CEH

APTECH COMPUTER EDUCATION – KHARTOUM - SUDAN

Course Outline Certified Ethical Hacker (CEH v5) Introduction to Ethical Hacking, Ethics, and Legality -

Understanding Ethical Hacking Terminology Identifying Different Types of Hacking Technologies Understanding the Different Phases Involved in Ethical Hacking and Listing the Five Stages of Ethical Hacking o Phase 1: Passive and Active Reconnaissance o Phase 2: Scanning o Phase 3: Gaining Access o Phase 4: Maintaining Access o Phase 5: Covering Tracks

-

What Is Hacktivism? Listing Different Types of Hacker Classes Ethical Hackers and Crackers—Who Are They? What Do Ethical Hackers Do? Goals Attackers Try to Achieve Security, Functionality, and Ease of Use Triangle Defining the Skills Required to Become an Ethical Hacker What Is Vulnerability Research? Describing the Ways to Conduct Ethical Hacking Creating a Security Evaluation Plan Types of Ethical Hacks Testing Types Ethical Hacking Report Understanding the Legal Implications of Hacking Understanding 18 U.S.C. § 1029 and 1030 U.S. Federal Law

-

Footprinting and Social Engineering -

Footprinting Define the Term Footprinting Describe the Information Gathering Methodology Describe Competitive Intelligence Understand DNS Enumeration Understand Whois and ARIN Lookups Identify Different Types of DNS Records Understand How Traceroute Is Used in Footprinting Understand How E-Mail Tracking Works Understand How Web Spiders Work

APTECH COMPUTER EDUCATION – KHARTOUM - SUDAN -

Social Engineering What Is Social Engineering? What Are the Common Types Of Attacks? Understand Insider Attacks Understand Identity Theft Describe Phishing Attacks Understand Online Scams Understand URL Obfuscation Social-Engineering Countermeasures

Scanning and Enumeration -

Scanning Define the Terms Port Scanning, Network Scanning, and Vulnerability Scanning Understand the CEH Scanning Methodology Understand Ping Sweep Techniques Understand Nmap Command Switches Understand SYN, Stealth, XMAS, NULL, IDLE, and FIN Scans List TCP Communication Flag Types Understand War-Dialing Techniques Understand Banner Grabbing and OS Fingerprinting Techniques Understand How Proxy Servers Are Used in Launching an Attack How Do Anonymizers Work? Understand HTTP Tunneling Techniques Understand IP Spoofing Techniques

Enumeration -

What Is Enumeration? What Is Meant by Null Sessions? What Is SNMP Enumeration? Windows 2000 DNS Zone Transfer What Are the Steps Involved in Performing Enumeration?

-

System Hacking -

Understanding Password-Cracking Techniques Understanding the LanManager Hash Cracking Windows 2000 Passwords Redirecting the SMB Logon to the Attacker SMB Redirection SMB Relay MITM Attacks and Countermeasures NetBIOS DoS Attacks Password-Cracking Countermeasures Understanding Different Types of Passwords

APTECH COMPUTER EDUCATION – KHARTOUM - SUDAN -

Passive Online Attacks Active Online Attacks Offline Attacks Nonelectronic Attacks Understanding Keyloggers and Other Spyware Technologies Understand Escalating Privileges Executing Applications Buffer Overflows Understanding Rootkits Planting Rootkits on Windows 2000 and XP Machines Rootkit Embedded TCP/IP Stack Rootkit Countermeasures Understanding How to Hide Files NTFS File Streaming NTFS Stream Countermeasures Understanding Steganography Technologies Understanding How to Cover Your Tracks and Erase Evidence Disabling Auditing Clearing the Event Log

Trojans, Backdoors, Viruses, and Worms -

Trojans and Backdoors What Is a Trojan? What Is Meant by Overt and Covert Channels? List the Different Types of Trojans How Do Reverse-Connecting Trojans Work? Understand How the Netcat Trojan Works What Are the Indications of a Trojan Attack? What Is Meant by “Wrapping”? Trojan Construction Kit and Trojan Makers What Are the Countermeasure Techniques in Preventing Trojans? Understand Trojan-Evading Techniques System File Verification Subobjective to Trojan Countermeasures Viruses and Worms Understand the Difference between a Virus and a Worm Understand the Types of Viruses Understand Antivirus Evasion Techniques Understand Virus Detection Methods

Sniffers -

Understand the Protocols Susceptible to Sniffing Understand Active and Passive Sniffing Understand ARP Poisoning

APTECH COMPUTER EDUCATION – KHARTOUM - SUDAN -

Understand Ethereal Capture and Display Filters Understand MAC Flooding Understand DNS Spoofing Techniques Describe Sniffing Countermeasures

Denial of Service and Session Hijacking -

Denial of Service Understand the Types of DoS Attacks Understand How DDoS Attacks Work Understand How BOTs/BOTNETs Work What Is a “Smurf” Attack? What Is “SYN” Flooding? Describe the DoS/DDoS Countermeasures Session Hijacking Understand Spoofing vs. Hijacking List the Types of Session Hijacking Understand Sequence Prediction What Are the Steps in Performing Session Hijacking? Describe How You Would Prevent Session Hijacking

Hacking Web Servers, Web Application Vulnerabilities, and WebBased Password Cracking Techniques -

Hacking Web Servers List the Types of Web Server Vulnerabilities Understand the Attacks against Web Servers Understand IIS Unicode Exploits Understand Patch Management Techniques Describe Web Server Hardening Methods Web Application Vulnerabilities Understanding How Web Applications Work Objectives of Web Application Hacking Anatomy of an Attack Web Application Threats Understand Google Hacking Understand Web Application Countermeasures Web-Based Password Cracking Techniques List the Authentication Types What Is a Password Cracker? How Does a Password Cracker Work? Understand Password Attacks: Classification Understand Password-Cracking Countermeasures

SQL Injection and Buffer Overflows -

SQL Injection What Is SQL Injection? Understand the Steps to Conduct SQL Injection

APTECH COMPUTER EDUCATION – KHARTOUM - SUDAN -

Understand SQL Server Vulnerabilities Describe SQL Injection Countermeasures Buffer Overflows Identify the Different Types of Buffer Overflows and Methods of Detection Overview of Stack-Based Buffer Overflows Overview of Buffer Overflow Mutation Techniques

Wireless Hacking -

Overview of WEP, WPA Authentication Mechanisms, and Cracking Techniques Overview of Wireless Sniffers and Locating SSIDs, MAC Spoofing Understand Rogue Access Points Understand Wireless Hacking Techniques Describe the Methods Used to Secure Wireless Networks

-

Physical Security -

Physical Security Breach Incidents Understanding Physical Security What Is the Need for Physical Security? Who Is Accountable for Physical Security? Factors Affecting Physical Security

Linux Hacking -

Linux Basics Understand How to Compile a Linux Kernel Understand GCC Compilation Commands Understand How to Install Linux Kernel Modules Understand Linux Hardening Methods

Evading IDSs, Honeypots, and Firewalls -

List the Types of Intrusion Detection Systems and Evasion Techniques List the Firewall Types and Honeypot Evasion Techniques

Cryptography -

Overview of Cryptography and Encryption Techniques Describe How Public and Private Keys Are Generated Overview of the MD5, SHA, RC4, RC5, and Blowfish Algorithms

APTECH COMPUTER EDUCATION – KHARTOUM - SUDAN

NOTE: - CEH is not the study of hacking or hacking tools, but it provides the candidate deeper knowledge that how the hackers do exploit the networks, so that a security professional can better understand the hackers mind to prevent hacking and securing the networks. A variety of hacking tools are demonstrated in the lab for proof of concepts only. - There are tons of hacking tools available in market for achieving different hacking and anti-hacking goals; only few of tools will be practice during the CEH training.

Pre-Requisites.

The CEH candidates should possess good knowledge of computer networks, preferably as following - In-depth knowledge of TCP/IP - MCSA/MCSE level knowledge is preferable Basics of Linux OS is a plus advantage

Duration: 40 hrs