Certified Ethical Hacking and Countermeasures (CEH101)
Course Length: 5 days
Delivery Methods:
Available as private class only
Course Overview
This Certified Ethical Hacking and Countermeasures training certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems, and uses the same knowledge and tools as a malicious hacker with a goal of providing better security for organizations and defending against attacks.
Course Benefits
- Understand how perimeter defenses work.
- Learn to scan and attack your own networks.
- Learn how intruders escalate privileges, and examine what steps can be taken to secure a system.
- Learn about intrusion detection, policy creation, social engineering, open source intelligence, incident handling, and log interpretation.
Course Outline
- Ethics and Legal Issues
- Elements of Security and Terminology
- Malicious Hackers and Ethical Hackers
- Skill Profile of an Ethical Hacker
- Modes of Ethical Hacking and Security Testing
- Computer Crimes and Implications
- Legal Issues
- Footprinting
- Defining Footprinting
- Information Gathering Methodology
- Locate the Network Range
- Hacking Tools
- Scanning
- Definition and types of Scanning
- Objectives of Scanning
- Methodology and Classification of Scanning
- OS Fingerprinting andActive Stack Fingerprinting
- Passive Fingerprinting
- Proxy Servers
- Hacking Tools + Countermeasures
- Enumeration
- What is Enumeration
- NetBIOS Null Sessions + Countermeasures
- NetBIOS Enumeration
- Hacking Tool: NBTScan
- SNMP Enumeration Countermeasures
- Management Information Base (MIB)
- Blocking Win 2k DNS Zone Transfer
- Enumerating User Accounts
- AD Enumeration and Countermeasures
- System Hacking
- Administrator Password Guessing
- Manual Password Cracking Algorithm
- Automated Password Cracking & Guessing
- Password Types and Password Attacks
- Sniffing, NetBIOS DoS Attack
- LAN Manager Hash Syskey Utility
- Password Cracking Countermeasures
- SMB Logon & Hacking Tool: SMBRelay
- Privilege Escalation, Keystroke Loggers
- Hiding Files & Creating Alternate Data Streams
- ADS creation and detection
- NTFS Streams Countermeasures
- Stealing Files Using Word Documents
- Field Code Countermeasures
- Steganography & Steganography tools
- Spyware Tool-Desktop Spy
- Trojans and Backdoors
- What Trojan Creators look for
- Different ways a Trojan can get into a system
- Indications of a Trojan Attack
- Some famous Trojans and ports used by them
- How to determine which ports are “Listening”?
- Different Trojans found in the Wild
- BoSniffer, Wrappers
- Reverse WWW Shell-Covert Channels using HTTP
- Tripwire, Process Viewer
- Insider-Tracks Processes and Ports
- System File Verification
- Trojan Horse & Anti-Trojan
- Evading Anti-Trojan/Anti-Virus
- Reverse Engineering Trojans
- Backdoor Countermeasures
- Sniffers
- Sniffing and how Sniffers work?
- Passive and Active Sniffing
- Man-in-the-Middle Attacks
- ARP Poisoning and countermeasures
- Hacking Tools
- Denial-of-Service
- Goal of DoS (Denial of Service)
- Impact and Modes of Attack
- DoS Attack Classification
- Hacking Tools
- Distributed DoS Attacks and Characteristics
- Agent Handler Model
- DoS Attack taxonomy &DoS Tools
- Reflected DoS Attacks
- Tools for Detecting DoS Attacks
- Defensive Tool: Zombie Zapper
- Worms: Slammer and MyDoom.B
- Social Engineering
- What is Social Engineering?
- Art of Manipulation and Human Weakness
- Common Types of Social Engineering
- Human Based Impersonation
- Example of Social Engineering
- Computer Based Social Engineering
- Reverse Social Engineering
- Policies and procedures
- Security Policies-checklist
- Session Hijacking
- Understanding Session Hijacking
- Spoofing vs. Hijacking
- Steps in Session Hijacking
- Types of Session Hijacking
- TCP Concepts 3 Way Handshake
- Sequence numbers
- Hacking Tools
- Dangers Posed by Session Hijacking
- Protection against Session Hijacking
- Countermeasures: IP Security
- Hacking Web Servers
- How are Web Servers Compromised?
- Popular Web Servers and Security Threats
- Apache Vulnerability & Attack against IIS
- Sample Buffer Overflow Vulnerabilities
- ISAPI.DLL Exploit
- Code Red and ISAPI.DLL Exploit
- Unicode Directory Traversal Vulnerability
- Msw 3prt IPP Vulnerability
- IPP Buffer Overflow Countermeasures
- Unspecified Executed Path Vulnerability
- File System Traversal Countermeasures
- WebDAV/ntdlll.dll Vulnerability
- Hacking Tools, Hot Fixes and Patches
- Vulnerability Scanners
- Network Tools & Countermeasures
- Increasing Web Server Security
- Web Application Vulnerabilities
- Web Application set-up and Hacking
- Web Application Threats and Countermeasures
- Cross Site Scripting/XSS Flaws
- SQL Injection Flaws
- Cookie/Session Poisoning
- Parameter/Form Tampering + Buffer Overflow
- Directory Traversal/Forceful Browsing
- Cryptographic Interception
- Log Tampering + Error Message Interception
- Attack Obfuscation + Platform Exploits
- Internet Explorer Exploits + DMZ Protocol Attacks
- Security Management Exploits
- Web Services Attacks + Zero Day Attacks
- Network Access Attacks + TCP Fragmentation
- Web-Based Password Cracking Techniques
- Authentication-Definition and Mechanisms
- HTTP, Basic, and Digest Authentication
- Negotiate Authentication
- Certificate Forms Based Authentication
- Microsoft Passport Authentication
- What is a Password Cracker?
- Modus Operandi of an Attacker
- Attacks-Classification
- Password Guessing & Password Crackers Available
- SQL Injection
- Attacking SQL Servers
- SQL Server Resolution Service (SSRS)
- Osql-L Probing & Port Scanning
- Sniffing, Brute Forcing
- Tools for SQL Server Penetration Testing
- OLE DB Errors and Input Validation Attack
- Login Guessing and Insertion
- Shutting Down SQL Server
- Extended Stored Procedures
- SQL Server Talks
- Preventive Measures
- Hacking Wireless Networks
- Detecting a Wireless Network
- Advantages and Disadvantages of Wireless
- Antennas, SSIDs, WEP Tools
- Access Point Positioning + Rogue Access Points
- What is Wireless Equivalent Privacy (WEP)?
- MAC Sniffing and AP Spoofing
- Tools to detect MAC Address Spoofing:
- Denial of Service Attacks
- DoS Attack Tool: FATAjack
- Man-in-the-Middle Attack (MITM)
- Scanning Tools, Sniffing Tools, Multi-use Tools
- Auditing Tool: bsd-airtool
- WIDZ-Wireless Detection Intrusion System
- Securing Wireless Networks
- Radius: Used as Additional Layer in Security
- Maximum Security: add VPN to Wireless LAN
- Viruses and Worms
- Virus Characteristics & Symptoms
- How is a worm different from a virus?
- Indications of a Virus Attack
- Virus history and damage
- Effect of Virus on Business
- Access Methods of a Virus and Mode of Virus
- Life Cycle of a virus
- Virus/worm found in the wild
- Writing a simple virus program
- Virus Construction Kits + Virus Creation Scripts
- Virus Detection Methods and Incident Response
- Anti-Virus Software, Virus Checkers and Analyzes
- Physical Security
- Security Statistics and Physical breach incidents
- Understanding Physical Security
- Who is Accountable for Physical Security?
- Factors affecting Physical Security
- Physical Security Checklist
- Lock Picking and Spying Techniques
- Hacking Linux
- Linux basics & Linux Vulnerabilities
- How to apply patches to vulnerable programs
- Password cracking in Linux
- Linux Loadable Kernel Modules
- Linux Rootkits + Rootkit countermeasures
- Linux Security & testing tools
- Advanced Intrusion Detection System (AIDE)
- Linux Encryption tools, Log and traffic monitors
- Linux Security Auditing tool (LSAT)
- Linux Security countermeasures
- DS, Firewalls and Honeypots
- Intrusion Detection Systems & Tools
- Ways to Detect Intrusion
- Steps to Perform after an IDS detects an intrusion
- Evading IDS systems & Tools to Evade IDS
- Firewall Identification and Firewalking
- Banner Grabbing and Breaching Firewalls
- Buffer Overflows
- Significance of Buffer Overflow Vulnerability
- Why are Programs/Applications Vulnerable?
- Reasons for Buffer Overflow Attacks
- Writing Buffer Overflow Exploits
- Understanding Stack Implementation
- Stack based Buffer overflow + Shellcode
- Heap Based Buffer Overflow
- How to detect Buffer Overflows in a Program?
- Attacking a real program
- Countermeasures
- Cryptography
- Public-Key Cryptography and Working Encryption
- Digital Signature and Certificate
- RSA and RSA Attacks
- MD5,SHA,SSL,RC5, SSH
- Government Access to Keys (GAK)
- PGP (Pretty Good Privacy)
- Code Breaking Methodologies
- Cryptography Attacks
- Penetration Testing Methodologies
- Penetration Test vs. Vulnerability Test
- Reliance on Checklists and Templates
- Phases of Penetration Testing & Testing Tools
- Passive Reconnaissance & Best Practices
- Security Assessment vs. Security Auditing
- Vulnerability Assessment vs. Penetration Testing
- Do-it yourself Testing & Professional Firms
- Pen-Test Service Level Agreements & Insurance
- Black Box, White Box, and Grey Box Testing
- Manual And Automated Penetration Testing
- Evaluating Different Types of Pen-Test Tools
- Asset Audit, Fault Tree and Attack Trees
- Device, Web Server, Perimeter Firewall Inventory
- Load Balancer Inventory
- Demilitarized Zone Firewall
- Internal Switch Network Sniffer
- Application and Database Server Inventory
- Name Controller and Domain Name Server
- Physical Security, ISP Routers
- Legitimate Network Traffic Threat
- Network Traffic & Running Process Threats
- Loss of Confidential Information & Business Impact
- Pre and Post-testing dependencies
- Failure Management & Test Documentation
- Take CEH Exam or Exam Prep
Class Materials
Each student will receive a comprehensive set of materials, including course notes and all the class examples.
Class Prerequisites
Experience in the following is required for this Microsoft Security class:
- At least two years of information technology security experience.
- A strong working knowledge of TCP/IP.
- A basic familiarity with Linux.