Course Description
This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! You will scan, test, hack and secure your own systems.
You will be taught the five phases of ethical hacking and thought about how you can approach your target and succeed at breaking in every time! The five phases include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks.
Underground Hacking Tools
The hacking tools and techniques in each of these five phases are provided in detail in an encyclopedic approach to help you identify when an attack has been used against your own targets.
Why then is this training called the Certified Ethical Hacker Course? This is because by using the same techniques as the bad guys, you can assess the security posture of an organization with the same approach these malicious hackers use, identify weaknesses, and fix the problems before they are identified by the enemy, causing what could potentially be catastrophic damage to your respective organization.
We live in an age where attacks are all susceptible and come from any place at any time and we never know how skilled, well-funded, or persistent the threat will be. Throughout the CEH course, you will be immersed in a hacker's mindset, evaluating not just logical, but physical security. Exploring every possible point of entry to find the weakest link in an organization. From the end-user, the secretary, the CEO, misconfigurations, vulnerable times during migrations even information left in the dumpster.
Target Student
The Certified Ethical Hacking training course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.
Prerequisites
MCSE or CCNA equivalent knowledge or experience.
EC Council - Network Security Administrator knowledge or experience.
Due to the intensive nature of this course, it may be required for delegates to attend the class up to 18.30 each day. Delegates will be informed by the delivering instructor what the approximate finish time will be. Additionally, delegates will also be expected to undertake self-study work in the evenings of the course.
Performance-Based Objectives
Focus on New Attack Vectors
Emphasis on Cloud Computing Technology
CEHv9 focuses on various threats and hacking attacks to the emerging cloud computing technology.
Covers wide-ranging countermeasures to combat cloud computing attacks
Provides a detailed pen testing methodology for cloud systems to identify threats in advance
Emphasis on Mobile Platforms and Tablet Computers
CEHv9 focuses on the latest hacking attacks targeted to mobile platforms and tablet computers and covers countermeasures to secure mobile infrastructure
Coverage of latest development in mobile and web technologies
New Vulnerabilities Are Addressed
Heartbleed CVE-2014-0160: Heartbleed makes the SSL layer used by millions of websites and thousands of cloud providers vulnerable.
Detailed coverage and labs in Module 18: Cryptography.
Shellshock CVE-2014-6271: Shellshock exposes a vulnerability in Bash, the widely-used shell for Unix-based operating systems such as Linux and OS X.
Detailed coverage and labs in Module 11: Hacking Webservers
Poodle CVE-2014-3566: POODLE lets attackers decrypt SSLv3 connections and hijack the cookie session that identifies you to a service, allowing them to control your account without needing your password.
Case study in Module 18: Cryptography Hacking Using Mobile Phones
CEHv9 focuses on performing hacking (Footprinting, scanning, enumeration, system hacking, sniffing, DDoS attack, etc.) using mobile phones. Courseware covers the latest mobile hacking tools in all the modules. Coverage of latest Trojan, Virus, Backdoors. Courseware covers Information Security Controls and Information Security Laws and Standards. Labs on Hacking Mobile Platforms and Cloud Computing. More than 40 percent of new labs are added from Version 8More than 1500 new/updated tools¨CEHv9 program focuses on addressing security issues to the latest operating systems like Windows 8.1¨It also focuses on addressing the existing threats to operating environments dominated by Windows 7, Windows 8, and other operating systems (backward compatibility)
Course Content:
Module 1 : Introduction to Ethical Hacking
Internet is Integral Part of Business and Personal Life - What Happens Online in 60 Seconds
Information Security Overview
Information Security Threats and Attack Vectors
Hacking Concepts, Types, and Phases
Ethical Hacking Concepts and Scope
Information Security Controls
Physical Security
Incident Management
What is Vulnerability Assessment?
Penetration Testing
Information Security Laws and Standards
Module 2: Footprinting and Reconnaissance
Footprinting Concepts
Footprinting Methodology
Footprinting Tools
Footprinting Countermeasures
Footprinting Penetration Testing
Module 3 : Scanning Networks
Overview of Network Scanning
CEH Scanning Methodology
Module 4: Enumeration
Enumeration Concepts
NetBIOS Enumeration
SNMP Enumeration
SNMP Enumeration Tools
LDAP Enumeration
NTP Enumeration
SMTP Enumeration
Enumeration Countermeasures
SMB Enumeration Countermeasures
Enumeration Pen Testing
Module 5: System Hacking
Information at Hand Before System Hacking Stage
System Hacking: Goals
CEH Hacking Methodology (CHM)
CEH System Hacking Steps
Hiding Files
Covering Tracks
Penetration Testing
Module 6: Malware Threats
Introduction to Malware
Trojan Concepts
Types of Trojans
Virus and Worms Concepts
Malware Reverse Engineering
Countermeasures
Anti-Malware Software
Penetration Testing
Module 7: Sniffing
Sniffing Concepts
MAC Attacks
DHCP Attacks
ARPPoisoning
Spoofing Attack
DNS Poisoning
Sniffing Tools
Sniffing Tool: Wireshark
Follow TCP Stream in Wireshark
Display Filters in Wireshark
Additional Wireshark Filters
Packet Sniffing Tool: Capsa Network Analyzer
Network Packet Analyzer
Counter measures
Sniffing Detection
Sniffing Pen Testing
Module 8: Social Engineering
Social Engineering Concepts
Social Engineering Techniques
Impersonation on Social Networking Sites
Identity Theft
Social Engineering Countermeasures
Penetration Testing
Module 9: Denial-of-Service
DoS/DDoS Concepts
DoS/DDoS Attack Techniques
Botnets
DDoS Case Study
DoS/DDoS Attack Tools
Counter-measures
DoS/DDoS Protection Tools
DoS/DDoS Attack Penetration Testing
Module 10: Session Hijacking
Session Hijacking Concepts
Application Level Session Hijacking
Network-level Session Hijacking
Session Hijacking Tools
Counter-measures
Session Hijacking Pen Testing
Module 11: Hacking Webservers
Webserver Concepts
Webserver Attacks
Attack Methodology
Webserver Attack Tools
Counter-measures
Patch Management
Webserver Security Tools
Webserver Pen Testing
Module 12: Hacking Web Applications
Web App Concepts
Web App Threats
Web App Hacking Methodology
Web Application Hacking Tools
Countermeasures
Security Tools
Web App Pen Testing
Web Application Pen Testing Framework
Module 13: SQL Injection
SQL Injection Concepts
Types of SQL Injection
SQL Injection Methodology
SQL Injection Tools
Evasion Techniques
Counter-measures
Module 14: Hacking Wireless Networks
Wireless Concepts
Wireless Encryption
Wireless Threats
Wireless Hacking Methodology
Wireless Hacking Tools
Bluetooth Hacking
Counter-measures
Wireless Security Tools
Wi-Fi Pen Testing
Module 15: Hacking Mobile Platforms
Mobile Platform Attack Vectors
Hacking Android OS
Hacking iOS
Hacking Windows Phone OS
Hacking BlackBerry
Mobile Device Management (MDM)
Mobile Security Guidelines and Tools
Mobile Pen Testing
Module 16: Evading IDS, Firewalls, and Honeypots
IDS, Firewall and Honeypot Concepts
IDS, Firewall and Honeypot System
Evading IDS
Evading Firewalls
IDS/Firewall Evading Tools
Detecting Honeypots
IDS/Firewall Evasion Counter-measures
Penetration Testing
Module 17: Cloud Computing
Introduction to Cloud Computing
Cloud Computing Threats
Cloud Computing Attacks
Cloud Security
Cloud Security Tools
Cloud Penetration Testing
Module 18: Cryptography
Market Survey 2014: The Year of Encryption
Case Study: Heartbleed
Case Study: Poodlebleed
Cryptography Concepts
Encryption Algorithms
Cryptography Tools
Public Key Infrastructure(PKI)
Email Encryption
Disk Encryption
Cryptography Attacks
Cryptanalysis Tools
