Certified Ethical Hacker CEHv9 Course
Outline
- Focus on New Attack Vectors
- Emphasis on Cloud Computing
Technology
- CEHv9 focuses on various
threats and hacking attacks to the emerging cloud computing technology
- Covers wide-ranging
countermeasures to combat cloud computing attacks
- Provides a detailed pen
testing methodology for cloud systems to identify threats in advance
- Emphasis on Mobile Platforms
and Tablet Computers
- CEHv9 focuses on the latest
hacking attacks targeted to mobile platform and tablet computers and
covers countermeasures to secure mobile infrastructure
- Coverage of latest
development in mobile and web technologies
|
- New Vulnerabilities Are Addressed
- Heartbleed CVE-2014-0160
- Heartbleed makes the SSL
layer used by millions of websites and thousands of cloud providers
vulnerable.
- Detailed coverage and labs
in Module 18: Cryptography.
- Shellshock CVE-2014-6271
- Shellshock exposes
vulnerability in Bash, the widely-used shell for Unix-based operating
systems such as Linux and OS X.
- Detailed coverage and labs
in Module 11: Hacking Webservers
- Poodle CVE-2014-3566
- POODLE lets attackers
decrypt SSLv3 connections and hijack the cookie session that
identifies you to a service, allowing them to control your account
without needing your password.
- Case study in Module 18:
Cryptography
- Hacking Using Mobile Phones
- CEHv9 focuses on performing
hacking (Foot printing, scanning, enumeration, system hacking,
sniffing, DDoS attack, etc.) using mobile phones
- Courseware covers latest
mobile hacking tools in all the modules
- Coverage of latest Trojan,
Virus, Backdoors
- Courseware covers
Information Security Controls and Information Security Laws and
Standards
- Labs on Hacking Mobile
Platforms and Cloud Computing
- More than 40 percent new
labs are added from Version 8
- More than 1500 new/updated
tools
- CEHv9 program focuses on
addressing security issues to the latest operating systems like Windows
8.1
- It also focuses on
addressing the existing threats to operating environments dominated by
Windows 7, Windows 8, and other operating systems (backward
compatibility)
|
Course Description
The Certified Ethical Hacker program is the pinnacle of the most desired
information security training program any information security professional
will ever want to be in. To master the hacking technologies, you will need to
become one, but an ethical one! The accredited course provides the advanced
hacking tools and techniques used by hackers and information security
professionals alike to break into an organization. As we put it, “To beat a
hacker, you need to think like a hacker”. This course will immerse you into the
Hacker Mindset so that you will be able to defend against future attacks. The
security mindset in any organization must not be limited to the silos of a
certain vendor, technologies or pieces of equipment. This course prepares you
for EC-Council Certified Ethical Hacker exam 312-50
This ethical hacking course puts you in the driver’s seat of a
hands-on environment with a systematic process. Here, you will be exposed to an
entirely different way of achieving optimal information security posture in
their organization; by hacking it! You will scan, test, hack and secure your
own systems. You will be taught the five phases of ethical hacking and the ways
to approach your target and succeed at breaking in every time! The five phases
include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and
covering your tracks.
Underground
Hacking
Tools
The hacking tools and techniques in each of these five phases
are provided in detail in an encyclopedic approach to help you identify when an
attack has been used against your own targets. Why then is this training called
the Certified Ethical Hacker Course? This is because by using the same
techniques as the bad guys, you can assess the security posture of an
organization with the same approach these malicious hackers use, identify weaknesses
and fix the problems before they are identified by the enemy, causing what
could potentially be a catastrophic damage to your respective organization.
We live in an age where attacks are all susceptible and come from
anyplace at any time and we never know how skilled, well-funded, or persistent
the threat will be. Throughout the CEH course, you will be immersed in a
hacker's mindset, evaluating not just logical, but physical security. Exploring
every possible point of entry to find the weakest link in an organization. From
the end user, the secretary, the CEO, miss-configurations, vulnerable times
during migrations even information left in the dumpster.
Who Should Attend
The Certified Ethical Hacking training course will significantly benefit
security officers, auditors, security professionals, site administrators, and
anyone who is concerned about the integrity of the network infrastructure
Duration: 5 Days (9:00 AM – 5:00 PM)
Exam Info
Number of Questions:
125
Test Duration: 4 Hours
Test Format: Multiple
Choice
Test Delivery: ECC
EXAM, VUE
Exam Prefix: 312-50 (ECC
EXAM), 312-50 (VUE)
Certification
The Certified Ethical Hacker exam 312-50. Students need to pass the online
Prometric exam to receive CEH certification.
Skills Measured
The exam 312-50 tests CEH candidates on the following 18
domains.
Introduction to
Ethical Hacking
Footprinting and
Reconnaissance
Scanning Networks
Enumeration
System Hacking
Malware Threats
Sniffing
Social Engineering
Denial of Service
Session Hijacking
Hacking Webservers
Hacking Web
Applications
SQL Injection
Hacking Wireless
Networks
Hacking Mobile
Platforms
Evading IDS,
Firewalls, and Honeypots
Cloud Computing
Cryptography
Section
|
Knowledge of
|
Weight
|
No. of Q.
|
Background
|
A
|
networking
technologies (e.g., hardware, infrastructure)
|
4%
|
5
|
|
B
|
Web
Technologies (e.g., web 2.0, skype)
|
|
C
|
Systems
Technologies
|
|
D
|
Communication
Protocols
|
|
E
|
Malware
Operations
|
|
F
|
Mobile
Technologies (e.g., smart phones)
|
|
G
|
Telecommunication
Technologies
|
|
H
|
backups
and archiving (e.g., local, network)
|
|
Analysis/Assessment
|
A
|
Data
Analysis
|
13%
|
16
|
|
B
|
Systems
Analysis
|
|
C
|
Risk
Assessments
|
|
D
|
Technical
Assessment Methods
|
|
Security
|
A
|
Systems
Security Controls
|
25%
|
31
|
|
B
|
Application/Fileserver
|
|
C
|
Firewalls
|
|
D
|
Cryptography
|
|
E
|
Network
Security
|
|
F
|
Physical
Security
|
|
G
|
Threat
Modeling
|
|
H
|
Verification
Procedures (e.g.,false positive/negative validation)
|
|
I
|
Social
Engineering (human factors manipulation)
|
|
J
|
Vulnerability
Scanners
|
|
K
|
Security
Policy Implications
|
|
L
|
Privacy/Confidentiality
(with regard to engagement)
|
|
M
|
Biometrics
|
|
N
|
Wireless
Access Technology (e.g., networking, RFID, Blue tooth)
|
|
O
|
Trusted
Networks
|
|
P
|
Vulnerabilities
|
|
Tools/Systems/Programs
|
A
|
Network/Host Based Intrusion
|
|
|
|
B
|
Network/Wireless Sniffers (e.g., WireShark, Airsnort)
|
|
C
|
Access Control Mechanisms (e.g., smart cards)
|
|
D
|
Cryptography Techniques (e.g., IPsec, SSL, PGP)
|
|
E
|
Programming Languages (e.g. C++, Java, C#, C)
|
|
F
|
Scripting Languages (e.g., PHP, Java script)
|
|
G
|
Boundary Protection Appliances (e.g., DMZ)
|
|
H
|
Network Topologies
|
|
I
|
Subnetting
|
|
J
|
Port Scanning (e.g., NMAP)
|
|
K
|
Domain Name System (DNS)
|
|
L
|
Routers/Modems/Switches
|
|
M
|
Vulnerability Scanner (e.g., Nessus, Retina)
|
|
N
|
Vulnerability Management and Protection Systems (e.g.,
Foundstone, Ecora)
|
|
O
|
Operating Environments (e.g., Linux, Windows, Mac)
|
|
P
|
Antivirus Systems and Programs
|
|
Q
|
Log Analysis Tools
|
|
R
|
Security Models
|
|
S
|
Exploitation Tools
|
|
T
|
Database Structures
|
|
Procedures/Methodology
|
A
|
Cryptography
|
20%
|
25
|
|
B
|
Public key Infrastructure (PKI)
|
|
C
|
Security Architecture (SA)
|
|
D
|
Service Oriented Architecture (SOA)
|
|
E
|
Information Security Incident Management
|
|
F
|
N-tier Application Design
|
|
G
|
TCP/IP Networking (e.g., network routing)
|
|
H
|
Security Testing Methodology
|
|
Regulation/Policy
|
|
Security Policies
|
4%
|
5
|
|
|
Compliance Regulations (e.g., PCI)
|
|
Ethics
|
A
|
Professional Code of Conduct
|
2%
|
3
|
|
B
|
Appropriateness of Hacking Activities
|
