SYLLABUS
SESSION 1: BASIC NETWORKING
- Introduction to the term Networking
- Types of Network
- OSI Model
- Client/Server Configuration
- Topologies
- Media (Guided Media)
- IP Address (IPv4, IPv6)
- VLSM, CIDR, Subnetting (Network/Host)
- Devices
- Protocols
- TCP/IP Applications and Services
SESSION 2: LINUX ADMINISTRATION
Topics to be covered:
- Introduction of Linux
- History of Linux & Unix
- Installation of RHEL-6 & 7
- Directory Structure
- Basic Commands
- VI Editor
- Permissions
- Users & Groups
- I/O Redirectors
- Hardlink and Softlink
- Compression/Decompression, Backup and Scheduling Tasks
SESSION 3: LINUX COMMANDS
Topics to be covered:
- Filter commands
- Finding and processing files
- Process commands
- Analyzing logs
- Exploring virtual file system (Proc)
SESSION 4: INTRODUCTION TO ETHICAL HACKING
Topics to be covered:
- The module briefs about information security, information security threats and attack vectors.
- Discusses various hacking concepts, type and phases.
- Addresses the pre-requisites to become an ethical hacker and also the scope and limitations of ethical hacking
- Discusses various information security controls such as Information Assurance (IA), Defense-in-path, security policies, physical security, risk management, threat modelling, incident management, AI/ML, Etc.
- Addresses the penetration testing process and security testing methodology
- Discusses various information security acts and laws
SESSION 5: FOOTPRINTING AND RECONNAISSANCE
Topics to be covered:
- Discusses footprinting terminologies.
- Briefs on the footprinting methodologies such as footprinting through search engines, web services, social networking sites, social engineering, website footprinting, Email footprinting, competitive intelligence gathering, whois footprinting, DNS footprinting, etc.
- Provides an assessment of various footprinting tools used to collect information regarding a system or network.
- Discusses various footprinting countermeasures to defend against footprinting attacts.
- Describes various penetration testing steps involved in footprinting.
SESSION 6: SCANNING NETWORKS
Topics to be covered:
- Discusses network scanning concepts
- The module briefs on scanning methodology used to identify the hosts, ports, and services in a network that includes:
- Checking for live systems and ports using various scanning techniques
- Identifying services using various scanning techniques
- IDS/firewall evasion techniques
- Banner grabbing/OS fingerprinting
- Drawing network diagrams of the vulnerable hosts
- Provides an assessment of various scanning tools used to collect information regarding hosts, ports, and services in a network
- Discusses various IP spoofing detection techniques
- Discusses various penetration testing steps used to scan the network
SESSION 7: ENUMERATION
Topics to be covered:
- This module explains the process of extracting user names, machine names, network resources, shares, and services from a system
- Describes the techniques for enumeration such as NetBIOS Enumeration, SNMP enumeration, LDAP enumeration, NTP enumeration, SMTP enumeration, DNS enumeration, IPsec enumeration, VoIP enumeration, RPC enumeration, and Unix/Linux user enumeration
- Lists the enumeration tools that can be used to extract the data
- Discusses various enumeration countermeasures to defend against enumeration attacks
- Assesses various penetration testing steps used to extract the data from a system
SESSION 8: VULNERABILITY ANALYSIS
Topics to be covered:
- Discusses vulnerability assessment concepts
- Briefs the working of vulnerability scanning solutions and criteria for choosing those tools
- Describes the importance of vulnerability scoring systems in vulnerability assessment
- Lists various tools used to perform vulnerability assessment
- Discusses how to generate and analyze vulnerability assessment reports
SESSION 9: SYSTEM HACKING
Topics to be covered:
- Describes the CEH system hacking process which is classified into three stages: gaining access (by cracking passwords and escalating privileges), maintaining access (executing applications and hiding files), and clearing logs (covering tracks)
- Explains the hacking tools (keyloggers, spywares, and rootkits, etc.) that aid the hacking process
- Discusses various steganography techniques for hiding a secret message
- Explains various steganalysis methods and steganography detection tools
- Presents the countermeasures that can be applied at every stage to prevent an attack on the system
- Discusses various penetration testing steps
SESSION 10: MALWARE THREATS
Topics to be covered:
- Discusses various malware and malware propagation techniques
- Discusses Trojans and viruses, their types, and how they infect files/systems
- Lists some of the latest Trojans that are used to infect a system
- Discusses worms that can compromise a business or system’s security
- Explains the static and dynanic malware analysis process
- Briefs on the various methods of virus detection
- Discusses various countermeasures to defend against malware attacks
- Lists anti-malware tools
- Assesses various malware penetration testing steps
SESSION 11: SNIFFING
Topics to be covered:
- Briefs about the basic concepts of sniffing network and various types of sniffing
- Discusses various sniffing techniques such as MAC attack, DHCP attack, ARP poisoning, DNS poisoning, etc.
- Discusses on how to defend against various sniffing attacks
- Features various sniffing tools and explains how an attacker hacks a network using them
- Lists a number of countermeasures to defend against sniffing
- Explains various sniffing detection methods and tools
- Discusses various penetration testing steps
SESSION 12: SOCIAL ENGINEERING
Topics to be covered:
- Introduces social engineering concepts and various attack phases
- Describes the different types of social engineering with examples
- Explains various types of insider threats
- Explains in detail how impersonation on social engineering sites is carried out
- Briefs how attackers obtain and exploit personally identifiable information and authenticate themselves, in order to impersonate victim
- Lists various social engineering, insider threats, and identity theft countermeasures
- Lists anti-phishing tools to detect phishing emails and websites
- Tabulates common social engineering tactics and proposes combat strategies to prevent such attacks
- Talks about social engineering penetration testing
SESSION 13: DENIAL-OF-SERVICE
Topics to be covered:
- This module explains DoS/DDoS attacks, the classification of DoS/DDoS attacks, and various attack techniques
- Discusses Botnets, the types of bots, and how they infect the system
- Demonstrates various tools to perform DoS and DDoS attacks
- Discusses various techniques to detect, prevent, and mitigate DoS/DDoS attacks
- Briefs about various post-attack forensic methods
- Explains various techniques to defend against botnets
- Lists various DoS/DDoS protection tools
- Explains countermeasures to prevent DoS/DDoS attacks and pen testing steps
SESSION 14: SESSION HIJACKING
Topics to be covered:
- This module explains session hijacking concepts
- Discusses about network and application level session hijacking
- Explains various session hijacking tools
- Explains various session hijacking detection methods and tools
- Explains countermeasures to prevent session hijacking attacks
- Discusses various approaches vulnerable to session hijacking and their preventative solutions
- Discusses various penetration testing steps involved in session hijacking
SESSION 15: EVADING IDS, FIREWALLS, AND HONEYPOTS
Topics to be covered:
- This module gives an introduction to IDS, firewall and honeypot concepts and types
- Demonstrates various IDS, firewall and honeypot solutions
- Describes various IDS and firewall evasion techniques
- Explains various techniques to detect and defeat honeypots
- Lists various IDS/firewall evasion tools and honeypot detection tools
- Discusses the countermeasures to defend against IDS/firewall evasion
- Discusses various penetration testing steps involved in in firewall/IDS penetration testing
SESSION 16: HACKING WEB SERVERS
- Explains open source web server and IIS architecture
- Discusses various reasons why web servers are compromised
- Demonstrates various key web server attack techniques and tools
- Discusses about web server attack methodology and tools
- Discusses various methods to detect web server hacking attempts
- Explains countermeasures to prevent web server attacks
- Explains what is patch management and associated concepts
- Lists various web server security tools
- Discusses various penetration testing steps involved in web server pen testing
SESSION 17: HACKING WEB APPLICATIONS
- This module gives an introduction to web application architecture and demonstrates how web applications work?
- Lists and explains various web application threats and attacks
- Explains web application hacking methodology
- Demonstrates various web application hacking tools
- Discusses countermeasures to defend against web application attacks
- Demonstrates various web application security tools
- Discusses various penetration testing steps and tools involved in web application pen testing
SESSION 18: SQL INJECTION
- This module gives an introduction to SQL Injection and threats from SQL injection attacks
- Explains various types of SQL injection attacks with examples
- Explains SQL injection methodology
- Demonstrates various SQL injection and detection tools
- Explains various evasion techniques
- Explains countermeasures to prevent SQL injection attacks
SESSION 19: HACKING WIRELESS NETWORKS
- The module gives an introduction to wireless terminologies, types, standards, etc.
- Discusses the types of wireless encryption and their working
- Lists and explains various wireless threats
- Describes wireless hacking methodology
- Demonstrates various wireless hacking tools
- Discusses about Bluetooth hacking, threats, and Bluetooth hacking tools
- Discusses how to defend against wireless attacks
- Illustrates various wireless security tools
- Discusses various penetration testing steps and tools involved in wireless penetration testing
SESSION 20: HACKING MOBILE PLATFORMS
- This module discusses mobile platform attack vectors in detail and explores app sandboxing issues
- Discusses Android OS architecture briefly and demonstrates hacking android OS using various tools
- Illustrates working of various Android Trojans and guidelines for securing Android devices
- Gives a brief knowledge on jailbreaking iOS, its types, techniques and tools required for jailbreaking
- Illustrates various iOS Trojans and guidelines for securing iOS devices
- Discusses about different mobile spyware
- Explains about mobile device management and solutions for mobile device management
- Lists guidelines for BYOD security
- Provides brief knowledge on mobile security guidelines and lists various mobile security tools
- Discusses various penetration testing steps involved in pen testing for Android phones and iPhones
SESSION 21: IOT HACKING
- This module gives an introduction to IoT concepts
- Briefs about various IoT challenges and security problems
- Discusses about various IoT threats and attack surface areas
- Tabulates various IoT attacks in different sectors
- Discusses the IoT hacking methodology and various IoT hacking tools
- Discusses various countermeasures to prevent IoT hacking
- Explains security considerations for IoT framework
- Lists various IoT security tools
- Discusses various steps involved in IoT pen testing
SESSION 22: CLOUD COMPUTING
- Briefs about the basic concepts of cloud computing and various types of cloud computing services
- Explains the importance of virtualization in cloud computing
- Lists and explains various threats of cloud computing
- Discusses various cloud computing attacks
- Briefs about various cloud computing security considerations
- Discusses best practices for securing cloud
- Discusses various cloud security tools
- Explains various key considerations for pen testing in the cloud
- Discusses various steps involved in cloud penetration testing
SESSION 23: CRYPTOGRAPHY
- This module gives an introduction to cryptography concepts
- Discusses the types of cryptography and their working process
- Discusses about ciphers and its types
- Explains various encryption algorithms with examples
- Discusses various hashing algorithms and lists various hash calculators
- Lists and features various cryptography tools
- Explains Public Key Infrastructure (PKI) and its components
- Discusses email encryption, disk encryption, and cryptography attacks
- Briefs various cryptanalysis methods and lists various cryptanalysis tools
- Explains how to defend against cryptographic attacks