tool 96
Data-Sending Trojans 94
DDoS (Distributed Denial of Service) attacks 93 120—122
DDoS (Distributed Denial of Service) attacks, characteristics 122—123
DDoS (Distributed Denial of Service) attacks, countermeasures 124—125
Deep Throat Trojan 93
Defacing websites 139
Demilitarized Zones (DMZs) 138 190
| denial of service (DoS) attacks 119—120
Denial of Service (DoS) attacks, BOTs and BOTNETs 123
Denial of Service (DoS) attacks, countermeasures 124—125
Denial of Service (DoS) attacks, DDoS 93 120—123
Denial of Service (DoS) attacks, exam essentials 130
Denial of Service (DoS) attacks, NetBIOS 72
Denial of Service (DoS) attacks, purpose 8
Denial of Service (DoS) attacks, review questions 131—135
Denial of Service (DoS) attacks, smurf 124
Denial of Service (DoS) attacks, SYN flood 124
Denial of Service (DoS) attacks, Trojans 94
Denial of Service (DoS) attacks, types 120—122
Denial of Service (DoS) attacks, wireless 163
DEPLOY.EXE program 81
Destructive Trojans 94
Desynchronizing connections in session hijacking 125 128
dictionary attacks 77 145
Digest HTTP authentication 144
Directory traversal 142 144
Disabling auditing 85
display filters 110
Distributed Denial of Service (DDoS) attacks 93 120—122
Distributed Denial of Service (DDoS) attacks, characteristics 122—123
Distributed Denial of Service (DDoS) attacks, countermeasures 124—125
Distributed DNS Flooder tool 113
Distributions, Linux 178
DMZs (demilitarized zones) 138 190
Dnsspoof tool 112
DNSstuff.com tool 23
Domain Name System (DNS), enumeration 23 23—24
Domain Name System (DNS), record types 27
Domain Name System (DNS), spoofing 111—113
Domain Name System (DNS), tables 22
Domain Name System (DNS), zone transfer 59
Donald Dick tool 95
DoS attacks See Denial of Service (DoS) attacks
Drawing network diagrams 52—53
Dskprobe tool 85
Dsniff tools 99 112
DumpSec tool 56
Dumpster diving 33 78
E-mail Keylogger 79
e-mail tracking 29
eavesdropping 163
eBlaster tool 79
Education for social engineering 36
ELiTeWrap tool 97
elsave.exe utility 86
eMailTracking Pro tool 29
Encryption 195—196
Encryption algorithms 197—198
Encryption, exam essentials 198
Encryption, keys 197
encryption, passwords 75
encryption, wireless networks 161 163
Encryption,review questions 199—201
Enum utility 60
Enumeration 41 55
Enumeration, characteristics 56
Enumeration, DNS 23 23—24
Enumeration, exam essentials 60—61
Enumeration, null sessions 56—58
Enumeration, review questions 62—66
Enumeration, SNMP 58—59
Enumeration, steps 60
Enumeration, Windows 2000 DNS zone transfer 59
Erasing evidence 85—86
Escalating privileges 79—80 206
Ethereal sniffer 109—110
EtherFlood tool 112
EtherPeek sniffer 109
Ethical hacking 1
Ethical hacking, characteristics 7—8
Ethical hacking, conducting 11—13 11
Ethical hacking, exam essentials 14—15
Ethical hacking, goals 8—9
Ethical hacking, hacker classes 6—7
Ethical hacking, legal implications 13—14
Ethical hacking, phases 4—6 4
Ethical hacking, purpose 8
Ethical hacking, reports 13
Ethical hacking, review questions 16—18
Ethical hacking, security, functionality, and ease of use triangle 9—10 9
Ethical hacking, skills 10
Ethical hacking, terminology 2—3
Ethical hacking, types 3—4 4 12
event logs, clearing 86
Event logs, monitoring 73
Evidence Eliminator system 86
Evidence, erasing 85—86
Executing applications 80
Executing, implanting, and retracting phase in penetration testing 206
expand command 70
Exploiting vulnerabilities 8
Exploits, defined 2
External assessment tests 204—205
Fast infectors 100
Fearless Key Logger 79
Federal law 14
files, hiding 83—84
Files, verifying 99
Filtered Nmap scans 46
Filters, Ethereal 110
Filters, MAC address 162
FIN scans 49—50
Find_ddos tool 125
Fingerprinting 52
Firekiller 2000 tool 96
Firewalls 189—191
Firewalls with traceroute 28
Firewalls, exam essentials 191
Firewalls, review questions 192—194
Flood attacks, MAC 111
Flood attacks, SYN 124
FMS attacks 160
Footprinting 19—20
Footprinting, competitive intelligence 22—23
Footprinting, defining 20—21
Footprinting, DNS enumeration 23 23—24
Footprinting, DNS record types 27
Footprinting, e-mail tracking 29
Footprinting, exam essentials 29—30
Footprinting, information gathering 21—22 22
Footprinting, network address ranges 27
Footprinting, review questions 37—40
Footprinting, traceroute tool 28 28
Footprinting, web spiders 29
Footprinting, Whois and ARIN lookups 24—27
Fport tool 98
Friendly Pinger tool 45
FTP Trojans 94
Full-open scans 50
Gaining access phase 5
GCC compilation commands 180
GetAcct tool 60
GetAdmin.exe program 80
GFI LANguard scanner 207
GirlFriend Trojan 93
Glossary 214—223
GNU Compiler Collection (gcc) 180
Goals of ethical hacking 8—9
Google search engine in information gathering 20
Google search engine in web application hacking 143
Graffiti tool 97
Grey hats 7
Grey-box testing 13
Hackers, classes 6—7
Hacktivism 6
Half-open scans 48 50
Handshakes, three-way 49 49 126—127 127
|
|
|
Реклама |
|
|
|