Академический Документы
Профессиональный Документы
Культура Документы
Exam 312-50
Version Comparison
CEHv8 vs CEHv7
CEHv7 CEHv8 Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation of concepts and attacks Exclusive section for best practices to follow to protect information systems against various attacks New and rich presentation style with eye catching graphics Latest OS covered and a patched testing environment Well tested, result oriented, descriptive and analytical lab manual to evaluate the presented concepts 19 Modules 90 Labs 1700 Slides No Document 20 Modules 110 Labs 1770 Slides Document
Page | 1
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Page | 2
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Page | 3
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Footprinting Tools Footprinting Countermeasures Footprinting Pen Testing Footprinting Terminologies What Is Footprinting?
Scanning Networks
Network scanning refers to a set of procedures for identifying hosts, ports, and services in a network. The topics highlighted in red under CEHv8 Module 03: Scanning Networks are the new additions CEHv7 Module 03: Scanning Networks Overview of Network Scanning CEH Scanning Methodology Checking for Live Systems Scanning Techniques IDS Evasion Techniques Banner Grabbing Vulnerability Scanning Drawing Network Diagrams Proxy Chaining HTTP Tunneling Techniques SSH Tunneling Anonymizers IP Spoofing Detection Techniques Scanning Countermeasures Scanning Pen Testing CEHv8 Module 03: Scanning Networks Overview of Network Scanning CEH Scanning Methodology Checking for Live Systems Scanning IPv6 Network Scanning Techniques IDS Evasion Techniques Banner Grabbing Vulnerability Scanning Drawing Network Diagrams Proxy Chaining HTTP Tunneling Techniques SSH Tunneling Anonymizers IP Spoofing Detection Techniques Scanning Countermeasures Scanning Pen Testing Latest Network Scanning Tools Added
Page | 4 Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Enumeration
In the enumeration phase, attacker creates active connections to system and performs directed queries to gain more information about the target. The topics highlighted in red under CEHv8 Module 04: Enumeration are the new additions. CEHv7 Module 04: Enumeration What Is Enumeration? Techniques for Enumeration NetBIOS Enumeration CEHv8 Module 04: Enumeration What Is Enumeration? Techniques for Enumeration Services and Ports to Enumerate
Enumerate Systems Using Default Passwords NetBIOS Enumeration SNMP Enumeration UNIX/Linux Enumeration LDAP Enumeration NTP Enumeration SMTP Enumeration DNS Enumeration Enumeration Countermeasures Enumeration Pen Testing Enumerate Systems Using Default Passwords SNMP Enumeration Working of SNMP UNIX/Linux Enumeration LDAP Enumeration NTP Enumeration SMTP Enumeration DNS Enumeration Enumeration Countermeasures Enumeration Pen Testing Latest Enumeration Tools Added 1 more Lab Added
Page | 5
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
System Hacking
Password cracking techniques are used to recover passwords from computer systems. The topics highlighted in red under CEHv8 Module 05 System Hacking are the new additions. CEHv7 Module 05 System Hacking System Hacking: Goals CEH Hacking Methodology (CHM) Password Cracking Microsoft Authentication How to Defend against Password Cracking Privilege Escalation Types of Privilege Escalation Executing Applications Types of Keystroke Loggers and Spywares Anti-Keylogger and Anti-Spywares Detecting Rootkits NTFS Stream Manipulation Classification of Steganography Steganalysis Methods/Attacks on Steganography Covering Tracks Penetration Testing CEHv8 Module 05 System Hacking System Hacking: Goals CEH Hacking Methodology (CHM) Password Cracking Stealing Passwords Using Keyloggers Microsoft Authentication How to Defend against Password Cracking Privilege Escalation Types of Privilege Escalation Executing Applications Methodology of Attacker in using Remote Keylogger Types of Keystroke Loggers and Spywares Anti-Keylogger and Anti-Spywares Various methods to place a rootkit Detecting Rootkits NTFS Stream Manipulation Application of steganography Classification of Steganography Audio Steganography Methods Issues in Information hiding Steganalysis Methods/Attacks on Steganography Detecting Text, Image, Audio, and Video Steganography Covering Tracks Penetration Testing
Page | 6 Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Page | 7
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Page | 8
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Sniffers
Packet sniffing is a process of monitoring and capturing all data packets passing through a given network using software (application) or hardware device. The topics highlighted in red under CEHv8 Module 08: Sniffing are the new additions.
CEHv7 Module 08: Sniffers Packet Sniffing Sniffing Threats Types of Sniffing Attacks Hardware Protocol Analyzers MAC Flooding How DHCP Works Rogue DHCP Server Attack ARP Spoofing Techniques ARP Poisoning Tools How to Defend Against ARP Poisoning Spoofing Attack Threats How to Defend Against MAC Spoofing DNS Poisoning Techniques How to Defend Against DNS Spoofing Sniffing Tools Sniffing Pen Testing
CEHv8 Module 08: Sniffing Packet Sniffing Sniffing Threats Types of Sniffing Attacks Hardware Protocol Analyzers IPv6 Addresses MAC Flooding How DHCP Works Rogue DHCP Server Attack ARP Spoofing Techniques ARP Poisoning Tools How to Defend Against ARP Poisoning Spoofing Attack Threats MAC Spoofing Technique IRDP Spoofing How to Defend Against MAC Spoofing DNS Poisoning Techniques How to Defend Against DNS Spoofing Sniffing Tools Sniffer Detection Technique Sniffing Pen Testing
Page | 9
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Social Engineering
Social engineering is the art of convincing people to reveal confidential information. Social engineers depend on the fact that people are unaware of their valuable information and are careless about protecting it. The topics highlighted in red under CEHv8 Module 09: Social Engineering are the new additions. CEHv7 Module 09: Social Engineering What Is Social Engineering? Factors that Make Companies Vulnerable to Attacks Warning Signs of an Attack Phases in a Social Engineering Attack Common Targets of Social Engineering Human-based Social Engineering Computer-based Social Engineering Social Engineering Through Impersonation on Social Networking Sites Identify Theft Social Engineering Countermeasures How to Detect Phishing Emails Identity Theft Countermeasures Social Engineering Pen Testing CEHv8 Module 09: Social Engineering What Is Social Engineering? Factors that Make Companies Vulnerable to Attacks Warning Signs of an Attack Phases in a Social Engineering Attack Common Targets of Social Engineering Human-based Social Engineering Computer-based Social Engineering Mobile-based Social Engineering Mobile-based Social Engineering Using SMS Social Engineering Through Impersonation on Social Networking Sites Identify Theft Social Engineering Countermeasures How to Detect Phishing Emails Identity Theft Countermeasures Social Engineering Pen Testing Social Engineering Toolkit
Page | 10
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Denial of Service
Denial of Service (DoS) is an attack on a computer or network that prevents legitimate use of its resources. The topics highlighted in red under CEHv8 Module 10: Denial-of-Service are the new additions. CEHv7 Module 10: Denial of Service What Is a Denial of Service Attack? What Are Distributed Denial of Service Attacks? Symptoms of a DoS Attack DoS Attack Techniques Botnet Botnet Ecosystem DDoS Attack Tools DoS Attack Tools Detection Techniques DoS/DDoS Countermeasure Techniques to Defend against Botnets Advanced DDoS Protection Appliances Denial of Service (DoS) Attack Penetration Testing CEHv8 Module 10: Denial-of-Service What Is a Denial of Service Attack? What Are Distributed Denial of Service Attacks? Symptoms of a DoS Attack DoS Attack Techniques Botnet Botnet Ecosystem Botnet Trojans DDoS Attack Tools DoS Attack Tools Detection Techniques DoS/DDoS Countermeasure Techniques to Defend against Botnets Advanced DDoS Protection Appliances Denial of Service (DoS) Attack Penetration Testing Latest DDoS and DoS attack tools added Latest DoS/DDoS Protection Tools added
Page | 11
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Session Hijacking
Session Hijacking refers to the exploitation of a valid computer session where an attacker takes over a session between two computers. The topics highlighted in red under CEHv8 Module 11: Session Hijacking are the new additions. CEHv7 Module 11: Session Hijacking What Is Session Hijacking? Why Session Hijacking Is Successful? Key Session Hijacking Techniques Brute Forcing Attack Session Hijacking Process Types of Session Hijacking Application Level Session Hijacking Session Sniffing Man-in-the-Middle Attack Network Level Session Hijacking TCP/IP Hijacking Session Hijacking Tools Protecting against Session Hijacking IPsec Architecture Session Hijacking Pen Testing CEHv8 Module 11: Session Hijacking
What Is Session Hijacking? Why Session Hijacking Is Successful? Key Session Hijacking Techniques Brute Forcing Attack Session Hijacking Process Types of Session Hijacking Application Level Session Hijacking Session Sniffing Man-in-the-Middle Attack Network Level Session Hijacking TCP/IP Hijacking Session Hijacking Tools Protecting against Session Hijacking IPsec Architecture Session Hijacking Pen Testing Latest Session Hijacking Tools Added
Page | 12
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Hacking Webservers
Web server pen testing is used to identify, analyze, and report vulnerabilities such as authentication weaknesses, configuration errors, protocol related vulnerabilities, etc. in a web server. The topics highlighted in red under CEHv8 Module 12: Hacking Webservers are the new additions. CEHv7 Module 11: Session Hijacking IIS Webserver Architecture Why Web Servers are Compromised? Impact of Webserver Attacks Webserver Attacks Webserver Attack Methodology Webserver Attack Tools Metasploit Architecture Web Password Cracking Tool Countermeasures How to Defend Against Web Server Attacks Patch Management Patch Management Tools Webserver Pen Testing CEHv8 Module 11: Session Hijacking IIS Webserver Architecture Why Web Servers are Compromised? Impact of Webserver Attacks Webserver Attacks Webserver Attack Methodology Webserver Attack Tools Metasploit Architecture Web Password Cracking Tool Countermeasures How to Defend Against Web Server Attacks How to Defend against HTTP Response Splitting and Web Cache Poisoning Patch Management Patch Management Tools Latest Webserver Security Tools Added Latest Webserver Pen Testing Tools Added Webserver Pen Testing
Page | 13
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Page | 14
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
SQL Injection
SQL Injection is the most common website vulnerability on the Internet. It is a flaw in Web Applications and not a database or web server issue. The topics highlighted in red under CEHv8 Module 14: SQL Injection are the new additions. CEHv7 Module 14: SQL Injection
SQL Injection SQL Injection Attacks SQL Injection Detection SQL Injection Attack Characters Testing for SQL Injection Types of SQL Injection Blind SQL Injection SQL Injection Methodology Advanced SQL Injection Password Grabbing Network Reconnaissance Using SQL Injection SQL Injection Tools Evasion Technique How to Defend Against SQL Injection Attacks SQL Injection Detection Tools
Page | 15
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Page | 16
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
CEHv8 Module 17: Evading IDS, Firewalls, and Honeypots Ways to Detect an Intrusion Types of Intrusion Detection Systems General Indications of Intrusions Firewall Architecture Types of Firewall Firewall Identification
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
How to Set Up a Honeypot Intrusion Detection Tools How Snort Works Firewalls Honeypot Tools Evading IDS Evading Firewalls Detecting Honeypots Firewall Evasion Tools Packet Fragment Generators Countermeasures Firewall/IDS Penetration Testing
How to Set Up a Honeypot Latest Intrusion Detection Tools Added How Snort Works Firewalls Latest Honeypot Tools Added Evading IDS Evading Firewalls Detecting Honeypots Latest Firewall Evasion Tools Added Packet Fragment Generators Countermeasures Firewall/IDS Penetration Testing 1 more Lab Added
Page | 18
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Buffer Overflow
A generic buffer overflow occurs when a program tries to store more data in a buffer than it was intended to hold. The topics highlighted in red under CEHv8 Module 18: Buffer Overflow are the new additions. CEHv7 Module 17: Buffer Overflow Heap-Based Buffer Overflow Knowledge Required to Program Buffer Overflow Exploits Buffer Overflow Steps Overflow Using Format String Buffer Overflow Examples How to Mutate a Buffer Overflow Exploit Identifying Buffer Overflows How to Detect Buffer Overflows in a Program BoF Detection Tools Defense Against Buffer Overflows Buffer Overflow Security Tools Buffer Overflow Penetration Testing CEHv8 Module 18: Buffer Overflow Heap-Based Buffer Overflow Why Are Programs and Applications Vulnerable to Buffer Overflows? Knowledge Required to Program Buffer Overflow Exploits Buffer Overflow Steps Overflow Using Format String Buffer Overflow Examples How to Mutate a Buffer Overflow Exploit Identifying Buffer Overflows How to Detect Buffer Overflows in a Program Latest BoF Detection Tools Added Defense Against Buffer Overflows Programming Countermeasures Latest Buffer Overflow Security Tools Added Buffer Overflow Penetration Testing
Page | 19
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Cryptography
Cryptography is the conversion of data into a scrambled code that is decrypted and sent across a private or public network. The topics highlighted in red under CEHv8 Module 19: Cryptography are the new additions. CEHv7 Module 18: Cryptography Cryptography Encryption Algorithms Ciphers What Is SSH (Secure Shell)? Cryptography Tools Public Key Infrastructure (PKI) Certification Authorities Digital Signature Disk Encryption Disk Encryption Tool Cryptography Attacks Code Breaking Methodologies Cryptanalysis Tools Online MD5 Decryption Tools CEHv8 Module 19: Cryptography Cryptography Encryption Algorithms Ciphers What Is SSH (Secure Shell)? Latest Cryptography Tools Added Public Key Infrastructure (PKI) Certification Authorities Digital Signature Disk Encryption Disk Encryption Tool Cryptography Attacks Code Breaking Methodologies Latest Cryptanalysis Tools Added Online MD5 Decryption Tools 2 more Labs Added
Page | 20
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.
Exam 312-50
Penetration Testing
Penetration testing assesses the security model of the organization as a whole. It reveals potential consequences of a real attacker breaking into the network. The topics highlighted in red under CEHv8 Module 20: Penetration Testing are the new additions. CEHv7 Module 19: Penetration Testing Security Assessments Vulnerability Assessment What Should be Tested? ROI on Penetration Testing Types of Penetration Testing Common Penetration Testing Techniques Pre-Attack Phase Attack Phase Post-Attack Phase Penetration Testing Deliverable Templates Pen Testing Roadmap Web Application Testing Outsourcing Penetration Testing Services CEHv8 Module 20: Penetration Testing Security Assessments Vulnerability Assessment Introduction to Penetration Testing Comparing Security Audit, Vulnerability Assessment, and Penetration Testing What Should be Tested? ROI on Penetration Testing Types of Penetration Testing Common Penetration Testing Techniques Pre-Attack Phase Attack Phase Post-Attack Phase Penetration Testing Deliverable Templates Pen Testing Roadmap Web Application Testing Outsourcing Penetration Testing Services
Page | 21
Certified Ethical Hacker Copyright by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.