Menu
Enquire Now

Certified Ethical Hacker (CEH) Training Course.

Certified Ethical Hacker (CEH) Training Course.

Introduction

The Certified Ethical Hacker (CEH) certification is designed for individuals who want to pursue a career in ethical hacking and penetration testing. This 5-day intensive training course covers essential topics in ethical hacking, including network scanning, footprinting, vulnerability analysis, malware analysis, and more. Participants will learn how to legally and ethically test and exploit network systems, helping organizations identify and fix security vulnerabilities before they can be exploited by malicious hackers. The course prepares participants for the CEH exam (312-50), which is required to become a certified ethical hacker.

Course Objectives

By the end of this training, participants will:

  1. Gain a comprehensive understanding of ethical hacking concepts and techniques.
  2. Learn how to perform penetration testing and vulnerability assessments on network systems.
  3. Understand the legal and ethical aspects of hacking, including risk management and compliance.
  4. Develop skills in footprinting, scanning networks, exploiting vulnerabilities, and evading detection.
  5. Be fully prepared to take the CEH (312-50) exam and pursue a career in ethical hacking and cybersecurity.

Who Should Attend?

This course is ideal for:

  • Security professionals, network administrators, and IT auditors who want to expand their knowledge in ethical hacking.
  • Individuals preparing for the CEH (312-50) certification exam.
  • Penetration testers, security consultants, and security researchers seeking to formalize their expertise in ethical hacking.
  • Professionals looking to learn legal and ethical penetration testing techniques to improve network security.

Day 1: Introduction to Ethical Hacking and Reconnaissance

  • Session 1: Overview of Ethical Hacking

    • What is ethical hacking? Understanding the role of an ethical hacker
    • Legal and ethical aspects of hacking: The laws and regulations surrounding penetration testing
    • The CEH exam overview: Topics covered, study strategies, and resources
    • Common cyber-attacks: Examples of famous hacking incidents and techniques

  • Session 2: Information Gathering and Footprinting

    • Footprinting: What it is and how it helps in ethical hacking
    • Tools for information gathering: Whois, nslookup, Google hacking, and DNS interrogation
    • Active and passive reconnaissance methods: Gathering data without alerting the target
    • Analyzing data obtained from reconnaissance to plan further attacks

  • Session 3: Scanning and Enumeration

    • Scanning networks: Identifying open ports, services, and potential vulnerabilities
    • Tools for scanning: Nmap, Nessus, and OpenVAS
    • Enumeration techniques: Gathering more detailed information from network services
    • Scanning for vulnerabilities in live networks and understanding risk implications

Day 2: System Hacking and Malware Analysis

  • Session 4: Gaining Access to Systems

    • Techniques for system exploitation: Password cracking, exploiting system vulnerabilities, and social engineering
    • Tools for gaining unauthorized access: Metasploit, Netcat, and Hydra
    • Techniques for bypassing firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS)
    • Post-exploitation techniques: Maintaining access and covering tracks

  • Session 5: Malware Analysis and Detection

    • Types of malware: Viruses, worms, Trojans, ransomware, and rootkits
    • Analyzing malware behavior: Static and dynamic analysis
    • Malware analysis tools: Sandboxes, Wireshark, and PE Studio
    • Techniques for detecting and removing malware from a network or system

  • Session 6: Privilege Escalation and Escaping Detection

    • Privilege escalation techniques: Exploiting vulnerabilities to gain higher system privileges
    • Using rootkits, keyloggers, and other tools to maintain persistence
    • Evading detection: Stealth techniques to avoid IDS/IPS, firewalls, and antivirus software
    • Anti-forensics techniques: Covering tracks and avoiding logs

Day 3: Web Application Hacking and Network Attacks

  • Session 7: Web Application Vulnerabilities and Exploitation

    • Common web application vulnerabilities: SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection
    • Tools for web application testing: Burp Suite, OWASP ZAP, and Nikto
    • Exploiting web application vulnerabilities: How attackers manipulate web apps
    • Defending against web application attacks: Secure coding practices and Web Application Firewalls (WAF)

  • Session 8: Wireless Network Hacking

    • Wireless security protocols: WEP, WPA, WPA2, and WPA3
    • Hacking wireless networks: Cracking WEP, WPA, and WPA2 passwords using tools like Aircrack-ng
    • Wireless sniffing and eavesdropping: Capturing packets with Wireshark and other tools
    • Wireless attacks: Man-in-the-middle (MITM) attacks, Evil Twin attacks, and denial of service (DoS)

  • Session 9: Network Attacks and Mitigation

    • Types of network attacks: DoS, DDoS, and spoofing
    • Tools for launching network attacks: LOIC, Metasploit, and DDos tools
    • Mitigation strategies: Intrusion detection systems (IDS), firewalls, rate limiting, and anti-DDoS measures
    • Detecting and defending against network-based attacks

Day 4: Advanced Exploitation, Social Engineering, and Cloud Security

  • Session 10: Advanced Exploitation Techniques

    • Buffer overflow attacks and heap spraying
    • Exploiting web servers, databases, and network protocols
    • Advanced use of Metasploit for penetration testing and post-exploitation
    • Developing custom exploits: Creating and executing custom payloads

  • Session 11: Social Engineering and Phishing

    • Social engineering tactics: Pretexting, baiting, and phishing
    • Conducting phishing campaigns: Email spoofing, spear-phishing, and vishing (voice phishing)
    • Social engineering in physical security: Dumpster diving, tailgating, and impersonation
    • Defending against social engineering attacks: Awareness training and security policies

  • Session 12: Cloud Security and Attacks

    • Cloud computing models: IaaS, PaaS, SaaS, and security considerations in the cloud
    • Cloud-based attacks: Account hijacking, insecure APIs, and cloud misconfigurations
    • Tools for testing cloud environments: AWS CloudTrail, Azure Security Center
    • Securing cloud infrastructures: Implementing best practices for cloud security

Day 5: Exam Review, Ethical Hacking Tools, and Final Preparation

  • Session 13: Ethical Hacking Tools and Technologies

    • Overview of key ethical hacking tools: Kali Linux, Wireshark, Burp Suite, Metasploit
    • Hands-on use of tools for scanning, exploiting, and maintaining access
    • Practical demonstrations of hacking techniques and tools

  • Session 14: Legal and Ethical Considerations in Ethical Hacking

    • The ethical responsibilities of an ethical hacker: Boundaries and limitations
    • Understanding the laws and regulations surrounding penetration testing: GDPR, HIPAA, and other data protection laws
    • Reporting findings: Creating clear, concise, and actionable reports for clients

  • Session 15: Final Exam Preparation

    • Review of key concepts covered in the CEH exam: Vulnerability analysis, network security, web application hacking, and penetration testing methodologies
    • Practice exam questions: Review common exam question types and strategies
    • Final Q&A session to clarify doubts and reinforce key concepts
    • Tips and strategies for passing the CEH exam

Durations

5 Days

Location

Dubai
Category