Professional Training

Certified Ethical Hacker (CEH) is a professional course from EC-Council designation for hackers that perform legitimate services for IT companies and other organizations. A CEH is hired to locate and repair application and system security vulnerabilities to preempt exploitations by black hat hackers and others with potentially illegal intentions.

DOMAIN 1 —INTRODUCTION TO ETHICAL HACKING

• Cover the fundamentals of key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.

DOMAIN 2 —FOOT PRINTING AND RECONNAISSANCE

• Learn how to use the latest techniques and tools to perform foot printing and reconnaissance, a critical pre-attack phase of the ethical hacking process.
• Foot printing Concepts
• Search Engines foot printing
• Web Services foot printing
• Social Network Sites foot printing
• Website Foot printing
• Email foot printing
• Whois Foot printing
• DNS Foot printing
• Network Foot printing
• Foot printing via Social Engineering
• Tools for foot printing
• Foot printing Countermeasures

DOMAIN 3—SCANNING NETWORKS

• Learn different network scanning techniques and countermeasures.

• Scanning tools
• Host discovery
• Port and services discovery
• OS discovery
• Scanning beyond IDS and Firewall
• Network scanning countermeasures

• DOMAIN 4—ENUMERATION

• Learn various enumeration techniques, such as Border Gateway Protocol (BGP) and Network File Sharing (NFS) exploits, and associated countermeasures.
• NetBios Enumeration
• SNMP Enumeration
• LDAP Enumeration
• NTP and NFS Enumeration
• DNS Enumeration
• SMTP Enumeration
• RPC Enumeration,
• SMB Enumeration
• FTP Enumeration
• Enumeration countermeasures

DOMAIN 5—VULNERABILITY ANALYSIS

• Learn how to identify security loopholes in a target organization’s network, communication infrastructure, and end systems.
• Assessment concept
• Assessment tools
• Assessment classification and Types
• Assessment report

DOMAIN 6 —SYSTEM HACKING

• Learn about the various system hacking methodologies—including steganography, steganalysis attacks, and covering tracks—used to discover system and network vulnerabilities.
• Perform Online active attack by cracking the system’s password.
• Perform buffer overflow attack to gain remote access.
• Escalate privileges using privilege escalation tools.
• Escalate privileges in Linux machine.
• Hide data using steganography.
• Clear windows and Linus machine logs using various utilities.
• Hiding artifacts in windows and Linux machines

DOMAIN 7—MALWARE THREATS

• Get an introduction to the different types of malwares such as Trojans, viruses, and worms, as well as system auditing for malware attacks, malware analysis, and countermeasures.
• Gaining control over a victim machine using Trojan.
• Infect the target system using a virus.
• Perform static and dynamic malware analysis.
• Malware, components of malware and APT.
• Trojan, Types and Exploit Kits.
• Virus, Virus Lifecycle, Types of Viruses.
• Ransomware, Computer Worms.
• Fileless malware, Malware, Malware Analysis, Dynamic Malware Analysis.
•  Virus Detection Methods, Trojan Analysis, Ant—Trojan Software, Antivirus Software and Fileless Malware Detection Tools.

DOMAIN 8 —SNIFFING

• Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against sniffing attacks.
• Perform MAC flooding.
• ARP poisoning.
• MITM and DHCP starvation attack.
• Perform network sniffing using various sniffing tools.
• Detect ARP poisoning in a switch-based network.
• Network Sniffing
• Wiretapping
• MAC flooding
• DHCP Starvation Attack
• ARP Spoofing Attack
• ARP Poisoning
• ARP Poisoning Tools
• MAC Spoofing
• STP Attack
• DNS Poisoning
• DNS poisoning Tools
• Sniffing Tools
• Sniffer Detection techniques.
• Promiscuous Detection Tools

DOMAIN 9 —SOCIAL ENGINEERING

• Learn social engineering concepts and techniques, including how to identify theft attempts, audit human-level vulnerabilities, and suggest social engineering countermeasures.
• Perform social engineering using various techniques.
• Spoof a MAC address of a Linux machine.
• Detect a phishing attack.
• Audit an organization’s security for phishing attacks.
• Social Engineering concepts
• Types of social Engineering
• Phishing
• Phishing Tools
• Insider Threats/Insider Attacks,
• Identity Theft
• Social Engineering countermeasures

DOMAIN 10 — DENIAL-OF-SERVICE

• Learn about different Denial of Service (DoS) and Distributed DoS (DDoS) attack techniques, as well as the tools used to audit a target and devise DoS and DDoS countermeasures and protections.
• Perform a DoS and DDos attack on a target host.
• Detect and protect against Dos and DDoS attacks.
• Dos Attack
• DDos Attack
• Botnets
• Dos/DDos Attack techniques
• Dos/DDos Attack Tools
• Dos/DDos Attack Detection techniques
• Dos/DDos protection Tools
• Dos/DDos Attack countermeasures

DOMAIN 11 —SESSION HIJACKING

• Understand the various session hijacking techniques used to discover network-level session management, authentication, authorization, and cryptographic weaknesses and associated countermeasures.
• Perform session hijacking using various tools.
• Detect session Hijacking.
• Session Hijacking concept
• Types of session Hijacking
• Spoofing
• Application-Level Session Hijacking
• Man-in-the-Browser Attack
• Client-side Attacks
• Session Replay Attacks
• Session Fixation Attack
• CRIME Attack
• Network Level Session Hijacking
• TCP/IP Hijacking
• Session Hijacking Tools
• Session Hijacking Detection methods
• Session Hijacking prevention Tools

DOMAIN 12 —EVADING IDS, FIREWALLS, AND HONEYPOTS

• Get introduced to firewall, intrusion detection system, and honeypot evasion techniques; the tools used to audit a network perimeter for weaknesses; and countermeasures.
• Bypass window Firewall
• Bypass firewall rules using tunneling.
• Bypass Antivirus
• IDS, IPS ,Firewall and Honeypot concepts
• IDS, IPS ,Firewall and Honeypot solutions
• Evading IDS
• Evading Firewalls
• Evading NAC and Endpoint security
• IDS/Firewall Evading Tools
• Detecting Honeypots
• IDS/Firewall Evasion countermeasures.

DOMAIN 13—HACKING WEB SERVERS

• Learn about web server attacks, including a comprehensive attack methodology used to audit vulnerabilities in web server infrastructures and countermeasures.
• Perform web server reconnaissance using various tools.
• Enumerate web server information.
• Crack FTP credentials using a dictionary attack.
• Web server operations
• Web server Attacks
• DNS Server Hijacking
• Website Defacement
• Web Cache poisoning Attack
• Web Server Attack Methodology
• Web Server Attack Tools
• Web Server Security Tools
• Patch management
• Patch Management tools

DOMAIN 14 —HACKING WEB APPLICATIONS

• Learn about web application attacks, including a comprehensive web application hacking methodology used to audit vulnerabilities in web applications and countermeasures.
• Perform web application reconnaissance using various tools.
• Perform web spidering.
• Perform web application vulnerability scanning.
• Perform a brute-force attack.
• Perform cross-site Request Forgery (CSRF) Attack.
• Identify XSS vulnerabilities in web applications.
• Detect web application vulnerabilities using various web application security tools.
• Web application Architecture
• Web Application Threats
• OWASP Top 10 Application security Risk-2021
• Web Application Hacking Methodology
• Web API
• Webhooks
• Web shell
• Web API Hacking Methodology
• Web application security

DOMAIN 15 —SQL INJECTION

• Learn about SQL injection attack techniques, injection detection tools, and countermeasures to detect and defend against SQL injection attempts.
• Perform an SQL injection attack against MSSQL to extract database.
• Detect SQL injection vulnerabilities using various SQL injection detection tools.
• SQL injection concept
• Types of SQL injection
• Bind SQL injection.
• SQL injection Methodology
• SQL injection Tools
• Signature Evasion Techniques
• SQL injection Detection Tools

DOMAIN 16 — HACKING WIRELESS NETWORKS

• Learn about wireless encryption, wireless hacking methodologies and tools, and Wi-Fi security tools.
• Footprint a wireless network
• Perform wireless traffic analysis.
• Crack WEP, WPA and WPA2 networks.
• Create a rogue access point to capture data packets
• Wireless Terminology
• Wireless networks
• Wireless Encryption
• Wireless threats
• Wireless Hacking methodology
• Wi-Fi Encryption cracking
• WEP/WPA/WPA2 cracking tools
• Bluetooth Hacking
• Bluetooth threats
• Wi-Fi security Auditing tools
• Bluetooth security Tools

DOMAIN 17 —HACKING MOBILE PLATFORMS

• Learn about mobile platform attack vectors, Android vulnerability exploits, and mobile security guidelines and tools.
• Hack an Android device by creating binary payloads.
• Exploit the Android platform through ADB.
• Hack an Android device by creating APK file.
• Secure Android devices using various Android security tools.
• Mobile platform Attack vectors
• OWASP top 10 Mobile Risk
• App sandboxing
• SMS Phishing Attack (SMiShing).
• Android Rooting
• Hacking Android Devices
• Android security
• Jailbreaking iOS
• Hacking Ios Devices
• ios Device security Tools
• Mobile Device management (MDM)
• OWASP top 10 mobile controls.
• Mobile security tools.

DOMAIN 18 —IOT HACKING

• Learn how to secure and defend Internet of Things (IoT) and operational technology (OT) devices and possible threats to IoT and OT platforms.
• Gather information using online foot printing tools.
• Capture and analyze IoT devices traffic.
• IoT Architecture
• IoT communication models
• OWASP top 10 threats.
• IoT Vulnerabilities
• IoT Hacking methodology.
• IoT Hacking tools.
• IoT security tools
• IT/OT convergence (IIOT)
• ICS/SCADA
• OT vulnerabilities
• OT attacks
• OT Hacking methodology
• OT Hacking tools
• OT security tools

DOMAIN 19—CLOUD COMPUTING

• Learn different cloud computing concepts, such as container technologies and server less computing, various cloud-based threats and attacks, and cloud security techniques and tools.
• Perform S3 Bucket enumeration using various S3 bucket enumeration tools.
• Exploit open S3 buckets.
• Escalate IAM user privileges by exploiting misconfigure user policy.
• Cloud computing concept
• Types of cloud computing services
• Cloud computing models
• Fog and edge computing
• Cloud services providers
• Container
• Docker
• Kubernetes
• Serverless computing
• OWASP top 10 cloud security risks.
• Container and Kubernetes vulnerabilities
• Cloud attacks\Cloud Hacking
• Cloud network security
• Cloud security controls
• Cloud security tools

DOMAIN 20 —CRYPTOGRAPHY

• In the final module, learn about cryptography and ciphers, public-key infrastructure, cryptography attacks, and cryptanalysis tools.
• Calculate MD5 hashes.
• Perform file and text message encryption.
• Create and use self-signed certificates.
• Perform email and disk encryption.
• Perform cryptanalysis using various cryptanalysis tools.
• Cryptography
• Encryption Algorithms
• MD5 and MD6 Hash calculators.
• Cryptography tools
• Public key infrastructure (PKI)
• Email Encryption
• Disk Encryption
• Cryptanalysis
• Cryptography attacks
• Key stretching

Who should learn Security plus?

• IT Administrator.
• Security Engineers.
• Network Administrators.
• Managers.
• Ethical Hackers.
• IT Professionals.
• Security Consultants.
• Penetration Testers.
• NOC Technician.
• System Administrator.
• Network Engineer.
• Information Security Analyst
• Vulnerability Assessment Analyst

What will I be able to do at the end of the training?

• Ability to identify tactics developed by hackers to attack networks and will be able to develop counter measures to defend this act.
• How to install and configure network and host-based security technologies.
• Know cryptographic and standards used across products technologies.
• Develop strategies for disaster recovery and fault tolerance.
• Know how wireless and remote access security is being enforced.