APTECH COMPUTER EDUCATION – KHARTOUM - SUDAN

Course Outline
Certified Ethical Hacker (CEH v5)
Introduction to Ethical Hacking, Ethics, and Legality

- Understanding Ethical Hacking Terminology

- Identifying Different Types of Hacking Technologies
- Understanding the Different Phases Involved in Ethical
Hacking and Listing the Five Stages of Ethical Hacking
o Phase 1: Passive and Active Reconnaissance
o Phase 2: Scanning
o Phase 3: Gaining Access
o Phase 4: Maintaining Access
o Phase 5: Covering Tracks

- What Is Hacktivism?
- Listing Different Types of Hacker Classes
- Ethical Hackers and Crackers—Who Are They?
- What Do Ethical Hackers Do?
- Goals Attackers Try to Achieve Security, Functionality,
and Ease of Use Triangle
- Defining the Skills Required to Become an Ethical
Hacker
- What Is Vulnerability Research?
- Describing the Ways to Conduct Ethical Hacking
- Creating a Security Evaluation Plan
- Types of Ethical Hacks
- Testing Types
- Ethical Hacking Report
- Understanding the Legal Implications of Hacking
- Understanding 18 U.S.C. § 1029 and 1030 U.S. Federal
Law

Footprinting and Social Engineering

- Footprinting
- Define the Term Footprinting
- Describe the Information Gathering Methodology
- Describe Competitive Intelligence
- Understand DNS Enumeration
- Understand Whois and ARIN Lookups
- Identify Different Types of DNS Records
- Understand How Traceroute Is Used in Footprinting
- Understand How E-Mail Tracking Works
- Understand How Web Spiders Work
 APTECH COMPUTER EDUCATION – KHARTOUM - SUDAN

- Social Engineering
- What Is Social Engineering?
- What Are the Common Types Of Attacks?
- Understand Insider Attacks
- Understand Identity Theft
- Describe Phishing Attacks
- Understand Online Scams
- Understand URL Obfuscation
- Social-Engineering Countermeasures

Scanning and Enumeration

- Scanning
- Define the Terms Port Scanning, Network Scanning,
and Vulnerability Scanning
- Understand the CEH Scanning Methodology
- Understand Ping Sweep Techniques
- Understand Nmap Command Switches
- Understand SYN, Stealth, XMAS, NULL, IDLE, and FIN
Scans
- List TCP Communication Flag Types
- Understand War-Dialing Techniques
- Understand Banner Grabbing and OS Fingerprinting
Techniques
- Understand How Proxy Servers Are Used in Launching
an Attack
- How Do Anonymizers Work?
- Understand HTTP Tunneling Techniques
- Understand IP Spoofing Techniques
-
Enumeration
- What Is Enumeration?
- What Is Meant by Null Sessions?
- What Is SNMP Enumeration?
- Windows 2000 DNS Zone Transfer
- What Are the Steps Involved in Performing
Enumeration?
-
System Hacking
- Understanding Password-Cracking Techniques
- Understanding the LanManager Hash
- Cracking Windows 2000 Passwords
- Redirecting the SMB Logon to the Attacker
- SMB Redirection
- SMB Relay MITM Attacks and Countermeasures
- NetBIOS DoS Attacks
- Password-Cracking Countermeasures
- Understanding Different Types of Passwords
 APTECH COMPUTER EDUCATION – KHARTOUM - SUDAN

- Passive Online Attacks

- Active Online Attacks
- Offline Attacks
- Nonelectronic Attacks
- Understanding Keyloggers and Other Spyware
Technologies
- Understand Escalating Privileges
- Executing Applications
- Buffer Overflows
- Understanding Rootkits
- Planting Rootkits on Windows 2000 and XP Machines
- Rootkit Embedded TCP/IP Stack
- Rootkit Countermeasures
- Understanding How to Hide Files
- NTFS File Streaming
- NTFS Stream Countermeasures
- Understanding Steganography Technologies
- Understanding How to Cover Your Tracks and Erase
Evidence
- Disabling Auditing
- Clearing the Event Log

Trojans, Backdoors, Viruses, and Worms

- Trojans and Backdoors
- What Is a Trojan?
- What Is Meant by Overt and Covert Channels?
- List the Different Types of Trojans
- How Do Reverse-Connecting Trojans Work?
- Understand How the Netcat Trojan Works
- What Are the Indications of a Trojan Attack?
- What Is Meant by “Wrapping”?
- Trojan Construction Kit and Trojan Makers
- What Are the Countermeasure Techniques in
Preventing Trojans?
- Understand Trojan-Evading Techniques
- System File Verification Subobjective to Trojan
Countermeasures
- Viruses and Worms
- Understand the Difference between a Virus and a Worm
- Understand the Types of Viruses
- Understand Antivirus Evasion Techniques
- Understand Virus Detection Methods

Sniffers
- Understand the Protocols Susceptible to Sniffing
- Understand Active and Passive Sniffing
- Understand ARP Poisoning
 APTECH COMPUTER EDUCATION – KHARTOUM - SUDAN

- Understand Ethereal Capture and Display Filters

- Understand MAC Flooding
- Understand DNS Spoofing Techniques
- Describe Sniffing Countermeasures

Denial of Service and Session Hijacking

- Denial of Service
- Understand the Types of DoS Attacks
- Understand How DDoS Attacks Work
- Understand How BOTs/BOTNETs Work
- What Is a “Smurf” Attack?
- What Is “SYN” Flooding?
- Describe the DoS/DDoS Countermeasures
- Session Hijacking
- Understand Spoofing vs. Hijacking
- List the Types of Session Hijacking
- Understand Sequence Prediction
- What Are the Steps in Performing Session Hijacking?
- Describe How You Would Prevent Session Hijacking
-

Hacking Web Servers, Web Application Vulnerabilities, and Web-

Based Password Cracking Techniques
- Hacking Web Servers
- List the Types of Web Server Vulnerabilities
- Understand the Attacks against Web Servers
- Understand IIS Unicode Exploits
- Understand Patch Management Techniques
- Describe Web Server Hardening Methods
- Web Application Vulnerabilities
- Understanding How Web Applications Work
- Objectives of Web Application Hacking
- Anatomy of an Attack
- Web Application Threats
- Understand Google Hacking
- Understand Web Application Countermeasures
- Web-Based Password Cracking Techniques
- List the Authentication Types
- What Is a Password Cracker?
- How Does a Password Cracker Work?
- Understand Password Attacks: Classification
- Understand Password-Cracking Countermeasures
-
SQL Injection and Buffer Overflows
- SQL Injection
- What Is SQL Injection?
- Understand the Steps to Conduct SQL Injection
 APTECH COMPUTER EDUCATION – KHARTOUM - SUDAN

- Understand SQL Server Vulnerabilities

- Describe SQL Injection Countermeasures
- Buffer Overflows
- Identify the Different Types of Buffer Overflows and
Methods of Detection
- Overview of Stack-Based Buffer Overflows
- Overview of Buffer Overflow Mutation Techniques

Wireless Hacking
- Overview of WEP, WPA Authentication Mechanisms, and
Cracking Techniques
- Overview of Wireless Sniffers and Locating SSIDs, MAC
Spoofing
- Understand Rogue Access Points
- Understand Wireless Hacking Techniques
- Describe the Methods Used to Secure Wireless
Networks
-
Physical Security
- Physical Security Breach Incidents
- Understanding Physical Security
- What Is the Need for Physical Security?
- Who Is Accountable for Physical Security?
- Factors Affecting Physical Security
-
Linux Hacking
- Linux Basics
- Understand How to Compile a Linux Kernel
- Understand GCC Compilation Commands
- Understand How to Install Linux Kernel Modules
- Understand Linux Hardening Methods

Evading IDSs, Honeypots, and Firewalls

- List the Types of Intrusion Detection Systems and
- Evasion Techniques
- List the Firewall Types and Honeypot Evasion
Techniques

Cryptography
- Overview of Cryptography and Encryption Techniques
- Describe How Public and Private Keys Are Generated
- Overview of the MD5, SHA, RC4, RC5, and Blowfish
Algorithms
 APTECH COMPUTER EDUCATION – KHARTOUM - SUDAN

NOTE:
- CEH is not the study of hacking or hacking tools, but it
provides the candidate deeper knowledge that how the
hackers do exploit the networks, so that a security
professional can better understand the hackers mind to
prevent hacking and securing the networks. A variety of
hacking tools are demonstrated in the lab for proof of
concepts only.
- There are tons of hacking tools available in market for
achieving different hacking and anti-hacking goals; only few
of tools will be practice during the CEH training.

Pre-Requisites.
The CEH candidates should possess good knowledge of computer
networks, preferably as following
- In-depth knowledge of TCP/IP
- MCSA/MCSE level knowledge is preferable
Basics of Linux OS is a plus advantage

Duration: 40 hrs