+234 – 811 – 555 – 6666 Admissions Department
Search

Certified Ethical Hacker

Overview

The Ethical Hacker is an individual trusted and employed by an organization to test the vulnerability of their network and computer systems. The EH ethical hacking training course does this by adopting the same skills and tactics that a hacker would use. These expert ethical hackers, also known as “white hats” use the knowledge that they have gained about the vulnerabilities in the networks and systems that they have attacked in order to develop countermeasures and strengthen the security of those systems. They also understand the legal issues that surround the use of these specialized ethical hacking skills and how they can be properly applied to the environment of an organization. This instructor-led ethical hacker training will provide students not only with the tools they will need to gain their ethical hacker certification but also the ability to implement their skills to test their own systems for vulnerabilities and discover weaknesses before they can be exploited by malicious attackers.

What You'll Learn:
  • How to scope a security assessment
  • How to footprint an organization
  • Master advanced port-scanning techniques
  • Perform passive and active OS fingerprinting
  • Use exploit frameworks
  • Works of ARP attacks
  • Exploit database vulnerabilities
  • Concept of social engineering
  • Common vulnerabilities and exposures
  • Analyze DNS servers for proper configuration
  • Examine web servers for weaknesses
  • Master the hacker's methodology
  • Exploit vulnerabilities remotely
  • Develop reports and test results used to create countermeasures to thwart malicious hacking.
Objectives

This course will significantly benefit security officers, auditors, security professionals, site administrators and anyone who is concerned about the integrity of the network infrastructure.

Prerequisite

No certifications are required to attend course or take the C|EH exam, just the knowledge.
EC Council - Network Security Administrator knowledge or experience.
MCSE or CCNA equivalent knowledge or experience.

Modules:
Lesson 1: The Business Aspects of Hacking
  • Why Security is Critical to Business.
  • The Wired World.
  • Outline the Ethical Hacking Methodology.
  • Three Major Stages of a Penetration Test
  • Pre-assessment.
  • Assessment.
  • Post-assessment.
  • The Ethical Hacking Report.
  • Hacking and the Legal Environment
Lesson 2: Footprinting
  • Overview of the Footprinting Phase.
  • Footprinting and Passive Information Gathering.
  • Information-Gathering Methodology of Hackers.
  • Techniques.
  • Tools.
  • The Implications of Information Leakage.
  • Countermeasures.
Lesson 3: Linux
  • Linux History.
  • Why Linux is Important to the Hacking Community.
  • Linux Concepts.
  • OS.
  • Commands.
  • Compiling Programs in Linux.
  • Linux Applications.
  • Password Cracking.
  • Hping.
  • Linux Rootkits.
  • IP Tables.
  • Linux Security Countermeasures.
Lesson 4: Technical Foundations of Hacking
  • The TCP/IP Stack
  • IP.
  • ICM.P
  • ARP.
  • TCP Details.
  • UDP Details.
  • Ports and Services.
  • TCP Details.
  • TCP Packet Structure.
  • TCP Flags.
  • UDP Details.
  • Applications.
  • Application Attack Vectors.
Lesson 5: Scanning
  • Detecting "Live" Systems on the Targeted Network.
  • ICMP Ping.
  • Services Running/Listening on the Targeted Systems.
  • Port-Scanning Techniques.
  • Identifying TCP and UDP Services Running on the Targeted Network.
  • Active and Passive Fingerprinting.
  • Automated Discovery Tools.
Lesson 6: Cryptography
  • Defining Cryptography and Algorithms.
  • Symmetric Encryption.
  • How Symmetric Encryption Works.
  • Common Algorithms for Symmetric Keys.
  • Strengths and Weaknesses of Symmetric Encryption.
  • Hash Functions.
  • Asymmetric Encryption.
  • How Asymmetric Encryption Works.
  • Common Algorithms for Asymmetric Keys.
  • Strengths and Weaknesses of Asymmetric Encryption.
  • Digital Signatures.
  • Public Key Encryption.
  • Quantum Cryptography.
  • Cryptographic Solutions.
  • SHA, SSL, PGP, SSH, IPSEC.
  • Encryption Cracking Techniques.
Lesson 7: Enumeration
  • Enumeration Concept.
  • Banner Grabbing.
  • The Null Session.
  • SIDs and RIDs.
  • SMB Enumeration.
  • SNMP.
  • SNMP Enumeration.
  • Active Directory Enumeration.
  • Exploiting DNS.
  • Enumeration Countermeasures.
Lesson 8: System Hacking
  • Password Attacks.
  • Social.
  • Physical.
  • Logical.
  • Password Guessing.
  • Privilege Escalation.
  • Cracking Passwords.
  • Linux Password Cracking.
  • Windows Password Cracking.
  • Covering Tracks.
  • Covering Tracks Tools.
  • Hiding Tools.
  • Owning the Box.
  • Rootkits.
Lesson 9: Trojans and Backdoors
  • Malware.
  • Trojans and Backdoors.
  • Trojan Tools.
  • Netcat - The "Swiss Army Knife" of Hacking Tools.
  • Backdoors.
  • Prevention Methods and Countermeasures.
  • Anti-Trojan Software/Hardware.
Lesson 10: Vulnerability Assessment and Exploit Frameworks
  • Vulnerability Assessments.
  • Open Source Vulnerability Assessments Tools.
  • Nessus.
  • X-Scan.
  • Commercial Vulnerability Scanners.
  • Retina.
  • NewT.
  • LANguard.
  • Advanced Attack Techniques.
  • Metasploit.
  • ExploitTree.
  • Patching.
  • Updates and CVEs.
Lesson 11: Sniffers, Man-in-the-Middle Attacks, and Denial of Service
  • Defining Packet Sniffing.
  • ARP Vulnerabilities.
  • ARP Spoofing.
  • Flooding.
  • DNS Vulnerabilities.
  • Cache Poisoning.
  • Session Hijacking.
  • Session Hijacking Tools.
  • Denial of Service (DoS).
  • DoS Tools and Techniques.
  • DDoS.
  • Attacking Firewalls.
  • Attacking IDS.
Lesson 12: Hacking Wireless
  • Wireless Communications.
  • Cell Phones.
  • Bluetooth.
  • Wireless Networking.
  • Wireless Network Attacks.
  • Mapping Wireless Networks.
  • Wireless Attack Tools.
  • Securing Wireless Networks.
  • Site Surveys.
  • MAC Sniffing and ARP Spoofing.
  • Other Wireless Hacking Tools.
  • WIDZ, RADIUS, Snort.
Lesson 13: Database Attacks and SQL Injection
  • Database Concepts and Theory.
  • Database Types.
  • Database Vulnerabilities.
  • Database Exploits.
  • Indirect Attacks - SQL Injection.
  • Direct Attacks - Buffer Overflows.
  • Securing Databases.
Lesson 14: Hacking Web Servers
  • Web Server Basics.
  • Web Server Types.
  • Footprinting.
  • Lynx, Black Widow, and Countermeasures.
  • Attacks Against Web Servers.
  • Apache.
  • IIS.
  • Tools Used in Attack Web Servers.
  • Attack Countermeasures.
  • Web Applications.
  • Attacking Web Applications.
  • Web Application Vulnerabilities.
  • Input Manipulation.
  • Authentication and Session Management.
  • Encryption.
  • Obfuscation.
  • Cookies
  • Certificate-Based Authentication.
  • Attacking Authentication.
  • Password Guessing.
  • Tools.
  • Securing Web Servers and Applications.
Lesson 15: Hacking Wireless
  • The Role of Physical Security Controls.
  • Attacks.
  • Lock Picking.
  • Checklist.
  • Summary.
Lesson 16: Social Engineering
  • Attacks.
  • Techniques.
  • Dumpster Diving.
  • Online Social Engineering.
  • Reverse Social Engineering.
  • Preventing Social Engineering.
  • Policies and Procedures.
  • Employee Education.
Lesson 17: Evading IDS, Firewalls and Honeypots
  • Intrusion Detection System.
  • System Integrity Verifiers.
  • How are Intrusions Detected?.
  • Anomaly Detection.
  • Signature Recognition.
  • How does an IDS match Signatures with incoming Traffic?.
  • Protocol Stack Verification.
  • Application Protocol Verification.
  • Hacking Through Firewalls.
  • IDS Software Vendors.
  • Honey Pots.
Lesson 18: Buffer Overflow
  • Buffer Overflows.
  • Why are Programs And Applications Vulnerable?.
  • Understanding Stacks.
  • Stack-Based Buffer Overflow.
  • Understanding Heap.
  • Heap-Based Buffer Overflow.
  • Stack Operations .
  • Shellcode.
  • No Operations (NOPs).
  • Knowledge Required to Program Buffer Overflow Exploits.
  • Buffer Overflow Steps .
  • Attacking a Real Program.
  • Format String Problem.
  • Overflow using Format String.
  • Smashing the Stack.
  • Once the Stack is Smashed....
  • Simple Uncontrolled Overflow .
  • Simple Buffer Overflow in C.
  • Code Analysis.
  • Exploiting Semantic Comments in C (Annotations).
  • How to Mutate a Buffer Overflow Exploit?.
  • Identifying Buffer Overflows.
  • How to Detect Buffer Overflows in a Program?.
  • BOU (Buffer Overflow Utility).
  • Testing for Heap Overflow Conditions: heap.exe.
  • Steps for Testing for Stack Overflow in OllyDbg Debugger .
  • Testing for Stack Overflow in OllyDbg Debugger.
  • Testing for Format String Conditions using IDA Pro.
  • BoF Detection Tools.
  • Defense Against Buffer Overflows .
  • Preventing BoF Attacks.
  • Programming Countermeasures.
  • Data Execution Prevention (DEP).
  • Enhanced Mitigation Experience Toolkit (EMET) .
  • EMET System Configuration Settings.
  • EMET Application Configuration Window.
  • /GS http://microsoft.com.
  • BoF Security Tools .
  • BufferShield.
  • Buffer Overflow Penetration Testing.
Lesson 19: Penetration Testing
  • Introduction to Penetration Testing.
  • Security Assessments.
  • Vulnerability Assessment .
  • Limitations of Vulnerability Assessment.
  • Penetration Testing.
  • Why Penetration Testing?.
  • What Should be Tested?.
  • What Makes a Good Penetration Test?.
  • ROI on Penetration Testing.
  • Testing Points.
  • Testing Locations.
  • Types of Penetration Testing .
  • External Penetration Testing.
  • Internal Security Assessment.
  • Black-box Penetration Testing.
  • Grey-box Penetration Testing.
  • White-box Penetration Testing.
  • Announced / Unannounced Testing .
  • Automated Testing.
  • Manual Testing.
  • Common Penetration Testing Techniques.
  • Using DNS Domain Name and IP Address Information .
  • Enumerating Information about Hosts on Publicly-Available Networks.
  • Phases of Penetration Testing .
  • Pre-Attack Phase.
  • Attack Phase .
  • Activity: Perimeter Testing.
  • Enumerating Devices.
  • Activity: Acquiring Target.
  • Activity: Escalating Privileges.
  • Activity: Execute, Implant, and Retract.
  • Post-Attack Phase and Activities .
  • Penetration Testing Deliverable Templates.
  • Penetration Testing Methodology .
  • Application Security Assessment .
  • Web Application Testing - I.
  • Web Application Testing - II.
  • Web Application Testing - III.
  • Network Security Assessment.
  • Wireless/Remote Access Assessment .
  • Wireless Testing.
  • Telephony Security Assessment.
  • Social Engineering.
  • Testing Network-Filtering Devices.
  • Denial of Service Emulation.
  • Outsourcing Penetration Testing Services .
  • Terms of Engagement.
  • Project Scope.
  • Pentest Service Level Agreements.
  • Penetration Testing Consultants.
  • Evaluating Different Types of Pentest Tools.
  • Application Security Assessment Tool .
  • Webscarab.
  • Network Security Assessment Tool .
  • Angry IP scanner .
  • GFI LANguard.
  • Wireless/Remote Access Assessment Tool .
  • Kismet.
  • Telephony Security Assessment Tool .
  • Omnipeek .
  • Testing Network-Filtering Device Tool .
  • Traffic IQ Professional.
Apply Now