The EC-Council Certified Ethical Hacker (CEH) v13 program is your gateway into the world of ethical hacking and offensive security. This intensive 5-day training is designed to equip cybersecurity professionals with the skills and mindset of malicious hackers — while teaching how to apply those techniques ethically, legally, and effectively.
CEH v13 is packed with 220+ hands-on labs, 3,500 advanced hacking tools, and a fully revamped syllabus aligned with today’s threat landscape. Learners will dive deep into malware analysis, network scanning, system and web app attacks, and much more — all in a real-world, performance-based environment.
Learning Outcomes
- Understand and apply the five phases of ethical hacking: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Tracks.
- Master tools and techniques used by real-world hackers to assess and secure systems.
- Analyze and counteract malware, ransomware, and advanced persistent threats (APT).
- Identify and exploit vulnerabilities in web applications, networks, and cloud environments.
- Prepare for the CEH exam with practical labs, case scenarios, and simulated real-world attacks.
-
Who Should Take This Course ?
Ideal for IT professionals, network admins, security officers, and anyone responsible for system integrity, this certification empowers you to anticipate threats, respond swiftly to incidents, and safeguard digital assets with confidence.
Take your cybersecurity career to the next level — master the hacker’s playbook, and outsmart cybercriminals from the inside out.
- Exam Information
- - Exam Title : Certified Ethical Hacker (ANSI)
- - Exam Code : 312-50 (ECC EXAM), 312-50 (VUE)
- - Number of Questions : 125
- - Duration : 4 Hours
- - Availability : ECC Exam Portal, VUE
- - Test Format : Multiple Choice
- - Passing Score : Please Refer EC-Council
Passing Score
This depends on the exam. Some of our exams state the exact passing score as a percentage required. Some of our exams' passing scores are based on the knowledge and skills needed to demonstrate competence in the subject matter and the difficulty of the questions that are delivered to a candidate.
The actual cut score (the number of items you need to answer correctly) is based on input from a group of subject-matter experts who review the diffculty of the questions in relation to the expected skills of the target audience. As a result, the number of items that you have to answer correctly varies depending on the difficulty of the questions delivered when you take the exam. This ensures that regardless of which combination of items you see, the evaluation of skills is fair. If you see a more difficult set of questions, the number of correct answers needed to pass is less than if you see an easier set of questions. As a result, providing a simple percent correct wouldn't provide useful information to someone who had to take the exam multiple times and saw different combinations of questions with different levels of difficulty.
Because the number of correct answers needed to pass varies based on the difficulty of the questions delivered, if you see a difficult combination of questions, your performance may actually be higher in relation to the passing standard even though you answered fewer questions (in other words, a lower percentage) correctly than if you saw an easier set of questions. Scaled scores simplify your ability to evaluate improvements in your performance over time. This is a standard practice across the certification and licensure industry.
-
Module 01: Introduction to Ethical Hacking
- Elements of Information Security
- Information Security Attacks: Motives, Goals, and Objectives
- Classification of Attacks
- Information Warfare
- What is Hacking?
- Who is a Hacker?
- Hacker and their Motivations
- What is Ethical Hacking?
- Why Ethical Hacking is Necessary
- Scope and Limitations of Ethical Hacking
- Skills of an Ethical Hacker
- AI-Driven Ethical Hacking
- How AI-Driven Ethical Hacking Helps Ethical Hacker?
- Myth: AI will Replace Ethical Hackers
- ChatGPT-Powered AI Tools for Ethical Hackers
- CEH Ethical Hacking Framework
- Cyber Kill Chain Methodology
- Adversary Behavioral Identification
- Indicators of Compromise (IoCs)
- Categories of Indicators of Compromise
- MITRE ATT&CK Framework
- Diamond Model of Intrusion Analysis
- Information Assurance (IA)
- Continual/Adaptive Security Strategy
- Defense-in-Depth
- What is Risk?
- Risk Management
- Cyber Threat Intelligence
- Threat Intelligence Lifecycle
- Threat Modeling
- Incident Management
- Incident Handling and Response
- Role of AI and ML in Cyber Security
- How Do AI and ML Prevent Cyber Attacks?
- Payment Card Industry Data Security Standard (PCI DSS)
- ISO/IEC Standards
- Health Insurance Portability and Accountability Act (HIPAA)
- Sarbanes Oxley Act (SOX)
- The Digital Millennium Copyright Act (DMCA)
- The Federal Information Security Management Act (FISMA)
- General Data Protection Regulation (GDPR)
- Data Protection Act 2018 (DPA)
- Cyber Law in Different Countries
Information Security Overview
Hacking Concepts
Ethical Hacking Concepts
Hacking Methodologies and Frameworks
Information Security Controls
Information Security Laws and Standards
-
Module 02: Footprinting and Reconnaissance
- Reconnaissance
- Types of Footprinting/Reconnaissance
- Information Obtained in Footprinting
- Objectives of Footprinting
- Footprinting Threats
- Footprinting Methodology
- Footprinting Using Advanced Google Hacking Techniques
- What can a Hacker Do with Google Hacking?
- Footprinting Using Advanced Google Hacking Techniques with AI
- Google Hacking Database
- VPN Footprinting through Google Hacking Database
- VPN Footprinting through Google Hacking Database with AI
- Footprinting through SHODAN Search Engine
- Other Techniques for Footprinting through Search Engines
- Finding a Company’s Top-Level Domains (TLDs) and Sub-domains
- Finding a Company’s Top-Level Domains (TLDs) and Sub-domains with AI
- Extracting Website Information from https://archive.org
- Footprinting through People Search Services
- Footprinting through Job Sites
- Dark Web Footprinting
- Searching the Dark Web with Advanced Search Parameters
- Determining the Operating System
- Competitive Intelligence Gathering
- Other Techniques for Footprinting through Internet Research Services
- People Search on Social Networking Sites
- Gathering Information from LinkedIn
- Harvesting Email Lists
- Harvesting Email Lists with AI
- Analyzing Target Social Media Presence
- Tools for Footprinting through Social Networking Sites
- Footprinting through Social Networking Sites with AI
- Whois Lookup
- Finding IP Geolocation Information
- Extracting DNS Information
- DNS Lookup with AI
- Reverse DNS Lookup
- Locate the Network Range
- Traceroute
- Traceroute with AI
- Traceroute Analysis
- Traceroute Tools
- Tracking Email Communications
- Collecting Information from Email Header
- Email Tracking Tools
- Collecting Information through Social Engineering on Social Networking Sites
- Collecting Information Using Eavesdropping, Shoulder Surfing, Dumpster Diving, and Impersonation
- AI-Powered OSINT Tools
- Create and Run Custom Python Script to Automate Footprinting Tasks with AI
- Footprinting Countermeasures
- Port Scanning Techniques
- TCP Connect/Full-Open Scan
- Stealth Scan (Half-Open Scan)
- Inverse TCP Flag Scan
- Xmas Scan
- TCP Maimon Scan
- ACK Flag Probe Scan
- IDLE/IPID Header Scan
- UDP Scan
- SCTP INIT Scan
- SCTP COOKIE ECHO Scan
- SSDP and List Scan
- IPv6 Scan
- Port Scanning with AI
- Service Version Discovery
- Service Version Discovery with AI
- Nmap Scan Time Reduction Techniques
- Packet Fragmentation
- Source Routing
- Source Port Manipulation
- IP Address Decoy
- IP Address Spoofing
- MAC Address Spoofing
- Creating Custom Packets
- Randomizing Host Order and Sending Bad Checksums
- Proxy Servers
- Proxy Chaining
- Proxy Tools
- Anonymizers
- Censorship Circumvention Tools
- Ping Sweep Countermeasures
- Port Scanning Countermeasures
- Banner Grabbing Countermeasures
- IP Spoofing Detection Techniques
- IP Spoofing Countermeasures
- Scanning Detection and Prevention Tools
Footprinting Concepts
Footprinting through Search Engines
Footprinting through Internet Research Services
Footprinting through Social Networking Sites
Who is Footprinting
DNS Footprinting
Network and Email Footprinting
Footprinting through Social Engineering
Footprinting Tasks using Advanced Tools and AI
Port and Service Discovery
OS Discovery (Banner Grabbing/OS Fingerprinting)
Network Scanning Countermeasures
-
Module 03: Enumeration
- What is Enumeration?
- Techniques for Enumeration
- Services and Ports to Enumerate
- NetBIOS Enumeration Tools
- Enumerating User Accounts
- Enumerating Shared Resources Using Net View
- NetBIOS Enumeration using AI
- Working of SNMP
- Management Information Base (MIB)
- Enumerating SNMP using SnmpWalk
- Enumerating SNMP using Nmap
- SNMP Enumeration Tools
- SNMP Enumeration with SnmpWalk and Nmap using AI
- Manual and Automated LDAP Enumeration
- LDAP Enumeration Tools
- NTP Enumeration
- NTP Enumeration Commands
- NTP Enumeration Tools
- NFS Enumeration
- NFS Enumeration Tools
- SMTP Enumeration
- SMTP Enumeration using Nmap
- SMTP Enumeration using Metasploit
- SMTP Enumeration Tools
- SMTP Enumeration using AI
- DNS Enumeration Using Zone Transfer
- DNS Cache Snooping
- DNSSEC Zone Walking
- DNS Enumeration Using OWASP Amass
- DNS and DNSSEC Enumeration Using Nmap
- DNS Enumeration with Nmap Using AI
- DNS Cache Snooping using AI
- IPsec Enumeration
- IPsec Enumeration with AI
- VoIP Enumeration
- RPC Enumeration
- Unix/Linux User Enumeration
- SMB Enumeration
- SMB Enumeration with AI
- Create and Run Custom Script to Automate Network Enumeration Tasks with AI
- SNMP, LDAP, NFS, SMTP, SMB and DNS Enumeration Countermeasures
Enumeration Concepts
NetBIOS Enumeration
SNMP Enumeration
LDAP Enumeration
NTP and NFS Enumeration
SMTP and DNS Enumeration
Other Enumeration Techniques
Enumeration Countermeasures
-
Module 04 :
- Vulnerability Classification
- Vulnerability Scoring Systems and Databases
- Common Vulnerability Scoring System (CVSS)
- Common Vulnerabilities and Exposures (CVE)
- National Vulnerability Database (NVD)
- Common Weakness Enumeration (CWE)
- Vulnerability-Management Life Cycle
- Pre-Assessment Phase
- Vulnerability Assessment Phase
- Post Assessment Phase
- Vulnerability Research
- Resources for Vulnerability Research
- Vulnerability Scanning and Analysis
- Types of Vulnerability Scanning
- Comparing Approaches to Vulnerability Assessment
- Characteristics of a Good Vulnerability Assessment Solution
- Working of Vulnerability Scanning Solutions
- Types of Vulnerability Assessment Tools
- Choosing a Vulnerability Assessment Tool
- Criteria for Choosing a Vulnerability Assessment Tool
- Best Practices for Selecting Vulnerability Assessment Tools
- Vulnerability Assessment Tools
- AI-Powered Vulnerability Assessment Tools
- Vulnerability Assessment using AI
- Vulnerability Scan using Nmap with AI
- Vulnerability Assessment using Python Script with AI
- Vulnerability Scan using Skipfish with AI
- Vulnerability Assessment Reports
- Components of a Vulnerability Assessment Report
Vulnerability Assessment Concepts
Vulnerability Assessment Tools
Vulnerability Assessment Reports
-
Module 05: System Hacking
- Cracking Passwords.
- Vulnerability Exploitation
- Privilege Escalation
- Privilege Escalation Using DLL Hijacking
- Privilege Escalation by Exploiting Vulnerabilities
- Privilege Escalation Using Dylib Hijacking
- Privilege Escalation Using Spectre and Meltdown Vulnerabilities
- Privilege Escalation Using Named Pipe Impersonation
- Privilege Escalation by Exploiting Misconfigured Services
- Pivoting and Relaying to Hack External Machines
- Privilege Escalation Using Misconfigured NFS
- Privilege Escalation by Bypassing User Account Control (UAC)
- Privilege Escalation by Abusing Boot or Logon Initialization Scripts
- Privilege Escalation by Modifying Domain Policy
- Retrieving Password Hashes of Other Domain Controllers Using DCSync Attack
- Privilege Escalation by Abusing Active Directory Certificate Services (ADCS)
- Other Privilege Escalation Techniques
- Privilege Escalation Tools
- How to Defend against Privilege Escalation
- Tools for Defending against DLL and Dylib Hijacking
- Defending against Spectre and Meltdown Vulnerabilities
- Tools for Detecting Spectre and Meltdown Vulnerabilities
- Executing Applications
- Hiding Files
- Establishing Persistence
- Covering Tracks
- Disabling Auditing: Auditpol
- Clearing Logs
- Manually Clearing Event Logs
- Ways to Clear Online Tracks
- Covering BASH Shell Tracks
- Covering Tracks on a Network
- Covering Tracks on an OS
- Delete Files using Cipher.exe
- Disable Windows Functionality
- Deleting Windows Activity History
- Deleting Incognito History
- Hiding Artifacts in Windows, Linux, and macOS
- Anti-forensics Techniques
- Track-Covering Tools
- Defending against Covering Tracks
Gaining Access
Gaining Access
Maintaining Access
Clearing Logs
-
Module 06: Malware Threats
- Introduction to Malware.
- Different Ways for Malware to Enter a System.
- Common Techniques Attackers Use to Distribute Malware on the Web.
- Components of Malware.
- Potentially Unwanted Application or Applications (PUAs).
- What are Advanced Persistent Threats?
- Characteristics of Advanced Persistent Threats
- Advanced Persistent Threat Lifecycle
- What is a Trojan?
- How Hackers Use Trojans
- Common Ports used by Trojans
- Types of Trojans
- Remote Access Trojans
- Backdoor Trojans
- Botnet Trojans
- Rootkit Trojans
- E-banking Trojans
- Working of E-banking Trojans
- Point-of-Sale Trojans
- Defacement Trojans
- Service Protocol Trojans
- Mobile Trojans
- IoT Trojans
- Security Software Disabler Trojans
- Destructive Trojans
- DDoS Trojans
- Command Shell Trojans
- How to Infect Systems Using a Trojan
- Creating a Trojan
- Employing a Dropper or Downloader
- Employing a Wrapper
- Employing a Crypter
- Propagating and Deploying a Trojan
- Exploit Kits
- Introduction to Viruses
- Stages of Virus Lifecycle
- Working of Viruses
- How does a Computer Get Infected by Viruses?
- Types of Viruses
- How to Infect Systems Using a Virus
- Propagating and Deploying a Virus
- Ransomware
- How to Infect Systems Using a Ransomware: Creating Ransomware
- Computer Worms
- How to Infect Systems Using a Worm
- Worm Makers
- What is Fileless Malware?
- Taxonomy of Fileless Malware Threats
- How does Fileless Malware Work?
- Launching Fileless Malware through Document Exploits
- Launching Fileless Malware through In-Memory Exploits
- Launching Fileless Malware through Script-based Injection
- Launching Fileless Malware by Exploiting System Admin Tools
- Launching Fileless Malware through Phishing
- Launching Fileless Malware through Windows Registry
- Maintaining Persistence with Fileless Techniques
- Fileless Malware
- Fileless Malware Obfuscation Techniques to Bypass Antivirus
- What is Sheep Dip Computer?
- Antivirus Sensor Systems
- Introduction to Malware Analysis
- Malware Analysis Procedure
- Preparing Testbed
- Static Malware Analysis
- Finding the Portable Executables (PE) Information
- Finding the Portabl
- Local and Online Malware Scanning
- Identifying File Dependencies
- Malware Disassembly
- Performing Strings Search
- Analyzing ELF Executable Files
- Identifying Packing/Obfuscation Methods
- Analyzing Mach Object (Mach-O) Executable Files
- Analyzing Malicious MS Office Documents
- Analyzing Suspicious PDF Document
- Analyzing Suspicious Documents Using YARA
- Dynamic Malware Analysis
- Port Monitoring
- Process Monitoring
- Process Monitoring
- Windows Services Monitoring
- Startup Programs Monitoring
- Event Logs Monitoring/Analysis
- Installation Monitoring
- Files and Folders Monitoring
- Device Drivers Monitoring
- Network Traffic Monitoring/Analysis
- DNS Monitoring/Resolution
- API Calls Monitoring
- System Calls Monitoring
- Scheduled Tasks Monitoring
- Browser Activity Monitoring
- Virus Detection Methods
- Malware Code Emulation
- Malware Code Instrumentation
- Trojan Analysis: Coyote
- Virus Analysis: GhostLocker 2.0
- Fileless Malware Analysis: PyLoose
- AI-based Malware Analysis: FakeGPT
- Trojan Countermeasures
- Backdoor Countermeasures
- Virus and Worm Countermeasures
- Fileless Malware Countermeasures
- AI-based Malware Countermeasures
- Adware Countermeasures
- Adware Countermeasures
- APT Countermeasures
- Anti-Trojan Software
- Antivirus Software
- Fileless Malware Detection Tools
- Fileless Malware Protection Tools
- AI-Powered Malware Detection and Analysis Tools
- Endpoint Detection and Response (EDR/XDR) Tools
Malware Concepts
APT Concepts
Trojan Concepts
Virus and Worm Concepts
Fileless Malware Concepts
Malware Analysis
Malware Countermeasures
Anti-Malware Software
-
Module 08: Sniffing
- Network Sniffing
- How a Sniffer Works
- Types of Sniffing
- How an Attacker Hacks the Network Using Sniffers
- Protocols Vulnerable to Sniffing
- Sniffing in the Data Link Layer of the OSI Model
- Hardware Protocol Analyzers
- SPAN Port
- Wiretapping
- Lawful Interception
- MAC Address
- CAM Table
- How CAM Works
- What Happens when a CAM Table is Full?
- MAC Flooding
- Switch Port Stealing
- How to Defend against MAC Attacks
- How DHCP Works
- DHCP Request/Reply Messages
- IPv4 DHCP Packet Format
- DHCP Starvation Attack
- Rogue DHCP Server Attack
- DHCP Attack Tools
- How to Defend Against DHCP Starvation and Rogue Server Attacks
- What Is Address Resolution Protocol (ARP)?
- ARP Spoofing Attack
- Threats of ARP Poisoning
- ARP Spoofing/Poisoning Tools
- How to Defend Against ARP Poisoning
- Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches
- ARP Spoofing Detection Tools
- MAC Spoofing/Duplicating
- MAC Spoofing Technique: Windows
- MAC Spoofing Tools
- IRDP Spoofing
- VLAN Hopping
- STP Attack
- How to Defend Against MAC Spoofing
- How to Defend Against VLAN Hopping
- How to Defend Against STP Attacks
- DNS Poisoning Techniques
- Intranet DNS Spoofing
- Internet DNS Spoofing
- Proxy Server DNS Poisoning
- DNS Cache Poisoning
- DNS Poisoning Tools
- How to Defend Against DNS Spoofing
- Wireshark
- Follow TCP Stream in Wireshark
- Display Filters in Wireshark
- Additional Wireshark Filters
- Sniffing Tools
- How to Defend Against Sniffing
- How to Detect Sniffing
- Sniffer Detection Techniques
- Promiscuous Detection Tools
Sniffing Concepts
Sniffing Technique: MAC Attacks
Sniffing Technique: DHCP Attacks
Sniffing Technique: ARP Poisoning
Sniffing Technique: Spoofing Attacks
Sniffing Technique: DNS Poisoning
Sniffing Tools
Sniffing Countermeasures
-
Module 09: Social Engineering
- What is Social Engineering?
- Types of Social Engineering
- Impersonation
- Impersonation (Vishing)
- Eavesdropping
- Shoulder Surfing
- Dumpster Diving
- Reverse Social Engineering
- Piggybacking
- Tailgating
- Diversion Theft
- Honey Trap
- Baiting
- Quid Pro Quo
- Elicitation
- Bait and Switching
- Phishing
- Examples of Phishing Emails
- Types of Phishing
- Phishing Tools
- Crafting Phishing Emails with ChatGPT
- Other Techniques for Computer-based Social Engineering
- Perform Impersonation using AI: Create Deepfake Videos
- Perform Impersonation using AI: Voice Cloning
- Perform Impersonation on Social Networking Sites
- Identity Theft
- Publishing Malicious Apps
- Repackaging Legitimate Apps
- Fake Security Applications
- SMiShing (SMS Phishing)
- QRLJacking
- How to Defend against Phishing Attacks?
- Identity Theft Countermeasures
- Voice Cloning Countermeasures
- Deepfake Attack Countermeasures
- How to Detect Phishing Emails?
- Anti-Phishing Toolbar
- Common Social Engineering Targets and Defense Strategies
- Audit Organization's Security for Phishing Attacks using OhPhish
Social Engineering Concepts
Human-based Social Engineering Techniques
Computer-based Social Engineering Techniques
Mobile-based Social Engineering Techniques
Social Engineering Countermeasures
-
Module 10: Denial-of-Service
- What is a DoS Attack?
- What is a DDoS Attack?
- How do DDoS Attacks Work?
- Botnets
- Organized Cyber Crime: Organizational Chart
- Botnets
- A Typical Botnet Setup
- Botnet Ecosystem
- Scanning Methods for Finding Vulnerable Machines
- How Does Malicious Code Propagate?
- DDoS Case Study
- DDoS Attack
- Hackers Advertise Links for Downloading Botnets
- Use of Mobile Devices as Botnets for Launching DDoS Attacks
- DDoS Case Study: HTTP/2 'Rapid Reset' Attack on Google Cloud
- Basic Categories of DoS/DDoS Attack Vectors
- DoS/DDoS Attack Techniques
- UDP Flood Attack
- ICMP Flood Attack
- Ping of Death Attack
- Smurf Attack
- Pulse Wave DDoS Attack
- Zero-Day DDoS Attack
- NTP Amplification Attack
- SYN Flood Attack
- Fragmentation Attack
- Spoofed Session Flood Attack
- HTTP GET/POST Attack
- Slowloris Attack
- UDP Application Layer Flood Attack
- Multi-Vector Attack
- Peer-to-Peer Attack
- Permanent Denial-of-Service Attack
- TCP SACK Panic Attack
- Distributed Reflection Denial-of-Service (DRDoS) Attack
- DDoS Extortion/Ransom DDoS (RDDoS) Attack
- DoS/DDoS Attack Toolkits in the Wild
- Detection Techniques
- DoS/DDoS Countermeasure Strategies
- DDoS Attack Countermeasures
- Protect Secondary Victims
- Detect and Neutralize Handlers
- Prevent Potential Attacks
- Deflect Attacks
- Mitigate Attacks
- Post-Attack Forensics
- Techniques to Defend against Botnets
- Additional DoS/DDoS Countermeasures
- DoS/DDoS Protection at ISP Level
- Enabling TCP Intercept on Cisco IOS Software
- Advanced DDoS Protection Appliances
- DoS/DDoS Protection Tools
- DoS/DDoS Protection Services
DoS/DDoS Concepts
DoS/DDoS Attack Techniques
DoS/DDoS Attack Countermeasures
-
Module 11: Session Hijacking
- What is Session Hijacking?
- Why is Session Hijacking Successful?
- Session Hijacking Process
- Packet Analysis of a Local Session
- Hijack
- Types of Session Hijacking
- Session Hijacking in OSI Model
- Spoofing vs. Hijacking
- Compromising Session IDs Using Sniffing
- Compromising Session IDs by Predicting Session Token
- How to Predict a Session Token
- Compromising Session IDs Using Man-in-the-Middle/Manipulator-in-the-Middle
- Compromising Session IDs Using Man-in-the-Browser/Manipulator-in-the-Browser
- Compromising Session IDs Using Client-side Attacks
- Compromising Session IDs Using Client-side Attacks: Cross-site Script Attack
- Compromising Session IDs Using Client-side Attacks: Cross-site Request Forgery
- Compromising Session IDs Using Session Replay Attacks
- Compromising Session IDs Using Session Fixation
- Session Hijacking Using Proxy Servers
- Session Hijacking Using CRIME Attack
- Session Hijacking Using Forbidden Attack
- Session Hijacking Using Session Donation Attack
- Three-way Handshake
- TCP/IP Hijacking
- IP Spoofing: Source Routed Packets
- RST Hijacking
- Blind Hijacking
- UDP Hijacking
- MITM Attack Using Forged ICMP and ARP Spoofing
- PetitPotam Hijacking
- Hetty
- Caido
- bettercap
- Session Hijacking Detection Methods
- Protecting against Session Hijacking
- Web Development Guidelines to Prevent Session Hijacking
- Web User Guidelines to Prevent Session Hijacking
- Session Hijacking Detection Tools
- Approaches to Prevent Session Hijacking
- Approaches to Prevent MITM Attacks
- IPsec
- Session Hijacking Prevention Tools
Session Hijacking Concepts
Application-Level Session Hijacking
Network-Level Session Hijacking
Session Hijacking Tools
Session Hijacking Countermeasures
-
Module 12: Evading IDS, Firewalls, and Honeypots
- Intrusion Detection System (IDS)
- Intrusion Prevention System (IPS)
- How an IDS Detects an Intrusion?
- General Indications of Intrusions
- Types of Intrusion Detection Systems
- Types of IDS Alerts
- Firewall
- Firewall Architecture
- Demilitarized Zone (DMZ)
- Types of Firewalls
- Packet Filtering Firewall
- Circuit-Level Gateway Firewall
- Application-Level Firewall
- Stateful Multilayer Inspection Firewall
- Application Proxy
- Network Address Translation (NAT)
- Virtual Private Network
- Next-Generation Firewalls (NGFWs)
- Firewall Limitations
- Intrusion Detection using YARA Rules
- Intrusion Detection Tools
- Intrusion Prevention Tools
- Firewalls
- IDS/Firewall Evasion Techniques
- IDS/Firewall Identification
- IP Address Spoofing
- Source Routing
- Tiny Fragments
- Bypass Blocked Sites Using an IP Address in Place of a URL
- Bypass Blocked Sites Using Anonymous Website Surfing Sites
- Bypass an IDS/Firewall Using a Proxy Server
- Bypassing an IDS/Firewall through the ICMP Tunneling Method
- Bypassing an IDS/Firewall through the ACK Tunneling method
- Bypassing an IDS/Firewall through the HTTP Tunneling Method
- Bypassing Firewalls through the SSH Tunneling Method
- Bypassing Firewalls through the DNS Tunneling Method
- Bypassing an IDS/Firewall through External Systems
- Bypassing an IDS/Firewall through MITM Attacks
IDS, IPS, and Firewall Concepts
IDS, IPS, and Firewall Solutions
Evading IDS/Firewalls
-
Module 13: Hacking Web Servers
- Web Server Operations
- Web Server Security Issues
- Why are Web Servers Compromised?
- Apache Web Server Architecture
- Apache Vulnerabilities
- IIS Web Server Architecture
- IIS Vulnerabilities
- NGINX Web Server Architecture
- NGINX Vulnerabilities
- DNS Server Hijacking
- DNS Amplification Attack
- Directory Traversal Attacks
- Website Defacement
- Web Server Misconfiguration
- HTTP Response-Splitting Attack
- Web Cache Poisoning Attack
- SSH Brute Force Attack
- FTP Brute Force with AI
- HTTP/2 Continuation Flood Attack
- Frontjacking Attack
- Other Web Server Attacks
- Information Gathering
- Information Gathering from Robots.txt File
- Web Server Footprinting/Banner Grabbing
- Web Server Footprinting Tools
- Web Server Footprinting with AI
- Web Server Footprinting using Netcat with AI
- IIS Information Gathering using Shodan
- Abusing Apache mod_userdir to Enumerate User Accounts
- Enumerating Web Server Information Using Nmap
- Finding Default Credentials of Web Server
- Finding Default Content of Web Server
- Directory Brute Forcing
- Directory Brute Forcing with AI
- Vulnerability Scanning
- NGINX Vulnerability Scanning using Nginxpwner
- Finding Exploitable Vulnerabilities
- Finding Exploitable Vulnerabilities with AI
- Session Hijacking
- Web Server Password Hacking
- Using Application Server as a Proxy
- Path Traversal via Misconfigured NGINX Alias
- Web Server Attack Tools
- Place Web Servers in Separate Secure Server Security Segment on Network
- Countermeasures: Patches and Updates
- Countermeasures: Protocols and Accounts
- Countermeasures: Files and Directories
- Detecting Web Server Hacking Attempts
- How to Defend against Web Server Attacks
- How to Defend against HTTP Response-Splitting and Web Cache Poisoning
- How to Defend against DNS Hijacking
- Web Application Security Scanners
- Web Server Security Scanners
- Web Server Malware Infection Monitoring Tools
- Web Server Security Tools
- Web Server Pen Testing Tools
- Patches and Hotfixes
- What is Patch Management?
- Installation of a Patch
- Patch Management Best Practices
- Patch Management Tools
Web Server Concepts
Web Server Attacks
Web Server Attack Methodology
Web Server Attack Tools
Web Server Attack Countermeasures
Patch Management
-
Module 14: Hacking Web Applications
- Introduction to Web Applications
- Web Application Architecture
- Web Services
- Vulnerability Stack
- Web Application Threats
- OWASP Top 10 Application Security Risks – 2021
- Other Web Application Attacks
- Footprint Web Infrastructure
- Analyze Web Applications
- Bypass Client-side Controls
- Attack Authentication Mechanism
- Attack Authorization Schemes
- Attack Access Controls
- Attack Session Management Mechanism
- Perform Injection/Input Validation Attacks
- Attack Application Logic Flaws
- Attack Shared Environments
- Attack Database Connectivity
- Attack Web Application Client
- Attack Web Services
Web Application Concepts
Web Application Attacks
Web Application Hacking Methodology
-
Module 15: SQL Injection
- What is SQL Injection?
- SQL Injection and Server-side Technologies
- Understanding HTTP POST Request
- Understanding Normal SQL Query
- Understanding an SQL Injection Query
- Understanding an SQL Injection Query—Code Analysis
- Example of a Web Application Vulnerable to SQL Injection: BadProductList.aspx
- Example of a Web Application Vulnerable to SQL Injection: Attack Analysis
- Examples of SQL Injection
- In-Band SQL Injection
- Error Based SQL Injection
- Union SQL Injection
- Blind/Inferential SQL Injection
- Out-of-Band SQL injection
- Information Gathering and SQL Injection Vulnerability Detection
- Launch SQL Injection Attacks
- Advanced SQL Injection
- Evading IDS
- Types of Signature Evasion Techniques
- Evasion Techniques
- How to Defend Against SQL Injection Attacks
- Defenses in the Application
- Detecting SQL Injection Attacks
- SQL Injection Detection Tools
SQL Injection Concepts
Types of SQL Injection
SQL Injection Methodology
Evasion Techniques
SQL Injection Countermeasures
-
Module 16: Hacking Wireless Networks
- Wireless Terminology
- Wireless Networks
- Wireless Standards
- Service Set Identifier (SSID)
- Wi-Fi Authentication Process
- Types of Wireless Antennas
- Wireless Encryption
- Wireless Encryption
- Comparison of WEP, WPA, WPA2, and WPA3
- Issues with WEP, WPA, WPA2, and WPA3
- Access Control Attacks
- Integrity Attacks
- Confidentiality Attacks
- Availability Attacks
- Authentication Attacks
- Honeypot AP Attack
- Wormhole Attack
- Sinkhole Attack
- Inter-Chip Privilege Escalation/Wireless Co-Existence Attack
- Wi-Fi Discovery
- Wireless Traffic Analysis
- Launch of Wireless Attacks
- Wi-Fi Encryption Cracking
- Wireless Security Layers
- Defense Against WPA/WPA2/WPA3 Cracking
- Defense Against KRACK Attacks
- Defense Against aLTEr Attacks
- Detection and Blocking of Rogue APs
- Defense Against Wireless Attacks
- Wireless Intrusion Prevention Systems
- WIPS Deployment
- Wi-Fi Security Auditing Tools
- Wi-Fi IPSs
Wireless Concepts
Wireless Threats
Wireless Hacking Methodology
Wireless Attack Countermeasures
-
Module 17: Hacking Mobile Platforms
- Vulnerable Areas in Mobile Business Environment
- OWASP Top 10 Mobile Risks - 2024
- Anatomy of a Mobile Attack
- How a Hacker can Profit from Mobile Devices that are Successfully Compromised
- Mobile Attack Vectors and Mobile Platform Vulnerabilities
- Security Issues Arising from App Stores
- App Sandboxing Issues
- Mobile Spam
- SMS Phishing Attack (SMiShing) (Targeted Attack Scan)
- SMS Phishing Attack Examples
- Pairing Mobile Devices on Open Bluetooth and Wi-Fi Connections
- Agent Smith Attack
- Exploiting SS7 Vulnerability
- Simjacker: SIM Card Attack
- Call Spoofing
- OTP Hijacking/Two-Factor Authentication Hijacking
- OTP Hijacking Tools
- Camera/Microphone Capture Attacks
- Camera/Microphone Hijacking Tools
- Android OS
- Android Device Administration API
- Android Rooting
- Hacking Android Devices
- Securing Android Devices
- Apple iOS
- Jailbreaking iOS
- Hacking iOS Devices
- Securing iOS Devices
- Mobile Device Management (MDM)
- Mobile Device Management Solutions
- Bring Your Own Device (BYOD)
- BYOD Risks
- BYOD Policy Implementation
- BYOD Security Guidelines
- Mobile Security Guidelines
- Mobile Security Tools
Mobile Platform Attack Vectors
Hacking Android OS
Hacking iOS
Mobile Device Management
Mobile Security Guidelines and Tools
-
Module 18: IoT and OT Hacking
- IoT Concepts and Attacks
- IoT Hacking Methodology
- OT Concepts and Attacks
- OT Hacking Methodology
- OT Attack Countermeasures
IoT Hacking
OT Hacking
-
Module 19: Cloud Computing
- Introduction to Cloud Computing
- Types of Cloud Computing Services
- Shared Responsibilities in Cloud
- Cloud Deployment Models
- NIST Cloud Deployment Reference Architecture
- Cloud Storage Architecture
- Virtual Reality and Augmented Reality on Cloud
- Fog Computing
- Edge Computing
- Cloud vs. Fog Computing vs. Edge Computing
- Cloud Computing vs. Grid Computing
- Cloud Service Providers
- What is a Container?
- Containers Vs. Virtual Machines
- What is Docker?
- Container Orchestration
- What is Kubernetes?
- Clusters and Containers
- Container Security Challenges
- Container Management Platforms
- Kubernetes Platforms
- What is Serverless Computing?
- Serverless Vs. Containers
- Serverless Computing Frameworks
- OWASP Top 10 Cloud Security Risks
- OWASP Top 10 Kubernetes Risks
- OWASP Top 10 Serverless Security Risks
- Cloud Computing Threats
- Container Vulnerabilities
- Kubernetes Vulnerabilities
- Service Hijacking using Social Engineering
- Service Hijacking using Network Sniffing
- Side-Channel Attacks or Cross-guest VM Breaches
- Wrapping Attack
- Man-in-the-Cloud (MITC) Attack
- Cloud Hopper Attack
- Cloud Cryptojacking
- Cloudborne Attack
- Instance Metadata Service (IMDS) Attack
- Cache Poisoned Denial of Service (CPDoS)/Content Delivery Network (CDN) Cache Poisoning Attack
- Cloud Snooper Attack
- Golden SAML Attack
- Living Off the Cloud Attack (LotC)
- Other Cloud Attacks
- Cloud Malware
- Cloud Hacking
- Cloud Hacking Methodology
- Identifying Target Cloud Environment
- Discovering Open Ports and Services Using Masscan
- Vulnerability Scanning Using Prowler
- Identifying Misconfigurations in Cloud Resources Using CloudSploit
- Cleanup and Maintaining Stealth
- Enumerating S3 Buckets
- Enumerating S3 Buckets using SScanner
- Enumerating S3 Bucket Permissions using BucketLoot
- Enumerating S3 Buckets using CloudBrute
- Enumerating EC2 Instances
- Enumerating AWS RDS Instances
- Enumerating AWS Account IDs
- Enumerating IAM Roles
- Enumerating Weak IAM Policies Using Cloudsplaining
- Enumerating AWS Cognito
- Enumerating DNS Records of AWS Accounts using Ghostbuster
- Enumerating Serverless Resources in AWS
- Discovering Attack Paths using Cartography
- Discovering Attack Paths using CloudFox
- Identify Security Groups Exposed to the Internet
- AWS Threat Emulation using Stratus Red Team
- Gathering Cloud Keys Through IMDS Attack
- Exploiting Misconfigured AWS S3 Buckets
- Compromising AWS IAM Credentials
- Hijacking Misconfigured IAM Roles using Pacu
- Scanning AWS Access Keys using DumpsterDiver
- Exploiting Docker Containers on AWS using Cloud Container Attack Tool (CCAT)
- Exploiting Shadow Admins in AWS
- Gaining Access by Exploiting SSRF Vulnerabilities
- Attacks on AWS Lambda
- AWS IAM Privilege Escalation Techniques
- Creating Backdoor Accounts in AWS
- Maintaining Access and Covering Tracks on AWS Cloud Environment by Manipulating the CloudTrail Service
- Establishing Persistence on EC2 Instances
- Lateral Movement: Moving Between AWS Accounts and Regions
- AWSGoat: A Damn Vulnerable AWS Infrastructure
- Azure Reconnaissance Using AADInternals
- Identifying Azure Services and Resources
- Enumerating Azure Active Directory (AD) Accounts
- Identifying Attack Surface using Stormspotter
- Collecting Data from AzureAD and AzureRM using AzureHound
- Accessing Publicly Exposed Blob Storage using Goblob
- Identifying Open Network Security Groups (NSGs) in Azure
- Exploiting Managed Identities and Azure Functions
- Privilege Escalation Using Misconfigured User Accounts in Azure AD
- Creating Persistent Backdoors in Azure AD Using Service Principals
- Exploiting VNet Peering Connections
- AzureGoat – Vulnerable by Design Azure Infrastructure
- Enumerating GCP Resources using Google Cloud CLI
- Enumerating Google Cloud Storage Buckets using cloud_enum
- Enumerating Privilege Escalation Vulnerabilities using GCP Privilege Escalation Scanner
- Escalating Privileges of Google Storage Buckets using GCPBucketBrute
- Maintaining Access: Creating Backdoors with IAM Roles in GCP
- GCPGoat: Vulnerable by Design GCP Infrastructure
- Information Gathering using kubectl
- Enumerating Registries
- Container/Kubernetes Vulnerability Scanning
- Exploiting Docker Remote API
- Hacking Container Volumes
- LXD/LXC Container Group Privilege Escalation
- Post Enumeration on Kubernetes etcd
- Cloud Security Control Layers
- Cloud Security is the Responsibility of both Cloud Provider and Consumer
- Cloud Computing Security Considerations
- Placement of Security Controls in the Cloud
- Assessing Cloud Security using Scout Suite
- Best Practices for Securing the Cloud
- Best Practices for Securing AWS Cloud
- Best Practices for Securing Microsoft Azure
- Best Practices for Securing Google Cloud Platform
- NIST Recommendations for Cloud Security
- Security Assertion Markup Language (SAML)
- Cloud Network Security
- Cloud Security Controls
- Kubernetes Vulnerabilities and Solutions
- Serverless Security Risks and Solutions
- Best Practices for Container Security
- Best Practices for Docker Security
- Best Practices for Kubernetes Security
- Best Practices for Serverless Security
- Zero Trust Networks
- Organization/Provider Cloud Security Compliance Checklist
- International Cloud Security Organizations
- Shadow Cloud Asset Discovery Tools
- Cloud Security Tools
- Container Security Tools
- Kubernetes Security Tools
- Serverless Application Security Solutions
- Cloud Access Security Broker (CASB)
- CASB Solutions
- Next-Generation Secure Web Gateway (NG SWG)
Cloud Computing Concepts
Container Technology
Serverless Computing
Cloud Computing Threats
Cloud Attacks
Cloud Hacking
AWS Hacking
Microsoft Azure Hacking
Google Cloud Hacking
Container Hacking
Cloud Security
-
Module 20: Cryptography
- Cryptography
- Government Access to Keys (GAK)
- Ciphers
- Symmetric Encryption Algorithms
- Asymmetric Encryption Algorithms
- Message Digest (One-way Hash) Functions
- Message Digest Functions
- Message Digest Functions Calculators
- Multi-layer Hashing Calculators
- Hardware-Based Encryption
- Quantum Cryptography
- Other Encryption Techniques
- Cipher Modes of Operation
- Modes of Authenticated Encryption
- Cryptography Toolkits
- Public Key Infrastructure (PKI)
- Certification Authorities
- Signed Certificate (CA) vs. Self-Signed Certificate
- Digital Signature
- Secure Sockets Layer (SSL)
- Transport Layer Security (TLS)
- Pretty Good Privacy (PGP)
- GNU Privacy Guard (GPG)
- Web of Trust (WOT)
- Encrypting Email Messages in Outlook
- Signing/Encrypting Email Messages on Mac
- Encrypting/Decrypting Email Messages Using OpenPGP
- Email Encryption Tools
- Disk Encryption
- Disk Encryption Tools
- Disk Encryption Tools for Linux
- Disk Encryption Tools for macOS
- Blockchain
- Cryptanalysis Methods
- Cryptography Attacks
- Code Breaking Methodologies
- Brute-Force Attack
- Brute-Forcing VeraCrypt Encryption
- Meet-in-the-Middle Attack on Digital Signature Schemes
- Side-Channel Attack
- Hash Collision Attack
- DUHK Attack
- DROWN Attack
- Rainbow Table Attack
- Related-Key Attack
- Padding Oracle Attack
- Attacks on Blockchain
- Quantum Computing Risks
- Quantum Computing Attacks
- Cryptanalysis Tools
- Online MD5 Decryption Tools
- How to Defend Against Cryptographic Attacks
- Key Stretching
Cryptography Concepts and Encryption Algorithms
Cryptography Tools
Applications of Cryptography
Cryptanalysis
Cryptanalysis Tools
Cryptography Attack Countermeasures
Upon successfully passing the examination for this course, participants will be awarded a certificate, an example of which is shown below.
EC Council Certified Ethical Hacker (CEH) v13
-
Physical Class 3 Days
-
Online Class 3 Days
-
Language English, Malay