Course Overview
TOPCertified Ethical Hacker is a comprehensive ethical hacking and information systems security auditing program focusing on latest security threats, advanced attack vectors and practical real time demonstration of latest hacking techniques, methodologies, tools, tricks and security measures. It delivers technical depth of the content with an emphasis on vulnerability assessment, risk assessment, and penetration testing.
This class immerses students in an interactive environment where they learn how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. The majority of the class is hands-on labs with instruction to explain, reinforce, and show how these hacking tools and techniques can be used to secure and defend real world networks.
Students begin by seeing how perimeter defenses work. They next learn how to reconnoiter, scan and attack their own networks and how intruders escalate privileges. Students also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When students leave this intensive 5 day class they have hands on understanding and experience in Ethical Hacking and what they can do to analyze and secure their own network without harming their own assets.
CEHv10 is ANSI accredited and focuses on the latest hacking attacks targeted to mobile platform and tablet computers and covers countermeasures to secure mobile infrastructure. The latest development in mobile and web technologies including Google Android OS, Apple iOS, Windows Phone, and HTML 5 as well as mobile applications and mobile app stores.
*CEHv10 Certification exam not included with course, must be purchased by the student directly from EC-Council.
Scheduled Classes
TOPWhat You'll Learn
TOPOutline
TOPMODULE 01: INTRODUCTION TO ETHICAL HACKING
Information Security Overview
Information Security Threats and Attack Vectors
Hacking Concepts
Ethical Hacking Concepts
Information Security Controls
Penetration Testing Concepts
Information Security Laws and Standards
MODULE 02: FOOTPRINTING AND RECONNAISSANCE
Footprinting Concepts
Footprinting through Search Engines
Footprinting through Web Services
Footprinting through Social Networking Sites
Website Footprinting
Email Footprinting
Competitive Intelligence
Whois Footprinting
DNS Footprinting
Network Footprinting
Footprinting through Social Engineering
Footprinting Tools
Countermeasures
Footprinting Pen Testing
MODULE 03: SCANNING NETWORKS
Network Scanning Concepts
Scanning Tools
Scanning Techniques
Scanning Beyond IDS and Firewall
Banner Grabbing
Draw Network Diagrams
Scanning Pen Testing
MODULE 04: ENUMERATION
Enumeration Concepts
NetBIOS Enumeration
SNMP Enumeration
LDAP Enumeration
NTP Enumeration
SMTP and DNS Enumeration
Other Enumeration Techniques
Enumeration Countermeasures
Enumeration Pen Testing
MODULE 05: VULNERABILITY ANALYSIS
Vulnerability Assessment Concepts
Vulnerability Assessment Solutions
Vulnerability Scoring Systems
Vulnerability Assessment Tools
Vulnerability Assessment Reports
MODULE 06: SYSTEM HACKING
System Hacking Concepts
Cracking Passwords
Escalating Privileges
Executing Applications
Hiding Files
Covering Tracks
Penetration Testing
MODULE 07: MALWARE THREATS
Malware Concepts
Trojan Concepts
Virus and Worm Concepts
Malware Analysis
Countermeasures
Anti-Malware Software
Malware Penetration Testing
MODULE 08: SNIFFING
Sniffing Concepts
Sniffing Technique: MAC Attacks
Sniffing Technique: DHCP Attacks
Sniffing Technique: ARP Poisoning
Sniffing Technique: Spoofing Attacks
Sniffing Technique: DNS Poisoning
Countermeasures
Sniffing Detection Techniques
Sniffing Pen Testing
MODULE 09: SOCIAL ENGINEERING
Social Engineering Concepts
Social Engineering Techniques
Insider Threats
Impersonation on Social Networking Sites
Identity Theft
Countermeasures
Social Engineering Pen Testing
MODULE 10: DENIAL-OF-SERVICE
DoS/DDoS Concepts
DoS/DDoS Attack Techniques
Botnets
DDoS Case Study
DoS/DDoS Attack Tools
Countermeasures
DoS/DDoS Protection Tools
DoS/DDoS Penetration Testing
MODULE 11: SESSION HIJACKING
Session Hijacking Concepts
Application Level Session Hijacking
Network Level Session Hijacking
Session Hijacking Tools
Countermeasures
MODULE 12: EVADING IDS, FIREWALLS, AND HONEYPOTS
IDS, Firewall and Honeypot Concepts
IDS, Firewall and Honeypot Solutions
Evading IDS
Evading Firewalls
IDS/Firewall Evading Tools
Detecting Honeypots
IDS/Firewall Evasion Countermeasures
Penetration Testing
MODULE 13: HACKING WEB SERVERS
Web Server Concepts
Web Server Attacks
Web Server Attack Methodology
Web Server Attack Tools
Countermeasures
Patch Management
Web Server Security Tools
Web Server Pen Testing
MODULE 14: HACKING WEB APPLICATIONS
Web App Concepts
Web App Threats
Hacking Methodology
Web App Hacking Tools
Countermeasures
Web App Security Testing Tools
Web App Pen Testing
MODULE 15: SQL INJECTION
SQL Injection Concepts
Types of SQL Injection
SQL Injection Methodology
SQL Injection Tools
Evasion Techniques
Countermeasures
MODULE 16: HACKING WIRELESS NETWORKS
Wireless Concepts
Wireless Encryption
Wireless Threats
Wireless Hacking Methodology
Wireless Hacking Tools
Bluetooth Hacking
Countermeasures
Wireless Security Tools
Wireless Pen Testing
MODULE 17: HACKING MOBILE PLATFORMS
Mobile Platform Attack Vectors
Hacking Android OS
Hacking iOS
Mobile Spyware
Mobile Device Management
Mobile Security Guidelines and Tools
Mobile Pen Testing
MODULE 18: IOT HACKING
IoT Concepts
IoT Attacks
IoT Hacking Methodology
IoT Hacking Tools
Countermeasures
IoT Pen Testing
MODULE 19: CLOUD COMPUTING
Cloud Computing Concepts
Cloud Computing Threats
Cloud Computing Attacks
Cloud Security
Cloud Security Tools
Cloud Penetration Testing
MODULE 20: CRYPTOGRAPHY
Cryptography Concepts
Encryption Algorithms
Cryptography Tools
Public Key Infrastructure (PKI)
Email Encryption
Disk Encryption
Cryptanalysis
Countermeasures
Prerequisites
TOPStudents must have at least one year of hands-on experience in computer security. Students that are new to computer security should begin with the SEC+501 – Security+ course or the CISSP – Information Security for the IT Professional course.
Students must have a strong understanding of the TCP/IP Protocol Suite, IP Routing and LAN Switching Concepts, name resolution protocols, and Internet technologies. A minimum of 12 months experience in networking or Cisco CCNA certification is recommended.
