GCIH GIAC Certified Incident Handler All-in-One Exam Guide / Edition 1 available in Paperback, eBook
GCIH GIAC Certified Incident Handler All-in-One Exam Guide / Edition 1
- ISBN-10:
- 1260461629
- ISBN-13:
- 9781260461626
- Pub. Date:
- 08/20/2020
- Publisher:
- McGraw Hill LLC
- ISBN-10:
- 1260461629
- ISBN-13:
- 9781260461626
- Pub. Date:
- 08/20/2020
- Publisher:
- McGraw Hill LLC
GCIH GIAC Certified Incident Handler All-in-One Exam Guide / Edition 1
Buy New
$60.00-
SHIP THIS ITEMIn stock. Ships in 1-2 days.PICK UP IN STORE
Your local store may have stock of this item.
Available within 2 business hours
Overview
This self-study guide delivers complete coverage of every topic on the GIAC Certified Incident Handler exam
Prepare for the challenging GIAC Certified Incident Handler exam using the detailed information contained in this effective exam preparation guide. Written by a recognized cybersecurity expert and seasoned author, GCIH GIAC Certified Incident Handler All-in-One Exam Guide clearly explains all of the advanced security incident handling skills covered on the test. Detailed examples and chapter summaries throughout demonstrate real-world threats and aid in retention. You will get online access to 300 practice questions that match those on the live test in style, format, and tone. Designed to help you prepare for the exam, this resource also serves as an ideal on-the-job reference.
Covers all exam topics, including:
- Intrusion analysis and incident handling
- Information gathering
- Scanning, enumeration, and vulnerability identification
- Vulnerability exploitation
- Infrastructure and endpoint attacks
- Network, DoS, and Web application attacks
- Maintaining access
- Evading detection and covering tracks
- Worms, bots, and botnets
Online content includes:
- 300 practice exam questions
- Test engine that provides full-length practice exams and customizable quizzes
Product Details
| ISBN-13: | 9781260461626 |
|---|---|
| Publisher: | McGraw Hill LLC |
| Publication date: | 08/20/2020 |
| Pages: | 464 |
| Product dimensions: | 7.30(w) x 9.00(h) x 0.90(d) |
About the Author
Table of Contents
Acknowledgments xii
Introduction xiii
Chapter 1 Building a Lab 1
Creating a Kali Linux Virtual Machine 2
Creating a Metasploitable Virtual Machine 7
Testing External Connectivity from Kali Linux 7
Testing External Connectivity from Metasploitable 8
Testing Communication Between Kali Linux and Metasploitable 8
Creating a Windows Virtual Machine 9
Testing Communication Between Windows, Kali Linux, and Metasploitable VMs 12
Linux and Windows Commands 13
Chapter Review 14
Questions 15
Answers 16
References and Further Reading 17
Chapter 2 Intrusion Analysis and Incident Handling 19
Incident Handling Introduction 19
Incident Handling Phases 20
Preparation 21
Building a Team 21
Collecting Organizational Information 24
Responding to an Incident 25
Hardware 29
Software 31
Identification 32
Incident Sources 34
Data Collection for Incident Response 36
Windows Investigations 37
Linux Investigations 54
Containment 63
Tracking and Communicating an Incident 63
Containment Strategies 65
Eradication 67
Recovery 67
Lessons Learned 68
Chapter Review 68
Questions 69
Answers 71
References and Further Reading 74
Chapters 3 Information Gathering 77
Public Website Searching 77
Netcraft 78
TheHarvester 80
Wget 80
Social Media Searching 80
Defending Against Public Website and Social Media Searching 81
Using Search Engines for Information Gathering 81
Search Engine Query Examples 83
Viewing Deleted Content Through the Wayback Machine 85
Using Tools for Search Engine Information Gathering Automation 86
Recon-NG 86
Metagoofil 87
Exiftool 88
FOCA (Fingerprinting Organizations with Collected Archives) 89
SearchDiggity 90
Defending Against Search Engine Information Gathering 90
Whois Lookups 92
Performing Whois Lookups Using IANA and Regional Registries 92
Performing Whois Lookups Using Online Tools 94
Performing Whois Lookups Using the Command Line 95
Defending Against Whois Lookups 95
DNS Lookups 96
Performing DNS Lookups Using Online Tools 97
Nslookup 97
Dig 98
Host 99
DNS Recon 99
Defending Against DNS Lookups 100
War Dialing 100
Defending Against War Dialing 103
War Driving 103
Wireless Network Introduction 103
Airmon-ng 106
Kismet 107
InSSIDer 108
Other Tools Worth Checking 109
Defending Against War Driving 111
General-Purpose Information Gathering Tools 112
Maltego 112
Shodan 113
Maps 113
Spokeo 114
Grayhat Warfare 114
Chapter Review 116
Questions 116
Answers 119
References and Further Reading 121
Chapter 4 Scanning, Enumeration, and Vulnerability Identification 125
Introduction to ARP, ICMP, IP, TCP, and UDP 125
ARP 126
ICMP 126
IP 127
TCP 128
UDP 129
Network Mapping 130
Arp-scan 130
Ping 130
Traceroute 131
Zenmap 132
Defending Against Network Mapping 133
Port Scanning 133
Nmap 133
Hping3 140
Additional Scanning Tools 140
Proxy Utilization 141
IDS/IPS Evasion 143
Defending Against Port Scanning and IDS Evasion 145
Vulnerability Identification 146
Nessus 146
Defending Against Vulnerability Identification 149
Commonly Exploited Protocols: A Few Useful Examples 150
FTP 150
Telnet 151
SMB 152
Defending Against SMB Sessions 156
Chapter Review 156
Questions 157
Answers 160
References and Further Reading 161
Chapter 5 Vulnerability Exploitation 165
Tcpdump 166
Scenario 1: Ping Scan 166
Scenario 2: Reaching the Web Server 167
Wireshark 168
Scenario 1: Capture Web Traffic to Metasploitable 169
Scenario 2: Capture Web Traffic to Multiple Metasploitable Webpages 171
Metasploit 172
Architecture 173
Modules 173
Information Gathering 175
Exploiting Services 178
Armitage 183
Netcat 187
Different Flavors 188
Basic Operation 188
Connecting to Open Ports 190
File Transfers 191
Backdoors 192
Port Scanning 193
Relays 194
SET 195
BeEF 197
Chapter Review 200
Questions 200
Answers 204
References and Further Reading 205
Chapter 6 Infrastructure and Endpoint Attacks 207
Infrastructure Attacks 207
DMA Attacks 207
USB Attacks 208
Defending Against Infrastructure Attacks 209
Password Cracking 209
Techniques 209
Stored Password Locations and Formats 214
Hydra 217
Cain 217
John the Ripper 220
Hashcat 221
Defending Against Password Cracking 222
Pass the Hash 223
Defending Against Pass-the-Hash Attacks 223
Buffer Overflows 224
Identifying Buffer Overflows 227
Adding Code in Memory 228
Running the Code 228
Defending Against Buffer Overflows 228
Bypassing Endpoint Security 229
Chapter Review 235
Questions 235
Answers 238
References and Further Reading 239
Chapter 7 Network Attacks 241
IP Address Spoofing 241
Defending Against IP Spoofing 242
Network Traffic Sniffing 243
Passive Traffic Sniffing 244
Active Traffic Sniffing 245
Upgraded SSL Attack: SSL Stripping 256
Defending Against Traffic Sniffing 258
Session Hijacking 259
Defending Against Session Hijacking 261
Chapter Review 261
Questions 262
Answers 264
References and Further Reading 265
Chapter 8 Denial of Service Attacks 267
Local DoS Attacks 267
Remote DoS Attacks 268
Protocol Attacks 268
Application-Layer Attacks 269
Volumetric Attacks 269
Botnets 272
DDoS Attacks 272
Reflected DDoS 273
Pulsing Zombies 273
DoS/DDoS Tools 274
Defending Against DoS/DDoS Attacks 277
Chapter Review 277
Questions 278
Answers 280
References and Further Reading 282
Chapter 9 Web Application Attacks 283
Web Proxies 283
OWASP (Open Web Application Security Project) 284
Command Injection 286
Defending Against Command Injection 289
Account Harvesting 290
Defending Against Account Harvesting 296
SQL Injection 296
Normal SQL Operation 297
Checking for SQL Injection 299
Testing Manual SQL Injection Strings 300
Automating SQL Injection Using Burp Suite 302
Defending Against SQL Injection 305
XSS (Cross-Site Scripting) 305
Reflected XSS 307
Stored XSS 309
Defending Against XSS 312
CSRF (Cross-Site Request Forgery) 312
Defending Against CSRF 315
Nikto 315
WPScan 316
Chapter Review 317
Questions 318
Answers 321
References and Further Reading 323
Chapter 10 Maintaining Access 325
Malware Categories 325
Backdoors and Trojans 327
Examples of Backdoors and Trojans 327
Legitimate Tools Used by Attackers for Remote Control 328
Rootkits 331
User Mode Rootkits 332
Kernel Mode Rootkits 334
Malware Wrapping, Packing, and Obfuscation 335
Malware Analysis 337
Defending Against Backdoors, Trojans, and Rootkits 344
Chapter Review 346
Questions 346
Answers 348
References and Further Reading 349
Chapter 11 Covering Tracks and Tunneling 353
Log Tampering and Shell History Manipulation 353
Windows Loss 353
Linux Logs 356
Shell History Manipulation 358
Defending Against Log Tampering and Shell History Manipulation 359
Hiding Files and Using Steganography 360
Hiding Files in Linux 361
Hiding Files in Windows 361
Steganography 362
Defending Against Hiding Files and Using Steganography 365
Tunneling 367
ICMP Tunneling 367
TCP/IP Tunneling 370
Defending Against Tunneling 371
Chapter Review 372
Questions 373
Answer 375
References and Further Reading 376
Chapter 12 Worms, Bots, and Botnets 381
Worms 381
Worm Examples 381
Bots/Botnets 385
Defending Against Worms, Bots, and Botnets 386
Chapter Review 387
Questions 387
Answers 389
References and Further Reading 390
Appendix A Commands Index 393
Appendix B Tools 401
Appendix C Exam Index 413
Appendix D About the Online Content 415
System Requirements 415
Your Total Seminars Training Hub Account 415
Privacy Notice 415
Single User License Terms and Conditions 415
TotalTester Online 417
Technical Support 417
Glossary 419
Index 431