Ethical Hacking Essentials (EHE) Training
Ethical Hacking Essentials (EHE) Training
EHE training is designed to give you a strong foundation in the techniques and tools ethical hackers use to identify and address security vulnerabilities.
Read more- Award Winning E-learning
- Lowest price guarantee
- Personalized service by our expert team
- Pay safely online or by invoice
- Order and start within 24 hours
Ethical Hacking Essentials (EHE) Training
Ethical Hacking Essentials is an Introductory cybersecurity course that covers ethical hacking and penetration testing fundamentals. It offers hands-on experience in computer and network security concepts such as threats, vulnerabilities, password cracking, web applications, and more. Test your learnings with CTF-based Capstone Projects and validate your newly acquired skills in proctored exams. With 15 hours of premium learning, 11 labs, and 12 modules, the E|HE provides a solid foundation and formal recognition to boost your resume and open doors for better opportunities.
Course content
Module 01: Information Security Fundamentals
Discuss Information Security Fundamentals
o What is Information Security?
o Need for Security
o Elements of Information Security
o The Security, Functionality, and Usability Triangle
o Security Challenges
o Motives, Goals, and Objectives of Information Security Attacks
o Classification of Attacks
o Information Security Attack Vectors
Discuss Various Information Security Laws and Regulations
o Payment Card Industry Data Security Standard (PCI DSS)
o ISO/IEC 27001:2013
o Health Insurance Portability and Accountability Act (HIPAA)
o Sarbanes Oxley Act (SOX)
o The Digital Millennium Copyright Act (DMCA)
o The Federal Information Security Management Act (FISMA)
o General Data Protection Regulation (GDPR)
o Data Protection Act 2018 (DPA)
o Cyber Law in Different Countries
Module 02: Ethical Hacking Fundamentals
Understand Cyber Kill Chain Methodology
o Cyber Kill Chain Methodology
o Tactics, Techniques, and Procedures (TTPs)
o Adversary Behavioral Identification
o Indicators of Compromise (IoCs)
• Categories of Indicators of Compromise
Discuss Hacking Concepts and Hacker Classes
o What is Hacking?
o Who is a Hacker?
o Hacker Classes/Threat Actors
• Black Hats
• White Hats
• Gray Hats
• Suicide Hackers
• Script Kiddies
• Cyber Terrorists
• State-Sponsored Hackers
• Hacktivist
• Hacker Teams
• Industrial Spies
• Insider
• Criminal Syndicates
• Organized Hackers
Understand Different Phases of Hacking Cycle
o Hacking Phase: Reconnaissance
o Hacking Phase: Scanning
o Hacking Phase: Gaining Access
o Hacking Phase: Maintaining Access
o Hacking Phase: Clearing Tracks
Discuss Ethical Hacking Concepts, Scope, and Limitations
o What is Ethical Hacking?
o Why Ethical Hacking is Necessary
o Scope and Limitations of Ethical Hacking
o Skills of an Ethical Hacker
Ethical Hacking Tools
o Reconnaissance Using Advanced Google Hacking Techniques
o Reconnaissance Tools
o Scanning Tools
o Enumeration Tools
Lab Exercise
o Perform Passive Footprinting to Gather Information About a Target
• Gather Information using Advanced Google Hacking Techniques
• Extract a Company’s Data using Web Data Extractor
• Perform Whois Lookup using DomainTools
o Perform Network Scanning to Identify Live Hosts, Open Ports and Services and
Target OS in the Network
• Perform Network Tracerouting in Windows and Linux Machines
• Perform Host Discovery using Nmap
• Perform Port and Service Discovery using MegaPing
• Perform OS Discovery using Unicornscan
o Perform Enumeration on a System or Network to Extract Usernames, Machine
Names, Network Resources, Shares, etc.
• Perform NetBIOS Enumeration using Windows Command-Line Utilities
• Perform NetBIOS Enumeration using NetBIOS Enumerator
Module 03: Information Security Threats and Vulnerability Assessment
Define Threat and Threat Sources
o What is a Threat?
o Threats Sources
• Natural
• Unintentional
• Intentional
➢ Internal
➢ External
Define Malware and its Types
o Introduction to Malware
o Different Ways for Malware to Enter a System
o Common Techniques Attackers Use to Distribute Malware on the Web
o Components of Malware
o Types of Malware
• Trojans
✓ What is a Trojan?
✓ Indications of Trojan Attack
✓ How Hackers Use Trojans
✓ Common Ports used by Trojans
✓ Types of Trojans
✓ Creating a Trojan
• Virus
✓ What is a Virus?
✓ Purpose of Creating Viruses
✓ Indications of Virus Attack
✓ Stages of Virus Lifecycle
✓ How does a Computer Get Infected by Viruses?
✓ Types of Viruses
✓ Creating a Virus
• Ransomware
• Computer Worms
✓ How is a Worm Different from a Virus?
✓ Worm Makers
• Rootkits
• Potentially Unwanted Application or Applications (PUAs)
✓ Adware
• Spyware
• Keylogger
✓ What a Keylogger can Do?
• Botnets
✓ Why Attackers use Botnets?
• Fileless Malware
✓ Reasons for Using Fileless Malware in Cyber Attacks
✓ Fileless Propagation Techniques
o Malware Countermeasures
• Trojan Countermeasures
• Virus and Worm Countermeasures
• Rootkit Countermeasures
• Spyware Countermeasures
• PUAs/ Adware Countermeasures
• Keylogger Countermeasures
• Fileless Malware Countermeasures
Lab Exercise
o Create a Trojan to Gain Access to the Target System
• Create a Trojan Server using Theef RAT Trojan
• Gain Control over a Victim Machine using the njRAT RAT Trojan
o Create a Virus to Infect the Target System
• Create a Virus using the JPS Virus Maker Tool and Infect the Target System
Define Vulnerabilities
o What is Vulnerability?
o Vulnerability Classification
o Examples of Network Security Vulnerabilities
o Impact of Vulnerabilities
Define Vulnerability Assessment
o Vulnerability Research
o Resources for Vulnerability Research
o What is Vulnerability Assessment?
o Information Obtained from the Vulnerability Scanning
o Vulnerability Scanning Approaches
o Vulnerability Scoring Systems and Databases
• Common Vulnerability Scoring System (CVSS)
• Common Vulnerabilities and Exposures (CVE)
• National Vulnerability Database (NVD)
• Common Weakness Enumeration (CWE)
o Types of Vulnerability Assessment
o Vulnerability-Management Life Cycle
o Vulnerability Assessment Tools
o Vulnerability Exploitation
Lab Exercise
o Perform Vulnerability Assessment to Identify Security Vulnerabilities in the Target
System or Network
• Perform Vulnerability Analysis using OpenVAS
Module 04: Password Cracking Techniques and Countermeasures
Discuss Password Cracking Techniques
o Password Cracking
o Password Complexity
o Microsoft Authentication
o Types of Password Attacks
• Active Online Attacks
✓ Dictionary Attack
✓ Brute-Force Attack
✓ Rule-based Attack
✓ Password Guessing
✓ Default Passwords
✓ Trojans/Spyware/Keyloggers
✓ Hash Injection/Pass-the-Hash (PtH) Attack
✓ LLMNR/NBT-NS Poisoning
✓ Pass the Ticket Attack
• Passive Online Attacks
✓ Wire Sniffing
✓ Man-in-the-Middle
✓ Replay Attacks
• Offline Attacks
✓ Rainbow Table Attack
• Non-Electronic Attacks
Lab Exercise
o Perform Active Online Attack to Crack the System’s Password
• Perform Active Online Attack to Crack the System’s Password using Responder
Discuss Password Cracking Tools
o Password-Cracking Tools
• L0phtCrack
• ophcrack
• RainbowCrack
Lab Exercise
o Audit System Passwords
• Audit System Passwords using L0phtCrack
• Audit System Passwords using John the Ripper
Discuss Password Cracking Countermeasures
o Password Cracking Countermeasures
Module 05: Social Engineering Techniques and Countermeasures
Discuss Social Engineering Concepts and its Phases
o What is Social Engineering?
o Common Targets of Social Engineering
o Impact of Social Engineering Attack on an Organization
o Behaviors Vulnerable to Attacks
o Factors that Make Companies Vulnerable to Attacks
o Why is Social Engineering Effective?
o Phases of a Social Engineering Attack
Discuss Social Engineering Techniques
o Types of Social Engineering
• Human-based Social Engineering
✓ Impersonation
✓ Impersonation (Vishing)
✓ Eavesdropping
✓ Shoulder Surfing
✓ Dumpster Diving
✓ Reverse Social Engineering
✓ Piggybacking
✓ Tailgating
• Computer-based Social Engineering
✓ Pop-Up Windows
✓ Hoax Letters
✓ Chain Letters
✓ Instant Chat Messenger
✓ Spam Email
✓ Scareware
✓ Phishing
➢ Examples of Phishing Emails
➢ Types of Phishing
➢ Phishing Tools
• Mobile-based Social Engineering
✓ Publishing Malicious Apps
✓ Repackaging Legitimate Apps
✓ Fake Security Applications
✓ SMiShing (SMS Phishing)
Lab Exercise
o Perform Social Engineering using Various Techniques to Sniff Users' Credentials
• Sniff Credentials using the Social-Engineer Toolkit (SET)
Discuss Insider Threats and Identity Theft
o Insider Threats/Insider Attacks
• Reasons for Insider Attacks
• Types of Insider Threats
• Why are Insider Attacks Effective?
o Identity Theft
• Types of Identity Theft
Discuss Various Social Engineering Countermeasures
o Social Engineering Countermeasures
o Insider Threats Countermeasures
o Identity Theft Countermeasures
o How to Detect Phishing Emails?
o Anti-Phishing Toolbar
o Social Engineering Tools
• Audit Organization's Security for Phishing Attacks using OhPhish
Lab Exercise
o Detect a Phishing Attack
• Detect Phishing using Netcraft
Module 06: Network Level Attacks and Countermeasures
Sniffing
Understand Packet Sniffing Concepts
o Packet Sniffing
o How a Sniffer Works
o Types of Sniffing
• Passive Sniffing
• Active Sniffing
o How an Attacker Hacks the Network Using Sniffers
o Protocols Vulnerable to Sniffing
Discuss Sniffing Techniques
o MAC Flooding
o DHCP Starvation Attack
o ARP Spoofing Attack
• ARP Poisoning Tools
o MAC Spoofing/Duplicating
o DNS Poisoning
o Sniffing Tools
• Wireshark
Lab Exercise
o Perform MAC Flooding to Compromise the Security of Network Switches
• Perform MAC Flooding using macof
o Perform ARP Poisoning to Divert all Communication between Two Machines
• Perform ARP Poisoning using arpspoof
Discuss Sniffing Countermeasures
o Sniffing Countermeasures
o Sniffer Detection Techniques
• Ping Method
• DNS Method
• ARP Method
Lab Exercise
o Detect ARP Attacks using ARP Spoofing Detection Tools to Ensure Data Privacy
• Detect ARP Poisoning in a Switch-Based Network Denial-of-Service
Discuss Types of DoS and DDoS Attacks
o What is a DoS Attack?
o What is a DDoS Attack?
o DoS/DDoS Attack Techniques
• UDP Flood Attack
• ICMP Flood Attack
• Ping of Death
• Smurf Attacks
• SYN Flood Attack
• Fragmentation Attack
• Multi-Vector Attack
• Peer-to-Peer Attack
• Permanent Denial-of-Service Attack
• Distributed Reflection Denial-of-Service (DRDoS) Attack
o DoS/DDoS Attack Tools
Lab Exercise
o Perform DoS and DDoS Attacks using Various Techniques on a Target Host to
Prevents Access to System Resources for Legitimate Users
• Perform a DoS Attack on a Target Host using hping3
• Perform a DDoS Attack using HOIC
Discuss DoS and DDoS Attack Countermeasures
o Dos/DDoS Attack Countermeasures
o DoS/DDoS Protection Tools
Lab Exercise
o Detect and Protect Against DDoS Attack
• Detect and Protect against DDoS Attack using Anti DDoS Guardian
Session Hijacking
Discuss Types Session Hijacking Attacks
o What is Session Hijacking?
o Why is Session Hijacking Successful?
o Session Hijacking Process
o Types of Session Hijacking
o Session Hijacking in OSI Model
o Spoofing vs. Hijacking
o Session Hijacking Tools
Lab Exercise
o Perform Session Hijacking to Seize Control of a Valid TCP Communication Session
Between Two Computers
• Hijack a Session using Zed Attack Proxy (ZAP)
Discuss Session Hijacking Attack Countermeasures
o Session Hijacking Detection Methods
o Session Hijacking Countermeasures
o Session Hijacking Detection Tools
Lab Exercise
o Detect Session Hijacking Attempts using Manual Method
• Detect Session Hijacking using Wireshark
Module 07: Web Application Attacks and Countermeasures
Web Server Attacks
Discuss Various Web Server Attacks
o Web Server Operations
o Web Server Components
o Web Server Security Issues
o Impact of Web Server Attacks
o Why are Web Servers Compromised?
o Web Server Attacks
• DNS Server Hijacking
• DNS Amplification Attack
• Directory Traversal Attacks
• Website Defacement
• Web Server Misconfiguration
• HTTP Response-Splitting Attack
• Web Cache Poisoning Attack
• SSH Brute Force Attack
• Web Server Password Cracking
• Server-Side Request Forgery (SSRF) Attack
o Web Server Attack Tools
Lab Exercise
o Perform a Web Server Attack to Crack FTP Credentials
• Crack FTP Credentials using a Dictionary Attack
Discuss Web Server Attack Countermeasures
o Web Server Attack Countermeasures
o Web Server Security Tools
Web Application Attacks
Understand Web Application Architecture and Vulnerability Stack
o Introduction to Web Applications
• How Web Application Work
o Web Application Architecture
o Web Services
• Types of Web Services
o Vulnerability Stack
Discuss Web Application Threats and Attacks
o OWASP Top 10 Application Security Risks – 2017
• A1 - Injection Flaws
• A2 - Broken Authentication
• A3 - Sensitive Data Exposure
• A4 - XML External Entity (XXE)
• A5 - Broken Access Control
• A6 - Security Misconfiguration
• A7 - Cross-Site Scripting (XSS) Attacks
• A8 - Insecure Deserialization
• A9 - Using Components with Known Vulnerabilities
• A10 - Insufficient Logging and Monitoring
o Web Application Attack Tools
Lab Exercise
o Perform a Web Application Attack to Compromise the Security of Web
Applications to Steal Sensitive Information
• Perform Parameter Tampering using Burp Suite
Discuss Web Application Attack Countermeasures
o Web Application Attack Countermeasures
o Web Application Security Testing Tools
SQL Injection Attacks
Discuss Types of SQL Injection Attacks
o What is SQL Injection?
o Why Bother about SQL Injection?
o SQL Injection and Server-side Technologies
o Types of SQL injection
• In-Band SQL Injection
➢ Error Based SQL Injection
➢ Union SQL Injection
• Blind/Inferential SQL Injection
➢ Blind SQL Injection: No Error Message Returned
➢ Blind SQL Injection: WAITFOR DELAY (YES or NO Response)
➢ Blind SQL Injection: Boolean Exploitation
➢ Blind SQL Injection: Heavy Query
• Out-of-Band SQL injection
o SQL Injection Tools
Lab Exercise
o Perform SQL Injection Attacks on a Target Web Application to Manipulate the
Backend Database
• Perform an SQL Injection Attack Against MSSQL to Extract Databases using sqlmap
Discuss SQL Injection Attack Countermeasures
o SQL Injection Attack Countermeasures
o SQL Injection Detection Tools
Lab Exercise
o Detect SQL Injection Vulnerabilities using SQL Injection Detection Tools
• Detect SQL Injection Vulnerabilities using DSSS
Module 08: Wireless Attacks and Countermeasures
Understand Wireless Terminology
o Wireless Terminology
o Wireless Networks
• Types of Wireless Networks
o Wireless Standards
Discuss Different Types of Wireless Encryption
o Types of Wireless Encryption
• Wired Equivalent Privacy (WEP) Encryption
• Wi-Fi Protected Access (WPA) Encryption
• WPA2 Encryption
• WPA3 Encryption
o Comparison of WEP, WPA, WPA2, and WPA3
Describe Wireless Network-specific Attack Techniques
o Rogue AP Attack
o Client Mis-association
o Misconfigured AP Attack
o Unauthorized Association
o Ad-Hoc Connection Attack
o Honeypot AP Attack
o AP MAC Spoofing
o Key Reinstallation Attack (KRACK)
o Jamming Signal Attack
o Wi-Fi Jamming Devices
o Cracking WEP Using Aircrack-ng
o Cracking WPA-PSK Using Aircrack-ng
o Wireless Attack Tools
• Aircrack-ng Suite
• AirMagnet WiFi Analyzer PRO
Lab Exercise
o Perform Wi-Fi Packet Analysis
• Wi-Fi Packet Analysis using Wireshark
o Perform Wireless Attacks to Crack Wireless Encryption
• Crack a WEP Network using Aircrack-ng
• Crack a WPA2 Network using Aircrack-ng
Understand Bluetooth Attacks
o Bluetooth Stack
o Bluetooth Modes
o Bluetooth Hacking
o Bluetooth Threats
o Bluetooth Attack Tools
Discuss Wireless Attack Countermeasures
o Wireless Attack Countermeasures
o Bluetooth Attack Countermeasures
o Wireless Security Tools
Module 09: Mobile Attacks and Countermeasures
Understand Mobile Attack Anatomy
o Vulnerable Areas in Mobile Business Environment
o OWASP Top 10 Mobile Risks – 2016
o Anatomy of a Mobile Attack
o How a Hacker can Profit from Mobile Devices that are Successfully Compromised
Discuss Mobile Platform Attack Vectors and Vulnerabilities
o Mobile Attack Vectors
o Mobile Platform Vulnerabilities and Risks
o Security Issues Arising from App Stores
o App Sandboxing Issues
o Mobile Spam
o SMS Phishing Attack (SMiShing) (Targeted Attack Scan)
• Why is SMS Phishing Effective?
• SMS Phishing Attack Examples
o Pairing Mobile Devices on Open Bluetooth and Wi-Fi Connections
o Agent Smith Attack
o Exploiting SS7 Vulnerability
o Simjacker: SIM Card Attack
o Hacking an Android Device Using Metasploit
o Android Hacking Tools
o iOS Hacking Tools
Lab Exercise
o Hack an Android Device by Creating Binary Payloads
• Hack an Android Device by Creating Binary Payloads using Parrot Security
Understand Mobile Device Management (MDM) Concept
o Mobile Device Management (MDM)
o Bring Your Own Device (BYOD)
• BYOD Risks
Discuss Mobile Attack Countermeasures
o OWASP Top 10 Mobile Controls
o General Guidelines for Mobile Platform Security
o Mobile Security Tools
Lab Exercise
o Secure Android Devices using Various Android Security Tools
• Secure Android Devices from Malicious Apps using Malwarebytes Security
Module 10: IoT and OT Attacks and Countermeasures
IoT Attacks
Understand IoT Concepts
o What is the IoT?
o How the IoT Works
o IoT Architecture
o IoT Application Areas and Devices
Discuss IoT Threats and Attacks
o Challenges of IoT
o IoT Security Problems
o OWASP Top 10 IoT Threats
o IoT Threats
o Hacking IoT Devices: General Scenario
o IoT Attacks
• DDoS Attack
• Exploit HVAC
• Rolling Code Attack
• BlueBorne Attack
• Jamming Attack
• Hacking Smart Grid/Industrial Devices: Remote Access using Backdoor
• SDR-Based Attacks on IoT
• Fault Injection Attacks
o Capturing and Analyzing IoT Traffic using Wireshark
o IoT Attack Tools
Lab Exercise
o Perform Footprinting using Various Footprinting Techniques
• Gather Information using Online Footprinting Tools
o Capture and Analyze IoT Device Traffic
• Capture and Analyze IoT Traffic using Wireshark
Discuss IoT Attack Countermeasures
o IoT Attack Countermeasures
o IoT Security Tools
OT Attacks
Understand OT Concepts
o What is OT?
o Essential Terminology
o IT/OT Convergence (IIOT)
o The Purdue Model
Discuss OT Threats and Attacks
o Challenges of OT
o OT Threats
o OT Attacks
• HMI-based Attacks
• Side-Channel Attacks
• Hacking Programmable Logic Controller (PLC)
• Hacking Industrial Systems through RF Remote Controllers
✓ Replay Attack
✓ Command Injection
✓ Re-pairing with Malicious RF controller
✓ Malicious Reprogramming Attack
o OT Attack Tools
Discuss OT Attack Countermeasures
o OT Attack Countermeasures
o OT Security Tools
Module 11: Cloud Computing Threats and Countermeasures
Understand Cloud Computing Concepts
o Introduction to Cloud Computing
o Types of Cloud Computing Services
o Separation of Responsibilities in Cloud
o Cloud Deployment Models
• Public Cloud
• Private Cloud
• Community Cloud
• Hybrid Cloud
• Multi Cloud
o NIST Cloud Deployment Reference Architecture
o Cloud Storage Architecture
o Cloud Service Providers
Understand Container Technology
o What is a Container?
o Containers Vs. Virtual Machines
o What is Docker?
o Microservices Vs. Docker
o Docker Networking
o Container Orchestration
o What is Kubernetes?
• Kubernetes Cluster Architecture
o Kubernetes Vs. Docker
o Container Security Challenges
o Container Management Platforms
o Kubernetes Platforms
Discuss Cloud Computing Threats
o OWASP Top 10 Cloud Security Risks
o Cloud Computing Threats
o Cloud Attacks
• Side-Channel Attacks or Cross-guest VM Breaches
• Wrapping Attack
• Man-in-the-Cloud (MITC) Attack
• Cloud Hopper Attack
• Cloud Cryptojacking
• Cloudborne Attack
• Enumerating S3 Buckets using lazys3
o Cloud Attack Tools
Lab Exercise
o Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools
• Enumerate S3 Buckets using lazys3
o Exploit S3 Buckets
• Exploit Open S3 Buckets using AWS CLI
Discuss Cloud Attack Countermeasures
o Cloud Attack Countermeasures
o Cloud Security Tools
Module 12: Penetration Testing Fundamentals
Understand Fundamentals of Penetration Testing and its Benefits
o What is Penetration Testing?
o Benefits of Conducting a Penetration Test
o Comparing Security Audit, Vulnerability Assessment, and Penetration Testing
o Types of Penetration Assessment: Goal-oriented vs. Compliance-oriented vs. Red
team-oriented
Discuss Strategies and Phases of Penetration Testing
o Strategies of Penetration Testing
• Black-box
• White-box
• Gray-box
o Penetration Testing Process
o Phases of Penetration Testing
o Penetration Testing Methodologies
Guidelines and Recommendations for Penetration Testing
o Characteristics of a Good Penetration Test
o When should Pen Testing be Performed?
o Ethics of a Penetration Tester
o Evolving as a Penetration Tester
o Qualification, Experience, Certifications, and Skills Required for a Pen Tester
• Communication Skills of a Penetration Tester
• Profile of a Good Penetration Tester
• Responsibilities of a Penetration Tester
o Risks Associated with Penetration Testing
• Types of Risks Arising from Penetration Testing
• Addressing Risks Associated with Penetration Testing and Avoiding Potential
DoS Conditions
| Lesson duration | Variable |
|---|---|
| Language | English |
| Certificate of participation | Yes |
| Online access | 1 year unlimited access |
| Progress monitoring | Yes |
There are no reviews written yet about this product.
OEM Office Elearning Menu Genomineerd voor 'Beste Opleider van Nederland'
OEM Office Elearning Menu is trots genomineerd te zijn voor de titel 'Beste Opleider van Nederland' door Springest, een onderdeel van Archipel. Deze erkenning bevestigt onze kwaliteit en toewijding. Hartelijk dank aan al onze cursisten.
Reviews
There are no reviews written yet about this product.
