Price 15,000.00 GST

Course Features
language
Language: English
access_time
40 hours
spellcheck
Study Level: Intermediate
terrain
Certificate of Completion

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

Ethical Hacking and Countermeasures

Course Outline

(Version 10)

Module 01: Introduction to Ethical Hacking

Information Security Overview

▪ Internet is Integral Part of Business and Personal Life – What Happens Online in 60 Seconds

▪ Essential Terminology

▪ Elements of Information Security

▪ The Security, Functionality, and Usability Triangle

Information Security Threats and Attack Vectors

▪ Motives, Goals, and Objectives of Information Security Attacks

▪ Top Information Security Attack Vectors

▪ Information Security Threat Categories

▪ Types of Attacks on a System

▪ Information Warfare

Hacking Concepts

 What is Hacking?

  •  Who is a Hacker?
  •  Hacker Classes
  •  Hacking Phases
  •  Reconnaissance
  •  Scanning

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

o Gaining Access

o Maintaining Access

o Clearing Tracks

Ethical Hacking Concepts

▪ What is Ethical Hacking?

▪ Why Ethical Hacking is Necessary

▪ Scope and Limitations of Ethical Hacking

▪ Skills of an Ethical Hacker

Information Security Controls

▪ Information Assurance (IA)

▪ Information Security Management Program

▪ Enterprise Information Security Architecture (EISA)

▪ Network Security Zoning

▪ Defense-in-Depth

▪ Information Security Policies

o Types of Security Policies

o Examples of Security Policies

o Privacy Policies at Workplace

o Steps to Create and Implement Security Policies

o HR/Legal Implications of Security Policy Enforcement

▪ Physical Security

o Types of Physical Security Control

o Physical Security Controls

▪ What is Risk?

o Risk Management

o Key Roles and Responsibilities in Risk Management

▪ Threat Modeling

▪ Incident Management

o Incident Management Process

o Responsibilities of an Incident Response Team

▪ Security Incident and Event Management (SIEM)

 

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

o SIEM Architecture

▪ User Behavior Analytics (UBA)

▪ Network Security Controls

o Access Control

o Types of Access Control

o User Identification, Authentication, Authorization and Accounting

▪ Identity and Access Management (IAM)

▪ Data Leakage

o Data Leakage Threats

o What is Data Loss Prevention (DLP)?

▪ Data Backup

▪ Data Recovery

▪ Role of AI/ML in Cyber Security

Penetration Testing Concepts

▪ Penetration Testing

▪ Why Penetration Testing

▪ Comparing Security Audit, Vulnerability Assessment, and Penetration Testing

▪ Blue Teaming/Red Teaming

▪ Types of Penetration Testing

▪ Phases of Penetration Testing

▪ Security Testing Methodology

Information Security Laws and Standards

▪ Payment Card Industry Data Security Standard (PCI-DSS)

▪ ISO/IEC 27001:2013

▪ Health Insurance Portability and Accountability Act (HIPAA)

▪ Sarbanes Oxley Act (SOX)

▪ The Digital Millennium Copyright Act (DMCA)

▪ Federal Information Security Management Act (FISMA)

▪ Cyber Law in Different Countries

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline Module 02: Footprinting and Reconnaissance

Footprinting Concepts

▪ What is Footprinting?

▪ Objectives of Footprinting

Footprinting through Search Engines

▪ Footprinting through Search Engines

▪ Footprint Using Advanced Google Hacking Techniques

▪ Information Gathering Using Google Advanced Search and Image Search

▪ Google Hacking Database

▪ VoIP and VPN Footprinting through Google Hacking Database

Footprinting through Web Services

▪ Finding Company’s Top-level Domains (TLDs) and Sub-domains

▪ Finding the Geographical Location of the Target

▪ People Search on Social Networking Sites and People Search Services

▪ Gathering Information from LinkedIn

▪ Gather Information from Financial Services

▪ Footprinting through Job Sites

▪ Monitoring Target Using Alerts

▪ Information Gathering Using Groups, Forums, and Blogs

▪ Determining the Operating System

▪ VoIP and VPN Footprinting through SHODAN

Footprinting through Social Networking Sites

▪ Collecting Information through Social Engineering on Social Networking Sites

Website Footprinting

▪ Website Footprinting

▪ Website Footprinting using Web Spiders

▪ Mirroring Entire Website

▪ Extracting Website Information from https://archive.org

▪ Extracting Metadata of Public Documents

▪ Monitoring Web Pages for Updates and Changes

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

Email Footprinting

▪ Tracking Email Communications

▪ Collecting Information from Email Header

▪ Email Tracking Tools

Competitive Intelligence

▪ Competitive Intelligence Gathering

▪ Competitive Intelligence – When Did this Company Begin? How Did it Develop?

▪ Competitive Intelligence – What Are the Company’s Plans?

▪ Competitive Intelligence – What Expert Opinions Say About the Company

▪ Monitoring Website Traffic of Target Company

▪ Tracking Online Reputation of the Target

Whois Footprinting

▪ Whois Lookup

▪ Whois Lookup Result Analysis

▪ Whois Lookup Tools

▪ Finding IP Geolocation Information

DNS Footprinting

▪ Extracting DNS Information

▪ DNS Interrogation Tools

Network Footprinting

▪ Locate the Network Range

▪ Traceroute

▪ Traceroute Analysis

▪ Traceroute Tools

Footprinting through Social Engineering

▪ Footprinting through Social Engineering

▪ Collect Information Using Eavesdropping, Shoulder Surfing, and Dumpster Diving

Footprinting Tools

▪ Maltego

▪ Recon-ng

▪ FOCA

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ Recon-Dog

▪ OSRFramework

▪ Additional Footprinting Tools

Countermeasures

▪ Footprinting Countermeasures

Footprinting Pen Testing

▪ Footprinting Pen Testing

▪ Footprinting Pen Testing Report Templates

Module 03: Scanning Networks

Network Scanning Concepts

▪ Overview of Network Scanning

▪ TCP Communication Flags

▪ TCP/IP Communication

▪ Creating Custom Packet Using TCP Flags

▪ Scanning in IPv6 Networks

Scanning Tools

▪ Nmap

▪ Hping2 / Hping3

o Hping Commands

▪ Scanning Tools

▪ Scanning Tools for Mobile

Scanning Techniques

▪ Scanning Techniques

o ICMP Scanning – Checking for Live Systems

o Ping Sweep – Checking for Live Systems

  • Ping Sweep Tools

o ICMP Echo Scanning

o TCP Connect / Full Open Scan

o Stealth Scan (Half-open Scan)

o Inverse TCP Flag Scanning

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

o Xmas Scan

o ACK Flag Probe Scanning

o IDLE/IPID Header Scan

o UDP Scanning

o SSDP and List Scanning

▪ Port Scanning Countermeasures

Scanning Beyond IDS and Firewall

▪ IDS/Firewall Evasion Techniques

o Packet Fragmentation

o Source Routing

o IP Address Decoy

o IP Address Spoofing

  • IP Spoofing Detection Techniques: Direct TTL Probes
  • IP Spoofing Detection Techniques: IP Identification Number
  • IP Spoofing Detection Techniques: TCP Flow Control Method
  • IP Spoofing Countermeasures

o Proxy Servers

  • Proxy Chaining
  • Proxy Tools
  • Proxy Tools for Mobile

o Anonymizers

  • Censorship Circumvention Tools: Alkasir and Tails
  • Anonymizers
  • Anonymizers for Mobile

Banner Grabbing

▪ Banner Grabbing

▪ How to Identify Target System OS

▪ Banner Grabbing Countermeasures

Draw Network Diagrams

▪ Drawing Network Diagrams

▪ Network Discovery and Mapping Tools

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ Network Discovery Tools for Mobile

Scanning Pen Testing

▪ Scanning Pen Testing

Module 04: Enumeration

Enumeration Concepts

▪ What is Enumeration?

▪ Techniques for Enumeration

▪ Services and Ports to Enumerate

NetBIOS Enumeration

▪ NetBIOS Enumeration

▪ NetBIOS Enumeration Tools

▪ Enumerating User Accounts

▪ Enumerating Shared Resources Using Net View

SNMP Enumeration

▪ SNMP (Simple Network Management Protocol) Enumeration

▪ Working of SNMP

▪ Management Information Base (MIB)

▪ SNMP Enumeration Tools

LDAP Enumeration

▪ LDAP Enumeration

▪ LDAP Enumeration Tools

NTP Enumeration

▪ NTP Enumeration

▪ NTP Enumeration Commands

▪ NTP Enumeration Tools

SMTP and DNS Enumeration

▪ SMTP Enumeration

▪ SMTP Enumeration Tools

▪ DNS Enumeration Using Zone Transfer

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

Other Enumeration Techniques

▪ IPsec Enumeration

▪ VoIP Enumeration

▪ RPC Enumeration

▪ Unix/Linux User Enumeration

Enumeration Countermeasures

▪ Enumeration Countermeasures

Enumeration Pen Testing

▪ Enumeration Pen Testing

Module 05: Vulnerability Analysis

Vulnerability Assessment Concepts

▪ Vulnerability Research

▪ Vulnerability Classification

▪ What is Vulnerability Assessment?

▪ Types of Vulnerability Assessment

▪ Vulnerability-Management Life Cycle

o Pre-Assessment Phase: Creating a Baseline

o Vulnerability Assessment Phase

o Post Assessment Phase

Vulnerability Assessment Solutions

▪ Comparing Approaches to Vulnerability Assessment

▪ Working of Vulnerability Scanning Solutions

▪ Types of Vulnerability Assessment Tools

▪ Characteristics of a Good Vulnerability Assessment Solution

▪ Choosing a Vulnerability Assessment Tool

▪ Criteria for Choosing a Vulnerability Assessment Tool

▪ Best Practices for Selecting Vulnerability Assessment Tools

Vulnerability Scoring Systems

▪ Common Vulnerability Scoring System (CVSS)

▪ Common Vulnerabilities and Exposures (CVE)

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ National Vulnerability Database (NVD)

▪ Resources for Vulnerability Research

Vulnerability Assessment Tools

▪ Vulnerability Assessment Tools

o Qualys Vulnerability Management

o Nessus Professional

o GFI LanGuard

o Qualys FreeScan

o Nikto

o OpenVAS

o Retina CS

o SAINT

o Microsoft Baseline Security Analyzer (MBSA)

o AVDS – Automated Vulnerability Detection System

o Vulnerability Assessment Tools

▪ Vulnerability Assessment Tools for Mobile

Vulnerability Assessment Reports

▪ Vulnerability Assessment Reports

▪ Analyzing Vulnerability Scanning Report

Module 06: System Hacking

System Hacking Concepts

▪ CEH Hacking Methodology (CHM)

▪ System Hacking Goals

Cracking Passwords

▪ Password Cracking

▪ Types of Password Attacks

o Non-Electronic Attacks

o Active Online Attack

  • Dictionary, Brute Forcing and Rule-based Attack
  • Password Guessing

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

  • Default Passwords
  • Trojan/Spyware/Keylogger
  • Example of Active Online Attack Using USB Drive
  • Hash Injection Attack
  • LLMNR/NBT-NS Poisoning

o Passive Online Attack

  • Wire Sniffing
  • Man-in-the-Middle and Replay Attack

o Offline Attack

  • Rainbow Table Attack
  • Tools to Create Rainbow Tables: rtgen and Winrtgen
  • Distributed Network Attack

▪ Password Recovery Tools

▪ Microsoft Authentication

▪ How Hash Passwords Are Stored in Windows SAM?

▪ NTLM Authentication Process

▪ Kerberos Authentication

▪ Password Salting

▪ Tools to Extract the Password Hashes

▪ Password Cracking Tools

▪ How to Defend against Password Cracking

▪ How to Defend against LLMNR/NBT-NS Poisoning

Escalating Privileges

▪ Privilege Escalation

▪ Privilege Escalation Using DLL Hijacking

▪ Privilege Escalation by Exploiting Vulnerabilities

▪ Privilege Escalation Using Dylib Hijacking

▪ Privilege Escalation using Spectre and Meltdown Vulnerabilities

▪ Other Privilege Escalation Techniques

▪ How to Defend Against Privilege Escalation

 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

Executing Applications

▪ Executing Applications

o Tools for Executing Applications

▪ Keylogger

o Types of Keystroke Loggers

o Hardware Keyloggers

o Keyloggers for Windows

o Keyloggers for Mac

▪ Spyware

o Spyware

o USB Spyware

o Audio Spyware

o Video Spyware

o Telephone/Cellphone Spyware

o GPS Spyware

▪ How to Defend Against Keyloggers

o Anti-Keylogger

▪ How to Defend Against Spyware

o Anti-Spyware

Hiding Files

▪ Rootkits

o Types of Rootkits

o How Rootkit Works

o Rootkits

  • Horse Pill
  • GrayFish
  • Sirefef
  • Necurs

o Detecting Rootkits

o Steps for Detecting Rootkits

o How to Defend against Rootkits

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

o Anti-Rootkits

▪ NTFS Data Stream

o How to Create NTFS Streams

o NTFS Stream Manipulation

o How to Defend against NTFS Streams

o NTFS Stream Detectors

▪ What is Steganography?

o Classification of Steganography

o Types of Steganography based on Cover Medium

  • Whitespace Steganography
  • Image Steganography

✓ Image Steganography Tools

  • Document Steganography
  • Video Steganography
  • Audio Steganography
  • Folder Steganography
  • Spam/Email Steganography

o Steganography Tools for Mobile Phones

o Steganalysis

o Steganalysis Methods/Attacks on Steganography

o Detecting Steganography (Text, Image, Audio, and Video Files)

o Steganography Detection Tools

Covering Tracks

▪ Covering Tracks

▪ Disabling Auditing: Auditpol

▪ Clearing Logs

▪ Manually Clearing Event Logs

▪ Ways to Clear Online Tracks

▪ Covering BASH Shell Tracks

▪ Covering Tracks on Network

▪ Covering Tracks on OS

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ Covering Tracks Tools

Penetration Testing

▪ Password Cracking

▪ Privilege Escalation

▪ Executing Applications

▪ Hiding Files

▪ Covering Tracks

Module 07: Malware Threats

Malware Concepts

▪ Introduction to Malware

▪ Different Ways a Malware can Get into a System

▪ Common Techniques Attackers Use to Distribute Malware on the Web

▪ Components of Malware

Trojan Concepts

▪ What is a Trojan?

▪ How Hackers Use Trojans

▪ Common Ports used by Trojans

▪ How to Infect Systems Using a Trojan

▪ Trojan Horse Construction Kit

▪ Wrappers

▪ Crypters

▪ How Attackers Deploy a Trojan

▪ Exploit Kits

▪ Evading Anti-Virus Techniques

▪ Types of Trojans

o Remote Access Trojans

o Backdoor Trojans

o Botnet Trojans

o Rootkit Trojans

o E-banking Trojans

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

  • Working of E-banking Trojans
  • E-banking Trojan: ZeuS

o Proxy Server Trojans

o Covert Channel Trojans

o Defacement Trojans

o Service Protocol Trojans

o Mobile Trojans

o IoT Trojans

o Other Trojans

Virus and Worm Concepts

▪ Introduction to Viruses

▪ Stages of Virus Life

▪ Working of Viruses

▪ Indications of Virus Attack

▪ How does a Computer Get Infected by Viruses

▪ Virus Hoaxes

▪ Fake Antiviruses

▪ Ransomware

▪ Types of Viruses

o System and File Viruses

o Multipartite and Macro Viruses

o Cluster and Stealth Viruses

o Encryption and Sparse Infector Viruses

o Polymorphic Viruses

o Metamorphic Viruses

o Overwriting File or Cavity Viruses

o Companion/Camouflage and Shell Viruses

o File Extension Viruses

o FAT and Logic Bomb Viruses

o Web Scripting and E-mail Viruses

o Other Viruses

 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ Creating Virus

▪ Computer Worms

▪ Worm Makers

Malware Analysis

▪ What is Sheep Dip Computer?

▪ Anti-Virus Sensor Systems

▪ Introduction to Malware Analysis

▪ Malware Analysis Procedure: Preparing Testbed

▪ Static Malware Analysis

o File Fingerprinting

o Local and Online Malware Scanning

o Performing Strings Search

o Identifying Packing/ Obfuscation Methods

o Finding the Portable Executables (PE) Information

o Identifying File Dependencies

o Malware Disassembly

▪ Dynamic Malware Analysis

o Port Monitoring

o Process Monitoring

o Registry Monitoring

o Windows Services Monitoring

o Startup Programs Monitoring

o Event Logs Monitoring/Analysis

o Installation Monitoring

o Files and Folder Monitoring

o Device Drivers Monitoring

o Network Traffic Monitoring/Analysis

o DNS Monitoring/ Resolution

o API Calls Monitoring

▪ Virus Detection Methods

▪ Trojan Analysis: ZeuS/Zbot

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ Virus Analysis: WannaCry

Countermeasures

▪ Trojan Countermeasures

▪ Backdoor Countermeasures

▪ Virus and Worms Countermeasures

Anti-Malware Software

▪ Anti-Trojan Software

▪ Antivirus Software

Malware Penetration Testing

▪ Malware Penetration Testing

Module 08: Sniffing

Sniffing Concepts

▪ Network Sniffing

▪ Types of Sniffing

▪ How an Attacker Hacks the Network Using Sniffers

▪ Protocols Vulnerable to Sniffing

▪ Sniffing in the Data Link Layer of the OSI Model

▪ Hardware Protocol Analyzers

▪ SPAN Port

▪ Wiretapping

▪ Lawful Interception

Sniffing Technique: MAC Attacks

▪ MAC Address/CAM Table

▪ How CAM Works

▪ What Happens When CAM Table Is Full?

▪ MAC Flooding

▪ Switch Port Stealing

▪ How to Defend against MAC Attacks

Sniffing Technique: DHCP Attacks

▪ How DHCP Works

Page | 17 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ DHCP Request/Reply Messages

▪ DHCP Starvation Attack

▪ Rogue DHCP Server Attack

▪ How to Defend Against DHCP Starvation and Rogue Server Attack

Sniffing Technique: ARP Poisoning

▪ What Is Address Resolution Protocol (ARP)?

▪ ARP Spoofing Attack

▪ Threats of ARP Poisoning

▪ ARP Poisoning Tools

▪ How to Defend Against ARP Poisoning

▪ Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches

▪ ARP Spoofing Detection Tools

Sniffing Technique: Spoofing Attacks

▪ MAC Spoofing/Duplicating

▪ MAC Spoofing Technique: Windows

▪ MAC Spoofing Tools

▪ IRDP Spoofing

▪ How to Defend Against MAC Spoofing

Sniffing Technique: DNS Poisoning

▪ DNS Poisoning Techniques

o Intranet DNS Spoofing

o Internet DNS Spoofing

o Proxy Server DNS Poisoning

o DNS Cache Poisoning

▪ How to Defend Against DNS Spoofing

Sniffing Tools

▪ Sniffing Tool: Wireshark

o Follow TCP Stream in Wireshark

o Display Filters in Wireshark

o Additional Wireshark Filters

▪ Sniffing Tools

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ Packet Sniffing Tools for Mobile

Countermeasures

▪ How to Defend Against Sniffing

Sniffing Detection Techniques

▪ How to Detect Sniffing

▪ Sniffer Detection Techniques

o Ping Method

o DNS Method

o ARP Method

▪ Promiscuous Detection Tools

Sniffing Pen Testing

▪ Sniffing Penetration Testing

Module 09: Social Engineering

Social Engineering Concepts

▪ What is Social Engineering?

▪ Phases of a Social Engineering Attack

Social Engineering Techniques

▪ Types of Social Engineering

▪ Human-based Social Engineering

o Impersonation

o Impersonation (Vishing)

o Eavesdropping

o Shoulder Surfing

o Dumpster Diving

o Reverse Social Engineering

o Piggybacking

o Tailgating

▪ Computer-based Social Engineering

o Phishing

▪ Mobile-based Social Engineering

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

o Publishing Malicious Apps

o Repackaging Legitimate Apps

o Fake Security Applications

o SMiShing (SMS Phishing)

Insider Threats

▪ Insider Threat / Insider Attack

▪ Type of Insider Threats

Impersonation on Social Networking Sites

▪ Social Engineering Through Impersonation on Social Networking Sites

▪ Impersonation on Facebook

▪ Social Networking Threats to Corporate Networks

Identity Theft

▪ Identity Theft

Countermeasures

▪ Social Engineering Countermeasures

▪ Insider Threats Countermeasures

▪ Identity Theft Countermeasures

▪ How to Detect Phishing Emails?

▪ Anti-Phishing Toolbar

▪ Common Social Engineering Targets and Defense Strategies

Social Engineering Pen Testing

▪ Social Engineering Pen Testing

o Using Emails

o Using Phone

o In Person

▪ Social Engineering Pen Testing Tools

Module 10: Denial-of-Service

DoS/DDoS Concepts

▪ What is a Denial-of-Service Attack?

▪ What is Distributed Denial-of-Service Attack?

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

DoS/DDoS Attack Techniques

▪ Basic Categories of DoS/DDoS Attack Vectors

▪ UDP Flood Attack

▪ ICMP Flood Attack

▪ Ping of Death and Smurf Attack

▪ SYN Flood Attack

▪ Fragmentation Attack

▪ HTTP GET/POST and Slowloris Attacks

▪ Multi-Vector Attack

▪ Peer-to-Peer Attacks

▪ Permanent Denial-of-Service Attack

▪ Distributed Reflection Denial-of-Service (DRDoS)

Botnets

▪ Organized Cyber Crime: Organizational Chart

▪ Botnet

▪ A Typical Botnet Setup

▪ Botnet Ecosystem

▪ Scanning Methods for Finding Vulnerable Machines

▪ How Malicious Code Propagates?

▪ Botnet Trojans

DDoS Case Study

▪ DDoS Attack

▪ Hackers Advertise Links to Download Botnet

▪ Use of Mobile Devices as Botnets for Launching DDoS Attacks

▪ DDoS Case Study: Dyn DDoS Attack

DoS/DDoS Attack Tools

▪ DoS/DDoS Attack Tools

▪ DoS and DDoS Attack Tool for Mobile

Countermeasures

▪ Detection Techniques

▪ DoS/DDoS Countermeasure Strategies

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ DDoS Attack Countermeasures

o Protect Secondary Victims

o Detect and Neutralize Handlers

o Prevent Potential Attacks

o Deflect Attacks

o Mitigate Attacks

o Post-Attack Forensics

▪ Techniques to Defend against Botnets

▪ DoS/DDoS Countermeasures

▪ DoS/DDoS Protection at ISP Level

▪ Enabling TCP Intercept on Cisco IOS Software

DoS/DDoS Protection Tools

▪ Advanced DDoS Protection Appliances

▪ DoS/DDoS Protection Tools

DoS/DDoS Penetration Testing

▪ Denial-of-Service (DoS) Attack Pen Testing

Module 11: Session Hijacking

Session Hijacking Concepts

▪ What is Session Hijacking?

▪ Why Session Hijacking is Successful?

▪ Session Hijacking Process

▪ Packet Analysis of a Local Session Hijack

▪ Types of Session Hijacking

▪ Session Hijacking in OSI Model

▪ Spoofing vs. Hijacking

Application Level Session Hijacking

▪ Application Level Session Hijacking

▪ Compromising Session IDs using Sniffing and by Predicting Session Token

o How to Predict a Session Token

▪ Compromising Session IDs Using Man-in-the-Middle Attack

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ Compromising Session IDs Using Man-in-the-Browser Attack

o Steps to Perform Man-in-the-Browser Attack

▪ Compromising Session IDs Using Client-side Attacks

▪ Compromising Session IDs Using Client-side Attacks: Cross-site Script Attack

▪ Compromising Session IDs Using Client-side Attacks: Cross-site Request Forgery Attack

▪ Compromising Session IDs Using Session Replay Attack

▪ Compromising Session IDs Using Session Fixation

▪ Session Hijacking Using Proxy Servers

▪ Session Hijacking Using CRIME Attack

▪ Session Hijacking Using Forbidden Attack

Network Level Session Hijacking

▪ TCP/IP Hijacking

▪ IP Spoofing: Source Routed Packets

▪ RST Hijacking

▪ Blind Hijacking

▪ UDP Hijacking

▪ MiTM Attack Using Forged ICMP and ARP Spoofing

Session Hijacking Tools

▪ Session Hijacking Tools

▪ Session Hijacking Tools for Mobile

Countermeasures

▪ Session Hijacking Detection Methods

▪ Protecting against Session Hijacking

▪ Methods to Prevent Session Hijacking: To be Followed by Web Developers

▪ Methods to Prevent Session Hijacking: To be Followed by Web Users

▪ Session Hijacking Detection Tools

▪ Approaches Vulnerable to Session Hijacking and their Preventative Solutions

▪ Approaches to Prevent Session Hijacking

▪ IPSec

o Components of IPsec

o Benefits of IPsec

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

o Modes of IPsec

o IPsec Architecture

o IPsec Authentication and Confidentiality

▪ Session Hijacking Prevention Tools

Penetration Testing

▪ Session Hijacking Pen Testing

Module 12: Evading IDS, Firewalls, and Honeypots

IDS, Firewall and Honeypot Concepts

▪ Intrusion Detection System (IDS)

o How IDS Detects an Intrusion

o General Indications of Intrusions

o Types of Intrusion Detection Systems

o Types of IDS Alerts

▪ Firewall

o Firewall Architecture

o DeMilitarized Zone (DMZ)

o Types of Firewalls

o Firewall Technologies

  • Packet Filtering Firewall
  • Circuit-Level Gateway Firewall
  • Application-Level Firewall
  • Stateful Multilayer Inspection Firewall
  • Application Proxy
  • Network Address Translation (NAT)
  • Virtual Private Network

o Firewall Limitations

▪ Honeypot

o Types of Honeypots

IDS, Firewall and Honeypot Solutions

▪ Intrusion Detection Tool

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

o Snort

  • Snort Rules
  • Snort Rules: Rule Actions and IP Protocols
  • Snort Rules: The Direction Operator and IP Addresses
  • Snort Rules: Port Numbers

o Intrusion Detection Tools: TippingPoint and AlienVault® OSSIMTM

o Intrusion Detection Tools

o Intrusion Detection Tools for Mobile

▪ Firewalls

o ZoneAlarm Free Firewall 2018 and Firewall Analyzer

o Firewalls

o Firewalls for Mobile

▪ Honeypot Tools

o KFSensor and SPECTER

o Honeypot Tools

o Honeypot Tools for Mobile

Evading IDS

▪ IDS Evasion Techniques

o Insertion Attack

o Evasion

o Denial-of-Service Attack (DoS)

o Obfuscating

o False Positive Generation

o Session Splicing

o Unicode Evasion

o Fragmentation Attack

o Overlapping Fragments

o Time-To-Live Attacks

o Invalid RST Packets

o Urgency Flag

o Polymorphic Shellcode

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

o ASCII Shellcode

o Application-Layer Attacks

o Desynchronization

o Other Types of Evasion

Evading Firewalls

▪ Firewall Evasion Techniques

o Firewall Identification

o IP Address Spoofing

o Source Routing

o Tiny Fragments

o Bypass Blocked Sites Using IP Address in Place of URL

o Bypass Blocked Sites Using Anonymous Website Surfing Sites

o Bypass a Firewall Using Proxy Server

o Bypassing Firewall through ICMP Tunneling Method

o Bypassing Firewall through ACK Tunneling Method

o Bypassing Firewall through HTTP Tunneling Method

  • Why do I Need HTTP Tunneling
  • HTTP Tunneling Tools

o Bypassing Firewall through SSH Tunneling Method

  • SSH Tunneling Tool: Bitvise and Secure Pipes

o Bypassing Firewall through External Systems

o Bypassing Firewall through MITM Attack

o Bypassing Firewall through Content

o Bypassing WAF using XSS Attack

IDS/Firewall Evading Tools

▪ IDS/Firewall Evasion Tools

▪ Packet Fragment Generator Tools

Detecting Honeypots

▪ Detecting Honeypots

▪ Detecting and Defeating Honeypots

▪ Honeypot Detection Tool: Send-Safe Honeypot Hunter

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

IDS/Firewall Evasion Countermeasures

▪ How to Defend Against IDS Evasion

▪ How to Defend Against Firewall Evasion

Penetration Testing

▪ Firewall/IDS Penetration Testing

o Firewall Penetration Testing

o IDS Penetration Testing

Module 13: Hacking Web Servers

Web Server Concepts

▪ Web Server Operations

▪ Open Source Web Server Architecture

▪ IIS Web Server Architecture

▪ Web Server Security Issue

▪ Why Web Servers Are Compromised?

▪ Impact of Web Server Attacks

Web Server Attacks

▪ DoS/DDoS Attacks

▪ DNS Server Hijacking

▪ DNS Amplification Attack

▪ Directory Traversal Attacks

▪ Man-in-the-Middle/Sniffing Attack

▪ Phishing Attacks

▪ Website Defacement

▪ Web Server Misconfiguration

▪ HTTP Response Splitting Attack

▪ Web Cache Poisoning Attack

▪ SSH Brute Force Attack

▪ Web Server Password Cracking

▪ Web Application Attacks

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

Web Server Attack Methodology

▪ Information Gathering

o Information Gathering from Robots.txt File

▪ Web Server Footprinting/Banner Grabbing

o Web Server Footprinting Tools

o Enumerating Web Server Information Using Nmap

▪ Website Mirroring

o Finding Default Credentials of Web Server

o Finding Default Content of Web Server

o Finding Directory Listings of Web Server

▪ Vulnerability Scanning

o Finding Exploitable Vulnerabilities

▪ Session Hijacking

▪ Web Server Passwords Hacking

▪ Using Application Server as a Proxy

Web Server Attack Tools

▪ Metasploit

o Metasploit Exploit Module

o Metasploit Payload and Auxiliary Module

o Metasploit NOPS Module

▪ Web Server Attack Tools

Countermeasures

▪ Place Web Servers in Separate Secure Server Security Segment on Network

▪ Countermeasures

o Patches and Updates

o Protocols

o Accounts

o Files and Directories

▪ Detecting Web Server Hacking Attempts

▪ How to Defend Against Web Server Attacks

▪ How to Defend against HTTP Response Splitting and Web Cache Poisoning

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ How to Defend against DNS Hijacking

Patch Management

▪ Patches and Hotfixes

▪ What is Patch Management

▪ Installation of a Patch

▪ Patch Management Tools

Web Server Security Tools

▪ Web Application Security Scanners

▪ Web Server Security Scanners

▪ Web Server Security Tools

Web Server Pen Testing

▪ Web Server Penetration Testing

▪ Web Server Pen Testing Tools

Module 14: Hacking Web Applications

Web App Concepts

▪ Introduction to Web Applications

▪ Web Application Architecture

▪ Web 2.0 Applications

▪ Vulnerability Stack

Web App Threats

▪ OWASP Top 10 Application Security Risks – 2017

o A1 – Injection Flaws

  • SQL Injection Attacks
  • Command Injection Attacks

✓ Command Injection Example

  • File Injection Attack
  • LDAP Injection Attacks

o A2 – Broken Authentication

o A3 – Sensitive Data Exposure

o A4 – XML External Entity (XXE)

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

o A5 – Broken Access Control

o A6 – Security Misconfiguration

o A7 – Cross-Site Scripting (XSS) Attacks

  • Cross-Site Scripting Attack Scenario: Attack via Email
  • XSS Attack in Blog Posting
  • XSS Attack in Comment Field
  • Websites Vulnerable to XSS Attack

o A8 – Insecure Deserialization

o A9 – Using Components with Known Vulnerabilities

o A10 – Insufficient Logging and Monitoring

▪ Other Web Application Threats

o Directory Traversal

o Unvalidated Redirects and Forwards

o Watering Hole Attack

o Cross-Site Request Forgery (CSRF) Attack

o Cookie/Session Poisoning

o Web Services Architecture

o Web Services Attack

o Web Services Footprinting Attack

o Web Services XML Poisoning

o Hidden Field Manipulation Attack

Hacking Methodology

▪ Web App Hacking Methodology

▪ Footprint Web Infrastructure

o Server Discovery

o Service Discovery

o Server Identification/Banner Grabbing

o Detecting Web App Firewalls and Proxies on Target Site

o Hidden Content Discovery

o Web Spidering Using Burp Suite

o Web Crawling Using Mozenda Web Agent Builder

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ Attack Web Servers

▪ Analyze Web Applications

o Identify Entry Points for User Input

o Identify Server- Side Technologies

o Identify Server- Side Functionality

o Map the Attack Surface

▪ Bypass Client-Side Controls

o Attack Hidden Form Fields

o Attack Browser Extensions

o Perform Source Code Review

▪ Attack Authentication Mechanism

o User Name Enumeration

o Password Attacks: Password Functionality Exploits

o Password Attacks: Password Guessing and Brute-forcing

o Session Attacks: Session ID Prediction/Brute-forcing

o Cookie Exploitation: Cookie Poisoning

▪ Attack Authorization Schemes

o HTTP Request Tampering

o Cookie Parameter Tampering

▪ Attack Access Controls

▪ Attack Session Management Mechanism

o Attacking Session Token Generation Mechanism

o Attacking Session Tokens Handling Mechanism: Session Token Sniffing

▪ Perform Injection/Input Validation Attacks

▪ Attack Application Logic Flaws

▪ Attack Database Connectivity

o Connection String Injection

o Connection String Parameter Pollution (CSPP) Attacks

o Connection Pool DoS

▪ Attack Web App Client

▪ Attack Web Services

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

o Web Services Probing Attacks

o Web Service Attacks: SOAP Injection

o Web Service Attacks: XML Injection

o Web Services Parsing Attacks

o Web Service Attack Tools

Web App Hacking Tools

▪ Web Application Hacking Tools

Countermeasures

▪ Web Application Fuzz Testing

▪ Source Code Review

▪ Encoding Schemes

▪ How to Defend Against Injection Attacks

▪ Web Application Attack Countermeasures

▪ How to Defend Against Web Application Attacks

Web App Security Testing Tools

▪ Web Application Security Testing Tools

▪ Web Application Firewall

Web App Pen Testing

▪ Web Application Pen Testing

o Information Gathering

o Configuration Management Testing

o Authentication Testing

o Session Management Testing

o Authorization Testing

o Data Validation Testing

o Denial-of-Service Testing

o Web Services Testing

o AJAX Testing

▪ Web Application Pen Testing Framework

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline Module 15: SQL Injection

SQL Injection Concepts

▪ What is SQL Injection?

▪ SQL Injection and Server-side Technologies

▪ Understanding HTTP POST Request

▪ Understanding Normal SQL Query

▪ Understanding an SQL Injection Query

▪ Understanding an SQL Injection Query – Code Analysis

▪ Example of a Web Application Vulnerable to SQL Injection: BadProductList.aspx

▪ Example of a Web Application Vulnerable to SQL Injection: Attack Analysis

▪ Examples of SQL Injection

Types of SQL Injection

▪ Types of SQL injection

o In-Band SQL Injection

  • Error Based SQL Injection
  • Union SQL Injection

o Blind/Inferential SQL Injection

  • No Error Messages Returned
  • Blind SQL Injection: WAITFOR DELAY (YES or NO Response)
  • Blind SQL Injection: Boolean Exploitation and Heavy Query

o Out-of-Band SQL injection

SQL Injection Methodology

▪ SQL Injection Methodology

o Information Gathering and SQL Injection Vulnerability Detection

  • Information Gathering
  • Identifying Data Entry Paths
  • Extracting Information through Error Messages
  • Testing for SQL Injection
  • Additional Methods to Detect SQL Injection
  • SQL Injection Black Box Pen Testing
  • Source Code Review to Detect SQL Injection Vulnerabilities

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

  • Testing for Blind SQL Injection Vulnerability in MySQL and MSSQL

o Launch SQL Injection Attacks

  • Perform Union SQL Injection
  • Perform Error Based SQL Injection
  • Perform Error Based SQL Injection using Stored Procedure Injection
  • Bypass Website Logins Using SQL Injection
  • Perform Blind SQL Injection – Exploitation (MySQL)
  • Blind SQL Injection – Extract Database User
  • Blind SQL Injection – Extract Database Name
  • Blind SQL Injection – Extract Column Name
  • Blind SQL Injection – Extract Data from ROWS
  • Perform Double Blind SQL Injection – Classical Exploitation (MySQL)
  • Perform Blind SQL Injection Using Out of Band Exploitation Technique
  • Exploiting Second-Order SQL Injection
  • Bypass Firewall using SQL Injection
  • Perform SQL Injection to Insert a New User and Update Password
  • Exporting a Value with Regular Expression Attack

o Advanced SQL Injection

  • Database, Table, and Column Enumeration
  • Advanced Enumeration
  • Features of Different DBMSs
  • Creating Database Accounts
  • Password Grabbing
  • Grabbing SQL Server Hashes
  • Extracting SQL Hashes (In a Single Statement
  • Transfer Database to Attacker’s Machine
  • Interacting with the Operating System
  • Interacting with the File System
  • Network Reconnaissance Using SQL Injection
  • Network Reconnaissance Full Query

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

  • Finding and Bypassing Admin Panel of a Website
  • PL/SQL Exploitation
  • Creating Server Backdoors using SQL Injection

SQL Injection Tools

▪ SQL Injection Tools

o SQL Power Injector and sqlmap

o The Mole and jSQL Injection

▪ SQL Injection Tools

▪ SQL Injection Tools for Mobile

Evasion Techniques

▪ Evading IDS

▪ Types of Signature Evasion Techniques

o In-line Comment

o Char Encoding

o String Concatenation

o Obfuscated Codes

o Manipulating White Spaces

o Hex Encoding

o Sophisticated Matches

o URL Encoding

o Null Byte

o Case Variation

o Declare Variable

o IP Fragmentation

Countermeasures

▪ How to Defend Against SQL Injection Attacks

o Use Type-Safe SQL Parameters

▪ SQL Injection Detection Tools

o IBM Security AppScan and Acunetix Web Vulnerability Scanner

o Snort Rule to Detect SQL Injection Attacks

▪ SQL Injection Detection Tools

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline Module 16: Hacking Wireless Networks

Wireless Concepts

▪ Wireless Terminologies

▪ Wireless Networks

▪ Wireless Standards

▪ Service Set Identifier (SSID)

▪ Wi-Fi Authentication Modes

▪ Wi-Fi Authentication Process Using a Centralized Authentication Server

▪ Types of Wireless Antennas

Wireless Encryption

▪ Types of Wireless Encryption

o WEP (Wired Equivalent Privacy) Encryption

o WPA (Wi-Fi Protected Access) Encryption

o WPA2 (Wi-Fi Protected Access 2) Encryption

▪ WEP vs. WPA vs. WPA2

▪ WEP Issues

▪ Weak Initialization Vectors (IV)

Wireless Threats

▪ Wireless Threats

o Rogue Access Point Attack

o Client Mis-association

o Misconfigured Access Point Attack

o Unauthorized Association

o Ad Hoc Connection Attack

o Honeypot Access Point Attack

o AP MAC Spoofing

o Denial-of-Service Attack

o Key Reinstallation Attack (KRACK)

o Jamming Signal Attack

  • Wi-Fi Jamming Devices

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

Wireless Hacking Methodology

▪ Wireless Hacking Methodology

o Wi-Fi Discovery

  • Footprint the Wireless Network
  • Find Wi-Fi Networks in Range to Attack
  • Wi-Fi Discovery Tools
  • Mobile-based Wi-Fi Discovery Tools

o GPS Mapping

  • GPS Mapping Tools
  • Wi-Fi Hotspot Finder Tools
  • How to Discover Wi-Fi Network Using Wardriving

o Wireless Traffic Analysis

  • Choosing the Right Wi-Fi Card
  • Wi-Fi USB Dongle: AirPcap
  • Wi-Fi Packet Sniffer
  • Perform Spectrum Analysis

o Launch Wireless Attacks

  • Aircrack-ng Suite
  • How to Reveal Hidden SSIDs
  • Fragmentation Attack
  • How to Launch MAC Spoofing Attack
  • Denial-of-Service: Disassociation and Deauthentication Attacks
  • Man-in-the-Middle Attack
  • MITM Attack Using Aircrack-ng
  • Wireless ARP Poisoning Attack
  • Rogue Access Points
  • Evil Twin
  • How to Set Up a Fake Hotspot (Evil Twin)

o Crack Wi-Fi Encryption

  • How to Break WEP Encryption

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

  • How to Crack WEP Using Aircrack-ng
  • How to Break WPA/WPA2 Encryption
  • How to Crack WPA-PSK Using Aircrack-ng
  • WEP Cracking and WPA Brute Forcing Using Cain & Abel

Wireless Hacking Tools

▪ WEP/WPA Cracking Tools

▪ WEP/WPA Cracking Tool for Mobile

▪ Wi-Fi Sniffer

▪ Wi-Fi Traffic Analyzer Tools

▪ Other Wireless Hacking Tools

Bluetooth Hacking

▪ Bluetooth Stack

▪ Bluetooth Hacking

▪ Bluetooth Threats

▪ How to BlueJack a Victim

▪ Bluetooth Hacking Tools

Countermeasures

▪ Wireless Security Layers

▪ How to Defend Against WPA/WPA2 Cracking

▪ How to Defend Against KRACK Attacks

▪ How to Detect and Block Rogue AP

▪ How to Defend Against Wireless Attacks

▪ How to Defend Against Bluetooth Hacking

Wireless Security Tools

▪ Wireless Intrusion Prevention Systems

▪ Wireless IPS Deployment

▪ Wi-Fi Security Auditing Tools

▪ Wi-Fi Intrusion Prevention System

▪ Wi-Fi Predictive Planning Tools

▪ Wi-Fi Vulnerability Scanning Tools

▪ Bluetooth Security Tools

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ Wi-Fi Security Tools for Mobile

Wireless Pen Testing

▪ Wireless Penetration Testing

▪ Wireless Penetration Testing Framework

o Pen Testing for General Wi-Fi Network Attack

o Pen Testing WEP Encrypted WLAN

o Pen Testing WPA/WPA2 Encrypted WLAN

o Pen Testing LEAP Encrypted WLAN

o Pen Testing Unencrypted WLAN

Module 17: Hacking Mobile Platforms

Mobile Platform Attack Vectors

▪ Vulnerable Areas in Mobile Business Environment

▪ OWASP Top 10 Mobile Risks – 2016

▪ Anatomy of a Mobile Attack

▪ How a Hacker can Profit from Mobile when Successfully Compromised

▪ Mobile Attack Vectors and Mobile Platform Vulnerabilities

▪ Security Issues Arising from App Stores

▪ App Sandboxing Issues

▪ Mobile Spam

▪ SMS Phishing Attack (SMiShing) (Targeted Attack Scan)

o SMS Phishing Attack Examples

▪ Pairing Mobile Devices on Open Bluetooth and Wi-Fi Connections

Hacking Android OS

▪ Android OS

o Android Device Administration API

▪ Android Rooting

o Rooting Android Using KingoRoot

o Android Rooting Tools

▪ Blocking Wi-Fi Access using NetCut

▪ Hacking with zANTI

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ Hacking Networks Using Network Spoofer

▪ Launching DoS Attack using Low Orbit Ion Cannon (LOIC)

▪ Performing Session Hijacking Using DroidSheep

▪ Hacking with Orbot Proxy

▪ Android-based Sniffers

▪ Android Trojans

▪ Securing Android Devices

▪ Android Security Tool: Find My Device

▪ Android Security Tools

▪ Android Vulnerability Scanner

▪ Android Device Tracking Tools

Hacking iOS

▪ Apple iOS

▪ Jailbreaking iOS

o Jailbreaking Techniques

o Jailbreaking of iOS 11.2.1 Using Cydia

o Jailbreaking of iOS 11.2.1 Using Pangu Anzhuang

o Jailbreaking Tools

▪ iOS Trojans

▪ Guidelines for Securing iOS Devices

▪ iOS Device Tracking Tools

▪ iOS Device Security Tools

Mobile Spyware

▪ Mobile Spyware

▪ Mobile Spyware: mSpy

▪ Mobile Spywares

Mobile Device Management

▪ Mobile Device Management (MDM)

▪ Mobile Device Management Solutions

▪ Bring Your Own Device (BYOD)

o BYOD Risks

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

o BYOD Policy Implementation

o BYOD Security Guidelines

Mobile Security Guidelines and Tools

▪ General Guidelines for Mobile Platform Security

▪ Mobile Device Security Guidelines for Administrator

▪ SMS Phishing Countermeasures

▪ Mobile Protection Tools

▪ Mobile Anti-Spyware

Mobile Pen Testing

▪ Android Phone Pen Testing

▪ iPhone Pen Testing

▪ Mobile Pen Testing Toolkit: Hackode

Module 18: IoT Hacking

IoT Concepts

▪ What is IoT

▪ How IoT Works

▪ IoT Architecture

▪ IoT Application Areas and Devices

▪ IoT Technologies and Protocols

▪ IoT Communication Models

▪ Challenges of IoT

▪ Threat vs Opportunity

IoT Attacks

▪ IoT Security Problems

▪ OWASP Top 10 IoT Vulnerabilities and Obstacles

▪ IoT Attack Surface Areas

▪ IoT Threats

▪ Hacking IoT Devices: General Scenario

▪ IoT Attacks

o DDoS Attack

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

o Exploit HVAC

o Rolling Code Attack

o BlueBorne Attack

o Jamming Attack

o Hacking Smart Grid / Industrial Devices: Remote Access using Backdoor

o Other IoT Attacks

▪ IoT Attacks in Different Sectors

▪ Case Study: Dyn Attack

IoT Hacking Methodology

▪ What is IoT Device Hacking?

▪ IoT Hacking Methodology

o Information Gathering Using Shodan

o Information Gathering using MultiPing

o Vulnerability Scanning using Nmap

o Vulnerability Scanning using RIoT Vulnerability Scanner

o Sniffing using Foren6

o Rolling code Attack using RFCrack

o Hacking Zigbee Devices with Attify Zigbee Framework

o BlueBorne Attack Using HackRF One

o Gaining Remote Access using Telnet

o Maintain Access by Exploiting Firmware

IoT Hacking Tools

▪ Information Gathering Tools

▪ Sniffing Tools

▪ Vulnerability Scanning Tools

▪ IoT Hacking Tools

Countermeasures

▪ How to Defend Against IoT Hacking

▪ General Guidelines for IoT Device Manufacturing Companies

▪ OWASP Top 10 IoT Vulnerabilities Solutions

▪ IoT Framework Security Considerations

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ IoT Security Tools

IoT Pen Testing

▪ IoT Pen Testing

Module 19: Cloud Computing

Cloud Computing Concepts

▪ Introduction to Cloud Computing

▪ Separation of Responsibilities in Cloud

▪ Cloud Deployment Models

▪ NIST Cloud Deployment Reference Architecture

▪ Cloud Computing Benefits

▪ Understanding Virtualization

Cloud Computing Threats

▪ Cloud Computing Threats

Cloud Computing Attacks

▪ Service Hijacking using Social Engineering Attacks

▪ Service Hijacking using Network Sniffing

▪ Session Hijacking using XSS Attack

▪ Session Hijacking using Session Riding

▪ Domain Name System (DNS) Attacks

▪ Side Channel Attacks or Cross-guest VM Breaches

▪ SQL Injection Attacks

▪ Cryptanalysis Attacks

▪ Wrapping Attack

▪ Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks

▪ Man-in-the-Cloud Attack

Cloud Security

▪ Cloud Security Control Layers

▪ Cloud Security is the Responsibility of both Cloud Provider and Consumer

▪ Cloud Computing Security Considerations

▪ Placement of Security Controls in the Cloud

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ Best Practices for Securing Cloud

▪ NIST Recommendations for Cloud Security

▪ Organization/Provider Cloud Security Compliance Checklist

Cloud Security Tools

▪ Cloud Security Tools

Cloud Penetration Testing

▪ What is Cloud Pen Testing?

▪ Key Considerations for Pen Testing in the Cloud

▪ Cloud Penetration Testing

▪ Recommendations for Cloud Testing

Module 20: Cryptography

Cryptography Concepts

▪ Cryptography

o Types of Cryptography

▪ Government Access to Keys (GAK)

Encryption Algorithms

▪ Ciphers

▪ Data Encryption Standard (DES)

▪ Advanced Encryption Standard (AES)

▪ RC4, RC5, and RC6 Algorithms

▪ Twofish

▪ The DSA and Related Signature Schemes

▪ Rivest Shamir Adleman (RSA)

▪ Diffie-Hellman

▪ Message Digest (One-Way Hash) Functions

o Message Digest Function: MD5

o Secure Hashing Algorithm (SHA)

o RIPEMD – 160

o HMAC

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

Cryptography Tools

▪ MD5 Hash Calculators

▪ Hash Calculators for Mobile

▪ Cryptography Tools

o Advanced Encryption Package 2017

o BCTextEncoder

o Cryptography Tools

▪ Cryptography Tools for Mobile

Public Key Infrastructure (PKI)

▪ Public Key Infrastructure (PKI)

o Certification Authorities

o Signed Certificate (CA) Vs. Self Signed Certificate

Email Encryption

▪ Digital Signature

▪ Secure Sockets Layer (SSL)

▪ Transport Layer Security (TLS)

▪ Cryptography Toolkit

o OpenSSL

o Keyczar

▪ Pretty Good Privacy (PGP)

Disk Encryption

▪ Disk Encryption

▪ Disk Encryption Tools

o VeraCrypt

o Symantec Drive Encryption

o Disk Encryption Tools

Cryptanalysis

▪ Cryptanalysis Methods

o Linear Cryptanalysis

o Differential Cryptanalysis

o Integral Cryptanalysis

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker Course Outline

▪ Code Breaking Methodologies

▪ Cryptography Attacks

o Brute-Force Attack

o Birthday Attack

  • Birthday Paradox: Probability

o Meet-in-the-Middle Attack on Digital Signature Schemes

o Side Channel Attack

o Hash Collision Attack

o DUHK Attack

o Rainbow Table Attack

▪ Cryptanalysis Tools

▪ Online MD5 Decryption Tools

Countermeasures

▪ How to Defend Against Cryptographic Attacks

Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

chat_bubble_outlineReviews

Average Rating

0
No Votes 0 Votes
15,000.00 GST
0 Ratings

Detailed Rating

5 Stars
0
4 Stars
0
3 Stars
0
2 Stars
0
1 Stars
0

There are no reviews yet.

Be the first to review “CEH(V10) Certified Ethical Hacker”

Your email address will not be published. Required fields are marked *