Certified Ethical Hacker (CEH v12) Training & Certification Course

Overview
Curriculum
Instructor
Reviews

Course Description

OVERVIEW

The Certified Ethical Hacker (CEH v12) curriculum is the most complete and up-to-date ethical hacking training available, designed to assist information security professionals in understanding the foundations of ethical hacking. The end of the hacking course assists you in becoming a professional who methodically seeks to check network infrastructures with the approval of their owner in order to uncover security holes that a malevolent hacker may potentially exploit. This hacking course assists you in assessing an organization’s security posture by detecting weaknesses in the network and system infrastructure to evaluate if unauthorised access is conceivable. The CEH is the first of a three-part curriculum (CEH, ECSA, and APT) designed to enable a cyber security expert understand penetration testing.

Course Content

Module 1: Introduction to Ethical Hacking

Key topics covered:

Elements of Information Security, Cyber Kill Chain Methodology, MITRE ATT&CK Framework, Hacker Classes, Ethical Hacking, Information Assurance (IA), Risk Management, Incident Management, PCI DSS, HIPPA, SOX, GDPR

Module 2: Foot Printing and Reconnaissance

Key topics covered:

Footprinting, Advanced Google Hacking Techniques, Deep and Dark Web Footprinting, Competitive Intelligence Gathering, Website Footprinting, Website Mirroring, Email Footprinting, Whois Lookup, DNS Footprinting, Traceroute Analysis, Footprinting Tools

Module 3: Scanning Networks

Key topics covered:

Network Scanning, Host Discovery Techniques, Port Scanning Techniques, Service Version Discovery, OS Discovery, Banner Grabbing, OS Fingerprinting, Packet Fragmentation, Source Routing, IP Address Spoofing, Scanning Tools

Module 4: Enumeration

Key topics covered:

Enumeration, NetBIOS Enumeration, SNMP Enumeration, LDAP Enumeration, NTP Enumeration, NFS Enumeration, SMTP Enumeration, DNS Cache Snooping, DNSSEC Zone Walking, IPsec Enumeration, VoIP Enumeration, RPC Enumeration, Unix/Linux User Enumeration, Enumeration Tools

Module 5: Enumeration

Key topics covered:

Module 6: System Hacking

Key topics covered:

Password Cracking, Password Attacks, Wire Sniffing, Password-Cracking Tools, Vulnerability Exploitation, Buffer Overflow, Privilege Escalation, Privilege Escalation Tools, Keylogger, Spyware, Anti-Keyloggers, Anti-Spyware, Rootkits, Anti-Rootkits, Steganography, Steganography Tools, Steganalysis, Steganography Detection Tools, Maintaining Persistence, Post Exploitation, Clearing Logs, Covering Tracks, Track-Covering Tools

Module 7: Malware Threats

Key topics covered:

Malware, Components of Malware, APT, Trojan, Types of Trojans, Exploit Kits, Virus, Virus Lifecycle, Types of Viruses, Ransomware, Computer Worms, Fileless Malware, Malware Analysis, Static Malware Analysis, Dynamic Malware Analysis, Virus Detection Methods, Trojan Analysis, Virus Analysis, Fileless Malware Analysis, Anti-Trojan Software, Antivirus Software, Fileless Malware Detection Tools

Module 8: Malware Threats

Key topics covered:

Network Sniffing, Wiretapping, MAC Flooding, DHCP Starvation Attack, ARP Spoofing Attack, ARP Poisoning, ARP Poisoning Tools, MAC Spoofing, STP Attack, DNS Poisoning, DNS Poisoning Tools, Sniffing Tools, Sniffer Detection Techniques, Promiscuous Detection Tools

Module 9: Social Engineering

Key topics covered:

Social Engineering, Types of Social Engineering, Phishing, Phishing Tools, Insider Threats/Insider Attacks, Identity Theft

Module 10: Denial-of-Service

Key topics covered:

DoS Attack, DDoS Attack, Botnets, DoS/DDoS Attack Techniques, DoS/DDoS Attack Tools, DoS/DDoS Attack Detection Techniques, DoS/DDoS Protection Tools

Module 11: Session Highjacking

Key topics covered:

Session Hijacking, Types of Session Hijacking, Spoofing, Application-Level Session Hijacking, Man-in-the-Browser Attack, Client-side Attacks, Session Replay Attacks, Session Fixation Attack, CRIME Attack, Network Level Session Hijacking, TCP/IP Hijacking, Session Hijacking Tools, Session Hijacking Detection Methods, Session Hijacking Prevention Tools

Module 12: Evading IDS, Firewalls, and Honeypots

Key topics covered:

Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Firewall, Types of Firewalls, Honeypot, Intrusion Detection Tools, Intrusion Prevention Tools, IDS Evasion Techniques, Firewall Evasion Techniques, Evading NAC and Endpoint Security, IDS/Firewall Evading Tools, Honeypot Detection Tools

Module 13: Hacking Web Servers

Key topics covered:

Web Server Operations, Web Server Attacks, DNS Server Hijacking, Website Defacement, Web Cache Poisoning Attack, Web Server Attack Methodology, Web Server Attack Tools, Web Server Security Tools, Patch Management, Patch Management Tools

Module 14: Hacking Web Applications

Key topics covered:

Web Application Architecture, Web Application Threats, OWASP Top 10 Application Security Risks – 2021, Web Application Hacking Methodology, Web API, Webhooks, and Web Shell, Web API Hacking Methodology, Web Application Security

Module 15: SQL Injection

Key topics covered:

SQL Injection, Types of SQL injection, Blind SQL Injection, SQL Injection Methodology, SQL Injection Tools, Signature Evasion Techniques, SQL Injection Detection Tools

Module 16: Hacking Wireless Networks

Key topics covered:

Wireless Terminology, Wireless Networks, Wireless Encryption, Wireless Threats, Wireless Hacking Methodology, Wi-Fi Encryption Cracking, WEP/WPA/WPA2 Cracking Tools, Bluetooth Hacking, Bluetooth Threats, Wi-Fi Security Auditing Tools, Bluetooth Security Tools

Module 17: Hacking Mobile Platforms

Key topics covered:

Mobile Platform Attack Vectors, OWASP Top 10 Mobile Risks, App Sandboxing, SMS Phishing Attack (SMiShing), Android Rooting, Hacking Android Devices, Android Security Tools, Jailbreaking iOS, Hacking iOS Devices, iOS Device Security Tools, Mobile Device Management (MDM), OWASP Top 10 Mobile Controls, Mobile Security Tools

Module 18: IoT and OT Hacking

Key topics covered:

IoT Architecture, IoT Communication Models, OWASP Top 10 IoT Threats, IoT Vulnerabilities, IoT Hacking Methodology, IoT Hacking Tools, IoT Security Tools, IT/OT Convergence (IIOT), ICS/SCADA, OT Vulnerabilities, OT Attacks, OT Hacking Methodology, OT Hacking Tools, OT Security Tools

Module 19: Cloud Computing

Key topics covered:

Cloud Computing, Types of Cloud Computing Services, Cloud Deployment Models, Fog and Edge Computing, Cloud Service Providers, Container, Docker, Kubernetes, Serverless Computing, OWASP Top 10 Cloud Security Risks, Container and Kubernetes Vulnerabilities, Cloud Attacks, Cloud Hacking, Cloud Network Security, Cloud Security Controls, Cloud Security Tools

Module 20: Cryptography

Key topics covered:

Cryptography, Encryption Algorithms, MD5 and MD6 Hash Calculators, Cryptography Tools, Public Key Infrastructure (PKI), Email Encryption, Disk Encryption, Cryptanalysis, Cryptography Attacks, Key Stretching

Course Objective

After completing the C|EH v12 certification program, you will have a thorough understanding of:

Ethical hacking fundamentals, cyber kill chain concepts, an overview of information security, security measures, and numerous information security laws and regulations.
Footprinting concepts and methodologies, as well as using footprinting tools and countermeasures.
Enumeration techniques include NFS enumeration and related tools, DNS cache snooping, and DNSSEC Zone walking along with the countermeasures.
Concepts of vulnerability assessment, its categories and strategies, and first-hand exposure to the technologies used in industry.
Phases of system hacking, attacking techniques to obtain, escalate, and maintain access on the victim and covering tracks.
Malware threats, analysis of various viruses, worms, and trojans like Emotet and battling them to prevent data. APT and Fileless Malware concepts have been introduced to this domain.
Packet sniffing concepts, techniques, and protection against the same.
Social engineering concepts and related terminologies like identity theft, impersonation, insider threats, social engineering techniques, and countermeasures.
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, use cases, and attack and defense tools.
Security solutions like firewall, IPS, honeypots, evasion, and protection.
Operational Technology (OT) essentials, threats, attack methodologies, and attack prevention. The concept of OT is a new addition.
Recognizing the vulnerabilities in IoT and ensuring the safety of IoT devices.
Encryption algorithms, Public Key Infrastructure (PKI), cryptographic attacks, and cryptanalysis.
Cloud computing, threats and security, essentials of container technology, and serverless computing.

Abhinav Motla

Requirements

Basic understanding of network essentials and core concepts, including server and network components

Target audiences

Ethical Hackers
System Administrators
Network Administrators
Engineers
Web Managers
Auditors
Security Professionals