Course Code: 2403

EC-Council Certified Ethical Hacker v9 CEH

Class Dates:
1/1/0001
Length:
5 Days
Cost:
$2995.00
Class Time:
Technology:
Security
Delivery:
Virtual Instructor-Led Training, Instructor-Led Training

Overview

  • Course Overview
  • CEH v9 is a comprehensive ethical hacking and information systems security auditing program focusing on latest security threats, advanced attack vectors and practical real time demonstration of latest hacking techniques, methodologies, tools, tricks and security measures. Our researchers have invested thousands of man hours researching the latest trends and uncovering the covert techniques used by the underground community.

    The new CEH v9 completely map to National Initiative for Cybersecurity Education (NICE) framework - NICE's speciality area category 'Protect and Defend.

    CNSS 4013 Recognition Recognition by National Security Agency (NSA) and the Committee on National Security Systems (CNSS) Standard based required training for network security professionals.

    ANSI Accredited Exam Process ANSI/ISO/IEC 17024 Standard exam development process High quality certification exam.
  • Audience
  • This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

Prerequisites

  • One year of experience managing Windows/Unix/Linux systems or equivalent knowledge and skills Good Understanding of TCP/IP. Software

    Professionals with basic knowledge of networking services.

Course Details

  • Introduction to Ethical Hacking
  • Internet Crime Current Report: IC3
  • Data Breach Investigations Report
  • Types of Data Stolen From the Organizations
  • Essential Terminologies
  • Elements of Information Security
  • Authenticity and Non-Repudiation
  • The Security, Functionality, and Usability Triangle
  • Security Challenges, Effects of Hacking,
  • Who is a Hacker?, Hacktivism, What Does a Hacker Do?
  • Why Ethical Hacking is Necessary?, What Do Ethical Hackers Do?
  • Defense in Depth, Skills of an Ethical Hacker
  • Scope and Limitations of Ethical Hacking
  • .
  • Phase 1 - Reconnaissance
  • Phase 2 - Scanning
  • Phase 3 – Gaining Access
  • Phase 4 – Maintaining Access
  • Phase 5 – Covering Tracks
  • Types of Attacks on a System
  • Operating System Attacks
  • Application-Level Attacks
  • Shrink Wrap Code Attacks
  • Misconfiguration Attacks
  • Vulnerability Research and Websites
  • What is Penetration Testing?, Why? and Methodology
  • Footprinting and Reconnaissance
  • What is Footprinting?
  • Objectives of Footprinting and Threats
  • Finding a Company’s URL and Locate Internal URLs
  • Public and Restricted Websites
  • Search for Company’s Information
  • Tools to Extract Company’s Data
  • People Search
  • Gather Information from Financial Services
  • Footprinting Through Job Sites
  • Monitoring Target Using Alerts
  • Competitive Intelligence Gathering
  • WHOIS Lookup
  • .
  • Extracting DNS Information
  • Locate the Network Range
  • Traceroute and Mirroring Entire Website
  • Extract Website Information from http://www.archive.org
  • Footprint Using Google Hacking Techniques
  • What a Hacker Can Do With Google Hacking?
  • Google Advance Search Operators
  • Google Hacking Tool: Google Hacking Database (GHDB)
  • Additional Footprinting Tools
  • Footprinting Countermeasures and Pen Testing
  • Scanning Networks
  • Types of Scanning, Checking for Live Systems - ICMP Scanning
  • Ping Sweep, Tools, Three-Way Handshake
  • TCP Communication Flags, Hping2 / Hping3, Commands
  • Scanning Techniques, TCP Connect / Full Open Scan, Stealth Scan (Half-open Scan)
  • Xmas Scan, FIN Scan, NULL Scan, IDLE Scan,
  • ICMP Echo Scanning/List Scan, SYN/FIN Scanning Using IP Fragments
  • UDP Scanning, Inverse TCP Flag Scanning, ACK Flag Scanning
  • Scanning: IDS Evasion Techniques, IP Fragmentation Tools,
  • Scanning Tool: Nmap, NetScan Tools Pro,
  • Do Not Scan These IP Addresses (Unless you want to get into trouble)
  • Scanning Countermeasures, War Dialing, Why?and Tools,
  • War Dialing Countermeasures: SandTrap Tool
  • .
  • OS Fingerprinting, Banner Grabbing Tool: ID Serve,
  • Banner Grabbing Tool: Netcraft
  • Banner Grabbing Countermeasures: Disabling or Changing Banner
  • Hiding File Extensions from Webpages
  • Vulnerability Scanning
  • LANsurveyor, Network Mappers, Why Attackers Use Proxy Servers?
  • Free Proxy Servers, Workbench, reate Chain of Proxy Servers
  • SocksChain, TOR (The Onion Routing)
  • Why do I Need HTTP Tunneling?Super Network Tunnel Tool
  • SSH Tunneling, Proxy Tool, Anonymizers
  • Case: Bloggers Write Text Backwards to Bypass Web Filters in China
  • IP Spoofing Detection Techniques: Direct TTL Probes
  • Enumeration
  • What is Enumeration?Techniques, Netbios Enumeration
  • Enumerating User Accounts, Systems Using Default Passwords
  • SNMP (Simple Network Management Protocol) Enumeration
  • UNIX/Linux Enumeration
  • LDAP Enumeration
  • NTP Enumeration
  • SMTP Enumeration
  • DNS Zone Transfer Enumeration Using nslookup
  • Enumeration Countermeasures
  • Enumeration Pen Testing
  • System Hacking
  • Information at Hand Before System Hacking Stage
  • System Hacking: Goals
  • CEH Hacking Methodology (CHM)
  • Password Cracking
  • Microsoft Authentication, How Hash Passwords are Stored in Windows SAM?
  • What is LAN Manager Hash?
  • Kerberos Authentication, Salting, PWdump7 and Fgdump, L0phtCrack,Ophcrack
  • Cain & Abel, RainbowCrack, Password Cracking Tools,
  • LM Hash Backward Compatibility, How to Defend against Password Cracking?
  • Privilege Escalation, Active@ Password Changer,Privilege Escalation Tools
  • How to Defend against Privilege Escalation?
  • Executing Applications, Alchemy Remote Executor, RemoteExec
  • .
  • RemoteExec, Execute This!, Keylogger,Types of Keystroke Loggers
  • Acoustic/CAM Keylogger, Keyloggers
  • Spyware, How to Defend against Keyloggers?
  • How to Defend against Spyware?, Rootkits
  • NTFS Data Stream
  • What is Steganography?
  • Video Steganography: Our Secret, Audio Steganography: Mp3stegz
  • Folder Steganography: Invisible Secrets 4,Spam/Email Steganography: Spam Mimic
  • Natural Text Steganography: Sams Big G Play Maker
  • Covering Tracks Tool: Window Washer
  • System Hacking Penetration Testing
  • CEH Hacking Methodology (CHM)
  • .
  • Password Cracking
  • How Hash Passwords are Stored in Windows SAM?
  • What is LAN Manager Hash?
  • Kerberos Authentication
  • Trojans & Backdoors
  • What is a Trojan?, Overt and Covert Channels
  • Purpose of Trojans, What Do Trojan Creators Look For?
  • Indications of a Trojan Attack, Common Ports used by Trojans
  • How to Infect Systems Using a Trojan?
  • Wrappers, Different Ways a Trojan can Get into a System,
  • How to Deploy a Trojan?, Evading Anti-Virus Techniques
  • Types of Trojans, Destructive Trojans,Notification Trojans, Credit Card Trojans
  • Data Hiding Trojans (Encrypted Trojans)
  • BlackBerry Trojan: PhoneSnoop, MAC OS X Trojan: DNSChanger
  • How to Detect Trojans?, Process Monitoring Tool: What's Running
  • Scanning for Suspicious Registry Entries
  • Scanning for Suspicious Device Drivers
  • .
  • Scanning for Suspicious Windows Services, Startup Programs, Files and Folders,Network Activities
  • Trojan Countermeasures, Backdoor Countermeasures, Trojan Horse Construction Kit
  • Anti-Trojan Software: TrojanHunter, Emsisoft Anti-Malware,
  • Pen Testing for Trojans and Backdoors
  • Viruses & Worms
  • Introduction to Viruses, Virus and Worm Statistics 2010
  • Stages of Virus Life
  • Working of Viruses: Infection Phase, Attack Phase
  • Why Do People Create Computer Viruses?
  • Indications of Virus Attack
  • How does a Computer get Infected by Viruses?
  • Virus Hoaxes, Analysis:, Types of Viruses
  • Transient and Terminate and Stay Resident Viruses
  • Writing a Simple Virus Program
  • Computer Worms
  • Example of Worm Infection: Conficker Worm
  • Worm Analysis:
  • .
  • Worm Maker: Internet Worm Maker Thing
  • Anti-Virus Sensors Systems
  • Malware Analysis Procedure, String Extracting Tool: Bintext,
  • Compression and Decompression Tool: UPX
  • Process Monitoring Tools: Process Monitor
  • Debugging Tool: Ollydbg
  • Virus Analysis Tool: IDA Pro, Online Malware Testing:
  • Online Malware Analysis Services
  • Virus Detection Methods, Virus and Worms Countermeasures
  • Anti-virus Tools
  • Penetration Testing for Virus
  • Working of Viruses: Infection Phase
  • Sniffers
  • Sniffing Concepts
  • MAC Attacks
  • DHCP Attacks
  • ARP Poisoning
  • Spoofing Attack
  • DNS Poisoning
  • Sniffing Tools
  • Counter measures
  • Social Engineering
  • What is Social Engineering? Why?
  • Warning Signs of an Attack
  • Phases in a Social Engineering Attack
  • Impact on the Organization
  • Command Injection Attacks, Common Targets of Social Engineering
  • Types of Social Engineering, Insider Attack,
  • Common Intrusion Tactics and Strategies for Prevention
  • Social Engineering Through Impersonation on Social Networking Sites
  • Risks of Social Networking to Corporate Networks
  • Identity Theft Statistics 2010
  • Real Steven Gets Huge Credit Card Statement
  • Identity Theft - Serious Problem
  • .
  • Social Engineering Countermeasures: Policies
  • How to Detect Phishing Emails?
  • Identity Theft Countermeasures
  • Social Engineering Pen Testing
  • Behaviors Vulnerable to Attacks
  • Insider Attack
  • Common Intrusion Tactics and Strategies for Prevention
  • Social Engineering Through Impersonation on Social Networking Sites
  • Risks of Social Networking to Corporate Networks
  • Identity Theft Statistics 2010
  • Real Steven Gets Huge Credit Card Statement
  • Identity Theft - Serious Problem
  • Denial of Service
  • What is Distributed Denial of Service Attacks?
  • Symptoms of a DoS Attack, Cyber Criminals
  • Internet Chat Query (ICQ), Internet Relay Chat (IRC)
  • DoS Attack Techniques
  • Botnet
  • WikiLeak Operation Payback
  • DoS Attack Tools
  • Detection Techniques
  • DoS/DDoS Countermeasure Strategies
  • Post-attack Forensics
  • Techniques to Defend against Botnets
  • Enabling TCP Intercept on Cisco IOS Software
  • Session Hijacking
  • What is Session Hijacking?, Dangers Posed by Hijacking, Why?
  • Key Session Hijacking Techniques, Brute Forcing, HTTP Referrer Attack
  • Spoofing vs. Hijacking
  • Packet Analysis of a Local Session Hijack
  • Predictable Session Token, Man-in-the-Middle Attack, Browser Attack
  • Client-side Attacks, Cross-site Script Attack,
  • The 3-Way Handshake,Network Level, TCP/IP Hijacking
  • IP Spoofing: Source Routed Packets,RST and Blind Hijacking
  • IPSec, Session Hijacking Pen Testing
  • Hijacking Webservers
  • Webserver Market Shares, Open Source Webserver Architecture
  • IIS Webserver Architecture, Website Defacement
  • Case Study, Why Web Servers are Compromised?
  • Impact of Webserver Attacks, Webserver Misconfiguration
  • Directory Traversal Attacks
  • HTTP Response Splitting Attack
  • Webserver Password Cracking
  • Webserver Attack Methodology
  • Webserver Attack Tools, Web Password Cracking Tool
  • What is Patch Management?, Patches and Hotfixes
  • Patch Management Tool: Microsoft Baseline Security Analyzer (MBSA)
  • Webserver Malware Infection Monitoring Tool: HackAlert
  • Hijacking Web Applications
  • Web Application Security Statistics
  • Web Application Components
  • How Web Applications Work?
  • Web Application Architecture
  • Web 2.0 Applications, Vulnerability Stack
  • Web Attack Vectors, Web Application Threats - 1 and 2
  • Unvalidated Input, Parameter/Form Tampering
  • Directory Traversal, Security Misconfiguration
  • Injection Flaws, What is LDAP Injection?, How?,
  • Cross-Site Scripting (XSS) Attacks
  • Web Application Denial-of-Service (DoS) Attack
  • Cookie/Session Poisoning
  • .
  • Buffer Overflow Attacks, Session Fixation Attack
  • Improper Error Handling, Insecure Cryptographic Storage
  • Web Services Architecture
  • Footprint Web Infrastructure
  • Web Spidering Using Burp Suite
  • Hacking Web Servers, Analyze Web Applications
  • Username Enumeration,
  • Password Attacks: Password Functionality Exploits
  • Password Attacks: Password Guessing
  • Password Attacks: Brute-forcing
  • Authorization Attack, Encoding Schemes,
  • Web Application Firewall: dotDefender, IBM AppScan,ServerDefender VP