CEH: Certified Ethical Hacker v13

Course Information

Course Name

CEH: Certified Ethical Hacker v13

Exam code

312-50

Duration

5 Days

Certification

Certified Ethical Hacker (CEH)

Overview

From the creators of Certified Ethical Hacker (CEH) comes the new and evolved version 13 with added Al capabilities. Structured across 20 learning modules covering over 550 attack techniques, CEH provides you with the core knowledge you need to thrive as a cybersecurity professional.

• Benefit from flexible learning options

• Earn a globally recognized certificate

• Get practical learning with 221 hands-on labs

Audience Profile

CEH is a great place to start your career in cybersecurity, but you’re required to have some knowledge before applying. It’s recommended that you have a minimum of 2 years of IT security experience before attempting CEH.

Prerequisites

There are no specific prerequisites for the CEH program. However, we strongly recommend that candidates possess a minimum of 2 years of experience in IT security before attempting CEH.

CEH training involves testing systems and using them for purposes not originally intended. Candidates should understand the basic functions of those IT systems before attempting to hack them.

For example, CEH will teach the process of host evaluation leading to enumeration. In this process, trainees will scan downrange targets using common scanning techniques such as Nmap, which will respond with a list of ports. Enumerating those ports and the services running on them can be used to expose common vulnerabilities and weaknesses in systems.

However, in this scenario, CEH will not teach you what a port is. This is essential knowledge that you must have to be successful in the class.

At Course Completion

EC-Council’s Certified Ethical Hacker (CEH) certification gives you the skills and knowledge needed to drive your career forward in the age of Al.

With CEH you’ll learn how to think like a hacker and uncover any hidden vulnerabilities before hackers do.

We’ll equip you to:

• Find and fix weaknesses:

  • Discover how hackers exploit systems and learn how to keep your data safe.

• Become a security expert:

  • Master the top tools and techniques needed to strengthen your organization’s security.

• Protect your reputation:

  • Learn to proactively prevent data breaches and safeguard your customers’ trust.

• Master ethical hacking with Al:

  • Leverage Al-driven techniques to enhance your ethical hacking skills and stay ahead of cyber threats.

Course Outline

Module 1: Introduction to Ethical Hacking

Learn the fundamentals of key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.

Key topics covered: Elements of Information Security, Classification of Attacks, Hacker Classes, Ethical Hacking, Al-Driven Ethical Hacking, ChatGPT-Powered Al Tools for Ethical Hackers, CEH Ethical Hacking Framework, Cyber Kill Chain Methodology, MITRE ATT&CK Framework, Information Assurance (IA), Risk Management, Threat Intelligence Lifecycle, Incident Management, PCI DSS, HIPPA, SOX, GDPR, DPA

Module 2: Footprinting and Reconnaissance

Learn how to use the latest techniques and tools to perform footprinting and reconnaissance, a critical pre-attack phase of the ethical hacking process.

Hands-on Labs:

• Perform footprinting on the target network using search engines, internet research services, and social networking sites

• Perform whois, DNS, network, and email footprinting on the target network

• Perform Footprinting using Al

Key topics covered: Reconnaissance, Footprinting Using Advanced Google Hacking Techniques, Footprinting through People Search Services, Dark Web Footprinting, Competitive Intelligence Gathering, Footprinting through Social Networking Sites, Whois Lookup, DNS Footprinting, Traceroute Analysis, Email Footprinting, Footprinting through Social Engineering, Al-Powered OSINT Tools

Module 3: Scanning Networks

Learn different network scanning techniques and countermeasures.

Hands-on Labs:

• Perform host, port, service, and OS discovery on the target network

• Perform scanning on the target network beyond IDS and Firewall

• Perform scanning using Al

Key topics covered: Network Scanning, Scanning Tools, Host Discovery Techniques, Port Scanning Techniques, Host Discovery and Port Scanning with Al, Service Version Discovery, OS Discovery/Banner Grabbing, Scanning Beyond IDS and Firewall, Scanning Detection and Prevention

Module 4: Enumeration

Learn various enumeration techniques, including Border Gateway Protocol (BGP) and Network File Sharing (NFS) exploits and associated countermeasures.

Hands-on Labs:

• Perform NetBIOS, SNMP, LDAP, NFS, DNS, SMTP, RPC, SMB, and FTP Enumeration

• Perform Enumeration using Al

Key topics covered: Enumeration, NetBIOS Enumeration, SNMP Enumeration, LDAP Enumeration, NTP Enumeration, NFS Enumeration, SMTP Enumeration, DNS Cache Snooping, DNSSEC Zone Walking, IPsec Enumeration, VoIP Enumeration, RPC Enumeration, Unix/Linux User Enumeration, SMB Enumeration, Enumeration using Al, Enumeration Countermeasures

Module 5: Vulnerability Analysis

Learn how to identify security loopholes in a target organization’s network, communication infrastructure, and end systems. Different types of vulnerability assessment and vulnerability assessment tools are included as well.

Hands-on Labs:

• Perform Vulnerability Research using Vulnerability Scoring Systems and Databases

• Perform Vulnerability Assessment using Various Vulnerability Assessment Tools

• Perform Vulnerability Analysis using Al

Key topics covered: Vulnerability Classification, Vulnerability Scoring Systems and Databases, Vulnerability-Management Life Cycle, Vulnerability Research, Vulnerability Scanning and Analysis, Vulnerability Assessment Tools, Vulnerability Assessment Reports, Al-Powered Vulnerability Assessment Tools

Module 6: System Hacking

Learn about the various system hacking methodologies used to discover system and network vulnerabilities, including steganography, steganalysis attacks, and how to cover tracks.

Hands-on Labs:

• Perform an Active Online Attack to Crack the System’s Password

• Perform Buffer Overflow Attack to Gain Access to a Remote System

• Escalate Privileges using Privilege Escalation Tools

• Escalate Privileges in Linux Machine

• Hide Data using Steganography

• Clear Windows and Linux Machine Logs using Various Utilities

• Hiding Artifacts in Windows and Linux Machines

• Perform System Hacking using Al

Key topics covered: Password Cracking, Password Attacks, Password-Cracking Tools, Vulnerability Exploitation, Metasploit Framework, Al-Powered Vulnerability Exploitation Tools, Buffer Overflow, Buffer Overflow Detection Tools, Active Directory (AD) enumeration, Privilege Escalation, Privilege Escalation Tools, Executing Applications, Keylogger, Spyware, Rootkits, Steganography, Steganalysis, Steganography Detection Tools, Maintaining Persistence, Linux and Windows Post Exploitation, Covering Tracks, Clearing Logs, Track-Covering Tools

Module 7: Malware Threats

Learn about different types of malware (Trojan, viruses, worms, etc.), APT and fileless malware, malware analysis procedures, and malware countermeasures.

Hands-on Labs:

• Gain Control over a Victim Machine using Trojan

• Infect the Target System using a Virus

• Perform Static and Dynamic Malware Analysis

Key topics covered: Malware, Advanced Persistent Threat Lifecycle, Trojan, Virus, Ransomware, Computer Worms, Fileless Malware, Al-based Malware, Malware Analysis, Static Malware Analysis, Dynamic Malware Analysis, Virus Detection Methods, Malware Countermeasures, Anti-Trojan Software, Al-Powered Malware Detection and Analysis Tools

Module 8: Sniffing

Learn about packet-sniffing techniques and their uses for discovering network vulnerabilities, plus countermeasures to defend against sniffing attacks.

Hands-on Labs:

• Perform MAC Flooding, ARP Poisoning, MITM and DHCP Starvation Attack

• Spoof a MAC Address of a Linux Machine

• Perform Network Sniffing using Various Sniffing Tools

• Detect ARP Poisoning in a Switch-Based Network

Key topics covered: Network Sniffing, MAC Flooding, DHCP Starvation Attack, ARP Spoofing, ARP Spoofing/Poisoning Tools, MAC Spoofing, VLAN Hopping, STP Attack, DNS Poisoning Techniques, DNS Poisoning Tools, Sniffing Tools, Sniffer Detection Techniques, Promiscuous Detection Tools

Module 9: Social Engineering

Learn social engineering concepts and techniques, including how to identify theft attempts, audit human-level vulnerabilities, and suggest social engineering countermeasures.

Hands-on Labs:

• Perform Social Engineering using Various Techniques

• Detect a Phishing Attack

• Social Engineering using Al

Key topics covered: Social Engineering, Types of Social Engineering, Human-based Social Engineering Techniques, Impersonation, Computer-based Social Engineering Techniques, Phishing, Phishing Tools, Perform Impersonation using Al, Identity Theft, Mobile-based Social Engineering Techniques, Social Engineering Countermeasures, Anti-Phishing Toolbar

Module 10: Denial-of-Service

Learn about different Denial of Service (DoS) and Distributed DoS (DDoS) attack techniques, plus the tools used to audit a target and devise DoS and DDoS countermeasures and protections.

Hands-on Labs:

• Perform a DoS and DDoS attack on a Target Host

• Detect and Protect Against DoS and DDoS Attacks

Key topics covered: DoS Attack, DDoS Attack, Botnets, DoS/DDoS Attack Techniques, DoS/DDoS Attack Toolkits, DOS/DDoS Attack Detection Techniques, DoS/DDOS Protection Tools, DOS/DDOS Protection Services

Module 11: Session Hijacking

Learn the various session hijacking techniques used to discover network-level session management, authentication, authorization, and cryptographic weaknesses and associated countermeasures.

Hands-on Labs:

• Perform Session Hijacking using various Tools

• Detect Session Hijacking

Key topics covered: Session Hijacking, Application-Level Session Hijacking, Compromising Session IDs, Session Hijacking, Network-Level Session Hijacking, TCP/IP Hijacking, RST Hijacking, Blind Hijacking, Session Hijacking Tools, Session Hijacking Detection Methods, Session Hijacking Detection Tools, Approaches to Prevent Session Hijacking

Module 12: Evading IDS, Firewalls, and Honeypots

Learn about firewall, intrusion detection system (IDS), and honeypot evasion techniques; the tools used to audit a network perimeter for weaknesses; and countermeasures.

Hands-on Labs:

• Perform Intrusion Detection using Various Tools

• Deploy Honeypot to Detect Malicious Network Traffic

• Bypass Firewall Rules using Tunneling

• Bypass Antivirus

Key topics covered: Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Firewall, Types of Firewalls, Intrusion Detection Tools, Intrusion Prevention Tools, IDS/Firewall Evasion Techniques, NAC and Endpoint Security Evasion Techniques, IDS/Firewall Evading Tools, Honeypot, Types of Honeypots, Honeypot Tools, IDS/Firewall Evasion Countermeasures

Module 13: Hacking Web Servers

Learn about web server attacks, including a comprehensive attack methodology used to audit vulnerabilities in web server infrastructures and countermeasures.

Hands-on Labs:

• Perform Web Server Reconnaissance using Various Tools

• Enumerate Web Server Information

• Perform a Web Server Attack

• Perform a Web Server Hacking using Al

Key topics covered: Web Server Architecture, Web Server Vulnerabilities, Web Server Attacks, DNS Server Hijacking, Web Cache Poisoning Attack, Web Server Footprinting/Banner Grabbing, Directory Brute Forcing, Vulnerability Scanning, Web Server Password Hacking, Web Server Attack Tools, Web Server Attack Countermeasures, Detecting Web Server Hacking Attempts, Web Server Security Tools

Module 14: Hacking Web Applications

Learn about web application attacks, including a comprehensive web application hacking methodology used to audit vulnerabilities in web applications and countermeasures.

Hands-on Labs:

• Perform Web Application Reconnaissance using Various Tools

• Perform Web Spidering

• Perform Web Application Vulnerability Scanning

• Perform Web Application Attacks

• Detect Web Application Vulnerabilities using Various Web Application Security Tools

• Perform Web Application Hacking using Al

Key topics covered: Web Application, OWASP Top 10 Application Security Risks – 2021, Web Application Attacks, Footprint Web Infrastructure, Analyze Web Applications, Bypass Client-side Controls, Attack Access Controls, Attack Web Services, Web API, Webhooks, Web API Hacking Methodology, API Security Risks and Solutions, Web Application Security Testing, Web Application Fuzz Testing, Encoding Schemes, Web Application Attack Countermeasures, Web Application Security Testing Tools

Module 15: SQL Injection

Learn about SQL injection attack techniques, evasion techniques, and SQL injection countermeasures.

Hands-on Labs:

• Perform an SQL Injection Attack Against MSSQL to Extract Databases

• Detect SQL Injection Vulnerabilities using Various SQL Injection Detection Tools

• Perform SQL Injection using Al

Key topics covered: SQL Injection, Types of SQL injection, Error Based SQL Injection, Union SQL Injection, Blind/Inferential SQL Injection, SQL Injection Methodology, Information Gathering and SQL Injection Vulnerability Detection, Launch SQL Injection Attacks, Advanced SQL Injection, SQL Injection Tools, SQL Injection with Al, Evasion Techniques, SQL Injection Countermeasures, SQL Injection Detection Tools

Module 16: Hacking Wireless Networks

Learn about different types of encryption, threats, hacking methodologies, hacking tools, security tools, and countermeasures for wireless networks.

Hands-on Labs:

• Footprint a Wireless Network

• Perform Wireless Traffic Analysis

• Crack a WPA2 Network

• Create a Rogue Access Point

Key topics covered: Wireless Networks, Wireless Standards, Wireless Encryption, Wireless Threats, Wireless Hacking Methodology, Wi-Fi Discovery, Wireless Traffic Analysis, Launch of Wireless Attacks, Wi-Fi Encryption Cracking, Wireless Attack Countermeasures, Wi-Fi Security Auditing Tools

Module 17: Hacking Mobile Platforms

Learn mobile platform attack vectors, Android and iOS hacking, mobile device management, mobile security guidelines, and security tools.

Hands-on Labs:

• Hack an Android Device by Creating Binary Payloads

• Exploit the Android Platform through ADB

• Hack an Android Device by Creating APK File

• Secure Android Devices using Various Android Security Tools

Key topics covered: OWASP Top 10 Mobile Risks – 2024, Anatomy of a Mobile Attack, App Sandboxing Issues, SMS Phishing Attack (SMiShing), Call Spoofing, OTP Hijacking/Two-Factor Authentication Hijacking, Camera/Microphone Capture Attacks, Android Rooting, Hacking Android Devices, Android Hacking Tools, Android Security Tools, Jailbreaking iOS, Hacking iOS Devices, iOS Device Security Tools, Mobile Device Management (MDM), OWASP Top 10 Mobile Risks and Solutions, Mobile Security Guidelines, Mobile Security Tools

Module 18: IoT and OT Hacking

Learn different types of Internet of Things (IoT) and operational technology (OT) attacks, hacking methodologies, hacking tools, and countermeasures.

Hands-on Labs:

• Gather Information using Online Footprinting Tools

• Capture and Analyze loT Device Traffic

• Perform loT Attacks

Key topics covered: IoT Architecture, loT Technologies and Protocols, OWASP Top 10 IoT Threats, IoT Vulnerabilities, lot Threats, loT Attacks, IoT Hacking Methodology, IoT Hacking Tools, IoT Security Tools, IT/OT Convergence (IIOT), OT Technologies and Protocols, OT Vulnerabilities, OT Threats, OT Attacks, OT Hacking Methodology, OT Hacking Tools, OT Security Tools

Module 19: Cloud Computing

Learn different cloud computing concepts, such as container technologies and serverless computing, various cloud computing threats, attacks, hacking methodologies, and cloud security techniques and tools.

Hands-on Labs:

• Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools

• Exploit Open S3 Buckets

• Escalate IAM User Privileges by Exploiting Misconfigured User Policy

• Perform vulnerability assessment on docker images

Key topics covered: Cloud Computing, Fog Computing, Edge Computing, Container, Docker, Kubernetes, Serverless Computing, OWASP Top 10 Cloud Security Risks, Cloud Computing Threats, Container Vulnerabilities, Kubernetes Vulnerabilities, Cloud Attacks, Cloud Hacking Methodology, AWS Hacking, Microsoft Azure Hacking, Google Cloud Hacking, Container Hacking, Cloud Network Security, Cloud Security Controls, Cloud Security Tools

Module 20: Cryptography

Learn about encryption algorithms, cryptography tools, Public Key Infrastructure (PKI), email encryption, disk encryption, cryptography attacks, and cryptanalysis tools.

Hands-on Labs:

Encrypt the Information using Various Cryptography Tools

• Create and Use Self-signed Certificates

• Perform Email and Disk Encryption

• Perform Cryptanalysis using Various Cryptanalysis Tools

• Perform Cryptography using Al

Key topics covered: Cryptography, Ciphers, Symmetric Encryption Algorithms, Asymmetric Encryption Algorithms, Message Digest Functions, Quantum Cryptography, Cryptography Tools, Public Key Infrastructure (PKI), Signed Certificate, Digital Signature, Email Encryption, Disk Encryption, Blockchain, Cryptanalysis Methods, Cryptography Attacks, Attacks on Blockchain, Quantum Computing Attacks, Cryptanalysis Tools

All EC-Council certification courses are conducted by certified trainers from Iverson.

Digital Methods acts as the official training partner and assists with program consultation, registration, coordination, scheduling, and administrative arrangements to ensure a smooth and professionally managed training experience.