There are many courses in IT Industry, but this is one of the most popular course in the World. Certified Ethical Hacking Course is combination of network part and web part. If will discuss about the Global exam or International exam of the EC Council then approximately 125 questions will come, duration of the exam will be 4 hours. Means during this 4 hours need to clear the exam. Test will be based on multiple choice and we can give the exam in EC Council testing center or VUE. Exam code will be 312-50, ECC Exam and 312-50 VUE Exam.
There are many exam conducted by the EC Council, CEH(ANSI), CEH Practical, CCISO(ANSI), CHFI(ANSI), etc. We must have the strong knowledge of the networking, may be cisco knowledge, may be Microsoft knowledge and red had networking knowledge. If will discuss about the ethical hacking part then must me knowledge of configuring router, switch, firewall, vpn, routing protocol, switching protocol, etc. Before the security part must have the strong knowledge of the routing concept so can easily implement routing security. If will talk about the switch security then must have the strong knowledge of switch configuration so easily can implement the same for security. We need to provide security for networking device, we need to provide security for web development part.
If we have basic knowledge of java, android, php, etc. Not about the basic knowledge only must have the strong knowledge of these languages so can easily study for android penetration testing, can go with java security and php security.
If will talk about other security course then can plan CND-Certified Network Defender Certification. The CND program will for the network administrator and system administrator, who will manage the traffic of the network like lan network and wan network. If there is a chance of threats on the network so network engineer and network administrator can reduce this issue. If will discuss about the CND Global or international exam then number of questions will be 100, about the duration, duration will be 4 hours for the exam. Definitely test format will be multiple choice questions, can give the exam via ECC means in EC Council Testing center. If will talk about the exam code then code will be 312-38 as per as the EC Council.
EC Council CEH will start from Introduction of Ethical Hacking module. In this module will study about the information security overview. After this lesson will study about the information security threats and attack vectors because this knowledge will be required before hacking concept of EC Council. At the start level, we should study about the information security controls, then will move to penetration testing concept, which is very important. Then last topic of this module will be information security laws and standards. Then module 1 will be over. We need to perform the practical steps of first module for the purpose of strong base. If base will be strong then can move to the advance part.
Next Module will start with Foot Printing and Reconnaissance, in this module firstly need to study about the foot printing concept, after the foot printing concept then will move to foot printing through search engines, after this engines will move to foot printing through web services, then definitely will move to foot printing through social networking sites. After the networking sites then will go to the website foot printing topic, then need to start email foot printing, then after this printing will move to the email foot printing. In module 2 need to study about the competitive intelligence, after this intelligence then need to study DNS Foot printing, then will move to the network foot printing, then will start foot printing through social engineering. Now we have few topics in module2 like foot printing tools, then countermeasures, and last will be foot printing pen testing.
Network scanning part is very important for the ethical hacking module. Need to study about the network scanning concept, then will move to the scanning tools, after the scanning tools will move to the scanning techniques, then we have to study about the banner grabbing, after the grabbing then will move to the draw network diagrams. Then finally will be the last topic of module3, means will be scanning pen testing.
Ethical hacking course is based on two combinations, first is network portion and last is web portion. Syllabus or outline is based on practical and real scenario.
Module1 - Introduction to ethical hacking
A. Information security(Day1)
B. Hack value(Day2)
F. Zero-day attack(Day6)
G. Daisy chaining(Day7)
K. concept Types and Phases(Day11)
L. Ethical Hacking concepts, and scope(Day12)
M. Information security controls(Day13)
Module2 - Footprinting concepts
A. Footprinting through search engines(Day1)
B. Footprinting through social networking sites(Day2)
C. Website footprinting(Day3)
D. Email footprinting(Day4)
E. Whois footprinting(Day5)
F. Network footprinting(Day6)
G. Footprinting Pen Testing(Day7)
Module3 - Overview of network scanning
A. Scanning Methodology(Day1)
B. check for the live system(Day2)
C. check for open ports(Day3)
D. scanning beyond IDS(Day4)
E. Scan for vulnerability(Day5)
F. Banner Grabbing(Day6)
G. draw network diagrams(Day7)
H. Scanning pen testing(Day8)
Module4 - Enumeration concepts
A. NetBIOS Enumeration, SNMP Enumeration, LDAP Enumeration, NTP Enumeration, SMTP and DNS Enumeration, Enumeration pentesting.(Day1 & Day2)
Module5 - System Hacking
A. Cracking Passwords, Escalating Privileges, Executing Applications, hiding files, Covering Tracks. (Day1 & Day2)
Module6 - Introduction to Malware
A. Trojan Concepts, Virus and Worm, Malware Reverse Engineering, Malware Detection, Malware countermeasures(Day1 & Day2)
Module7 - Sniffing Concepts
A. MAC Attacks, DHCP Attacks, Spoofing Attack, ARP poisoning, DNS Poisoning, Countermeasures. (Day1 & Day2)
B. Social Engineering Concepts, Social Engineering Techniques, Impersonation on Social Networking Sites, Identify Threat, Social engineering Countermeasures. (Day3 & Day4)
C. DoS/DDoS Concepts, Dos/DDOs Attack Techniques, Botnets, Dos/DDoS Attack Tools, Countermeasures, DDoS case study. (Day5 & Day6)
Module8 - Session hijacking Concepts
A. Network Level Session Hijacking, Application Level Session Hijacking, Countermeasures, Penetration Testing. (Day1 & Day2)
B. Hacking Web servers, Compromise of user accounts, Website defacement, Secondary attacks from the website, Root access to other application or servers, Data tampering and data theft. (Day3 & Day4)
Module9 - Hacking Web Applications
A. Web App concepts, Web App Threats, Hacking Methodology, Web Application Hacking Tools, Security Tools, Web App Pen Testing. (Day1 & Day2)
B. SQL Injection, SQL Injection concepts, SQL Injection Methodology, Types of SQL Injection, Evasion Techniques, Countermeasures(Day3 & Day4).
C. Hacking Wireless Networks, Wireless Concepts, Wireless Hacking Methodology Wireless Encryption, Wireless Hacking Tools, Wireless Threats, Bluetooth Hacking, Wi-Fi Pen Testing. (Day5 & Day6)
D. Hacking Mobile Platforms, Mobile Platform Attack Vendors, Hacking Android IOS Hacking IOS, Hacking windows phone OS, Mobile device Management, Mobile pen testing. (Day7 & Day8)
E. Evading IDS, Firewalls, and Honeypots, IDS, Firewall and Honeypot concepts, IDS, Firewall and Honeypot solutions, Evading IDS, Evading Firewalls. (Day9 & Day10)
F. IDS/Firewall Evading Tools, Detecting Honeypots, IDS/Firewall Evasion countermeasures, Penetration testing. (Day11 & Day12)
G. Cloud Computing, Introduction to Cloud Computing, Cloud computing Threats Cloud Computing Attacks, Cloud Security, Cloud Security Tools, Cloud Penetration Testing. (Day13 & Day14)
H. Cryptography, Cryptography concepts, Encryption Algorithms, Cryptography Tools, Public Key Infrastructure (PKI), Email Encryption, Disk Encryption, Cryptography Attacks, Cryptanalysis Tools(Day15 & Day16)