Certified Ethical Hacker

Course Outlines

Certified Ethical Hacker Days of Training: 5

Overview Lesson 1: Ethics and Legality Lesson 5: System Hacking
Why Security? Administrator Password Guessing
This class will immerse the student The Security, functionality and ease of Manual Password Cracking
into an interactive environment where use Triangle Algorithm
they will be shown how to scan, test, Can Hacking be Ethical? Automated Password Cracking
hack and secure their own systems. Essential Terminology. Password Types
Elements of Security. Types of Password Attacks
The lab intensive environment gives What does a Malicious Hacker do? Performing Automated Password
each student in-depth knowledge and Difference between Penetration Guessing
practical experience with the current Testing and Ethical Hacking. Password Sniffing
Hacker Classes. Password Cracking
essential security systems. Students What do Ethical Hackers do? Countermeasures
will begin by understanding how Skill Profile of an Ethical Hacker. Syskey Utility
perimeter defenses work and then be Modes of Ethical Hacking. Cracking NT/2000 Passwords
lead into scanning and attacking their Security Testing. SMBRelay Man-in-the-Middle
Deliverables. Scenario
own networks, no real network is Computer Crimes and Implications. SMBRelay Weaknesses and
harmed. Students then learn how Legal Perspective (US Federal Laws). Countermeasures
intruders escalate privileges and what Keystroke Loggers
Lesson 2: Footprinting Hiding Files
steps can be taken to secure a Defining Footprinting. Creating Alternate Data Streams
system. Students will also learn about Information Gathering Methodology. ADS creation and detection
Intrusion Detection, Policy Creation, Locate the Network Range. LADS (List Alternate Data
Hacking Tools Streams)
Social Engineering, DDoS Attacks,
NTFS Streams Countermeasures
Buffer Overflows and Virus Creation. Stealing Files Using Word
When a student leaves this intensive 5 Lesson 3: Scanning Documents
Definition of Scanning.
day class they will have hands on Field Code Countermeasures
Types of scanning
Steganography
understanding and experience in Objectives of Scanning Steganography Detection
Ethical Hacking. This course prepares Scanning Methodology Covering Tracks
Classification of Scanning
you for EC-Council Certified Ethical Hacking Tools
Disabling Auditing and clearing
Hacker exam 312-50. Event Logs
IPsec Scan Dump Event Log
NetScan Tools pro 2003 RootKit
OS Fingerprinting Planting the NT/2000 RootKit
At Course Completion Active Stack fingerprinting Rootkit Countermeasures
Passive Fingerprinting
Upon successful completion of this Proxy Servers Lesson 6: Trojans and Backdoors
course, students will have an Countermeasures Effect on Business
understanding of the following topics: What is a Trojan?
• Hacking ethics and legality. Lesson 4: Enumeration Overt and Covert Channels
Working of Trojans
• Footprinting. What is Enumeration?
Different Types of Trojans
• Scanning. NetBios Null Sessions
What Trojan Creators look for?
Null Session Countermeasures
• Enumeration. NetBIOS Enumeration
Different ways a Trojan can get
into a system
• System hacking. Simple Network Management Protocol
Indications of a Trojan Attack
• Trojans and backdoors. (SNMP) Enumeration
SNMP Enumeration Countermeasures
Some famous Trojans and ports
• Sniffers. Management Information Base (MIB)
used by them
How to determine which ports are
• Denial of Service. Windows 2000 DNS Zone Transfer
“Listening”?
Blocking Win 2k DNS Zone Transfer
• Social engineering. Enumerating User Accounts
Different Trojans found in the Wild
• Session hijacking. DumpReg
Wrappers
Packaging Tool : Wordpad
• Hacking web servers. Active Directory Enumeration and ICMP Tunneling
Countermeasures
• Web application vulnerabilities. Loki Countermeasures
Reverse WWW Shell – Covert
• Web-based password cracking Channels using HTTP
techniques. Process Viewer
• SQL injection. System File Verification
Anti-Trojan
• Hacking wireless networks. Reverse Engineering Trojans
• Viruses and worms. Backdoor Countermeasures
• Physical security.
• Linux hacking.
• Evading firewalls, IDS and honeypots.
• Buffer overflows.
• Cryptography.
• Penetration Testing.
Page 1 of 5 CEH

New Horizons of Syracuse, NY

Glacier Creek Office Park For more information, please contact:
6711 Towpath Road 315-449-3290
Suite 100 Email: info.syracuse@newhorizons.com
East Syracuse, NY 13057 Website: www.nhsyracuse.com

Certified Ethical Hacker (Continued)
Overview
This class will immerse the student
into an interactive environment where
they will be shown how to scan, test,
hack and secure their own systems.
The lab intensive environment gives
each student in-depth knowledge and
practical experience with the current
essential security systems. Students
will begin by understanding how
perimeter defenses work and then be
lead into scanning and attacking their
own networks, no real network is
harmed. Students then learn how
intruders escalate privileges and what
steps can be taken to secure a
system. Students will also learn about
Intrusion Detection, Policy Creation,
Social Engineering, DDoS Attacks,
Buffer Overflows and Virus Creation.
When a student leaves this intensive 5
day class they will have hands on
understanding and experience in
Ethical Hacking. This course prepares
you for EC-Council Certified Ethical
Hacker exam 312-50.
At Course Completion
Upon successful completion of this
course, students will have an
understanding of the following topics:
• Hacking ethics and legality.
• Footprinting.
• Scanning.
• Enumeration.
• System hacking.
• Trojans and backdoors.
• Sniffers.
• Denial of Service.
• Social engineering.
• Session hijacking.
• Hacking web servers.
• Web application vulnerabilities.
• Web-based password cracking
techniques.
• SQL injection.
• Hacking wireless networks.
• Viruses and worms.
• Physical security.
• Linux hacking.
• Evading firewalls, IDS and honeypots.
• Buffer overflows.
• Cryptography.
• Penetration Testing.
Page 2 of 5 CEH
New Horizons of Syracuse, NY
Glacier Creek Office Park
6711 Towpath Road
Suite 100
East Syracuse, NY 13057
Certified Ethical Hacker
Lesson 7: Sniffers
Definition of sniffing
How a Sniffer works?
Passive Sniffing
Active Sniffing
Man-in-the-Midle Attacks
Spoofing and Sniffing Attacks
ARP Poisoning and countermeasures
Network Probe
Sniffing Countermeasures
Lesson 8: Denial of Service
What is Denial of Service?
Goal of DoS(Denial of Service)
Impact and Modes of Attack
DoS Attack Classification
Buffer Overflow Attacks
Distributed DOS Attacks and
Characteristics
Agent Handler Model
IRC-Based DDoS Attack Model
DDoS Attack taxonomy
DDoS Tools
Reflected DOS Attacks
Reflection of the Exploit
Countermeasures for Reflected DoS
DDoS Countermeasures
Defensive Tool: Zombie Zapper
Worms: Slammer and MyDoom.B
Lesson 9: Social Engineering
What is Social Engineering?
Art of Manipulation
Human Weakness
Common Types of Social Engineering
Human Based Impersonation
Example of social engineering
Computer Based Social Engineering
Reverse Social Engineering
Policies and procedures
Security Policies-checklist
Lesson 10: Session Hijacking
Understanding Session Hijacking
Spoofing vs Hijacking
Steps in Session Hijacking
Types of Session Hijacking
TCP Concepts 3 Way Handshake
Sequence numbers
Remote TCP Session Reset Utility
Dangers Posed by Session Hijacking
Protection against Session Hijacking
Countermeasures: IP Security
For more information, please contact:
315-449-3290
Email: info.syracuse@newhorizons.com
Website: www.nhsyracuse.com
Course Outlines
Days of Training: 5
Lesson 11: Hacking Web Servers
How Web Servers Work?
How are Web Servers
Compromised?
Popular Web Servers and
Common Security Threats
Apache Vulnerability
Attack against IIS
IIS Components
Sample Buffer Overflow
Vulnerabilities
ISAPI.DLL Exploit
Code Red and ISAPI.DLL Exploit
Unicode
Unicode Directory Traversal
Vulnerability
Msw 3prt IPP Vulnerability
IPP Buffer Overflow
Countermeasures
Unspecified Executed Path
Vulnerability
File System Traversal
Countermeasures
WebDAV/ ntdll.dll Vulnerability
RPCDCOM Vulnerability
ASN Exploits
IIS Logs
Network Tool: Log Analyzer
Hacking Tool: Clean IISLog
Escalating Privileges on IIS
Microsoft IIS 5.0 - 5.1 remote
denial of service Exploit Tool
Microsoft Frontpage Server
Extensions fp30reg.dll Exploit Tool
GDI+ JPEG Remote Exploit Tool
Windows Task Scheduler Exploit
Tool
Microsoft Windows POSIX
Subsystem Local Privilege
Escalation Exploit Tool
Hot Fixes and Patches
Vulnerability Scanners
Network Tools
Countermeasures
Increasing Web Server Security
 Certified Ethical Hacker
Course Outlines

Certified Ethical Hacker (Continued) Days of Training: 5

Overview Lesson 12: Web Application Lesson 13: Web Based Password
This class will immerse the student Vulnerabilities Cracking Techniquesq
Web Application Set-up Authentication- Definition
into an interactive environment where Web Application Hacking Authentication Mechanisms
they will be shown how to scan, test, Anatomy of an Attack HTTP Authentication
hack and secure their own systems. Web Application Threats Basic Authentication
The lab intensive environment gives Cross Site Scripting/XSS Flaws Digest Authentication
Countermeasures Integrated Windows (NTLM)
each student in-depth knowledge and SQL Injection Authentication
practical experience with the current Command Injection Flaws Negotiate Authentication
essential security systems. Students Countermeasures Certificate-based Authentication
Cookie/Session Poisoning Forms-based Authentication
will begin by understanding how Countermeasures Microsoft Passport Authentication
perimeter defenses work and then be Parameter/Form Tampering What is a Password Cracker?
lead into scanning and attacking their Buffer Overflow Modus Operandi of an Attacker
own networks, no real network is Countermeasures using Password Cracker
Directory Traversal/Forceful Browsing How does a Password Cracker
harmed. Students then learn how Countermeasures work?
intruders escalate privileges and what Cryptographic Interception Attacks- Classification
steps can be taken to secure a Authentication Hijacking Password Guessing
Countermeasures Query String
system. Students will also learn about Log Tampering Cookies
Intrusion Detection, Policy Creation, Error Message Interception Dictionary Maker
Social Engineering, DDoS Attacks, Attack Obfuscation
Platform Exploits Lesson 14: SQL Injection
Buffer Overflows and Virus Creation. Attacking SQL Servers
Internet Explorer Exploits
When a student leaves this intensive 5 DMZ Protocol Attacks SQL Server Resolution Service
day class they will have hands on DMZ (SSRS)
Countermeasures Osql-L Probing
understanding and experience in Port Scanning
Security Management Exploits
Ethical Hacking. This course prepares Web Services Attacks Sniffing, Brute Forcing and finding
you for EC-Council Certified Ethical Zero Day Attacks Application Configuration Files
Hacker exam 312-50. Network Access Attacks Database Scanner
TCP Fragmentation Input Validation Attack
Hacking Tools: Login Guessing & Insertion
Burp: Positioning Payloads Shutting Down SQL Server
At Course Completion Burp: Configuring Payloads and Extended Stored Procedures
Upon successful completion of this Content Enumeration SQL Server Talks
course, students will have an Burp Preventive Measures
understanding of the following topics: Burp Proxy: Intercepting HTTP/S
Traffic
• Hacking ethics and legality. Burp Proxy: Hex-editing of Intercepted
• Footprinting. Traffic
• Scanning. Burp Proxy: Browser Access to
Request History
• Enumeration. Carnivore
• System hacking. Google Hacking
• Trojans and backdoors.
• Sniffers.
• Denial of Service.
• Social engineering.
• Session hijacking.
• Hacking web servers.
• Web application vulnerabilities.
• Web-based password cracking
techniques.
• SQL injection.
• Hacking wireless networks.
• Viruses and worms.
• Physical security.
• Linux hacking.
• Evading firewalls, IDS and honeypots.
• Buffer overflows.
• Cryptography.
• Penetration Testing.

Page 3 of 5 CEH

New Horizons of Syracuse, NY

Glacier Creek Office Park For more information, please contact:
6711 Towpath Road 315-449-3290
Suite 100 Email: info.syracuse@newhorizons.com
East Syracuse, NY 13057 Website: www.nhsyracuse.com

Certified Ethical Hacker (Continued)
Overview
This class will immerse the student
into an interactive environment where
they will be shown how to scan, test,
hack and secure their own systems.
The lab intensive environment gives
each student in-depth knowledge and
practical experience with the current
essential security systems. Students
will begin by understanding how
perimeter defenses work and then be
lead into scanning and attacking their
own networks, no real network is
harmed. Students then learn how
intruders escalate privileges and what
steps can be taken to secure a
system. Students will also learn about
Intrusion Detection, Policy Creation,
Social Engineering, DDoS Attacks,
Buffer Overflows and Virus Creation.
When a student leaves this intensive 5
day class they will have hands on
understanding and experience in
Ethical Hacking. This course prepares
you for EC-Council Certified Ethical
Hacker exam 312-50.
At Course Completion
Upon successful completion of this
course, students will have an
understanding of the following topics:
• Hacking ethics and legality.
• Footprinting.
• Scanning.
• Enumeration.
• System hacking.
• Trojans and backdoors.
• Sniffers.
• Denial of Service.
• Social engineering.
• Session hijacking.
• Hacking web servers.
• Web application vulnerabilities.
• Web-based password cracking
techniques.
• SQL injection.
• Hacking wireless networks.
• Viruses and worms.
• Physical security.
• Linux hacking.
• Evading firewalls, IDS and honeypots.
• Buffer overflows.
• Cryptography.
• Penetration Testing.
Page 4 of 5 CEH
New Horizons of Syracuse, NY
Glacier Creek Office Park
6711 Towpath Road
Suite 100
East Syracuse, NY 13057
Certified Ethical Hacker
Lesson 15: Hacking Wireless Networks
Introduction to Wireless Networking
Business and Wireless Attacks
Wireless Basics
Components of Wireless Network
Types of Wireless Network
Setting up WLAN
Detecting a Wireless Network
How to access a WLAN
Advantages and Disadvantages of
Wireless Network
Antennas
SSIDs
Access Point Positioning
Rogue Access Points
What is Wireless Equivalent Privacy
(WEP)?
WEP Tool:
Related Technology and Carrier
Networks
MAC Sniffing and AP Spoofing
Terminology
Denial of Service Attacks
Man-in-the-Middle Attack (MITM)
Multi Use Tool: THC-RUT
Tool: WinPcap
Auditing Tool: bsd-airtools
WIDZ- Wireless Detection Intrusion
System
Securing Wireless Networks
Out of the box Security
Radius: Used as Additional layer in
security
Maximum Security: Add VPN to
Wireless LAN
Lesson 16: Virus and Worms
Virus Characteristics
Symptoms of ‘virus-like’ attack
What is a Virus Hoax?
Terminologies
How is a worm different from virus?
Indications of a Virus Attack
Virus History
Virus damage
Effect of Virus on Business
Access Methods of a Virus
Mode of Virus Infection
Life Cycle of a virus
What Virus Infect?
How virus infect?
Writing a simple virus program.
Writing DDOS Zombie Virus
Virus Construction Kits
Virus Creation Scripts
Virus Detection Methods
Virus Incident Response
What is Sheep Dip?
Prevention is better than Cure
Anti-Virus Software
Popular Anti-Virus packages
Virus Analyzers
For more information, please contact:
315-449-3290
Email: info.syracuse@newhorizons.com
Website: www.nhsyracuse.com
Course Outlines
Days of Training: 5
Lesson 17: Physical Security
Security statistics
Physical Security breach incidents
Understanding Physical Security
What is the need of Physical
Security?
Who is Accountable for Physical
Security?
Factors affecting Physical Security
Physical Security checklist
Company surroundings
Premises
Reception
Server
Workstation Area
Wireless Access Points
Other Equipments such as fax,
removable media etc
Access Control
Computer Equipment Maintenance
Wiretapping
Remote access
Lock Picking Techniques
Spying Technologies
Lesson 18: Linux Hacking
Why Linux?
Linux basics
Chrooting
Why is Linux Hacked?
Linux Vulnerabilities in 2003
How to apply patches to vulnerable
programs
Scanning Networks
Password cracking in Linux.
ipchains vs. ipfwadm
How to Organize Firewall Rules
Security Auditor’s Research
Assistant (SARA)
TCP Wrappers
Linux Loadable Kernel Modules
Rootkit countermeasures:
Advanced Intrusion Detection
System (AIDE)
Linux Security testing tools
NMap
LSOF
Netcat
Nemesis
Linux tools: Log and traffic
monitors:
Linux Security Auditing Tool
(LSAT)
Linux Security countermeasures
 Certified Ethical Hacker
Course Outlines

Certified Ethical Hacker (Continued) Days of Training: 5

Overview Lesson 19: Evading Firewalls, IDS and Lesson 21: Cryptography
Honeypots Public-key Cryptography
This class will immerse the student Working of Encryption
Intrusion Detection Systems
into an interactive environment where Ways to Detect Intrusion Digital Signature
they will be shown how to scan, test, Types of Intrusion Detection System Digital Certificate
hack and secure their own systems. Intrusion Detection Tools RSA (Rivest Shamir Adleman)
Steps to perform after an IDS detects RSA Attacks
The lab intensive environment gives Brute forcing RSA factoring
an intrusion
each student in-depth knowledge and Evading IDS systems Esoteric attack
practical experience with the current Tools to Evade IDS Chosen cipher text attack
Introduction to Firewalls Low encryption exponent attack
essential security systems. Students Error analysis
Firewall Identification
will begin by understanding how Firewalking Other attacks
perimeter defenses work and then be Banner Grabbing MD5
lead into scanning and attacking their Breaching Firewalls SHA (Secure Hash Algorithm)
Placing Backdoors through Firewalls SSL (Secure Socket Layer)
own networks, no real network is RC5
Hiding Behind Covert Channel: Loki
harmed. Students then learn how ACK tunneling What is SSH?
intruders escalate privileges and what Tools for testing IDS and Firewalls Government Access to Keys
Introduction to Honeypots (GAK)
steps can be taken to secure a RSA Challenge
Honeypot Project
system. Students will also learn about Types of Honeypots distributed.net
Intrusion Detection, Policy Creation, Honeypot: Specter PGP (Pretty Good Privacy)
Social Engineering, DDoS Attacks, Honeypot: Honeyd Code Breaking Methodologies
Honeypot: KFSensor Using Brute Force
Buffer Overflows and Virus Creation. Frequency Analysis
Hacking Tool: Sebek
When a student leaves this intensive 5 Tools to Detect Honeypot Trickery and Deceit
day class they will have hands on Send-Safe Honeypot Hunter One-Time Pad
Nessus Security Scanner Cryptography Attacks
understanding and experience in Disk Encryption
Ethical Hacking. This course prepares Lesson 20: Buffer Overflows Cracking S/MIME Encryption using
you for EC-Council Certified Ethical Significance of Buffer Overflow idle CPU Time
Hacker exam 312-50. Vulnerability Command Line Scriptor
Why are Programs/Applications
Vulnerable?
Buffer Overflows
At Course Completion Reasons for Buffer Overflow Attacks
Upon successful completion of this Knowledge required writing Buffer
course, students will have an Overflow Exploits
How a Buffer Overflow occurs?
understanding of the following topics: Understanding Stacks
• Hacking ethics and legality. Stack Implementation
• Footprinting. Stack based buffer overflow
Shellcode
• Scanning. Heap Based buffer overflow
• Enumeration. How to detect Buffer Overflows in a
• System hacking. Program?
Attacking a real program
• Trojans and backdoors. NOPS
• Sniffers. How to mutate a Buffer Overflow
• Denial of Service. Exploit? featuring ADMutate
Countermeasures
• Social engineering. Return Address Defender (RAD)
• Session hijacking. StackGuard
Immunix System
• Hacking web servers. Vulnerability Search - ICAT
• Web application vulnerabilities.
• Web-based password cracking
techniques.
• SQL injection.
• Hacking wireless networks.
• Viruses and worms.
• Physical security.
• Linux hacking.
• Evading firewalls, IDS and honeypots.
• Buffer overflows.
• Cryptography.
• Penetration Testing.
Page 5 of 5 CEH

New Horizons of Syracuse, NY

Glacier Creek Office Park For more information, please contact:
6711 Towpath Road 315-449-3290
Suite 100 Email: info.syracuse@newhorizons.com
East Syracuse, NY 13057 Website: www.nhsyracuse.com