Τι είναι το Ethical Hacking; [hide] Οι περισσότεροι θέλουν να μάθουν hacking μόνο για διασκέδαση, για να παραβιάσουν τον λογαριασμό του φίλου τους στο Facebook ή στο Gmail και να του κάνουν πλάκα. Θυμηθείτε, το Hacking είναι μια δεξιότητα και οι παραβιάσεις προσωπικών δεδομένων διώκονται από το Νόμο. Αν βρεθήκατε εδώ για τους παραπάνω λόγους, δυστυχώς η παρακάτω λύση δεν κάνει για εσάς. Το Ethical Hacking δοκιμάζει τα συστήματα των ITs για καλό σκοπό και για τη βελτίωση της τεχνολογίας και της ασφάλειας. Οι Ethical Hackers είναι ουσιαστικά οι ειδικοί σε θέματα ασφάλειας υπολογιστών και οι ερευνητές που εστιάζουν με δοκιμές διείσδυσης την ανακάλυψη αδυναμιών στα συστήματα ενός πελάτη ή ενός οργανισμού. Ένας τρόπος για να γίνετε ένας Ethical Hacker είναι να κάνετε μαθήματα ασφαλείας από οποιοδήποτε πανεπιστήμιο που διδάσκει μαθήματα την επιστήμη των υπολογιστών ή να γραφτείτε σε κάποια ανάλογα online μαθήματα πληροφορικής. Αν αναρωτιέστε τι θα κερδίσετε αν συμμετάσχετε σε μία εκπαίδευση ασφάλειας του κυβερνοχώρου, τότε σας λέμε ότι αυξάνετε τις πιθανότητές σας να βρείτε εργασία.!! Είτε σαν διαχειριστής ενός δικτύου, είτε σαν ειδικός ασφάλειας στον κυβερνοχώρο ή σε ένα δίκτυο, είτε σαν εμπειρογνώμονας ασφάλειας διαδικτυακών εφαρμογών ή ακόμα και σαν ελεύθερος επαγγελματίας σε online σύνδεση. Ξένες κυβερνήσεις καθώς και οι περισσότερες οργανώσεις και επιχειρήσεις που παίρνουν πολύ σοβαρά την ασφάλεια του δικτύου τους, προσλαμβάνουν ως επί το πλείστον δοκιμαστές διείσδυσης και ethical hackers για να τους βοηθήσουν να βελτιώσουν την ασφάλειά των δικτύων τους, των εφαρμογών τους και άλλων συστημάτων με απώτερο στόχο να αποτρέψουν μία μελλοντική κλοπή δεδομένων ή μία απάτη. Με την ραγδαία ανάπτυξη των διαδικτυακών συστημάτων, όχι μόνο σαν αριθμό αλλά και σαν ένα συνεχώς μεταβαλλόμενο και αναπτυσσόμενο περιβάλλον, η ψηφιακή εγκληματολογία και η ηλεκτρονική πειρατεία είναι ένας απίστευτα ταχύτατα αναπτυσσόμενος τομέας απασχόλησης. Το αρνητικό της υπόθεσης είναι ότι αν θέλετε να μάθετε hacking και cyber security, θα πρέπει να ξοδέψετε ένα τεράστιο ποσό για να μπορέσετε να εισέλθετε αξιοπρεπώς σε αυτό τον χώρο (εκτός αν είστε το παιδί θαύμα !!). Συνήθως αυτοί που ενδιαφέρονται ξοδεύουν αρκετά ευρώ προκειμένου να μάθουν για την ασφάλεια στον κυβερνοχώρο, την ασφάλεια των δικτύων και να να πιστοποίησαν τις ικανότητές τους. Μπορείτε να ρίξετε μια ματιά στην λίστα όπου είναι οι βασικές ενότητες πάνω στο Ethical Hacking. Introduction to Ethical Hacking Footprinting and Reconnaissance Scanning Networks Enumeration System Hacking Malware Threats Firewalls and Honeypots Sniffing Social Engineering Denial of Service Session Hijacking Hacking Web Servers Hacking Web Applications SQL Injection Hacking Wireless Networks Hacking Mobile Platforms Cryptography [/hide]

As protecting information becomes a rapidly growing concern for today’s businesses, certifications in IT security have become highly desirable, even as the number of certifications has grown. Now you can set yourself apart with the Certified Ethical Hacker (CEH v10) certification. The CEH v10 Certified Ethical Hacker Study Guide offers a comprehensive overview of the CEH certification requirements using concise and easy-to-follow instruction. Chapters are organized by exam objective, with a handy section that maps each objective to its corresponding chapter, so you can keep track of your progress. The text provides thorough coverage of all topics, along with challenging chapter review questions and Exam Essentials, a key feature that identifies critical study areas. Subjects include intrusion detection, DDoS attacks, buffer overflows, virus creation, and more. This study guide goes beyond test prep, providing practical hands-on exercises to reinforce vital skills and real-world scenarios that put what you’ve learned into the context of actual job roles. Gain a unique certification that allows you to understand the mind of a hacker Expand your career opportunities with an IT certificate that satisfies the Department of Defense’s 8570 Directive for Information Assurance positions Fully updated for the 2018 CEH v10 exam, including the latest developments in IT security Access the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms Thanks to its clear organization, all-inclusive coverage, and practical instruction, the CEH v10 Certified Ethical Hacker Study Guide is an excellent resource for anyone who needs to understand the hacking process or anyone who wants to demonstrate their skills as a Certified Ethical Hacker. CEH v10 Certified Ethical Hacker Study Guide-Sybex (2019).pdf

ChapterOverview (σελ. 7 στο βιβλίο) Chapter 2 is an introductory background to how the internet works, including HTTP requests and responses and HTTP methods. Chapter 3 covers Open Redirects, an interesting vulnerability which involves exploiting a site to direct users to visit another site which allows an attacker to exploit a user's trust in the vulnerable site. Chapter 4 covers HTTP Parameter Pollution and in it, you’‘ll learn how to find systems that may be vulnerable to passing along unsafe input to third party sites. Chapter 5 covers Cross-Site Request Forgery vulnerabilities, walking through examples that show how users can be tricked into submitting information to a website they are logged into unknowingly. Chapter 6 covers HTML Injections and in it, you’ll learn how being able to inject HTML into a web page can be used maliciously. One of the more interesting takeaways is how you can use encoded values to trick sites into accepting and rendering the HTML you submit, bypassing filters. Chapter 7 covers Carriage Return Line Feed Injections and in it, looking at examples of submitting carriage return, line breaks to site s and the impact it has on rendered content. Chapter 8 covers Cross-Site Scripting, a massive topic with a huge variety of ways to achieve exploits. Cross-Site Scripting represents huge opportunities and an entire book could and probably should, be written solely on it. Chapter 9 covers Server Side Template Injection, as well as client side injections. These types of vulnerabilities take advantage of developers injecting user input directly into templates when submitted using the template syntax. Theim pactofthese vulnerabilities depends on where they occur but can often lead to remote code executions. Chapter10 covers structured query language (SQL) injections, which involve manipulating database queries to extract, update or delete information from a site. Chapter11 covers Server Side Request Forgery which allows an attacker to user a remote server to make subsequent HTTP requests on the attacker’s behalf. Chapter 12 covers XML External Entity vulnerabilities resulting from a sites parsing of extensible markup language (XML). These types of vulnerabilities can include things like reading private files, remote code execution, etc. Chapter 13 covers Remote Code Execution, or the ability for an attacker to execute arbitrary cooonavictimserver.This type of vulnerability is among the most dangerous since an attacker can control what code is executed and is usually rewarded as such. Chapter 14 covers memory related vulnerabilities, a type of vulnerability which can be tough to find and are typically related to low level programming languages. However, discovering these types of bugs can lead to some pretty serious vulnerabilities. Chapter 15 covers Sub Domain Take overs, something I learned a lot about researching this book and should be largely credited to Mathias, Frans and the Dectectify team. Essentiallyhere,asitereferstoasubdomainhostingwithathirdpartyservicebutnever actually claims the appropriate address from that service. This would allow an attacker to register the address from the third party so that all traffic, which believes it is on the victim’s domain, is actually on an attacker’s. Chapter 16 covers Race Conditions, a vulnerability which involves two or more processes performing action based on conditions which should only permit one action to occur. For example, think of bank transfers, you shouldn’t be able to perform two transfers of $ 500 when your balance is only $ 500. However, a race condition vulnerability could permit it. Chapter17 covers Insecure Direct Object Reference vulnerabilities where by an attacker can read or update objections (database records, files, etc) which they should not have permission to. Chapter 18 covers application logic based vulnerabilities. This chapter has grown into a catch all for vulnerabilities Iconsider linked to programming logic flaws. I’ve found these types of vulnerabilities may be easier for a beginner to find instead of looking for weird and creative ways to submit malicious input to a site. Chapter 19 covers the topic of how to get started. This chapter is meant to help you consider where and how to look for vulnerabilities as opposed to a step by step guide to hacking a site. It is based on my experience and how I approach sites. Chapter 20 is arguably one of the most important book chapters as it provides advice on how to write an effective report. All the hacking in the world means nothing if you can’t properly report the issue to the necessary company. As such, I scoured some big name bounty paying companies for their advice on how best to report and got advice from HackerOne. Make sure to pay close attention here. Chapter 21 switches gears. Here we dive into recommended hacking tools. The initial draft of this chapter was donated by Michiel Prins from HackerOne. Since then it's grown to a living list of helpful tools I’ve found and used. Chapter 22 is dedicated to helping you take your hacking to the next level. Here I walk you through some awesome resources for continuing to learn. Chapter 23 concludes the book and covers off some key terms you should know while hacking. While most are discussed in other chapters, some aren’t so I’d recommend taking a read here. Web Hacking 101 How to Make Money Hacking Ethically Peter Yaworski.pdf