C)PEH: Certified Professional Ethical Hacker
To protect an information system you need to be able to see that system through the eyes of the attacker. The Certified Professional Ethical Hacker certification course is the foundational training to a line of penetration testing courses because it teaches you to think like a hacker. Therefore, you can set up dynamic defenses to prevent intrusion.
Description
Overview
The Certified Professional Ethical Hacker vendor neutral certification course is the foundational training to a line of penetration testing courses. The CPEH certification training enables students to understand the importance of vulnerability assessments by providing industry knowledge and skills in Vulnerability Assessments. In doing so, the CPEH student is able to understand how malware and destructive viruses function.
First, you will learn the value of vulnerability assessments. Then, you will discover how to use those assessments to make powerful changes in an information system's security. Additionally, you will learn how malware and destructive viruses function and how to implement counter response and preventative measures when it comes to a network hack.
The CPEH course provides in-depth labs that focus on both open source and commercial based tools with industry best practices. These hands on labs emulate real world hacking scenarios and equip the candidate to assess your company’s security posture, help implement controls to better secure your company’s network infrastructure and how to combat against hackers and/or viruses, etc.
Course Objectives
Upon completion, the Certified Professional Ethical Hacker candidate will be able to competently take the C)PEH exam.
Who Should Attend
- IS Security Owners
- Security Officers
- Ethical Hackers
- Information Owners
- Penetration Testers
- System Owners and Managers
- Cyber Security Engineers
Course Outline
Module 1: Introduction to Ethical Hacking
- What and Why?
- Differences
- Security Definitions
- Risk Management
- Methodologies
Module 2: Linux Fundamentals
- Core Concepts
- The shell and other items you need to know
- Managing users
- Basic Commands
Module 3: Protocols
- Network Models
- Protocols & Services
Module 4: Cryptography
- Understanding Cryptography
- Symmetric Encryption
- Asymmetric Encryption
- Hashing
- Cryptography in Use
- Crypto Attacks
Module 5: Password Cracking
- What and Why
- Attacks and Tools of the Trade
- Countermeasures
Module 6: Malware
- DOS & DDOS
- Viruses & Backdoors
- Trojans and Backdoors
- Ransomware
Module 7: Security Devices
- Basic Security Elements
- Security Appliances
Module 8: Information Gathering
- What are we looking for?
- Where/How do we find this information?
- Are there tools to help?
Module 9: Social Engineering
- Social Engineering Types
- Phishing Scams
Module 10: Reconnaissance
- What are we looking for?
- Port Scanning
- Are there tools to help?
- Banner Grabbing
- Enumeration
Module 11: Vulnerability Assessment
- What is a Vulnerability Assessment
- Tools of the Trade
- Testing Internal and External Systems
Module 12: Network Attacks
- Sniffing Techniques
- Hijacking
Module 13: Hacking Servers
- Servers, What are they good for?
- What is an Exploit?
- Tools of the Trade
Module 14: Hacking Web Technologies
- OWASP Top 10
- SQL Injection
- XSS
Module 15: Hacking Wireless Networks
- Wireless Technologies
- Mobile and IoT Technologies
- Various Tools Used
- Hacking Techniques
- Countermeasures
Module 16: Maintaining Access and Covering Tracks
- Maintaining Access
- Covering Tracks
Detailed Labs Outline
Lab 1: Intro to C)PEH Setup
- Recording Ips and Logging into VMs Joining the Domain
Lab 2: Linux Fundamentals
- Command Line Tips and Tricks
- Linux Networking for Beginners
- Using FTP during a Pentest
Lab 3: Understanding Protocols
- Analyze http session
Lab 4: Cryptography Lab
- Hashing Data of all Sorts
- The Basics of Cryptographic Algorithms
Lab 5: Password Cracking
Lab 6: Malware
- Creating a virus
- Beast Trojan
Lab 7: Information Gathering
- Google Queries
- Searching Pastebin
- Maltego
- People Search Using the Spokeo Online Tool
- Recon with Chrome
- Nslookup
Lab 8: Information Gathering – Active Reconnaissance
- Scanning with Nmap
- Scanning with Hping
- Banner Grabbing
- Enumerating a local System with Hyena
- SMTP Enumeration
- Ad Enumeration
Lab 9: Vulnerability Assessment
- Vulnerability Assessment with Nessus
- Vulnerability Assessment with Saint
Lab 10: Network Sniffing/IDS
- Sniffing Passwords with Wireshark
- Performing MtM with Cain
- Performing MtM with sslstrip
Lab 11: Windows Hacking
- Attack Windows 7 with Client-Side Exploit
- Windows 2012 Reverse TCP Exploit
- Cracking with John the Ripper
Lab 12: Attacking Databases
- Attacking MySQL Database
- Manual SQL Injection
Lab 13: Attacking Web Applications
- Attacking with XSS
- Attacking with CSRF
Lab 14: Backdoors
- Setting up a Backdoor
Prerequisites
- 12 months of IT Experience
- 12 Months of Networking Experience
- C)SP: Certified Security Principles