EHS: Attack Phases

Ethical Hacking Countermeasure Specialist


Course Description CEH

Course Description

This certification covers a plethora of the offensive security topics ranging from how perimeter defenses work to scanning and attacking the simulated networks. A wide variety of tools, viruses, and malware is presented in this and the other four books, providing a complete understanding of the tactics and tools used by hackers. By gaining a thorough understanding of how hackers operate, an Ethical Hacker will be able to set up strong countermeasures and defensive systems to protect an organization's critical infrastructure and information.

 

 

Ethical Hacking & Countermeasures Attack Phases

 

Who Should Attend

This course will significantly benefit the security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

  • Duration: 2 days (9:00AM – 5:00PM)
  • CPE/ECE Qualification: 2 ECE Credits awarded for attendance (1 for each 8 hour class day)
  • Program Cost: $750 USD
  • Supplement Cost (Courseware & Certificate exam Access): $75 USD
  • Bundle Price: $799 USD
  • Getting Started: Find Training Click HERE
  • Corporate Trainers interested in setting up internal company training programs, click here

 

About us Icon

 

What’s included?

  • Physical Courseware
  • 1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate

Related Certificates:

  • Ethical Hacking and Countermeasures: Threats and Defense Mechanisms
  • Ethical Hacking and Countermeasures: Web Applications and Data Servers
  • Ethical Hacking and Countermeasures: Linux, Macintosh and Mobile Systems
  • Ethical Hacking and Countermeasures: Secure Network Infrastructures

 


Course Briefing

Introduction to Ethical Hacking

As computers have become strategic in the way business is conducted, companies leveraged their capabilities to conduct commerce. Enterprises have begun to realize the need to evaluate their systems for vulnerabilities and correct the security lapses. Ethical hacking is broadly defined as the methodology that ethical hackers adopt to discover the existing vulnerabilities in information systems’ operating environments. Their job is to evaluate the security of targets, provide updates regarding any discovered vulnerabilities, and recommend the appropriate mitigation procedures. The module “Introduction to Ethical Hacking” gives an introduction to cyber warfare and security threats. It briefs about hacking and also describes Ethical Hacking. It talks about the prerequisites to become an Ethical Hacker, the scope and limitations of ethical hacking, and the classification of ethical hackers. The module explains the steps that should be followed while conducting an ethical hacking process.


 

 











Footprinting

Footprinting is the blueprint of the security profile of an organization that is undertaken in a methodological manner, which gives a unique system profile of an organization. Information unveiled at various network levels (Internet/intranet/extranet/wireless) can include details regarding: domain name, intrusion detection systems, specific IP addresses, access control mechanisms and related lists, contact addresses, authentication mechanisms, and system enumeration. An attacker spends 90% of the time in profiling an organization and 10% in launching the attack. This module discusses about Footprinting terminologies, information gathering methodology, and competitive intelligence gathering. It explains about different Footprinting tools that can be used to intrude into a system or network and explains the process of creating fake websites and the tools used to create fake websites.


 








Scanning

Scanning is one of the most important phases of intelligence gathering for an attacker. In the process of scanning, the attacker tries to gather information about the specific IP addresses that can be accessed over the Internet, their target’s operating systems, system architecture, and the services running on each computer. This module explains about the scanning methodology that is used to identify the vulnerabilities in a network. It explains about the types of scanning, objectives of Scanning, and different tools present to perform scanning. It briefs about CEH scanning methodology that includes checking for live systems and ports, identifying services, Banner Grabbing/OS Fingerprinting, scanning for vulnerability, drawing network diagrams of the vulnerable hosts, and preparing proxies.

 













Enumeration

The attacker’s objective is to identify the valid user’s accounts or groups where he/she can remain inconspicuous once the system has been compromised. Enumeration involves making active connections to the target system or subjecting it to direct queries. The module “Enumeration” explains about the process of extracting the user names. It explains the techniques for Enumeration, enumerating user accounts, SNMP enumeration, UNIX/Linux enumeration, LDAP enumeration, NTP enumeration, SMTP enumeration, DNS enumeration, and web enumeration. The module lists the enumeration tools that can be used to extract the data.

 

 

















System Hacking

With the advent of Internet, securing the systems has become a major concern for organizations and governments alike. The fear of the trade secrets, financial information, and customer information being compromised has urged organizations to evaluate the threat scenario to their organizational networks. This led to the organizations hiring “ethical hackers” to launch system hacking on the systems and learn about the vulnerabilities in the networks. In System Hacking, the system refers to the applications and software that perform business functions or support key processes. The module “System Hacking” describes the CEH system hacking process which is classified into 3 stages: gaining access (by cracking passwords and escalating privileges), maintaining access (executing applications and hiding files), and clearing access (covering tracks). The module also explains the hacking tools that aid the hacking process. The module explains how the attackers penetrate into a system with the help of examples and tools. It also presents the countermeasures that can be applied in each stage to prevent an attack on the system.

 

 





















Penetration Testing (PT)

A penetration test is a simulation of a potential attack from an attacker. The test involves analyzing the system for vulnerabilities that may be used by the attacker to break in. It involves using proprietary and open source tools to test for known and unknown technical vulnerabilities in the networked systems. Apart from the automated techniques, penetration testing training involves manual techniques for conducting the targeted testing on the specific systems to ensure that there are no security flaws that may have gone undetected earlier. This module explains how to penetrate through a system or network. It gives an introduction to penetration testing, risk management, manual testing, and automated testing. It discusses on how to enumerate the devices and DoS enumeration and explains about HackerShield, pen-test using different devices, VigilENT, WebInspect, and the tools used for penetration testing.