icon
+91-8800955639, +91-9871700866, +91-8368840052
IAF
iso
ec-council certification
ec-council certification
ec-council certification
+918800955639, +919871700866, +918368840052

Need Help? call us free

IAF
iso

CEHv12 Master 2024

Master in Certified Ethical Hacker - CEHv12 Master 2024

Rating on Best Python Programming Training Institute & Certification in Noida 4.9 out of 5 based on 4000 Students Rating
Course Summary

The Certified Ethical Hacker version 12 (CEHv12) certification exam administered by EC-Council evaluates candidates' expertise in ethical hacking methodologies, tools, and techniques. The CEHv12 Master Exam comprises two sections: Practical Exam and Multiple-Choice Questions (MCQ) Exam. The practical segment consists of 20 hands-on challenges set in simulated environments. Here, candidates encounter scenarios mirroring real-world cyber security situations. They must showcase their skills by performing tasks like port scanning, identifying vulnerabilities, conducting penetration tests, exploiting security weaknesses, analyzing network traffic, applying steganography, cryptography, password cracking, and implementing security measures. This section assesses the practical application of their knowledge and proficiency using various tools and methodologies in real-time cyber security scenarios.

In the MCQ section, candidates face 125 questions covering a broad spectrum of cyber security topics. These questions gauge theoretical understanding across areas such as Footprinting, Port and Vulnerability Scanning, Enumeration, System Hacking, Sniffing, Social Engineering, Malware Threats, Cryptography, Exploiting Web Application vulnerabilities, and Cloud Computing. Candidates must select the correct response from the provided options.

Certified Ethical Hacker (CEHv12) Master Syllabus:
Unit 01- Introduction to Ethical Hacking (Day- 1-2)

⦿ Basics of Information Security
⦿ Hacker Types and Ethical Hacking Practices
⦿ Phases involved in Ethical Hacking
⦿ Understanding Cyber Kill Chain Methodology
⦿ Exploring MITRE ATT&CK Framework
⦿ Classification of Cyber Attacks
⦿ Managing Risks in Security
⦿ Handling Security Incidents
⦿ Information Assurance (IA)
⦿ Overview of PCI DSS
⦿ Understanding SOX
⦿ GDPR Essentials
⦿ HIPAA and Its Relevance
Practical-
⦿ Setting up a secure hacking environment using virtual machines and labs.

Unit 02- Footprinting and Reconnaissance (Day- 3-4)
⦿ Conducting footprinting/reconnaissance on target networks through-
⦿ Search engine queries
⦿ Social media platforms
⦿ Web services
⦿ Performing footprinting/reconnaissance on targets such as-
⦿ DNS
⦿ Network resources
⦿ Websites
⦿ Email
⦿ Whois lookups
Practical-
⦿ Using search engines, social media, and specialized tools for online footprinting.
⦿ Employing reconnaissance techniques like OSINT gathering, WayBack machine, Google Dorking, and Email footprinting.

Unit 03- Network Scanning (Day- 5-6)
⦿ Discovering Hosts
⦿ Scanning Ports
⦿ Identifying Operating Systems
⦿ Service version detection
⦿ Vulnerability Scanning
Practical-
⦿ Utilizing Nmap for recognizing open ports, services, and vulnerabilities.

Unit 04- Enumeration (Day- 7-8)
⦿ Exploring NetBIOS
⦿ Understanding SMTP
⦿ Analyzing RPC
⦿ Investigating SMB
⦿ Examining FTP
⦿ Overview of SNMP
⦿ Understanding LDAP
⦿ Exploring NFS
⦿ Investigating DNS
Practical-
⦿ Extracting information like usernames, shares, and resources using various tools.
⦿ Identifying exploits for vulnerable services.
⦿ Introduction to Metasploit Framework
⦿ Brute-Force attacks using Hydra

Unit 05- Vulnerability Analysis (Day- 9-10)
⦿ Grasping the Vulnerability assessment life cycle.
⦿ Researching vulnerabilities through scoring systems and databases.
⦿ Conducting vulnerability assessments using tools like-
⦿ Nessus
⦿ OpenVAS
⦿ Acunetix web application scanner
⦿ Nikto
Practical-
⦿ Performing vulnerability scans using tools like Nessus, Nikto, or OpenVAS.

Unit 06- System Hacking (Day- 11-14)
⦿ Executing active attacks to crack password hashes of Windows and Linux OS
⦿ Bypassing Authentication on Linux and Windows machines
⦿ Exploiting vulnerabilities to gain remote system access
⦿ Escalating privileges on Linux and Windows
⦿ Concealing data through steganography
⦿ Using malware for persistent access.
⦿ Clearing logs on Windows and Linux machines using various utilities
⦿ Hiding artifacts within Windows and Linux systems
Practical-
⦿ Cracking passwords using tools like John the Ripper or Hashcat.
⦿ Exploiting system vulnerabilities in a controlled environment.
⦿ Generating malicious Payloads.
⦿ Tools for Steganography
⦿ Tools for covering tracks on OS.

Unit 07- Malware Threats (Day- 15-17)
⦿ Understanding Malware and its Components
⦿ Overview of Trojan Horses
⦿ Different Types of Trojans
⦿ Exploring Viruses
⦿ Introduction to Ransomware
⦿ Understanding Computer Worms
⦿ Keyloggers and Spywares
⦿ Analysis of Malware
⦿ Static and Dynamic Malware Analysis
⦿ Techniques for Detecting Malwares
⦿ Antivirus Software
⦿ Gaining control through Trojans
⦿ Infecting systems with viruses
Practical-
⦿ Studying various malwares like Trojan horses, Ransomware, etc.
⦿ Identifying and protecting systems from Malware threats.

Unit 08- Sniffing- Network Packet Analysis (Day- 18-20)
⦿ Network Sniffing
⦿ MAC Flooding
⦿ DHCP Starvation Attack
⦿ ARP Spoofing Attack
⦿ ARP Poisoning (Man-in-the-middle)
⦿ Tools for ARP Poisoning
⦿ MAC Address Spoofing
⦿ DNS Poisoning and relevant tools
⦿ Sniffing Tools
⦿ Detection Techniques for Sniffing
Practical-
⦿ Packet sniffing using Wireshark or Tcpdump for network traffic analysis.
⦿ Executing Man-in-the-Middle attack using ARP poisoning
⦿ Performing MAC spoofing
⦿ Conducting DHCP attacks

Unit 09- Social Engineering Attack (Day- 21-22)
⦿ Executing social engineering through various techniques
⦿ Linux machine MAC address spoofing
⦿ Identifying phishing attacks
⦿ Evaluating an organization's security against phishing
⦿ Key topics include-
⦿ Different Types of Social Engineering
⦿ Human, Computer, and Mobile-based Social Engineering
⦿ Phishing Attacks and Tools
⦿ Insider Threats and Attacks
⦿ Identity Theft
Practical-
⦿ Simulating phishing attacks to demonstrate social engineering tactics.
⦿ Embedding a malicious link

Unit 10- Denial-of-Service (DoS) Attack (Day- 23-24)
⦿ DoS Attacks
⦿ Distributed DoS (DDoS) Attacks
⦿ Understanding Botnets
⦿ Techniques used in DoS/DDoS Attacks
⦿ Ping of Death attack
⦿ Smurf attack
⦿ SYN flood attack
⦿ Slowloris attack
⦿ Tools used in DoS/DDoS Attacks
Practical-
⦿ Simulating DoS attacks using tools like LOIC, hping3, or Metasploit Framework to understand their impact on systems and networks.

Unit 11- Session Hijacking Attack (Day- 25-26)
⦿ Understanding Sessions and Cookies
⦿ Exploring Session Hijacking
⦿ Varieties of Session Hijacking
⦿ Differentiating Spoofing and Hijacking
⦿ Application-Level Session Hijacking
⦿ Client-Side Attacks
⦿ Session Replay Attacks
⦿ Tools for Session Hijacking
Practical-
⦿ Demonstrating session hijacking exercises to gain control of active HTTP connections and illustrate associated risks.

Unit 12- Evading IDS, Firewalls, and Honeypots (Day- 27-28)
⦿ Understanding Defensive Devices- IDS, Firewalls, Honeypots
⦿ Intrusion Detection System (IDS) Overview
⦿ Firewall Concepts
⦿ Honeypot Functionality
⦿ Circumventing Firewall Rules
⦿ Strategies for Evading IDS and Firewalls
Practical-
⦿ Exploring IDS functions using Snort
⦿ Understanding Firewalls using Firewalld
⦿ Exploring Honeypots
⦿ Implementing techniques to bypass IDS and Firewalls to understand their limitations.

Unit 13- Hacking Web Servers (Day- 29-30)
⦿ Functions of Web Servers
⦿ Attacks on Web Servers
⦿ DNS Server Hijacking
⦿ Defacement of Websites
⦿ Methodologies for Attacking Web Servers
⦿ Patch Management
⦿ Tools for Web Server Attacks
⦿ Tools for Enhancing Web Server Security
Practical-
⦿ Identifying vulnerabilities in web servers (like Apache, Nginx) and exploiting them.

Unit 14- Hacking Web Applications (Day- 31- 34)
⦿ Web Application Architecture
⦿ Threats to Web Applications
⦿ Cross-Site Scripting (XSS)
⦿ Directory Traversal
⦿ Command Injection
⦿ File Upload Vulnerabilities
⦿ Server-Side Request Forgery (SSRF)
⦿ Cross-Site Request Forgery (CSRF)
⦿ Broken Authentication
⦿ Broken Access Control
⦿ Clickjacking
⦿ XML External Entities (XXE)
⦿ OWASP Top 10 Application Security Risks – 2021
⦿ Methodology for Hacking Web Applications
⦿ Web APIs
⦿ Web Shells
⦿ Web Application Security Measures
Practical-
⦿ Assessing web application security using Burp Suite.
⦿ Exploiting web application vulnerabilities like Cross-Site Scripting, Directory Traversal, File Upload, CSRF, SSRF, Command Injection, etc.

Unit 15- SQL Injection Attack (Day- 35-36)
⦿ Understanding SQL Injection
⦿ Varieties of SQL Injection
⦿ Error-Based SQL Injection
⦿ Union-Based SQL Injection
⦿ Blind SQL Injection
⦿ Methodology for SQL Injection
⦿ Tools for SQL Injection
Practical-
⦿ Executing SQL injection exercises against vulnerable web applications to retrieve or manipulate data.
⦿ Understanding different types of SQL Injection like Error, Union, and Blind-based attacks.

Unit 16- Hacking Wireless Networks (Day- 37-38)
⦿ Wireless Network Terminology
⦿ Characteristics of Wireless Networks
⦿ Wireless Encryption Standards (WEP, WPA, WPA2, WPA3)
⦿ Threats to Wireless Networks
⦿ Methodology for Hacking Wireless Networks
⦿ Techniques for Cracking Wi-Fi Passwords
⦿ Evil-Twin Attacks
⦿ Jamming Signal Attack
⦿ De-Authentication Attack
⦿ Bluetooth Hacking
⦿ Threats Associated with Bluetooth
Practical-
⦿ Conducting wireless network password cracking attacks.
⦿ Employing tools like aircrack-ng suite for various wireless attacks.

Unit 17- Hacking Mobile Platforms (Day- 39-40)
⦿ Attack Vectors for Mobile Platforms
⦿ OWASP's Top 10 Mobile Risks
⦿ App Sandboxing, SMS Phishing Attack (SMiShing)
⦿ Android Rooting
⦿ Hacking Techniques for Android Devices
⦿ Android Security Tools
⦿ Jailbreaking iOS
⦿ Hacking Methods for iOS Devices
⦿ Tools for iOS Device Security
⦿ Mobile Device Management (MDM)
⦿ OWASP's Top 10 Mobile Controls
⦿ Tools for Mobile Security
Practical-
⦿ Exploring various mobile threats (malware, phishing, etc.) and implementing countermeasures.
⦿ Generating malicious Payloads for mobile devices.
⦿ Exploring attacks like DoS, SMS/call bombing, Port scanning, etc.

Unit 18- IoT and OT Hacking (Day- 41-42)
⦿ IoT Architecture
⦿ IoT Communication Models
⦿ OWASP's Top 10 IoT Threats
⦿ Vulnerabilities in IoT
⦿ Methodology for Hacking IoT
⦿ Tools for Hacking IoT
⦿ Introduction to OT
⦿ IT/OT Convergence and IIoT
⦿ Vulnerabilities in ICS and OT
⦿ Attacks on OT
⦿ Methodology for Hacking OT
⦿ Tools for Hacking OT
⦿ Tools for OT Security
Practical-
⦿ Identifying and analyzing IoT and OT devices within a network using tools like Shodan, search engines, or network scanning techniques.
⦿ Conducting vulnerability scanning and analysis of IoT and OT devices using specialized tools like Nessus, nmap, etc.

Unit 19- Cloud Computing (Day- 43-44)
⦿ Cloud Computing Overview
⦿ Types of Cloud Computing Services
⦿ Cloud Deployment Models
⦿ Cloud Service Providers
⦿ Containers
⦿ Docker
⦿ Kubernetes
⦿ Cloud-Based Attacks
⦿ Hacking in the Cloud
⦿ Cloud Network Security
⦿ Controls for Cloud Security
⦿ Tools for Cloud Security
Practical-
⦿ Understanding Cloud platforms like AWS.
⦿ Exploring AWS EC2 service for deploying a virtual machine.

Unit 20- Cryptography (Day- 45-46)
⦿ Introduction to Cryptography
⦿ Encryption Algorithms
⦿ Types of Encryption
⦿ Hashing
⦿ MD5 and SHA Hash Calculation
⦿ Cryptographic Tools
⦿ Public Key Infrastructure (PKI)
⦿ Email Encryption
⦿ Disk Encryption
⦿ Cryptography Attacks
⦿ Countermeasures for Attacks
Practical-
⦿ Hands-on practice with encryption and decryption using tools like OpenSSL or PGPtool.
⦿ Practical experience with Hashing using tools like hashmyfiles, hashcalc, etc.
⦿ Understanding password cracking using CrackStation.
⦿ Exploring different Encoding methods like Base64, ROT13, Morse code, etc.

Course Features

  • Duration : 60 Hours
  • Lectures : 30
  • Quiz : 20
  • Students : 15

You may like