
	GET MORE INFORMATION! click here >>


INSTRUCTOR LED COURSES	E-LEARNING COURSES	ADDITIONAL SERVICES

ILT Courses >> Course Outlines >> Certified Ethical Hacker (CEH) (4026)

Certified Ethical Hacker (CEH) (4026) is scheduled for the following dates and times:

Start Date	End Date	Start Time	End Time	Location
September 20, 2010	September 24, 2010	8:00 AM	4:00 PM	Virginia Beach
November 15, 2010	November 19, 2010	8:00 AM	4:00 PM	Virginia Beach

COURSE NAME: Certified Ethical Hacker (CEH) (4026)

Course length: 5 days

Overview:

This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.

Prerequesite Courses:

No Prerequisites listed for this course

Performance-based Objectives:

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Course content:

Unit 1: Ethics and Legality

Why Security?
The Security, functionality and ease of use Triangle
Can Hacking be Ethical?
Essential Terminology.
Elements of Security.
What does a Malicious Hacker do?
Difference between Penetration Testing and Ethical Hacking.
Hacker Classes.
What do Ethical Hackers do?
Skill Profile of an Ethical Hacker.
Modes of Ethical Hacking.
Security Testing.
Deliverables.
Computer Crimes and Implications.
Legal Perspective (US Federal Laws).

Unit 2: Footprinting

Defining Footprinting.
Information Gathering Methodology.
Locate the Network Range.
Hacking Tools:

Unit 3: Scanning

Definition of Scanning.
Types of scanning
Objectives of Scanning
Scanning Methodology
Classification of Scanning
Hacking Tools
War Dialer
Hacking Tools
OS Fingerprinting
Active Stack fingerprinting
Tool for Active Stack fingerprinting
Passive Fingerprinting
Proxy Servers
Hacking Tools
Countermeasures

Unit 4: Enumeration

What is Enumeration?
NetBios Null Sessions
Hacking Tools
Null Session Countermeasures
NetBIOS Enumeration
Hacking Tool :NBTScan
Simple Network Management
Protocol (SNMP) Enumeration
Hacking Tools
SNMP Enumeration Countermeasures
Management Information Base (MIB)
Windows 2000 DNS Zone Transfer
Blocking Win 2k DNS Zone Transfer
Enumerating User Accounts
Hacking Tools
Active Directory Enumeration and Countermeasures

Unit 5: System Hacking

Administrator Password Guessing
Manual Password Cracking Algorithm
Automated Password Cracking
Password Types
Types of Password Attacks
Hacking Tool
Performing Automated Password Guessi
Hacking Tool
Legion
Password Sniffing
Hacking Tools
NetBIOS DoS Attack
Hacking Tools
LAN Manager Hash
Password Cracking Countermeasures
Syskey Utility
Cracking NT/2000 Passwords
Hacking Tool
SMB Logon
Hacking Tool: SMBRelay
SMBRelay Man-in-the-Middle Scenario
Hacking Tool : SMBRelay2
SMBRelay Weaknesses and Countermeasures
Hacking Tools
Privilege Escalation
Hacking Tools
Keystroke Loggers
Hacking Tools
Hiding Files
Creating Alternate Data Streams
ADS creation and detection
Hacking Tools
NTFS Streams Countermeasures
Stealing Files Using Word Documents
Field Code Countermeasures
Steganography
Spyware Tool - Desktop Spy
Hacking Tools
Steganography Detection
Hacking Tool

diskprobe.exe
Covering Tracks
Disabling Auditing and clearing Event Logs
Hacking Tool

Unit 6: Trojans and Backdoors

Effect on Business
What is a Trojan?
Overt and Covert Channels
Working of Trojans
Different Types of Trojans
What Trojan Creators look for?
Different ways a Trojan can get into a system
Indications of a Trojan Attack
Some famous Trojans and ports used by them
How to determine which ports are “Listening”?
Different Trojans found in the Wild
BoSniffer
Wrappers
Packaging Tool : Wordpad
Hard Disk Killer (HDKP 4.0)
ICMP Tunneling
Hacking Tool: Loki
Loki Countermeasures
Reverse WWW Shell – Covert Channels using HTTP
Hacking Tools
Tripwire
Process Viewer
Inzider-Tracks Processes and Ports
System File Verification
Trojan horse Construction Kit
Anti-Trojan
Evading Anti-Trojan/Anti-Virus using Stealth Tools v 2.0
Reverse Engineering Trojans
Backdoor Countermeasures

Unit 7: Sniffers

Definition of sniffing
How a Sniffer works?
Passive Sniffing
Active Sniffing
Hacking Tool: EtherFlood
Man-in-the-Midle Attacks
Spoofing and Sniffing Attacks
ARP Poisoning and countermeasures
Hacking Tools
Sniffing Countermeasures

Unit 8: Denial of Service

What is Denial of Service?
Goal of DoS(Denial of Service)
Impact and Modes of Attack
DoS Attack Classification
Hacking Tools
Distributed DOS Attacks and Characteristics
Agent Handler Model
IRC-Based DDoS Attack Model
DDoS Attack taxonomy
DDoS Tools
Reflected DOS Attacks
Reflection of the Exploit
Countermeasures for Reflected DoS
Tools for Detecting DDOS Attacks
DDoS Countermeasures
Defensive Tool: Zombie Zapper
Worms : Slammer and MyDoom.B

Unit 9: Social Engineering

What is Social Engineering?
Art of Manipulation
Human Weakness
Common Types of Social Engineering
Human Based Impersonation
Example of social engineering
Computer Based Social Engineering
Reverse Social Engineering
Policies and procedures
Security Policies-checklist

Unit10: Session Hijacking

Understanding Session Hijacking
Spoofing vs Hijacking
Steps in Session Hijacking
Types of Session Hijacking
TCP Concepts 3 Way Handshake
Sequence numbers
Hacking Tools
Dangers Posed by Session Hijacking
Protection against Session Hijacking
Countermeasures: IP Security

Unit 11: Hacking Web Servers

How Web Servers Work?
How are Web Servers Compromised?
Popular Web Servers and Common Security Threats
Apache Vulnerability
Attack against IIS
IIS Components
Sample Buffer Overflow Vulnerabilities
Hacking Tool: IISHack.exe
ISAPI.DLL Exploit
Code Red and ISAPI.DLL Exploit
Unicode

Unicode Directory Traversal Vulnerability

Hacking Tools
Msw 3prt IPP Vulnerability
Hacking Tool: Jill.c

IPP Buffer Overflow Countermeasures
Unspecified Executed Path Vulnerability
File System Traversal Countermeasures

WebDAV/ ntdll.dll Vulnerability

Real World instance of WebDAV Exploit

Hacking Tool: “KaHT”
RPCDCOM Vulnerability
ASN Exploits
IIS Logs
Network Tool: Log Analyzer
Hacking Tool: Clean IISLog
Escalating Privileges on IIS
Hacking Tools
Hot Fixes and Patches
Solution: UpdateEXPERT
cacls.exe Utility
Vulnerability Scanners
Network Tools
Countermeasures
Increasing Web Server Security

Unit 12: Web Application Vulnerabilities

Web Application Set-up
Web Application Hacking
Anatomy of an Attack
Web Application Threats
Cross Site Scripting/XSS Flaws
An Example of XSS
Countermeasures
SQL Injection
Command Injection Flaws
Countermeasures
Cookie/Session Poisoning
Countermeasures
Parameter/Form Tampering
Buffer Overflow
Countermeasures
Directory Traversal/Forceful Browsing
Countermeasures
Cryptographic Interception
Authentication Hijacking
Countermeasures
Log Tampering
Error Message Interception
Attack Obfuscation
Platform Exploits
Internet Explorer Exploits
DMZ Protocol Attacks
DMZ
Countermeasures

Security Management Exploits

Web Services Attacks
Zero Day Attacks
Network Access Attacks
TCP Fragmentation
Hacking Tools

Unit 13: Web Based Password Cracking Techniques

Authentication- Definition
Authentication Mechanisms
HTTP Authentication
Basic Authentication
Digest Authentication
Integrated Windows (NTLM) Authentication
Negotiate Authentication
Certificate-based Authentication
Forms-based Authentication
Microsoft Passport Authentication
What is a Password Cracker?
Modus Operandi of an Attacker using Password Cracker
How does a Password Cracker work?
Attacks- Classification
Password Guessing
Query String
Cookies
Dictionary Maker
Password Crackers Available
Hacking Tools:
“Mary had a Little Lamb” Formula
Countermeasures

Unit 14: SQL Injection

Attacking SQL Servers
SQL Server Resolution Service (SSRS)
Osql-L Probing
Port Scanning
Sniffing, Brute Forcing and finding Application Configuration Files
Tools for SQL Server Penetration Testing
OLE DB Errors
Input Validation Attack
Login Guessing & Insertion
Shutting Down SQL Server
Extended Stored Procedures
SQL Server Talks
Preventive Measures

Unit 15: Hacking Wireless Networks

Introduction to Wireless Networking
Business and Wireless Attacks
Wireless Basics
Components of Wireless Network
Types of Wireless Network
Setting up WLAN
Detecting a Wireless Network
How to access a WLAN
Advantages and Disadvantages of Wireless Network
Antennas
SSIDs
Access Point Positioning
Rogue Access Points
Tools to Generate Rogue Access Points
What is Wireless Equivalent Privacy (W
WEP Tool
Related Technology and Carrier Networks
MAC Sniffing and AP Spoofing
Tool to detect MAC Address Spoofing:
Terminology
Denial of Service Attacks
DoS Attack Tool: FATAjack
Man-in-the-Middle Attack (MITM)
Scanning Tools
Sniffing Tools:
Multi Use Tool: THC-RUT
Tool: WinPcap
Auditing Tool: bsd-airtools
WIDZ- Wireless Detection Intrusion System
Securing Wireless Networks
Out of the box Security
Radius: Used as Additional layer in security
Maximum Security: Add VPN to Wireless LAN

Unit 16 : Virus and Worms

Virus Characteristics
Symptoms of ‘virus-like’ attack
What is a Virus Hoax?
Terminologies
How is a worm different from virus?
Indications of a Virus Attack
Virus History
Virus damage
Effect of Virus on Business
Access Methods of a Virus
Mode of Virus Infection
Life Cycle of a virus
What Virus Infect?
How virus infect?
Virus/worm found in the wild:
Writing a simple virus program.
Writing DDOS Zombie Virus
Virus Construction Kits
Virus Creation Scripts
Virus Detection Methods
Virus Incident Response
What is Sheep Dip?
Prevention is better than Cure
Anti-Virus Software
Popular Anti-Virus packages
New Virus found in 2004
Virus Checkers
Blaster – Virus Analysis
Nimda – Virus Analysis
Sasser Worm – Virus Analysis
Klez – Virus Analysis
IDAPro
Virus Analyzers

Unit 17: Physical Security

Security statistics
Physical Security breach incidents
Understanding Physical Security

What is the need of Physical Security?
Who is Accountable for Physical Security?

Factors affecting Physical Security
Physical Security checklist
Lock Picking Techniques
Spying Technologies

Unit 18: Linux Hacking

Why Linux?
Linux basics
Chrooting
Why is Linux Hacked?
Linux Vulnerabilities in 2003

How to apply patches to vulnerable programs

Scanning Networks
Scanning Tool: Nessus
Cheops
Port Scan detection tools:
Password cracking in Linux.
Password cracking tools:
IPChains
IPTables
ipchains vs. ipfwadm
How to Organize Firewall Rules
Security Auditor’s Research Assistant (SARA)
Hacking Tool:
Linux Loadable Kernel Units
Linux Rootkits:
Rootkit countermeasures:
Linux Security Tools:
Advanced Intrusion Detection System
Linux Security testing tools

Linux Encryption Tools:

Linux tools: Log and traffic monitors:
Linux Security Auditing Tool (LSAT)
Linux Security countermeasures

Unit 19: Evading Firewalls, IDS and Honeypots

Intrusion Detection Systems
Ways to Detect Intrusion
Types of Intrusion Detection System
Intrusion Detection Tools
Steps to perform after an IDS detects an intrusion
Evading IDS systems
Tools to Evade IDS
Packet Generators
Introduction to Firewalls
Firewall Identification
Firewalking
Banner Grabbing
Breaching Firewalls
Placing Backdoors through Firewalls
Hiding Behind Covert Channel: Loki
ACK tunneling
Tools to Breach Firewall
Tools for testing IDS and Firewalls
Introduction to Honeypots
Honeypot Project
Types of Honeypots
Honeypot: Specter
Honeypot: Honeyd
Honeypot: KFSensor
Hacking Tool: Sebek
Tools to Detect Honeypot

Unit 20 : Buffer Overflows

Significance of Buffer Overflow Vulnerability
Why are Programs/Applications Vulnerable?
Buffer Overflows
Reasons for Buffer Overflow Attacks
Knowledge required writing Buffer Overflow Exploits
How a Buffer Overflow occurs?
Understanding Stacks
Stack Implementation
Stack based buffer overflow
Shellcode
Heap Based buffer overflow
How to detect Buffer Overflows in a Program?
Attacking a real program
NOPS
How to mutate a Buffer Overflow Exploit? featuring ADMutate
Countermeasures
Return Address Defender (RAD)
StackGuard
Immunix System
Vulnerability Search - ICAT

Unit 21 : Cryptography

Public-key Cryptography
Working of Encryption
Digital Signature
Digital Certificate
RSA (Rivest Shamir Adleman)
RSA Attacks
MD5
SHA (Secure Hash Algorithm)
SSL (Secure Socket Layer)
RC5
What is SSH?
Government Access to Keys (GAK)
RSA Challenge
distributed.net
PGP (Pretty Good Privacy)
Code Breaking Methodologies
Cryptography Attacks
Disk Encryption
PGPCrack
Magic Lantern
WEPCrack
Cracking S/MIME Encryption using idle CPU Time
CypherCalc
Command Line Scriptor
CryptoHeaven

Unit 22 : Penetration Testing

Need for a Methodology
Penetration Test vs. Vulnerability Test
Reliance on Checklists and Templates
Phases of Penetration Testing
Passive Reconnaissance
Best Practices
Results that can be expected
Indicative passive reconnaissance steps include (but are not limited to)
Introduction to Penetration Testing
Type of Penetration Testing Methodologies
Open Source Vs Proprietary Methodologies
Security Assessment Vs Security Auditing
Risk Analysis
Types of Penetration Testing
Types Ethical Hacking
Vulnerability Assessment Vs Penetration Testing
Do-it Yourself Testing
Firms Offering Penetration Testing Services
Penetration Testing Insurance
Explication of Terms of Engagement
Pen-Test Service Level Agreements
Offer of Compensation
Starting Point and Ending Points of Testing
Penetration Testing Locations
Black Box Testing
White Box Testing
Grey Box Testing
Manual Penetration Testing
Automated Penetration Testing
Selecting the Right Tools
Pen Test Using Appscan
HackerShield
Pen-Test Using Cerberus Internet Scanner
Pen-Test Using CyberCop Scanner
Pen-Test Using Foundscan
Pen-Test Using Nessus
Pen-Test Using NetRecon
Pen-Test Using Retina
Pen-Test Using SAINT
Pen-Test Using SecureNET
Pen-Test Using SecureScan
Pen-Test Using SATAN, SARA and Security Analyzer
Pen-Test Using STAT Analyzer
Pen-Test Using Twwscan
VigilEnt
WebInspect
Evaluating Different Types of Pen-Test Tools
Platform on Which Tools Will be Used
Asset Audit
Fault Tree and Attack Trees
GAP Analysis
Device Inventory
Perimeter Firewall Inventory
Web Server Inventory
Load Balancer Inventory
Local Area Network Inventory

Demilitarized Zone

Internal Switch Network Sniffer
Application Server Inventory
Database Server Inventory
Name Controller and Domain Name Server
Physical Security
ISP Routers
Legitimate Network Traffic Threat
Unauthorized Network Traffic Threat
Unauthorized Running Process Threat
Loss of Confidential Information
Business Impact of Threat
Pre-testing Dependencies
Post-testing Dependencies
Failure Management
Test Documentation Processes
Penetration Testing Tools
SANS Institute TOP 20 Security Vulnerabilities
Penetration Testing Deliverable Templates
Active Reconnaissance
Attack Phase
Activity: Perimeter Testing
Activity: Web Application Testing – I
Activity: Web Application Testing – II
Activity: Wireless Testing
Activity: Acquiring Target
Activity: Escalating Privileges
Activity: Execute, Implant & Retract
Post Attack Phase & Activities
Automated Penetration Testing Tool - CORE Impact

Are you looking for E-Learning Course Outlines?

REQUEST COURSE INFORMATION
First Name		Last Name
Company/Command
Street Address		City
State	Zip Code	Phone
Cell (optional)		Email Address
PLEASE SELECT A LOCATION
Virginia Beach, VA		Newport News, VA
Richmond, VA		Roanoke, VA
Dulles, VA		Charlotte, NC
Raleigh, NC		Spring Lake, NC
HOW DID YOU FIND OUT ABOUT US?

PLEASE LIST YOUR AREA OF INTEREST AND/OR COMMENTS: