C|EH - Certified Ethical Hacker v8 (5 Days)

EC-Council - C|EHv8

The most current and advanced ethical hacking training program on the market.

Overview
Curriculum
What's Included
Testimonials
Pricing

Training Information

Duration: 5 days (50 hours)

Bring a Class to You

Resources

Contact Us for More Info

1-800-698-5501
Email Us

Gain recognition as being a certified member of a globally-recognized institution, and attain the skills of a professional ethical hacker/penetration tester. This EC-Council Certified Ethical Hacker (CEH) version 8 Program provides you with the industry’s most advanced ethical hacking and penetration testing curriculum covering 20 of the most current security domains that any ethical hacker will want to know.

Our courseware is over 3500 pages, covering 20 modules with over 25 GB of real life underground hacking tools that are not found in any other training course in the world.

Our CEH Training Camp is a 5-day program that immerses students into a hands-on environment where they will be shown how to conduct ethical hacking. They will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! They will scan, test, hack and secure their own systems. The goal of this CEHv8 course, as designed by our EC-Council Master Instructors and team of published authors, is to help you master an ethical hacking methodology that can be used in a penetration testing or ethical hacking situation, including the latest operating systems, such as Android OS, Windows 8, Windows Server 2012, BlackBerry 7 OS and many more.

Our Proprietary CCNA Boot Camp Highlights

Customized CEH courseware and actual labs (no simulations) written with passing the exam in mind
State-of-the-art lab environment including 1500 updated tools and real time case studies
Our CEH course development team features industry-leading technologists and published authors, such as Steven DeFino and David Minutella
FREE access to our Comprehensive Online Learning Library covering over 100 hours of pre-class interactive training

Training Camp’s Accelerated CEH Exam Review Study Guide & Exam Preparation Software
Breakfast and lunch are included with optional hotel stay and round-trip airfare
Official EC-Council CEH Examination Voucher: 312-50 (version 8) is included
CEHv8 Examination delivered onsite, via Prometric

Prerequisites

This course is intended for security officers, auditors, security professionals, site administrators, and Government and DoD agencies requiring compliance with Federal Information Security Management Act (FISMA) and DoD Directive 8570.1-M. If you are unsure about your background and skill set, we will help you decide which path is best for you.

Our Guarantee

Should an attendee complete our CEH Training Camp Program without having successfully passed all vendor examinations, the student may re-attend that program for a period of up to one year; free of charge. Students will only be responsible for accommodations and vendor exam fees. We also provide mentoring programs post and prior to class to support your learning plan.

Training Camp's CEH 5-Day Curriculum

The following curriculum is authorized by EC-Council and is comprised of the following learning modules:

Intro to Ethical Hacking
Footprinting and Reconnaissance
Scanning Networks
Enumeration
System Hacking
Trojans and Backdoors
Penetration Testing

Viruses and Worms
Sniffers
Social Engineering
Denial of Service
Session Hijacking
Hacking Webservers
On-Site Exam Delivery

Hacking Web Applications
SQL Injection
Hacking Wireless Networks
Hacking Mobile Platforms
Evading IDS, Firewalls, and Honeypots
Buffer Overflow
Cryptography

Introduction to Ethical Hacking

Information Security Overview
Internet Crime Current Report: IC3
Data Breach Investigations Report
Essential Terminology & Elements of Information Security
The Security, Functionality, and Usability Triangle
Information Security Threats and Attack Vectors
Top Information Security Attack Vectors
Motives, Goals, and Objectives of Information Security Attacks
Information Security Threats & Information Warfare
IPv6 Security Threats
Hacking Concepts, Hacking vs. Ethical Hacking, & Effects of Hacking on Business
Who Is a Hacker?
Hacker Classes
Hacktivism & Hacking Phases
Operating System Attacks & Misconfiguration Attacks
Application-Level Attacks & Examples
Shrink Wrap Code Attacks
Information Security Controls & Policies
Why Ethical Hacking is Necessary
Scope and Limitations of Ethical Hacking
Skills of an Ethical Hacker
Defense in Depth
Incident Management Process
Classification, Structure, and Contents of Security Policies
Types of Security Policies & Examples
Steps to Create and Implement Security Policies
Vulnerability Research & Vulnerability Research Websites
What Is Penetration Testing / Why Penetration Testing / Penetration Testing Methodology

Footprinting and Reconnaissance

Footprinting Concepts & Terminology
What is Footprinting? Why Footprinting?
Objectives of Footprinting
Footprinting Threats & Methodology
Footprinting through Search Engines
Finding Company’s External and Internal URLs
Public and Restricted Websites
Collect Location Information
People Search, People Search Online Services, & People Search on Social Networking Services
Gather Information from Financial Services
Footprinting through Job Sites
Monitoring Target Using Alerts
Website Footprinting
Mirroring Entire Website & Website Mirroring Tools
Extract Website Information from http://www.archive.org
Monitoring Web Updates Using Website Watcher
Email Footprinting & Tracking Email Communications
Collecting Information from Email Header
Email Tracking Tools: Competitive Intelligence & Competitive Intelligence Gathering
Competitive Intelligence - When Did this Company Begin? How did it develop? What Are the Company's Plans? What Expert Opinions Say About the Company
Footprinting using Google & Footprint Using Google Hacking Techniques
What a Hacker can do with Google Hacking?
Google Advance Search Operators & Finding Resources Using Google Advance Operator
Google Hacking Tool: Google Hacking Database (GHDB)
WHOIS Lookup, WHOIS Lookup Result Analysis, WHOIS Lookup Tool: SmartWhois, WHOIS Lookup Tools & Online Tools
DNS Footprinting, Extracting DNS Information, & DNS Interrogation Tools
Network Footprinting
Locate the Network Range & Determine the Operating System
Traceroute, Traceroute Analysis, & Traceroute Tools
Footprinting through Social Engineering
Collect Information Using Eavesdropping, Shoulder Surfing, and Dumpster Diving
Collect Information through Social Engineering on Social Networking Sites
Information Available on Social Networking Sites
Collecting Facebook, Twitter, Linkedin & Youtube Information
Tracking Users on Social Networking Sites
Footprinting Tools: Maltego, Domain Name Analyzer Pro, & Web Data Extractor
Footprinting Countermeasures & Footprinting Penetration Testing
Footprinting Pen Testing & Pen Testing Report Templates

Scanning Networks

Overview of Network Scanning
CEH Scanning Methodology
Check for Live Systems: ICMP Scanning & Ping Sweep
Check for Open Ports
Three-Way Handshake
TCP Communication Flags & Create Custom Packet Using TCP Flags
Scanning IPv6 Network & Scanning Tool: Nmap
Hping2 / Hping3 & Hping Commands
Scanning Techniques: TCP Connect / Full Open Scan, Stealth Scan (Half-open Scan), Xmas Scan, FIN Scan, NULL Scan, IDLE Scan (Steps 1, 2 & 3), ICMP Echo Scanning/List Scan, UDP Scanning, Inverse TCP Flag Scanning, & ACK Flag Scanning
Scanning Tool: NetScan Tools Pro
Do Not Scan These IP Addresses (Unless you want to get into trouble)
Port Scanning Countermeasures
Scanning Beyond IDS: IDS Evasion Techniques & SYN/FIN Scanning Using IP Fragments
Banner Grabbing Tools & Countermeasures: Disabling or Changing Banner
Hiding File Extensions from Web Pages
Scan for Vulnerability
Vulnerability Scanning Tools: Nessus, GAFI LanGuard, & SAINT
Network Vulnerability Scanners
Drawing Network Diagrams
Network Discovery and Mapping Tools: LANsurveyor, OpManager, NetworkView, & The Dude
Prepare Proxies
Proxy Servers & Why Attackers Use Proxy Servers?
Proxy Chaining & Proxy Tools: Proxy Workbench, Proxifier, Proxy Switcher, SocksChain, & TOR (The Onion Routing)
Free Proxy Servers
HTTP Tunneling Techniques & Why do I Need HTTP Tunneling
HTTP Tunneling Tools: Super Network Tunnel & HTTP-Tunnel
SSH Tunneling & SSH Tunneling Tool: Bitvise
Anonymizers, G-Zapper, & Spoofing IP Address
Case: Bloggers Write Text Backwards to Bypass Web Filters in China
Censorship Circumvention Tools: Psiphon & Your-Freedom
How to Check if Your Website is Blocked in China or Not?
IP Spoofing Detection Techniques: Direct TTL Probes, IP Identification Number, & TCP Flow Control Method
IP Spoofing Countermeasures
Scanning Pen Testing

Enumeration

Enumeration Concepts
What is Enumeration?
Techniques for Enumeration & Services and Ports to Enumerate
NetBIOS Enumeration & Tools: SuperScan, Hyena, Winfingerprint, & NetBIOS Enumerator
Enumerating User Accounts & Enumerate Systems Using Default Passwords
SNMP (Simple Network Management Protocol) Enumeration
Working of SNMP & Management Information Base (MIB)
SNMP Enumeration Tools: OpUtils & SolarWind’s IP Network Browser
UNIX/Linux Enumeration
UNIX/Linux Enumeration Commands & Linux Enumeration Tool: Enum4linux
LDAP Enumeration & LDAP Enumeration Tool: Softerra LDAP Administrator
NTP Enumeration & NTP Enumeration Commands
SMTP Enumeration & SMTP Enumeration Tool: NetScanTools Pro
DNS Enumeration & DNS Zone Transfer Enumeration Using NSLookup
Enumeration Countermeasures & SMB Enumeration Countermeasures
Enumeration Pen Testing

System Hacking

Information at Hand Before System Hacking Stage
System Hacking: Goals
CEH Hacking Methodology (CHM) & CEH System Hacking Steps
Password Cracking, Password Complexity, Password Cracking Techniques & Types of Password Attacks
Passive Online Attacks: Wire Sniffing, Eavesdropping, Man-in-the-Middle and Replay Attack
Active Online Attacks: Password Guessing, Trojan/Spyware/Keylogger, & Hash Injection Attack
Offline Attack: Rainbow Attacks
Tools to Create Rainbow Tables: Winrtgen and rtgen
Distributed Network Attack & Elcomsoft Distributed Password Recovery
Non-Electronic Attacks
Default Passwords, Manual Password Cracking (Guessing), & Automatic Password Cracking Algorithm
Stealing Passwords Using USB Drive and Using Keyloggers
Microsoft Authentication
How Hash Passwords Are Stored in Windows SAM? What Is LAN Manager Hash?
LM “Hash” Generation, & LM, NTLMv1, and NTLMv2
NTLM Authentication Process
Kerberos Authentication & Salting
PWdump7 and Fgdump, L0phtCrack, Ophcrack, Cain & Abel, and RainbowCrack
Password Cracking Tools & How to Defend against Password Cracking
LM Hash Backward Compatibility & How to Disable LM HASH
Implement and Enforce Strong Security Policy
CEH System Hacking Steps
Privilege Escalation & Privilege Escalation Tools: Active@ Password Changer
How to Defend Against Privilege Escalation
Executing Applications: RemoteExec, PDQ Deploy, & DameWare NT Utilities
Keylogger & Types of Keystroke Loggers
Methodology of Attacker in Using Remote Keylogger
Acoustic/CAM Keylogger
Keyloggers: Spytech SpyAgent, All In One Keylogger, Keyloggers for Windows, and Hardware Keyloggers
Keylogger for Mac: Amac Keylogger for Mac
Spyware, What Does the Spyware Do, and Types of Spywares
Desktop Spyware: Activity Monitor
Email and Internet Spyware: Power Spy
Child Monitoring Spyware: Net Nanny Home Suite
Screen Capturing Spyware: SoftActivity TS Monitor
USB Spyware: USBSpy
Audio Spyware: Spy Voice Recorder and Sound Snooper
Video Spyware: WebCam Recorder
Print Spyware: Printer Activity Monitor
Cellphone Spyware: Mobile Spy
GPS Spyware: SPYPhone
How to Defend Against Keyloggers - Anti-Keylogger: Zemana AntiLogger
How to Defend Against Spyware - Anti-Spyware: PC Tools Spyware Doctor
Hiding Files: Rootkits, Types of Rootkits & How Rootkit Works
Rootkits: Fu, KBeast, & Hacker Defender HxDef Rootkit
Detecting Rootkits & How to Defend against Rootkits - Anti-Rootkits: Stinger & UnHackMe
NTFS Data Stream, How to Create NTFS Streams, NTFS Stream Manipulation, & How to Defend against NTFS Streams - NTFS Stream Detector: StreamArmor
What Is Steganography / Application & Classification of Steganography
Technical & Linguistic Steganography / Steganography Techniques, How Steganography Works, & Types of Steganography
Whitespace Steganography Tool: SNOW
Image Steganography, Least Significant Bit Insertion, & Masking and Filtering
Algorithms and Transformation
Image Steganography: QuickStego
Document Steganography: wbStego
Video Steganography: OmniHide PRO
Audio Steganography Methods & Tools - Audio Steganography: DeepSound
Folder Steganography: Invisible Secrets 4
Spam/Email Steganography: Spam Mimic
Natural Text Steganography: Sams Big G Play Maker
Issues in Information Hiding
Steganalysis & Steganalysis Methods/Attacks on Steganography
Detecting Text and Image Steganography & Detecting Audio and Video Steganography
Steganography Detection Tool: Gargoyle Investigator™ Forensic Pro
Covering Tracks: Why Cover Tracks? / Ways to Clear Online Tracks
Disabling Auditing: Auditpol
Covering Tracks Tools: CCleaner & MRU-Blaster
Penetration Testing & Password Cracking
Privilege Escalation, Executing Applications & Hiding Files

Trojans and Backdoors

Trojan Concepts / What is a Trojan?
Communication Paths: Overt and Covert Channels
Purpose of Trojans & What Do Trojan Creators Look For
Indications of a Trojan Attack & Common Ports used by Trojans
Trojan Infection / How to Infect Systems Using a Trojan
Wrappers & Wrapper Covert Programs
Different Ways a Trojan can Get into a System
How to Deploy a Trojan
Evading Anti-Virus Techniques
Types of Trojans: Command Shell Trojans, GUI Trojans, Document Trojans, E-mail Trojans, Defacement Trojans, Botnet Trojans, Proxy Server Trojans, FTP Trojans, VNC Trojans, HTTP/HTTPS Trojans, Remote Access Trojan, Covert Channel Trojans, E-banking Trojans, Destructive Trojans, Notification Trojans, Mac OS X Trojans, and Data Hiding Trojans
ICMP Tunneling
Banking Trojan Analysis
Trojan Analysis: Flame
Flame C & C Server Analysis
Trojan Analysis: SpyEye, ZeroAccess, Duqu, Duqu Framework, & Event Driven Framework
How to Detect Trojans, and Scanning for Suspicious Ports, Processes, Device Drivers, Registry Entries, & Windows Services
Port Monitoring Tools: TCPView and CurrPorts
Process Monitoring Tools: What's Running
Registry Entry Monitoring Tools: PC Tools Registry Mechanic
Device Drivers Monitoring Tools: DriverView
Windows Services Monitoring Tools: Windows Service Manager (SrvMan)
Scanning for Suspicious Startup Programs
Windows8 Startup Registry Entries
Startup Programs Monitoring Tools: Starter & Security AutoRun
Scanning for Suspicious Files and Folders
Files and Folder Integrity Checker: FastSum and WinMD5
Scanning for Suspicious Network Activities
Detecting Trojans and Worms with Capsa Network Analyzer
Trojan & Backdoor Countermeasures
Trojan Horse Construction Kit
Anti-Trojan Software: TrojanHunter & Emsisoft Anti-Malware
Pen Testing for Trojans and Backdoors

Viruses and Worms

Virus and Worms Concepts
Introduction to Viruses
Virus and Worm Statistics & Stages of Virus Life
Working of Viruses: Infection Phase & Attack Phase
Why Do People Create Computer Viruses
Indications of Virus Attack & How does a Computer Get Infected by Viruses
Common Techniques Used to Distribute Malware on the Web
Virus Hoaxes and Fake Antiviruses / Virus Analysis: DNSChanger
Types of Viruses: System or Boot Sector, File and Multipartite, Macro, Cluster, Stealth/Tunneling, Encryption, Polymorphic Code, Metamorphic, File Overwriting or Cavity, Sparse Infector, Companion/Camouflage, Shell, File Extension, Add-on and Intrusive, & Transient and Terminate and Stay Resident Viruses
Writing a Simple Virus Program
Terabit Virus Maker
JPS Virus Maker and DELmE's Batch Virus Maker
Computer Worms
How Is a Worm Different from a Virus?
Worm Analysis: Stuxnet / Worm Maker: Internet Worm Maker Thing
Malware Analysis
What is Sheep Dip Computer?
Anti-Virus Sensors Systems
Malware Analysis Procedure: Preparing Testbed
Virus Analysis Tool: IDA Pro
Online Malware Testing: VirusTotal
Online Malware Analysis Services
Virus Detection Methods
Virus and Worms Countermeasures
Companion Antivirus: Immunet
Anti-virus Tools
Penetration Testing for Virus

Sniffers

Sniffing Concepts: Wiretapping, Lawful Interception, Packet Sniffing, Sniffing Threats, How a Sniffer Works
Types of Sniffing Attacks
Types of Sniffing: Passive Sniffing & Active Sniffing
Protocols Vulnerable to Sniffing
Tie to Data Link Layer in OSI Model
IPv6 Addresses & IPv4 and IPv6 Header Comparison
Hardware Protocol Analyzers & SPAN Port
MAC Attacks: MAC Flooding, MAC Address/CAM Table
How CAM Works
What Happens When CAM Table Is Full?
Mac Flooding Switches with macof / MAC Flooding Tool: Yersinia
How to Defend against MAC Attacks
DHCP Attacks: How DHCP Works
DHCP Request/Reply Messages
IPv4 DHCP Packet Format
DHCP Starvation Attack & DHCP Starvation Attack Tools
Rogue DHCP Server Attack
How to Defend Against DHCP Starvation and Rogue Server Attack
What Is Address Resolution Protocol (ARP)? / ARP Poisoning & ARP Spoofing Techniques/Attacks
ARP Poisoning Tools: Cain & Abel, WinArpAttacker, & Ufasoft Snif
Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches
ARP Spoofing Detection: XArp
Spoofing Attack Threats
MAC Spoofing/Duplicating / MAC Spoofing Technique: Windows / MAC Spoofing Tool: SMAC
IRDP Spoofing & How to Defend Against MAC Spoofing
DNS Poisoning & DNS Poisoning Techniques
Internet DNS Spoofing & Proxy Server DNS Poisoning
DNS Cache Poisoning & How to Defend Against DNS Spoofing
Sniffing Tools: Wireshark
Follow TCP Stream in Wireshark / Display Filters in Wireshark / Additional Wireshark Filters
Sniffing Tools: Cascade Pilot & Tcpdump/Windump
Packet Sniffing Tool: Capsa Network Analyzer
Network Packet Analyzers: OmniPeek Network Analyzer, Observer, Sniff-O-Matic, & JitBit Network Sniffer
Chat Message Sniffer: MSN Sniffer 2
TCP/IP Packet Crafter: Colasoft Packet Builder
How an Attacker Hacks the Network Using Sniffers
How to Defend Against Sniffing & How to Detect Sniffing
Sniffer Detection Techniques: Ping Method, ARP Method, & DNS Method
Promiscuous Detection Tool: PromqryUI
Sniffing Pen Testing

Social Engineering

Social Engineering Concepts / What is Social Engineering?
Behaviors Vulnerable to Attacks
Factors that Make Companies Vulnerable to Attacks
Why Is Social Engineering Effective?
Warning Signs of an Attack / Phases in a Social Engineering Attack
Impact on the Organization
“Rebecca” and “Jessica”
Common Targets of Social Engineering: Office Workers
Social Engineering Techniques & Types of Social Engineering
Human-based Social Engineering
Technical & Authority Support Example
Human-based Social Engineering: Eavesdropping and Shoulder Surfing & Dumpster Diving
Computer-based Social Engineering: Pop-Ups, Phishing, Spear Phishing
Mobile-based Social Engineering: Publishing Malicious Apps, Repackaging Legitimate Apps, Fake Security Applications, Using SMS
Insider Attack / Disgruntled Employee
Preventing Insider Threats
Common Social Engineering Targets and Defense Strategies
Social Engineering Through Impersonation on Social Networking Sites
Risks of Social Networking to Corporate Networks
Identity Theft Statistics 2011
How to Steal an Identity
Social Engineering Countermeasures & How to Detect Phishing Emails
Anti-Phishing Toolbars: Netcraft & PhishTank
Social Engineering Pen Testing: Using Emails, Using Phone, In Person, & Social Engineering Toolkit (SET)

Denial of Service

DoS/DDoS Concepts
What is a Denial of Service Attack? What Are Distributed Denial of Service Attacks?
How Distributed Denial of Service Attacks Work / Symptoms of a DoS Attack
Cyber Criminals / Organized Cyber Crime: Organizational Chart
DoS Attack Techniques: Bandwidth Attacks, Service Request Floods, SYN Attack, SYN Flooding, ICMP Flood Attack, Peer-to-Peer Attacks, Permanent Denial-of-Service Attack, & Application Level Flood Attacks
Botnet: Botnet Propagation Technique, Ecosystem, Trojans, & Poison Ivy (Botnet Command Control Center)
DDoS Case Study / DDoS Attack Tools: LOIC
Hackers Advertise Links to Download Botnet
Counter-measures, Detection Techniques, Activity Profiling, & Wavelet Analysis
Sequential Change-Point Detection
DoS/DDoS Countermeasure Strategies & DDoS Attack Countermeasures
DoS/DDoS Countermeasures: Protect Secondary Victims, Detect and Neutralize Handlers, Detect Potential Attacks, Deflect Attacks, Mitigate Attacks
Post-Attack Forensics
Techniques to Defend against Botnets
DoS/DDoS Protection at ISP Level
Enabling TCP Intercept on Cisco IOS Software
Advanced DDoS Protection Appliances & DoS/DDoS Protection Tools: D-Guard Anti-DDoS Firewall
Denial-of-Service (DoS) Attack Penetration Testing

Session Hijacking

Session Hijacking Concepts / What is Session Hijacking?
Dangers Posed by Hijacking
Why Session Hijacking is Successful?
Key Session Hijacking Techniques
Brute Forcing Attack
Spoofing vs. Hijacking
Session Hijacking Process / Packet Analysis of a Local Session Hijack
Types of Session Hijacking
Session Hijacking in OSI Model
Application Level Session Hijacking
Session Sniffing
Predictable Session Token / How to Predict a Session Token
Man-in-the-Middle Attack / Man-in-the-Browser Attack / Steps to Perform Man-in-the-Browser Attack
Client-side Attacks & Cross-site Script Attack
Session Fixation & Session Fixation Attack
Network-level Session Hijacking: The 3-Way Handshake, Sequence Numbers, TCP/IP Hijacking, IP Spoofing: Source Routed Packets, RST Hijacking, Blind Hijacking, Man-in-the-Middle Attack Using Packet Sniffer, & UDP Hijacking
Session Hijacking Tools: Zaproxy, Burp Suite, JHijack
Protecting against Session Hijacking: Methods To be Followed by Web Developers & Web Users
IPSec / Modes of IPsec / IPsec Architecture / IPsec Authentication and Confidentiality / Components of IPsec / IPsec Implementation
Session Hijacking Pen Testing

Hijacking Webservers

Webserver Concepts & Webserver Market Shares
Open Source Webserver Architecture & IIS Webserver Architecture
Website Defacement / Why Web Servers are compromised?
Impact of Webserver Attacks
Webserver Attacks & Webserver Misconfiguration/Example
Directory Traversal Attacks & HTTP Response Splitting Attack
Web Cache Poisoning Attack
HTTP Response Hijacking
SSH Bruteforce Attack & Man-in-the-Middle Attack
Webserver Password Cracking & Techniques
Web Application Attacks
Webserver Attack Methodology: Information Gathering & Webserver Footprinting
Webserver Footprinting Tools
Webserver Attack Methodology: Mirroring a Website, Vulnerability Scanning, Session Hijacking, Hacking Web Passwords
Webserver Attack Tools: Metasploit & Wfetch
Metasploit Architecture, Exploit Module, Payload Module, Auxiliary Module, & NOPS Module
Web Password Cracking Tools: Brutus, THC-Hydra, & Internet Password Recovery Toolbox
Countermeasures: Patches and Updates, Protocols, Accounts, & Files and Directories
How to Defend Against Web Server Attacks & How to Defend against HTTP Response Splitting and Web Cache Poisoning
Patch Management / What Is Patch Management?
Patches and Hotfixes
Identifying Appropriate Sources for Updates and Patches
Installation of a Patch
Implementation and Verification of a Security Patch or Upgrade
Patch Management Tools: Microsoft Baseline Security Analyzer (MBSA)
Web Application Security Scanners: Syhunt Dynamic, N-Stalker Web Application Security Scanner, Wikto, Acunetix Web Vulnerability Scanner
Web Server Malware Infection Monitoring Tools: HackAlert, & QualysGuard Malware Detection
Web Server Pen Testing Tools: CORE Impact® Pro & Immunity CANVAS
Web Server Pen Testing

Hacking Web Applications

Web App Concepts / Introduction to Web Applications
Web Application Security Statistics & Web Application Components
How Web Applications Work?
Web Application Architecture / Web 2.0 Applications
Vulnerability Stack
Web Attack Vectors
Web App Threats
Invalidated Input & Parameter/Form Tampering
Directory Traversal & Security Misconfiguration
Injection Flaws & SQL Injection Attacks
Command Injection Attacks & Example
File Injection Attack
What is LDAP Injection? How LDAP Injection Works?
Hidden Field Manipulation Attack
Cross-Site Scripting (XSS) Attacks & How XSS Attacks Work
Cross-Site Scripting Attack Scenario: Attack via Email
XSS Examples: Attack via Email, Stealing Users' Cookies, Sending an Unauthorized Request, XSS Attack in Blog Posting, XSS Attack in Comment Field, & XSS Cheat Sheet
Cross-Site Request Forgery (CSRF) Attack / How CSRF Attacks Work?
Web Application Denial-of-Service (DoS) Attack / Denial of Service (DoS) Examples
Buffer Overflow Attacks
Cookie/Session Poisoning & How Cookie Poisoning Works?
Session Fixation Attack
Insufficient Transport Layer Protection
Improper Error Handling & Insecure Cryptographic Storage
Broken Authentication and Session Management
Invalidated Redirects and Forwards
Web Services Architecture, Attack, Footprinting Attack, & XML Poisoning
Web App Hacking Methodology
Footprint Web Infrastructures: Server Discovery, Server Identification/Banner Grabbing, & Hidden Content Discovery
Web Spidering Using Burp Suite & Web Spidering Using Mozenda Web Agent Builder
Attack Web Servers / Hacking Web Servers
Web Server Hacking Tool: WebInspect
Analyze Web Applications: Identify Entry Points for User Input, Identify Server-Side Technologies, Identify Server-Side Functionality, & Map the Attack Surface
Attack Authentication Mechanism
Username Enumeration
Password Attacks: Password Functionality Exploits, Password Guessing, Brute-forcing, & Session ID Prediction/ Brute-forcing
Cookie Exploitation: Cookie Poisoning
Authorization Attack Schemes / HTTP Request Tampering / Authorization Attack: Cookie Parameter Tampering
Attack Session Management Mechanism: Session Management Attack, Attacking Session Token Generation Mechanism, & Attacking Session Tokens Handling Mechanism: Session Token Sniffing
Perform Injection Attacks
Attack Data Connectivity: Connection String Injection, Connection String Parameter Pollution (CSPP) Attacks & Connection Pool DoS
Attack Web App Client / Attack Web Services
Web Service Attacks: SOAP Injection, XML Injection, & Web Services Parsing Attacks
Web Service Attack Tools: soapUI, & XMLSpy
Web Application Hacking Tools: Burp Suite Professional, CookieDigger, & WebScarab
Encoding Schemes
How to Defend Against SQL Injection Attacks, Command Injection Flaws, XSS Attacks, DoS Attack, and Web Services Attack
Web Application Security Tools: Acunetix Web Vulnerability Scanner, Watcher Web Security Tool, Netsparker, N-Stalker Web Application Security Scanner, & VampireScan
Web Application Firewalls: dotDefender & ServerDefender VP
Web Application Pen Testing: Information Gathering, Configuration Management Testing, Authentication Testing, Session Management Testing, Authorization Testing, Data Validation Testing, Denial of Service Testing, Web Services Testing & AJAX Testing

SQL Injection

SQL Injection Concepts / Scenario
SQL Injection is the Most Prevalent Vulnerability in 2012 / SQL Injection Threats
What is SQL Injection?
SQL Injection Attacks
How Web Applications Work?
Server Side Technologies
HTTP Post Request
Examples: Normal SQL Query, SQL Injection Query, Code Analysis, BadProductList.aspx, Attack Analysis, Updating Table, Adding New Records, Identifying the Table Name, Deleting a Table
Testing for SQL Injection: SQL Injection Detection, SQL Injection Error Messages, SQL Injection Attack Characters, Additional Methods to Detect SQL Injection, & SQL Injection Black Box Pen Testing
Types of SQL Injection: Simple SQL Injection Attack, Union SQL Injection Example, & SQL Injection Error Based
Blind SQL Injection: WAITFOR DELAY YES or NO Response, Exploitation (MySQL), Extract Database User, Extract Database Name, Extract Column Name, Extract Data from ROWS
SQL Injection Methodology
Advanced SQL Injection: Information Gathering; Understanding SQL Query; Bypass Website Logins; Database, Table, and Column Enumeration; Advanced Enumeration; Features of Different DBMSs; Creating Database Accounts; Password Grabbing
Grabbing SQL Server Hashes, Extracting SQL Hashes (In a Single Statement), Transfer Database to Attacker’s Machine, Interacting with the Operating System, Interacting with the FileSystem, Network Reconnaissance Using SQL Injection, Network Reconnaissance Full Query
SQL Injection Tools: BSQLHacker, Marathon Tool, SQL Power Injector, Havij
Evading IDS / Types of Signature Evasion Techniques
Evasion Techniques: Sophisticated Matches, Hex Encoding, Manipulating White Spaces, In-line Comment, Char Encoding, String Concatenation, Obfuscated Codes
How to Defend Against SQL Injection Attacks: Use Type-Safe SQL Parameters
SQL Injection Detection Tools: Microsoft Source Code Analyzer, Microsoft UrlScan Filter, dotDefender, IBM Security AppScan, WebCruiser
Snort Rule to Detect SQL Injection Attacks

Hacking Wireless Networks

Wireless Concepts / Wireless Networks
2010 vs. 2011 Wi-Fi Device Type Comparison / Wi-Fi Networks at Home and Public Places - Types of Wireless Networks
Wireless Standards / Service Set Identifier (SSID)
Wi-Fi Authentication Modes & Wi-Fi Authentication Process Using a Centralized Authentication Server
Wireless Terminologies, Wi-Fi Chalking, & Wi-Fi Chalking Symbols
Types of Wireless Antenna / Parabolic Grid Antenna
Wireless Encryption / Types of Wireless Encryption
WEP Encryption / How WEP Works?
What is WPA? How WPA Works?
Temporal Keys
What is WPA2? How WPA2 Works?
WEP vs. WPA vs. WPA2
WEP Issues / Weak Initialization Vectors (IV) / How to Break WEP Encryption?
How to Break WPA/WPA2 Encryption? How to Defend Against WPA Cracking?
Wireless Threats: Access Control Attacks, Integrity Attacks, Confidentiality Attacks, Availability Attacks, Authentication Attacks
Rogue Access Point Attack / Client Mis-association / Misconfigured Access Point Attack
Unauthorized Association / Ad Hoc Connection Attack / HoneySpot Access Point Attack
AP MAC Spoofing / Denial-of-Service Attack / Jamming Signal Attack / Wi-Fi Jamming Devices
Wireless Hacking Methodology: Wi-Fi Discovery
Footprint the Wireless Network, Attackers Scanning for Wi-Fi Networks, Find Wi-Fi Networks to Attack
Wi-Fi Discovery Tools: inSSIDer, NetSurveyor, NetStumbler, Vistumbler, WirelessMon, & Mobile-based Wi-Fi Discovery Tool
GPS Mapping & GPS Mapping Tools: WIGLE & Skyhook
Wi-Fi Hotspot Finders: jiWire & WeFi
How to Discover Wi-Fi Network Using Wardriving?
Wireless Traffic Analysis / Wireless Cards and Chipsets / Wi-Fi USB Dongle: AirPcap
Wi-Fi Packet Sniffers: Wireshark with AirPcap, Cascade Pilot, OmniPeek, CommView for Wi-Fi
What is Spectrum Analysis?
Wi-Fi Packet Sniffers
Launch Wireless Attacks / Aircrack-ng Suite / How to Reveal Hidden SSIDs / Fragmentation Attack
How to Launch MAC Spoofing Attack?
Denial of Service: Deauthentication and Disassociation Attacks
Man-in-the-Middle Attack / MITM Attack Using Aircrack-ng
Wireless ARP Poisoning Attack / Rogue Access Point / Evil Twin / How to Set Up a Fake Hotspot (Evil Twin)?
Crack Wi-Fi Encryption: How to Crack WEP Using Aircrack? How to Crack WEP Using Aircrack? Screenshot / How to Crack WPA-PSK Using Aircrack?
WPA Cracking Tool: KisMAC / WEP Cracking Using Cain & Abel / WPA Brute Forcing Using Cain & Abel / WPA Cracking Tool: Elcomsoft Wireless Security Auditor
WEP/WPA Cracking Tools / Wireless Hacking Tools
Wi-Fi Sniffer: Kismet / Wardriving Tools / RF Monitoring Tools
Wi-Fi Traffic Analyzer Tools / Wi-Fi Raw Packet Capturing and Spectrum Analyzing Tools
Bluetooth Hacking / Bluetooth Stack / Bluetooth Threats
How to BlueJack a Victim?
Bluetooth Hacking Tools: Super Bluetooth Hack, PhoneSnoop, & BlueScanner
How to Defend Against Bluetooth Hacking? How to Detect and Block Rogue AP?
Wireless Security Layers / How to Defend Against Wireless Attacks?
Wireless Intrusion Prevention Systems / Wireless IPS Deployment
Wi-Fi Security Auditing Tools: AirMagnet WiFi Analyzer, AirDefense, Adaptive Wireless IPS, & Aruba RFProtect WIPS
Wi-Fi Intrusion Prevention System / Wi-Fi Predictive Planning Tools / Wi-Fi Vulnerability Scanning Tools
Wireless Penetration Testing / Wireless Penetration Testing Framework
Pen Testing LEAP Encrypted WLAN / Pen Testing WPA/WPA2 Encrypted WLAN / Pen Testing WEP Encrypted WLAN / Pen Testing Unencrypted WLAN

Hacking Mobile Platforms

Mobile Platform Attack Vectors
Mobile Threat Report Q2 2012
Mobile Platform Vulnerabilities and Risks / Security Issues Arising from App Stores
Threats of Mobile Malware / App Sandboxing Issues
Hacking Android OS / Android OS Architecture / Android Device Administration API
Android Vulnerabilities / Android Rooting / Rooting Android Phones using SuperOneClick / Rooting Android Phones Using Superboot / Android Rooting Tools
Session Hijacking Using DroidSheep
Android-based Sniffer: FaceNiff
Android Trojan: ZitMo (ZeuS-in-the-Mobile), GingerBreak, AcnetSteal and Cawitt, Frogonal and Gamex, KabStamper and Mania, PremiumSMS and SmsSpy, DroidLive SMS and UpdtKiller, FakeToken
Securing Android Devices
Google Apps Device Policy
Remote Wipe Service: Remote Wipe
Android Security Tool: DroidSheep Guard / Android Vulnerability Scanner: X-Ray / Android Penetration Testing Tool: Android Network Toolkit - Anti / Android Device Tracking Tools
Hacking iOS: Security News, Apple iOS, Jailbreaking iOS
Types of Jailbreaking & Jailbreaking Techniques
App Platform for Jailbroken Devices: Cydia
Jailbreaking Tools: Redsn0w and Absinthe
Tethered Jailbreaking of iOS 6 Using RedSn0w
Jailbreaking Tools: Sn0wbreeze and PwnageTool, LimeRa1n and Jailbreakme.com, & Blackra1n and Spirit
Guidelines for Securing iOS Devices
iOS Device Tracking Tools
Hacking Windows Phone OS, Hacking BlackBerry
Mobile Device Management (MDM) / MDM Logical Architecture / MDM Solutions: MaaS360 Mobile Device Management (MDM)
Mobile Security Guidelines and Tools / Mobile Device Security Guidelines for Administrator
Mobile Protection Tools: BullGuard Mobile Security, Lookout, WISeID
Mobile Pen Testing: Android Phone Pen Testing, iPhone Pen Testing, Windows Phone Pen Testing, BlackBerry Pen Testing

Evading IDS, Firewalls, and Honeypots

IDS, Firewall and Honeypot Concepts
Intrusion Detection Systems (IDS) and their Placement / How IDS Works?
Ways to Detect an Intrusion / Types of Intrusion Detection Systems
System Integrity Verifiers (SIV)
General Indications of Intrusions & System Intrusions
Firewall / Firewall Architecture
DeMilitarized Zone (DMZ)
Types of Firewall - Packet Filtering Firewall, Circuit-Level Gateway Firewall, Application-Level Firewall, Stateful Multilayer Inspection Firewall
Firewall Identifications: Port Scanning, Firewalking, & Banner Grabbing
Honeypot / Types of Honeypots / How to Set Up a Honeypot?
IDS, Firewall and Honeypot System
Intrusion Detection Tool: Snort / How Snort Works
Snort Rules : Rule Actions and IP Protocols, The Direction Operator and IP Addresses, Port Numbers
Intrusion Detection Systems: Tipping Point
Intrusion Detection Tools
Firewall: ZoneAlarm PRO Firewall
Honeypot Tools: KFSensor & SPECTER
Evading IDS
Insertion Attack / Evasion / Denial-of-Service Attack (DoS)
Obfuscating / False Positive Generation / Session Splicing
Unicode Evasion Technique
Fragmentation Attack & Overlapping Fragments
Time-To-Live Attacks / Invalid RST Packets / Urgency Flag
Polymorphic Shellcode & ASCII Shellcode
Application-Layer Attacks
Desynchronization - Pre & Post Connection SYN
Evading Firewalls / IP Address Spoofing / Source Routing / Tiny Fragments
Bypass Blocked Sites Using IP Address in Place of URL & Using Anonymous Website Surfing Sites
Bypass a Firewall using Proxy Server
Bypassing Firewall through ICMP Tunneling Method, ACK Tunneling Method, HTTP Tunneling Method, External Systems, & MITM Attack
Detecting Honeypots / Honeypot Detecting Tool: Send-Safe Honeypot Hunter
Firewall Evasion Tools: Traffic IQ Professional & tcp-over-dns
Packet Fragment Generators
Countermeasures
Firewall/IDS Penetration Testing

Buffer Overflow

Buffer Overflow Concepts
Why Are Programs and Applications Vulnerable to Buffer Overflows?
Understanding Stacks / Stack-Based Buffer Overflow
Understanding Heap / Heap-Based Buffer Overflow
Stack Operations / Shellcode / No Operations (NOPs)
Buffer Overflow Methodology
Knowledge Required to Program Buffer Overflow Exploits
Buffer Overflow Steps
Attacking a Real Program / Format String Problem / Overflow using Format String / Smashing the Stack & Once the Stack is smashed...
Buffer Overflow Examples
Simple Uncontrolled Overflow / Simple Buffer Overflow in C: Code Analysis
Exploiting Semantic Comments in C (Annotations)
How to Mutate a Buffer Overflow Exploit?
Identifying Buffer Overflows / How to Detect Buffer Overflows in a Program?
Testing for Heap Overflow Conditions: heap.exe / Steps for Testing for Stack Overflow in OllyDbg Debugger / Testing for Format String Conditions using IDA Pro
BoF Detection Tools: Immunity CANVAS
Buffer Overflow Counter-measures / Defense Against Buffer Overflows / Preventing BoF Attacks
Programming Countermeasures / Data Execution Prevention (DEP)
Enhanced Mitigation Experience Toolkit (EMET) / EMET System Configuration Settings / EMET Application Configuration Settings
Buffer Overflow Security Tools: /GS http://microsoft.com & BufferShield
Buffer Overflow Penetration Testing

Cryptography

Cryptography Concepts & Types of Cryptography
Government Access to Keys (GAK)
Encryption Algorithms
Ciphers; Advanced Encryption Standard (AES); Data Encryption Standard (DES); and RC4, RC5, RC6 Algorithms
The DSA and Related Signature Schemes
RSA (Rivest Shamir Adleman) / Example of RSA Algorithm / The RSA Signature Scheme
Message Digest (One-way Hash) Functions: MD5
Secure Hashing Algorithm (SHA) & What is SSH (Secure Shell)?
MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
Cryptography Tools: Advanced Encryption Package & BCTextEncoder
Public Key Infrastructure(PKI) & Certification Authorities
Email Encryption / Digital Signature / SSL (Secure Sockets Layer) / Transport Layer Security (TLS)
Disk Encryption & Disk Encryption Tools: TrueCrypt & GiliSoft Full Disk Encryption
Cryptography Attacks / Code Breaking Methodologies / Brute-Force Attack / Meet-in-the-Middle Attack on Digital Signature Schemes
Cryptanalysis Tools: CrypTool& Online MD5 Decryption Tool

Penetration Testing

Pen Testing Concepts
Security Assessments, Security Audit, Vulnerability Assessment, & Limitations of Vulnerability Assessment
Introduction to Penetration Testing / Why Penetration Testing? What should be tested? What Makes a Good Penetration Test?
ROI on Penetration Testing / Testing Points / Testing Locations
Types of Pen Testing
External Penetration Testing, Internal Security Assessment, Black-box Penetration Testing, Grey-box Penetration Testing, White-box Penetration Testing
Announced / Unannounced Testing, Automated Testing & Manual Testing
Pen Testing Techniques / Using DNS Domain Name and IP Address Information
Enumerating Information about Hosts on Publicly-Available Networks
Phases of Penetration Testing
Pre-Attack Phases: Define Rules of Engagement (ROE), Understand Customer Requirements, Create a Checklist of the Testing Requirements, Define the Pen-Testing Scope, Pre-Attack Phase: Sign Penetration Testing Contract, Pre-Attack Phase: Sign Confidentiality and Non-Disclosure (NDA) Agreements, Pre-Attack Phase: Information Gathering
Attack Phase
Activity: Perimeter Testing
Enumerating Devices
Activities: Acquiring Target, Escalating Privileges, & Execute, Implant, and Retract
Post-Attack Phase and Activities
Penetration Testing Deliverable Templates
Pen Testing Roadmap & Penetration Testing Methodology
Application Security Assessment
Web Application Testing - I, II, & III
Network Security Assessment & Wireless/Remote Access Assessment
Wireless Testing / Telephony Security Assessment / Social Engineering / Testing Network-Filtering Devices / Denial of Service Emulation
Outsourcing Penetration Testing Services
Terms of Engagement, Project Scope, Pentest Service Level Agreements, & Penetration Testing Consultants

On-site delviery of Exam 312-50 CEH or 312-99 CNDA

Number of Questions: 125
Passing Score: 70%
Test Duration: 4 Hours
Test Format: Multiple Choice

Training Camp offers the highest quality technical education and certification training in an all-inclusive course package specifically designed for the needs and ease of our students. We attend to every detail so our students can focus solely on learning and certification objectives.

	Intensive Hands-on Training by Certified Trainers Utilizing Our (Lecture \| Lab \| Review)™ Delivery		Examination Vouchers & On-site Certification Testing
	Optional Package of Hotel Accommodations, Lunch, Unlimited Beverages, Snacks, and Freshly-brewed Coffee Available		Blended-learning Instruction Comprised of Comprehensive Study Materials, Lab Manuals, and Practice Exams
	Extended Lab and Instructor Access		Certification Examination Passing Policy Guarantee More Details
			Should a student complete a EC-Council - C\|EHv8 Training Camp Program without having successfully passed all vendor examinations, the student may re-attend that program for a period of one year. Students will only be responsible for accommodation and vendor exam fees.