Trang chủ > Chương trình đào tạo EC - COUNCIL > Certified Ethical Hacker - CEH v9

 CERTIFIED ETHICAL HACKER - CEH V9

 

 

 


COURSE OBJECTIVES

The Certifed Ethical Hacker (CEH) program is the core of the most desired information security training system any information security professional will ever want to be in. The CEH, is the frst part of a 3 part EC-Council Information Security Track which helps you master hacking technologies. You will become a hacker, but an ethical one!

As the security mindset in any organization must not be limited to the silos of a certain vendor, technologies or pieces of equipment,

This course was desgined to provide you with the tools and techniques used by hackers and information security professionals alike to break into an organization. As we put it, “To beat a hacker, you need to think like a hacker”. This course will immerse you into the Hacker Mindset so that you will be able to defend against future attacks. It puts you in the driver’s seat of a hands-on environment with a systematic ethical hacking process.

Here, you will be exposed to an entirely diferent way of achieving optimal information security posture in their organization; by hacking it! You will scan, test, hack and secure your own systems. You will be thought the Five Phases of Ethical Hacking and thought how you can approach your target and succeed at breaking in every time! The fvephases include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks.

The tools and techniques in each of these fve phases are provided in detail in an encyclopedic approach to help you identify when an attack has been used against your own targets. Why then is this training called the Certifed Ethical Hacker Course? This is because by using the same techniques as the bad guys, you can assess the security posture of an organization with the same approach these malicious hackers use, identify weaknesses and fix the problems before they are identifed by the enemy, causing what could potentially be a catastrophic damage to your respective organization.

Throughout the CEH course, you will be immersed in a hacker's mindset, evaluating not just logical, but physical security.  

AUDIENCE

This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of their network infrastructure.  

DURATION: 40 hours

CERTIFICATION

Upon completion of this course, students will receive the Certificate of Completion from SmartPro.

EXAM

  • Exam Title : Certified Ethical Hacker (ANSI)
  • Exam Code : 312-50 (ECC EXAM), 312-50 (VUE)
  • Number of Questions: 125  
  • Duration: 4 hours 
  • Availability : Prometric Prime / VUE / ECCEXAM
  • Test Format : Multiple Choice  

WHAT WILL YOU LEARN

  • Key issues plaguing the information security world, incident management process, and penetration testing.
  • Various types of footprinting, footprinting tools, and countermeasures Enumeration techniques and enumeration countermeasures.
  • Network scanning techniques and scanning countermeasures.
  • System hacking methodology, steganography, steganalysis attacks, and covering tracks
  • Difierent types of Trojans, Trojan analysis, and Trojan countermeasures.
  • Working of viruses, virus analysis, computer worms, malware analysis procedure, and countermeasures.
  • Packet snifing techniques and how to defend against snifing.
  • Social Engineering techniques, identify theft, and social engineering countermeasures.
  • DoS/DDoS attack techniques, botnets, DDoS attack tools, and DoS/DDoS countermeasures.
  • Session hijacking techniques and countermeasures.
  • Diffierent types of webserver attacks, attack methodology, and countermeasures.
  • Diffierent types of web application attacks, web application hacking methodology, and countermeasures.
  • SQL injection attacks and injection detection tools.
  • Wireless Encryption, wireless hacking methodology, wireless hacking tools, and wi-fi security tools
  • Mobile platform attack vector, android vulnerabilities, jailbreakingiOS, windows phone 8 vulnerabilities, mobile security guidelines,and tools.
  • Firewall, IDS and honeypot evasion techniques, evasion tools, and countermeasures.
  • Various cloud computing concepts, threats, attacks, and security techniques and tools.
  • Diffierent types of cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools.
  • Various types of penetration testing, security audit, vulnerability assessment, and penetration testing roadmap.

COURSE OUTLINE

1. Introduction to Ethical Hacking
  • Internet is Integral Part of Business and Personal Life - What Happens Online in 60 Seconds
  • Information Security Overview
  • Information Security Threats and Attack Vectors
  • Hacking Concepts, Types, and Phases
  • Ethical Hacking Concepts and Scope
  • Information Security Controls
  • Information Security Laws and Standards

2. Footprinting and Reconnaissance

  • Footprinting Concepts
  • Footprinting Methodology
  • Footprinting Tools
  • Footprinting Countermeasures
  • Footprinting Penetration Testing

3. Scanning Networks

  • Overview of Network Scanning
  • CEH Scanning Methodology

4. Enumeration

  • Enumeration Concepts
  • NetBIOS Enumeration
  • SNMP Enumeration
  • LDAP Enumeration
  • NTP Enumeration
  • SMTP Enumeration
  • Enumeration Countermeasures
  • SMB Enumeration Countermeasures
  • Enumeration Pen Testing

5. System Hacking

  • Information at Hand Before System Hacking Stage
  • System Hacking: Goals
  • CEH Hacking Methodology (CHM)
  • CEH System Hacking Steps
  • Hiding Files
  • Covering Tracks
  • Penetration Testing

6. Malware Threats

  • Introduction to Malware
  • Trojan Concepts
  • Types of Trojans
  • Virus and Worms Concepts
  • Malware Reverse Engineering
  • Malware Detection
  • Countermeasures
  • Anti-Malware Software
  • Penetration Testing

7. Sniffing

  • Sniffing Concepts
  • MAC Attacks
  • DHCP Attacks
  • ARP Poisoning
  • Spoofing Attack
  • DNS Poisoning
  • Sniffing Tools
  • Sniffing Tool: Wireshark
  • Follow TCP Stream in Wireshark
  • Display Filters in Wireshark
  • Additional Wireshark Filters
  • Sniffing Tool
  • Packet Sniffing Tool: Capsa Network Analyzer
  • Network Packet Analyzer
  • Counter measures
  • Sniffing Detection Techniques
  • Sniffing Pen Testing

8. Social Engineering

  • Social Engineering Concepts
  • Social Engineering Techniques
  • Impersonation on Social Networking Sites
  • Identity Theft
  • Social Engineering Countermeasures
  • Penetration Testing

9. Denial of Service

  • DoS/DDoS Concepts
  • DoS/DDoS Attack Techniques
  • Botnets
  • DDoS Case Study
  • DoS/DDoS Attack Tools
  • Counter-measures
  • DoS/DDoS Protection Tools
  • DoS/DDoS Attack Penetration Testing
10. Session Hijacking
  • Session Hijacking Concepts
  • Application Level Session Hijacking
  • Network-level Session Hijacking
  • Session Hijacking Tools
  • Counter-measures
  • Session Hijacking Pen Testing

11. Hacking Web Servers

  • Webserver Concepts
  • Webserver Attacks
  • Attack Methodology
  • Webserver Attack Tools
  • Counter-measures
  • Patch Management
  • Webserver Security Tools
  • Webserver Pen Testing

12. Hacking Web Applications

  • Web App Concepts
  • Web App Threats
  • Web App Hacking Methodology
  • Web Application Hacking Tools
  • Countermeasures
  • Security Tools
  • Web App Pen Testing

13. SQL Injection

  • SQL Injection Concepts
  • Types of SQL Injection
  • SQL Injection Methodology
  • SQL Injection Tools
  • Evasion Techniques
  • Counter-measures

14. Hacking Wireless Networks

  • Wireless Concepts
  • Wireless Encryption
  • Wireless Threats
  • Wireless Hacking Methodology
  • Wireless Hacking Tools
  • Bluetooth Hacking
  • Counter-measures
  • Wireless Security Tools
  • Wi-Fi Pen Testing

15. Hacking Mobile Platforms

  • Mobile Platform Attack Vectors
  • Hacking Android OS
  • Hacking iOS
  • Hacking Windows Phone OS
  • Hacking BlackBerry
  • Mobile Device Management (MDM)
  • Mobile Security Guidelines and Tools
  • Mobile Pen Testing

16. Evading IDS, Firewalls, and Honeypots

  • IDS, Firewall and Honeypot Concepts
  • IDS, Firewall and Honeypot System
  • Evading IDS
  • Evading Firewalls
  • IDS/Firewall Evading Tools
  • Detecting Honeypots
  • IDS/Firewall Evasion Counter-measures
  • Penetration Testing

17. Cloud Computing

  • Introduction to Cloud Computing
  • Cloud Computing Threats
  • Cloud Computing Attacks
  • Cloud Security
  • Cloud Security Tools
  • Cloud Penetration Testing

18. Cryptography

  • Market Survey 2014: The Year of Encryption
  • Case Study: Heartbleed
  • Case Study: Poodlebleed
  • Cryptography Concepts
  • Encryption Algorithms
  • Cryptography Tools
  • Public Key Infrastructure(PKI)
  • Email Encryption
  • Disk Encryption
  • Cryptography Attacks
  • Cryptanalysis Tools

CEHv9 RECONGNITION

  • The National Initiative for Cybersecurity Education (NICE)
  • American National Standards Institute (ANSI)
  • Committee on National Security Systems (CNSS)
  • United States Department of Defense (DoD).
  • National Infocomm Competency Framework (NICF) KOMLEK
  • Department of Veterans Affairs
  • KOMLEK
  • MSC
     

 

Địa chỉ: Lầu 6, toà nhà Thiên Sơn, 5-7-9 Nguyễn Gia Thiều, P.6, Quận 3, TP.HCM

Tel: (028) 39 333 376 - Fax: (028) 39 30 6767

Email: tuvan@smartpro.vn, sales@smartpro.vn

Chi nhánh: 8/12 Liễu Giai, Ba Đình, Hà Nội

Tel: (024) 37620196

Email: tuvan@smartpro.vn, sales@smartpro.vn

web counters