Note: This is a long post so the PDF version is also available. You can download the PDF version. Click Here to Download (Wait for few seconds and then click on skip)
Hello Guys!!!
Hope you had a wonderful weekend. And KIITians, although the exams are over but
yet it’s not the right time to sleep instead utilize these time to learn
something new.
I know it’s a
boring Monday again and you all guys must be expecting any new trick. But I am
sorry to disappoint you, rather than giving a trick today I will give you the
basic idea about hacking and the CEH course. Well those who don’t know about
CEH, it stands for Certified Ethical Hacker, now I guess you all may have got some
idea regarding this.
The CEHv8 has
got 19 module all together. To get training you need to register to any
institute and then pay them with lots of money and again pay them for the
certificate exam. Just try to learn all those online and practice the questions
and then appear directly for the certificate exam. Anyway I won’t give any
boring lecture to you guys rather than I will tell you about those 19 modules.
Module 1:
Introduction to Ethical hacking
Module 2:
Footprinting and Reconnaissance
Module 3: Scanning
networks
Module 4:
Enumeration
Module 5:
System Hacking
Module 6:
Trojans and Backdoor
Module 7:
Viruses and Worms
Module 8:
Sniffers
Module 9:
Social Engineering
Module 10:
Denial of service
Module 11:
Session Hijacking
Module 12:
Hacking Web-servers
Module 13:
Hacking Web Applications
Module 14: SQL
injection
Module 15:
Hacking Wireless Networks
Module 16:
Evading IDS, Firewalls and Honeypots
Module 17:
Buffer Overflow
Module 18:
Cryptography
Module 19:
Penetration Testing
So, I guess you
all guys must be interested in knowing about each one of them. So, in today’s
post I will give introduction about all the modules and what all it actually
content.
Module 1:
Introduction to Ethical hacking
(This module is
bit boring, I know you guys hate theories) Through this module you can come to
know about:
- The elements of information security and its functionality
- Security challenges
- Effects of hacking
- Who the hacker is actually
- Classes of hackers
- Types of hackers
- Hacking phase
- Types of attack on the system
- Why ethical hacking is necessary
- Scope and limitations of ethical hacking
- What do ethical hackers do
- Vulnerability research
Module 2:
Footprinting and Reconnaissance
Footprinting is
the step in which we gather information about our victim. Through this module
you can come to know about:
- What is Footprinting?
- Objectives of Footprinting.
- Footprinting Threats
- Internet Footprinting
- Competitive Intelligence
- WHOIS Footprinting
- DNS Footprinting
- Network Footprinting
- Website Footprinting
- Email Footprinting
- Google Hacking
- Footprinting tools
- Footprinting Countermeasures
- Footprinting Pen testing
Module 3:
Scanning networks
Scanning is the
set of procedures for indentifying hosts, ports and services of network. It is
one of the components of intelligence gathering for an attacker to create a
profile of the target organization or person. This module covers about:
- Types of scanning and understanding the CEH scanning methods
- Checking Live systems and open ports
- Understanding Scanning techniques
- Different tools present to perform scanning
- Understanding banner grabbing and OS fingerprinting
- Drawing network diagrams of vulnerable hosts
- Preparing proxies
- Understanding Anonymizer
- Its countermeasures
- Scanning Pentesting
Module 4: Enumeration
Enumeration is
the process of extracting user names, machine names, network resources, shares,
and services from a system. It is mainly conducted in the intranet environment.
Through this module you can know about:
- Enumeration and its techniques
- NetBIOS Enumeration
- Enumerating user accounts
- SNMP Enumeration
- Unix/Linux Enumeration
- LDAP/Active directory Enumeration
- NTP Enumeration
- SMTP and DNS Enumeration
- Enumeration Countermeasures
Module 5:
System Hacking
This is one of
the longest module. System hacking mainly involves cracking the passwords and
breaking through the security of the system. This process is done after we
completely pass the above steps. Through this module you can come to know
about:
- Password Cracking and its techniques
- Types of Password attacks
- Automatic Password cracking algorithm
- Privilege Escalation
- Executing Application
- Keyloggers
- Spyware
- Rootkit
- Detecting Rootkits
- NTFS Data Stream
- What is Steganography?
- Steganalysis
- Covering tracks
Module 6:
Trojans and Backdoor
Trojans are
program in which the malicious or harmful codes are contained inside the
apparently harmless programming or data in such a way that it can get control
and cause damange, such as ruining the file allocation table on victim hard
disk. With the help of a Trojan, an attacker gets access to the stored
passwords in the Trojaned computer and would be able to read personal
documents, delete files and display pictures, or even send messages on the
screen. With this module you can know about:
- What is Trojan?
- Overt and Covert Channels
- Purpose of Trojans
- Indications of Trojan attacks
- Common Ports used by Trojans
- How to infect using Trojans
- How to deploy a Trojan?
- Types of Trojans
- How to detect Trojans?
- Evading Anti-virus techniques
- Countermeasures
- Anti-trojan softwares
- Penetration testing
Module 7:
Viruses and Worms
Virus is a
self-replicating program that produces its own code by attaching copies of
itself into other executables codes
- Introduction and stages of Virus life
- Working of virus
- Virus analysis
- Types of viruses
- Writing a simple virus program
- Computer Worms
- Worm Analysis
- What is sheep dip Computer?
- Malware analysis procedure
- Virus detection Methods
- Countermeasures
- Anti-virus tools
- Penetration testing for virus
Module 8:
Sniffers
Sniffing is the
process in which we constantly get sensitive information about our victim after
gaining the access of the victim network. We use sniffers for that and it can
cover up the network data, personal emails and other messages, network traffic,
etc. This module helps you to understand:
- Lawful Intercept
- Wiretapping
- Sniffing Threats
- Types of Sniffing
- Hardware Protocol Analyzers
- MAC Attacks
- DHCP Attacks
- ARP Poisoning Attacks
- Spoofing Attacks
- DNS Poisoning
- Sniffing Tools
- Countermeasures
Module 9:
Social Engineering
There is no
measure to measure the stupidity of humans. So social engineering basically
deals with the stupidity of human and take advantage of that. Through this
module you can learn:
- What is Social Engineering?
- Why is Social Engineering Effective?
- Phases in a Social Engineering Attack
- Common Targets of Social Engineering
- Types of Social Engineering
- Common Intrusion Tactics and Strategies for Prevention
- Social Engineering through Impersonation on Social Networking Sites
- Risks of Social Networking to Corporate Networks
- Identify Theft
- How to steal Identity?
- Countermeasures
- Pen Testing
Module 10:
Denial of service
It is an attack
on computer or network which stops the primary use of resources. In this
attack, attacker flood a system with the garbage requests which overload the
resource and prevents it from performing the important and primary works. This
module covers:
- What is DoS and DDoS attack?
- How DDoS attack works?
- Symptoms of DDoS attack.
- Internet Relay Chat (RLC)
- DoS attack technique
- Botnet
- Botnet Ecosystem
- DDoS case study
- DoS Attack tools
- Detection Techniques
- Countermeasures
- Techniques to defend against Botnets
- Protection tools
- Penetration testing
Module 11:
Session Hijacking
In this attack
the attacker hijack the data transfer between two computer or network and then
seals the valid session ID and finally snoop through the data. This module
covers:
- What is Session hijacking?
- Key session hijacking techniques
- Brute force
- Spoofing vs. Hijacking
- Types of Session Hijacking
- Session Hijacking in OSI model
- Application Level Session Hijacking
- Network Level Session Hijacking
- TCP/IP Hijacking
- Session Hijacking tools
- Countermeasures
- IPSec Architecture
- Penetration testing
Module 12:
Hacking Web-servers
Through this
attack we can deface a website, tamper a data, compromise user account, etc.
This module covers:
- Open Source Webserver Architecture
- IIS Webserver Architecture
- Why Web Servers are compromised?
- Impact of Web Server Attacks
- Web Application Attacks
- Web Server Attack Methodology
- Web Server Attack Tools
- Countermeasures
- How to defend against web server attacks?
- What is Patch Management?
- Patch Management Tools
- Web server security tools
- Penetration testing
Module 13:
Hacking Web Applications
This is the
longest module and it takes time and patience to complete this topic. We know
that web application provide an interface between the user and the web server
through web pages. Now in this attack we are attacking the web application and
try to gain active or passive access to them. This includes XSS, SQLi, CSRF,
RFI, LFI etc. This module covers:
- Web Application introduction and its componenets
- How Web Application Work?
- Web Application Architecture
- Unvalidated Input
- Parameter/ Form Tampering
- Injection Flaws
- Hidden Field Manipulation Attack
- XSS Attacks
- Web Services Attacks
- Hacking Methodology
- Web Application Hacking Tools
- Countermeasure
- Web application Security tools
- Web application Firewalls
- Web application Pen testing
Module 14: SQL
injection
It is one of
the most common website vulnerability and most of the websites still includes
this vulnerability. It is a flaw in web application and not in the database or
the web server issue. Even after a lot of digging, most of the programmer are
still not aware about this vulnerability. This module covers:
- Introduction to SQL Injection
- Threats of SQLi Attacks and Examples
- SQLi Detection
- SQLi Error Messages
- SQLi Black Box Pen testing
- Types of SQLi
- Simple SQLi Attack
- Union Based SQLi
- Error-based SQLi
- Blind SQLi
- Advanced SQLi
- SQLi Tools
- Signature Evasion Techniques
- Countermeasures
- SQLi Detection tools
Module 15:
Hacking Wireless Networks
In the most
common words we can say hacking Wi-fi. Any network which uses the wireless
networks are on the target of this attack. This module covers:
- Wireless Networks
- Types of Wireless Networks
- Wi-Fi Authentication Modes
- Types of Wireless Encryption
- WEP Encryption
- WPA/WPA2
- Wireless Threats
- Wireless Hacking Methodology
- Wireless Hacking Tools
- Bluetooth Hacking
- Countermeasures
- Wi-Fi Security Tools
- Penetration Testing
Module 16:
Evading IDS, Firewalls and Honeypots
Intrusion
Detection Systems commonly called as IDS gathers and analyze the information
from and within a computer or network, to identify the possible violation of
the security policy, which includes the unauthorized access and its misuse.
Firewall are
the hardware or software or the combination of both and are used to prevent the
unauthorized access to the network or computer.
Honeypot is an
information system resource that is expressly set up to attract and trap people
who attempt to penetrate an organization’s network. This module covers:
- Intrusion Detection Systems (IDS)
- Ways to Detect an Intrusion
- Types if IDS
- Firewall and its types
- Firewall Identification Techniques
- Honeypot
- Types of Honeypot
- How to set up a Honeypot?
- IDS, Firewall and Honeypot System
- Evading IDS
- Evading Firewall
- Detecting Honeypots
- Firewall Evading tools
- Countermeasures
- Penetration testing
Module 17:
Buffer Overflow
A generic
buffer overflow occurs when a buffer that has been allocated a specific storage
space has more data copied to it than it can handle. This module covers:
- Buffer Overflows (BoF)
- Stack-Based Buffer Overflow
- Heap-Based Buffer Overflow
- Stack Operation
- Buffer Overflow Steps
- Attacking a Real Program
- Smashing the Stack and its examples
- How to mutate a buffer overflow exploit
- Identifying Buffer Overflows
- Testing for Heap Overflow Conditions: heap.exe
- Steps for testing of Stack Overflow in OllyDbg Debugger
- BoF Detection Tools
- Countermeasure and its tools
- Pentesting
Module 18:
Cryptography
Cryptography is
the conversion of data into a scrambles code that is decrypted and sent across
a private or public network. This module covers:
- Cryptography and its types
- Ciphers
- Advanced Encryption Standard (AES)
- RC4, RC5, RC6 Algorithyms
- RSA (Rivest Shamir Adleman)
- Message Digest Function: MD5
- Secure Hashing Algorithm (SHA)
- Cryptography Tools
- Public Key Infrastructure (PKI)
- Digital Signature
- SSL (Secure Sockets Layer)
- Disk Encryption
- Disk Encryption Tools
- Cryptography attack
- Cryptanalysis Tools
Module 19:
Penetration Testing
Penetration
testing are methods that attackers use to gain unauthorized access to an
organization’s networked systems and then compromise with them. This module includes:
- Penetration Testing (PT)
- Security Assessments
- Risk Management
- Automated Testing
- Manual Testing
- Enumerating Devices
- DoS Emulation
- Hacker Shield
- Pentest using various Devices
- VigilENT
- Web Inspect
- Tools
So these were
the overview of the topics to be covered in the CEH course and we also need to
practice this in regular basis.
Author: Unpredictable
If you have any query then feel free to comment below or for more info mail us @ prashantsavior@gmail.com. Don't forget to like our Facebook page and stay updated.