Ethical Hacking Course overview

Who is a Certified Ethical Hacker?

A Certified Ethical Hacker is a specialist typically working in a red team environment, focused
on attacking computer systems and gaining access to networks, applications, databases, and
other critical data on secured systems. A CEH understands attack strategies, the use of creative
attack vectors, and mimics the skills and creativity of malicious hackers. Unlike malicious hackers
and actors, Certified Ethical Hackers operate with permission from the system owners and take
all precautions to ensure the outcomes remain confidential. Bug bounty researchers are expert
ethical hackers who use their attack skills to uncover vulnerabilities in the systems.

Course Description

The Certified Ethical Hacker (CEH) credential is the most trusted ethical hacking certification
and accomplishment recommended by employers globally. It is the most desired information
security certification and represents one of the fastest-growing cyber credentials required by
critical infrastructure and essential service providers. Since the introduction of CEH in 2003, it
is recognized as a standard within the information security community. CEH v11 continues to
introduce the latest hacking techniques and the most advanced hacking tools and exploits used
by hackers and information security professionals today. The Five Phases of Ethical Hacking and
the original core mission of CEH remain valid and relevant today: “To beat a hacker, you need to
think like a hacker.”

Certified Ethical Hacker (CEH) Version 11

CEH provides an in-depth understanding of ethical hacking phases, various attack vectors, and
preventative countermeasures. It will teach you how hackers think and act maliciously so that
you will be better positioned to set up your security infrastructure and defend future attacks.
Understanding system weaknesses and vulnerabilities help organizations strengthen their
system security controls to minimize the risk of an incident.
CEH was built to incorporate a hands-on environment and systematic process across every
ethical hacking domain and methodology, giving you the opportunity to work towards proving
the required knowledge and skills needed to perform the job of an ethical hacker. You will be
exposed to an entirely different posture towards the responsibilities and measures required to
be secure.

Apply Today

Instructor Led Learning

Duration: 5 Days
Registration Open Now!

Video Learning

Duration: 5 Days
Registration Open Now!

What you will learn

  • Key issues include plaguing the
    information security world, ethical
    hacking, information security controls,
    laws, and standards.
  • Perform footprinting and
    reconnaissance using the latest
    footprinting techniques and tools as
    a critical pre-attack phase required in
    ethical hacking.
  • Network scanning techniques and
    scanning countermeasures.
  • Enumeration techniques and
    enumeration countermeasures.
  • Vulnerability analysis to identify security
    loopholes in the target organization’s
    network, communication infrastructure,
    and end systems.
  • System hacking methodology,
    steganography, steganalysis attacks,
    and covering tracks to discover system
    and network vulnerabilities.
  • Different types of malware (Trojan,
    Virus, worms, etc.), system auditing for
    malware attacks, malware analysis, and
    countermeasures.
  • Packet sniffing techniques to
    discover network vulnerabilities and
    countermeasures to defend sniffing.
  • Social engineering techniques and how
    to identify theft attacks to audit humanlevel
    vulnerabilities and suggest social
    engineering countermeasures.
  • DoS/DDoS attack techniques and
    tools to audit a target and DoS/DDoS
    countermeasures.
  • Session hijacking techniques to discover
    network-level session management,
    authentication/authorization,
    cryptographic weaknesses, and
    countermeasures.
  • Web server attacks and a
    comprehensive attack methodology
    to audit vulnerabilities in web server
    infrastructure, and countermeasures.
  • Web application attacks and
    comprehensive web application hacking
    methodology to audit vulnerabilities in
    web applications, and countermeasures.
  • SQL injection attack techniques, injection
    detection tools to detect SQL injection
    attempts, and countermeasures.
  • Wireless encryption, wireless hacking
    methodology, wireless hacking tools, and
    Wi-Fi security tools.
  • Mobile platform attack vector, android
    vulnerability exploitations, and mobile
    security guidelines and tools.
  • Firewall, IDS and honeypot evasion
    techniques, evasion tools and
    techniques to audit a network perimeter
    for weaknesses, and countermeasures.
  • Cloud computing concepts (Container
    technology, serverless computing),
    various threats/attacks, and security
    techniques and tools.
  • Penetration testing, security audit,
    vulnerability assessment, and
    penetration testing roadmap.
  • Threats to IoT and OT platforms and
    learn how to defend IoT and OT devices
    securely.
  • Cryptography ciphers, Public Key
    Infrastructure (PKI), cryptography
    attacks, and cryptanalysis tools

Basic computer skills

CompTIA A+ (IT Technician)

CompTIA N+ (Network Administration)

CompTIA S+ (Security+)

FULL COURSE OUTLINE

Lesson 1: Introduction to Ethical Hacking

  • Internet is Integral Part of Business and Personal Life – What Happens Online in 60 Seconds
  • Information Security Overview
  • Information Security Threats and Attack Vectors
  • Hacking Concepts, Types, and Phases
  • Ethical Hacking Concepts and Scope
  • Information Security Controls
  • Information Security Policies
  • Physical Security
  • Incident Management
  • What is Vulnerability Assessment?
  • Penetration Testing
  • Information Security Laws and Standards

Lesson 2: Footprinting and Reconnaissance

  • Footprinting Concepts
  • Footprinting Methodology
  • Footprinting using Advanced Google Hacking Techniques
  • Footprinting through Social Networking Sites
  • Website Footprinting
  • Email Footprinting
  • Competitive Intelligence
  • WHOIS Footprinting
  • DNS Footprinting
  • Network Footprinting
  • Footprinting through Social Engineering
  • Footprinting Tools

Lesson 3: Scanning Networks

  • Overview of Network Scanning
  • CEH Scanning Methodology
  • Check for Open Ports
  • Scanning Techniques
  • Scanning Tool: NetScan Tools Pro
  • Scanning Tools
  • Scanning Tools for Mobile
  • Port Scanning Countermeasures
  • Scanning Beyond IDS
  • Banner Grabbing
  • Scan for Vulnerability
  • Draw Network Diagrams
  • Prepare Proxies
  • Scanning Pen Testing

Lesson 4: Enumeration

  • Enumeration Concepts
  • NetBIOS Enumeration
  • Enumerating User Accounts
  • Enumerating Shared Resources Using Net View
  • SNMP Enumeration
  • LDAP Enumeration
  • NTP Enumeration
  • SMTP Enumeration
  • Enumeration Countermeasures
  • SMB Enumeration Countermeasures
  • Enumeration Pen Testing

Lesson 5: Vulnerability Analysis

Lesson 6: System Hacking

  • Information at Hand Before System Hacking Stage
  • System Hacking: Goals
  • CEH Hacking Methodology (CHM)
  • CEH System Hacking Steps
  • Cracking Passwords
  • Default Passwords
  • Active Online Attack:
  • Passive Online Attack
  • Offline Attack
  • Elcomsoft Distributed Password Recovery
  • Microsoft Authentication
  • How Hash Passwords Are Stored in Windows SAM?
  • Password Salting
  • pwdump7 and fgdump
  • Password Cracking Tools
  • Escalating Privileges
  • Executing Applications
  • Spyware
  • How to Defend Against Keyloggers
  • How to Defend Against Spyware
  • Hiding Files
  • Detecting Rootkits
  • NTFS Data Stream
  • What Is Steganography?
  • Steganalysis
  • Covering Tracks
  • Penetration Testing

Lesson 7: Malware Threats

Lesson 8: Sniffing

  • Sniffing Concepts
  • MAC Attacks
  • DHCP Attacks
  • ARP Poisoning
  • Spoofing Attack
  • DNS Poisoning
  • Sniffing Tools
  • Network Packet Analyzer
  • Counter measures
  • Sniffing Detection Techniques
  • Promiscuous Detection Tool
  • Sniffing Pen Testing

Lesson 9: Social Engineering

  • Social Engineering Concepts
  • Social Engineering Techniques
  • Watch these Movies
  • Mobile-based Social Engineering
  • Impersonation on Social Networking Sites
  • Identity Theft
  • Social Engineering Countermeasures
  • Penetration Testing

Lesson 10: Denial-of-Service

  • DoS/DDoS Concepts
  • DoS/DDoS Attack Techniques
  • Botnets
  • DDoS Case Study
  • DoS/DDoS Attack Tools
  • Counter-measures
  • DoS/DDoS Protection Tools
  • DoS/DDoS Attack Penetration Testing

Lesson 11: Session Hijacking

  • Session Hijacking Concepts
  • Application Level Session Hijacking
  • Network-level Session Hijacking
  • Session Hijacking Tools
  • Counter-measures
  • Session Hijacking Pen Testing

Lesson 12: Evading IDS, Firewalls, and Honeypots

  • IDS, Firewall and Honeypot Concepts
  • Firewall
  • Honeypot
  • Evading IDS
  • Evading Firewalls
  • IDS/Firewall Evading Tools
  • Detecting Honeypots
  • Countermeasures

Lesson 13: Hacking Webservers

  • Webserver Concepts
  • Webserver Attacks
  • Attack Methodology
  • Counter-measures
  • Patch Management
  • Webserver Security Tools
  • Webserver Pen Testing

Lesson 14: Hacking Web Applications

  • Web App Concepts
  • SQL Injection Attacks
  • How LDAP Injection Works?
  • Cross-Site Request Forgery (CSRF) Attack
  • How Cookie Poisoning Works?
  • Footprint Web Infrastructure
  • Attack Web Servers
  • Analyze Web Applications
  • Attack Authentication Mechanism
  • Authorization Attack Schemes
  • Attack Session Management Mechanism
  • Perform Injection Attacks
  • Attack Data Connectivity
  • Attack Web App Client
  • Attack Web Services
  • Web Application Security Tool
  • Web Application Pen Testing Framework

Lesson 15: SQL Injection

  • What is SQL Injection?
  • Understanding an SQL Injection Query
  • Example of a Web App Vulnerable to SQL Injection
  • Example of SQL Injection
  • Types of SQL Injection
  • Information Gathering and SQL Injection Vulnerability Detection
  • Perform Double Blind SQL Injection – Classical Exploitation (MySQL)
  • Advanced SQL Injection
  • Evasion Techniques
  • Counter-measures

Lesson 16: Hacking Wireless Networks

  • Wireless Concepts
  • Types of Wireless Antenna
  • Types of Wireless Encryption
  • Wireless Hacking Methodology
  • GPS Mapping
  • Wireless Traffic Analysis
  • Launch Wireless Attacks
  • Crack Wi-Fi Encryption
  • Wireless Hacking Tools
  • Bluetooth Hacking
  • Counter-measures

Lesson 17:Hacking Mobile Platforms

  • Mobile Platform Attack Vectors
  • Mobile Spam
  • Hacking Android OS
  • Android-based Sniffer
  • Hacking iOS
  • Hacking Windows Phone OS
  • Hacking BlackBerry
  • Mobile Device Management (MDM)
  • Mobile Security Guidelines and Tools
  • Mobile Pen Testing

Lesson 18: IoT and OT Hacking

Lesson 19: Cloud Computing

  • Introduction to Cloud Computing
  • Benefits of Virtualization in Cloud
  • Service Hijacking using Network Sniffing
  • Domain Name System (DNS) Attacks
  • Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
  • Cloud Security

Lesson 20: Cryptography

  • Market Survey 2014: The Year of Encryption
  • Encryption Algorithms
  • Message Digest (One-way Hash) Functions
  • Cryptography Tools
  • Cryptography Tools for Mobile: Secret Space Encryptor, CryptoSymm, and Cipher Sender
  • Public Key Infrastructure(PKI)
  • Email Encryption
  • Disk Encryption
  • Side Channel Attack – Scenario
  • Cryptanalysis Tools

Join Over 10,000 Students that have studied with MasterGrade IT Now

Become Part of MasterGrade IT to Further Your Career.