CEH Ethical Hacking (CEH)

CEH Ethical Hacking (CEH)

Course Overview

Ethical hacking is the use of programming skills to determine vulnerabilities in a computer system. An ethical hacker attacks a security system on behalf of its owners seeking vulnerabilities but reporting problems instead of taking advantage of them.

This course is designed to help prepare for the EC-Council Certified Ethical Hacker certifications. The course is structured knowledge base needed to probe, discover vulnerabilities and recommend solutions for tightening network security and protecting data from potential attackers. Focus is on penetration-testing tools and techniques to protect computer networks

Basic computer skills (not just MS Word but using the command line, editing the registry, and setting up a network

Course Objectives


.

Course Learning Outcomes


CompTIA Certification

Security +

Associate Level

Contents

Module 1

Module 2

Module 3

Module 4

  • Introduction

Introduction to Ethical Hacking.

Foot printing and Reconnaissance.

Scanning Networks.

Enumeration.

System Hacking.

Trojans and Backdoors.

Viruses and Worms.

Sniffers and Session Hijacking.

Social Engineering.

Denial of Service.

Webservers and Applications.

Hacking Wireless Networks.

IDS, Firewalls, and Honeypots.

Buffer Overflows.

Cryptography.

Penetration Testing. 


Course Learning Syllabus

Introduction Lecturer Introduction

Importance of this course


What you will learn in this course

Assessing Information Security Risk Topic 1:   Networking skills (for example, understanding routers and switches, internet protocols, and advanced TCP/IP)


Understanding OSI Module 


Understanding Switches & Routers


IP Address segmentation


DNS, MAC Addresses 


Network Infrastructure 


Layer 3 Vulnerabilities 

Topic 2:  Linux skills (these are non-negotiable)



Command Line


Fundamentals of Linux Environment



OS vulnerabilities - Windows - Mac OS - Linux - Android - iOS 

Unsecure service and     protocol configurations 

Privilege escalation - Linux-specific - SUID/SGID programs - Unsecure SUDO  - Ret2libc  - Sticky bits - Windows-specific


System-Specific Risk Analysis


Risk Determinations


Documentation of Assessment Results


Guidelines for Assessing Risk


Topic 3:  Database skills& CIA (starting with SQL)



Classes of Information


Classification of Information Types into CIA Levels


Security Control Categories


Technical Controls (Template)


Technical Controls (Example Answer)


Aggregate CIA Score


Common Vulnerability Scoring System


Common Vulnerabilities and Exposures


Demo - Common Vulnerability Scoring System


Extreme Scenario Planning and Worst Case 

Common host-related symptoms - Processor consumption 

Memory consumption - Drive capacity consumption 

Unauthorized software - Malicious processes 

Unauthorized changes - Unauthorized privileges - Data exfiltration


Topic 4: Integrate Documentation into Risk Management


From Policy to Procedures


Policy Development


Process and Procedure Development


Demo - Finding a Policy Template


Topics to Include in Security Policies and Procedures


Best Practices to Incorporate in Security Policies and Procedures


Business Documents That Support Security Initiatives


Guidelines for Integrating Documentation into Risk Management


Review

Analyzing the Threat Landscape Topic 5: Classify Threats and Threat Profiles

Threat Actors

Threat Motives

Threat Intentions

Attack Vectors

Attack Technique Criteria

Qualitative Threat and Impact Analysis

Guidelines for Classifying Threats and Threat Profiles

Topic 6: Perform Ongoing Threat Research

Ongoing Research

Situational Awareness

Commonly Targeted Assets

The Latest Vulnerabilities

The Latest Threats and Exploits

The Latest Security Technologies

Resources Aiding in Research

Demo - Resources that Aid in Research of Threats

The Global Cybersecurity Industry and Community

Trend Data

Trend Data and Qualifying Threats

Guidelines for Performing Ongoing Threat Research

Review

Analyzing Reconnaissance Threats to Computing and Network Environments Topic 7: Implement Threat Modeling

The Diverse Nature of Threats

The Anatomy of a Cyber Attack


Threat Modeling


Reasons to Implement Threat Modeling


Threat Modeling Process


Attack Tree


Threat Modeling Tools


Threat Categories

Topic 8: Assess the Impact of Reconnaissance Incidents


Footprinting, Scanning, and Enumeration


Footprinting Methods


Network and System Scanning Methods


Enumeration Methods


Evasion Techniques for Reconnaissance


Reconnaissance Tools


Packet Trace Analysis with Wireshark


Demo - Performing Reconnaissance on a Network


Demo - Examining Reconnaissance Incidents


Review

Analyzing Attacks on Computing and Network Environments Topic 9: Assess the Impact of System Hacking Attacks


System Hacking


Password Sniffing


Password Cracking


Demo - Cracking Passwords Using a Password File


Privilege Escalation


Social Engineering for Systems Hacking


System Hacking Tools and Exploitation Frameworks


Topic 10: Assess the Impact of Web-Based Attacks


Client-Side vs. Server-Side Attacks


XSS


XSRF


SQL Injection


Directory Traversal


File Inclusion


Additional Web Application Vulnerabilities and Exploits


Web Services Exploits


Web-Based Attack Tools


Demo - Assessing the Impact of Web-Based Threats

Topic 11: Assess the Impact of Malware


Malware Categories


Trojan Horse


Polymorphic Virus


Spyware


Supply Chain Attack


Malware Tools


Demo - Malware Detection and Removal

Topic 12: Assess the Impact of Hijacking and Impersonation Attacks


Spoofing, Impersonation, and Hijacking


ARP Spoofing


DNS Poisoning


ICMP Redirect


DHCP Spoofing


NBNS Spoofing


Session Hijacking


Hijacking and Spoofing Tools

Topic 13: Assess the Impact of DoS Incidents


DoS Attacks


DoS Attack Techniques


DDoS


DoS Evasion Techniques


DoS Tools


Demo - Assessing the Impact of DoS Attacks

Topic: Assess the Impact of Threats to Cloud Security


Cloud Infrastructure Challenges


Threats to Virtualized Environments


Threats to Big Data


Example of a Cloud Infrastructure Attack


Cloud Platform Security Review


Analyzing Post-Attack Techniques Topic: Assess Command and Control Techniques


Command and Control


IRC


HTTP/S


DNS


ICMP


Additional Channels


Demo - Assessing Command and Control Techniques


Anti-Forensics


Golden Ticket and Anti-Forensics


Demo - Assessing Anti-Forensics


Buffer Overflows


Memory Residents


Program Packers


VM and Sandbox Detection


ADS


Covering Tracks

Review

Evaluating the Organization’s Security Posture Topic: Conduct Vulnerability Assessments


Vulnerability Assessment


Penetration Testing


Vulnerability Assessment vs. Penetration Testing


Vulnerability Assessment Implementation


Vulnerability Assessment Tools


Specific Assessment Tools


Port Scanning and Fingerprinting


Sources of Vulnerability Information


Operating System and Software Patching


Systemic Security Issues


Demo - Perform a Vulnerability Scan with Nessus


Demo - Perform a Vulnerability Scan with MBSA

Topic: Conduct Penetration Tests on Network Assets


ROE


Pen Test Phases


Pen Test Scope


External vs. Internal Pen Testing


Pen Testing Techniques


Pen Testing Tools of the Trade


Kali Linux


Data Mining


Attack Surface Scanning and Mapping


Packet Manipulation for Enumeration


Simulated Attacks


Password Attacks


Penetration Test Considerations

Topic: Follow Up on Penetration Testing


Effective Reporting and Documentation


Target Audiences


Information Collection Methods


Penetration Test Follow-Up


Report Classification and Distribution

Review

Topic: Deploy a Security Intelligence Collection and Analysis Platform


Security Intelligence


The Challenge of Security Intelligence Collection


Security Intelligence Collection Lifecycle


Security Intelligence Collection Plan


CSM


What to Monitor


Security Monitoring Tools


Data Collection


Potential Sources of Security Intelligence


Guidelines for Determining Which Data to Collect for Security Intelligence


Guidelines for Determining Which Fields You Should Log


Guidelines for Configuring Logging Systems Based on Their Impact


Guidelines for Determining Which Events Should Prompt an Alert


Information Processing


External Data Sources


Publicly Available Information


Collection and Reporting Automation


Data Retention

Topic C: Collect Data from Host-Based Intelligence Sources


Operating System Log Data


Windows Event Logs


Syslog Data


Application Logs


DNS Event Logs


SMTP Logs


HTTP Logs


FTP Logs


SSH Logs


SQL Logs


Demo - Collecting Host-Based Security Intelligence


Demo - Parsing Log Files

Review

Review

Performing Active Asset and Network Analysis Topic: Analyze Incidents with Windows-Based Tools

Registry Editor (regedit)

Analysis with Registry Editor

File System Analysis Tools for Windows

Process Explorer


Process Monitor


Service Analysis Tools for Windows


Volatile Memory Analysis Tools for Windows


Active Directory Analysis Tools


Network Analysis Tools for Windows


Demo - Windows-Based Incident Analysis Tools

Topic: Analyze Incidents with Linux-Based Tools


File System Analysis Tools for Linux


Process Analysis Tools for Linux


Volatile Memory Analysis Tools for Linux


Session Analysis Tools for Linux


Network Analysis Tools for Linux


Demo - Linux-Based Incident Analysis Tools

Topic: Analyze Malware


Malware Sandboxing


Crowd-Sources Signature Detection


VirusTotal Malware Entry


Reverse Engineering


Disassemblers


Disassembly of Malware in IDA


Malware Strings


Anti-Malware Solutions


MAEC


Guidelines for Analyzing Malware


Demo - Analyzing Malware

Topic: Analyze Indicators of Compromise


IOCs


Unauthorized Software and Files


Suspicious Emails


Suspicious Registry Entries


Unknown Port and Protocol Usage


Excessive Bandwidth Usage


Service Disruption and Defacement


Rogue Hardware


Suspicious or Unauthorized Account Usage


Guidelines for Analyzing Indicators of Compromise


Demo - Analyzing Indicators of Compromise 

Review

Responding to Cybersecurity Incidents

Topic: Prepare for Forensic Investigation as a CSIRT


The Duties of a Forensic Analyst


Communication of CSIRT Outcomes to Forensic Analysts


Guidelines for Conducting Post-Incident Tasks

Review

Investigating Cybersecurity Incident Topic: Apply a Forensic Investigation Plan


A Day in the Life of a Forensic Analyst


Forensic Investigation Models


Forensic Investigation Preparation


Investigation Scope


Timeline Generation and Analysis


Authentication of Evidence


Chain of Custody


Communication and Interaction with Third Parties


Forensic Toolkits


Guidelines for Preparing for a Forensic Investigation

Topic: Securely Collect and Analyze Electronic Evidence


Order of Volatility


File Systems


File Carving and Data Extraction


Persistent Data


Data Preservation for Forensics


Forensic Analysis of Compromised Systems


Demo - Securely Collecting Electronic Evidence


Demo - Analyzing Forensic Evidence

Topic: Follow Up on the Results of an Investigation


Cyber Law


Technical Experts and Law Enforcement Liaisons


Documentation of Investigation Results

Review

Conclusion Wrap-Up