Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Hands-On Ethical Hacking Tactics
Hands-On Ethical Hacking Tactics

Hands-On Ethical Hacking Tactics: Strategies, tools, and techniques for effective cyber defense

Arrow left icon
Profile Icon Shane Hartman
Arrow right icon
zł201.99
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (5 Ratings)
Paperback May 2024 464 pages 1st Edition
eBook
zł59.99 zł161.99
Paperback
zł201.99
Subscription
Free Trial
Arrow left icon
Profile Icon Shane Hartman
Arrow right icon
zł201.99
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (5 Ratings)
Paperback May 2024 464 pages 1st Edition
eBook
zł59.99 zł161.99
Paperback
zł201.99
Subscription
Free Trial
eBook
zł59.99 zł161.99
Paperback
zł201.99
Subscription
Free Trial

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Hands-On Ethical Hacking Tactics

Ethical Hacking Concepts

Hackers and hacking are usually associated with criminal activity, but it wasn’t always that way. In the 1960s, learning and working on computers wasn’t readily available. They were difficult to work with and those that could get things working often hacked things together. In other words, hackers were innovators who could solve complex problems.

In the late 1970s, computers became accessible to the public through homebrew kits, and at that time, curiosity and innovation were still a part of the hacking community. It wasn’t until the 1980s that hacking took on a negative tone, with the release of movies such as WarGames and Hackers, and the image of a hacker changed from an enthusiast to a criminal. Since this time, the term hacker has been associated with criminal and malicious activity.

Fast-forward to today and we have a concept known as ethical hacking, meaning we take the concepts and techniques used by hackers and apply them for the benefit of organizations and individuals in an attempt to elevate their security posture. This is the first chapter in your journey to understand and apply the concepts of hacking in an ethical manner.

In this chapter, we’re going to cover the following main topics:

  • What is ethical hacking?
  • Elements of information security
  • Why do intrusions and attacks happen?
  • Types and profiles of attackers and defenders
  • Attack targets and types
  • The anatomy of an attack
  • Ethical hacking and penetration testing
  • Defensive technologies
  • Lab – setting up the testing lab

Technical requirements

Labs have been included to get the most out of this book. The labs are designed to enhance the subject matter by supplying tangible examples of what is covered. To be successful with the labs, the following minimum system settings are required:

  • 8 GB of RAM minimum (16 GB recommended)
  • 50 GB of disk space
  • The rights to install applications

What is ethical hacking?

Ethical hacking represents a group of skills within cyber security that manifests in a few distinctive roles, including pen testers, blue teamers, and purple teamers. Ethical hackers are also part of a larger group known as white hat hackers, whose focus is education and defense. We will discuss this in detail in the White hat hackers section later in this chapter.

What role does the ethical hacker play in organizational security? Unlike threat actors (black hats), who are motivated primarily by financial gain, ethical hackers align themselves on the defensive side of networks, attempting to secure networks by pointing out flaws and misconfigurations that malicious attackers would take advantage of. They are commonly associated with penetration testing but really can assume any role within an organization. Ethical hackers represent the apex of security practices within an organization. These practices start with core areas such as antivirus software and patch management and move on to more complex security issues such as remote automation and administration, as well as ingress and egress, encryption, and authentication.

Depending on their specific role, ethical hackers use a variety of tools and techniques to search for outdated software, misconfigured systems, and potential security weaknesses within the network. They use this information to not only bolster the overall organizational security but to find weaknesses and oversights that attackers would find by using the same techniques they use. Some other operations ethical hackers perform include discovering incomplete policies and procedures. They are also skilled in the tactics, techniques, and procedures (TTPs) of adversaries. This means they understand how attackers operate, what tools they use, how they find information, and how they use that to take advantage of an organization. Ethical hackers also realize security is an evolving discipline where learning and growth never end. One place to get a better understanding of attackers and the operations they perform is to review the MITRE ATT&CK framework, which lays out a matrix of 13 categories showing various attacks. For more information, see https://attack.mitre.org/.

How does one become an ethical hacker? There are several approaches that can be taken, including using this book, and courses covering hacking and cyber security that can get you started. There are also certifications, including the Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), and Certified Ethical Hacker (CEH). However, even with all these opportunities and paths that can be taken, the one thing needed more than anything else is just to be curious – about how all this technology works, how information is stored and communicated, and how technology interoperates with other machines and devices.

Now that we know what ethical hacking is, let’s take a look at what makes up information security.

Elements of information security

Information security and, subsequently, ethical hacking methodologies revolve around three core principles: Confidentiality, Integrity, and Availability (CIA). These core principles provide the framework for information security and are used by ethical hackers and security professionals to test security and security solutions. These principles can be described as follows:

  • Confidentiality: Data stored on networks in the form of databases, files, and so on carries a certain level of restriction. Access to information must be given only to authorized personnel. Some examples include nonpublic financial information that could be used to make investment decisions; this is also known as insider trading. Another example would be company patents or trade secrets.

    Ensuring this information is reserved for only those who need to know about it can be addressed through techniques such as encryption, network segmentation, and access restrictions, as well as practicing the principle of least privilege. These are the things ethical hackers check and test to make sure there are no gaps or exposure of information beyond what is authorized.

  • Integrity: Data that is accessed and viewed, whether part of an email or viewed through a web portal, must be trustworthy. Ethical hackers and security personnel ensure that data has not been modified or altered in any way; this includes data at rest as well as data in transit. Examples of integrity checks include showing and storing hash values and the use of techniques, including digital signatures and certificates.
  • Availability: The last principle is that of availability. Information that is locked down to a level where no one can access it not only defeats the purpose of having data but affects the efficiency of those who are authorized to access it. However, just like the other principles, there is a fine line between availability by authorized personnel and confidentiality. An ethical hacker tests availability in a number of ways. Some examples include remote access for employees, establishing hours of operation for personnel, and what devices can have access.

The concepts of CIA will be covered throughout the chapters as attack techniques are discussed and the principle(s) that are violated as part of an attack, as well as what practice (or practices) could be implemented to prevent/detect an attack. Next, let’s take a look at attackers and why they attack.

Why do intrusions and attacks happen?

Attacks do not operate in a vacuum, and as such, attacks and intrusions can be broken down into three core areas, sometimes referred to as the intrusion triangle or crime triangle. In other words, certain conditions must exist before an attack can occur. These core areas are Motive, Means, and Opportunity.

We’ll look at what each of these in the following sections.

Motive

An attacker must have a reason to want to attack a network. These motives include exploration, data manipulation, and causing damage, destroying, or stealing data. Motives may also be more personal, including financial, retaliation, or revenge. Examples include a disgruntled employee who wants to do damage based on some grievance with the company managers or coworkers. Another would be a cybercrime group targeting a company or industry to extort money through ransomware or some other means. Still, another would be a script kiddie who stumbled upon the network and thought it might be interesting to see what they could get access to. More on script kiddies in the Types and profiles of attackers and defenders section.

For investigators, it is also important to differentiate between motives for criminal activity and the operational goals and objectives associated with the larger crime. As an example, compromising user accounts is not the goal of an attack; gaining access to the corporate network and stealing data is. The account compromise is simply an operational goal.

It may also be important to understand the intensity of an attack and the motives behind it. People who are desperate are more determined to achieve their goals. The employee who is in a bad financial situation may see accessing and stealing company funds as the only means to alleviate the situation. And with that, the higher the pressure, the more likely it is that the employee will not only commit the crime but take larger risks to meet that goal.

Means

Once an attacker has a motive, they need the means to perform the attack. Means refers to the technology plus an individual’s or group’s skills, knowledge, and available resources. By understanding these requirements to commit a given crime, plus the potential motivations, investigators can narrow down attribution to individuals or groups and eliminate others. Additionally, investigators need to be aware of technological innovations as potential means of committing cybercrimes in relation to the crime committed. By way of example, a nation-state actor in China would not have the means to access and sabotage an electrical plant in the United States physically. However, once the electrical plant installed IoT sensors and connected them to the internet, the means would be made available.

Opportunity

The third part, completing the triangle, is opportunity. Used in conjunction with motive and means, an opportunity is that moment or chance where the attack can be completed successfully. For an opportunity to be available, it means that various protective mechanisms were either ineffective or non-existent. This means that human, technological, or environmental factors were conducive to the crime being committed. For example, a power failure might cause locked doors to fail open for safety but allow criminals free access to all areas of the company. Or, unpatched servers exposed to the internet might be discovered during a scan, informing attackers what exploit(s) will be successful in accessing the core network. You can see a visual representation of the crime triangle in the following figure:

Figure 1.1 – Crime triangle

Figure 1.1 – Crime triangle

Of the three areas, the ethical hacker has the most control over opportunity. As a defender, you cannot eliminate motive as that comes from the personal desires of the attacker, whether they are acting as an individual or a group. You also cannot eliminate means as knowledge is readily available, and skills can be acquired. This leaves opportunity as the area from which the odds of defending against and preventing most attacks are the most successful.

Now that we have looked at why intrusions happen, let’s take a look at the different types of people that make up the cyber security landscape, from attacker to defender.

Types and profiles of attackers and defenders

Now that we have spent time describing what is being protected and why attacks might occur, let’s look at our attackers and some of the areas where attacks take place.

The hacker community and the titles ascribed to or acquired by these groups have been a source of confusion furthered by movies and media. With all these names and titles, it can be challenging to understand who is on the good side, so to speak, versus the dark side. Let’s start by breaking these groups down, and defining what they do and where they operate.

Let’s start at the top, with Black Hats and White Hats. These monikers came from old Western movies where bad guys wore black hats, and the good guys wore white hats. The concept stuck, and from it, the black hat hacker was born, who uses their skills to perform criminal acts. On the other side is the white hat hacker, who uses their skills to help educate and defend companies and individuals from black hat activities. As with all groups and hats, for that matter, one size does not fit all, and as such, subgroups exist under these titles.

Let’s explore each of these in the following sections.

Black hat hackers

Black hat hackers are criminals who break into computer networks with malicious intent. Black hat hackers often start as novice script kiddies using purchased exploits and hacker tools – more on them in the Script kiddie section.

Their motivations lie in financial gain, revenge, or simply spreading havoc. Sometimes they might be ideological in nature, targeting industries and people they strongly disagree with.

How do black hat hackers operate? Well, they operate like any other big business; they have learned how to scale up campaigns and create distribution networks for their software. They have even developed specialties such as ransomware or phishing services they can sell or rent out.

Some even have call centers that they use to make outbound calls, pretending to represent organizations including Amazon, Microsoft, the IRS, and even law enforcement. In these scams, they try to convince potential victims to download remote control software allowing remote access. The attacker then uses their access to gather information from the victim including personal information, passwords, and banking information.

How do people end up becoming black hat hackers? Some will get a job from forums or other connections where they might be solicited and trained by organizations to make money quickly. Leading black hats are skilled hackers who may have formal training in the computer science or security fields.

Black hat hacking is extremely difficult to stop and a problem that is global in nature. The separation by geography, jurisdictions, and politics poses significant challenges for law enforcement.

Black hat hackers have several subcategories, including script kiddies, hacktivists, cyber terrorists, and cyber criminals, with slightly different motivations. Let’s look at these categories.

Script kiddies

Script kiddies, sometimes called skids or skiddies, are described as people who may be new to the area and have few skills, relying on the work of others to accomplish their goals. For their goals and motivations, this includes trading exploits, and attacking networks with well-known attacks that are in many cases easily thwarted. They may try to develop their skills or join other groups to gain experience, or possibly be used by criminal organizations. What makes this group dangerous is there are many of them and they do not necessarily have a core motivation, making them more difficult to profile.

Hacktivists

Hacktivism is where hacking meets political and/or social agendas. A hacktivist group has a clear focus on using their skills to target governments, corporations, and even individuals that fall into the agenda they support. Because of the nature of what they do, hacktivist groups can incorporate several other groups, including script kiddies and black hat hackers who agree with the agenda. Some of the most well-known hacktivist groups include Anonymous, LulzSec, and WikiLeaks.

Cyber terrorists/cyber warriors

This group tends to be more elite and includes cyber forces employed by their respective governments or powerful groups with the means, both financially and ideologically, to attract the people necessary to complete their tasks. These tasks cover several areas, including the following:

  • Disruption of major or significant websites
  • Disruption of critical infrastructure systems such as communications systems, electrical grids, and water resources
  • Espionage to spy on the target government to gain a strategic or an intelligence advantage

A term also synonymous with this group is cyber warfare since a large portion of this group involves nation-state activity.

Cyber criminals

This is a group that is motivated by profit and is composed of individuals or teams who use technology with malicious intent. This group may be involved in all types of crimes from credit card and identity fraud to bank account and medical record resale.

White hat hackers

This group is sometimes referred to as ethical hackers and is the opposite of black hat hackers. They defend computer systems and networks by identifying security flaws and making recommendations for improvements. Depending on their specific role, they perform a series of tests to check the efficiency of a security system. These tests can be simple security scans, policy and procedure tests, or attacker simulation tests. They can be performed by internal employees or third-party contractors attempting to find gaps in security.

How do white hat hackers operate? They use the same hacking methods as black hats; however, they have permission from the system owners to perform the operations and there are defined guidelines about what is being tested, which makes the process completely legal. So, instead of exploiting vulnerabilities and taking advantage of systems, white hat hackers work to help fix issues before actors with malicious intent discover them.

White hat hackers have a number of subcategories, including Pentesters (Red Team), Blue Team, and Purple Team, with slightly different duties. Let’s look that these categories.

Pentesters (red team)

This group is associated with pentesting and works in the offensive computing space. They are commonly third-party contractors who simulate an attack against a computer system to check for any exploitable vulnerabilities.

Blue hat hackers (blue team)

This group works in the defensive computing space and is commonly the internal employees in charge of various security systems, policies, and procedures. They establish the security measures for what needs to be protected and then monitor those measures, adjusting them based on their own tests and feedback from outside operations such as pentests and audits.

Purple team

There are times when the red team and blue team do not work well together. This can be caused by personalities and things such as ego and embarrassment. Other times, it can be caused by a disconnect between what the red team is testing and communicating to the blue team and how they might go about understanding and correcting the issues. Purple team members are there to bridge gaps in understanding and communication by having skills in both disciplines so they can ingest, distill, and translate information and details from one group to the other.

An example might be the results of a pentest showing that the dependence on legacy application frameworks opens an exploit vector that is easily taken advantage of with a simple buffer overflow to the authentication input screen. The blue team, not really knowing what to do with this information, turns to the purple team, who repositions the result to say something like “the outdated application has a buffer overflow vulnerability.” While it cannot be addressed directly with a patch to the system, it should be placed network-wise in a high-security group where, if the exploit is attempted, the attacker cannot gain anything further from it. This approach of understanding the problem, translating it, and offering potential solutions is what purple teams can do when working together or communications are not as effective as they could be.

There is one more group that does not really fit into any specific category, and that is gray hat hackers. Gray hat hackers are a peculiar mix of both black hat and white hat characteristics. They operate on their own, looking for network faults and hacks in networks, systems, and applications. They do so with the intention of demonstrating to owners and administrators that have networks, systems, and applications under their care and control that a defect exists in their security posture. Once they have validated that a vulnerability exists in a network or application, they may offer to help correct it, or in the case of an application, inform the company through responsible disclosure before publishing information publicly. In contrast, a black hat will exploit any vulnerability or tell others how to as long as they profit from it.

In many cases, gray hats are just curious and do provide beneficial information to companies about the security of their applications and services. However, many security professionals do not view their methods as ethical. The exploitation of a network is illegal, and they have not received permission from an organization to attempt to infiltrate their systems. Gray hats say they mean no harm with their hacking, and they are simply curious about high-profile systems operating without regard to privacy or laws. Regardless of the reasons, it is still illegal, and depending on what was done, it could land them in court or jail.

How do gray hat hackers operate? As stated earlier, gray hats work at the fringe of being black hats, but they look for opportunities to work their craft legally if they can. They look for companies that have bug bounty programs that encourage hackers to report their findings. In these cases, it is a win-win for the company as it gives an area for hackers to work in and helps to mitigate the risk of exploitation by a malicious actor. Once the hacker finds an exploit or vulnerability, they need to contact the organization and present their findings. The intent at this point is for the company to recognize the security flaw and begin the process of correcting it, and hopefully compensate the hacker for their time.

However, sometimes when organizations do not respond promptly or do not comply, the hacker may end up posting the vulnerability or exploitation method on the internet. This moral and ethical choice is what makes them gray hat hackers.

After exploring the different groups and their profiles, let’s look at the types of attacks that can be performed on networks and systems.

Attack targets and types

There are many things that can be targeted for an attack; however, all areas of an attack can be distilled down to three core areas. The first is the network, which is an attack on the communication structure of a network and it can target specific devices or communication protocols. The second is applications. This is the software running on devices and hosts. The third and last area is the host, which usually targets the endpoint operating system or user of the system. Let’s take a deeper look at these areas.

Network

Network attacks are usually one of the first types of attacks to occur. The most common of these types of attacks are flooding attacks, which overwhelm the receiving hardware, forcing it to perform unintended operations or to simply give up and not work at all, such as in a denial of service (DOS) attack. A DOS attack can occur internally or externally depending on the source. It occurs when a source generates more traffic than the receiver can handle; this can be on a specific service such as a web server or on an interface level, such as an ARP flood. Other types of network attacks include man-in-the-middle (MITM) attacks.

Application

Application attacks, as the name suggests, focus on applications or services. Most of these will be at the server level, however, they are not limited to servers and can exist on standalone devices or user workstations. Application attacks usually take advantage of misconfigurations or vulnerabilities. SQL injection and cross-site scripting are examples of this. Another type of application attack is kerberoasting, which is an attack on Microsoft Active Directory servers to grab and crack passwords. Misconfigurations or vulnerabilities can not only allow the exploitation of the application but can act as a conduit exposing the network to further exploitation, including credential dumping, data exposure, and financial loss.

Host

Host attacks, sometimes called endpoint attacks, are attacks that target end user systems through their desktop machines and laptops. Because of the nature of these machines, they tend to have a much larger number of applications installed, and the behavior of the users operating them is less defined. This gives the attacker a larger attack surface to work with. Some examples of host-based attacks include the following:

  • Drive-by downloads and watering holes: Here, a victim becomes compromised simply by visiting a website.
  • Attacks on unpatched or legacy applications: Java is one of the biggest culprits here as old versions of Java can be found on most machines.
  • Phishing emails: This is one of the biggest and best attack vectors that exist solely at the host level. Phishing emails are likely the most common attack vector used to compromise enterprise networks today. They are simple, require few technical skills, and have proven to be highly effective. However, as training and technology improve, the success of this attack vector should begin to decline to a more manageable level.

However, before any type of attack takes place, a series of steps or actions take place, often referred to as the cyber kill chain. Let’s look at the cyber kill chain and see why it’s in the order it currently stands in.

The anatomy of an attack

The anatomy of an attack, sometimes referred to as the Cyber Kill Chain, basically lays out a series of actions and events attackers commonly take to exploit a system or network.

This model helps defenders with context and categorizing at what stage an attacker is at when detections are made.

The cyber kill chain was adopted from the military term kill chain, describing the structure of an attack. It was developed by Lockheed Martin as a model for identifying, detecting, and preventing intrusion activity using computers. It also describes the TTPs used during an attack.

The kill chain can be broken down into the following key areas, or order of operations:

Figure 1.2 – Cyber kill chain

Figure 1.2 – Cyber kill chain

In the following sections, we’ll describe the key areas in some detail.

Reconnaissance

Reconnaissance is the first step in an attack. The attacker needs to gather intelligence on their target. This information gathering helps the attacker profile the target and determine which vulnerabilities will meet their objectives. This part of the attack is usually the most prolonged and can take weeks, months, or even years depending on the target and the attacker’s goals. Given the current state of information available on the internet, the attacker’s job is made easier.

Here are some of the areas they look at:

  • Company website
  • Job listings
  • Social networks (LinkedIn, Instagram, GitHub, etc.)
  • Crafted searches using Google and Bing
  • Email harvesting
  • Network scanning – direct and indirect
  • Registration services – Whois and hosting providers

For defenders, it is almost impossible to identify and detect reconnaissance due to how it is conducted. Over time, attackers can collect enough information without any active connection to have a comprehensive profile of the target. However, to discover servers exposed to the internet, what ports are open, and running services, adversaries need to actively connect to the target. If defenders can identify that activity, it can help them to determine the overall intent and subsequent actions. These will be covered in greater detail in subsequent chapters, including how these techniques are performed.

Weaponization

After sufficient time, when the collected information about the target nears completion, adversaries move into the weaponization phase. Weaponization may include preparing an exploit based on a vulnerability identified in the target’s environment. In other instances, an exploit is developed for a vulnerability, with attackers scanning the internet for anyone who appears vulnerable to deploy the payload to. This is opportunistic exploitation. The following are some preparation techniques used by adversaries as part of the weaponization process:

  • Gathering launchable exploits based on vulnerabilities discovered
  • Setting up Command and Control (C2) servers
  • Determining the best delivery method

Security defenders cannot detect weaponization until near the end of this stage, when they contact the target. However, this is an essential phase for defenders to be prepared for by keeping their security controls hardened against these tactics or exploitation and deploying malware. By being vigilant and implementing best practices, security teams can be more resilient and mitigate attacks before they start. The following are some blue team techniques for countering the weaponization stage:

  • Following the latest malware trends, that is phishing, ransomware, and so on
  • Building detection rules for known patterns of exploitation, such as scanning
  • Gathering intelligence about new campaigns, criminal groups, and targets
  • Gathering intelligence and joining groups that share information specific to your industry, such as finance, oil and gas, and so on

Let’s learn about delivery next.

Delivery

At the completion of the weaponization stage, the attacker is ready for the delivery phase. They will launch their attack using the delivery method of choice and wait for the exploitation to take place. As noted in the previous stage, some common methods for launching an attack include the following:

  • Phishing emails
  • Watering hole or staging servers
  • Direct exploitation of exposed services such as web, email, DNS, and VPN

Depending on how the weaponization is performed, this may be the first opportunity for security defenders to detect, analyze, and block the delivery. Depending on the size of the organization, security individuals or teams need to monitor incoming and outgoing traffic and classify and analyze behavior. They also need to monitor public-facing servers and services to detect and block malicious activities.

Exploitation

Exploitation is the stage where the attacker attempts to gain access to the victim. For this to take place, the adversary needs to exploit a vulnerability; this could be a vulnerability on an internet-facing system, it could be through phishing, or it could even be through some sort of social engineering. The adversary already has spent time collecting information about the vulnerabilities, not only in systems but in people, during the reconnaissance phase. The following is a short list of some of the weaponization techniques an adversary can use to exploit a victim:

  • Using detected software or hardware vulnerabilities
  • Using exploit code opportunistically
  • Exploiting operating systems – especially Windows
  • Social engineering
  • Phishing, spear phishing, and whaling emails
  • Click-jacking and browser exploits

Traditional security measures help to counter the exploitation phase; however, attackers are aware of these techniques. This means defenders will also need to understand new tactics and techniques attackers are developing. The following are some key traditional measures for security defenders to be aware of and implement in some form:

  • User-awareness training
  • Phishing email exercises
  • Vulnerability scans and assessments
  • Penetration testing
  • Endpoint security and hardening
  • Secure coding if there is internal development
  • Network security and hardening

Installation

Once exploitation is successful, the attacker moves on to the installation phase. This is the time when the attacker entrenches the system and organization. They do this by establishing persistency by installing backdoors or opening a connection from the victim to a C2 server. Once entrenchment is complete, the attacker begins the process of lateral movement and further installations. The following are some ways attackers maintain persistence:

  • Installation of web shells
  • Installation of backdoors
  • Adding auto-run keys to the registry
  • Autoruns
  • DLL path hijacking

Defenders use different security controls such as host-based intrusion detection systems (HIDS), endpoint detection and response (EDR), antivirus (AV) software, and even security information and event management (SIEM) platforms to detect block installation of backdoors. Security teams should monitor the following areas to detect installations:

  • Anything using the Administrator account
  • Applications using the Administrator account
  • Using EDR reports to correlate endpoint processes
  • The creation of suspicious files either by name or location
  • Registry changes
  • Auto-run keys
  • Security control changes

Now let’s dive in and explore command and control.

Command and control

In the C2 phase, the attacker creates two-way communication with their server to issue commands from – this is known as a C2 server. This C2 server can be owned and managed by the adversary or rented from another group. This C2 server is set to command the infected hosts, much like other legitimate applications that use an agent on the endpoint to foster communications. The following are some characteristics of C2 channels:

  • Two-way communication channel with a C2 server for check-in and commands
  • Beaconing to the C2 server, which can be detected at the perimeter and in network traffic
  • Most of the C2 communication is done through HTTP and DNS queries
  • Encoded commands are common

For defenders, this is the last chance in this kill chain to detect and block an attack by blocking C2 communications. If the C2 channel is blocked immediately, the attacker cannot issue commands and may think the exploit was not successful. The following are some defense techniques for security teams when it comes to C2 communications:

  • Collecting and blocking C2 IOCs via threat intelligence or malware analysis
  • Proxy HTTP and DNS authentication and communications
  • Setting up monitoring for network sessions

Finally, we will discuss the actions-on-objectives phase of the kill chain.

Actions on objectives

At this stage, the adversary has achieved the entrenchment of a victim network with persistent access and communications with the C2 server. Now the attacker can begin to move on to their objectives. What the adversary will do next depends on their intent. The following are some possible intents the attacker may have for a compromised network:

  • The collection of credentials from infected machines
  • Privilege escalation
  • Lateral movement
  • Data exfiltration
  • Extortion/ransom

The defenders must detect the adversary as early as possible. Any delay in detection at this stage could have a severe impact. Security teams should be ready to respond at this stage to lower the impact. In many cases, this may have the same steps and procedures as outlined in a disaster recovery plan. The following are some preparations for security defenders:

  • Incident response playbooks and plans
  • Incident readiness testing through tabletop exercises, simulating reactions, and procedures
  • Incident escalation and communication, including points of contact

Now that we have looked at the cyber kill chain and what roles the attackers and defenders play, we will move on to understand a pentester and their role as it most closely resembles that of an attacker.

Ethical hacking and penetration testing

As has been pointed out earlier, ethical hacking is commonly associated with penetration testing or pentesting. So, let’s take moment to talk about pentesting and the unique role that it plays in organizational security. Pentesting is when an individual or organization attempts to simulate a hostile attacker to test the overall security posture of the network and its staff. This legal form of hacking is commonly outsourced to a third-party company that specializes in this area. Before a pentest can take place, the team needs to get explicit permission to perform their operation, with clear definitions about what is in scope or covered under the project responsibilities or deliverables and what is off-limits. An example of something in scope might be “ping sweep of the entire subnet to inventory responding devices.” while something that might be out of scope would be “The capture and or attempt to crack user passwords is prohibited.” This document, loosely referred to as the get out of jail free card, contains those definitions and is signed by both parties before proceeding. Once signed, violation of this agreement could land an individual, or even the whole group, in jail, so be aware of that.

Penetration tests can take many forms but the two most common are black-box testing and white-box testing. Black-box testing is the testing of systems where no prior knowledge is provided. The testing is meant to resemble more closely what an attacker might see and the methods they would be most likely to choose. Some companies do not like this approach as there is time spent on research and they wish to get the most technical details as quickly as they can. This is where white-box testing comes in, and advanced knowledge of the system(s) is provided to help expedite tests and get the most technical details.

Penetration tests are also commonly used as part of a larger set of security controls and audits that are in place to confirm the overall effectiveness of the security controls in place.

When an organization decides to carry out a penetration test, there are certain questions that will need to be asked to establish goals. These might include the following:

  • Why are you doing a penetration test?
  • What is the goal of the organization from the test results?
  • What are the limits or rules of engagement?
  • What data and or services will the test include?
  • Who are the data owners?
  • What will be done with the results?

There are many other areas that might need to be covered depending on the scope and depth of the penetration test. Also note that the penetration test is something to be considered after the basics have been implemented, such as firewalls, access controls, and account management, otherwise, the results of the test will gravitate to this lowest common denominator.

Now that we have discussed penetration testing, let’s look at some of the defensive techniques and technologies.

Defensive technologies

Defensive technologies include software and devices used to thwart attackers. Some of these technologies are passive, presenting detections and alerts requiring intervention by any analyst. Other technologies are active, using workflows or rules to determine actions to take and act upon them. Antivirus software is an example of an active technology that acts upon a detection and then processes a rule. In this case, it would either be quarantine or delete. The following is a brief list of defensive technologies defenders can employ in the networks they are tasked to protect:

  • Firewalls: Often considered the first line of defense, firewalls, like other security technologies, have advanced over the years. They originally started as just smart routers with access control lists (ACLs) on them. Later, they developed the ability to track and maintain state. The latest iteration, the next-generation firewall, goes beyond the previous two generations and incorporates the ability to look at and understand application behavior and apply intrusion prevention.
  • Antivirus (AV) software: Just like firewalls, this was one of the first technologies to be developed to combat viruses. It, too, has gone through several enhancements over the years. In the beginning, antivirus was simply a set of signature-based rules that, once matched, the system was alerted and could even delete the malicious file(s) for you. As the industry matured, later generations began incorporating heuristic detection and the inspection of applications such as browsers, and merged with larger suites of products to perform multiple security operations. The latest generation has taken the previous lessons and not only applied them but added behavior detection for application and user interactions.
  • Intrusion detection system (IDS): Intrusion detection systems in this category fall into two classifications. The first is network intrusion detection systems (NIDSs). In this configuration, a device or system is put into place that monitors the network traffic and applies a set of detection rules. Some NIDSs can also interact with network traffic. When this option is implemented, it is referred to as an intrusion prevention system or IPS. The second type is host intrusion detection system (HIDS), and unlike NIDS, these operate at the file system level on the monitored machines. HIDS, just like NIDS, have their limitations in that they only really look at one, or possibly two, elements of activity during transactions between machines. They are still widely implemented; however, other superior technologies such as next-gen firewalls and EDR systems have largely supplanted this category of security systems.
  • Endpoint detection and response (EDR): EDR systems are some of the latest security tools to be introduced to enterprise security. This technology exists at the endpoint, be it a server or a workstation as an agent install. This agent collects and reports to a central repository where data is recorded and processed, applying and creating behavior profiles for applications and users alike. This can then be used to discover malicious behavior through alerts or hunting.
  • Security information and event management (SIEM): SIEM can be described as the go-between for network detection and EDR systems. What SIEMs do is collect data from across the network, including logs, telemetry, and device information, to give a more holistic view of the enterprise. One example of the insight a SIEM brings would be if an attacker has gained access to a network and begins downloading tools and performing malicious activities. These activities would be detected by the SIEM based on rules and behaviors, leading to an alert to the appropriate security staff.

Now, to begin your journey into ethical hacking, let’s start by creating a lab environment in which we can test and explore.

Lab – setting up the testing lab

The lab environment will be an integral part of your journey into ethical hacking. Here, we will install test machines, test out code and exploits, and see how to detect them in the chapters to come.

Setting up VirtualBox

The first step to setting up the lab environment is to install virtualization software, allowing us to run multiple systems on one machine without having to purchase a lot of hardware and software. We will use VirtualBox as our virtual machine manager; however, if you prefer to use VMware or Hyper-V, they should work just as effectively with some adjustments:

  1. Go to https://www.virtualbox.org/. At the time of writing, VirtualBox was at version 7.0.10.
  2. Select the downloads link or find the downloads page and download the platform package appropriate for your operating system. In addition to the core package, you will need the extension package, which provides additional functionality.
  3. Install VirtualBox, accepting all the defaults, followed by the extension pack. Once complete, launch VirtualBox and you should be greeted with a screen similar to the one in the following figure:
Figure 1.3 – VirtualBox setup complete

Figure 1.3 – VirtualBox setup complete

This will complete the installation of VirtualBox. Next, we will set up our virtual attack machine using Kali Linux.

Setting up Kali Linux

Kali Linux is an offensive virtual machine that contains several attack tools. This machine will be used as the attack machine in the lab. You will need to take the following steps:

  1. Go to https://www.kali.org/ and select Downloads. Find the VirtualBox VM and download it. The file downloaded will be something like kali-linux-<number>-virtualbox-amd64.ova. The file is large and will take some time to download.
  2. Once the download is complete, open VirtualBox and select Import, and navigate to the downloaded file. Use the defaults and begin the imports, and it will do the following:
Figure 1.4 – VirtualBox showing Kali installed

Figure 1.4 – VirtualBox showing Kali installed

By default, Kali will be in NAT mode. To perform the required operations, the network needs to be enabled.

  1. Click Settings in VirtualBox Manager, select Network, and from the Attached to: drop-down menu, select Bridged Adapter and select OK:
Figure 1.5 – VirtualBox adapter settings

Figure 1.5 – VirtualBox adapter settings

  1. Next, the actual adapter address needs to be configured. Boot your Kali Linux instance and log in. The default credentials are kali/kali.
  2. To set the network configuration to be used, click the Kali icon in the upper-left corner and select Settings | Advanced Network Configuration. From here, select your connection, probably Wired connection 1, and click the small cog icon at the bottom that says Edit the Selected Connection. A new window will be presented. Click the tab that says IPv4 Settings and change the method from DHCP to Manual.
  3. Next, you will need to add an address. Select the Add button and enter the following elements:
    • Address: 192.168.255.10
    • Netmask: 24
    • Gateway: 192.168.255.1

Now that our attack machine is set up, we can set up our victim machines. A company called Rapid7 provides two vulnerable machines for testing free of charge. The machines are Windows and Linux. We will use the following instructions to download and install them automatically.

Setting up vulnerable hosts

In this section, we will set up virtual machines that will contain known vulnerabilities. These machines are the ones you will be attacking in future labs as we learn about attacks, attackers’ methods, and how to defend against them:

  1. Download and install vagrant on your machine. Vagrant is an open source tool used to automate the installation of virtual machines. Vagrant can be downloaded from https://www.vagrantup.com/downloads.

    Once vagrant is installed, run the following command:

    vagrant plugin install vagrant-reload

    This will install the vagrant-reload plugin and support the reloading of the virtual machines should there be an error during installation.

  2. Once complete, you are ready to download and install the test virtual machines:
    • If your host machine is Linux, please run the following commands:
      mkdir metasploitable3-workspace
      cd metasploitable3-workspace
      curl -O https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile && vagrant up
    • If your host machine is Windows, please run the following commands:
      mkdir metasploitable3-workspace
      cd metasploitable3-workspace
      Invoke-WebRequest -Uri "https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile" -OutFile "Vagrantfile"
  3. These commands will download a Vagrant file, which you need to open with a text editor and add the following line:
    config.vm.provision :reload

    It should resemble the following when completed:

    Vagrant.configure("2") do |config|
      config.vm.provision :reload
      config.vm.synced_folder
  4. Run the next command to start the process:
    vagrant up

Once this has been completed, you will have two more virtual machines installed and your VirtualBox main screen should look similar to that shown in Figure 1.6. However, even though the machines are set up, we still need to configure them to participate in our lab.

Configuring the vulnerable Windows host

Configuring the Windows system requires changes in two separate areas. The first one is the virtual machine settings in VirtualBox. The second is the network configuration inside the virtual machine. These steps are outlined as follows:

  1. After the Windows machine is installed, open the settings, and modify the network settings to Bridged Adapter, just as was done with the Kali installation. It will look something like this:
Figure 1.6 – Setting Network Adapter Settings

Figure 1.6 – Setting Network Adapter Settings

  1. Boot the machine and log in with the vagrant account and the vagrant password.
  2. Navigate to the control panel and then to Network and Sharing Center | Change adapter settings.
  3. Find the network adaptor, right-click on it, and select Properties.
  4. Navigate to Internet Protocol Version 4(TCP/IPv4) | Properties.
  5. Select the radio button labeled Use the following IP address and enter the following values:
    • IP address: 192.168.255.2
    • Subnet mask: 255.255.255.0
    • Default gateway: 192.168.255.1
  6. Leave the other section alone. Select OK and then close out any open windows.

This will complete the lab setup of the Windows vulnerable host.

Setting up the vulnerable Linux host

Just like the Windows system, the Linux machine requires changes in two separate areas. The first one is the virtual machine settings in VirtualBox. The second is the network configuration inside the virtual machine. These steps are outlined here:

  1. After the Linux machine is installed, open the settings, and modify the network settings to Bridged Adaptor, just as was done with the Kali installation.
  2. Boot the machine and log in with the vagrant account and the vagrant password.
  3. This machine only has command-line access and from the command-line console, we need to change the network settings. To do this, perform the following commands:
    cd /etc/network
    sudo vi interfaces
  4. Press the i key, for insert. You should see -- INSERT -- at the bottom of the screen.
  5. Use the arrow keys to move down and change the section to look like the following:
    # The primary network interface
    auto eth0
    iface eth0 inet static
    address 192.168.255.3
    netmask 255.255.255.0
    gateway 192.168.255.1
    dns-nameservers 192.168.255.1, 192.168.255.2

This will complete the lab setup for the vulnerable Linux host.

Final checks

Once all the machines are set up, the lab will be complete and ready for testing. The VirtualBox interface should look like the following, showing all three machines set up:

Figure 1.7 – VirtualBox main screen

Figure 1.7 – VirtualBox main screen

The following diagram outlines what the virtual network looks like when all the configuration and setup is complete:

Figure 1.8 – Virtual lab network

Figure 1.8 – Virtual lab network

With the configurations in place, an isolated virtual lab has been created inside your network. The virtual lab will allow the testing and execution of the lab exercises without damaging or intruding on your host machine or network.

Summary

This chapter addressed what ethical hacking is and what roles it plays in enterprise security. Ethical hackers are individuals who possess training and skills as hackers; however, ethical hackers use their skills to improve the overall security of the organizations that engage them. Unlike black hat hackers, ethical hackers are professionals who work within a set of rules that define engagement. These rules are never exceeded because anything outside of those rules could result in the operator facing legal consequences.

Conversely, hackers do not follow any rules or have the same ethical boundaries. As such, the results that hackers can achieve are limited only by the means, motives, and opportunities available.

This chapter also discussed the anatomy of an attack, the cyber kill chain, and the phases of an attack, including reconnaissance, exploitation, and command and control. Finally, we closed the chapter by looking at defensive technologies such as firewalls, antivirus software, and EDR solutions.

In the next chapter, we will start our journey into ethical hacking with our first stop, footprinting and reconnaissance, where we will learn about the techniques used by attackers to gather information about their targets.

Assessment

  1. Hackers who use their skills with malicious intent are known as:

    A. Ethical hackers

    B. White hat hackers

    C. Hardware hackers

    D. Black hat hackers

  2. The second stage of the cyber kill chain is:

    A. Command and control

    B. Reconnaissance

    C. Weaponization

    D. Delivery

  3. One of the things that separates black hat from white hat hackers is:

    A. Tools

    B. Procedures

    C. Techniques

    D. Ethics

  4. In the field of information security, CIA stands for:

    A. Coverage, Information, Applications

    B. Confidentiality, Integrity, Availability

    C. Confidentiality, Intelligence, Archiving

    D. Coverage, Integrity, Authentication

  5. The team that encompasses both offensive and defensive techniques bridging the gaps between these skills is called the ______ team:

    A. Gray Hats

    B. Purple team

    C. Red team

    D. Blue team

  6. Which of the following is not an area of attack?

    A. Memory

    B. Host

    C. Application

    D. Network

  7. The one group that does not have a clear definition of where they operate in the security ecosystem is:

    A. Black hats

    B. Gray hats

    C. White hats

    D. Blue hats

  8. Which type of attack targets user tokens?

    A. SQL injection

    B. Watering hole

    C. Man-in-the-middle

    D. Kerberoasting

  9. What is not an area to look at when doing reconnaissance?

    A. Company website

    B. Watering hole

    C. Social networks

    D. Job board or listings

  10. Before a pentest can take place, one of the documents needed is:

    A. Network diagram

    B. Company organization chart

    C. Company 10-K

    D. Get out of jail free card

Answers

  1. D
  2. C
  3. D
  4. B
  5. B
  6. A
  7. B
  8. D
  9. B
  10. D
Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Explore essential tools and techniques to ethically penetrate and safeguard digital environments
  • Set up a malware lab and learn how to detect malicious code running on the network
  • Understand different attacker types, their profiles, and mindset, to enhance your cyber defense plan
  • Purchase of the print or Kindle book includes a free PDF eBook

Description

If you’re an ethical hacker looking to boost your digital defenses and stay up to date with the evolving cybersecurity landscape, then this book is for you. Hands-On Ethical Hacking Tactics is a comprehensive guide that will take you from fundamental to advanced levels of ethical hacking, offering insights into both offensive and defensive techniques. Written by a seasoned professional with 20+ years of experience, this book covers attack tools, methodologies, and procedures, helping you enhance your skills in securing and defending networks. The book starts with foundational concepts such as footprinting, reconnaissance, scanning, enumeration, vulnerability assessment, and threat modeling. Next, you’ll progress to using specific tools and procedures for hacking Windows, Unix, web servers, applications, and databases. The book also gets you up to speed with malware analysis. Throughout the book, you’ll experience a smooth transition from theoretical concepts to hands-on techniques using various platforms. Finally, you’ll explore incident response, threat hunting, social engineering, IoT hacking, and cloud exploitation, which will help you address the complex aspects of ethical hacking. By the end of this book, you’ll have gained the skills you need to navigate the ever-changing world of cybersecurity.

Who is this book for?

Hands-On Ethical Hacking Tactics is for penetration testers, ethical hackers, and cybersecurity enthusiasts looking to explore attack tools, methodologies, and procedures relevant to today's cybersecurity landscape. This ethical hacking book is suitable for a broad audience with varying levels of expertise in cybersecurity, whether you're a student or a professional looking for job opportunities, or just someone curious about the field.

What you will learn

  • Understand the core concepts and principles of ethical hacking
  • Gain hands-on experience through dedicated labs
  • Explore how attackers leverage computer systems in the digital landscape
  • Discover essential defensive technologies to detect and mitigate cyber threats
  • Master the use of scanning and enumeration tools
  • Understand how to hunt and use search information to identify attacks
Estimated delivery fee Deliver to Poland

Premium delivery 7 - 10 business days

zł110.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : May 17, 2024
Length: 464 pages
Edition : 1st
Language : English
ISBN-13 : 9781801810081
Category :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to Poland

Premium delivery 7 - 10 business days

zł110.95
(Includes tracking information)

Product Details

Publication date : May 17, 2024
Length: 464 pages
Edition : 1st
Language : English
ISBN-13 : 9781801810081
Category :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just zł20 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just zł20 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 558.97 625.97 67.00 saved
The Ultimate Kali Linux Book
zł154.99 zł221.99
PowerShell for Penetration Testing
zł201.99
Hands-On Ethical Hacking Tactics
zł201.99
Total 558.97 625.97 67.00 saved Stars icon
Banner background image

Table of Contents

19 Chapters
Part 1:Information Gathering and Reconnaissance Chevron down icon Chevron up icon
Chapter 1: Ethical Hacking Concepts Chevron down icon Chevron up icon
Chapter 2: Ethical Hacking Footprinting and Reconnaissance Chevron down icon Chevron up icon
Chapter 3: Ethical Hacking Scanning and Enumeration Chevron down icon Chevron up icon
Chapter 4: Ethical Hacking Vulnerability Assessments and Threat Modeling Chevron down icon Chevron up icon
Part 2:Hacking Tools and Techniques Chevron down icon Chevron up icon
Chapter 5: Hacking the Windows Operating System Chevron down icon Chevron up icon
Chapter 6: Hacking the Linux Operating System Chevron down icon Chevron up icon
Chapter 7: Ethical Hacking of Web Servers Chevron down icon Chevron up icon
Chapter 8: Hacking Databases Chevron down icon Chevron up icon
Chapter 9: Ethical Hacking Protocol Review Chevron down icon Chevron up icon
Chapter 10: Ethical Hacking for Malware Analysis Chevron down icon Chevron up icon
Part 3:Defense, Social Engineering, IoT, and Cloud Chevron down icon Chevron up icon
Chapter 11: Incident Response and Threat Hunting Chevron down icon Chevron up icon
Chapter 12: Social Engineering Chevron down icon Chevron up icon
Chapter 13: Ethical Hacking of the Internet of Things Chevron down icon Chevron up icon
Chapter 14: Ethical Hacking in the Cloud Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(5 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Savvy Shopper Aug 13, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book offers a well-rounded overview of cybersecurity principles with hacking and defending of some of the hacks. One of the standout features is the inclusion of live links to example code files, along with access to an extensive library of books and videos from Packt, which adds significant value to the learning experience. The quizzes provided throughout are reasonable, allowing folks to test their understanding of the material as they progress. However, while the reconnaissance section is informative, it could benefit from incorporating more modern techniques, such as using data brokers to gather information.The book provides a broad yet shallow dive into various sub-topics, making it accessible but sometimes lacking in depth. The illustrations are straightforward, though some feel slightly outdated. While the vulnerability scanning tools discussed are useful, the book would benefit from updating these tools, particularly those that are not open-source or free. The section on incident response raises a valid point about the use of out-of-band communications, though the suggestion to use Signal may be legally questionable in cases where litigation is likely. Additionally, the threat-hunting diagram could be improved by including a lifecycle component for situations where no threat is detected, suggesting a report on the frequency of alerts before converting them into an active alert.The discussion on social engineering defenses misses the crucial point that social media activity can make individuals more susceptible to attacks, although this might fall under the umbrella of awareness training. The content on AI’s role in social engineering feels lacking, particularly in the absence of exercises or tools. Moreover, more coverage of cloud security tools would have been beneficial. Overall, the book is reminiscent of the Certified Ethical Hacker (CEH) curriculum but more focused and concise, providing enough information to give folks a solid understanding without overwhelming them.I would recommend this book for those whom from an understanding are between security + and CEH. If you already have many years of cyber security experience taking CEH, SANS Classes, etc this will be known content.
Amazon Verified review Amazon
Brandon Lachterman May 28, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
So I absolutely recommend this to be added to your day to day library. Lets be real, there are so many general Ethical Hacking books out there, but this one finally isnt just for beginning tactics, it goes into detail where its needed to help the hungry ethical hacker progress their skills. Nice Job!
Amazon Verified review Amazon
Tomica Kaniski Jul 09, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Really liked the hands-on, and to-the-point approach of this book! If (ethical) hacking is something you wanna learn about, or become better at, maybe you should take a look at this book. It explores everything that should be important for (ethical) hacking, does it well, and does it also hands-on. I'll keep this book near me, for sure. The best part - other than hacking, there is a considerable amount of the book related to defending yourself - so, maybe you will not start hacking, but maybe someone will hack you - learn how to protect yourself from this book. Did I mention labs?! I really liked doing the labs, and in practice testing what I learned.
Amazon Verified review Amazon
Glen Aug 10, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
After getting my hands on a printed copy and going through all the chapters, I can definitely say its a good resource to have when starting your journey in ethical hacking. The books covers a lot of essential topics and practical exercises to assist both aspiring and seasoned professionals in the industry.
Amazon Verified review Amazon
Seth Keyser Aug 07, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book does a wonderful job of laying the foundation for the everyday cybersecurity professional. The author does a tremendous job of explaining the core concepts of Ethical Hacking. This book is a great resource for learning, applying, and understanding Ethical Hacking. You will enjoy this book from start to finish!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact [email protected] with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at [email protected] using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on [email protected] with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on [email protected] within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on [email protected] who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on [email protected] within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela