EC-Council Certified Ethical Hacker v9 CEH
CLASS DATE(s):
Request a Class

COURSE LENGTH: 5 Days

COURSE COST: $2995.00

COURSE TIMES: 9:00am - 4:30pm

Printable version of this course
print

COURSE OVERVIEW

CEH v9 is a comprehensive ethical hacking and information systems security auditing program focusing on latest security threats, advanced attack vectors and practical real time demonstration of latest hacking techniques, methodologies, tools, tricks and security measures. Our researchers have invested thousands of man hours researching the latest trends and uncovering the covert techniques used by the underground community.

The new CEH v9 completely map to National Initiative for Cybersecurity Education (NICE) framework - NICE's speciality area category 'Protect and Defend.

CNSS 4013 Recognition Recognition by National Security Agency (NSA) and the Committee on National Security Systems (CNSS) Standard based required training for network security professionals.

ANSI Accredited Exam Process ANSI/ISO/IEC 17024 Standard exam development process High quality certification exam.

AUDIENCE AND PREREQUISITES

This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

One year of experience managing Windows/Unix/Linux systems or equivalent knowledge and skills Good Understanding of TCP/IP. Software

Professionals with basic knowledge of networking services.

  

*Course Cost listed does not include the cost of Courseware, Exam, and iLabs, required in your registration or Lunch. Please refer to your Invoice for the additional costs. If you have any questions, please contact us (learn@vtec.org or 207-775-0244). ITL is subject to minimum enrollment. This course is offered as Live, Online, Instructor-led, Client-site, iLearn (Self-Paced), Coursware Only (Self-Study)

Live, Online Instructor-Led Live, Online courses delivered Live, Online by a Certified EC-Council Instructor! Courses run 10 am to 5 pm Eastern time, Monday thru Friday cost: $ 2899 Included:Courseware, iLabs cyber range, and the exam voucher iLearn (Self-Paced) $ 1699, The same modules taught in the live course are recorded and presented in a streaming video format. S



Courseware Only We recognize that some folks have the background and experience to forgo training, so official courseware is available for self-study. $ 700.00.

COURSE TOPICS:


Introduction to Ethical Hacking
Internet Crime Current Report: IC3
Data Breach Investigations Report
Types of Data Stolen From the Organizations
Essential Terminologies
Elements of Information Security
Authenticity and Non-Repudiation
The Security, Functionality, and Usability Triangle
Security Challenges, Effects of Hacking,
Who is a Hacker?, Hacktivism, What Does a Hacker Do?
Why Ethical Hacking is Necessary?, What Do Ethical Hackers Do?
Defense in Depth, Skills of an Ethical Hacker
Scope and Limitations of Ethical Hacking

.
Phase 1 - Reconnaissance
Phase 2 - Scanning
Phase 3 – Gaining Access
Phase 4 – Maintaining Access
Phase 5 – Covering Tracks
Types of Attacks on a System
Operating System Attacks
Application-Level Attacks
Shrink Wrap Code Attacks
Misconfiguration Attacks
Vulnerability Research and Websites
What is Penetration Testing?, Why? and Methodology

Footprinting and Reconnaissance
What is Footprinting?
Objectives of Footprinting and Threats
Finding a Company’s URL and Locate Internal URLs
Public and Restricted Websites
Search for Company’s Information
Tools to Extract Company’s Data
People Search
Gather Information from Financial Services
Footprinting Through Job Sites
Monitoring Target Using Alerts
Competitive Intelligence Gathering
WHOIS Lookup

.
Extracting DNS Information
Locate the Network Range
Traceroute and Mirroring Entire Website
Extract Website Information from http://www.archive.org
Footprint Using Google Hacking Techniques
What a Hacker Can Do With Google Hacking?
Google Advance Search Operators
Google Hacking Tool: Google Hacking Database (GHDB)
Additional Footprinting Tools
Footprinting Countermeasures and Pen Testing

Scanning Networks
Types of Scanning, Checking for Live Systems - ICMP Scanning
Ping Sweep, Tools, Three-Way Handshake
TCP Communication Flags, Hping2 / Hping3, Commands
Scanning Techniques, TCP Connect / Full Open Scan, Stealth Scan (Half-open Scan)
Xmas Scan, FIN Scan, NULL Scan, IDLE Scan,
ICMP Echo Scanning/List Scan, SYN/FIN Scanning Using IP Fragments
UDP Scanning, Inverse TCP Flag Scanning, ACK Flag Scanning
Scanning: IDS Evasion Techniques, IP Fragmentation Tools,
Scanning Tool: Nmap, NetScan Tools Pro,
Do Not Scan These IP Addresses (Unless you want to get into trouble)
Scanning Countermeasures, War Dialing, Why?and Tools,
War Dialing Countermeasures: SandTrap Tool

.
OS Fingerprinting, Banner Grabbing Tool: ID Serve,
Banner Grabbing Tool: Netcraft
Banner Grabbing Countermeasures: Disabling or Changing Banner
Hiding File Extensions from Webpages
Vulnerability Scanning
LANsurveyor, Network Mappers, Why Attackers Use Proxy Servers?
Free Proxy Servers, Workbench, reate Chain of Proxy Servers
SocksChain, TOR (The Onion Routing)
Why do I Need HTTP Tunneling?Super Network Tunnel Tool
SSH Tunneling, Proxy Tool, Anonymizers
Case: Bloggers Write Text Backwards to Bypass Web Filters in China
IP Spoofing Detection Techniques: Direct TTL Probes

Enumeration
What is Enumeration?Techniques, Netbios Enumeration
Enumerating User Accounts, Systems Using Default Passwords
SNMP (Simple Network Management Protocol) Enumeration
UNIX/Linux Enumeration
LDAP Enumeration
NTP Enumeration
SMTP Enumeration
DNS Zone Transfer Enumeration Using nslookup
Enumeration Countermeasures
Enumeration Pen Testing

System Hacking
Information at Hand Before System Hacking Stage
System Hacking: Goals
CEH Hacking Methodology (CHM)
Password Cracking
Microsoft Authentication, How Hash Passwords are Stored in Windows SAM?
What is LAN Manager Hash?
Kerberos Authentication, Salting, PWdump7 and Fgdump, L0phtCrack,Ophcrack
Cain & Abel, RainbowCrack, Password Cracking Tools,
LM Hash Backward Compatibility, How to Defend against Password Cracking?
Privilege Escalation, Active@ Password Changer,Privilege Escalation Tools
How to Defend against Privilege Escalation?
Executing Applications, Alchemy Remote Executor, RemoteExec

.
RemoteExec, Execute This!, Keylogger,Types of Keystroke Loggers
Acoustic/CAM Keylogger, Keyloggers
Spyware, How to Defend against Keyloggers?
How to Defend against Spyware?, Rootkits
NTFS Data Stream
What is Steganography?
Video Steganography: Our Secret, Audio Steganography: Mp3stegz
Folder Steganography: Invisible Secrets 4,Spam/Email Steganography: Spam Mimic
Natural Text Steganography: Sams Big G Play Maker
Covering Tracks Tool: Window Washer
System Hacking Penetration Testing
CEH Hacking Methodology (CHM)
Password Cracking
How Hash Passwords are Stored in Windows SAM?
What is LAN Manager Hash?
Kerberos Authentication

Trojans & Backdoors
What is a Trojan?, Overt and Covert Channels
Purpose of Trojans, What Do Trojan Creators Look For?
Indications of a Trojan Attack, Common Ports used by Trojans
How to Infect Systems Using a Trojan?
Wrappers, Different Ways a Trojan can Get into a System,
How to Deploy a Trojan?, Evading Anti-Virus Techniques
Types of Trojans, Destructive Trojans,Notification Trojans, Credit Card Trojans
Data Hiding Trojans (Encrypted Trojans)
BlackBerry Trojan: PhoneSnoop, MAC OS X Trojan: DNSChanger
How to Detect Trojans?, Process Monitoring Tool: What's Running
Scanning for Suspicious Registry Entries
Scanning for Suspicious Device Drivers

.
Scanning for Suspicious Windows Services, Startup Programs, Files and Folders,Network Activities
Trojan Countermeasures, Backdoor Countermeasures, Trojan Horse Construction Kit
Anti-Trojan Software: TrojanHunter, Emsisoft Anti-Malware,
Pen Testing for Trojans and Backdoors

Viruses & Worms
Introduction to Viruses, Virus and Worm Statistics 2010
Stages of Virus Life
Working of Viruses: Infection Phase, Attack Phase
Why Do People Create Computer Viruses?
Indications of Virus Attack
How does a Computer get Infected by Viruses?
Virus Hoaxes, Analysis:, Types of Viruses
Transient and Terminate and Stay Resident Viruses
Writing a Simple Virus Program
Computer Worms
Example of Worm Infection: Conficker Worm
Worm Analysis:

.
Worm Maker: Internet Worm Maker Thing
Anti-Virus Sensors Systems
Malware Analysis Procedure, String Extracting Tool: Bintext,
Compression and Decompression Tool: UPX
Process Monitoring Tools: Process Monitor
Debugging Tool: Ollydbg
Virus Analysis Tool: IDA Pro, Online Malware Testing:
Online Malware Analysis Services
Virus Detection Methods, Virus and Worms Countermeasures
Anti-virus Tools
Penetration Testing for Virus
Working of Viruses: Infection Phase

Sniffers
Sniffing Concepts
MAC Attacks
DHCP Attacks
ARP Poisoning
Spoofing Attack
DNS Poisoning
Sniffing Tools
Counter measures

Social Engineering
What is Social Engineering? Why?
Warning Signs of an Attack
Phases in a Social Engineering Attack
Impact on the Organization
Command Injection Attacks, Common Targets of Social Engineering
Types of Social Engineering, Insider Attack,
Common Intrusion Tactics and Strategies for Prevention
Social Engineering Through Impersonation on Social Networking Sites
Risks of Social Networking to Corporate Networks
Identity Theft Statistics 2010
Real Steven Gets Huge Credit Card Statement
Identity Theft - Serious Problem

.
Social Engineering Countermeasures: Policies
How to Detect Phishing Emails?
Identity Theft Countermeasures
Social Engineering Pen Testing
Behaviors Vulnerable to Attacks
Insider Attack
Common Intrusion Tactics and Strategies for Prevention
Social Engineering Through Impersonation on Social Networking Sites
Risks of Social Networking to Corporate Networks
Identity Theft Statistics 2010
Real Steven Gets Huge Credit Card Statement
Identity Theft - Serious Problem

Denial of Service
What is Distributed Denial of Service Attacks?
Symptoms of a DoS Attack, Cyber Criminals
Internet Chat Query (ICQ), Internet Relay Chat (IRC)
DoS Attack Techniques
Botnet
WikiLeak Operation Payback
DoS Attack Tools
Detection Techniques
DoS/DDoS Countermeasure Strategies
Post-attack Forensics
Techniques to Defend against Botnets
Enabling TCP Intercept on Cisco IOS Software

Session Hijacking
What is Session Hijacking?, Dangers Posed by Hijacking, Why?
Key Session Hijacking Techniques, Brute Forcing, HTTP Referrer Attack
Spoofing vs. Hijacking
Packet Analysis of a Local Session Hijack
Predictable Session Token, Man-in-the-Middle Attack, Browser Attack
Client-side Attacks, Cross-site Script Attack,
The 3-Way Handshake,Network Level, TCP/IP Hijacking
IP Spoofing: Source Routed Packets,RST and Blind Hijacking
IPSec, Session Hijacking Pen Testing

Hijacking Webservers
Webserver Market Shares, Open Source Webserver Architecture
IIS Webserver Architecture, Website Defacement
Case Study, Why Web Servers are Compromised?
Impact of Webserver Attacks, Webserver Misconfiguration
Directory Traversal Attacks
HTTP Response Splitting Attack
Webserver Password Cracking
Webserver Attack Methodology
Webserver Attack Tools, Web Password Cracking Tool
What is Patch Management?, Patches and Hotfixes
Patch Management Tool: Microsoft Baseline Security Analyzer (MBSA)
Webserver Malware Infection Monitoring Tool: HackAlert

Hijacking Web Applications
Web Application Security Statistics
Web Application Components
How Web Applications Work?
Web Application Architecture
Web 2.0 Applications, Vulnerability Stack
Web Attack Vectors, Web Application Threats - 1 and 2
Unvalidated Input, Parameter/Form Tampering
Directory Traversal, Security Misconfiguration
Injection Flaws, What is LDAP Injection?, How?,
Cross-Site Scripting (XSS) Attacks
Web Application Denial-of-Service (DoS) Attack
Cookie/Session Poisoning

.
Buffer Overflow Attacks, Session Fixation Attack
Improper Error Handling, Insecure Cryptographic Storage
Web Services Architecture
Footprint Web Infrastructure
Web Spidering Using Burp Suite
Hacking Web Servers, Analyze Web Applications
Username Enumeration,
Password Attacks: Password Functionality Exploits
Password Attacks: Password Guessing
Password Attacks: Brute-forcing
Authorization Attack, Encoding Schemes,
Web Application Firewall: dotDefender, IBM AppScan,ServerDefender VP