EC Council Certified Ethical Hacker V8

Transcription

1 Course Code: ECCEH8 Vendor: Cyber Course Overview Duration: 5 RRP: 2,445 EC Council Certified Ethical Hacker V8 Overview This class will immerse the delegates into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each delegate in-depth knowledge and practical experience with the current essential security systems. Delegates will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Delegates then learn how intruders escalate privileges and what steps can be taken to secure a system. They will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a delegate leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. Target Audience: This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Legal Agreement: Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent. Not anyone can be a delegate - the Accredited Training Centers (ATC) will make sure the applicants work for legitimate companies or organisations. By attending this course you agree to the EC Council legal agreement - download here Certification: The computer based exam is conducted on the last day of the course. Delegates may alternatively choose to sit the exam at a later date (delegates opting to sit their exam at a later date must book on to the last day of a future scheduled CEH course). Please note: In line with the EC Council's ANSI exam policies, Candidates who pass the CeH exam may be chosen at random to sit a mandatory CRA (Candidate Retesting Audit) exam. The CRA is an additional examination that consists of 30 questions, you will have 60 minutes to complete this exam. In order to release your certification, you must pass the CRA with a score of at least 70. Candidates selected for this process will be contacted directly by the EC Council. Delegates will learn how to Course Outline CEHv8 Curriculum consists of instructor-led training and self-study. The Instructor will provide the details of selfstudy modules to the delegates beginning of the class. Module 01: Introduction to Ethical Hacking Information Security Overview

2 Information Security Threats and Attack Vectors Hacking Concepts Hacking Phases Types of Attacks Information Security Controls Module 02: Footprinting and Reconnaissance Footprinting Concepts Footprinting Threats Footprinting Methodology Website Footprinting Footprinting Competitive Intelligence Footprinting using Google WHOIS Footprinting DNS Footprinting Network Footprinting Footprinting through Social Engineering Footprinting through Footprinting Tools Footprinting Countermeasures Footprinting Penetration Testing Module 03: Scanning Networks Overview of Network Scanning CEH Scanning Methodology Scanning Beyond IDS Banner Grabbing Scan for Vulnerability Draw Network Diagrams Prepare Proxies Scanning Pen Testing Module 04: Enumeration Enumeration Concepts NetBIOS Enumeration SNMP Enumeration UNIX/Linux Enumeration LDAP Enumeration NTP Enumeration SMTP Enumeration DNS Enumeration Enumeration Countermeasures SMB Enumeration Countermeasures Enumeration Pen Testing Module 05: System Hacking Information at Hand Before System Hacking Stage System Hacking: Goals CEH Hacking Methodology (CHM) CEH System Hacking Steps Module 06: Trojans and Backdoors Trojan Concepts Trojan Infection Types of Trojans Trojan Detection Anti-Trojan Software Pen Testing for Trojans and Backdoors Module 07: Viruses and Worms

3 Virus and Worms Concepts Types of Viruses Computer Worms Malware Analysis Penetration Testing for Virus Module 08: Sniffers Sniffing Concepts MAC Attacks DHCP Attacks ARP Poisoning Spoofing Attack DNS Poisoning Sniffing Tools Counter measures Sniffing Pen Testing Module 09: Social Engineering Social Engineering Concepts Social Engineering Techniques Imperso-nation on Social Networking Sites Identity Theft Social Engineering Countermeasures Social Engineering Pen Testing Module 10: Denial of Service DoS/DDoS Concepts DoS Attack Techniques Botnet DDoS Case Study DoS Attack Tools DoS/DDoS Protection Tools Denial-of-Service (DoS) Attack Penetration Testing Module 11: Session Hijacking Session Hijacking Concepts Network-level Session Hijacking Session Hijacking Tools Session Hijacking Pen Testing Module 12: Hacking Webservers Webserver Concepts Webserver Attacks Attack Methodology Patch Management Webserver Security Tools Webserver Pen Testing Module 13: Hacking Web Applications Web App Concepts Web App Threats Web App Hacking Methodology Web Application Hacking Tools Security Tools Web App Pen Testing

4 Module 14: SQL Injection SQL Injection Concepts Testing for SQL Injection Types of SQL Injection Blind SQL Injection SQL Injection Methodology Advanced SQL Injection SQL Injection Tools Evasion Techniques Module 15: Hacking Wireless Networks Wireless Concepts Wireless Encryption Wireless Threats Wireless Hacking Methodology Wireless Hacking Tools Bluetooth Hacking Wireless Security Tools Wi-Fi Pen Testing Module 16: Hacking Mobile Platforms Mobile Platform Attack Vectors Hacking Android OS Hacking ios Hacking Windows Phone OS Hacking BlackBerry Mobile Device Management (MDM) Mobile Security Guidelines and Tools Mobile Pen Testing Module 17: Evading IDS, Firewalls, and Honeypots IDS, Firewall and Honeypot Concepts IDS, Firewall and Honeypot System Evading IDS Evading Firewalls Detecting Honeypots Firewall Evading Tools Penetration Testing Module 18: Buffer Overflow Buffer Overflow Concepts Buffer Overflow Methodology Buffer Overflow Examples Buffer Overflow Detection Buffer Overflow Counter-measures Buffer Overflow Security Tools Buffer Overflow Penetration Testing Module 19: Cryptography Cryptography Concepts Encryption Algorithms Cryptography Tools Public Key Infrastructure(PKI) Encryption Disk Encryption Cryptography Attacks Cryptanalysis Tools

5 Module 20: Penetration Testing Pen Testing Concepts Types of Pen Testing Pen Testing Techniques Pen Testing Phases Pen Testing Roadmap Outsourcing Pen Testing Services Prerequisites MCSE or CCNA equivalent knowledge or experience. EC Council - Network Security Administrator knowledge or experience. No certifications are required to attend course or take the C EH exam, just the knowledge. Due to the intensive nature of this course it may be required for delegates to attend the class up to each day. Delegates will be informed by the delivering instructor what the approximate finish time will be. Additionally, delegates will also be expected to undertake self study work in the evenings of the course. Please be aware, the CEH v8 course covers approx. 70% of what is needed to pass the EC Council CEH v8 exam. The exam also covers other background items and requires the equivalent knowledge from the EC Council NSA course and 4-5 years IT experience to pass. Special Notices