Foreword by Juan Gilbert
Chapter 1: Setting Up
PART I: NETWORK FUNDAMENTALS
Chapter 2: Capturing Traffic with ARP Spoofing
Chapter 3: Analyzing Captured Traffic
Chapter 4: Crafting TCP Shells and Botnets
PART II: CRYPTOGRAPHY
Chapter 5: Cryptography and Ransomware
Chapter 6: TLS & Diffie-Hellman
PART III: SOCIAL ENGINEERING
Chapter 7: Phishing and Deepfakes
Chapter 8: Scanning Targets
PART IV: EXPLOITATION
Chapter 9: Fuzzing for Zero-Day Vulnerabilities
Chapter 10: Building Trojans
Chapter 11: Building and Installing Linux Rootkits
Chapter 12: Stealing and Cracking Passwords
Chapter 13: Serious Cross-Site Scripting Exploitation
PART V: CONTROLLING THE NETWORK
Chapter 14: Pivoting and Privilege Escalation
Chapter 15: Moving Through the Corporate Windows Network
Chapter 16: Next Steps
Ethical Hacking is a crash course in modern hacking techniques. It's already being used to prepare the next generation of offensive security experts. In its many hands-on labs, you’ll explore crucial skills for any aspiring penetration tester, security researcher, or malware analyst.
You’ll begin with the basics: capturing a victim’s network traffic with an ARP spoofing attack and then viewing it in Wireshark. From there, you’ll deploy reverse shells that let you remotely run commands on a victim’s computer, encrypt files by writing your own ransomware in Python, and fake emails like the ones used in phishing attacks. In advanced chapters, you’ll learn how to fuzz for new vulnerabilities, craft trojans and rootkits, exploit websites with SQL injection, and escalate your privileges to extract credentials, which you’ll use to traverse a private network.
You’ll work with a wide range of professional penetration testing tools—and learn to write your own tools in Python—as you practice tasks like:
- Deploying the Metasploit framework’s reverse shells and embedding them in innocent-seeming files
- Capturing passwords in a corporate Windows network using Mimikatz
- Scanning (almost) every device on the internet to find potential victims
- Installing Linux rootkits that modify a victim’s operating system
Along the way, you’ll gain a foundation in the relevant computing technologies. Discover how advanced fuzzers work behind the scenes, learn how internet traffic gets encrypted, explore the inner mechanisms of nation-state malware like Drovorub, and much more.
Developed with feedback from cybersecurity students, Ethical Hacking addresses contemporary issues in the field not often covered in other books and will prepare you for a career in penetration testing. Most importantly, you’ll be able to think like an ethical hacker: someone who can carefully analyze systems and creatively gain access to them.
Want to ask questions about the book? Contact the author at: discord.thehackingbook.com
Foreword by Juan Gilbert
"Ethical Hacking is great! I've been using it in my Computer Science, Cybersecurity and Machine Learning high-school classrooms. I really love the idea of having a VM lab that kids can understand and use. Well done!"
—William Heldman PhD, Technology Educator
"Ethical Hacking: A Hands On Introduction to Breaking In by Daniel G. Graham is on my list for book recommendations for those interested and new to cyber. Very well detailed and simple enough for most to understand. Another great book published by No Starch Press."
—Jered Bare, @jeredbare
"Ethical Hacking is filled with great exercises that give you a much deeper understanding of important, complicated topics by having you go through the details of implementation. Making deep fakes, implementing a botnet and other topics are enlightening, lots of fun and will help you defend against these threats, possibly by also helping you find bugs and issues which can disable them!"
—Jamie G., Advanced Reviewer
Page 3: Add note: When installing Virtualbox on Windows, users will need to install the Virtualbox Extensions.
Page 4: Add note: When installing the new version of pfSense, readers will need to select the Auto (UFS) BIOS option.
Page 10: In the second paragraph after the note, the sentence that reads:
"Open the Kali Linux virtual machine in VirtualBox. If your Kali Linux displays nothing but a black screen, make sure the PAE/NK checkbox is selected..."
Should instead read:
"Open the Kali Linux virtual machine in VirtualBox. If your Kali Linux displays nothing but a black screen, make sure the PAE/NX checkbox is selected..."