About this Course

Certified Ethical Hacker is a comprehensive ethical hacking and information systems security auditing program focusing on latest security threats, advanced attack vectors and practical real time demonstration of latest hacking techniques, methodologies, tools, tricks and security measures. It delivers technical depth of the content with an emphasis on vulnerability assessment, risk assessment, and penetration testing.

This class immerses students in an interactive environment where they learn how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. The majority of the class is hands-on labs with instruction to explain, reinforce, and show how these hacking tools and techniques can be used to secure and defend real world networks.

Students begin by seeing how perimeter defenses work. They next learn how to reconnoiter, scan and attack their own networks and how intruders escalate privileges. Students also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When students leave this intensive 5 day class they have hands on understanding and experience in Ethical Hacking and what they can do to analyze and secure their own network without harming their own assets.

CEHv10 is ANSI accredited and focuses on the latest hacking attacks targeted to mobile platform and tablet computers and covers countermeasures to secure mobile infrastructure. The latest development in mobile and web technologies including Google Android OS, Apple iOS, Windows Phone, and HTML 5 as well as mobile applications and mobile app stores.

*CEHv10 Certification exam not included with course, must be purchased by the student directly from EC-Council.

Audience Profile

This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. The Certified Ethical Hacker course mission is to educate, introduce, and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent.

At Course Completion

You will learn how to scan, test, hack and secure systems. Through the use of hand-on labs, students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.

Outline

Module 01: Introduction to Ethical Hacking

Information Security Overview
Information Security Threats and Attack Vectors
Hacking Concepts
Ethical Hacking Concepts
Information Security Controls
Penetration Testing Concepts
Information Security Laws and Standards
Module 02: Footprinting and Reconnaissance

Footprinting Concepts
Footprinting through Search Engines
Footprinting through Web Services
Footprinting through Social Networking Sites
Website Footprinting
Email Footprinting
Competitive Intelligence
Whois Footprinting
DNS Footprinting
Network Footprinting
Footprinting through Social Engineering
Footprinting Tools
Countermeasures
Footprinting Pen Testing

Module 03: Scanning Networks

Network Scanning Concepts
Scanning Tools
Scanning Techniques
Scanning Beyond IDS and Firewall
Banner Grabbing
Draw Network Diagrams
Scanning Pen Testing

Module 04: Enumeration

Enumeration Concepts
NetBIOS Enumeration
SNMP Enumeration
LDAP Enumeration
NTP Enumeration
SMTP and DNS Enumeration
Other Enumeration Techniques
Enumeration Countermeasures
Enumeration Pen Testing

Module 05: Vulnerability Analysis

Vulnerability Assessment Concepts
Vulnerability Assessment Solutions
Vulnerability Scoring Systems
Vulnerability Assessment Tools
Vulnerability Assessment Reports

Module 06: System Hacking

System Hacking Concepts
Cracking Passwords
Escalating Privileges
Executing Applications
Hiding Files
Covering Tracks
Penetration Testing

Module 07: Malware Threats

Malware Concepts
Trojan Concepts
Virus and Worm Concepts
Malware Analysis
Countermeasures
Anti-Malware Software
Malware Penetration Testing

Module 08: Sniffing

Sniffing Concepts
Sniffing Technique: MAC Attacks
Sniffing Technique: DHCP Attacks
Sniffing Technique: ARP Poisoning
Sniffing Technique: Spoofing Attacks
Sniffing Technique: DNS Poisoning
Countermeasures
Sniffing Detection Techniques
Sniffing Pen Testing

Module 09: Social Engineering

Social Engineering Concepts
Social Engineering Techniques
Insider Threats
Impersonation on Social Networking Sites
Identity Theft
Countermeasures
Social Engineering Pen Testing

Module 10: Denial-of-Service

DoS/DDoS Concepts
DoS/DDoS Attack Techniques
Botnets
DDoS Case Study
DoS/DDoS Attack Tools
Countermeasures
DoS/DDoS Protection Tools
DoS/DDoS Penetration Testing

Module 11: Session Hijacking

Session Hijacking Concepts
Application Level Session Hijacking
Network Level Session Hijacking
Session Hijacking Tools
Countermeasures

Module 12: Evading IDS, Firewalls, and Honeypots

IDS, Firewall and Honeypot Concepts
IDS, Firewall and Honeypot Solutions
Evading IDS
Evading Firewalls
IDS/Firewall Evading Tools
Detecting Honeypots
IDS/Firewall Evasion Countermeasures
Penetration Testing

Module 13: Hacking Web Servers

Web Server Concepts
Web Server Attacks
Web Server Attack Methodology
Web Server Attack Tools
Countermeasures
Patch Management
Web Server Security Tools
Web Server Pen Testing

Module 14: Hacking Web Applications

Web App Concepts
Web App Threats
Hacking Methodology
Web App Hacking Tools
Countermeasures
Web App Security Testing Tools
Web App Pen Testing

Module 15: SQL Injection

SQL Injection Concepts
Types of SQL Injection
SQL Injection Methodology
SQL Injection Tools
Evasion Techniques
Countermeasures

Module 16: Hacking Wireless Networks

Wireless Concepts
Wireless Encryption
Wireless Threats
Wireless Hacking Methodology
Wireless Hacking Tools
Bluetooth Hacking
Countermeasures
Wireless Security Tools
Wireless Pen Testing

Module 17: Hacking Mobile Platforms

Mobile Platform Attack Vectors
Hacking Android OS
Hacking iOS
Mobile Spyware
Mobile Device Management
Mobile Security Guidelines and Tools
Mobile Pen Testing

Module 18: IoT Hacking

IoT Concepts
IoT Attacks
IoT Hacking Methodology
IoT Hacking Tools
Countermeasures
IoT Pen Testing

Module 19: Cloud Computing

Cloud Computing Concepts
Cloud Computing Threats
Cloud Computing Attacks
Cloud Security
Cloud Security Tools
Cloud Penetration Testing
Module 20: Cryptography

Cryptography Concepts
Encryption Algorithms
Cryptography Tools
Public Key Infrastructure (PKI)
Email Encryption
Disk Encryption
Cryptanalysis
Countermeasures

Prerequisites

Students must have at least one year of hands-on experience in computer security. Students that are new to computer security should begin with the SEC+501 – Security+ course or the CISSP – Information Security for the IT Professional course.

Students must have a strong understanding of the TCP/IP Protocol Suite, IP Routing and LAN Switching Concepts, name resolution protocols, and Internet technologies. A minimum of 12 months experience in networking or Cisco CCNA certification is recommended.