Certified Ethical Hacker (CEHv10)



Disclaimer: Tech-Act is an independent training services provider. Any use of third party trademarks, brand names, products and services is only referential.Tech-Act disclaims any sponsorship, affiliation or endorsement of or by any third parties. Tech-Act is an authorized training partner only where explicitly stated and as listed here.



REQUEST INFORMATION


Certified Ethical Hacker (CEHv10)


About This Course

EC-Council’s Certified Ethical Hacker Version 10 training program authenticates an IT security professional as a Penetration Tester and Ethical Hacker in the IT landscape. This training emphasizes on imparting skills and techniques to work as an ethical hacker to safeguard the vulnerabilities and weaknesses of network infra as well as to tackle illegal/unethical hacking.

The CEH v10 training program is one of the most preferred and popular training programs in ethical hacking. Yes, it is the current version loaded with emerging technologies such as Internet of Things (IoT) and Artificial Intelligence (AI) to offer professionals with the most-recent techniques and tools leveraged by hackers and IT security experts. The CEH v10 certification program focuses much on hands-on and practical sessions.

The CEH v10 certification comes quite handy considering the rising security threats to web servers and computer network infrastructure. The best and foolproof way to do this is by acknowledging and learning the methods used by hackers. The course teaches to think the way an illegal/unethical hacker does, but it uses EC-Council’s legal/ethical hacking practice and tools to test and penetrate networks as well as computer systems legally.


Who Should Attend This Course

CEH v10 training program is helpful for the following people:

  • System Administrators
  • Ethical hackers
  • Security professionals and Auditors
  • Network Engineers and Administrators
  • Network Security experts
  • Site admins
  • IT and network Security experts
  • Anyone assigned with the job to safeguard network infrastructure and computer systems

Why This Course

The CEH V10 certification program assists in establishing and administering standards and protocols for IT security experts in ethical hacking sphere.

The training will drive professionals in an immersive and interactive learning environment where they will learn to secure, hack, test and scan the systems and networks. This renders every professional with an in-depth knowledge and practical hands-on on security systems.

Professionals will learn about security defences and ways to hack and scan networks whilst identifying vulnerabilities and weaker areas.

Most importantly, professionals will learn about how intruders and illegal hackers abuse access privileges and understand counteractive steps to help secure the systems and networks.

The certification opens up various career advancement options like it prepares you for computer network defense (CND) analyst, CND infra support, CND auditor, CND incident responder, intrusion analyst, forensic analyst and security manager.

Since there is a cyber breach every 39 seconds, you can understand the need and demand for Ethical Hackers in the IT landscape today.

Did you know that CEH V10 certified professionals earn a salary of around $90,000/annum. (Source: itcareerfinder.com)


Course Objectives

Tech-Act’s CEH V10 Ethical Hacker training program offers hands-on training to help a professional learn the techniques and concepts that hackers often use to intrude or attack network systems. It teaches them to leverage these techniques in an ethical way to safeguard IT infrastructure. The course is an extensive one focusing on more than 15 security domains to offer a hands-on approach to key security systems.

You learn to evaluate IT system security using standard penetration techniques to hack, test and scan security systems and network applications. It even teaches about exploitation, phishing and sniffing attacks and ways to tackle them. Most importantly, the course prepares an individual for the quintessential EC-Council Certified Ethical Hacker examination 312-50.

  • Prepares you for CEH practical examination
  • Offers understanding on machine learning, AI and cloud attacks
  • Trains you on IoT security module
  • Vulnerability assessment

Course Prerequisites
  • Basic understanding of networking concepts
  • Understanding of network and server components

Course Benefits


After successful completion of this course, you learn the following:

  • Footprinting countermeasures and tools
  • Network scanning
  • System hacking, steganography and covering tracks
  • Various Trojan types, analysis, and countermeasures
  • Viruses, analysis, computer worms, analysis procedure, malware and countermeasures
  • Packet sniffing
  • Social Engineering, social engineering and identify theft
  • DDoS/ DoS attacks,
  • Web application and server attacks
  • SQL attacks
  • Wireless Encryption.
  • Mobile attacks and vulnerabilities
  • Cloud concepts, attacks, security and threats
  • Cryptography attacks, Public Key Infrastructure (PKI) and cryptanalysis tools
  • Different IoT threats
  • Helps you get into the heads of an illegal hacker to safeguard devices, networks and systems.
  • A CEH expert can foolproof a network and system
  • Serves as a launchpad for IT security courses like audits, forensics and penetration testing.

Curriculum


Introduction to Ethical Hacking

Overview

EC-Council’s Certified Ethical Hacker (CEH) course gives the student a foundational knowledge and skillset to be an asset to their current organization as a security analyst or become an effective member of a security team engaged in offensive security testing and vulnerability assessments. This course covers specific topics such as: Intro to Ethical Hacking, Information gathering through foot-printing and reconnaissance techniques, network and system scanning, service enumeration, vulnerability discovery and analysis, system hacking, malware, social engineering, web application hacking, SQL Injection, Wireless, Mobile, IoT, and more.

Introduction to Ethical Hacking: Threats

This section discusses a few foundational concepts with regards to Ethical Hacking. It covers threats, the general threat landscape, defines some basic terms, and explores common IT security objectives. It also covers threat categories, attack vectors, and types of defenses against threats.

Introduction to Ethical Hacking: Hacking Concepts

This section describes and defines what a hacker and hacking is in general. It explains what makes a good hacker and explores the different types of hackers like Script Kiddies, White Hats, and Black Hats. It discusses common phases of hacking and Ethical hacking concepts.

Introduction to Ethical Hacking: Security Controls

This section explores the implementation of Security Controls which covers Information Assurance vs. Information Security, Network segmentation, Defense-in-Depth, and Security Policies. It also explains how to begin to develop a basic Security Policy, which includes workplace privacy policies, the SecPol creation steps, Risk Management and Threat Modeling.

Introduction to Ethical Hacking: Pentesting

This section walks through the basic terminology and practices of Pentesting. It covers definition and the need of pentesting and how it differs from other types of security assessments. It also discusses different types of security teams, types of pentests, pentesting phases, and pentesting methodologies.

Introduction to Ethical Hacking: Laws and Standards

This section explains commonly encountered computer security laws, regulations, and standards for both specific and general industries and governments. It covers PCI-DSS, HIPAA, ISO 27001, SOX, DMCA, and FISMA.

Information Gathering and Vulnerability Identification

Footprinting

This section discusses the concept and practice of Footprinting. It defines Footprinting as it pertains to penetration testing as well as demonstrates passive reconnaissance techniques to gather info from sources like web sites, job listings, search engines and social media. The discussion also includes performing online searches using Shodan, Netcraft, and Censys, using a website spidering tool like Burp Suite, and directory fuzzing with tools like Dirb.

Attacks and Exploits

Host Discovery

This section examines the importance and techniques for performing host discovery. It covers the concepts for host discovery and shows how to use common system tools like ping, scripting, nmap and hping3 to perform host discovery.

Scanning with Nmap

This section demonstrates using the popular scanning tool Nmap for engaging in a variety of host scanning techniques. It shows how to perform SYN(Stealth) scans, TCP Connect scans, ACK scans, XMAS Scans, NULL scans, and FIN Scans.It also covers how to deploy other obfuscation tactics like fragmenting the scan, deploying decoys, and spoofing source IP addresses.

ProxyChains

This section shows how to use ProxyChains to obfuscate your contact with a target network even bypassing security features like IDSs and Firewalls. It explains ProxyChains allows using a compromised host to pivot into segregated internal networks.

Enumeration

Enumeration

This section defines and demonstrates performing enumeration during and engagement. It explores the types of things you commonly target during enumeration as well as performing enumeration on services like NetBIOS, SMTP, and SNMP.

Vulnerability Analysis

Vulnerability Analysis Concepts

This section explores concepts of performing a Vulnerability Assessment. It dicusses the difference between a vulnerability scan and a penetration test. It covers the Vulnerability Management Life-Cycle which defines the steps taken during the Pre-assessment, Assessment, and Post-Assessment phases.

Vulnerability Analysis Tools

This section demonstrates few tools used to perform a vulnerability assessment. It discusses different types of assessment tools and the options and output from tools like Nikto, MBSA, and OpenVAS.

System Hacking

Password Attacks

This section covers system hacking by exploring ways to attack password-based authentication. It explores low-tech and high-tech approaches to password attacks, shoulder surfing, dumpster diving, social engineering, dictionary, brute-force, and rule-based attacks. It demonstrates online password attacks using tools such as Medusa and Hydra.

Privilege Escalation

This section covers the process of Privilege Escalation. It explains common techniques and tactics for gaining higher privileges such as: DLL Hijacking and exploiting file/folder permission misconfigurations, Operating System vulnerability exploitation, the use of Webshells, and other various maneuvers.

Covert Data Gathering

This section explains the ways to clandestinely gather information from target systems and users. It shows how to use keyloggers and implement spyware to record sensitive information through keystrokes, screenshots, and even video/audio capture.

Hidden Files

This section explores hiding files during an engagement. It explains why hiding files is necessary and show the use of Alternate Data Streams and Steganography as tactics for hiding information.

Covering Tracks

This section discusses techniques and tactics for covering the tracks after breaching a system. It explains how to remove traces of your activities by disabling auditing systems and clearing logs.

Malware Threats

Malware Threats cehv10

This section discusses the various Malware threats that can be used to attack a system.

Sniffing

Network Sniffing

This section dives into the merits and practice of sniffing networks. It explains why and how to sniff network traffic. It covers how to capture packets and sift through the data using Wireshark. It shows the methods for packet sniffing on a switched network through MAC flooding, port stealing and ARP poisoning.

Social Engineering

Social Engineering

This section discusses the practice of performing Social Engineering techniques during a pentest engagement. It covers the concepts and tactics that Social Engineers use to elicit information from their target which includes emotional responses, shoulder surfing, eavesdropping, tailgating, Piggybacking, phishing, Spear phishing, whaling, SMiShing, Vishing, and more.

Denial of Service

Denial of Service

This section discusses the concepts and techniques for performing Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. It explains the types of DoS/DDoS attack and the difference between the two. It also covers Volumetric attacks like the Ping-of-Death, Smurf, Fraggle, UDP flood, ICMP flood attacks and application layer attacks like HTTP GET/POST attacks and Slowloris using Metasploit.

Session Hijacking

Session Hijacking

This section explores session hijacking. It discusses the possible impact of a successful session hijacking attack, session replay attack by sniffing session tokens as well as by deploying a XSS attack. It demonstrates network-layer session hijacking and hijacks an active telnet session.

Evading IDS, Firewalls, and Honeypots

Evading IDS, Firewalls, and Honeypots

This section discusses how to evade IDS, Firewalls Honeypots.

Hacking Web Servers

Hacking Web Servers

This section takes a look at common attack tactics and techniques used when hacking web servers. It covers both general and specific vulnerabilities associated with web servers that an attacker may exploit and the common methodology employed.

Hacking Web Applications

Common Web App Threats

This section takes through the plethora of threats geared toward Web Applications. It explores Injection-based attacks like SQL Injection, Command Injection, HTML Injection, and Code Injection. It demonstrates the use of File Inclusions using RFI and LFI attacks, Directory Traversal attacks, Cross-Site Scripting(XSS) used to execute arbitrary code and Social Engineering attacks.

Practical Web App Hacking

This section discusses Web Application hacking methodology through practical example. It demonstrates Web App environment and explains Footprinting the target server all the way to gaining root privileges and every step in between.

SQL Injection

SQL Concepts

This section covers a common and popular type of injection attack, the SQL Injection attack. It explains SQLi attack. It also covers how to perform authentication bypass using SQLi.

SQL Injection Types

This section dig more in SQL Injection attacks. It covers common types of SQL Injections; specifically Error-based and Blind SQLi. It demonstrates error-based SQLi to enumerate the database tables and column information leading to sensitive data disclosure and blind SQLi techniques which allows to work without errors to achieve the same goal.

Other SQLi and Tools

This section covers other common SQL injection attacks. It shows how to use SQLi to read system files, write files to the OS, and then get code execution to gain remote shell access. It also explains how to automate SQLi attacks through the use of freely available tools like SQLMap.

Hacking Wireless Networks

Wireless Hacking Concepts

This section discusses the pertinent concepts with regards to hacking wireless technologies. It covers wireless vocabulary including terms like BSSID, ESSID, ISM, MIMO, and FSSS, etc. It explains common wireless standards, authentication mechanisms, antennas and encryption schemes like WEP, WPA, and WPA2.

Wireless Hacking: Tools

This discusses and demonstrates the use of a few common wireless hacking tools. It covers wireless adapters, antennas suggestions for optimal coverage, and network discovery tools for finding and enumerating wireless networks. It also covers common wireless hacking tools such as : the Aircrack-NG Suite, Wifite, Fern Wifi Cracker, CainAbel, Kismet, Wifi Pineapples, Wifi Pumpkins, and Wifi Jamming.

Wireless Hacking: Common Threats

This section covers common threats against wireless networks. It demonstrate simple attacks like exploiting poorly configured devices, deploying Rogue APs, Evil Twins APs, Ad-hoc connections, and Honeypot APs. It explains complex attacks like MAC filter bypass by MAC spoofing and revealing hidden wireless networks.

Wireless Hacking: Cracking WEP

This section covers the process of cracking WEP encrypted wireless networks using the Aircrack-NG suite of wireless hacking tools.

Wireless Hacking: Cracking WPA/WPA2

This section covers the process of cracking WPA encrypted wireless networks using the Aircrack-NG suite of wireless hacking tools.

Hacking Mobile Platforms

Mobile Hacking

This section discusses hacking mobile devices. It demonstrates Mobile as an attack surface and explores vulnerabilities found therein. It also demonstrates using Mobile as an attack platform and the realities of managing a BYOD environment.

IoT Hacking

IoT Concepts

This section discusses the general IoT concepts that help you to understand what IoT devices are and how they operate and communicate with each other and their ecosystem.

IoT Attacks

This section discusses the vulnerabilities and attacks that can lead to IoT systems being compromised.

Cloud Computing

Cloud Computing Concepts

This section discusses the concepts associated with Cloud Computing

Cloud Computing Attacks

This section discusses the vulnerabilities and attacks that can lead to Cloud systems being compromised.

Cryptography

Cryptography Concepts

This section discusses the concepts that help to understand cryptography.

Cryptography Attacks

This section discusses the various approaches that can be used to attack a cryptographic system.

Schedule & Fees


SELF PACED Online INSTRUCTOR LED CLASSROOM
Duration 1 Year Access 5 Days 5 Days
Course Material
Exam Voucher
Face Time With Instructor
Course Price $400 On Request On Request
Enroll Now Enquire Now Enquire Now

Course FAQ


Why should I get my CEH V10 certification from Tech-Act?

Serving the IT world since decades, Tech-Act is well-verse about the problem of cybersecurity. We ensure to get industry best trainers for the CEH V10 Certified program. Further, we are an accredited training providers for EC Council, CompTIA, Red Hat, Project Management Institute and others. We also are a Pearson Vue Authorized Test Center providing both online as well as training.

Do you have certified trainers for this course?

Yes, every trainer associated with Tech-Act is an industry expert bringing in yeas of industry experience to the table.

What are the key benefits of CEH V9 certification?

Advantages of CEH V10 certification are as follows:

  • Footprinting countermeasures and tools
  • Network scanning
  • System hacking, steganography and covering tracks
  • Various Trojan types, analysis, and countermeasures
  • Viruses, analysis, computer worms, analysis procedure, malware and countermeasures
  • Packet sniffing
  • Social Engineering, social engineering and identify theft
  • DDoS/ DoS attacks,
  • Web application and server attacks
  • SQL attacks
  • Wireless Encryption.
  • Mobile attacks and vulnerabilities
  • Cloud concepts, attacks, security and threats
  • Cryptography attacks, Public Key Infrastructure (PKI) and cryptanalysis tools
  • Different IoT threats
  • Helps you get into the heads of an illegal hacker to safeguard devices, networks and systems.
  • A CEH expert can foolproof a network and system
  • Serves as a launchpad for IT security courses like audits, forensics and penetration testing.

What’s the eligibility criteria?

  • Basic understanding of networking concepts
  • Understanding of network and server components

Testimonials



0

Your Cart