Certified Ethical Hacking Home / Courses /Certified Ethical Hacking PST, Application Classroom Length: 5 days Times: 9:00 AM – 4:30 PM View Course Outline Lesson 1: Introduction to Ethical Hacking Essential Terminologies and Elements of Security The Security, Functionality, and Ease of Use Triangle Types of Attacks Vulnerability Research Tools and Websites Lesson 2: Foot-printing Revisiting Reconnaissance and defining Foot-printing Information Gathering Methodology Foot-printing through Job Sites and Passive Information Gathering Competitive Intelligence Gathering Public and Private Websites Tools and steps to perform Foot-printing: Lesson 3: Scanning Types, Definitions, and methods of Scanning Port Scanning, Network Scanning, Vulnerability Scanning, and checking for live systems Checking for open ports War Dialer Technique: PhoneSweep, THC Scan, SandTrap Tool Banner grabbing/OS Fingerprinting: OS, Active Stack, and Passive Fingerprinting Active Banner Grabbing Using Telnet Active Stack Fingerprinting Disabling or Changing Banner Identify Service Vulnerability scanning Draw network diagrams of Vulnerable hosts Prepare proxies Anonymizers SSL Proxy Tool HTTP Tunneling Techniques Lesson 4: Enumeration Overview of System Hacking Cycle What is Enumeration, as well as Steps and Techniques for Enumeration Netbios Null Sessions - Null Session Countermeasures – Tools Tools: DumpSec, Netview, Nbtstat, SuperScan4, Enum, sid2user, user2sid, and GetAcct PSTools SNMP Enumeration Management Information Base UNIX and SNMP UNIX Enumeration SNMP Enumeration Countermeasures Enumerate Systems Using Default Passwords Lesson 5: System Hacking Cracking Passwords and Password Types Types of Password Attacks Passive and Active Online Wire Sniffing Password Guessing Attacks Offline Attacks - Dictionary, Hybrid, Brute-force, and Pre-computed Hash Attacks Non-Technical Attacks Lesson 6: Trojans and Backdoors Overt and Covert Channels Working of Trojans Different Types of Trojans What Do Trojan Creators Look For? Different Ways a Trojan Can Get into a System Indications of a Trojan Attack Ports Used by Trojans How to determine which Ports are “Listening”? Classic Trojans Found in the Wild Lesson 7: Sniffers Protocols Vulnerable to Sniffing Types of Sniffing DNS Poisoning Techniques Interactive TCP Relay How to Detect Sniffing? AntiSniff Tool ArpWatch Tool Countermeasures Lesson 8: Denial of Service Goal, Impact and the Modes of Attack Botnets – uses and types Characteristics of DDoS Attacks Amplification Attack Reflective DNS Attacks Worms Mitigate or Stop the Effects of DDoS Attacks Deflect Attacks Post-attack Forensics Packet Traceback Lesson 9: Social Engineering Office Workers Types of Social Engineering - Human-based,Computer-based Preventing Insider Threat Common Targets of Social Engineering Factors that make Companies Vulnerable to Attacks Warning Signs of an Attack Phases in a Social Engineering Attack Countermeasures Policies and Procedures - Checklist Phishing Attacks and Identity Theft Hidden Frames, URL Obfuscation/URL Encoding Techniques DNS Cache Poisoning Attack Lesson 10: Session Hijacking Types of Session Hijacking TCP Concepts 3-Way Handshake TCP/IP Hijacking, RST Hijacking Protecting against Session Hijacking Countermeasure: IP Security Lesson 11: Hacking Web Servers How Web Servers Work, are compromised and defaced Apache Vulnerability Attacks Against IIS Countermeasures File System Traversal Countermeasures Increasing Web Server Security Web Server Protection Checklist Lesson 12: Web Application Vulnerabilities Web Application Setup & Hacking Web Application Threats Cross-Site Scripting/XSS Flaws, Countermeasures SQL Injection Command Injection Flaws, Countermeasures Cookie/Session Poisoning, Countermeasures Parameter/Form Tampering Buffer Overflow, Countermeasures Directory Traversal/Forceful Browsing, Countermeasures Cryptographic Interception Cookie Snooping Authentication Hijacking, Countermeasures Log Tampering Error Message Interception Attack Obfuscation Platform Exploits DMZ Protocol Attacks, Countermeasures Security Management Exploits Web Services Attacks Zero-Day Attacks Network Access Attacks TCP Fragmentation Lesson 13: Web-based Password Cracking Techniques Authentication Mechanisms Passwords Countermeasures Lesson 14: SQL Injection SQL Injection Techniques How to Test for SQL Injection Vulnerability? Executing Operating System Commands Getting Output of SQL Query Getting Data from the Database Using ODBC Error Message How to Mine all Column Names of a Table? How to Retrieve any Data? How to Update/Insert Data into Database? Automated SQL Injection Tool SQL Injection in Oracle SQL Injection in MySql Database Attack against SQL Servers SQL Server Resolution Service (SSRS) Osql L- Probing SQL Injection Countermeasures Preventing SQL Injection Attacks SQL Injection Blocking Tool: SQLBlock Lesson 15: Hacking Wireless Networks Types of Wireless Networks Wireless Access Points SSID Beacon Frames How to Access a WLAN Authentication and Association, Authentication Modes Authentication and (Dis)Association Attacks Rogue Access Points WEP, WPA, and WPA2 Steps for Hacking Wireless Networks Temporal Key Integrity Protocol (TKIP) LEAP: The Lightweight Extensible Authentication Protocol MAC Sniffing and AP Spoofing Man-in-the-Middle Attack (MITM) Denial-of-Service Attacks Dos Attack Tool: Fatajack Lesson 16: Virus and Worms Working of Virus How is a Worm different from a Virus? Hardware Threats, Software Threats Modes of Virus Infection Stages of Virus Life Virus Classification How does a Virus Infect? Storage Patterns of a Virus System Sector Viruses, Stealth Virus, Bootable CD-ROM Virus Virus Databases Lesson 17: Physical Security Physical Security Breach Incidents Understanding Physical Security What Is the Need for Physical Security? Who Is Accountable for Physical Security? Factors Affecting Physical Security Physical Security Checklist Information Security EPS (Electronic Physical Security) Wireless Security Blocking the Use of USB Storage Devices Lesson 18: Linux Hacking Linux Distributions Basic Commands of Linux Directories in Linux Compiling the Linux Kernel Linux Vulnerabilities Password Cracking in Linux Firewall in Linux: IPTables Linux Loadable Kernel Modules Linux Rootkits, Rootkit Countermeasures Linux Security Countermeasures Steps for Hardening Linux Lesson 19: Evading IDS, Firewalls, and Honeypots Intrusion Detection System (IDS) IDS Placement Ways to Detect an Intrusion Types of Intrusion Detection Systems System Integrity Verifiers (SIV) Tripwire Cisco Security Agent (CSA) Signature Analysis General Indications of Intrusion System Indications General Indications of Intrusion File System Indications General Indications of Intrusion Network Indications Intrusion Detection Tools Steps to Perform After an IDS Detects an Attack Evading IDS Systems Ways to Evade IDS Tools to Evade IDS IDS Evading Tool: ADMutate Packet Generators Firewall Packet Filtering Firewall Operations Hardware Firewall Software Firewall Types of Firewalls Firewall Identification Firewalking Banner Grabbing Breaching Firewalls Bypassing a Firewall Using HTTP Tunnel Placing Backdoors Through Firewalls Hiding behind a Covert Channel: LOKI ACK Tunneling Tools to Breach Firewalls Common Tool for Testing Firewall & IDS Honeypot Types of Honeypots Advantages and Disadvantages of a Honeypot Where to Place a Honeypot ? Physical and Virtual Honeypots Tools to Detect Honeypots What to do When Hacked? Lesson 20: Buffer Overflows Knowledge Required to Program Buffer Overflow Exploits Types of Buffer Overflows How to Detect Buffer Overflows in a Program Attacking a Real Program NOPS How to Mutate a Buffer Overflow Exploit Defense Against Buffer Overflows Tool to Defend Buffer Overflow Vulnerability Search – ICAT Simple Buffer Overflow in C Code Analysis Lesson 21: Cryptography Public-key Cryptography Working of Encryption Digital Signature RSA (Rivest Shamir Adleman) RC4, RC5, RC6, Blowfish Algorithms and Security Brute-Force Attack RSA Attacks Message Digest Functions One-way Bash Functions MD5 SHA (Secure Hash Algorithm) SSL (Secure Sockets Layer) RC5 SSH (Secure Shell) Government Access to Keys (GAK) RSA Challenge Distributed.net Cleversafe Grid Builder PGP (Pretty Good Privacy) Code Breaking: Methodologies Cryptography Attacks Disk Encryption Lesson 22: Penetration Testing Introduction to Penetration Testing Categories of Security Assessments Vulnerability Assessment Limitations of Vulnerability Assessment Types of Penetration Testing Risk Management Do-it-Yourself Testing Outsourcing Penetration Testing Services Terms of Engagement Project Scope Pentest Service Level Agreements Testing Points Testing Locations Automated Testing Manual Testing Using DNS Domain Name and IP Address Information Enumerating Information about Hosts on Publicly-Available Networks Testing Network-Filtering Devices Enumerating Devices Denial of Service Emulation Evaluating Different Types of Pentest Tools Asset Audit Fault Trees and Attack Trees GAP Analysis Business Impact of Threat Calculating Relative Criticality Test Dependencies Defect Tracking Tools Disk Replication Tools DNS Zone Transfer Testing Tools Network Auditing Tools Trace Route Tools and Services Network Sniffing Tools Denial-of-Service Emulation Tools Traditional Load Testing Tools System Software Assessment Tools Operating System Protection Tools Fingerprinting Tools Port Scanning Tools Directory and File Access Control Tools File Share Scanning Tools Password Directories Password Guessing Tools Link Checking Tools Web Testing-based Scripting Tools Buffer Overflow Protection Tools File Encryption Tools Database Assessment Tools Keyboard Logging and Screen Reordering Tools System Event Logging and Reviewing Tools Tripwire and Checksum Tools Mobile-Code Scanning Tools Centralized Security Monitoring Tools Web Log Analysis Tools Forensic Data and Collection Tools Security Assessment Tools Multiple OS Management Tools Phases of Penetration Testing Penetration Testing Deliverables Templates COURSE DESCRIPTION: A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). This ethical hacking course puts you in the driver’s seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! You will scan, test, hack and secure your own systems. You will be taught the five phases of ethical hacking and the ways to approach your target and succeed at breaking in every time! The course includes Reconnaissance, Gaining Access, Enumeration, Cryptography, and penetration testing. IDEAL CANDIDATES: The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. RELATED COURSES: A+ Part 1, A+ Part 2, CCNA Bootcamp, CAPM, CCSP, CISSP, CASP+, CySA+, Installation Storage and Compute with Windows Server 2016, Linux+, Network+, Querying Microsoft SQL Server, Security+, Server+