Certified Ethical Hacking and Countermeasures

Certified Ethical Hacking and Countermeasures (CEH101)

Course Length: 5 days
Delivery Methods: Available as private class only
Course Overview

This Certified Ethical Hacking and Countermeasures training certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems, and uses the same knowledge and tools as a malicious hacker with a goal of providing better security for organizations and defending against attacks.

Course Benefits
  • Understand how perimeter defenses work.
  • Learn to scan and attack your own networks.
  • Learn how intruders escalate privileges, and examine what steps can be taken to secure a system.
  • Learn about intrusion detection, policy creation, social engineering, open source intelligence, incident handling, and log interpretation.
Course Outline
  1. Ethics and Legal Issues
    1. Elements of Security and Terminology
    2. Malicious Hackers and Ethical Hackers
    3. Skill Profile of an Ethical Hacker
    4. Modes of Ethical Hacking and Security Testing
    5. Computer Crimes and Implications
    6. Legal Issues
  2. Footprinting
    1. Defining Footprinting
    2. Information Gathering Methodology
    3. Locate the Network Range
    4. Hacking Tools
  3. Scanning
    1. Definition and types of Scanning
    2. Objectives of Scanning
    3. Methodology and Classification of Scanning
    4. OS Fingerprinting andActive Stack Fingerprinting
    5. Passive Fingerprinting
    6. Proxy Servers
    7. Hacking Tools + Countermeasures
  4. Enumeration
    1. What is Enumeration
    2. NetBIOS Null Sessions + Countermeasures
    3. NetBIOS Enumeration
    4. Hacking Tool: NBTScan
    5. SNMP Enumeration Countermeasures
    6. Management Information Base (MIB)
    7. Blocking Win 2k DNS Zone Transfer
    8. Enumerating User Accounts
    9. AD Enumeration and Countermeasures
  5. System Hacking
    1. Administrator Password Guessing
    2. Manual Password Cracking Algorithm
    3. Automated Password Cracking & Guessing
    4. Password Types and Password Attacks
    5. Sniffing, NetBIOS DoS Attack
    6. LAN Manager Hash Syskey Utility
    7. Password Cracking Countermeasures
    8. SMB Logon & Hacking Tool: SMBRelay
    9. Privilege Escalation, Keystroke Loggers
    10. Hiding Files & Creating Alternate Data Streams
    11. ADS creation and detection
    12. NTFS Streams Countermeasures
    13. Stealing Files Using Word Documents
    14. Field Code Countermeasures
    15. Steganography & Steganography tools
    16. Spyware Tool-Desktop Spy
  6. Trojans and Backdoors
    1. What Trojan Creators look for
    2. Different ways a Trojan can get into a system
    3. Indications of a Trojan Attack
    4. Some famous Trojans and ports used by them
    5. How to determine which ports are “Listening”?
    6. Different Trojans found in the Wild
    7. BoSniffer, Wrappers
    8. Reverse WWW Shell-Covert Channels using HTTP
    9. Tripwire, Process Viewer
    10. Insider-Tracks Processes and Ports
    11. System File Verification
    12. Trojan Horse & Anti-Trojan
    13. Evading Anti-Trojan/Anti-Virus
    14. Reverse Engineering Trojans
    15. Backdoor Countermeasures
  7. Sniffers
    1. Sniffing and how Sniffers work?
    2. Passive and Active Sniffing
    3. Man-in-the-Middle Attacks
    4. ARP Poisoning and countermeasures
    5. Hacking Tools
  8. Denial-of-Service
    1. Goal of DoS (Denial of Service)
    2. Impact and Modes of Attack
    3. DoS Attack Classification
    4. Hacking Tools
    5. Distributed DoS Attacks and Characteristics
    6. Agent Handler Model
    7. DoS Attack taxonomy &DoS Tools
    8. Reflected DoS Attacks
    9. Tools for Detecting DoS Attacks
    10. Defensive Tool: Zombie Zapper
    11. Worms: Slammer and MyDoom.B
  9. Social Engineering
    1. What is Social Engineering?
    2. Art of Manipulation and Human Weakness
    3. Common Types of Social Engineering
    4. Human Based Impersonation
    5. Example of Social Engineering
    6. Computer Based Social Engineering
    7. Reverse Social Engineering
    8. Policies and procedures
    9. Security Policies-checklist
  10. Session Hijacking
    1. Understanding Session Hijacking
    2. Spoofing vs. Hijacking
    3. Steps in Session Hijacking
    4. Types of Session Hijacking
    5. TCP Concepts 3 Way Handshake
    6. Sequence numbers
    7. Hacking Tools
    8. Dangers Posed by Session Hijacking
    9. Protection against Session Hijacking
    10. Countermeasures: IP Security
  11. Hacking Web Servers
    1. How are Web Servers Compromised?
    2. Popular Web Servers and Security Threats
    3. Apache Vulnerability & Attack against IIS
    4. Sample Buffer Overflow Vulnerabilities
    5. ISAPI.DLL Exploit
    6. Code Red and ISAPI.DLL Exploit
    7. Unicode Directory Traversal Vulnerability
    8. Msw 3prt IPP Vulnerability
    9. IPP Buffer Overflow Countermeasures
    10. Unspecified Executed Path Vulnerability
    11. File System Traversal Countermeasures
    12. WebDAV/ntdlll.dll Vulnerability
    13. Hacking Tools, Hot Fixes and Patches
    14. Vulnerability Scanners
    15. Network Tools & Countermeasures
    16. Increasing Web Server Security
  12. Web Application Vulnerabilities
    1. Web Application set-up and Hacking
    2. Web Application Threats and Countermeasures
    3. Cross Site Scripting/XSS Flaws
    4. SQL Injection Flaws
    5. Cookie/Session Poisoning
    6. Parameter/Form Tampering + Buffer Overflow
    7. Directory Traversal/Forceful Browsing
    8. Cryptographic Interception
    9. Log Tampering + Error Message Interception
    10. Attack Obfuscation + Platform Exploits
    11. Internet Explorer Exploits + DMZ Protocol Attacks
    12. Security Management Exploits
    13. Web Services Attacks + Zero Day Attacks
    14. Network Access Attacks + TCP Fragmentation
  13. Web-Based Password Cracking Techniques
    1. Authentication-Definition and Mechanisms
    2. HTTP, Basic, and Digest Authentication
    3. Negotiate Authentication
    4. Certificate Forms Based Authentication
    5. Microsoft Passport Authentication
    6. What is a Password Cracker?
    7. Modus Operandi of an Attacker
    8. Attacks-Classification
    9. Password Guessing & Password Crackers Available
  14. SQL Injection
    1. Attacking SQL Servers
    2. SQL Server Resolution Service (SSRS)
    3. Osql-L Probing & Port Scanning
    4. Sniffing, Brute Forcing
    5. Tools for SQL Server Penetration Testing
    6. OLE DB Errors and Input Validation Attack
    7. Login Guessing and Insertion
    8. Shutting Down SQL Server
    9. Extended Stored Procedures
    10. SQL Server Talks
    11. Preventive Measures
  15. Hacking Wireless Networks
    1. Detecting a Wireless Network
    2. Advantages and Disadvantages of Wireless
    3. Antennas, SSIDs, WEP Tools
    4. Access Point Positioning + Rogue Access Points
    5. What is Wireless Equivalent Privacy (WEP)?
    6. MAC Sniffing and AP Spoofing
    7. Tools to detect MAC Address Spoofing:
    8. Denial of Service Attacks
    9. DoS Attack Tool: FATAjack
    10. Man-in-the-Middle Attack (MITM)
    11. Scanning Tools, Sniffing Tools, Multi-use Tools
    12. Auditing Tool: bsd-airtool
    13. WIDZ-Wireless Detection Intrusion System
    14. Securing Wireless Networks
    15. Radius: Used as Additional Layer in Security
    16. Maximum Security: add VPN to Wireless LAN
  16. Viruses and Worms
    1. Virus Characteristics & Symptoms
    2. How is a worm different from a virus?
    3. Indications of a Virus Attack
    4. Virus history and damage
    5. Effect of Virus on Business
    6. Access Methods of a Virus and Mode of Virus
    7. Life Cycle of a virus
    8. Virus/worm found in the wild
    9. Writing a simple virus program
    10. Virus Construction Kits + Virus Creation Scripts
    11. Virus Detection Methods and Incident Response
    12. Anti-Virus Software, Virus Checkers and Analyzes
  17. Physical Security
    1. Security Statistics and Physical breach incidents
    2. Understanding Physical Security
    3. Who is Accountable for Physical Security?
    4. Factors affecting Physical Security
    5. Physical Security Checklist
    6. Lock Picking and Spying Techniques
  18. Hacking Linux
    1. Linux basics & Linux Vulnerabilities
    2. How to apply patches to vulnerable programs
    3. Password cracking in Linux
    4. Linux Loadable Kernel Modules
    5. Linux Rootkits + Rootkit countermeasures
    6. Linux Security & testing tools
    7. Advanced Intrusion Detection System (AIDE)
    8. Linux Encryption tools, Log and traffic monitors
    9. Linux Security Auditing tool (LSAT)
    10. Linux Security countermeasures
  19. DS, Firewalls and Honeypots
    1. Intrusion Detection Systems & Tools
    2. Ways to Detect Intrusion
    3. Steps to Perform after an IDS detects an intrusion
    4. Evading IDS systems & Tools to Evade IDS
    5. Firewall Identification and Firewalking
    6. Banner Grabbing and Breaching Firewalls
  20. Buffer Overflows
    1. Significance of Buffer Overflow Vulnerability
    2. Why are Programs/Applications Vulnerable?
    3. Reasons for Buffer Overflow Attacks
    4. Writing Buffer Overflow Exploits
    5. Understanding Stack Implementation
    6. Stack based Buffer overflow + Shellcode
    7. Heap Based Buffer Overflow
    8. How to detect Buffer Overflows in a Program?
    9. Attacking a real program
    10. Countermeasures
  21. Cryptography
    1. Public-Key Cryptography and Working Encryption
    2. Digital Signature and Certificate
    3. RSA and RSA Attacks
    4. MD5,SHA,SSL,RC5, SSH
    5. Government Access to Keys (GAK)
    6. PGP (Pretty Good Privacy)
    7. Code Breaking Methodologies
    8. Cryptography Attacks
  22. Penetration Testing Methodologies
    1. Penetration Test vs. Vulnerability Test
    2. Reliance on Checklists and Templates
    3. Phases of Penetration Testing & Testing Tools
    4. Passive Reconnaissance & Best Practices
    5. Security Assessment vs. Security Auditing
    6. Vulnerability Assessment vs. Penetration Testing
    7. Do-it yourself Testing & Professional Firms
    8. Pen-Test Service Level Agreements & Insurance
    9. Black Box, White Box, and Grey Box Testing
    10. Manual And Automated Penetration Testing
    11. Evaluating Different Types of Pen-Test Tools
    12. Asset Audit, Fault Tree and Attack Trees
    13. Device, Web Server, Perimeter Firewall Inventory
    14. Load Balancer Inventory
    15. Demilitarized Zone Firewall
    16. Internal Switch Network Sniffer
    17. Application and Database Server Inventory
    18. Name Controller and Domain Name Server
    19. Physical Security, ISP Routers
    20. Legitimate Network Traffic Threat
    21. Network Traffic & Running Process Threats
    22. Loss of Confidential Information & Business Impact
    23. Pre and Post-testing dependencies
    24. Failure Management & Test Documentation
  23. Take CEH Exam or Exam Prep
Class Materials

Each student will receive a comprehensive set of materials, including course notes and all the class examples.

Class Prerequisites

Experience in the following is required for this Microsoft Security class:

  • At least two years of information technology security experience.
  • A strong working knowledge of TCP/IP.
  • A basic familiarity with Linux.
Live Private Class
  • Private Class for your Team
  • Live training
  • Online or On-location
  • Customizable
  • Expert Instructors
Request Proposal