Scribd
Upload
100 views

Ethical Hacker (CEH) Syllabus

Uploaded by

dinesh-scribd
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100 views

Ethical Hacker (CEH) Syllabus

Uploaded by

dinesh-scribd
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Ethical Hacker (CEH) Syllabus

Course Details:

• Duration: 60 Hours.
• Certificates: CEH.
• Exams: 312-50.

The MCTS Certification

• CEH: Certified Ethical Hacker.

02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
Part 1: The Business and Legal Issues of Ethical Hacking

Chapter 1: Introduction to Ethical Hacking


• Terminology
• Hackers, Crackers, and Other Related Terms
• Hactivism
• Threats
• Hacking History
• Ethical Hacking Objectives and Motivations
• Steps in Malicious Hacking
• Reconnaissance
• Scanning
• Acquiring Access
• Maintaining Access
• Covering, Clearing Tracks, and Installing Back Doors
• Hacker and Ethical Hacker Characteristics and Operations
• Skills Needed by an Ethical Hacker
• Steps in an Infosec Evaluation
• Types of Information System Security Testing
• Ethical Hacking Outputs
• Protections and Obligations for the Ethical Hacker
• Related Types of Computer Crime

Chapter 2: Legality and Ethics


• Law and Legal Systems
• Administrative Law
• Common Law Organization
• Statutory Law
• U.S. Common Law System Categories
• Computer Security Crime Laws
• Privacy Principles and Laws
• Computer Crime Penalties
• Ethics
• Assessment Questions

02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
Chapter 3: Penetration Testing for Business
• Penetration Testing from a Business Perspective
• Penetration Test Approach and Results
• Valuating Assets
• Penetration Testing Steps Summarized
• Selecting a Penetration Testing Consulting Organization
• Justification of Penetration Testing through Risk Analysis
• Risk Analysis Process
• Typical Threats and Attacks
• Impact Determination
• Management Responsibilities in Risk Analysis Relating to Penetration Testing

Part 2: The Pre-Attack Phases

Chapter 4: Footprinting
• Gathering Information
• Whois
• Nslookup
• Open Source Searching
• Locating the Network Range
• Determining the Network Range with ARIN
• Traceroute and TTL
• Email Tracking Programs

Chapter 5: Scanning
• Identifying Active Machines
• Ping:
• Ping Sweeps
• Ping Tools
• Identifying Open Ports and Available Services
• Port Scanning:
• TCP/UDP Scanning Types
• Determining the Operating System
• Scanning Tools
• Vulnerable Ports
02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
• Port Scanning Issues
• Banner Grabbing
• War Dialing
• War Driving and War Walking:
• Wireless Scanners
• Wireless Packet Sniffers
• Fingerprinting:
• Passive Fingerprinting
• Mapping the Network

Chapter 6: Enumerating
• Protection Rings
• Windows Architecture
• Windows Security Elements
• SAM Database
• Local Security Authority Subsystem Service
• NetBIOS
• Active Directory (AD)
• Enumerating Techniques for Windows
• NetBIOS Enumerating
• Net View
• NBTSTAT
• Nbtscan
• User2sid and Sid2user
• Other Tools
• SNMP Enumeration
• SNMPutil
• Other SNMP Enumeration Tools
• DNS Zone Transfer
• Active Directory Enumeration
• Countermeasures
• NetBIOS Null Sessions
• SNMP Enumeration Countermeasures
• DNS Zone Transfer Countermeasures

02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
Part 3: Attack Techniques and Tools

Chapter 7: System Hacking Techniques


• Password Guessing
• Automated Password Guessing
• Password Sniffing
• L0phtcrack
• KerbCrack
• Alternate Means
• Keystroke Loggers
• Hardware Keyloggers
• Software Keyloggers
• Keylogging Tools
• Redirecting SMB
• Privilege Escalation
• Password Cracking
• Password Cracking Techniques
• Dictionary Attack
• Brute Force Attack
• Hybrid Attack
• Rainbow Attack
• Stealing SAM
• Cracking Tools
• Covering Tracks
• Disabling Auditing
• Clearing the Event Log
• Planting Rootkits
• File Hiding
• Countermeasures

Chapter 8: Trojans, Backdoors, and Sniffers


• Trojans and Backdoors
• Trojan Types
• Remote Access Trojans (RATs)
• Trojan Attack Vectors
• Wrappers

02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
• Covert Communication
• Trusted Computer System Evaluation Criteria (TCSEC)
• Covert Storage Channel
• Covert Timing Channel
• Covert Communication Tools
• Port Redirection
• NetCat
• Reverse Telnet
• Datapipe
• Fpipe
• Rinetd
• Trojan Tools and Creation Kits
• Tini
• QAZ
• Donald Dick
• NetBus
• Back Orifice 2000
• SubSeven
• Other Notables
• Anti-Trojan Software and Countermeasures
• Windows File Protection (WFP)
• Tripwire
• Fport
• TCPView
• Process Viewer
• Inzider
• Sniffers
• Sniffing Exploits
• ARP Spoofing
• MAC Flooding
• DNS Spoofing or Poisoning
• Sniffing Tools
• Snort
• Dsniff
• Ethereal
• MAC Flooding Tools
• ARP Poisoning Tools
• Other Sniffing Tools
02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
Chapter 9: Denial of Service Attacks and Session Hijacking
• Denial of Service/Distributed Denial of Service (DoS/DDoS)
• DOS Attacks
• DDoS Attacks
• Prevention of DoS Attacks
• Prevention of DDoS Attacks
• Session Hijacking
• The TCP/IP Protocol Stack
• Layered Protocol Roles
• Sequence Numbers
• Session Hijacking Steps
• Tools for Session Hijacking
• Protecting Against Session Hijacking

Chapter 10: Penetration Testing Steps


• Penetration Testing Overview
• Legal and Ethical Implications
• The Three Pretest Phases
• Footprinting
• Scanning
• Enumerating
• Penetration Testing Tools and Techniques
• Port Scanners
• Vulnerability Scanners
• Password Crackers
• Trojan Horses
• Buffer Overflows
• SQL Injection Attack
• Cross Site Scripting (XSS)
• Wireless Network Penetration Testing
• WLAN Vulnerabilities
• SSID Issues
• WEP Weaknesses
• MAC Address Vulnerabilities
• Wireless Scanning Tools
• Social Engineering
• Intrusion Detection System (IDS)
02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
Chapter 11: Linux Hacking Tools
• Linux History
• Scanning Networks with Linux Tools
• NMap
• Nessus
• Cheops and Cheops-ng
• Linux Hacking Tools
• John the Ripper
• SARA
• Sniffit
• HPing
• Linux Rootkits
• Linux Security Tools
• Linux Firewalls
• IPChains
• IPTables
• Linux Application Security Tools
• Linux Intrusion Detection Systems (IDS)
• Linux Encryption Tools
• Linux Log and Traffic Monitors
• Port Scan Detection Tools

Chapter 12: Social Engineering and Physical Security


• Social Engineering
• Human-Based (Person-to-Person) Social Engineering
• Computer-Based Social Engineering
• Example Social Engineering Attacks
• Motivations for Individuals to Respond to Social Engineers
• Reverse Social Engineering
• Phishing
• Hidden Frames
• URL Obfuscation
• HTML Image Mapping
• Identity Theft
• Defending Against Social Engineering Attacks
• Physical Security
• Physical Security Implementation

02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
• Company Facility Controls and Issues
• Company Personnel Controls
• Environmental Controls
• Heating, Ventilation, and Air Conditioning (HVAC)
• Fire Safety Controls
• Access Controls
• Fax Machines
• Physical Facility Controls

Part 4: Web Server and Database Attacks

Chapter 13: Web Server Hacking and Web Application Vulnerabilities


• Web Server Hacking
• Client to Server Data Exchange
• Web Servers
• Web Server Security Issues
• ISAPI and DLL
• IIS Attacks
• Apache Attacks
• Hacking Tools
• Patch Management
• Web Application Vulnerabilities
• Related Hacking Tools
• Netcat
• Black Widow
• Instant Source
• Wget
• Websleuth
• Nikto
• Wikto
• Nessus
• Network Utilities
• Countermeasures

02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
Chapter 14: SQL Injection Vulnerabilities
• SQL Injection Testing and Attacks
• Preparing for an Attack
• Conducting an Attack
• Lack of Strong Typing
• Union Select Statements
• Acquiring Table Column Names
• Stored Procedures
• Extended Stored Procedures
• Server System Tables
• SQL Injection Prevention and Remediation
• Automated SQL Injection Tools

Chapter 15: Cryptography


• Symmetric Key Cryptography
• Symmetric Key Encipherment
• Substitution Cipher
• Vernam Cipher (One-Time Pad)
• Transposition (Permutation) Cipher
• The Exclusive Or (XOR) Function
• Symmetric Key Cryptography Characteristics
• Data Encryption Standard (DES)
• Triple DES
• The Advanced Encryption Standard (AES)
• The Blowfish Algorithm
• The Twofish Algorithm
• The IDEA Cipher
• RC5/RC6
• Public Key Cryptosystems
• One-Way Functions
• Public Key Algorithms
• RSA
• El Gamal
• Elliptic Curve (EC)
• Summaries of Public Key Cryptosystem Approaches
• Digital Signatures
• Hash Function
02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
• Developing the Digital Signature
• The U.S. Digital Signature Standard (DSS)
• MD5
• Public Key Certificates
• Digital Certificates
• Public Key Infrastructure (PKI)
• Cryptanalysis
• Managing Encryption Keys
• Email Security
• Electronic Transaction Security
• Wireless Security
• Disk Encryption
• Hacking Tools

Chapter 16: Cracking Web Passwords


• Authentication
• Authentication Methods
• Basic Authentication
• Digest Authentication
• NTLM (NT LAN Manager) Authentication
• Negotiate Authentication
• Certificate Based Authentication
• Forms-Based Authentication
• RSA Secure Token
• Biometrics
• Password Considerations and Issues
• Selecting Passwords
• Protecting Passwords
• Password Cracking
• Computer Password Cracking and Support Tools
• Web Password Cracking Tools
• Countermeasures

02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
Part 5: Advanced Topics

Chapter 17: Wireless Network Attacks and Countermeasures


• Wireless Technology
• The Cellular Phone Network
• Worldwide Cellular via LEO Satellites
• Cellular Network Elements
• Global Wireless Transmission Systems
• AMPS
• TDMA
• CDMA
• GSM
• CDPD
• NMT
• TACS
• PDC
• General Packet Radio Service (GPRS)
• Enhanced Data Rates for Global Evolution (EDGE)
• Wireless Networking
• Direct Sequence Spread Spectrum (DSSS)
• Frequency Hopping Spread Spectrum (FHSS)
• The IEEE 802.11 Family
• WLAN Operational Modes
• Ad Hoc Mode
• Infrastructure Mode
• Association Frames
• Service Set Identifier (SSID)
• Bluetooth
• BT Security
• BT Attacks
• The Wireless Application Protocol (WAP)
• Wired Equivalent Privacy (WEP)
• WEP Encryption
• WEP Decryption
• RC4
• WEP Authentication Methods
• Open System Authentication
02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
• Shared Key Authentication
• Media Access Control Authentication
• WEP Key Management
• WEP Cracking
• WPA and WPA2
• 802.1x and EAP
• Extensible Authentication Protocol (EAP)
• EAP Transport Level Security (EAP-TLS)
• Lightweight Extensible Authentication Protocol (LEAP)
• WLAN Threats
• Denial of Service Attacks
• SSID Problems
• The Broadcast Bubble
• War Driving
• Rogue Access Points
• MAC Spoofing
• Wireless Hacking Tools
• NetStumbler
• AiroPeek
• AirSnort
• Kismet
• WEPCrack
• Other WLAN Tools
• Securing WLANs
• Standards and Policy Solutions
• MAC Address Filtering
• SSID Solutions
• Antenna Placement
• VLANS
• Wireless VPNs
• Wireless RADIUS
• Dynamic WEP Keys
• Enable WEP, WPA2, EAP, and 802.1x
• Site Surveys and IDS

02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
Chapter 18: Firewalls, Intrusion Detection Systems, and Honeypots
• Firewalls
• Firewall Types
• Proxy Firewall
• Packet Level Filtering Firewall
• Stateful Inspection Firewalls
• Hardware and Software Firewalls
• Firewall Architectures
• Packet-Filtering Routers
• Dual-Homed Hosts
• Screened Host
• Screened-Subnet Firewalls
• Firewall Identification
• Banner Grabbing
• Port Scanning
• Firewall Ports
• Scanning with TCP
• Scanning with UDP
• Firewalking
• Breaching and Bypassing Firewalls
• Hping
• Traceroute
• Covert Channeling
• ACK Tunneling
• HTTP Tunneling
• Firewall Backdoors
• Firewall Informer
• Intrusion Detection and Response
• Host-Based ID Systems
• Network-Based ID systems
• IDS Detection Methods
• Statistical Anomaly Detection
• Pattern Matching Detection
• Protocol Detection
• IDS Responses
• Using an IDS in a Switched Environment
• Evading IDSs
02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
• Tools for Evading and Testing IDSs
• Intrusion Prevention Systems
• SNORT 2.x
• Cisco Security Agent
• Incident Handling
• Computer Incident Response Team
• Incident Notification
• Honeypots
• Honeypot Applications
• Discovering Honeypots

Chapter 19: Viruses, Worms, and Buffer Overflows


• Viruses
• The Virus Lifecycle
• Macro Viruses
• Polymorphic Viruses
• Stealth Viruses
• Spyware
• Web Bugs
• Spambots
• Pop-Up Downloads
• Drive-By Downloads
• Bogus Spyware Removal Programs
• Multistage and Blended Threats
• Worms
• Virus and Worm Examples
• Chernobyl
• Explore.Zip
• LoveLetter
• Melissa Virus
• Nimda Virus
• Pretty Park
• BugBear
• Klez
• SirCam Worm
• Code Red Worm
• Other Worms of Interest
• Buffer Overflows
02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬
• Preventing Malicious Code and Buffer Overflows
• Virus Scanners
• Virus Prevention
• Virus Detection
• Defending Against Buffer Overflows

02-7101462 ‫ ﻓﺎﻛﺲ‬,02- 7101461‫ ﻫﺎﺗﻒ‬, ‫ ﺇﺭﺑﺪ – ﺍﻷﺭﺩﻥ‬-1‫ﺇﺷﺎﺭﺓ ﺍﻟﻨﺴﻴﻢ – ﳎﻤﻊ ﺍﳊﻤﺎﻳﺪﻩ ﺍﻟﺘﺠﺎﺭﻱ – ﻁ‬

You might also like