EC-Council Certified Ethical Hacker (CEH) v12
This course was built to incorporate a unique, in-depth, and interactive hands-on environment and systematic process across each ethical hacking domain and methodology, giving you the opportunity to work towards proving the required knowledge and skills needed to achieve the CEH credential.
Description
Overview
CEH provides an in-depth understanding of ethical hacking phases, various attack vectors, and preventative countermeasures. This course was built to incorporate a unique, in-depth and interactive hands-on environment and systematic process across each ethical hacking domain and methodology, giving you the opportunity to work towards proving the required knowledge and skills needed to achieve the CEH credential. Now in its 12th version, CEH continues to evolve with the latest operating systems, tools, tactics, exploits, and technologies. Our CEH course comes with the best possible class curriculum directly from EC-Council. This includes eCourseware and next version eCourseware - a CEH Exam Voucher with 5 Exam Retakes - exam preparation material, 6 months access to the official labs, and the C|EH Engage and Global Challenge - Ethical Hacking Video Library. Students may need pay for their exam proctor fee at the time of exam scheduling by the student.
Course Objectives
- Information security controls, laws, and standards
- Various types of footprinting, footprinting tools, and countermeasures
- Network scanning techniques and scanning countermeasures
- Enumeration techniques and enumeration countermeasures
- Vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems
- System hacking methodology, steganography, steganalysis attacks, and covering tracks to discover system and network vulnerabilities
- Different types of malware (Trojan, Virus, worms, etc.), system auditing for malware attacks, malware analysis, and countermeasures
- Packet sniffing techniques to discover network vulnerabilities and countermeasures to defend against sniffing
- Social engineering techniques and how to identify theft attacks to audit human-level vulnerabilities and social engineering countermeasures
- DoS/DDoS attack techniques and tools to audit a target and DoS/DDoS countermeasures
- Session hijacking techniques to discover network-level session management, authentication/authorization, and cryptographic weaknesses and countermeasures
- Webserver attacks and a comprehensive attack methodology to audit vulnerabilities in webserver infrastructure, and countermeasures
- Web application attacks, comprehensive web application hacking methodology to audit vulnerabilities in web applications, and countermeasures
- SQL injection attack techniques, injection detection tools to detect SQL injection attempts, and countermeasures
- Wireless encryption, wireless hacking methodology, wireless hacking tools, and Wi-Fi security tools
- Mobile platform attack vector, android vulnerability exploitations, and mobile security guidelines and tools
- Firewall, IDS and honeypot evasion techniques, evasion tools and techniques to audit a network perimeter for weaknesses, and countermeasures
- Cloud computing concepts (Container technology, serverless computing), the working of various threats and attacks, and security techniques and tools
- Penetration testing, security audit, vulnerability assessment, and penetration testing roadmap
- Threats to IoT and OT platforms and defending IoT and OT devices
- Cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools
Who Should Attend
The Certified Ethical Hacking v12 course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.
Course Outline
Module 1: Introduction to Ethical Hacking
- Elements of Information Security
- Cyber Kill Chain Methodology
- MITRE ATT&CK Framework
- Hacker Classes
- Ethical Hacking
- Information Assurance (IA)
- Risk Management
- Incident Management
- PCI DSS
- HIPPA
- SOX
- GDPR
Module 2: Foot Printing and Reconnaissance
- Footprinting
- Advanced Google Hacking Techniques
- Deep and Dark Web Footprinting
- Competitive Intelligence Gathering
- Website Footprinting
- Website Mirroring
- Email Footprinting
- Whois Lookup
- DNS Footprinting
- Traceroute Analysis
- Footprinting Tools
Hands-on Lab Exercises
- Perform Footprinting on the target network using Search Engines, Web Services and Social Networking Sites
- Perform Website, Email, Whois, DNS and Network Footprinting on the target network
Module 3: Scanning Networks
- Network Scanning
- Host Discovery Techniques
- Port Scanning Techniques
- Service Version Discovery
- OS Discovery
- Banner Grabbing
- OS Fingerprinting
- Packet Fragmentation
- Source Routing
- IP Address Spoofing
- Scanning Tools
Hands-on Lab Exercises
- Perform Host, Port, Service and OS Discovery on the target network
- Perform Scanning on the target network beyond IDS and Firewall
Module 4: Enumeration
- Enumeration
- NetBIOS Enumeration
- SNMP Enumeration
- LDAP Enumeration
- NTP Enumeration
- NFS Enumeration
- SMTP Enumeration
- DNS Cache Snooping
- DNSSEC Zone Walking
- IPsec Enumeration
- VoIP Enumeration
- RPC Enumeration
- Unix/Linux User Enumeration
- Enumeration Tools
Hands-on Lab Exercises
- Perform NetBIOS, SNMP, LDAP, NFS, DNS, SMTP, RPC, SMB and FTP Enumeration
Module 5: Vulnerability Analysis
- Vulnerability
- Vulnerability Research
- Vulnerability Assessment
- Vulnerability-Management Life Cycle
- Vulnerability Classification
- Vulnerability Assessment Tools
- Vulnerability Assessment Reports
Hands-on Lab Exercises
- Perform Vulnerability Research using Vulnerability Scoring Systems and Databases
- Perform Vulnerability Assessment using various Vulnerability Assessment Tools
Module 6: System Hacking
- Password Cracking
- Password Attacks
- Wire Sniffing
- Password-Cracking Tools
- Vulnerability Exploitation
- Buffer Overflow
- Privilege Escalation Tools
- Keylogger
- Spyware
- Rootkits
- Anti-Rootkits
- Steganography
- Steganography Tools
- Steganalysis
- Steganography Detection Tools
- Maintaining Persistence
- Post Exploitation
- Clearing Logs
- Covering Tracks
- Track-Covering Tools
Hands-on Lab Exercises
- Perform an Active Online Attack to crack the system's password
- Perform Buffer Overflow Attack to gain access to a remote system
- Escalate privileges using Privilege Escalation Tools
- Escalate privileges in a Linux machine
- Hide Data using Steganography
- Clear Windows and Linux machine logs using various utilities
- Hide Artifacts in Windows and Linux machines
Module 7: Malware Threats
- Malware
- Components of Malware
- APT
- Trojan
- Types of Trojans
- Exploit Kits
- Virus
- Virus Lifecycle
- Types of Viruses
- Ransomware
- Computer Worms
- Fileless Malware
- Malware Analysis
- Static Malware Analysis
- Dynamic Malware Analysis
- Virus Detection Methods
- Trojan Analysis
- Virus Analysis
- Fileless Malware Analysis
- Anti-Trojan Software
- Antivirus Software
- Fileless Malware Detection Tools
Hands-on Lab Exercises
- Gain control over a victim machine using Trojan
- Infect the target system
- Perform Static and Dynamic Malware Analysis
Module 8: Sniffing
- Network Sniffing
- Wiretapping
- MAC Flooding
- DHCP Starvation Attack
- ARP Spoofing Attack
- ARP Poisoning
- ARP Poisoning Tools
- MAC Spoofing
- STP Attack
- DNS Poisoning
- DNS Poisoning Tools
- Sniffing Tools
- Sniffer Detection Techniques
- Promiscuous Detection Tools
Hands-on Lab Exercises
- Perform MAC Flooding, ARP Poisoning, MITM and DHCP Starvation Attacks
- Spoof a MAC Address of a Linux machine
- Perform Network Sniffing using various sniffing tools
- Detect ARP Poisoning in a Switch-based Network
Module 9: Social Engineering
- Social Engineering
- Types of Social Engineering
- Phishing
- Phishing Tools
- Insider Threats/Insider Attacks
- Identity Theft
Hands-on Lab Exercises
- Perform Social Engineering using various techniques
- Spoof a MAC Address of a Linux machine
- Detect a Phishing Attack
- Audit Organization's Security for Phishing Attacks
Module 10: Denial-of-Service
- DoS Attack
- DDoS Attack
- Botnets
- DoS/DDoS Attack Techniques
- DoS/DDoS Attack Detection Techniques
- DoS/DDoS Protection Tools
Hands-on Lab Exercises
- Perform a DoS and DDoS Attack on a target host
- Detect and protect against DoS and DDoS Attacks
Module 11: Session Hijacking
- Session Hijacking
- Types of Session Hijacking
- Spoofing
- Application Level Session Hijacking
- Man-in-the-Browser Attack
- Client-side Attacks
- Session Replay Attacks
- Session Fixation Attack
- CRIME Attack
- Network Level Session Hijacking
- TCP/IP Hijacking
- Session Hijacking Tools
- Session Hijacking Detection Methods
- Session Hijacking Prevention Tools
Hands-on Lab Exercises
- Perform Session Hijacking using various tools
- Detect Session Hijacking
Module 12: Evading IDS, Firewalls, and Honeypots
- Intrusion Detection System (IDS)
- Intrusion Prevention System (IPS)
- Firewall
- Types of Firewalls
- Honeypot
- Intrusion Detection Tools
- Intrusion Prevention Tools
- IDS Evasion Techniques
- Firewall Evasion Techniques
- Evading NAC and EndPoint Security
- IDS/Firewall Evading Tools
- Honeypot Detection Tools
Hands-on Lab Exercises
- Bypass Windows Firewall
- Bypass Firewall rules using Tunneling
- Bypass Antivirus
Module 13: Hacking Web Servers
- Web Server Operations
- Web Server Attacks
- DNS Server Hijacking
- Website Defacement
- Web Cache Poisoning Attack
- Web Server Attack Methodology
- Web Server Attack Tools
- Web Server Security Tools
- Patch Management
- Patch Management Tools
Hands-on Lab Exercises
- Perform Web Server Reconnaissance using various tools
- Enumerate Web Server Information
- Crack FTP credentials using a Dictionary Attack
Module 14: Hacking Web Applications
- Web Application Architecture
- Web Application Threats
- OWASP Top 10 Application Security Risks
- Web Application Hacking Methodology
- Web API Hacking Methodology
- Web Application Security
Hands-on Lab Exercises
- Perform Web Application Reconnaissance using various tools
- Perform Web Spidering
- Perform Web Application Vulnerability Scanning
- Perform a Brute-force Attack
- Perform Cross-site Request Forgery (CSRF) Attack
- Identify XSS Vulnerabilities in Web Applications
- Detect Web Application Vulnerabilities using various Web Application Security Tools
Module 15: SQL Injection
- SQL Injections
- Types of SQL Injection
- Blind SQL Injection
- SQL Injection Methodology
- SQL Injection Tools
- Signature Evasion Techniques
- SQL Injection Detection Tools
Hands-on Lab Exercises
- Perform an SQL Injection Attack against MSSQL to extract databases
- Detect SQL Injection Vulnerabilities using various SQL Injection Detection Tools
Module 16: Hacking Wireless Networks
- Wireless Terminology
- Wireless Networks
- Wireless Encryption
- Wireless Threats
- Wireless Hacking Methodology
- Wi-Fi Encryption Cracking
- WEP/WPA/WPA2 Cracking Tools
- Bluetooth Hacking
- Wi-Fi Security Auditing Tools
- Bluetooth Security Tools
Hands-on Lab Exercises
- Footprint a Wireless Network
- Perform Wireless Traffic Analysis
- Crack a WEP, WPA and WPA2 Network
- Create a Rouge Access Point to capture data packets
Module 17: Hacking Mobile Platforms
- Mobile Platform Attack Vectors
- OWASP Top 10 Mobile Risks
- App Sandboxing
- SMS Phishing Attack (SMiShing)
- Android Rooting
- Hacking Android Devices
- Android Security Tools
- Jailbreaking iOS
- Hacking iOS Devices
- iOS Device Security
- Mobile Device Management (MDM)
- OWASP Top 10 Mobile Controls
- Mobile Security Tools
Hands-on Lab Exercises
- Hack an Android device by creating Binary Payloads
- Exploit the Android Platform through ADB
- Hack an Android device by creating an APK File
- Secure Android devices using various Android Security Tools
Module 18: IoT and OT Hacking
- IoT Architecture
- IoT Communication Models
- OWASP Top 10 IoT Threats
- IoT Vulnerabilities
- IoT Hacking Methodology
- IoT Hacking Tools
- IoT Security Tools
- IT/OT Convergence (IIOT)
- ICS/SCADA
- OT Vulnerabilities
- OT Attacks
- OT Hacking Methodology
- OT Hacking Tools
- OT Security Tools
Hands-on Lab Exercises
- Gather information using Online Footprinting Tools
- Capture and analyze IoT device traffic
Module 19: Cloud Computing
- Cloud Computing
- Types of Cloud Computing Services
- Cloud Deployment Models
- Fog and Edge Computing
- Cloud Service Providers
- Container
- Docker
- Kubernetes
- Serverless Computing
- OWASP Top 10 Cloud Security Risks
- Container and Kubernetes Vulnerabilities
- Cloud Attacks
- Cloud Hacking
- Cloud Network Security
- Cloud Security Controls
- Cloud Security Tools
Hands-on Lab Exercises
- Perform S3 Bucket Enumeration using various S3 Bucket Enumeration Tools
- Exploit open S3 Buckets
- Escalate IAM user privileges by exploiting Misconfigured User Policy
Module 20: Cryptography
- Cryptography
- Encryption Algorithms
- MD5 and MD6 Hash Calculators
- Cryptography Tools
- Public Key Infrastructure (PKI)
- Email Encryption
- Disk Encryption
- Cryptanalysis
- Cryptography Attacks
- Key Stretching
Hands-on Lab Exercises
- Calculate MD5 Hashes
- Perform File and Text Message Encryption
- Create and use Self-signed Certificates
- Perform Email and Disk Encryption
- Perform Cryptanalysis using various Cryptanalysis Tools