CEH: Certified Ethical Hacker

SYLLABUS

Contact / Instructional hours: 40 hours

Course Summary
Course Description
This five-day instructor led training experience can fortify the knowledge and skills of an IT
security professional to help them think as a hacker to detect weaknesses within network
infrastructures. Students are exposed to hands-on exercises, lectures, and other material
necessary to prepare them for the CEH certification exam.
Major Instructional Areas
Viruses and Worms

Sniffers

Social Engineering

Denial of Service

Session Hacking

Hacking Webservers

Hacking Web Applications

SQL Injection

Hacking Wireless Networks

Evading IDS, Firewalls and Honeypots

Buffer Overflow

Cryptography

Penetration Testing

Use the following advice to receive maximum learning benefits from your participation in this course:

DO

Do take a proactive learning approach

Do share your thoughts on critical issues
and potential problem solutions
Do plan your course work in advance
Do explore a variety of learning
resources in addition to the textbook
Do offer relevant examples from your
experience
Do make an effort to understand different
points of view
Do connect concepts explored in this

DONT

Dont assume there is only one correct

answer to a question
Dont be afraid to share your perspective
on the issues analyzed in the course
Dont be negative towards points of view
that are different from yours
Dont underestimate the impact of
collaboration on your learning
Dont limit your course experience to
reading the textbook
Dont postpone studying materials

course to real-life professional situations

review the concepts covered after each

and your own experiences

class and prepare for the next days

lecture and labs by reading ahead.

CEH Exam
As a focus for your exam preparation, see the CEH exam blue print. This document
details the content that is covered by the exam questions and to what extent each
domain is covered. You can access the Exam blue print on the Phoenix TS student
portal, or at the link below.

https://cert.eccouncil.org/images/doc/CEH-Exam-Blueprint-v2.0.pdf

Course Outline

Lesson Plan: Day 1

Necessary Material

Ethical Hacking and Countermeasures by EC-Council

Module 1: Introduction

Information security overview

Skills of an ethical hacker
Hacking concepts and phases
Types of attacks
Information security threats, attack vectors, and controls
Information Assurance (IA)
Information Security Laws and Standards
Security Policies: types, HR/legal implications
Physical security
Threat modeling
Enterprise Information Security Architecture (EISA)
Network Security Zoning

Footprinting concepts, threats, attack vectors, and

controls
Footprinting through Search Engines
Footprinting through Social Networking sites
Website footprinting
Competitive Intelligence
WHOIS Footprinting
Footprinting tools

to Ethical Hacking

Module 2:
Footprinting and
Reconnaissance

Module 3: Scanning

Scanning methodology, techniques, and countermeasures

Techniques for IDS evasion, scanning, HTTP tunneling,
and IP spoofing
Drawing network diagramslatest network discovery and
mapping tools, network discovery tools for mobile
Proxy chaininglatest proxy tools, proxy tools for mobile

Enumeration

Protocols: NetBIOS, SNMP, LDAP, NTP, SMTP, DNS

Countermeasures
Techniques

Module 5: System

Crackingpasswords,escalatingprivileges,executing
applications,hidingfilesandcoveringtracks
Steganographyapplicationandclassification,tools,
methods/attacksonsteganography,steganography
detectiontools

Footprinting and reconnaissance

Networks

Module 4:

Hacking

Lab Activities

Homework / Outside

Scanning networks

Enumeration

System hacking

Review Modules 1 through 5 make notes of unclear

Reading Assignment

concepts

Review tomorrows materials Modules 6 through 10

Complete practice questions note questions that you

got incorrect to discuss with your instructor

Lesson Plan: Day 2

Necessary Materials

Ethical Hacking and Countermeasures by EC-Council

Module 6: Malware

Introduction to malware

Threats

Trojansattacks, how to infect a system, crypters, how to

deploy, latest types, analysis, countermeasures

Virusesstages, types, latest virus maker, analysis,

countermeasures

Module 7: Sniffing

Module 8: Social

Wormstypes, makers, analysis, countermeasures

Malware analysis

Antivirus tools

Penetration testing

Attacks: MAC, DHCP, and spoofing

Poisoning: ARP and DNS

Tools

Concepts, techniques, impersonation, identity theft, and

Engineering

Module 9: Denial of
Service

countermeasures

Phases of an attack

Common targets of an attack

Impersonation scenario

Computer based, mobile based, social networking based

Concepts, case study, tools, attack techniques, and

countermeasures

Module 10: Session

Botnet

Scanning methods for vulnerable machines

Detection Techniques and tools

Concepts, case study, tools, attack techniques, and

Hijacking

Lab Activities

Homework / Outside

countermeasures

Five stages of a web malware attack

Application level session hijacking

Network level session hijacking

TCP/IP Hijacking

Trojans and backdoors

Viruses and worms

Sniffers

Social Engineering

Denial of Service

Session Hijacking

Review Modules 8 through 10 make notes of unclear

Reading Assignments

concepts

Review tomorrows materials Modules 11 through 14

Complete practice questions note questions that you

got incorrect to discuss with your instructor

Lesson Plan: Day 3

Necessary Materials

Ethical Hacking and Countermeasures by EC-Council

Module 11: Hacking

Webserver market shares

Webservers

Web servers

Web server security issues

Webserver attacks, attack methodology, attack tools, and

countermeasures

Patch management

Webserver security tools

Web server pen testing

Module 12: Hacking

Web application threats

Web Applications

Concepts, hacking methodology, tools, and

countermeasures

Module 13: SQL

Analyze web applications

Web application pen testing

Concepts, methodologies, types, of SQL injection,

Injection

Module 14: Hacking

advanced SQL injection, and countermeasures

Evasion techniques and tools

Information gathering

Concepts, encryption, threats, Bluetooth hacking,

Wireless Networks

Lab Activities

Homework / Outside

methodology, and counter-measures

Wireless security tools and hacking tools

Hacking webservers

Hacking web application

SQL Injection

Hacking wireless networks

Review Modules 11 through 14 make notes of unclear

Reading Assignment

concepts

Review tomorrows materials Modules 15 through 18

Complete practice questions note questions that you

got incorrect to discuss with your instructor

Lesson Plan: Day 4

Necessary Materials

Ethical Hacking and Countermeasures by EC-Council

Module 15: Hacking

Android OS, IOS, Windows Phone OS, Blackberry

Mobile Platforms

Mobile device management, security guidelines and tools

OWASP Mobile Top 10 Risks

Latest Sniffers

Latest Jailbreaking tools

Mobile spyware

Bring Your Own Device (BYOD)

Mobile Anti-spyware

Module 16: Evading

Concepts and countermeasures

IDS, Firewalls, and

Honeypot, firewalls, IDS for mobile

Honeypots

Evading IDS, firewalls

Detecting honeypots

Concepts,methodologies,examples,detection,and
countermeasures

Separationofresponsibilities

Virtualization

Threatsandattacks

CloudSecurityControlLayers

Tools

CloudPenetrationTesting

Concepts, encryption algorithms, email encryption, disk

Module 17: Cloud

Computing

Module 18:
Cryptography

Exam Readiness

encryption, and attacks

Public key infrastructure (PKI)

Cryptanalysis and cryptography tools

Hash calculators for Mobile

Go to the Phoenix TS Student Portal and complete the

Assessment

50-Question Exam Readiness Assessment

Review your immediate results, and discuss them with

your instructor and your training consultant as necessary

Lab Activities

Homework / Outside

Evading IDS, Firewalls and Honeypots

Buffer Overflow

Cryptography

Review Modules 15 through 18 make notes of unclear

Reading Assignment

concepts

Complete practice exam

Prepare for exam with a mock or pre-exam test

Lesson Plan: Day 5

Exam Prep

Take the exam