Course Details
  
Introduction

Underground Hacking Tools

Intended Audience

Learning Objectives

Prerequisites

Examination

Course Outline

What's New in v9?

More Information

EC-Council Certified Ethical Hacking v9  

Course ECCEH ó Five days ó Instructor-led

Introduction:

The Certified Ethical Hacker program is the pinnacle of the most desired information security training program any information security professional will ever want to be in. To master the hacking technologies, you will need to become one, but an ethical one! The accredited course provides the advanced hacking tools and techniques used by hackers and information security professionals alike to break into an organization.

This ethical hacking course puts you in the driverís seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! You will scan, test, hack and secure your own systems. You will be taught the five phases of ethical hacking and the ways to approach your target and succeed at breaking in every time! The five phases include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks.

Underground Hacking Tools:

The hacking tools and techniques in each of these five phases are provided in detail in an encyclopedic approach to help you identify when an attack has been used against your own targets. Why then is this training called the Certified Ethical Hacker Course? This is because by using the same techniques as the bad guys, you can assess the security posture of an organization with the same approach these malicious hackers use, identify weaknesses and fix the problems before they are identified by the enemy, causing what could potentially be a catastrophic damage to your respective organization.

We live in an age where attacks are all susceptible and come from anyplace at any time and we never know how skilled, well-funded, or persistent the threat will be. Throughout the CEH course, you will be immersed in a hackerís mindset, evaluating not just logical, but physical security. Exploring every possible point of entry to find the weakest link in an organization. From the end user, the secretary, the CEO, misconfigurations, vulnerable times during migrations even information left in the dumpster.

Intended Audience:

The Certified Ethical Hacking training course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

Learning Objectives:

The goal of this course is to help you master an ethical hacking methodology that can be used in a penetration testing or ethical hacking situation. You walk out the door with ethical hacking skills that are highly in demand, as well as the internationally recognized Certified Ethical Hacker certification! This course prepares you for EC-Council Certified Ethical Hacker exam 312-50.

Students going through the ECCEH training will learn:

  • Key issues plaguing the information security world, incident management process, and penetration testing
  • Various types of footprinting, footprinting tools, and countermeasures
  • Network scanning techniques and scanning countermeasures
  • Enumeration techniques and enumeration countermeasures
  • System hacking methodology, steganography, steganalysis attacks, and covering tracks
  • Different types of Trojans, Trojan analysis, and Trojan countermeasures
  • Working of viruses, virus analysis, computer worms, malware analysis procedure, and countermeasures
  • Packet sniffing techniques and how to defend against sniffing
  • Social Engineering techniques, identify theft, and social engineering countermeasures
  • DoS/DDoS attack techniques, botnets, DDoS attack tools, and DoS/DDoS countermeasures
  • Session hijacking techniques and countermeasures
  • Different types of webserver attacks, attack methodology, and countermeasures
  • Different types of web application attacks, web application hacking methodology, and countermeasures
  • SQL injection attacks and injection detection tools
  • Wireless Encryption, wireless hacking methodology, wireless hacking tools, and wi- security tools
  • Mobile platform attack vector, android vulnerabilities, jailbreaking iOS, windows phone 8 vulnerabilities, mobile security guidelines, and tools
  • Firewall, IDS and honeypot evasion techniques, evasion tools, and countermeasures
  • Various cloud computing concepts, threats, attacks, and security techniques and tools
  • Different types of cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools
  • Various types of penetration testing, security audit, vulnerability assessment, and penetration testing roadmap

Prerequisites:

Advanced working knowledge of TCP/IP v4 networking, recommend 3+ years deep technical experience. Technical knowledge of desktop and server operating systems including Windows, Linux & Unix. Delegates who do not meet the prerequisites can attend the EC Council NSA course. Please contact us for more details.

Examination:

A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.

The purpose of the CEH credential is to:

  • Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures.
  • Inform the public that credentialed individuals meet or exceed the minimum standards.
  • Reinforce ethical hacking as a unique and self-regulating profession.

About the exam:

  • Number of Questions: 125
  • Test Duration: 4 Hours
  • Test Format: Multiple Choice
  • Test Delivery: ECC EXAM, VUE
  • Exam Prefix: 312-50 (ECC EXAM), 312-50 (VUE)

Course Outline:

Module 1 : Introduction to Ethical Hacking

  • Internet is Integral Part of Business and Personal Life - What Happens Online in 60 Seconds
  • Information Security Overview
  • Information Security Threats and Attack Vectors
  • Hacking Concepts, Types, and Phases
  • Ethical Hacking Concepts and Scope
  • Information Security Controls
  • Physical Security
  • Incident Management
  • What is Vulnerability Assessment?
  • Penetration Testing
  • Information Security Laws and Standards

Module 2: Footprinting and Reconnaissance

  • Footprinting Concepts
  • Footprinting Methodology
  • Footprinting Tools
  • Footprinting Countermeasures
  • Footprinting Penetration Testing

Module 3 : Scanning Networks

  • Overview of Network Scanning
  • CEH Scanning Methodology

Module 4: Enumeration

  • Enumeration Concepts
  • NetBIOS Enumeration
  • SNMP Enumeration
  • SNMP Enumeration Tools
  • LDAP Enumeration
  • NTP Enumeration
  • SMTP Enumeration
  • Enumeration Countermeasures
  • SMB Enumeration Countermeasures
  • Enumeration Pen Testing

Module 5: System Hacking

  • Information at Hand Before System Hacking Stage
  • System Hacking: Goals
  • CEH Hacking Methodology (CHM)
  • CEH System Hacking Steps
  • Hiding Files
  • Covering Tracks
  • Penetration Testing

Module 6: Malware Threats

  • Introduction to Malware
  • Trojan Concepts
  • Types of Trojans
  • Virus and Worms Concepts
  • Malware Reverse Engineering
  • Countermeasures
  • Anti-Malware Software
  • Penetration Testing

Module 7: Sniffing

  • Sniffing Concepts
  • MAC Attacks
  • DHCP Attacks
  • ARPPoisoning
  • Spoofing Attack
  • DNS Poisoning
  • Sniffing Tools
  • Sniffing Tool: Wireshark
  • Follow TCP Stream in Wireshark
  • Display Filters in Wireshark
  • Additional Wireshark Filters
  • Packet Sniffing Tool: Capsa Network Analyzer
  • Network Packet Analyzer
  • Counter measures
  • Sniffing Detection
  • Sniffing Pen Testing

Module 8: Social Engineering

  • Social Engineering Concepts
  • Social Engineering Techniques
  • Impersonation on Social Networking Sites
  • Identity Theft
  • Social Engineering Countermeasures
  • Penetration Testing

Module 9: Denial-of-Service

  • DoS/DDoS Concepts
  • DoS/DDoS Attack Techniques
  • Botnets
  • DDoS Case Study
  • DoS/DDoS Attack Tools
  • Counter-measures
  • DoS/DDoS Protection Tools
  • DoS/DDoS Attack Penetration Testing

Module 10: Session Hijacking

  • Session Hijacking Concepts
  • Application Level Session Hijacking
  • Network-level Session Hijacking
  • Session Hijacking Tools
  • Counter-measures
  • Session Hijacking Pen Testing

Module 11: Hacking Webservers

  • Webserver Concepts
  • Webserver Attacks
  • Attack Methodology
  • Webserver Attack Tools
  • Counter-measures
  • Patch Management
  • Webserver Security Tools
  • Webserver Pen Testing

Module 12: Hacking Web Applications

  • Web App Concepts
  • Web App Threats
  • Web App Hacking Methodology
  • Web Application Hacking Tools
  • Countermeasures
  • Security Tools
  • Web App Pen Testing
  • Web Application Pen Testing Framework

Module 13: SQL Injection

  • SQL Injection Concepts
  • Types of SQL Injection
  • SQL Injection Methodology
  • SQL Injection Tools
  • Evasion Techniques
  • Counter-measures

Module 14: Hacking Wireless Networks

  • Wireless Concepts
  • Wireless Encryption
  • Wireless Threats
  • Wireless Hacking Methodology
  • Wireless Hacking Tools
  • Bluetooth Hacking
  • Counter-measures
  • Wireless Security Tools
  • Wi-Fi Pen Testing

Module 15: Hacking Mobile Platforms

  • Mobile Platform Attack Vectors
  • Hacking Android OS
  • Hacking iOS
  • Hacking Windows Phone OS
  • Hacking BlackBerry
  • Mobile Device Management (MDM)
  • Mobile Security Guidelines and Tools
  • Mobile Pen Testing

Module 16: Evading IDS, Firewalls, and Honeypots

  • IDS, Firewall and Honeypot Concepts
  • IDS, Firewall and Honeypot System
  • Evading IDS
  • Evading Firewalls
  • IDS/Firewall Evading Tools
  • Detecting Honeypots
  • IDS/Firewall Evasion Counter-measures
  • Penetration Testing

Module 17: Cloud Computing

  • Introduction to Cloud Computing
  • Cloud Computing Threats
  • Cloud Computing Attacks
  • Cloud Security
  • Cloud Security Tools
  • Cloud Penetration Testing

Module 18: Cryptography

  • Market Survey 2014: The Year of Encryption
  • Case Study: Heartbleed
  • Case Study: Poodlebleed
  • Cryptography Concepts
  • Encryption Algorithms
  • Cryptography Tools
  • Public Key Infrastructure(PKI)
  • Email Encryption
  • Disk Encryption
  • Cryptography Attacks
  • Cryptanalysis Tools

What's new in v9?:

Focus on New Attack Vectors

  • Emphasis on Cloud Computing Technology
    • CEHv9 focuses on various threats and hacking attacks to the emerging cloud computing technology
    • Covers wide-ranging countermeasures to combat cloud computing attacks
    • Provides a detailed pen testing methodology for cloud systems to identify threats in advance
  • Emphasis on Mobile Platforms and Tablet Computers
    • CEHv9 focuses on the latest hacking attacks targeted to mobile platform and tablet computers and covers countermeasures to secure mobile infrastructure
    • Coverage of latest development in mobile and web technologies

New Vulnerabilities Are Addressed

  • Heartbleed CVE-2014-0160
    • Heartbleed makes the SSL layer used by millions of websites and thousands of cloud providers vulnerable.
    • Detailed coverage and labs in Module 18: Cryptography.
  • Shellshock CVE-2014-6271
    • Shellshock exposes vulnerability in Bash, the widely-used shell for Unix-based operating systems such as Linux and OS X.
    • Detailed coverage and labs in Module 11: Hacking Webservers
  • Poodle CVE-2014-3566
    • POODLE lets attackers decrypt SSLv3 connections and hijack the cookie session that identifies you to a service, allowing them to control your account without needing your password.
    • Case study in Module 18: Cryptography
  • Hacking Using Mobile Phones
    • CEHv9 focuses on performing hacking (Foot printing, scanning, enumeration, system hacking, sniffing, DDoS attack, etc.) using mobile phones
    • Courseware covers latest mobile hacking tools in all the modules
  • Coverage of latest Trojan, Virus, Backdoors
  • Courseware covers Information Security Controls and Information
  • Security Laws and Standards
  • Labs on Hacking Mobile Platforms and Cloud Computing
  • More than 40 percent new labs are added from Version 8
  • More than 1500 new/updated tools
  • CEHv9 program focuses on addressing security issues to the latest operating systems like Windows 8.1

It also focuses on addressing the existing threats to operating environments dominated by Windows 7, Windows 8, and other operating systems (backward compatibility)

More Information:

For more information, please click on the following link to view the EC Council Website:

EC-Council Ethical Hacking Official Course Overview