Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Certified Ethical Hacker 9, Exercises of Cybercrime, Cybersecurity and Data Privacy

Training Notes and review questions with answers.

Typology: Exercises

2018/2019

Uploaded on 02/11/2022

ekayavan
ekayavan 🇺🇸

4.6

(39)

258 documents

1 / 46

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Certified Ethical Hacker 9 (CEH v9)
What's New in CEH V9?
Focus on New Attack Vectors
New Vulnerabilities including Heartbleed & Poodle
More than 40% new tools & over 1500 new labs
Threats to latest operating systems and cloud computing technology
Threats to mobile platforms & tablet computers
Coverage of new case studies, trojans, viruses & backdoors
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e

Partial preview of the text

Download Certified Ethical Hacker 9 and more Exercises Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

Certified Ethical Hacker 9 (CEH v9)

What's New in CEH V9?

  • Focus on New Attack Vectors
  • New Vulnerabilities including Heartbleed & Poodle
  • More than 40% new tools & over 1500 new labs
  • Threats to latest operating systems and cloud computing technology
  • Threats to mobile platforms & tablet computers
  • Coverage of new case studies, trojans, viruses & backdoors

CEH Training by ATRC

This CEH course puts you in the driver’s seat of a handson environment with a systematic process. Here, you will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! You will scan, test, hack and secure your own systems. You will be thought the five phases of CEH and thought how you can approach your target and succeed at breaking in every time! The five phases include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks.

Underground Cracking Tools

The hacking tools and techniques in each of these five phases are provided in detail in an encyclopedic approach to help you identify when an attack has been used against your own targets. Why then is this training called the CEH Course? This is because by using the same techniques as the bad guys, you can assess the security posture of an organization with the same approach these malicious crackers use, identify weaknesses and fix the problems before they are identified by the enemy, causing what could potentially be a catastrophic damage to your respective organization. We live in an age where attacks are all susceptible and come from anyplace at any time and we never know how skilled, wellfunded, or persistent the threat will be. Throughout the CEH course, you will be immersed in a cracker's mindset, evaluating not just logical, but physical security. Exploring every possible point of entry to find the weakest link in an organization. From the end user, the secretary, the CEO, misconfigurations, vulnerable times during migrations even information left in the dumpster.

Selected Learning Objectives

  • Communicate clearly and correctly to avoid misunderstanding and get your message across
  • Develop and use your listening skills to solve problems, diffuse conflict, teach staff, and be a more productive manager or team leader
  • Ask the right type of question to elicit information, encourage a response, or create a relationship
  • Master the techniques of successful presentations from planning to delivery
  • Analyze your audience before communicating your ideas in any format
  • Choose the most appropriate mode for communicating your message
  • Use effective language to express your ideas clearly in wellconstructed letters, proposals, memos, and email

Course Description

The CEH program is the core of the most desired information security training system any information security professional will ever want to be in. The CEH, is the first part of a 3 part EC Council Information Security Track which helps you master hacking technologies. You will become a cracker, but hopefully an ethical one! A very “ironical” statement indeed. As the security mindset in any organization must not be limited to the silos of a certain vendor, technologies or pieces of equipment, This course was designed to provide you with the tools and techniques used by crackers and information security professionals alike to break into an organization. As we put it, “To beat a cracker, you need to think like a cracker”. This course will immerse you into the cracker Mindset so that you will be able to defend against future attacks. It puts you in the driver’s seat of a handson environment with a systematic CEH process. Here, you will be exposed to an entirely different way of achieving optimal information security posture in their organization; by cracking it! You will scan, test, hack and secure your own systems. You will be thought the Five Phases of CEH and thought how you can approach your target and succeed at breaking in every time! The five phases include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks. The tools and techniques in each of these five phases are provided in detail in an encyclopedic approach to help you identify when an attack has been used against your own targets. Why should we learn cracking? This is because by using the same techniques as the bad guys, you can assess the security posture of an organization with the same approach these malicious crackers use, identify weaknesses and fix the problems before they are identified by the enemy, causing what

could potentially be a catastrophic damage to your respective organization. Throughout the CEH course, you will be immersed in a cracker's mindset, evaluating not just logical, but physical security. What is new in version 9 This is the worlds most advanced CEH course with 18 of the most current security domains any ethical cracker will ever want to know when they are planning to beef up the information security posture of their organization. In 18 comprehensive modules, the course covers 270 attack technologies, commonly used by crackers. Real Life Scenario Our security experts have designed over 140 labs which mimic real time scenarios in the course to help you “live” through an attack as if it were real and provide you with access to over 2200 commonly used hacking tools to immerse you into the cracker world.

Certified CEH FAQs

What makes the CEH and Countermeasures course different from other

courses in the market?

The CEH and Countermeasures course prepares candidates for the CEH exam offered by EC Council. The course focuses on hacking techniques and technology from an offensive perspective. The advanced security course is regularly updated to reflect latest developments in the domain, including new hacking techniques, exploits, automated programs as well as defensive recommendations as outlined by experts in the field. The CEH body of knowledge represents detailed contributions from security experts, academicians, industry practitioners and the security community at large. What is "Cracking techniques and technology"? Cracking techniques represent ways and means by which computer programs can be made to behave in ways they are not meant to. These techniques extend beyond the technology domain and can be applied to test security policies and procedures. Cracking technology is used to refer to those tools and automated programs that can be used by perpetrators against an organization to incur critical damage. As technology advances, the skill required to execute a hack is much lesser as precompiled programs are available to effect havoc with simple point and click.

Aren't tools meant for script kiddies?

Does it matter if an elite cracker writes a buffer overflow or a script kiddy runs a tool if the target system gets compromised anyway? The point of emphasis here is that the enemy may be intellectually great or small, but he requires just one port of entry to wreck damage while the organization has the entire perimeter to guard with limited time and resources.

Who teaches your course?

Since the CEH Course is related more to cracking, it would be apt to have a real cracker teach it. However real crackers are usually those who used to be spoiled brats who had plenty of time to explore the field. So what we have is real hackers who have system administration experience collaborating along with real crackers who used to penetrate networks as consultants for our courses at ATRC. Certainly, experience is the greatest teacher. A real hacker would not know all the tricks and techniques which are used by the crackers. Many techniques are representative of the different

crackers. ECCouncil gets a signature from the students so they can adhere to a code of ethics and encourages security professionals with significant years of teaching exposure in the industry and security related experience to handle its security related courses. However in our experience of more than 20 years, those who want to crack shall do so whether they sign or not. Also real crackers do not really need such a course to learn the techniques. The certifications are useful for two things. Telling the HR people that you know something, and making IT people learn the basics of security so they are not as lame as they are usually in their default state. Why is this in the brochure? Because this brochure is made by a real hacker who is going to teach this to you. So you shall be getting the real guru stuff. Not just what you are expected to know in the exam. Also real hackers who have been sysops or sysadmins know many techniques on stopping crackers which are not covered in any book. They are specific to the sysadmins themselves. Just like different crackers have their own special recipes to penetrate.

Isn't this knowledge harmful? Why do you make it available so easily to

the public?

ECCouncil fulfills its social responsibility by ensuring that only persons with a minimum of two years of security related experience are eligible for the course. In addition all candidates are required to sign an agreement where they agree to respect the knowledge acquired and not misuse it in any way. The candidate also agrees to abide by all legal laws of the land in the use of thus acquired knowledge. Besides the CEH exam is a tough one to pass as students must have indepth knowledge to achieve the globally recognized CEH certification.

What can I take back to my organization if I certify as a CEH?

ECCouncil believes in giving back to the security community as it has partaken of it. When you are a CEH, you are more than a security auditor or a vulnerability tester or a penetration tester alone. You are exposed to security checklists that will help you audit the organization's information assets, tools which will check for vulnerabilities that can be exploited and above all a methodology to assess the security posture of your organization by doing a penetration test against it. In short, the knowledge you will acquire has practical value to make your work place a more secure and efficient one.

I am a CEH. What is my level?

Congratulations on becoming a CEH. You have joined elite group of professionals around the world. Your next level is to become a Licensed Penetration Tester (LPT).

Legal Agreement CEH and Countermeasures course mission is to educate, introduce and demonstrate cracking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify ECCouncil and ATRC with respect to the use or misuse of these tools, regardless of intent. What is New in the CEHV9 Course This is the worlds most advanced cracking course with 18 of the most current security domains any cracker will ever want to know when they are planning to beef up the information security posture of their organization. In 18 comprehensive modules, the course covers over 270 attack technologies, commonly used by crackers. Our security experts have designed over 140 labs which mimic real time scenarios in the course to help you “live” through an attack as if it were real and provide you with access to over 2200 commonly used hacking tools to immerse you into the cracker world. As “a picture tells a thousand words”, our developers have all this and more for you in over 2200 graphically rich, specially designed slides to help you grasp complex security concepts in depth which will be presented to you in 5 day hands on class by our Instructor. The goal of this course is to help you master an CEH methodology that can be used in a penetration testing or CEH situation. You walk out the door with CEH skills that are highly in demand, as well as the globally recognized CEH certification! This course prepares you for ECCouncil CEH exam

In short, you walk out the door with cracking skills that are high in demand, as well as the internationally recognized CEH cracking certification!

Exam Info

  • Number of Questions: 125
  • Passing Score: 70%
  • Test Duration: 4 Hours
  • Test Format: Multiple Choice
  • Test Delivery: ECC EXAM, VUE
  • Exam Prefix: 31250 (ECC EXAM), 31250 (VUE) Exam Code The exam code varies when taken at different testing centers.
  • Exam 312-50: Web based ‘ECCExam’ at Accredited Training Centers (ATC).
  • Exam 312-50: VUE Testing centers

Skills Measured The exam 312-50 tests CEH candidates on the following 18 domains.

  • Introduction to CEH
  • Footprinting and Reconnaissance
  • Scanning Networks
  • Enumeration
  • System Hacking
  • Malware Threats
  • Sniffing
  • Social Engineering
  • Denial of Service
  • Session Hijacking
  • Hacking Webservers
  • Hacking Web Applications
  • SQL Injection
  • Hacking Wireless Networks
  • Hacking Mobile Platforms
  • Evading IDS, Firewalls, and Honeypots
  • Cloud Computing
  • Cryptography

ECCouncil CEH Application Process / Eligibility

1. ELIGIBILITY CRITERIA - For the CCISO Certified Chief Information Security Officer (CCISO)certification eligibility criteria, kindly go to https://cert.eccouncil.org/cciso.html - For the ibusiness certification eligibility criteria , kindly go to http://www.eccouncil.org/ibusiness/certifieddigitalmarketer.html http://www.eccouncil.org/ibusiness/certifiedinternetmarketingpractitioner.html - For the ECCouncil Licensed Penetration Tester (LPT) certification eligibility criteria , kindly go to http://cert.eccouncil.org/licensedpenetrationtester.html In order to be eligible to attempt ECCouncil CEH, CHFI v8 or ECSA v8 certification examination, candidate may opt to : Attend Official Training If a candidate attends an official instructorled training (ILT), computerbased training (CBT), online live training, or academic learning, candidate is eligible to attempt the relevant ECCouncil exam. Attempt Exam without Official Training In order to be considered for the ECCouncil CEH, CHFI v8 and ECSA v8 exam without attending official training, candidate must: Have at least two years of information security related experience. Remit a nonrefundable eligibility application fee of USD 100. Submit a completed Exam Eligibility Application Form. Purchase an official exam voucher DIRECTLY from ECCouncil through ECCouncil’s web store In order to be considered for the ECCouncil ECSA v9 exam without attending official training, candidate must: Have at least two years of information security related experience. Remit a nonrefundable eligibility application fee of USD 100. Submit a completed Exam Eligibility Application Form. Purchase an official ECSA v9 Exam Kit [consists of ECSA Aspen Dashboard Access Code (valid for 90 days from date of release), ECSA v9 iLabs Cyber Range Access Code (30 days from date of activation) and ECSA v9 Exam voucher (valid for 90 days from the date of distribution)]

Submit an acceptable pen testing report based on pen testing performed over ECCouncil’s secure cyber range

2. ELIGIBILITY PROCESS Applicant will need to go to https://cert.eccouncil.org/ExamEligibilityForm.html to fill in an online request for the Eligibility Application Form. Applicant will receive an electronic Exam Eligibility Application Form and the applicant will need to complete the information required on the form. Submit the completed Exam Eligibility Application form. The Application is valid only for 60 days from the date when Application is submitted. Should we not received any update from the applicant post 60 days, the Application will be automatically rejected. Applicant will need to submit a new application form. Waiting time for processing of Eligibility Application is approximately 5 working days after receiving the verification from verifier. Should the applicant not hear from us after 5 working days, the applicant can contact For USA/Canada/LATAM applicants – applicationservices@eccouncil.org For International applicants – cehapp@eccouncil.org ECCouncil will contact applicant’s Boss/ Supervisor/ Department head, who have agreed to act as applicant’s verifier in the application form, for authentication purposes. For verification of Educational Background ECCouncil requires a written letter in physical or electronic format confirming the certification(s) earned by the candidate. If application is approved, applicant will be required to purchase a voucher from ECCouncil DIRECTLY. ECCouncil will then send the candidate the eligibility code and the voucher code which candidate can use to register and schedule the test at any Authorized Prometric or VUE Testing Center globally. Please note that Prometric and VUE Registration will not entertain any requests without the eligibility code. The Approved application stands valid for 3 months from the date of Approval, the candidate needs to test 3 months from date of Approval. An extension request will require the Approval of Cert director. If application is not approved, the application fee of USD 100 will not be refunded. Important Note: Successful applicant will be required to purchase an exam voucher DIRECTLY from ECCouncil through the webstore at www.eccouncil.org/store.aspx before the eligibility code is released to the applicant. For students who took CBT solutions through authorized partners like Specialized