EHS Threats and Defense Mechanisms Certification

EHS Threats Defenses Mechanisms Certification

Learn hacking advanced techniques and set up strong countermeasures and defensive systems to protect your information assets

Course Description

This certification covers a plethora of offensive security topics ranging from how perimeter defenses work to scanning and attacking the simulated networks. A wide variety of tools, viruses, and malware is presented in this and the other four books, providing a complete understanding of the tactics and tools used by hackers. By gaining a thorough understanding of how hackers operate, an Ethical Hacker will be able to set up strong countermeasures and defensive systems to protect an organization's critical infrastructure and information.

EC-Council's EHS Threats Defenses Mechanisms Certification provides the necessary knowledge and skills to protect the information assets.

Who Should Attend

This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.
  • Course Duration: 2 days (9:00AM – 5:00PM)
  • CPE/ECE Qualification: 16 ECE Credits awarded for attendance (1 for each classroom hour)
  • Program Cost: $750 USD
  • Supplement Cost (Courseware & Certificate exam Access): $75 USD
  • Bundle Price: $799 USD
  • Getting Started: Find Training click here:
  • Corporate Trainers interested in setting up internal company training programs, click here
Visit and click on Training Workshops for ordering details.  

Join security workshop program and improve your professionals skills in information security

What is Included?

Physical Courseware
1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate

Course + Supplement Cost

See the “Training Workshops” section at for current pricing information.

Related Certificates

  • Ethical Hacking & Countermeasure Specialist: Attack Phases
  • Ethical Hacking and Countermeasures: Web Applications and Data Servers
  • Ethical Hacking and Countermeasures: Linux, Macintosh and Mobile Systems
  • Ethical Hacking and Countermeasures: Secure Network Infrastructures

Course Briefing

Trojans Backdoors

A computer Trojan horse is used to enter a victim's computer undetected, granting the attacker unrestricted access to the data stored on that computer and causing immense damage to the victim. Trojans propagate, for example, when a sender sends an animated .GIF file with a Trojan in it and the recipient opens the file. The Trojan enters the recipient’s system and slowly causes extensive damage to the system. A common use of a Trojan horse is to install backdoors to allow the attacker to access the compromised system in the future.
This module explains about the Trojans and backdoors that may infect a system. It explains about the working of Trojans, different types of Trojans, different ways a Trojan infects the system, and the lifecycle of Trojan. It lists the Trojans that are used to infect a system. The Trojan Detection Tools help you to identify and remove the Trojans that are active in a system.

Viruses and Worms

Computer viruses have the potential to wreak havoc to both business and personal computers. Worldwide, most businesses have been infected at some point. Virus is a self-replicating program that produces its own code by attaching copies of it into other executable codes. A worm is a malicious program that can infect both local and remote machines. Worms spread automatically by infecting all the systems in a network and even spreading further to other networks. Therefore, worms have a greater potential for causing damage because they do not rely on the user’s actions for its execution. The module explains about viruses and worms that can sacrifice a business or system’s security and lead to different threats. It explains about the working of virus, different stages of virus, classification of virus, and writing of a virus program. It briefs about the different methods of virus detection and lists the anti-virus tools. The module explains about worms and their classification.


A sniffer is a program and/or device that monitor data traveling over a network. Sniffers can be used for legitimate activities, e.g. network management, as well as for illegitimate activities, e.g. stealing information found on a network. This module describes about sniffers that capture important information from the network traffic. It explains about the working of sniffers, types of sniffing attacks, detecting of sniffing attacks, and DNS Poisoning Techniques. It explains about ARP Spoofing tools, MAC Flooding tools, and Sniffing tools.

Social Engineering

Social engineering refers to the method of influencing and persuading people to reveal the sensitive information. It is used to gather the confidential information, authorization details, and access details by deceiving people and manipulating them. All the security measures taken by the organization may come to naught if the employees are “Social Engineered”.
This module explains about the attacks that are possible by social engineering people to reveal the sensitive information. It discusses about the social engineering threats and defenses, countermeasures for social engineering, identity theft, and countermeasures for identity theft.


Phishing is a method to steal the confidential information from the users by tricking them into revealing the personal information. Most phishing attacks are done through emails, where the user gets an email which when clicked navigates him/her to a phishing website.
This module describes different phishing methods that the user can be attacked with. It explains about the various reasons for the phishing attacks to be successful and the process used by the phishers to attack the victim. The method used to stop the phishing attacks are described with different types of anti-phishing tools. The anti-phishing tools help you to stop the phishing attacks and keep you alerted from phishers.

Denial of Service

Denial-of-Service (DoS) is an attack that prevents the authorized users from accessing a computer or network. DoS attacks target the network bandwidth or connectivity. Bandwidth attacks overflow the network with a high volume of traffic using the existing network resources, thus depriving the legitimate users of these resources. Connectivity attacks overflow a computer with a large amount of connection requests, consuming available operating system resources, so that the computer cannot process the legitimate user’s requests.
The module explains about DoS attacks, the classification of DoS attacks. It explains about the detection of DoS Attacks, and different tools to perform DoS and DDoS (Distributed Denial of Service) attacks.
This module discusses about Botnets, the types of bots, and how they infect the system. It explains about DDoS Attack, its characteristics, and how to conduct DDoS attacks.


Course Outline

Trojans and Backdoors

  • Case Example
  • Introduction
  • Trojan horse and Backdoors
  • What Is a Trojan?
  • Reasons for Creating Trojans
  • Overt and Covert Channels
  • Trojan Functions
  • Different Ways a Trojan Can Get into a System
  • Indications of a Trojan Attack
  • Common Ports used by Trojans
  • How to Determine which Ports are “Listening”
  • Life Cycle of a Trojan
  • Wrappers
  • Wrapper Covert Program
  • Wrapping Tools
  • One Exe Maker / YAB / Pretator Wrappers
  • Propagating the Trojan
  • Packaging Tool: WordPad
  • RemoteByMail
  • Different Types of Trojans
  • Tini
  • iCmd
  • NetBus
  • Netcat
  • Netcat Client/Server
  • Netcat Commands
  • Trojan: Beast
  • MoSucker Trojan
  • SARS Trojan Notification
  • Tools Used by Trojan Creators
  • Famous Trojans
  • Classic Trojans Found in the Wild
  • Proxy Trojan
  • Proxy Server Trojan: mcafee 8080
  • W3bPrOxy Tr0j4n Cr34t0r
  • Trojan-Proxy.Win32.Agent.qm
  • FTP Trojan
  • TinyFTPD
  • Zeus
  • FTP Trojan Generator/ FTP Keylogger
  • VNC Trojan
  • Evil VNC/ VNC Stealer
  • TightVNC
  • Stealth Trojans
  • HTTP Trojans
  • Trojan Attack through HTTP
  • HTTP Trojan (HTTP RAT)
  • Shttpd Trojan - HTTP Server
  • Trojan Countermeasures
  • Security Risks
  • Microsoft Windows System Process Files
  • Microsoft Windows Application Files

Viruses and Worms

  • Case Example
  • Introduction to Viruses and Worms
  • Why People Create Computer Viruses and Worms
  • Virus and Worm History
  • Symptoms of Virus and Worm Attacks
  • Virus and Worm Damage
  • Characteristics of a Virus
  • Characteristics of Viruses and Worms
  • Stages of a Virus Life
  • Working of Virus:
  • Infection Phase
  • Attack Phase
  • How does a Computer get Infected by Virus
  • Virus Hoaxes
  • Chain Letters
  • Indications of Virus Attack
  • Modes of Virus Infection
  • Stages of Virus Life
  • How is a Worm Different a Virus
  • Types of virus
  • Virus Classification
  • System Sector Viruses
  • Stealth Virus
  • Bootable CD-ROM Virus
  • Self-Modification
  • Encryption with a Variable Key
  • Polymorphic Code
  • Metamorphic Virus
  • Cavity Virus
  • Sparse Infector Virus
  • Companion Virus
  • File Extension Virus
  • Famous Viruses
  • I Love You Virus
  • Brain Virus
  • Melissa Virus
  • Worms
  • Slammer Worm
  • Famous Viruses
  • Nimda
  • W32/Toal-A Virus Analysis
  • Klez Virus Analysis - 1
  • Klez Virus Analysis - 2
  • Klez Virus Analysis - 3
  • Klez Virus Analysis - 4
  • Klez Virus Analysis – 5
  • Latest Worms
  • Conficker Worm
  • W32/Downadup.DY (Conficker)
  • What does the Conficker worm do?
  • How does the Conficker Worm Work?
  • Steps to Remove Conficker and Prevent Re-infection
  • W32/AutoRun-APZ Worm Analysis
  • W32/Netsky-A Worm Analysis
  • W32-Mimail-A
  • W32/Hybris-F
  • W32/BabyBear-A
  • Email-Worm.Win32.Merond.a
  • W32/Mabezat.B
  • OSX/Tored.A
  • W32/Agent.IPZ
  • P2P-Worm: W32/Bacteraloh
  • W32/Revois
  • W32/VB.FZ Worm
  • Writing a Simple Virus Program
  • Virus and Worm Countermeasures
  • Tools and Techniques


  • Case Example
  • Introduction to Sniffers
  • Sniffing
  • How Does a Sniffer Work?
  • Types of Sniffing:
  • Passive Sniffing
  • Active Sniffing
  • IP-based Sniffing
  • Undetectable Sniffing. Invisible Data Capture On Ethernet: Windows
  • Sniffing on Ethernet Undetected: Linux/DSD
  • Wiretap
  • Protocols Vulnerable to Sniffing
  • What is Address Resolution Protocol (ARP)
  • Lawful Intercept
  • Benefits of Lawful Intercept
  • Tool: Wireshark
  • ARP Spoofing Attack
  • How Does ARP Spoofing Work
  • ARP Poisoning
  • Threats of ARP Poisoning
  • MAC Flooding
  • Mac Duplicating
  • Mac Duplicating Attack
  • DHCP Starvation Attack
  • Content-Sniffing XSS Attacks
  • DHCP Starvation Attack
  • Content-Sniffing XSS Attacks
  • DNS Poisoning Techniques
  • Intranet DNS Spoofing (Local Network)
  • Internet DNS Spoofing (Remote Network)
  • Internet DNS Spoofing
  • Proxy Server DNS Poisoning
  • DNS Cache Poisoning
  • Interactive TCP Relay
  • Interactive Replay Attacks
  • ARP Spoofing Tools
  • Ettercap
  • ArpSpyX
  • Cain and Abel
  • Steps to Perform ARP Poisoning using Cain and Abel
  • Look@LAN
  • IRS - ARP Attack Tool
  • Nemesis
  • Hardware Protocol Analyzers
  • How to Detect Sniffing
  • Countermeasures

Social Engineering

  • Case Example
  • What is Social Engineering
  • Human Weakness
  • “Rebecca” and “Jessica”
  • Types of Social Engineering
  • Human-Based Social Engineering
  • Eavesdropping
  • Shoulder Surfing
  • Dumpster Diving
  • Dumpster Diving Example
  • Computer-Based Social Engineering
  • Common Targets of Social Engineering
  • Social Engineering Threats and Defenses
  • Online Threats
  • Telephone-based Threats
  • Personal Approaches
  • Defenses Against Social Engineering Threats
  • Factors that Make Companies Vulnerable to Attacks
  • Why is Social Engineering Effective
  • Warning Signs of an Attack
  • Tool : Netcraft Anti-Phishing Toolbar
  • Tool: Netcraft Toolbar
  • Phases in a Social Engineering Attack
  • Behaviors Vulnerable to Attacks
  • Impact on the Organization
  • Countermeasures
  • Policies and Procedures
  • Impersonating on Orkut
  • Orkut
  • MW.Orc worm
  • Facebook
  • Impersonating on Facebook
    • MySpace
    • Impersonating on MySpace
    • LinkedIn
    • LinkedIn Profile
    • Rogue LinkedIn Profiles Lead To Malware
    • Twitter
    • Twitter SMS Spoofing
    • Risks of Social Networking and the Corporate Network
    • Identity Theft
    • What Is Identity Theft?
    • Identity Theft Is a Serious Problem


  • Case Example
  • Phishing- Introduction
  • Introduction to Phishing
  • Phishing Terminology
  • Phishing Overview
  • Reasons for Successful Phishing
  • Phishing Methods
  • Visual Deception: Example
  • Process of Phishing
  • Registering a Fake Domain Name
  • Registering a Fake Domain: Example
  • Building a Look Alike Website
  • Example of Look Alike Websites
  • Sending Emails to Many Users
  • Sending Emails to many Users: Example
  • Types of Phishing Attacks
  • Man-in-the-Middle Attacks
  • URL Obfuscation Attacks
  • Cross Site Scripting Attacks
  • Hidden Attacks
  • Client Side Vulnerabilities
  • Deceptive Phishing
  • Malware-based Phishing
  • DNS-based Phishing
  • Content Injection Phishing
  • Search Engine Phishing
  • Phishing Statistics
  • Antiphishing
  • Antiphishing Tools
  • Webroot’s Phish Net
  • Kaspersky Internet Security
  • PhishTank SiteChecker
  • NetCraft
  • GFI MailEssentials
  • SpoofGuard
  • Phishing Sweeper Enterprise
  • Phishing Sweeper
  • Phishing Zapper
  • BitDefender
  • Phishing Blaster
  • TrustWatch Toolbar
  • ThreatFire
  • GralicWrap
  • Spyware Doctor
  • Track Zapper Spyware-Adware Remover
  • AdwareInspector

Denial of Service

  • Introduction to Denial of Service
  • Impact and the Modes of Attack
  • DoS Attack Classification
  • Smurf Attack
  • Buffer Overflow Attack
  • Ping of Death Attack
  • Teardrop Attack
  • SYN Attack
  • SYN Flooding
  • Land Attack
  • Snork Attack
  • DoS Attack Tools
  • Jolt2
  • Bubonic.c
  • Land and LaTierra
  • Targa
  • Blast
  • Nemesy
  • Panther2
  • Crazy Pinger
  • SomeTrouble
  • UDP Flood
  • FSMax
  • Malicious Programs
  • AntiCNN.exe
  • Sdos.EXE
  • Xyrox DoS
  • Slowloris: Denial of Service (DoS) over HTTP
  • Botnets
  • Bot (Derived the Word RoBOT)
  • Botnets
  • Uses of Botnets
  • Types of Bots
  • How Do They Infect? Analysis Of Agabot
  • How Do They Infect
  • Tool: Nuclear Bot
  • Defense against Botnets
  • DDoS Attack
  • What Is a DDoS Attack?
  • DDoS Attack Taxonomy
  • The Reflected DoS Attacks
  • Reflective DNS Attacks
  • DDoS Tools
  • Suggestions for Preventing DoS/DDoS Attacks
  • Taxonomy of DDoS Countermeasures