CEH v8 - Certified Ethical Hacker (312-50)

COURSE OVERVIEW

Lesson 1: Introduction to Ethical Hacking

• Gain knowledge on various hacking terminologies
• Understand the different types and implications of hacker attacks

Lesson 2: Footprinting and Reconnaissance

• Understand the term footprinting
• Understand how traceroute is used in footprinting
• Google hacking, Website mirroring, and email tracking

Lesson 3: Scanning Networks

• Understand the term port scanning, network scanning, and vulnerability scanning
• Understand ping sweeping, firewalk tool, and nmap command switches
• Understand scans
• Learn TCP communication flag types, and gain knowledge on War dialing techniques
• Understand banner grabbing using fingerprinting and other techniques and tools
• Learn vulnerability scanning using BidiBlah and other hacking tools
• Understand proxy servers, anonymizers, HTTP tunneling techniques, and IP spoofing techniques

Lesson 4: Enumeration

• Learn the system hacking cycle, and understand enumeration and its techniques
• Understand null sessions and their countermeasures
• Understand SNMP enumeration and its countermeasures

Lesson 5: System Hacking

• Understand the different types of passwords, password attacks, and password cracking techniques
• Authentication mechanism, password sniffing, various password cracking tools, and countermeasures
• Understand privilege escalation, key loggers, and other spyware technologies
• Identify different ways to hide files, understand rootkits, and understand alternate data streams
• Understand steganography technologies and tools used
• Understand covering tracks, tools used and erase evidences

Lesson 6: Trojans and Backdoors

• Define a Trojan
• Identify the ports used by a Trojan
• Identify listening ports using netstat
• Understand wrapping , reverse shell Trojan, and ICMP tunneling
• Understand Windows start up monitoring tools, and the Trojan horse constructing kit
• Learn Trojan detection and evading techniques

Lesson 7: Viruses and Worms

• Virus, characteristics of a virus, working of a virus, and virus hoaxes
• Understand the difference between a virus and a worm, and understand the life cycle of virus
• Virus writing technique and virus construction kits
• Understand antivirus evasion techniques, and understand virus detection methods and countermeasures
• Understand worm analysis

Lesson 8: Sniffers

• Sniffers, identify types of sniffing, and understand active and passive sniffing
• Understand Address Resolution Protocol (ARP), and the process of ARP spoofing
• Understand MAC duplicating
• Learn ethereal capture and display filters
• Understand MAC flooding, understand DNS spoofing techniques, and DNS spoofing countermeasures
• Know various sniffing tools, identify sniffing detection and defensive techniques

Lesson 9: Social Engineering

• Understand social engineering
• Identify the different types of social engineering
• Understand dumpster diving, human-based social engineering, and insider attack
• Understand phishing attacks, identify online scams, and understand URL obfuscation
• Identify social engineering countermeasures

Lesson 10: Denial of Service

• Understand a Denial of Service attack, and analyze symptoms of a DoS Attack
• Understand Internet Chat Query (ICQ), Internet Relay Chat (IRC), and botnets
• Assess DoS/DDoS attack tools
• Identify DoS/DDoS countermeasure, post-attack forensics, and Penetration Testing

Lesson 11: Session Hijacking

• Understand session hijacking and session hijacking techniques
• Understand session hijacking process and session hijacking in the OSI Model
• Understand the brute forcing attack, and HTTP referrer attack
• Understand application level session hijacking, and discuss session sniffing
• Describe man-in-the-middle, man-in-the-browser, Client-side, and cross-site script attacks
• Understand session fixation attack, and describe network level session hijacking
• Understand TCP/IP hijacking, session hijacking tools, and countermeasures of session hijacking

Lesson 12: Hacking Webservers

• Web server attacks
• Examine webserver misconfiguration, and understand directory traversal attacks
• Learn regarding HTTP response splitting attack, and understand Web cache poisoning attack
• Understand HTTP response hijacking, and discuss SSH bruteforce attack
• Examine man-in-the-middle attack, and learn webserver password cracking techniques
• Understand webserver attack methodology
• Identify webserver attack tools, and identify countermeasures against webserver attacks
• Understand patch management, assess webserver security tools

Lesson 13: Hacking Web applications

• Understand Web applications, Web application components, and working of Web applications
• Understand Web application architecture, parameter/form tampering, and injection flaws
• Discuss hidden field manipulation, cross-site scripting (XSS), and Web services attacks
• Identify Web application hacking and Web application security tools
• Understand Web application firewalls, and gain insights on Web application pen testing

Lesson 14: SQL Injection

• Understand SQL injection and SQL injection black box penetration testing
• Understand types of SQL injection and blind SQL injection
• Learn SQL injection methodology
• Examine advanced enumeration, describe password grabbing, and discuss grabbing SQL Server hashes
• SQL injection tools
• Understand defensive strategies against SQL injection attacks

Lesson 15: Hacking Wireless Networks

• Understand wireless networks, various types of wireless networks, and Wi-Fi authentication modes
• Identify types of wireless encryption, and understand WEP encryption and WPA/WPA2
• Understand wireless hacking methodology, and assess wireless hacking tools
• Understand Bluetooth hacking, and understand how to defend against Bluetooth hacking
• Understand how to defend against wireless attacks, and identify Wi-Fi security tools
• Examine Wireless Penetration Testing Framework

Lesson 16: Hacking Mobile Platform

• Mobile Platform Attack Vectors
• Hacking Android OS
• Hacking iOS
• Hacking Windows Phone OS
• Hacking BlackBerry
• Mobile Device Management (MDM)
• Mobile Security Guidelines and Tools
• Mobile Pen Testing

Lesson 17: Evading IDS, Firewalls, and Honeypots

• Understand Intrusion Detection Systems (IDS)
• Understand what is a firewall, types of firewalls, and identify firewall identification techniques
• Understand honeypot
• Examine evading IDS, understand evading firewalls, and learn detecting honeypots
• Identify firewall evading tools

Lesson 18: Buffer Overflow

• Understand buffer overflows (BoF)
• Reasons for buffer overflow attacks, and skills required to program buffer overflow exploits
• Testing for heap overflow conditions: heap.exe, and understand OllyDbg debugger
• Understand buffer overflow countermeasures tools and buffer overflow pen testing

Lesson 19: Cryptography

• Understand cryptography, learn various types of cryptography, and understand ciphers
• Understand AES, RC4, RC5, RC6 algorithms, RSA, Message Digest Function: MD5, and SHA
• Identify cryptography tools, and understand Public Key Infrastructure (PKI), and digital signature
• Understand SSL, disk encryption, and cryptography attacks

Lesson 20: Penetration Testing

• Understand penetration testing (PT)
• Understand automated testing, manual testing, and penetration testing techniques
• Understand enumerating devices