Naslovnica

Certified Ethical Hacker (CEH)

A Certified Ethical Hacker is a specialist typically working in a red team environment, focused on attacking computer systems and gaining access to networks, applications, databases, and other critical data on secured systems. A CEH understands attack strategies, the use of creative attack vectors, and mimics the skills and creativity of malicious hackers. Unlike malicious hackers and actors, Certified Ethical Hackers operate with permission from the system owners and take all precautions to ensure the outcomes remain confidential. Bug bounty researchers are expert ethical hackers who use their attack skills to uncover vulnerabilities in the systems.  

Certified Ethical Hackers are hired by organizations to help improve the organizations security posture. CEH is a required baseline certification for many different job roles, but the function of ethical hacking itself involves a methodical practice of identifying, evaluating, testing, and reporting on vulnerabilities in an organization. Ethical Hacking is a broad practice that covers many different technologies, but by systematically applying the methodologies taught in the CEH program, ethical hackers can evaluate nearly any application or infrastructure they are tasked with, identify potential vulnerabilities, and provide recommendations on how those vulnerabilities can be remediated. In the case of military organizations, ethical hackers are highly trained in offensive and defensive activities and possess the critical skill sets and tactics to evaluate target systems and defend their own organization’s assets in real time.

Što ćete naučiti

  • Key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.
  • Use the latest techniques and tools to perform foot printing and reconnaissance, a critical pre-attack phase of the ethical hacking process.
  • Different network scanning techniques and countermeasures.
  • Various enumeration techniques, such as Border Gateway Protocol (BGP) and Network File Sharing (NFS) exploits, and associated countermeasures.
  • Identify security loopholes in a target organization’s network, communication infrastructure, and end systems.
  • Different types of vulnerability assessment and vulnerability assessment tools.
  • Various system hacking methodologies including steganography, steganalysis attacks, and covering tracks used to discover system and network vulnerabilities.
  • Different types of malware (Trojan, virus, worms, etc.), APT and fileless malware, malware analysis procedure, and malware countermeasures.
  • Packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against sniffing attacks.
  • Social engineering concepts and techniques, including how to identify theft attempts, audit human-level vulnerabilities, and suggest social engineering countermeasures.
  • Different Denial of Service (DoS) and Distributed DoS (DDoS) attack techniques, as well as the tools used to audit a target and devise DoS and DDoS countermeasures and protections.
  • Understand the various session hijacking techniques used to discover network-level session management, authentication, authorization, and cryptographic weaknesses and associated countermeasures.
  • Firewall, intrusion detection system (IDS), and honeypot evasion techniques - the tools used to audit a network perimeter for weaknesses and countermeasures.
  • Web server attacks, including a comprehensive attack methodology used to audit vulnerabilities in web server infrastructures and countermeasures.
  • Web application attacks, including a comprehensive web application hacking methodology used to audit vulnerabilities in web applications and countermeasures.
  • SQL injection attacks, evasion techniques, and SQL injection countermeasures.
  •  
  • Understand different types of wireless technologies, including encryption, threats, hacking methodologies, hacking tools, Wi-Fi sedcurity tools, and countermeasures.
  • Mobile platform attack vector, android and iOS hacking, mobile device management, mobile security guidelines, and security tools.
  • Different types of IoT and OT attacks, hacking methodology, hacking tools, and countermeasures.
  • Different cloud computing concepts, such as container technologies and server less computing, various cloud computing threats, attacks, hacking methodology, and cloud security techniques and tools.

Kome je namijenjeno

  • Mid-Level Information Security Auditor
  • Cybersecurity Auditor
  • Security Administrator
  • IT Security Administrator
  • Cyber Defense Analyst
  • Vulnerability Assessment Analyst
  • Warning Analyst
  • Information Security Analyst 1
  • Security Analyst L1
  • Infosec Security Administrator
  • Cybersecurity Analyst level 1, level 2, & level 3
  • Network Security Engineer
  • SOC Security Analyst
  • Security Analyst
  • Network Engineer
  • Senior Security Consultant
  • Information Security Manager
  • Senior SOC Analyst
  • Solution Architect
  • Cybersecurity Consultant

Preduvjeti

  • Have two years’ IT work experience.
  • Minimum of two years’ experience in IT security strongly recommend

Nastavni plan

Pregledaj
  • Introduction to Ethical Hacking
  • Foot printing and Reconnaissance
  • Scanning Networks
  • Enumeration
  • Vulnerability Analysis
  • System Hacking
  • Malware Threats
  • Sniffing
  • Social Engineering
  • Denial-of-Service
  • Session Hijacking
  • Evading IDS, Firewalls, and Honeypots
  • Hacking Web Servers
  • Hacking Web Applications
  • SQL Injection
  • Hacking Wireless Networks
  • Hacking Mobile Platforms
  • IoT Hacking
  • Cloud Computing
  • Cryptography