Certified Ethical Hacker Online Training | CEH Training - EC-Council Learning (2024)

Course Outline

20 Modules that help you master the foundations of
Ethical Hacking and prepare to challenge the CEH certification exam.

Module 1: Introduction to Ethical Hacking

Cover the fundamentals of key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.

Key topics covered:

Elements of Information Security, Cyber Kill Chain Methodology, MITRE ATT&CK Framework, Hacker Classes, Ethical Hacking, Information Assurance (IA), Risk Management, Incident Management, PCI DSS, HIPPA, SOX, GDPR

Module 2: Foot Printing and Reconnaissance

Learn how to use the latest techniques and tools to perform foot printing and reconnaissance, a critical pre-attack phase of the ethical hacking process.

Hands-on Lab Exercises:

Over 30 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform footprinting on the target network using search engines, web services, and social networking sites
  • Perform website, email, whois, DNS, and network footprinting on the target network

Key Topics Covered:

Footprinting, Advanced Google Hacking Techniques, Deep and Dark Web Footprinting, Competitive Intelligence Gathering, Website Footprinting, Website Mirroring, Email Footprinting, Whois Lookup, DNS Footprinting, Traceroute Analysis, Footprinting Tools

Module 3: Scanning Networks

Cover the fundamentals of key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.

Hands-on Lab Exercises:

Over 10 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform host, port, service, and OS discovery on the target network
  • Perform scanning on the target network beyond IDS and Firewall

Key Topics Covered:

Network Scanning, Host Discovery Techniques, Port Scanning Techniques, Service Version Discovery, OS Discovery, Banner Grabbing, OS Fingerprinting, Packet Fragmentation, Source Routing, IP Address Spoofing, Scanning Tools

Module 4: Enumeration

Learn various enumeration techniques, such as Border Gateway Protocol (BGP) and Network File Sharing (NFS) exploits, and associated countermeasures

Hands-on Lab Exercises:

Over 20 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform NetBIOS, SNMP, LDAP, NFS, DNS, SMTP, RPC, SMB, and FTP Enumeration

Key Topics Covered:

Enumeration, NetBIOS Enumeration, SNMP Enumeration, LDAP Enumeration, NTP Enumeration, NFS Enumeration, SMTP Enumeration, DNS Cache Snooping, DNSSEC Zone Walking, IPsec Enumeration, VoIP Enumeration, RPC Enumeration, Unix/Linux User Enumeration, Enumeration Tools

Module 5: Vulnerability Analysis

Learn various enumeration techniques, such as Border Gateway Protocol (BGP) and Network File Sharing (NFS) exploits, and associated countermeasures

Hands-on Lab Exercises:

Over 20 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform NetBIOS, SNMP, LDAP, NFS, DNS, SMTP, RPC, SMB, and FTP Enumeration

Key Topics Covered:

Enumeration, NetBIOS Enumeration, SNMP Enumeration, LDAP Enumeration, NTP Enumeration, NFS Enumeration, SMTP Enumeration, DNS Cache Snooping, DNSSEC Zone Walking, IPsec Enumeration, VoIP Enumeration, RPC Enumeration, Unix/Linux User Enumeration, Enumeration Tools

Module 6: System Hacking

Learn about the various system hacking methodologies—including steganography, steganalysis attacks, and covering tracks—used to discover system and network vulnerabilities.

Hands-on Lab Exercises:

Over 25 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform an Active Online Attack to Crack the System’s Password
  • Perform Buffer Overflow Attack to Gain Access to a Remote System
  • Escalate Privileges using Privilege Escalation Tools
  • Escalate Privileges in Linux Machine
  • Hide Data using Steganography
  • Clear Windows and Linux Machine Logs using Various Utilities
  • Hiding Artifacts in Windows and Linux Machines

Key Topics Covered:

Password Cracking, Password Attacks, Wire Sniffing, Password-Cracking Tools, Vulnerability Exploitation, Buffer Overflow, Privilege Escalation, Privilege Escalation Tools, Keylogger, Spyware, Anti-Keyloggers, Anti-Spyware, Rootkits, Anti-Rootkits, Steganography, Steganography Tools, Steganalysis, Steganography Detection Tools, Maintaining Persistence, Post Exploitation, Clearing Logs, Covering Tracks, Track-Covering Tools

Module 7: Malware Threats

Get an introduction to the different types of malware, such as Trojans, viruses, and worms, as well as system auditing for malware attacks, malware analysis, and countermeasures.

Hands-on Lab Exercises:

Over 20 hands-on exercises with real-life simulated targets to build skills on how to:

  • Gain Control over a Victim Machine using Trojan
  • Infect the Target System using a Virus
  • Perform Static and Dynamic Malware Analysis

Key topics covered:

Malware, Components of Malware, APT, Trojan, Types of Trojans, Exploit Kits, Virus, Virus Lifecycle, Types of Viruses, Ransomware, Computer Worms, Fileless Malware, Malware Analysis, Static Malware Analysis, Dynamic Malware Analysis, Virus Detection Methods, Trojan Analysis, Virus Analysis, Fileless Malware Analysis, Anti-Trojan Software, Antivirus Software, Fileless Malware Detection Tools

Module 8: Sniffing

Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against sniffing attacks

Hands-on Lab Exercises:

Over 10 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform MAC Flooding, ARP Poisoning, MITM and DHCP Starvation Attack
  • Spoof a MAC Address of Linux Machine
  • Perform Network Sniffing using Various Sniffing Tools
  • Detect ARP Poisoning in a Switch-Based Network

Key Topics Covered:

Network Sniffing, Wiretapping, MAC Flooding, DHCP Starvation Attack, ARP Spoofing Attack, ARP Poisoning, ARP Poisoning Tools, MAC Spoofing, STP Attack, DNS Poisoning, DNS Poisoning Tools, Sniffing Tools, Sniffer Detection Techniques, Promiscuous Detection Tools

Module 9: Social Engineering

Learn social engineering concepts and techniques, including how to identify theft attempts, audit human-level vulnerabilities, and suggest social engineering countermeasures.

Hands-on Lab Exercises:

Over 4 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform Social Engineering using Various Techniques
  • Spoof a MAC Address of Linux Machine
  • Detect a Phishing Attack
  • Audit Organization’s Security for Phishing Attacks

Key Topics Covered:

Social Engineering, Types of Social Engineering, Phishing, Phishing Tools, Insider Threats/Insider Attacks, Identity Theft

Module 10: Denial-of-Service

Learn about different Denial of Service (DoS) and Distributed DoS (DDoS) attack techniques, as well as the tools used to audit a target and devise DoS and DDoS countermeasures and protections.

Hands-on Lab Exercises:

Over 5 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform a DoS and DDoS attack on a Target Host
  • Detect and Protect Against DoS and DDoS Attacks

Key Topics Covered:

DoS Attack, DDoS Attack, Botnets, DoS/DDoS Attack Techniques, DoS/DDoS Attack Tools, DoS/DDoS Attack Detection Techniques, DoS/DDoS Protection Tools

Module 11: Session Highjacking

Understand the various session hijacking techniques used to discover network-level session management, authentication, authorization, and cryptographic weaknesses and associated countermeasures.

Hands-on Lab Exercises:

Over 4 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform Session Hijacking using various Tools
  • Detect Session Hijacking

Key Topics Covered:

Session Hijacking, Types of Session Hijacking, Spoofing, Application-Level Session Hijacking, Man-in-the-Browser Attack, Client-side Attacks, Session Replay Attacks, Session Fixation Attack, CRIME Attack, Network Level Session Hijacking, TCP/IP Hijacking, Session Hijacking Tools, Session Hijacking Detection Methods, Session Hijacking Prevention Tools

Module 12: Evading IDS, Firewalls, and Honeypots

Get introduced to firewall, intrusion detection system, and honeypot evasion techniques; the tools used to audit a network perimeter for weaknesses; and countermeasures.

Hands-on Lab Exercises:

Over 7 hands-on exercises with real-life simulated targets to build skills on how to:

  • Bypass Windows Firewall
  • Bypass Firewall Rules using Tunneling
  • Bypass Antivirus

Key Topics Covered:

Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Firewall, Types of Firewalls, Honeypot, Intrusion Detection Tools, Intrusion Prevention Tools, IDS Evasion Techniques, Firewall Evasion Techniques, Evading NAC and Endpoint Security, IDS/Firewall Evading Tools, Honeypot Detection Tools

Module 13: Hacking Web Servers

Learn about web server attacks, including a comprehensive attack methodology used to audit vulnerabilities in web server infrastructures and countermeasures.

Hands-on Lab Exercises:

Over 8 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform Web Server Reconnaissance using Various Tools
  • Enumerate Web Server Information
  • Crack FTP Credentials using a Dictionary Attack

Key topics covered:

Web Server Operations, Web Server Attacks, DNS Server Hijacking, Website Defacement, Web Cache Poisoning Attack, Web Server Attack Methodology, Web Server Attack Tools, Web Server Security Tools, Patch Management, Patch Management Tools

Module 14: Hacking Web Applications

Learn about web application attacks, including a comprehensive web application hacking methodology used to audit vulnerabilities in web applications and countermeasures.

Hands-on Lab Exercises:

Over 15 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform Web Application Reconnaissance using Various Tools
  • Perform Web Spidering
  • Perform Web Application Vulnerability Scanning
  • Perform a Brute-force Attack
  • Perform Cross-site Request Forgery (CSRF) Attack
  • Identify XSS Vulnerabilities in Web Applications
  • Detect Web Application Vulnerabilities using Various Web Application Security Tools

Key Topics Covered:

Web Application Architecture, Web Application Threats, OWASP Top 10 Application Security Risks – 2021, Web Application Hacking Methodology, Web API, Webhooks, and Web Shell, Web API Hacking Methodology, Web Application Security

Module 15: SQL Injection

Learn about SQL injection attack techniques, injection detection tools, and countermeasures to detect and defend against SQL injection attempts.

Hands-on Lab Exercises:

Over 4 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform an SQL Injection Attack Against MSSQL to Extract Databases
  • Detect SQL Injection Vulnerabilities using Various SQL Injection Detection Tools

Key Topics Covered:

SQL Injection, Types of SQL injection, Blind SQL Injection, SQL Injection Methodology, SQL Injection Tools, Signature Evasion Techniques, SQL Injection Detection Tools

Module 16: Hacking Wireless Networks

Learn about wireless encryption, wireless hacking methodologies and tools, and Wi-Fi security tools.

Hands-on Lab Exercises:

Over 3 hands-on exercises with real-life simulated targets to build skills on how to:

  • Footprint a Wireless Network
  • Perform Wireless Traffic Analysis
  • Crack a WEP, WPA, and WPA2 Networks
  • Create a Rogue Access Point to Capture Data Packets

Key Topics Covered:

Wireless Terminology, Wireless Networks, Wireless Encryption, Wireless Threats, Wireless Hacking Methodology, Wi-Fi Encryption Cracking, WEP/WPA/WPA2 Cracking Tools, Bluetooth Hacking, Bluetooth Threats, Wi-Fi Security Auditing Tools, Bluetooth Security Tools

Module 17: Hacking Mobile Platforms

Learn about mobile platform attack vectors, Android vulnerability exploits, and mobile security guidelines and tools.

Hands-on Lab Exercises:

Over 5 hands-on exercises with real-life simulated targets to build skills on how to:

  • Hack an Android Device by Creating Binary Payloads
  • Exploit the Android Platform through ADB
  • Hack an Android Device by Creating APK File
  • Secure Android Devices using Various Android Security Tools

Key Topics Covered:

Mobile Platform Attack Vectors, OWASP Top 10 Mobile Risks, App Sandboxing, SMS Phishing Attack (SMiShing), Android Rooting, Hacking Android Devices, Android Security Tools, Jailbreaking iOS, Hacking iOS Devices, iOS Device Security Tools, Mobile Device Management (MDM), OWASP Top 10 Mobile Controls, Mobile Security Tools

Module 18: IoT and OT Hacking

Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against sniffing attacks

Hands-on Lab Exercises:

Over 2 hands-on exercises with real-life simulated targets to build skills on how to:

  • Gather Information using Online Footprinting Tools
  • Capture and Analyze IoT Device Traffic

Key Topics Covered:

IoT Architecture, IoT Communication Models, OWASP Top 10 IoT Threats, IoT Vulnerabilities, IoT Hacking Methodology, IoT Hacking Tools, IoT Security Tools, IT/OT Convergence (IIOT), ICS/SCADA, OT Vulnerabilities, OT Attacks, OT Hacking Methodology, OT Hacking Tools, OT Security Tools

Module 19: Cloud Computing

Learn different cloud computing concepts, such as container technologies and server less computing, various cloud-based threats and attacks, and cloud security techniques and tools.

Hands-on Lab Exercises:

Over 5 hands-on exercises with real-life simulated targets to build skills on how to:

  • Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools
  • Exploit Open S3 Buckets
  • Escalate IAM User Privileges by Exploiting Misconfigured User Policy

Key Topics Covered:

Cloud Computing, Types of Cloud Computing Services, Cloud Deployment Models, Fog and Edge Computing, Cloud Service Providers, Container, Docker, Kubernetes, Serverless Computing, OWASP Top 10 Cloud Security Risks, Container and Kubernetes Vulnerabilities, Cloud Attacks, Cloud Hacking, Cloud Network Security, Cloud Security Controls, Cloud Security Tools

Module 20: Cryptography

In the final module, learn about cryptography and ciphers, public-key infrastructure, cryptography attacks, and cryptanalysis tools.

Hands-on Lab Exercises:

Over 10 hands-on exercises with real-life simulated targets to build skills on how to:

  • Calculate MD5 Hashes
  • Perform File and Text Message Encryption
  • Create and Use Self-signed Certificates
  • Perform Email and Disk Encryption
  • Perform Cryptanalysis using Various Cryptanalysis Tools

Key Topics Covered:

Cryptography, Encryption Algorithms, MD5 and MD6 Hash Calculators, Cryptography Tools, Public Key Infrastructure (PKI), Email Encryption, Disk Encryption, Cryptanalysis, Cryptography Attacks, Key Stretching

Certified Ethical Hacker Online Training | CEH Training - EC-Council Learning (2024)

FAQs

Is CEH from EC-Council worth it? ›

The CEH has a high price tag, but it is definitely worth it for those who want to climb the cyber security ladder and understand the theory of computer hacking.

How much does it cost to become an EC-Council Certified Ethical Hacker? ›

The cost of the EC-Council CEH exam on average is $950 for self-study students and $1,199 for those who take official training through EC-Council or its partners.

What is an EC-Council certified ethical hacker? ›

Certified Ethical Hacker (C|EH)

C|EH v12 teaches the latest commercial-grade hacking tools, techniques, and methodologies used by hackers and information security professionals to hack organizations lawfully.

Is CEH a hard exam? ›

Yes. The CEH exam can be difficult for many individuals due to its technical content and the wide range of topics covered, such as network security, ethical hacking, and vulnerability assessment. However, proper preparation through study and practice can help you improve your performance on the exam.

Why does EC-Council have a bad reputation? ›

EC-Council has in the last days been at the center of some controversy on plagiarism. They had used other people's work and articles, branded them as EC-Council original works.

How much does a CEH exam cost? ›

Cost of CEH Application

The CEH application costs £100. There are extra fees, such as a non-refundable £100 eligibility application fee and a £950 exam voucher. There is also a £50 membership application fee for EC-Council. Optional training courses and study materials can cost several hundred pounds.

Can I take the CEH exam from home? ›

You can find ECC exam centers on the campuses of numerous universities and community colleges, and there are multiple Pearson Vue testing centers in nearly every state in the U.S. Alternatively, you can request to have your CEH exam virtually proctored by EC-Council.

Is CEH an entry-level? ›

Yes, CEH is considered an entry-level certification in cybersecurity. It provides a foundational understanding of ethical hacking principles and techniques, making it suitable for beginners or those looking to start a career in cybersecurity.

How long does CEH certification last? ›

Recertification Requirements for the Certified Ethical Hacker Exam (312-50) Your CEH credential is valid for 3 years. To maintain your certification you must earn a total of 120 credits within 3 years of ECE cycle period.

What is ethical hacker salary? ›

The typical ethical hacker salary in India is ₹51,230 per month, according to Glassdoor. Pay scale, which lists an annual salary for certified ethical hackers in India, puts the average at ₹517,569 per year.

How long does IT take to become a certified ethical hacker? ›

It can take anywhere from a few months to a few years to become an ethical hacker, depending on your level of experience and expertise. For those just starting out, you can expect to spend at least a few months learning the basics of hacking and cybersecurity.

Does CEH require coding? ›

No, the CEH does not require any coding knowledge. Can a beginner take CEH?

How many people pass CEH? ›

The CEH exam has a pass rate of about 70%. A good score demonstrates a strong understanding of the course material. The exam has 125 multiple-choice questions and lasts four hours. You need to score at least 70% to pass.

Do you need a degree to get CEH? ›

While there are no formal educational requirements for CEH certification, successful candidates for certification typically have a strong background in computer programming, computer science, software engineering, mathematics, and/or information security, which may include a bachelor's and/or a master's degree in ...

Is EC-Council certification legit? ›

EC-Council University is accredited by Distance Education Accrediting Commission. DEAC is a private, non-profit organization that operates as a national accreditor of distance education institutions.

Can I get a job with just CEH certification? ›

With a CEH certification, you can open yourself up to job roles such as security consultant, security analyst, security engineer, cybersecurity auditor, and more. However, it's important to remember that the CEH certification does not guarantee employment.

How valuable is CEH? ›

Over 1 in every 2 professionals received promotions after CEH. 97% stated that the skills they acquired in C|EH helped safeguard their organizations. 95% chose C|EH for career growth. 93% said that C|EH skills improved their organizational security.

Is EC-Council University worth IT? ›

If you are interested in pursuing cybersecurity degree programs, EC-Council University programs can be an ideal choice. It is a leading online cybersecurity university dedicated to providing industry-relevant educational programs to empower cybersecurity professionals to tacklethe evolving IT security risks.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Cheryll Lueilwitz

Last Updated:

Views: 6147

Rating: 4.3 / 5 (54 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Cheryll Lueilwitz

Birthday: 1997-12-23

Address: 4653 O'Kon Hill, Lake Juanstad, AR 65469

Phone: +494124489301

Job: Marketing Representative

Hobby: Reading, Ice skating, Foraging, BASE jumping, Hiking, Skateboarding, Kayaking

Introduction: My name is Cheryll Lueilwitz, I am a sparkling, clean, super, lucky, joyous, outstanding, lucky person who loves writing and wants to share my knowledge and understanding with you.