CH EHC EC-Council Ethical Hacking and Countermeasures [v.9]

Transcription

1 CH EHC EC-Council Ethical Hacking and [v.9] Summary Duration Vendor Audience 5 Days hands-on training EC-Council Security Professionals Level Technology Category Intermediate Ethical Hacking Core Delivery Method Instructor-led (Classroom) Training Credits / Vouchers N/A Introduction The Certified Ethical Hacker program is the pinnacle of the most desired information security training program any information security professional will ever want to be in. To master the hacking technologies, you will need to become one, but an ethical one! The accredited course provides the advanced hacking tools and techniques used by hackers and information security professionals alike to break into an organization. As we put it, To beat a hacker, you need to think like a hacker. This course will immerse you into the Hacker Mindset so that you will be able to defend against future attacks. The security mindset in any organization must not be limited to the silos of a certain vendor, technologies or pieces of equipment. This ethical hacking course puts you in the driver s seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! You will scan, test, hack and secure your own systems. You will be taught the five phases of ethical hacking and taught how you can approach your target and succeed at breaking in every time! The five phases include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks! Prerequisites The knowledge and skills that a learner must have before attending this course is as follows: Have successfully completed EC-Council s Network Security Administrator (ENSA) course or Have successfully completed Comptia s Security+ (IN-SE) course There is a minimum age requirement that applies and attendance of the Ethical Hacking and training course or attempts at the relevant exam, is restricted to candidates who are at least 18 years old Course Objectives Upon completing this course, the learner will be able to: Master an ethical hacking methodology that can be used in a penetration testing or ethical hacking situation. You walk out the door with ethical hacking skills that are highly in demand, as well as the internationally recognized Certified Ethical Hacker certification! This course prepares you for EC-Council Certified Ethical Hacker exam Target Audience This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

2 Course Content 1. Introduction to Ethical Hacking Internet is an Integral Part of Business and Personal Life What happens online in 60 Seconds Information Security Overview Information Security Threats and Attack Vectors Hacking Concepts, Types and Phases Ethical Hacking Concepts and Scope Information Security Controls Information Security Laws and Standards 2. Footprinting and Reconnaissance Footprinting Concepts Footprinting Methodology Footprinting Tools Footprinting Footprinting Penetration Testing 3. Scanning Networks Overview of Network Scanning CEH Scanning Methodology Checking for Open Ports Scanning Beyond IDS Banner Grabbing Scan for Vulnerability Draw Network Diagrams Prepare Proxies Scanning Pen Testing 4. Enumeration Enumeration Concepts NetBIOS Enumeration SNMP Enumeration LDAP Enumeration NTP Enumeration SMTP Enumeration Enumeration SMB Enumeration Enumeration Pen Testing 5. System Hacking Information at Hand Before System Hacking Stage System Hacking: Goals CEH Hacking Methodology (CHM) CEH System Hacking Steps Cracking Passwords Password Cracking Types of Password Attacks Non-Electronic Attacks Active Online Attack Dictionary, Brute Forcing and Rule-based Attack Password Guessing Default Passwords Active Online Attack: Trojan/Spyware/Keylogger Example of Active Online Attack Using USB Drive Hash Injection Attack Passive Online Attack Wire Sniffing Man-in-the-Middle and Replay Attack Offline Attack Rainbow Attacks Tools to Create Rainbow Tables: rtgen and Winrtgen Distributed Network Attack Elcomsoft Distributed Password Recovery Microsoft Authentication How Hash Passwords Are Stored in Windows SAM? NTLM Authentication Process Kerberos Authentication Password Salting pwdump7 and fgdump Password Cracking Tools L0phtCrack and Ophcrack Cain & Abel and RainbowCrack Password Cracking Tools Password Cracking Tool for Mobile: FlexiSPY Password Grabber How to Defend against Password Cracking Implement and Enforce Strong Security Policy CEH System Hacking Steps Escalating Privileges Privilege Escalation Privilege Escalation Using DLL Hijacking Privilege Escalation Tool: Password Changer Privilege Escalation Tools How to Defend Against Privilege Escalation Executing Applications RemoteExec PDQ Deploy DameWare Remote Support Keylogger Types of Keystroke Loggers Hardware Keyloggers Keylogger: All In One Keylogger Keyloggers for Windows Keylogger for Mac: Amac Keylogger for Mac Keyloggers for MAC Spyware Spyware: Spytech SpyAgent Spyware: Power Spy 2014 What Does the Spyware Do? Spyware USB Spyware: USBSpy Audio Spyware: Spy Voice Recorder and Sound Snooper

3 Video Spyware: WebCam Least Significant Bit Insertion Penetration Testing Recorder Masking and Filtering Password Cracking Cellphone Spyware: Mobile Spy Algorithms and Transformation Privilege Escalation Telephone/Cellphone Spyware Image Steganography: Executing Applications GPS Spyware: SPYPhone QuickStego Hiding Files GPS Spyware Image Steganography Tools How to Defend Against Document Steganography: Keyloggers wbstego 6. Malware Threats Anti-Keylogger: Zemana Document Steganography Tools Introduction to Malware AntiLogger Video Steganography Trojan Concepts Anti-Keylogger Video Steganography: OmniHide Types of Trojans How to Defend Against Spyware PRO and Masker Virus and Worm Concepts Anti-Spyware: Video Steganography Tools Malware Reverse Engineering SUPERAntiSpyware Audio Steganography Malware Detection Anti-Spyware Audio Steganography: Hiding Files DeepSound Anti-Malware Software Rootkits Audio Steganography Tools Penetration Testing Types of Rootkits Folder Steganography: Invisible How Rootkit Works Secrets 4 7. Sniffing Rootkit Folder Steganography Tools Sniffing Concepts Avatar Spam/ Steganography: MAC Attacks Necurs Spam Mimic DHCP Attacks Azazel Steganography Tools for Mobile ARP Poisoning ZeroAccess Phones Spoofing Attack Detecting Rootkits Steganalysis DNS Poisoning Steps for Detecting Rootkits Steganalysis Methods/Attacks Sniffing Tools How to Defend against Rootkits on Steganography Sniffing Tool: Wireshark Anti-Rootkit: Stinger and Detecting Text and Image Follow TCP Stream in Wireshark UnHackMe Steganography Display Filters in Wireshark Anti-Rootkits Detecting Audio and Video Additional Wireshark Filters NTFS Data Stream Steganography Sniffing Tool How to Create NTFS Streams Steganography Detection Tool: Packet Sniffing Tool: Capsa NTFS Stream Manipulation Gargoyle Investigator Forensic Network Analyser How to Defend against NTFS Pro Network Packet Analyser Streams Steganography Detection Tools Counter measures NTFS Stream Detector: Sniffing Detection Techniques StreamArmor Sniffing Pen Testing NTFS Stream Detectors Disabling Auditing: Auditpol What Is Steganography? Clearing Logs 8. Social Engineering Classification of Steganography Manually Clearing Event Logs Social Engineering Concepts Types of Steganography based Ways to Clear Online Tracks Social Engineering Techniques on Cover Medium Tool: CCleaner Impersonation on Social Whitespace Steganography Tool: MRU- Networking Sites Tool: SNOW Blaster Identity Theft Image Steganography Track Covering Tools

4 Social Engineering Penetration Testing 9. Denial of Service DoS/DDoS Concepts DoS/DDoS Attack Techniques Botnets DDoS Case Study DoS/DDoS Attack Tools Counter-measures DoS/DDoS Protection Tools DoS/DDoS Attack Penetration Testing 10. Session Hijacking Session Hijacking Concepts Application Level Session Hijacking Network-level Session Hijacking Session Hijacking Tools Counter-measures Session Hijacking Pen Testing 11. Hacking Webservers Webserver Concepts Webserver Attacks Attack Methodology Webserver Attack Tools Counter-measures Patch Management Webserver Security Tools Webserver Pen Testing 12. Hacking Web Applications Web App Concepts Web App Threats Web App Hacking Methodology Web Application Hacking Tools Security Tools Web App Pen Testing 13. SQL Injection SQL Injection Concepts Types of SQL Injection SQL Injection Methodology Advanced SQL Injection SQL Injection Tools Evasion Techniques Counter-measures 14. Hacking Wireless Networks Wireless Concepts Wireless Encryption Wireless Threats Wireless Hacking Methodology Wireless Hacking Tools Bluetooth Hacking Counter-measures Wireless Security Tools Wi-Fi Pen Testing 15. Hacking Mobile Platforms Mobile Platform Attack Vectors Hacking Android OS Hacking ios Hacking Windows Phone OS Hacking BlackBerry Mobile Device Management (MDM) Mobile Security Guidelines and Tools Mobile Pen Testing 16. Evading IDS, Firewalls, and Honeypots IDS, Firewall and Honeypot Concepts IDS, Firewall and Honeypot System Evading IDS Evading Firewalls IDS/Firewall Evading Tools Detecting Honeypots IDS/Firewall Evasion Penetration Testing 17. Cloud Computing Introduction to Cloud Computing Cloud Computing Threats Cloud Computing Attacks Cloud Security Cloud Security Tools Cloud Penetration Testing 18. Cryptography Market Survey 2014: The Year of Encryption Case Study: Heartbleed Case Study: Poodlebleed Cryptography Concepts Encryption Algorithms Cryptography Tools Public Key Infrastructure(PKI) Encryption Disk Encryption Cryptography Attacks Cryptanalysis Tools

5 Associated Certifications & Exam The CEH certification Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendorneutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. This course prepares you for EC-Council Certified Ethical Hacker exam *. Exam Info: Number of Questions: 125 Passing Score: 70% Test Duration: 4 Hours Test Format: Multiple Choice On successful completion of this course students will receive a Torque IT attendance certificate *When you attend any authorized EC Council training course at Torque IT you will receive the associated Prime IBT examination voucher as part of your course material. Your certification examination voucher can be used to book and pay for your certification examination at an Authorized EC Council Testing Center (ETC) only. If you are not able to sit your certification examination at Torque IT, and you have no other ETC locally available, you do have the ability to convert your Prime IBT examination voucher into a Pearson VUE examination voucher, at an additional cost of USD100.