Ethical Hacking Essentials (EHE) Training
Ethical Hacking Essentials (EHE) Training
EHE training is designed to give you a strong foundation in the techniques and tools ethical hackers use to identify and address security vulnerabilities.
Read more- Award Winning E-learning
- Lowest price guarantee
- Personalized service by our expert team
- Pay safely online or by invoice
- Order and start within 24 hours
Ethical Hacking Essentials (EHE) Training
Ethical Hacking Essentials is an Introductory cybersecurity course that covers ethical hacking and penetration testing fundamentals. It offers hands-on experience in computer and network security concepts such as threats, vulnerabilities, password cracking, web applications, and more. Test your learnings with CTF-based Capstone Projects and validate your newly acquired skills in proctored exams. With 15 hours of premium learning, 11 labs, and 12 modules, the E|HE provides a solid foundation and formal recognition to boost your resume and open doors for better opportunities.
Course content
Module 01: Information Security Fundamentals
Discuss Information Security Fundamentals
o What is Information Security?
o Need for Security
o Elements of Information Security
o The Security, Functionality, and Usability Triangle
o Security Challenges
o Motives, Goals, and Objectives of Information Security Attacks
o Classification of Attacks
o Information Security Attack Vectors
Discuss Various Information Security Laws and Regulations
o Payment Card Industry Data Security Standard (PCI DSS)
o ISO/IEC 27001:2013
o Health Insurance Portability and Accountability Act (HIPAA)
o Sarbanes Oxley Act (SOX)
o The Digital Millennium Copyright Act (DMCA)
o The Federal Information Security Management Act (FISMA)
o General Data Protection Regulation (GDPR)
o Data Protection Act 2018 (DPA)
o Cyber Law in Different Countries
Module 02: Ethical Hacking Fundamentals
Understand Cyber Kill Chain Methodology
o Cyber Kill Chain Methodology
o Tactics, Techniques, and Procedures (TTPs)
o Adversary Behavioral Identification
o Indicators of Compromise (IoCs)
• Categories of Indicators of Compromise
Discuss Hacking Concepts and Hacker Classes
o What is Hacking?
o Who is a Hacker?
o Hacker Classes/Threat Actors
• Black Hats
• White Hats
• Gray Hats
• Suicide Hackers
• Script Kiddies
• Cyber Terrorists
• State-Sponsored Hackers
• Hacktivist
• Hacker Teams
• Industrial Spies
• Insider
• Criminal Syndicates
• Organized Hackers
Understand Different Phases of Hacking Cycle
o Hacking Phase: Reconnaissance
o Hacking Phase: Scanning
o Hacking Phase: Gaining Access
o Hacking Phase: Maintaining Access
o Hacking Phase: Clearing Tracks
Discuss Ethical Hacking Concepts, Scope, and Limitations
o What is Ethical Hacking?
o Why Ethical Hacking is Necessary
o Scope and Limitations of Ethical Hacking
o Skills of an Ethical Hacker
Ethical Hacking Tools
o Reconnaissance Using Advanced Google Hacking Techniques
o Reconnaissance Tools
o Scanning Tools
o Enumeration Tools
Lab Exercise
o Perform Passive Footprinting to Gather Information About a Target
• Gather Information using Advanced Google Hacking Techniques
• Extract a Company’s Data using Web Data Extractor
• Perform Whois Lookup using DomainTools
o Perform Network Scanning to Identify Live Hosts, Open Ports and Services and
Target OS in the Network
• Perform Network Tracerouting in Windows and Linux Machines
• Perform Host Discovery using Nmap
• Perform Port and Service Discovery using MegaPing
• Perform OS Discovery using Unicornscan
o Perform Enumeration on a System or Network to Extract Usernames, Machine
Names, Network Resources, Shares, etc.
• Perform NetBIOS Enumeration using Windows Command-Line Utilities
• Perform NetBIOS Enumeration using NetBIOS Enumerator
Module 03: Information Security Threats and Vulnerability Assessment
Define Threat and Threat Sources
o What is a Threat?
o Threats Sources
• Natural
• Unintentional
• Intentional
➢ Internal
➢ External
Define Malware and its Types
o Introduction to Malware
o Different Ways for Malware to Enter a System
o Common Techniques Attackers Use to Distribute Malware on the Web
o Components of Malware
o Types of Malware
• Trojans
✓ What is a Trojan?
✓ Indications of Trojan Attack
✓ How Hackers Use Trojans
✓ Common Ports used by Trojans
✓ Types of Trojans
✓ Creating a Trojan
• Virus
✓ What is a Virus?
✓ Purpose of Creating Viruses
✓ Indications of Virus Attack
✓ Stages of Virus Lifecycle
✓ How does a Computer Get Infected by Viruses?
✓ Types of Viruses
✓ Creating a Virus
• Ransomware
• Computer Worms
✓ How is a Worm Different from a Virus?
✓ Worm Makers
• Rootkits
• Potentially Unwanted Application or Applications (PUAs)
✓ Adware
• Spyware
• Keylogger
✓ What a Keylogger can Do?
• Botnets
✓ Why Attackers use Botnets?
• Fileless Malware
✓ Reasons for Using Fileless Malware in Cyber Attacks
✓ Fileless Propagation Techniques
o Malware Countermeasures
• Trojan Countermeasures
• Virus and Worm Countermeasures
• Rootkit Countermeasures
• Spyware Countermeasures
• PUAs/ Adware Countermeasures
• Keylogger Countermeasures
• Fileless Malware Countermeasures
Lab Exercise
o Create a Trojan to Gain Access to the Target System
• Create a Trojan Server using Theef RAT Trojan
• Gain Control over a Victim Machine using the njRAT RAT Trojan
o Create a Virus to Infect the Target System
• Create a Virus using the JPS Virus Maker Tool and Infect the Target System
Define Vulnerabilities
o What is Vulnerability?
o Vulnerability Classification
o Examples of Network Security Vulnerabilities
o Impact of Vulnerabilities
Define Vulnerability Assessment
o Vulnerability Research
o Resources for Vulnerability Research
o What is Vulnerability Assessment?
o Information Obtained from the Vulnerability Scanning
o Vulnerability Scanning Approaches
o Vulnerability Scoring Systems and Databases
• Common Vulnerability Scoring System (CVSS)
• Common Vulnerabilities and Exposures (CVE)
• National Vulnerability Database (NVD)
• Common Weakness Enumeration (CWE)
o Types of Vulnerability Assessment
o Vulnerability-Management Life Cycle
o Vulnerability Assessment Tools
o Vulnerability Exploitation
Lab Exercise
o Perform Vulnerability Assessment to Identify Security Vulnerabilities in the Target
System or Network
• Perform Vulnerability Analysis using OpenVAS
Module 04: Password Cracking Techniques and Countermeasures
Discuss Password Cracking Techniques
o Password Cracking
o Password Complexity
o Microsoft Authentication
o Types of Password Attacks
• Active Online Attacks
✓ Dictionary Attack
✓ Brute-Force Attack
✓ Rule-based Attack
✓ Password Guessing
✓ Default Passwords
✓ Trojans/Spyware/Keyloggers
✓ Hash Injection/Pass-the-Hash (PtH) Attack
✓ LLMNR/NBT-NS Poisoning
✓ Pass the Ticket Attack
• Passive Online Attacks
✓ Wire Sniffing
✓ Man-in-the-Middle
✓ Replay Attacks
• Offline Attacks
✓ Rainbow Table Attack
• Non-Electronic Attacks
Lab Exercise
o Perform Active Online Attack to Crack the System’s Password
• Perform Active Online Attack to Crack the System’s Password using Responder
Discuss Password Cracking Tools
o Password-Cracking Tools
• L0phtCrack
• ophcrack
• RainbowCrack
Lab Exercise
o Audit System Passwords
• Audit System Passwords using L0phtCrack
• Audit System Passwords using John the Ripper
Discuss Password Cracking Countermeasures
o Password Cracking Countermeasures
Module 05: Social Engineering Techniques and Countermeasures
Discuss Social Engineering Concepts and its Phases
o What is Social Engineering?
o Common Targets of Social Engineering
o Impact of Social Engineering Attack on an Organization
o Behaviors Vulnerable to Attacks
o Factors that Make Companies Vulnerable to Attacks
o Why is Social Engineering Effective?
o Phases of a Social Engineering Attack
Discuss Social Engineering Techniques
o Types of Social Engineering
• Human-based Social Engineering
✓ Impersonation
✓ Impersonation (Vishing)
✓ Eavesdropping
✓ Shoulder Surfing
✓ Dumpster Diving
✓ Reverse Social Engineering
✓ Piggybacking
✓ Tailgating
• Computer-based Social Engineering
✓ Pop-Up Windows
✓ Hoax Letters
✓ Chain Letters
✓ Instant Chat Messenger
✓ Spam Email
✓ Scareware
✓ Phishing
➢ Examples of Phishing Emails
➢ Types of Phishing
➢ Phishing Tools
• Mobile-based Social Engineering
✓ Publishing Malicious Apps
✓ Repackaging Legitimate Apps
✓ Fake Security Applications
✓ SMiShing (SMS Phishing)
Lab Exercise
o Perform Social Engineering using Various Techniques to Sniff Users' Credentials
• Sniff Credentials using the Social-Engineer Toolkit (SET)
Discuss Insider Threats and Identity Theft
o Insider Threats/Insider Attacks
• Reasons for Insider Attacks
• Types of Insider Threats
• Why are Insider Attacks Effective?
o Identity Theft
• Types of Identity Theft
Discuss Various Social Engineering Countermeasures
o Social Engineering Countermeasures
o Insider Threats Countermeasures
o Identity Theft Countermeasures
o How to Detect Phishing Emails?
o Anti-Phishing Toolbar
o Social Engineering Tools
• Audit Organization's Security for Phishing Attacks using OhPhish
Lab Exercise
o Detect a Phishing Attack
• Detect Phishing using Netcraft
Module 06: Network Level Attacks and Countermeasures
Sniffing
Understand Packet Sniffing Concepts
o Packet Sniffing
o How a Sniffer Works
o Types of Sniffing
• Passive Sniffing
• Active Sniffing
o How an Attacker Hacks the Network Using Sniffers
o Protocols Vulnerable to Sniffing
Discuss Sniffing Techniques
o MAC Flooding
o DHCP Starvation Attack
o ARP Spoofing Attack
• ARP Poisoning Tools
o MAC Spoofing/Duplicating
o DNS Poisoning
o Sniffing Tools
• Wireshark
Lab Exercise
o Perform MAC Flooding to Compromise the Security of Network Switches
• Perform MAC Flooding using macof
o Perform ARP Poisoning to Divert all Communication between Two Machines
• Perform ARP Poisoning using arpspoof
Discuss Sniffing Countermeasures
o Sniffing Countermeasures
o Sniffer Detection Techniques
• Ping Method
• DNS Method
• ARP Method
Lab Exercise
o Detect ARP Attacks using ARP Spoofing Detection Tools to Ensure Data Privacy
• Detect ARP Poisoning in a Switch-Based Network Denial-of-Service
Discuss Types of DoS and DDoS Attacks
o What is a DoS Attack?
o What is a DDoS Attack?
o DoS/DDoS Attack Techniques
• UDP Flood Attack
• ICMP Flood Attack
• Ping of Death
• Smurf Attacks
• SYN Flood Attack
• Fragmentation Attack
• Multi-Vector Attack
• Peer-to-Peer Attack
• Permanent Denial-of-Service Attack
• Distributed Reflection Denial-of-Service (DRDoS) Attack
o DoS/DDoS Attack Tools
Lab Exercise
o Perform DoS and DDoS Attacks using Various Techniques on a Target Host to
Prevents Access to System Resources for Legitimate Users
• Perform a DoS Attack on a Target Host using hping3
• Perform a DDoS Attack using HOIC
Discuss DoS and DDoS Attack Countermeasures
o Dos/DDoS Attack Countermeasures
o DoS/DDoS Protection Tools
Lab Exercise
o Detect and Protect Against DDoS Attack
• Detect and Protect against DDoS Attack using Anti DDoS Guardian
Session Hijacking
Discuss Types Session Hijacking Attacks
o What is Session Hijacking?
o Why is Session Hijacking Successful?
o Session Hijacking Process
o Types of Session Hijacking
o Session Hijacking in OSI Model
o Spoofing vs. Hijacking
o Session Hijacking Tools
Lab Exercise
o Perform Session Hijacking to Seize Control of a Valid TCP Communication Session
Between Two Computers
• Hijack a Session using Zed Attack Proxy (ZAP)
Discuss Session Hijacking Attack Countermeasures
o Session Hijacking Detection Methods
o Session Hijacking Countermeasures
o Session Hijacking Detection Tools
Lab Exercise
o Detect Session Hijacking Attempts using Manual Method
• Detect Session Hijacking using Wireshark
Module 07: Web Application Attacks and Countermeasures
Web Server Attacks
Discuss Various Web Server Attacks
o Web Server Operations
o Web Server Components
o Web Server Security Issues
o Impact of Web Server Attacks
o Why are Web Servers Compromised?
o Web Server Attacks
• DNS Server Hijacking
• DNS Amplification Attack
• Directory Traversal Attacks
• Website Defacement
• Web Server Misconfiguration
• HTTP Response-Splitting Attack
• Web Cache Poisoning Attack
• SSH Brute Force Attack
• Web Server Password Cracking
• Server-Side Request Forgery (SSRF) Attack
o Web Server Attack Tools
Lab Exercise
o Perform a Web Server Attack to Crack FTP Credentials
• Crack FTP Credentials using a Dictionary Attack
Discuss Web Server Attack Countermeasures
o Web Server Attack Countermeasures
o Web Server Security Tools
Web Application Attacks
Understand Web Application Architecture and Vulnerability Stack
o Introduction to Web Applications
• How Web Application Work
o Web Application Architecture
o Web Services
• Types of Web Services
o Vulnerability Stack
Discuss Web Application Threats and Attacks
o OWASP Top 10 Application Security Risks – 2017
• A1 - Injection Flaws
• A2 - Broken Authentication
• A3 - Sensitive Data Exposure
• A4 - XML External Entity (XXE)
• A5 - Broken Access Control
• A6 - Security Misconfiguration
• A7 - Cross-Site Scripting (XSS) Attacks
• A8 - Insecure Deserialization
• A9 - Using Components with Known Vulnerabilities
• A10 - Insufficient Logging and Monitoring
o Web Application Attack Tools
Lab Exercise
o Perform a Web Application Attack to Compromise the Security of Web
Applications to Steal Sensitive Information
• Perform Parameter Tampering using Burp Suite
Discuss Web Application Attack Countermeasures
o Web Application Attack Countermeasures
o Web Application Security Testing Tools
SQL Injection Attacks
Discuss Types of SQL Injection Attacks
o What is SQL Injection?
o Why Bother about SQL Injection?
o SQL Injection and Server-side Technologies
o Types of SQL injection
• In-Band SQL Injection
➢ Error Based SQL Injection
➢ Union SQL Injection
• Blind/Inferential SQL Injection
➢ Blind SQL Injection: No Error Message Returned
➢ Blind SQL Injection: WAITFOR DELAY (YES or NO Response)
➢ Blind SQL Injection: Boolean Exploitation
➢ Blind SQL Injection: Heavy Query
• Out-of-Band SQL injection
o SQL Injection Tools
Lab Exercise
o Perform SQL Injection Attacks on a Target Web Application to Manipulate the
Backend Database
• Perform an SQL Injection Attack Against MSSQL to Extract Databases using sqlmap
Discuss SQL Injection Attack Countermeasures
o SQL Injection Attack Countermeasures
o SQL Injection Detection Tools
Lab Exercise
o Detect SQL Injection Vulnerabilities using SQL Injection Detection Tools
• Detect SQL Injection Vulnerabilities using DSSS
Module 08: Wireless Attacks and Countermeasures
Understand Wireless Terminology
o Wireless Terminology
o Wireless Networks
• Types of Wireless Networks
o Wireless Standards
Discuss Different Types of Wireless Encryption
o Types of Wireless Encryption
• Wired Equivalent Privacy (WEP) Encryption
• Wi-Fi Protected Access (WPA) Encryption
• WPA2 Encryption
• WPA3 Encryption
o Comparison of WEP, WPA, WPA2, and WPA3
Describe Wireless Network-specific Attack Techniques
o Rogue AP Attack
o Client Mis-association
o Misconfigured AP Attack
o Unauthorized Association
o Ad-Hoc Connection Attack
o Honeypot AP Attack
o AP MAC Spoofing
o Key Reinstallation Attack (KRACK)
o Jamming Signal Attack
o Wi-Fi Jamming Devices
o Cracking WEP Using Aircrack-ng
o Cracking WPA-PSK Using Aircrack-ng
o Wireless Attack Tools
• Aircrack-ng Suite
• AirMagnet WiFi Analyzer PRO
Lab Exercise
o Perform Wi-Fi Packet Analysis
• Wi-Fi Packet Analysis using Wireshark
o Perform Wireless Attacks to Crack Wireless Encryption
• Crack a WEP Network using Aircrack-ng
• Crack a WPA2 Network using Aircrack-ng
Understand Bluetooth Attacks
o Bluetooth Stack
o Bluetooth Modes
o Bluetooth Hacking
o Bluetooth Threats
o Bluetooth Attack Tools
Discuss Wireless Attack Countermeasures
o Wireless Attack Countermeasures
o Bluetooth Attack Countermeasures
o Wireless Security Tools
Module 09: Mobile Attacks and Countermeasures
Understand Mobile Attack Anatomy
o Vulnerable Areas in Mobile Business Environment
o OWASP Top 10 Mobile Risks – 2016
o Anatomy of a Mobile Attack
o How a Hacker can Profit from Mobile Devices that are Successfully Compromised
Discuss Mobile Platform Attack Vectors and Vulnerabilities
o Mobile Attack Vectors
o Mobile Platform Vulnerabilities and Risks
o Security Issues Arising from App Stores
o App Sandboxing Issues
o Mobile Spam
o SMS Phishing Attack (SMiShing) (Targeted Attack Scan)
• Why is SMS Phishing Effective?
• SMS Phishing Attack Examples
o Pairing Mobile Devices on Open Bluetooth and Wi-Fi Connections
o Agent Smith Attack
o Exploiting SS7 Vulnerability
o Simjacker: SIM Card Attack
o Hacking an Android Device Using Metasploit
o Android Hacking Tools
o iOS Hacking Tools
Lab Exercise
o Hack an Android Device by Creating Binary Payloads
• Hack an Android Device by Creating Binary Payloads using Parrot Security
Understand Mobile Device Management (MDM) Concept
o Mobile Device Management (MDM)
o Bring Your Own Device (BYOD)
• BYOD Risks
Discuss Mobile Attack Countermeasures
o OWASP Top 10 Mobile Controls
o General Guidelines for Mobile Platform Security
o Mobile Security Tools
Lab Exercise
o Secure Android Devices using Various Android Security Tools
• Secure Android Devices from Malicious Apps using Malwarebytes Security
Module 10: IoT and OT Attacks and Countermeasures
IoT Attacks
Understand IoT Concepts
o What is the IoT?
o How the IoT Works
o IoT Architecture
o IoT Application Areas and Devices
Discuss IoT Threats and Attacks
o Challenges of IoT
o IoT Security Problems
o OWASP Top 10 IoT Threats
o IoT Threats
o Hacking IoT Devices: General Scenario
o IoT Attacks
• DDoS Attack
• Exploit HVAC
• Rolling Code Attack
• BlueBorne Attack
• Jamming Attack
• Hacking Smart Grid/Industrial Devices: Remote Access using Backdoor
• SDR-Based Attacks on IoT
• Fault Injection Attacks
o Capturing and Analyzing IoT Traffic using Wireshark
o IoT Attack Tools
Lab Exercise
o Perform Footprinting using Various Footprinting Techniques
• Gather Information using Online Footprinting Tools
o Capture and Analyze IoT Device Traffic
• Capture and Analyze IoT Traffic using Wireshark
Discuss IoT Attack Countermeasures
o IoT Attack Countermeasures
o IoT Security Tools
OT Attacks
Understand OT Concepts
o What is OT?
o Essential Terminology
o IT/OT Convergence (IIOT)
o The Purdue Model
Discuss OT Threats and Attacks
o Challenges of OT
o OT Threats
o OT Attacks
• HMI-based Attacks
• Side-Channel Attacks
• Hacking Programmable Logic Controller (PLC)
• Hacking Industrial Systems through RF Remote Controllers
✓ Replay Attack
✓ Command Injection
✓ Re-pairing with Malicious RF controller
✓ Malicious Reprogramming Attack
o OT Attack Tools
Discuss OT Attack Countermeasures
o OT Attack Countermeasures
o OT Security Tools
Module 11: Cloud Computing Threats and Countermeasures
Understand Cloud Computing Concepts
o Introduction to Cloud Computing
o Types of Cloud Computing Services
o Separation of Responsibilities in Cloud
o Cloud Deployment Models
• Public Cloud
• Private Cloud
• Community Cloud
• Hybrid Cloud
• Multi Cloud
o NIST Cloud Deployment Reference Architecture
o Cloud Storage Architecture
o Cloud Service Providers
Understand Container Technology
o What is a Container?
o Containers Vs. Virtual Machines
o What is Docker?
o Microservices Vs. Docker
o Docker Networking
o Container Orchestration
o What is Kubernetes?
• Kubernetes Cluster Architecture
o Kubernetes Vs. Docker
o Container Security Challenges
o Container Management Platforms
o Kubernetes Platforms
Discuss Cloud Computing Threats
o OWASP Top 10 Cloud Security Risks
o Cloud Computing Threats
o Cloud Attacks
• Side-Channel Attacks or Cross-guest VM Breaches
• Wrapping Attack
• Man-in-the-Cloud (MITC) Attack
• Cloud Hopper Attack
• Cloud Cryptojacking
• Cloudborne Attack
• Enumerating S3 Buckets using lazys3
o Cloud Attack Tools
Lab Exercise
o Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools
• Enumerate S3 Buckets using lazys3
o Exploit S3 Buckets
• Exploit Open S3 Buckets using AWS CLI
Discuss Cloud Attack Countermeasures
o Cloud Attack Countermeasures
o Cloud Security Tools
Module 12: Penetration Testing Fundamentals
Understand Fundamentals of Penetration Testing and its Benefits
o What is Penetration Testing?
o Benefits of Conducting a Penetration Test
o Comparing Security Audit, Vulnerability Assessment, and Penetration Testing
o Types of Penetration Assessment: Goal-oriented vs. Compliance-oriented vs. Red
team-oriented
Discuss Strategies and Phases of Penetration Testing
o Strategies of Penetration Testing
• Black-box
• White-box
• Gray-box
o Penetration Testing Process
o Phases of Penetration Testing
o Penetration Testing Methodologies
Guidelines and Recommendations for Penetration Testing
o Characteristics of a Good Penetration Test
o When should Pen Testing be Performed?
o Ethics of a Penetration Tester
o Evolving as a Penetration Tester
o Qualification, Experience, Certifications, and Skills Required for a Pen Tester
• Communication Skills of a Penetration Tester
• Profile of a Good Penetration Tester
• Responsibilities of a Penetration Tester
o Risks Associated with Penetration Testing
• Types of Risks Arising from Penetration Testing
• Addressing Risks Associated with Penetration Testing and Avoiding Potential
DoS Conditions
| Lesson duration | Variable |
|---|---|
| Language | English |
| Certificate of participation | Yes |
| Online access | 1 year unlimited access |
| Progress monitoring | Yes |
There are no reviews written yet about this product.
OEM Office Elearning Menu Top 2 in ICT-trainingen 2024!
OEM Office Elearning Menu is trots op de tweede plaats in de categorie ICT-trainingen 2024 bij Beste Opleider van Nederland (Springest/Archipel). Dank aan al onze cursisten voor hun vertrouwen!
Reviews
There are no reviews written yet about this product.
