Ethical Hacking - Intellipaat

3y ago
1.16 MB
60 Pages
Last View : 5d ago
Last Download : 5m ago
Upload by : Casen Newsome

Ethical HackingCertification TrainingEthical Hacking Certification Training1 Page

Table of Contents1.About the Program2.About Intellipaat3.Key Features4.Career Support5.Why take up this course?6.Who should take up this course?7.Program Curriculum8.Project Work9.Certification10.Intellipaat Success Stories11.Contact UsEthical Hacking Certification Training2 Page

About the ProgramThis Certified Ethical Hacking course will help you clear the EC Council’s CEH v11certification. It has carefully been designed with help of top Ethical hacker from variousmajor organizations. This CEH certification course will help you master skils sets likesystem penetration testing, building firewalls, network security and more to becomecertified Ethical hacker. This Ethical hacking training will help you master methodologiesused by the hackers to help you prevent and block security attacks at your organization.About IntellipaatIntellipaat is one of the leading online e-learning training providers with more than 600,000learners across 55 countries. We are on a mission to democratize education as webelieve that everyone has the right to quality education.Our courses are delivered by subject matter experts from top MNCs, and our world-classpedagogy enables to quickly learn difficult topics in no time. Our 24/7 technical support andcareer services will help learners jump-start their careers in their dream companies.Key FeaturesEthical Hacking Certification Training3 Page


Career SupportSESSIONS WITH INDUSTRY MENTORSAttend sessions from top industry experts and get guidance on how to boostyour career growthMOCK INTERVIEWSMock interviews to make you prepare for cracking interviews by top employersGUARANTEED INTERVIEWS & JOB SUPPORTGet interviewed by our 400 hiring partnersRESUME PREPARATIONGet assistance in creating a world-class resume from our career services teamEthical Hacking Certification Training5 Page

Why take up this course? The United States offers 4,000 CEH jobs for certified professionals – LinkedIn Major companies, like Citibank, Deloitte, Accenture, IBM, Oracle, etc., are masshiring professionals in Ethical Hacking – Indeed The average salary of Ethical Hackers in India is about 655k per annum –Glassdoor.Who should take up this course? Network Security Officers Site Administrators IT/IS Auditors IT Security Officers Technical Support Engineers IT/IS Analysts and Specialists System Analysts Network Specialists IT Operations Managers Senior System EngineersProgram CurriculumEthical Hacking Training Course ContentEthical Hacking Certification Training6 Page

1. Introduction to Ethical Hacking Information Security Overview1.1 Internet is Integral Part of Business and Personal Life – What Happens Online in60 Seconds1.2 Essential Terminology1.3 Elements of Information Security1.4 The Security, Functionality, and Usability Triangle Information Security Threats and Attack Vectors1.5 Motives, Goals, and Objectives of Information Security Attacks1.6 Top Information Security Attack Vectors1.7 Information Security Threat Categories1.8 Types of Attacks on a System1.9 Information Warfare Hacking Concepts1.10 What is Hacking?1.11Who is a Hacker?1.12 Hacker Classes1.13 Hacking Phaseso Reconnaissanceo Scanningo Gaining Accesso Maintaining Accesso Clearing Tracks Ethical Hacking Concepts1.14 What is Ethical Hacking?1.15 Why Ethical Hacking is Necessary1.16 Scope and Limitations of Ethical Hacking1.17 Skills of an Ethical HackerEthical Hacking Certification Training7 Page

Information Security Controls1.18 Information Assurance (IA)1.19 Information Security Management Program1.20 Enterprise Information Security Architecture (EISA)1.21 Network Security Zoning1.22 Defense-in-Depth1.23 Information Security Policieso Types of Security Policieso Examples of Security Policieso Privacy Policies at Workplaceo Steps to Create and Implement Security Policieso HR/Legal Implications of Security Policy Enforcement1.24 Physical Securityo Types of Physical Security Controlo Physical Security Controls1.25 What is Risk?o Risk Managemento Key Roles and Responsibilities in Risk Management1.26 Threat Modeling1.27 Incident Managemento Incident Management Processo Responsibilities of an Incident Response Team1.28 Security Incident and Event Management (SIEM)o SIEM Architecture1.29 User Behavior Analytics (UBA)1.30 Network Security ControlsEthical Hacking Certification Training8 Page

o Access Controlo Types of Access Controlo User Identification, Authentication, Authorization and Accounting1.31 Identity and Access Management (IAM)1.32 Data Leakageo Data Leakage Threatso What is Data Loss Prevention (DLP)?1.33 Data Backup1.34 Data Recovery1.35 Role of AI/ML in Cyber Security Penetration Testing Concepts1.36 Penetration Testing1.37 Why Penetration Testing1.38 Comparing Security Audit, Vulnerability Assessment, and Penetration Testing1.39 Blue Teaming/Red Teaming1.40 Types of Penetration Testing1.41 Phases of Penetration Testing1.42 Security Testing Methodology Information Security Laws and Standards1.43 Payment Card Industry Data Security Standard (PCI-DSS)1.44 ISO/IEC 27001:20131.45 Health Insurance Portability and Accountability Act (HIPAA)1.46 Sarbanes Oxley Act (SOX)1.47 The Digital Millennium Copyright Act (DMCA)1.48 Federal Information Security Management Act (FISMA)1.49 Cyber Law in Different Countries2. Footprinting and Reconnaissance Footprinting ConceptsEthical Hacking Certification Training9 Page

2.1 What is Footprinting?2.2 Objectives of Footprinting Footprinting through Search Engines2.3 Footprinting through Search Engines2.4 Footprint Using Advanced Google Hacking Techniques2.5 Information Gathering Using Google Advanced Search and Image Search2.6 Google Hacking Database2.7 VoIP and VPN Footprinting through Google Hacking Database Footprinting through Web Services2.8 Finding Company’s Top-level Domains (TLDs) and Sub-domains2.9 Finding the Geographical Location of the Target2.10 People Search on Social Networking Sites and People Search Services2.11 Gathering Information from LinkedIn2.12 Gather Information from Financial Services2.13 Footprinting through Job Sites2.14 Monitoring Target Using Alerts2.15 Information Gathering Using Groups, Forums, and Blogs2.16 Determining the Operating System2.17 VoIP and VPN Footprinting through SHODAN Footprinting through Social Networking Sites2.18 Collecting Information through Social Engineering on Social Networking Sites Website Footprinting2.19 Website Footprinting2.20 Website Footprinting using Web Spiders2.21 Mirroring Entire Website2.22 Extracting Website Information from https://archive.org2.23 Extracting Metadata of Public Documents2.24 Monitoring Web Pages for Updates and Changes Email FootprintingEthical Hacking Certification Training10 P a g e

2.25 Tracking Email Communications2.26 Collecting Information from Email Header2.27 Email Tracking Tools Competitive Intelligence2.28 Competitive Intelligence Gathering2.29 Competitive Intelligence – When Did this Company Begin? How Did it Develop?2.30 Competitive Intelligence – What Are the Company’s Plans?2.31 Competitive Intelligence – What Expert Opinions Say About the Company2.32 Monitoring Website Traffic of Target Company2.33 Tracking Online Reputation of the Target Whois Footprinting2.34 Whois Lookup2.35 Whois Lookup Result Analysis2.36 Whois Lookup Tools2.37 Finding IP Geolocation Information DNS Footprinting2.38 Extracting DNS Information2.39 DNS Interrogation Tools Network Footprinting2.40 Locate the Network Range2.41 Traceroute2.42 Traceroute Analysis2.43 Traceroute Tools Footprinting through Social Engineering2.44 Footprinting through Social Engineering2.45 Collect Information Using Eavesdropping, Shoulder Surfing, and DumpsterDiving Footprinting Tools2.46 Maltego2.47 Recon-ngEthical Hacking Certification Training11 P a g e

2.48 FOCA2.49 Recon-Dog2.50 OSRFramework2.51 Additional Footprinting Tools Countermeasures2.52 Footprinting Countermeasures Footprinting Pen Testing2.53 Footprinting Pen Testing2.54 Footprinting Pen Testing Report Templates3. Scanning Networks Network Scanning Concepts3.1 Overview of Network Scanning3.2 TCP Communication Flags3.3 TCP/IP Communication3.4 Creating Custom Packet Using TCP Flags3.5 Scanning in IPv6 Networks Scanning Tools3.6 Nmap3.7 Hping2 / Hping3o Hping Commands3.8 Scanning Tools3.9 Scanning Tools for Mobile Scanning Techniques3.10 Scanning Techniqueso ICMP Scanning – Checking for Live Systemso Ping Sweep – Checking for Live Systems Ping Sweep ToolsEthical Hacking Certification Training12 P a g e

o ICMP Echo Scanningo TCP Connect / Full Open Scano Stealth Scan (Half-open Scan)o Inverse TCP Flag Scanningo Xmas Scano ACK Flag Probe Scanningo IDLE/IPID Header Scano UDP Scanningo SSDP and List Scanningo Port Scanning Countermeasures Scanning Beyond IDS and Firewall3.11 IDS/Firewall Evasion Techniques Packet Fragmentation Source Routing IP Address Decoy IP Address Spoofing IP Spoofing Detection Techniques: Direct TTL Probes IP Spoofing Detection Techniques: IP Identification Number IP Spoofing Detection Techniques: TCP Flow Control Method IP Spoofing Countermeasures Proxy Servers Proxy Chaining Proxy Tools Proxy Tools for Mobile AnonymizersEthical Hacking Certification Training13 P a g e

Censorship Circumvention Tools: Alkasir and Tails Anonymizers Anonymizers for Mobile Banner Grabbing3.12 Banner Grabbing3.13 How to Identify Target System OS3.14 Banner Grabbing Countermeasures Draw Network Diagrams3.15 Drawing Network Diagrams3.16 Network Discovery and Mapping Tools3.17 Network Discovery Tools for Mobile Scanning Pen Testing3.18 Scanning Pen Testing4. Enumeration Enumeration Concepts4.1 What is Enumeration?4.2 Techniques for Enumeration4.3 Services and Ports to Enumerate NetBIOS Enumeration4.4 NetBIOS Enumeration4.5 NetBIOS Enumeration Tools4.6 Enumerating User Accounts4.7 Enumerating Shared Resources Using Net View SNMP Enumeration4.8 SNMP (Simple Network Management Protocol) Enumeration4.9 Working of SNMP4.10 Management Information Base (MIB)4.11 SNMP Enumeration ToolsEthical Hacking Certification Training14 P a g e

LDAP Enumeration4.12 LDAP Enumeration4.13 LDAP Enumeration Tools NTP Enumeration4.14 NTP Enumeration4.15 NTP Enumeration Commands4.16 NTP Enumeration Tools SMTP and DNS Enumeration4.17 SMTP Enumeration4.18 SMTP Enumeration Tools4.19 DNS Enumeration Using Zone Transfer Other Enumeration Techniques4.20 IPsec Enumeration4.21 VoIP Enumeration4.22 RPC Enumeration4.23 Unix/Linux User Enumeration Enumeration Countermeasures4.24 Enumeration Countermeasures Enumeration Pen Testing4.25 Enumeration Pen Testing5. Vulnerability Analysis Vulnerability Assessment Concepts5.1 Vulnerability Research5.2 Vulnerability Classification5.3 What is Vulnerability Assessment?5.4 Types of Vulnerability Assessment5.5 Vulnerability-Management Life CycleEthical Hacking Certification Training15 P a g e

o Pre-Assessment Phase: Creating a Baselineo Vulnerability Assessment Phaseo Post Assessment Phase Vulnerability Assessment Solutions5.6 Comparing Approaches to Vulnerability Assessment5.7 Working of Vulnerability Scanning Solutions5.8 Types of Vulnerability Assessment Tools5.9 Characteristics of a Good Vulnerability Assessment Solution5.10 Choosing a Vulnerability Assessment Tool5.11 Criteria for Choosing a Vulnerability Assessment Tool5.12 Best Practices for Selecting Vulnerability Assessment Tools Vulnerability Scoring Systems5.13 Common Vulnerability Scoring System (CVSS)5.14 Common Vulnerabilities and Exposures (CVE)5.15 National Vulnerability Database (NVD)5.16 Resources for Vulnerability Research Vulnerability Assessment Tools5.17 Vulnerability Assessment Toolso Qualys Vulnerability Managemento Nessus Professionalo GFI LanGuardo Qualys FreeScano Niktoo OpenVASo Retina CSo SAINTo Microsoft Baseline Security Analyzer (MBSA)o AVDS – Automated Vulnerability Detection SystemEthical Hacking Certification Training16 P a g e

o Vulnerability Assessment Tools5.18 Vulnerability Assessment Tools for Mobile Vulnerability Assessment Reports5.19 Vulnerability Assessment Reports5.20 Analyzing Vulnerability Scanning Report6. System Hacking System Hacking Concepts6.1 CEH Hacking Methodology (CHM)6.2 System Hacking Goals Cracking Passwords6.3 Password Cracking6.4 Types of Password Attackso Non-Electronic Attackso Active Online Attack Dictionary, Brute Forcing and Rule-based Attack Password Guessing Default Passwords Trojan/Spyware/Keylogger Example of Active Online Attack Using USB Drive Hash Injection Attack LLMNR/NBT-NS Poisoningo Passive Online Attack Wire Sniffing Man-in-the-Middle and Replay Attacko Offline Attack Rainbow Table AttackEthical Hacking Certification Training17 P a g e

Tools to Create Rainbow Tables: rtgen and Winrtgen Distributed Network Attack6.5 Password Recovery Tools6.6 Microsoft Authentication6.7 How Hash Passwords Are Stored in Windows SAM?6.8 NTLM Authentication Process6.9 Kerberos Authentication6.10 Password Salting6.11 Tools to Extract the Password Hashes6.12 Password Cracking Tools6.13 How to Defend against Password Cracking6.14 How to Defend against LLMNR/NBT-NS Poisoning Escalating Privileges6.15 Privilege Escalation6.16 Privilege Escalation Using DLL Hijacking6.17 Privilege Escalation by Exploiting Vulnerabilities6.18 Privilege Escalation Using Dylib Hijacking6.19 Privilege Escalation using Spectre and Meltdown Vulnerabilities6.20 Other Privilege Escalation Techniques6.21 How to Defend Against Privilege Escalation Executing Applications6.22 Executing Applicationso Tools for Executing Applications6.23

Hacking Concepts 1.10 What is Hacking? 1.11Who is a Hacker? 1.12 Hacker Classes 1.13 Hacking Phases o Reconnaissance o Scanning o Gaining Access o Maintaining Access o Clearing Tracks Ethical Hacking Concepts 1.14 What is Ethical Hacking? 1.15 Why Ethical Hacking is Necessary 1.16 Scope and Limitations of Ethical Hacking

Related Documents:

private sectors is ethical hacking. Hacking and Ethical Hacking Ethical hacking can be conceptualized through three disciplinary perspectives: ethical, technical, and management. First, from a broad sociocultural perspective, ethical hacking can be understood on ethical terms, by the intentions of hackers. In a broad brush, ethical

Benefits of Ethical Hacking Topic 1: Ethical Hacking Discuss the main benefits and risks of ethical hacking. Provide examples and/or details to support your ideas. If you have seen examples of ethical hacking, please share thes

to as “ethical hacking”—hacking for an ethical reason—whereby it will be argued that law and policy ought not to be the same here as for those hacking activities that are purely for economic gain or to cause harm or mischief. As will be seen, I have grouped ethical hacking int

what is ethical hacking?-what is hacking and it's intent?-what determines if a person is a hacker? - what is ethical hacking?-in what ways can hackers gain unauthorized access into system?-common tools used by malicious hackers-ethical hacking and how it plays a role in combating unauthorized access by malicious hackers?

Why Ethical Hacking is Necessary Ethical Hacker needs to think like malicious Hacker. Ethical hacking is necessary to defend against malicious hackers attempts, by anticipating methods they can use to break into a system. To fight against cyber crimes. To protect information from getting into wrong hands.

Definition: Ethical Hacking Hacking - Manipulating things to do stuff beyond or contrary to what was intended by the designer or implementer. Ethical Hacking - Using hacking and attack techniques to find and exploit vulnerabilities for the purpose of improving security with the following: Permission of the owners

Ethical Hacking Foundation Exam Syllabus 8 Literature A Georgia Weidman - Penetration testing, A Hands-On Introduction to Hacking San Francisco, ISBN:978-1-59327-564-8 B Article EXIN Ethical Hacking Foundation. Free download at Optional C D E Stuart McClure, Joel Scambray, George Kurtz - Hacking Exposed 7: Network

Artificial intelligence is an artefact, built intentionally. Definitions for communicating right now. Romanes, 1883 – Animal Intelligence, a seminal monograph in comparative psychology. Intelligence is doing the right thing at the right time. A form of computation (not math)–transforms sensing into action. Requires time, space, and energy. Agents are any vector of change, e.g .