Description

Overview

This course will teach students about information systems risk. Topics covered include risk identification, assessment, evaluation, response, and monitoring, as well as information systems control design and implementation.

Series Taught By: John Glover

Available CEUs for Course Series Completion: 6
Students can earn up to 6 CEUs for fully completing this course series. This information will be displayed on the certificate of completion. Learn More

Course Details

  • 41:53:00 Hours
  • 12 Months Access
  • Presented by highly qualified, industry leading experts

About this Course

EC-Council’s Certified Ethical Hacker(CEH) course is meant to give the student a foundational knowledge and skillset to be an asset to their current organization as a security analyst or become an effective member of a security team engaged in offensive security testing and vulnerability assessments. In this course you’ll learn about specific topics including: Intro to Ethical Hacking, Information gathering through foot-printing and reconnaissance techniques, network and system scanning, service enumeration, vulnerability discovery and analysis, system hacking, malware, social engineering, web application hacking, SQL Injection, Wireless, Mobile, IoT, and more.

Objectives

  • Possess a strong background knowledge of networking, telecommunications, web and computer systems.
  • Understand the current security protocols for popular operating environments, e.g., Linux, Windows & Mac OS.
  • “Hack” into an organization’s network/systems – with its permission – to assess weaknesses and vulnerabilities.
  • Undertake preventive, corrective and protective countermeasures to safeguard systems against malicious attack.
  • Have the ability to identify and crack multiple types of passwords, and effectively counter password attacks.
  • Comprehend the terminology, stages, classes, phases and methodologies of ethical hacking.
  • Can cover their tracks and erase digital evidence of networks and system intrusions.
  • Understand cryptography & encryption techniques, and private/public key infrastructure.
  • Adhere to a code of ethics governing professional conduct & the appropriateness of hacking.
  • Understand common cyber attacks, e.g. social engineering, phishing, identity theft, URL obfuscation, trojans, dumpster diving, insider attacks, etc, and can undertake the appropriate evasion techniques and countermeasures.

Audience

  • Anyone who wants to pass the Certified Ethical Hacker Exam and become responsible for securing a home or enterprise network
  • This course is a good fit for aspiring professional pen testers–including system administrators or IT professionals interested in making a career change. Current professional pen testers will be too advanced for this course.
  • This course is best suited for those who operate with or have privileged access in their company’s network. You’ll learn about the latest security vulnerabilities and how to protect your assets.
  • People who are interested in hands-on learning and developing their own protection solutions will benefit the most from this course. If you’re the type of person who likes taking things apart to see how they work, then you’ll love this course.

Prerequisites

  • You should have a fundamental working knowledge of computers and basic experience doing system administration or help desk work to succeed in this course. You should be familiar with standards system administrator concepts such as firewalls, antiviruses, intrusion detection systems, and access control lists.
  • In this course, I’ll help you install the necessary software on your computer. If you prefer, you can use the Online Lab in your browser to complete the assignments in this course.
  • I’ll use mostly Windows as our base operating system in this course. While we do have a section on Linux in the course, I will not delve too deeply into it. That’s because, in my teaching experience, students generally find it easier to use tools in an operating system they are familiar with before moving on to a new platform such as Linux.
  • The ideal student should be passionate and inquisitive about learning new technologies and diving into hands-on projects

Course Outline

INTRO TO ETHICAL HACKING

  • Overview
  • CEH V11 EC-Council Certification Overview
  • Basic Cybersecurity Concepts
  • Attacker Motives, Goals, And Objectives
  • Attack Classifications
  • Information Warfare
  • Cyber Kill Chain
  • Tactics Techniques And Procedures
  • Common Adversarial Behaviors
  • Threat Hunting Concepts
  • Hacking Phases
  • Ethical Hacking Concepts
  • Risk
  • Risk Management
  • Cyber Threat Intelligence
  • Threat Modeling
  • Incident Management
  • Incident Handling And Response
  • ML And AI
  • Standards And Regulations

RECON TECHNIQUES – FOOTPRINTING AND RECON

  • Footprinting Concepts
  • Google Dorks
  • Shodan Censys And Thingful
  • Sub-Domain Enumeration
  • Geolocation Recon
  • Social Networking Recon
  • Job Board Recon
  • Deep-Dark Web Recon
  • Metadata Recon
  • Custom Wordlists
  • Email Tracking
  • WHOIS Recon And DNS Recon
  • Public Network Footprinting
  • Other Footprinting Tools
  • Social Engineering Recon
  • Footprinting And Recon Countermeasures

RECON TECHNIQUES – SCANNING

  • Network Scanning Types
  • TCP Communication
  • Network Scanning Tools
  • Host Discovery
  • Port And Service Scanning
  • Nmap: TCP Connect Scan
  • Nmap Stealth Scan
  • Nmap Inverse TCP XMAS and Maimon Scans
  • Nmap ACK Scan
  • Nmap IDLE IPID Scan
  • Nmap UDP Scan
  • Nmap SCTP INIT and COOKIE ECHO Scans
  • Nmap IPv6 List and Version Scans
  • Nmap Scan Optimizations
  • Target OS Identification Techniques
  • IDS and Firewall Evasion

RECON TECHNIQUES – ENUMERATION

  • Enumeration Basics
  • NetBIOS and SMB Enumeration
  • SNMP Enumeration
  • LDAP Enumeration
  • NTP Enumeration
  • NFS Enumeration
  • SMTP and FTP Enumeration

SYSTEM HACKING PHASES AND ATTACK TECHNIQUES – VULNERABILITY ANALYSIS

  • Vulnerability Assessment Concepts and Resources
  • Vulnerability Management Life-Cycle
  • Vulnerability Classification
  • Vulnerability Assessment Types
  • Vulnerability Assessment Models and Tools
  • Vulnerability Assessment Reports

SYSTEM HACKING PHASES AND ATTACK TECHNIQUES – SYSTEM HACKING

  • CEH Hacking Methodology and Goals
  • Windows Authentication
  • Password Attacks – Basic Concepts
  • Password Extraction and Cracking
  • Password Attacks Cracking Enhancement Techniques
  • Exploitation Buffer Overflows
  • Privilege Escalation
  • Maintaining Access
  • Steganography
  • Covering Tracks

SYSTEM HACKING PHASES AND ATTACK TECHNIQUES – MALWARE THREATS

  • Malware Concepts and Components
  • APT
  • Trojans
  • Viruses and Worms
  • Fileless Malware
  • Malware Analysis
  • Malware Countermeasures

NETWORK AND PERIMETER HACKING – SNIFFING

  • Network Sniffing Basics
  • DHCP Sniffing Attacks
  • ARP Poisoning
  • DNS Poisoning
  • Sniffing Defenses

NETWORK AND PERIMETER HACKING – SOCIAL ENGINEERING

  • Social Engineering Concepts
  • Insider Threats
  • Identity Theft

NETWORK AND PERIMETER HACKING – DENIAL OF SERVICE

  • DoS And DDoS Attacks
  • Volumetric Attacks
  • Protocol Attacks
  • Application Layer Attacks
  • Botnets
  • DoS And DDoS Countermeasures

NETWORK AND PERIMETER HACKING – SESSION HIJACKING

  • Session Hijacking Concepts
  • Network Level Session Hijacking
  • Application Level Session Hijacking
  • Session Hijacking Countermeasures

NETWORK AND PERIMETER HACKING – EVADING

  • IDS And IPS
  • Firewalls
  • Honeypots

WEB APPLICATION HACKING – HACKING WEB SERVERS

  • Web Server Hacking Concepts
  • Web Server Attacks
  • Web Server Attack Methodology

WEB APPLICATION HACKING – HACKING WEB APPLICATIONS

  • Web App Basics
  • OWASP Top 10 Web Application Attacks 2017
  • Unvalidated Redirects And Forwards
  • CSRF
  • IDOR
  • LFI RFI
  • Web App Hacking Methodology
  • Web App Hacking Tools
  • Web App Login Attacks
  • XSS Filtering Evasion
  • Web Shell Backdoors
  • APIs And Webhooks

WEB APPLICATION HACKING – SQL INJECTION

  • SQLi Concepts
  • Error-Based SQLi Attacks
  • Blind-Based SQLi Attacks
  • SQLi To System Access
  • SQLMap

WIRELESS NETWORK HACKING – HACKING WIRELESS NETWORKS

  • Wireless Basics
  • Wireless Threats
  • Wireless Hacking Tools
  • Wireless Hacking
  • Wireless Hacking Countermeasures

HACKING MOBILE PLATFORMS

  • Mobile Hacking Basics
  • Android Security
  • IOS Security
  • Mobile Device Management And Security Tools

IOT AND OT HACKING

  • IoT Basics
  • IoT Threats And Vulnerabilities
  • IoT Attacks Tools And Countermeasures
  • OT Basics
  • OT Attacks Tools And Countermeasures

CLOUD COMPUTING – CLOUD COMPUTING

  • Cloud Computing Basics
  • Container Basics
  • Hacking Cloud Services
  • Cloud Security Controls

CRYPTOGRAPHY – CRYPTOGRAPHY

  • Cryptography Basics
  • Crypto Algorithms And Implementations
  • Cryptography Tools
  • Public Key Infrastructure
  • Cryptanalysis
  • Crypto-Attack Countermeasures