Certified Ethical Hacker (CEH) - TEC Cyber Security

Course Overview

The EC-Council Certified Ethical Hacker (CEH) v13 program is your gateway into the world of ethical hacking and offensive security. This intensive 5-day training is designed to equip cybersecurity professionals with the skills and mindset of malicious hackers — while teaching how to apply those techniques ethically, legally, and effectively.

CEH v13 is packed with 220+ hands-on labs, 3,500 advanced hacking tools, and a fully revamped syllabus aligned with today's threat landscape. Learners will dive deep into malware analysis, network scanning, system and web app attacks, and much more — all in a real-world, performance-based environment.

Learning Outcomes

Understand and apply the five phases of ethical hacking: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Tracks.

Master tools and techniques used by real-world hackers to assess and secure systems.

Analyze and counteract malware, ransomware, and advanced persistent threats (APT).

Identify and exploit vulnerabilities in web applications, networks, and cloud environments.

Prepare for the CEH exam with practical labs, case scenarios, and simulated real-world attacks.

Who Should Take This Course ?

Ideal for IT professionals, network admins, security officers, and anyone responsible for system integrity, this certification empowers you to anticipate threats, respond swiftly to incidents, and safeguard digital assets with confidence.

Take your cybersecurity career to the next level — master the hacker's playbook, and outsmart cybercriminals from the inside out.

Exam Information

Exam Title : Certified Ethical Hacker (ANSI)

Exam Code : 312-50 (ECC EXAM), 312-50 (VUE)

Number of Questions : 125

Duration : 4 Hours

Availability : ECC Exam Portal, VUE

Test Format : Multiple Choice

Passing Score : Please Refer EC-Council

Passing Score

This depends on the exam. Some of our exams state the exact passing score as a percentage required. Some of our exams' passing scores are based on the knowledge and skills needed to demonstrate competence in the subject matter and the difficulty of the questions that are delivered to a candidate.

The actual cut score (the number of items you need to answer correctly) is based on input from a group of subject-matter experts who review the diffculty of the questions in relation to the expected skills of the target audience. As a result, the number of items that you have to answer correctly varies depending on the difficulty of the questions delivered when you take the exam. This ensures that regardless of which combination of items you see, the evaluation of skills is fair. If you see a more difficult set of questions, the number of correct answers needed to pass is less than if you see an easier set of questions. As a result, providing a simple percent correct wouldn't provide useful information to someone who had to take the exam multiple times and saw different combinations of questions with different levels of difficulty.

Because the number of correct answers needed to pass varies based on the difficulty of the questions delivered, if you see a difficult combination of questions, your performance may actually be higher in relation to the passing standard even though you answered fewer questions (in other words, a lower percentage) correctly than if you saw an easier set of questions. Scaled scores simplify your ability to evaluate improvements in your performance over time. This is a standard practice across the certification and licensure industry.

Course Content & Modules

Introduction To Ethical Hacking

Module 01

Understanding the ethical hacking landscape, legal aspects, and professional responsibilities.

Information Security Overview

Elements of Information Security
Information Security Attacks: Motives, Goals, and Objectives
Classification of Attacks
Information Warfare

Ethical Hacking Concepts

What is Ethical Hacking?
Why Ethical Hacking is Necessary
Scope and Limitations of Ethical Hacking
Skills of an Ethical Hacker
AI-Driven Ethical Hacking
How AI-Driven Ethical Hacking Helps Ethical Hacker?
Myth: AI will Replace Ethical Hackers
ChatGPT-Powered AI Tools for Ethical Hackers

Hacking Methodologies and Frameworks

CEH Ethical Hacking Framework
Cyber Kill Chain Methodology
Adversary Behavioral Identification
Indicators of Compromise (IoCs)
Categories of Indicators of Compromise
MITRE ATT&CK Framework
Diamond Model of Intrusion Analysis

Information Security Controls

Information Assurance (IA)
Continual/Adaptive Security Strategy
Defense-in-Depth
What is Risk?
Risk Management
Cyber Threat Intelligence
Threat Intelligence Lifecycle
Threat Modeling
Incident Management
Incident Handling and Response
Role of AI and ML in Cyber Security
How Do AI and ML Prevent Cyber Attacks?

Information Security Laws and Standards

Payment Card Industry Data Security Standard (PCI DSS)
ISO/IEC Standards
Health Insurance Portability and Accountability Act (HIPAA)
Sarbanes Oxley Act (SOX)
The Digital Millennium Copyright Act (DMCA)
The Federal Information Security Management Act (FISMA)
General Data Protection Regulation (GDPR)
Data Protection Act 2018 (DPA)
Cyber Law in Different Countries

Footprinting and Reconnaissance

Module 02

Learn comprehensive information gathering techniques and reconnaissance methods using traditional and AI-powered tools.

Footprinting Concepts

Reconnaissance
Types of Footprinting/Reconnaissance
Information Obtained in Footprinting
Objectives of Footprinting
Footprinting Threats
Footprinting Methodology

Footprinting through Search Engines

Footprinting Using Advanced Google Hacking Techniques
What can a Hacker Do with Google Hacking?
Footprinting Using Advanced Google Hacking Techniques with AI
Google Hacking Database
VPN Footprinting through Google Hacking Database
VPN Footprinting through Google Hacking Database with AI
Footprinting through SHODAN Search Engine
Other Techniques for Footprinting through Search Engines

Footprinting through Internet Research Services

Finding a Company's Top-Level Domains (TLDs) and Sub-domains
Finding a Company's Top-Level Domains (TLDs) and Sub-domains with AI
Extracting Website Information from https://archive.org
Footprinting through People Search Services
Footprinting through Job Sites
Dark Web Footprinting
Searching the Dark Web with Advanced Search Parameters
Determining the Operating System
Competitive Intelligence Gathering
Other Techniques for Footprinting through Internet Research Services

Footprinting through Social Networking Sites

People Search on Social Networking Sites
Gathering Information from LinkedIn
Harvesting Email Lists
Harvesting Email Lists with AI
Analyzing Target Social Media Presence
Tools for Footprinting through Social Networking Sites
Footprinting through Social Networking Sites with AI

Who is Footprinting

Whois Lookup
Finding IP Geolocation Information

DNS Footprinting

Extracting DNS Information
DNS Lookup with AI
Reverse DNS Lookup

Footprinting through Social Engineering

Collecting Information through Social Engineering on Social Networking Sites
Collecting Information Using Eavesdropping, Shoulder Surfing, Dumpster Diving, and Impersonation

Footprinting Tasks using Advanced Tools and AI

AI-Powered OSINT Tools
Create and Run Custom Python Script to Automate Footprinting Tasks with AI
Footprinting Countermeasures

Port and Service Discovery

Port Scanning Techniques
TCP Connect/Full-Open Scan
Stealth Scan (Half-Open Scan)
Inverse TCP Flag Scan
Xmas Scan
TCP Maimon Scan
ACK Flag Probe Scan
IDLE/IPID Header Scan
UDP Scan
SCTP INIT Scan
SCTP COOKIE ECHO Scan
SSDP and List Scan
IPv6 Scan
Port Scanning with AI
Service Version Discovery
Service Version Discovery with AI
Nmap Scan Time Reduction Techniques

OS Discovery (Banner Grabbing/OS Fingerprinting)

Packet Fragmentation
Source Routing
Source Port Manipulation
IP Address Decoy
IP Address Spoofing
MAC Address Spoofing
Creating Custom Packets
Randomizing Host Order and Sending Bad Checksums
Proxy Servers
Proxy Chaining
Proxy Tools
Anonymizers
Censorship Circumvention Tools

Network Scanning Countermeasures

Ping Sweep Countermeasures
Port Scanning Countermeasures
Banner Grabbing Countermeasures
IP Spoofing Detection Techniques
IP Spoofing Countermeasures
Scanning Detection and Prevention Tools

Enumeration

Module 03

Learn comprehensive enumeration techniques to extract detailed information about network resources, services, and user accounts using traditional and AI-powered tools.

Enumeration Concepts

What is Enumeration?
Techniques for Enumeration
Services and Ports to Enumerate

NetBIOS Enumeration

NetBIOS Enumeration Tools
Enumerating User Accounts
Enumerating Shared Resources Using Net View
NetBIOS Enumeration using AI

SNMP Enumeration

Working of SNMP
Management Information Base (MIB)
Enumerating SNMP using SnmpWalk
Enumerating SNMP using Nmap
SNMP Enumeration Tools
SNMP Enumeration with SnmpWalk and Nmap using AI

LDAP Enumeration

Manual and Automated LDAP Enumeration
LDAP Enumeration Tools

NTP and NFS Enumeration

NTP Enumeration
NTP Enumeration Commands
NTP Enumeration Tools
NFS Enumeration
NFS Enumeration Tools

SMTP and DNS Enumeration

SMTP Enumeration
SMTP Enumeration using Nmap
SMTP Enumeration using Metasploit
SMTP Enumeration Tools
SMTP Enumeration using AI
DNS Enumeration Using Zone Transfer
DNS Cache Snooping
DNSSEC Zone Walking
DNS Enumeration Using OWASP Amass
DNS and DNSSEC Enumeration Using Nmap
DNS Enumeration with Nmap Using AI
DNS Cache Snooping using AI

Other Enumeration Techniques

IPsec Enumeration
IPsec Enumeration with AI
VoIP Enumeration
RPC Enumeration
Unix/Linux User Enumeration
SMB Enumeration
SMB Enumeration with AI
Create and Run Custom Script to Automate Network Enumeration Tasks with AI

Enumeration Countermeasures

SNMP, LDAP, NFS, SMTP, SMB and DNS Enumeration Countermeasures

Vulnerability Assessment

Module 04

Learn comprehensive vulnerability assessment techniques, tools, and methodologies to identify, analyze, and report security weaknesses using traditional and AI-powered solutions.

Vulnerability Assessment Concepts

Vulnerability Classification
Vulnerability Scoring Systems and Databases
Common Vulnerability Scoring System (CVSS)
Common Vulnerabilities and Exposures (CVE)
National Vulnerability Database (NVD)
Common Weakness Enumeration (CWE)
Vulnerability-Management Life Cycle
Pre-Assessment Phase
Vulnerability Assessment Phase
Post Assessment Phase
Vulnerability Research
Resources for Vulnerability Research
Vulnerability Scanning and Analysis
Types of Vulnerability Scanning

Vulnerability Assessment Tools

Comparing Approaches to Vulnerability Assessment
Characteristics of a Good Vulnerability Assessment Solution
Working of Vulnerability Scanning Solutions
Types of Vulnerability Assessment Tools
Choosing a Vulnerability Assessment Tool
Criteria for Choosing a Vulnerability Assessment Tool
Best Practices for Selecting Vulnerability Assessment Tools
Vulnerability Assessment Tools
AI-Powered Vulnerability Assessment Tools
Vulnerability Assessment using AI
Vulnerability Scan using Nmap with AI
Vulnerability Assessment using Python Script with AI
Vulnerability Scan using Skipfish with AI

Vulnerability Assessment Reports

Vulnerability Assessment Reports
Components of a Vulnerability Assessment Report

System Hacking

Module 05

Master advanced system hacking techniques including gaining access, privilege escalation, maintaining persistence, and covering tracks using sophisticated methods and tools.

Gaining Access

Cracking Passwords
Vulnerability Exploitation

Privilege Escalation

Privilege Escalation Using DLL Hijacking
Privilege Escalation by Exploiting Vulnerabilities
Privilege Escalation Using Dylib Hijacking
Privilege Escalation Using Spectre and Meltdown Vulnerabilities
Privilege Escalation Using Named Pipe Impersonation
Privilege Escalation by Exploiting Misconfigured Services
Pivoting and Relaying to Hack External Machines
Privilege Escalation Using Misconfigured NFS
Privilege Escalation by Bypassing User Account Control (UAC)
Privilege Escalation by Abusing Boot or Logon Initialization Scripts
Privilege Escalation by Modifying Domain Policy
Retrieving Password Hashes of Other Domain Controllers Using DCSync Attack
Privilege Escalation by Abusing Active Directory Certificate Services (ADCS)
Other Privilege Escalation Techniques
Privilege Escalation Tools
How to Defend against Privilege Escalation
Tools for Defending against DLL and Dylib Hijacking
Defending against Spectre and Meltdown Vulnerabilities
Tools for Detecting Spectre and Meltdown Vulnerabilities

Maintaining Access

Executing Applications
Hiding Files
Establishing Persistence

Clearing Logs

Covering Tracks
Disabling Auditing: Auditpol
Clearing Logs
Manually Clearing Event Logs
Ways to Clear Online Tracks
Covering BASH Shell Tracks
Covering Tracks on a Network
Covering Tracks on an OS
Delete Files using Cipher.exe
Disable Windows Functionality
Deleting Windows Activity History
Deleting Incognito History
Hiding Artifacts in Windows, Linux, and macOS
Anti-forensics Techniques
Track-Covering Tools
Defending against Covering Tracks

Malware Threats

Module 06

Comprehensive understanding of malware threats including trojans, viruses, worms, fileless malware, APTs, and advanced analysis techniques with AI-powered detection and countermeasures.

Malware Concepts

Introduction to Malware
Different Ways for Malware to Enter a System
Common Techniques Attackers Use to Distribute Malware on the Web
Components of Malware
Potentially Unwanted Application or Applications (PUAs)

APT Concepts

What are Advanced Persistent Threats?
Characteristics of Advanced Persistent Threats
Advanced Persistent Threat Lifecycle

Trojan Concepts

What is a Trojan?
How Hackers Use Trojans
Common Ports used by Trojans
Types of Trojans
Remote Access Trojans
Backdoor Trojans
Botnet Trojans
Rootkit Trojans
E-banking Trojans
Working of E-banking Trojans
Point-of-Sale Trojans
Defacement Trojans
Service Protocol Trojans
Mobile Trojans
IoT Trojans
Security Software Disabler Trojans
Destructive Trojans
DDoS Trojans
Command Shell Trojans
How to Infect Systems Using a Trojan
Creating a Trojan
Employing a Dropper or Downloader
Employing a Wrapper
Employing a Crypter
Propagating and Deploying a Trojan
Exploit Kits

Virus and Worm Concepts

Introduction to Viruses
Stages of Virus Lifecycle
Working of Viruses
How does a Computer Get Infected by Viruses?
Types of Viruses
How to Infect Systems Using a Virus
Propagating and Deploying a Virus
Ransomware
How to Infect Systems Using a Ransomware: Creating Ransomware
Computer Worms
How to Infect Systems Using a Worm
Worm Makers

Fileless Malware Concepts

What is Fileless Malware?
Taxonomy of Fileless Malware Threats
How does Fileless Malware Work?
Launching Fileless Malware through Document Exploits
Launching Fileless Malware through In-Memory Exploits
Launching Fileless Malware through Script-based Injection
Launching Fileless Malware by Exploiting System Admin Tools
Launching Fileless Malware through Phishing
Launching Fileless Malware through Windows Registry
Maintaining Persistence with Fileless Techniques
Fileless Malware
Fileless Malware Obfuscation Techniques to Bypass Antivirus

Malware Analysis

What is Sheep Dip Computer?
Antivirus Sensor Systems
Introduction to Malware Analysis
Malware Analysis Procedure
Preparing Testbed
Static Malware Analysis
Finding the Portable Executables (PE) Information
Local and Online Malware Scanning
Identifying File Dependencies
Malware Disassembly
Performing Strings Search
Analyzing ELF Executable Files
Identifying Packing/Obfuscation Methods
Analyzing Mach Object (Mach-O) Executable Files
Analyzing Malicious MS Office Documents
Analyzing Suspicious PDF Document
Analyzing Suspicious Documents Using YARA
Dynamic Malware Analysis
Port Monitoring
Process Monitoring
Windows Services Monitoring
Startup Programs Monitoring
Event Logs Monitoring/Analysis
Installation Monitoring
Files and Folders Monitoring
Device Drivers Monitoring
Network Traffic Monitoring/Analysis
DNS Monitoring/Resolution
API Calls Monitoring
System Calls Monitoring
Scheduled Tasks Monitoring
Browser Activity Monitoring
Virus Detection Methods
Malware Code Emulation
Malware Code Instrumentation
Trojan Analysis: Coyote
Virus Analysis: GhostLocker 2.0
Fileless Malware Analysis: PyLoose
AI-based Malware Analysis: FakeGPT

Malware Countermeasures

Trojan Countermeasures
Backdoor Countermeasures
Virus and Worm Countermeasures
Fileless Malware Countermeasures
AI-based Malware Countermeasures
Adware Countermeasures
APT Countermeasures

Anti-Malware Software

Anti-Trojan Software
Antivirus Software
Fileless Malware Detection Tools
Fileless Malware Protection Tools
AI-Powered Malware Detection and Analysis Tools
Endpoint Detection and Response (EDR/XDR) Tools

Sniffing

Module 08

Master network sniffing techniques including MAC attacks, DHCP attacks, ARP poisoning, spoofing attacks, DNS poisoning, and comprehensive countermeasures with professional tools like Wireshark.

Sniffing Concepts

Network Sniffing
How a Sniffer Works
Types of Sniffing
How an Attacker Hacks the Network Using Sniffers
Protocols Vulnerable to Sniffing
Sniffing in the Data Link Layer of the OSI Model
Hardware Protocol Analyzers
SPAN Port
Wiretapping
Lawful Interception

Sniffing Technique: MAC Attacks

MAC Address
CAM Table
How CAM Works
What Happens when a CAM Table is Full?
MAC Flooding
Switch Port Stealing
How to Defend against MAC Attacks

Sniffing Technique: DHCP Attacks

How DHCP Works
DHCP Request/Reply Messages
IPv4 DHCP Packet Format
DHCP Starvation Attack
Rogue DHCP Server Attack
DHCP Attack Tools
How to Defend Against DHCP Starvation and Rogue Server Attacks

Sniffing Technique: ARP Poisoning

What Is Address Resolution Protocol (ARP)?
ARP Spoofing Attack
Threats of ARP Poisoning
ARP Spoofing/Poisoning Tools
How to Defend Against ARP Poisoning
Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches
ARP Spoofing Detection Tools

Sniffing Technique: Spoofing Attacks

MAC Spoofing/Duplicating
MAC Spoofing Technique: Windows
MAC Spoofing Tools
IRDP Spoofing
VLAN Hopping
STP Attack
How to Defend Against MAC Spoofing
How to Defend Against VLAN Hopping
How to Defend Against STP Attacks

Sniffing Technique: DNS Poisoning

DNS Poisoning Techniques
Intranet DNS Spoofing
Internet DNS Spoofing
Proxy Server DNS Poisoning
DNS Cache Poisoning
DNS Poisoning Tools
How to Defend Against DNS Spoofing

Sniffing Tools

Wireshark
Follow TCP Stream in Wireshark
Display Filters in Wireshark
Additional Wireshark Filters
Sniffing Tools

Sniffing Countermeasures

How to Defend Against Sniffing
How to Detect Sniffing
Sniffer Detection Techniques
Promiscuous Detection Tools

Social Engineering

Module 09

Master social engineering techniques including human-based, computer-based, and mobile-based attacks with modern AI-powered methods like deepfakes, voice cloning, and advanced phishing with comprehensive countermeasures.

Social Engineering Concepts

What is Social Engineering?
Types of Social Engineering

Human-based Social Engineering Techniques

Impersonation
Impersonation (Vishing)
Eavesdropping
Shoulder Surfing
Dumpster Diving
Reverse Social Engineering
Piggybacking
Tailgating
Diversion Theft
Honey Trap
Baiting
Quid Pro Quo
Elicitation
Bait and Switching

Computer-based Social Engineering Techniques

Phishing
Examples of Phishing Emails
Types of Phishing
Phishing Tools
Crafting Phishing Emails with ChatGPT
Other Techniques for Computer-based Social Engineering
Perform Impersonation using AI: Create Deepfake Videos
Perform Impersonation using AI: Voice Cloning
Perform Impersonation on Social Networking Sites
Identity Theft

Mobile-based Social Engineering Techniques

Publishing Malicious Apps
Repackaging Legitimate Apps
Fake Security Applications
SMiShing (SMS Phishing)
QRLJacking

Social Engineering Countermeasures

How to Defend against Phishing Attacks?
Identity Theft Countermeasures
Voice Cloning Countermeasures
Deepfake Attack Countermeasures
How to Detect Phishing Emails?
Anti-Phishing Toolbar
Common Social Engineering Targets and Defense Strategies
Audit Organization's Security for Phishing Attacks using OhPhish

Denial-of-Service

Module 10

Master DoS/DDoS attack techniques including botnets, amplification attacks, multi-vector attacks, and comprehensive countermeasures with advanced protection strategies and modern case studies.

DoS/DDoS Concepts

What is a DoS Attack?
What is a DDoS Attack?
How do DDoS Attacks Work?
Botnets
Organized Cyber Crime: Organizational Chart
Botnets
A Typical Botnet Setup
Botnet Ecosystem
Scanning Methods for Finding Vulnerable Machines
How Does Malicious Code Propagate?
DDoS Case Study
DDoS Attack
Hackers Advertise Links for Downloading Botnets
Use of Mobile Devices as Botnets for Launching DDoS Attacks
DDoS Case Study: HTTP/2 'Rapid Reset' Attack on Google Cloud

DoS/DDoS Attack Techniques

Basic Categories of DoS/DDoS Attack Vectors
DoS/DDoS Attack Techniques
UDP Flood Attack
ICMP Flood Attack
Ping of Death Attack
Smurf Attack
Pulse Wave DDoS Attack
Zero-Day DDoS Attack
NTP Amplification Attack
SYN Flood Attack
Fragmentation Attack
Spoofed Session Flood Attack
HTTP GET/POST Attack
Slowloris Attack
UDP Application Layer Flood Attack
Multi-Vector Attack
Peer-to-Peer Attack
Permanent Denial-of-Service Attack
TCP SACK Panic Attack
Distributed Reflection Denial-of-Service (DRDoS) Attack
DDoS Extortion/Ransom DDoS (RDDoS) Attack
DoS/DDoS Attack Toolkits in the Wild

DoS/DDoS Attack Countermeasures

Detection Techniques
DoS/DDoS Countermeasure Strategies
DDoS Attack Countermeasures
Protect Secondary Victims
Detect and Neutralize Handlers
Prevent Potential Attacks
Deflect Attacks
Mitigate Attacks
Post-Attack Forensics
Techniques to Defend against Botnets
Additional DoS/DDoS Countermeasures
DoS/DDoS Protection at ISP Level
Enabling TCP Intercept on Cisco IOS Software
Advanced DDoS Protection Appliances
DoS/DDoS Protection Tools
DoS/DDoS Protection Services

Session Hijacking

Module 11

Master session hijacking techniques including application-level and network-level attacks, modern tools like Hetty and Caido, and comprehensive countermeasures with advanced detection and prevention strategies.

Session Hijacking Concepts

What is Session Hijacking?
Why is Session Hijacking Successful?
Session Hijacking Process
Packet Analysis of a Local Session
Hijack
Types of Session Hijacking
Session Hijacking in OSI Model
Spoofing vs. Hijacking

Application-Level Session Hijacking

Compromising Session IDs Using Sniffing
Compromising Session IDs by Predicting Session Token
How to Predict a Session Token
Compromising Session IDs Using Man-in-the-Middle/Manipulator-in-the-Middle
Compromising Session IDs Using Man-in-the-Browser/Manipulator-in-the-Browser
Compromising Session IDs Using Client-side Attacks
Compromising Session IDs Using Client-side Attacks: Cross-site Script Attack
Compromising Session IDs Using Client-side Attacks: Cross-site Request Forgery
Compromising Session IDs Using Session Replay Attacks
Compromising Session IDs Using Session Fixation
Session Hijacking Using Proxy Servers
Session Hijacking Using CRIME Attack
Session Hijacking Using Forbidden Attack
Session Hijacking Using Session Donation Attack

Session Hijacking Tools

Hetty
Caido
bettercap

Session Hijacking Countermeasures

Session Hijacking Detection Methods
Protecting against Session Hijacking
Web Development Guidelines to Prevent Session Hijacking
Web User Guidelines to Prevent Session Hijacking
Session Hijacking Detection Tools
Approaches to Prevent Session Hijacking
Approaches to Prevent MITM Attacks
IPsec
Session Hijacking Prevention Tools

Evading IDS, Firewalls, and Honeypots

Module 12

Master advanced evasion techniques for IDS, IPS, and firewalls including tunneling methods, proxy bypassing, and comprehensive countermeasures with modern detection and prevention strategies.

IDS, IPS, and Firewall Concepts

Intrusion Detection System (IDS)
Intrusion Prevention System (IPS)
How an IDS Detects an Intrusion?
General Indications of Intrusions
Types of Intrusion Detection Systems
Types of IDS Alerts
Firewall
Firewall Architecture
Demilitarized Zone (DMZ)
Types of Firewalls
Packet Filtering Firewall
Circuit-Level Gateway Firewall
Application-Level Firewall
Stateful Multilayer Inspection Firewall
Application Proxy
Network Address Translation (NAT)
Virtual Private Network
Next-Generation Firewalls (NGFWs)
Firewall Limitations

IDS, IPS, and Firewall Solutions

Intrusion Detection using YARA Rules
Intrusion Detection Tools
Intrusion Prevention Tools
Firewalls

Evading IDS/Firewalls

IDS/Firewall Evasion Techniques
IDS/Firewall Identification
IP Address Spoofing
Source Routing
Tiny Fragments
Bypass Blocked Sites Using an IP Address in Place of a URL
Bypass Blocked Sites Using Anonymous Website Surfing Sites
Bypass an IDS/Firewall Using a Proxy Server
Bypassing an IDS/Firewall through the ICMP Tunneling Method
Bypassing an IDS/Firewall through the ACK Tunneling method
Bypassing an IDS/Firewall through the HTTP Tunneling Method
Bypassing Firewalls through the SSH Tunneling Method
Bypassing Firewalls through the DNS Tunneling Method
Bypassing an IDS/Firewall through External Systems
Bypassing an IDS/Firewall through MITM Attacks

Hacking Web Servers

Module 13

Master web server hacking techniques including Apache, IIS, and NGINX exploitation, modern attack methods like HTTP/2 attacks and frontjacking, and comprehensive countermeasures with AI-powered tools and patch management.

Web Server Concepts

Web Server Operations
Web Server Security Issues
Why are Web Servers Compromised?
Apache Web Server Architecture
Apache Vulnerabilities
IIS Web Server Architecture
IIS Vulnerabilities
NGINX Web Server Architecture
NGINX Vulnerabilities

Web Server Attacks

DNS Server Hijacking
DNS Amplification Attack
Directory Traversal Attacks
Website Defacement
Web Server Misconfiguration
HTTP Response-Splitting Attack
Web Cache Poisoning Attack
SSH Brute Force Attack
FTP Brute Force with AI
HTTP/2 Continuation Flood Attack
Frontjacking Attack
Other Web Server Attacks

Web Server Attack Methodology

Information Gathering
Information Gathering from Robots.txt File
Web Server Footprinting/Banner Grabbing
Web Server Footprinting Tools
Web Server Footprinting with AI
Web Server Footprinting using Netcat with AI
IIS Information Gathering using Shodan
Abusing Apache mod_userdir to Enumerate User Accounts
Enumerating Web Server Information Using Nmap
Finding Default Credentials of Web Server
Finding Default Content of Web Server
Directory Brute Forcing
Directory Brute Forcing with AI
Vulnerability Scanning
NGINX Vulnerability Scanning using Nginxpwner
Finding Exploitable Vulnerabilities
Finding Exploitable Vulnerabilities with AI
Session Hijacking
Web Server Password Hacking
Using Application Server as a Proxy
Path Traversal via Misconfigured NGINX Alias

Web Server Attack Tools

Web Server Attack Tools

Web Server Attack Countermeasures

Place Web Servers in Separate Secure Server Security Segment on Network
Countermeasures: Patches and Updates
Countermeasures: Protocols and Accounts
Countermeasures: Files and Directories
Detecting Web Server Hacking Attempts
How to Defend against Web Server Attacks
How to Defend against HTTP Response-Splitting and Web Cache Poisoning
How to Defend against DNS Hijacking
Web Application Security Scanners
Web Server Security Scanners
Web Server Malware Infection Monitoring Tools
Web Server Security Tools
Web Server Pen Testing Tools

Patch Management

Patches and Hotfixes
What is Patch Management?
Installation of a Patch
Patch Management Best Practices
Patch Management Tools

Hacking Web Applications

Module 14

Master comprehensive web application hacking techniques including OWASP Top 10 vulnerabilities, modern attack methodologies, client-side controls bypass, authentication/authorization attacks, and advanced injection techniques with professional tools and countermeasures.

Web Application Concepts

Introduction to Web Applications
Web Application Architecture
Web Services
Vulnerability Stack
Web Application Threats
OWASP Top 10 Application Security Risks – 2021

Web Application Attacks

Other Web Application Attacks

Web Application Hacking Methodology

Footprint Web Infrastructure
Analyze Web Applications
Bypass Client-side Controls
Attack Authentication Mechanism
Attack Authorization Schemes
Attack Access Controls
Attack Session Management Mechanism
Perform Injection/Input Validation Attacks
Attack Application Logic Flaws
Attack Shared Environments
Attack Database Connectivity
Attack Web Application Client
Attack Web Services

SQL Injection

Module 15

Master comprehensive SQL injection techniques including in-band, blind, and out-of-band attacks, advanced evasion methods, IDS bypass techniques, and professional countermeasures with detection tools and defense strategies.

SQL Injection Concepts

What is SQL Injection?
SQL Injection and Server-side Technologies
Understanding HTTP POST Request
Understanding Normal SQL Query
Understanding an SQL Injection Query
Understanding an SQL Injection Query—Code Analysis
Example of a Web Application Vulnerable to SQL Injection: BadProductList.aspx
Example of a Web Application Vulnerable to SQL Injection: Attack Analysis
Examples of SQL Injection

Types of SQL Injection

In-Band SQL Injection
Error Based SQL Injection
Union SQL Injection
Blind/Inferential SQL Injection
Out-of-Band SQL injection

SQL Injection Methodology

Information Gathering and SQL Injection Vulnerability Detection
Launch SQL Injection Attacks
Advanced SQL Injection

Evasion Techniques

Evading IDS
Types of Signature Evasion Techniques
Evasion Techniques

SQL Injection Countermeasures

How to Defend Against SQL Injection Attacks
Defenses in the Application
Detecting SQL Injection Attacks
SQL Injection Detection Tools

Hacking Wireless Networks

Module 16

Master comprehensive wireless network hacking techniques including WEP, WPA, WPA2, and WPA3 exploitation, modern attack methods like KRACK and aLTEr, advanced threats including honeypot and wormhole attacks, and professional countermeasures with WIPS deployment.

Wireless Concepts

Wireless Terminology
Wireless Networks
Wireless Standards
Service Set Identifier (SSID)
Wi-Fi Authentication Process
Types of Wireless Antennas
Wireless Encryption
Wireless Encryption
Comparison of WEP, WPA, WPA2, and WPA3
Issues with WEP, WPA, WPA2, and WPA3

Wireless Threats

Access Control Attacks
Integrity Attacks
Confidentiality Attacks
Availability Attacks
Authentication Attacks
Honeypot AP Attack
Wormhole Attack
Sinkhole Attack
Inter-Chip Privilege Escalation/Wireless Co-Existence Attack

Wireless Hacking Methodology

Wi-Fi Discovery
Wireless Traffic Analysis
Launch of Wireless Attacks
Wi-Fi Encryption Cracking

Wireless Attack Countermeasures

Wireless Security Layers
Defense Against WPA/WPA2/WPA3 Cracking
Defense Against KRACK Attacks
Defense Against aLTEr Attacks
Detection and Blocking of Rogue APs
Defense Against Wireless Attacks
Wireless Intrusion Prevention Systems
WIPS Deployment
Wi-Fi Security Auditing Tools
Wi-Fi IPSs

Hacking Mobile Platforms

Module 17

Master comprehensive mobile platform hacking techniques including Android and iOS exploitation, OWASP Top 10 Mobile Risks 2024, modern attack vectors like Agent Smith and Simjacker, advanced threats including SS7 exploitation and OTP hijacking, and professional mobile security management with MDM solutions.

Mobile Platform Attack Vectors

Vulnerable Areas in Mobile Business Environment
OWASP Top 10 Mobile Risks - 2024
Anatomy of a Mobile Attack
How a Hacker can Profit from Mobile Devices that are Successfully Compromised
Mobile Attack Vectors and Mobile Platform Vulnerabilities
Security Issues Arising from App Stores
App Sandboxing Issues
Mobile Spam
SMS Phishing Attack (SMiShing) (Targeted Attack Scan)
SMS Phishing Attack Examples
Pairing Mobile Devices on Open Bluetooth and Wi-Fi Connections
Agent Smith Attack
Exploiting SS7 Vulnerability
Simjacker: SIM Card Attack
Call Spoofing
OTP Hijacking/Two-Factor Authentication Hijacking
OTP Hijacking Tools
Camera/Microphone Capture Attacks
Camera/Microphone Hijacking Tools

Hacking Android OS

Android OS
Android Device Administration API
Android Rooting
Hacking Android Devices
Securing Android Devices

Hacking iOS

Apple iOS
Jailbreaking iOS
Hacking iOS Devices
Securing iOS Devices

Mobile Device Management

Mobile Device Management (MDM)
Mobile Device Management Solutions
Bring Your Own Device (BYOD)
BYOD Risks
BYOD Policy Implementation
BYOD Security Guidelines

Mobile Security Guidelines and Tools

Mobile Security Guidelines
Mobile Security Tools

IoT and OT Hacking

Module 18

Master comprehensive IoT and Operational Technology (OT) hacking techniques including smart device exploitation, industrial control system attacks, SCADA vulnerabilities, modern IoT attack methodologies, and professional countermeasures for critical infrastructure protection.

IoT Hacking

IoT Concepts and Attacks
IoT Hacking Methodology

OT Hacking

OT Concepts and Attacks
OT Hacking Methodology
OT Attack Countermeasures

Cloud Computing

Module 19

Master comprehensive cloud computing security including AWS, Azure, and GCP exploitation, container and Kubernetes security, serverless computing attacks, modern cloud threats like Cloud Hopper and Golden SAML, and professional cloud security management with CASB and zero trust architectures.

Cloud Computing Concepts

Introduction to Cloud Computing
Types of Cloud Computing Services
Shared Responsibilities in Cloud
Cloud Deployment Models
NIST Cloud Deployment Reference Architecture
Cloud Storage Architecture
Virtual Reality and Augmented Reality on Cloud
Fog Computing
Edge Computing
Cloud vs. Fog Computing vs. Edge Computing
Cloud Computing vs. Grid Computing
Cloud Service Providers

Container Technology

What is a Container?
Containers Vs. Virtual Machines
What is Docker?
Container Orchestration
What is Kubernetes?
Clusters and Containers
Container Security Challenges
Container Management Platforms
Kubernetes Platforms

Serverless Computing

What is Serverless Computing?
Serverless Vs. Containers
Serverless Computing Frameworks

Cloud Computing Threats

OWASP Top 10 Cloud Security Risks
OWASP Top 10 Kubernetes Risks
OWASP Top 10 Serverless Security Risks
Cloud Computing Threats
Container Vulnerabilities
Kubernetes Vulnerabilities

Cloud Attacks

Service Hijacking using Social Engineering
Service Hijacking using Network Sniffing
Side-Channel Attacks or Cross-guest VM Breaches
Wrapping Attack
Man-in-the-Cloud (MITC) Attack
Cloud Hopper Attack
Cloud Cryptojacking
Cloudborne Attack
Instance Metadata Service (IMDS) Attack
Cache Poisoned Denial of Service (CPDoS)/Content Delivery Network (CDN) Cache Poisoning Attack
Cloud Snooper Attack
Golden SAML Attack
Living Off the Cloud Attack (LotC)
Other Cloud Attacks
Cloud Malware

Cloud Hacking

Cloud Hacking
Cloud Hacking Methodology
Identifying Target Cloud Environment
Discovering Open Ports and Services Using Masscan
Vulnerability Scanning Using Prowler
Identifying Misconfigurations in Cloud Resources Using CloudSploit
Cleanup and Maintaining Stealth

AWS Hacking

Enumerating S3 Buckets
Enumerating S3 Buckets using SScanner
Enumerating S3 Bucket Permissions using BucketLoot
Enumerating S3 Buckets using CloudBrute
Enumerating EC2 Instances
Enumerating AWS RDS Instances
Enumerating AWS Account IDs
Enumerating IAM Roles
Enumerating Weak IAM Policies Using Cloudsplaining
Enumerating AWS Cognito
Enumerating DNS Records of AWS Accounts using Ghostbuster
Enumerating Serverless Resources in AWS
Discovering Attack Paths using Cartography
Discovering Attack Paths using CloudFox
Identify Security Groups Exposed to the Internet
AWS Threat Emulation using Stratus Red Team
Gathering Cloud Keys Through IMDS Attack
Exploiting Misconfigured AWS S3 Buckets
Compromising AWS IAM Credentials
Hijacking Misconfigured IAM Roles using Pacu
Scanning AWS Access Keys using DumpsterDiver
Exploiting Docker Containers on AWS using Cloud Container Attack Tool (CCAT)
Exploiting Shadow Admins in AWS
Gaining Access by Exploiting SSRF Vulnerabilities
Attacks on AWS Lambda
AWS IAM Privilege Escalation Techniques
Creating Backdoor Accounts in AWS
Maintaining Access and Covering Tracks on AWS Cloud Environment by Manipulating the CloudTrail Service
Establishing Persistence on EC2 Instances
Lateral Movement: Moving Between AWS Accounts and Regions
AWSGoat: A Damn Vulnerable AWS Infrastructure

Microsoft Azure Hacking

Azure Reconnaissance Using AADInternals
Identifying Azure Services and Resources
Enumerating Azure Active Directory (AD) Accounts
Identifying Attack Surface using Stormspotter
Collecting Data from AzureAD and AzureRM using AzureHound
Accessing Publicly Exposed Blob Storage using Goblob
Identifying Open Network Security Groups (NSGs) in Azure
Exploiting Managed Identities and Azure Functions
Privilege Escalation Using Misconfigured User Accounts in Azure AD
Creating Persistent Backdoors in Azure AD Using Service Principals
Exploiting VNet Peering Connections
AzureGoat – Vulnerable by Design Azure Infrastructure

Google Cloud Hacking

Enumerating GCP Resources using Google Cloud CLI
Enumerating Google Cloud Storage Buckets using cloud_enum
Enumerating Privilege Escalation Vulnerabilities using GCP Privilege Escalation Scanner
Escalating Privileges of Google Storage Buckets using GCPBucketBrute
Maintaining Access: Creating Backdoors with IAM Roles in GCP
GCPGoat: Vulnerable by Design GCP Infrastructure

Container Hacking

Information Gathering using kubectl
Enumerating Registries
Container/Kubernetes Vulnerability Scanning
Exploiting Docker Remote API
Hacking Container Volumes
LXD/LXC Container Group Privilege Escalation
Post Enumeration on Kubernetes etcd

Cloud Security

Cloud Security Control Layers
Cloud Security is the Responsibility of both Cloud Provider and Consumer
Cloud Computing Security Considerations
Placement of Security Controls in the Cloud
Assessing Cloud Security using Scout Suite
Best Practices for Securing the Cloud
Best Practices for Securing AWS Cloud
Best Practices for Securing Microsoft Azure
Best Practices for Securing Google Cloud Platform
NIST Recommendations for Cloud Security
Security Assertion Markup Language (SAML)
Cloud Network Security
Cloud Security Controls
Kubernetes Vulnerabilities and Solutions
Serverless Security Risks and Solutions
Best Practices for Container Security
Best Practices for Docker Security
Best Practices for Kubernetes Security
Best Practices for Serverless Security
Zero Trust Networks
Organization/Provider Cloud Security Compliance Checklist
International Cloud Security Organizations
Shadow Cloud Asset Discovery Tools
Cloud Security Tools
Container Security Tools
Kubernetes Security Tools
Serverless Application Security Solutions
Cloud Access Security Broker (CASB)
CASB Solutions
Next-Generation Secure Web Gateway (NG SWG)

Cryptography

Module 20

Master comprehensive cryptography and cryptanalysis techniques including symmetric and asymmetric encryption, quantum cryptography, modern attack methods like DUHK and DROWN, blockchain security, and professional cryptographic tools with advanced defense strategies.

Cryptography Concepts and Encryption Algorithms

Cryptography
Government Access to Keys (GAK)
Ciphers
Symmetric Encryption Algorithms
Asymmetric Encryption Algorithms
Message Digest (One-way Hash) Functions
Message Digest Functions
Message Digest Functions Calculators
Multi-layer Hashing Calculators
Hardware-Based Encryption
Quantum Cryptography
Other Encryption Techniques
Cipher Modes of Operation
Modes of Authenticated Encryption

Cryptography Tools

Cryptography Toolkits

Applications of Cryptography

Public Key Infrastructure (PKI)
Certification Authorities
Signed Certificate (CA) vs. Self-Signed Certificate
Digital Signature
Secure Sockets Layer (SSL)
Transport Layer Security (TLS)
Pretty Good Privacy (PGP)
GNU Privacy Guard (GPG)
Web of Trust (WOT)
Encrypting Email Messages in Outlook
Signing/Encrypting Email Messages on Mac
Encrypting/Decrypting Email Messages Using OpenPGP
Email Encryption Tools
Disk Encryption
Disk Encryption Tools
Disk Encryption Tools for Linux
Disk Encryption Tools for macOS
Blockchain

Cryptanalysis

Cryptanalysis Methods
Cryptography Attacks
Code Breaking Methodologies
Brute-Force Attack
Brute-Forcing VeraCrypt Encryption
Meet-in-the-Middle Attack on Digital Signature Schemes
Side-Channel Attack
Hash Collision Attack
DUHK Attack
DROWN Attack
Rainbow Table Attack
Related-Key Attack
Padding Oracle Attack
Attacks on Blockchain
Quantum Computing Risks
Quantum Computing Attacks

Cryptanalysis Tools

Cryptanalysis Tools
Online MD5 Decryption Tools

Cryptography Attack Countermeasures

How to Defend Against Cryptographic Attacks
Key Stretching

Duration

3 Days

Level

Advanced

Certification

EC-Council

Language

English & Malay

Format

Online & Physical

Starting from

EC Council Certified Ethical Hacker (CEH) v13