Exam outline - deanbushmiller/CEH-bootcamp GitHub Wiki

Module 01: Introduction to Ethical Hacking

• Learn the fundamentals of ethical hacking, information security controls, relevant laws, and standard procedures.
• Hands-on Labs:
  • Perform footprinting on the target network using search engines, internet research services, and social networking sites.
  • Perform whois, DNS, network, and email footprinting on the target network.
  • Perform Footprinting using AI.
• Key topics covered:
  • Elements of Information Security
  • Classification of Attacks
  • Hacker Classes
  • Ethical Hacking
  • AI-Driven Ethical Hacking
  • ChatGPT-Powered AI Tools for Ethical Hackers
  • CEH Ethical Hacking Framework
  • Cyber Kill Chain Methodology
  • MITRE ATT&CK Framework
  • Information Assurance (IA)
  • Risk Management
  • Threat Intelligence Lifecycle
  • Incident Management
  • PCI DSS, HIPPA, SOX, GDPR, DPA

Module 02: Footprinting and Reconnaissance

• Use the latest techniques and tools for footprinting and reconnaissance in ethical hacking.
• Hands-on Labs:
  • Perform footprinting on the target network using search engines, internet research services, and social networking sites.
  • Perform whois, DNS, network, and email footprinting on the target network.
  • Perform Footprinting using AI.
• Key topics covered:
  • Reconnaissance
  • Footprinting Using Advanced Google Hacking Techniques
  • Footprinting through People Search Services
  • Dark Web Footprinting
  • Competitive Intelligence Gathering
  • Footprinting through Social Networking Sites
  • Whois Lookup
  • DNS Footprinting
  • Traceroute Analysis
  • Email Footprinting
  • Footprinting through Social Engineering
  • AI-Powered OSINT Tools

Module 03: Scanning Networks

• Learn different network scanning techniques and countermeasures.
• Hands-on Labs:
  • Perform host, port, service, and OS discovery on the target network.
  • Perform scanning on the target network beyond IDS and Firewall.
  • Perform scanning using AI.
• Key topics covered:
  • Network Scanning
  • Scanning Tools
  • Host Discovery Techniques
  • Port Scanning Techniques
  • Host Discovery and Port Scanning with AI
  • Service Version Discovery
  • OS Discovery/Banner Grabbing
  • Scanning Beyond IDS and Firewall
  • Scanning Detection and Prevention

Module 04: Enumeration

• Explore various enumeration techniques, including BGP and NFS exploits, and their countermeasures.
• Hands-on Labs:
  • Perform NetBIOS, SNMP, LDAP, NFS, DNS, SMTP, RPC, SMB, and FTP Enumeration.
  • Perform Enumeration using AI.
• Key topics covered:
  • Enumeration
  • NetBIOS Enumeration
  • SNMP Enumeration
  • LDAP Enumeration
  • NTP Enumeration
  • NFS Enumeration
  • SMTP Enumeration
  • DNS Cache Snooping
  • DNSSEC Zone Walking
  • IPsec Enumeration
  • VoIP Enumeration
  • RPC Enumeration
  • Unix/Linux User Enumeration
  • SMB Enumeration
  • Enumeration using AI
  • Enumeration Countermeasures

Module 05: Vulnerability Analysis

• Identify security loopholes in networks, communication infrastructure, and end systems using various assessment tools.
• Hands-on Labs:
  • Perform Vulnerability Research using Vulnerability Scoring Systems and Databases.
  • Perform Vulnerability Assessment using Various Vulnerability Assessment Tools.
  • Perform Vulnerability Analysis using AI.
• Key topics covered:
  • Vulnerability Classification
  • Vulnerability Scoring Systems and Databases
  • Vulnerability-Management Life Cycle
  • Vulnerability Research
  • Vulnerability Scanning and Analysis
  • Vulnerability Assessment Tools
  • Vulnerability Assessment Reports
  • AI-Powered Vulnerability Assessment Tools

Module 06: System Hacking

• Discover system and network vulnerabilities, including steganography and privilege escalation techniques.
• Hands-on Labs:
  • Perform an Active Online Attack to Crack the System’s Password.
  • Perform Buffer Overflow Attack to Gain Access to a Remote System.
  • Escalate Privileges using Privilege Escalation Tools.
  • Escalate Privileges in Linux Machine.
  • Hide Data using Steganography.
  • Clear Windows and Linux Machine Logs using Various Utilities.
  • Hiding Artifacts in Windows and Linux Machines.
  • Perform System Hacking using AI.
• Key topics covered:
  • Password Cracking
  • Password Attacks
  • Password-Cracking Tools
  • Vulnerability Exploitation
  • Metasploit Framework
  • AI-Powered Vulnerability Exploitation Tools
  • Buffer Overflow
  • Buffer Overflow Detection Tools
  • Active Directory (AD) enumeration
  • Privilege Escalation
  • Privilege Escalation Tools
  • Executing Applications
  • Keylogger, Spyware, Rootkits
  • Steganography, Steganalysis
  • Steganography Detection Tools
  • Maintaining Persistence
  • Linux and Windows Post Exploitation
  • Covering Tracks, Clearing Logs
  • Track-Covering Tools

Module 07: Malware Threats

• Understand different types of malware, APT, fileless malware, analysis procedures, and countermeasures.
• Hands-on Labs:
  • Gain Control over a Victim Machine using Trojan.
  • Infect the Target System using a Virus.
  • Perform Static and Dynamic Malware Analysis.
• Key topics covered:
  • Malware
  • Advanced Persistent Threat Lifecycle
  • Trojan, Virus, Ransomware, Computer Worms, Fileless Malware
  • AI-based Malware
  • Malware Analysis (Static & Dynamic)
  • Virus Detection Methods
  • Malware Countermeasures
  • Anti-Trojan Software
  • AI-Powered Malware Detection and Analysis Tools

Module 08: Sniffing

• Learn packet-sniffing techniques for discovering network vulnerabilities and defensive countermeasures.
• Hands-on Labs:
  • Perform MAC Flooding, ARP Poisoning, MITM, and DHCP Starvation Attack.
  • Spoof a MAC Address of a Linux Machine.
  • Perform Network Sniffing using Various Sniffing Tools.
  • Detect ARP Poisoning in a Switch-Based Network.
• Key topics covered:
  • Network Sniffing
  • MAC Flooding
  • DHCP Starvation Attack
  • ARP Spoofing/Poisoning
  • MAC Spoofing
  • VLAN Hopping, STP Attack
  • DNS Poisoning Techniques and Tools
  • Sniffing Tools
  • Sniffer Detection Techniques
  • Promiscuous Detection Tools

Module 09: Social Engineering

• Explore social engineering techniques, identifying theft attempts, and implementing countermeasures.
• Hands-on Labs:
  • Perform Social Engineering using Various Techniques.
  • Detect a Phishing Attack.
  • Social Engineering using AI.
• Key topics covered:
  • Social Engineering
  • Types of Social Engineering
  • Human-based and Computer-based Techniques
  • Impersonation, Phishing, SMiShing
  • Call Spoofing, OTP Hijacking
  • Camera/Microphone Capture Attacks
  • AI-based Social Engineering
  • Identity Theft
  • Mobile-based Techniques
  • Countermeasures and Anti-Phishing Tools

Module 10: Denial-of-Service

• Understand DoS and DDoS attack techniques, auditing tools, and protective countermeasures.
• Hands-on Labs:
  • Perform a DoS and DDoS attack on a Target Host.
  • Detect and Protect Against DoS and DDoS Attacks.
• Key topics covered:
  • DoS and DDoS Attacks
  • Botnets
  • Attack Techniques and Toolkits
  • Detection and Protection Tools
  • DoS/DDoS Protection Services

Module 11: Session Hijacking

• Learn session hijacking techniques to exploit session management and implement countermeasures.
• Hands-on Labs:
  • Perform Session Hijacking using various Tools.
  • Detect Session Hijacking.
• Key topics covered:
  • Session Hijacking
  • Application-Level and Network-Level Techniques
  • TCP/IP Hijacking, RST Hijacking, Blind Hijacking
  • Tools and Detection Methods
  • Prevention Approaches

Module 12: Evading IDS, Firewalls, and Honeypots

• Explore firewall, IDS, and honeypot evasion techniques and implement countermeasures.
• Hands-on Labs:
  • Perform Intrusion Detection using Various Tools.
  • Deploy Honeypot to Detect Malicious Network Traffic.
  • Bypass Firewall Rules using Tunneling.
  • Bypass Antivirus.
• Key topics covered:
  • Intrusion Detection Systems (IDS) and Firewalls
  • Evasion Techniques and Tools
  • Honeypots and Countermeasures
  • Tunneling and Antivirus Bypass

Module 13: Hacking Web Servers

• Audit vulnerabilities in web server infrastructures using comprehensive attack methodologies and countermeasures.
• Hands-on Labs:
  • Perform Web Server Reconnaissance using Various Tools.
  • Enumerate Web Server Information.
  • Perform a Web Server Attack.
  • Perform Web Server Hacking using AI.
• Key topics covered:
  • Web Server Architecture and Vulnerabilities
  • DNS Server Hijacking, Web Cache Poisoning
  • Footprinting, Banner Grabbing, Directory Brute Forcing
  • Vulnerability Scanning and Password Hacking
  • Attack Tools and Countermeasures
  • Security Tools

Module 14: Hacking Web Applications

• Audit vulnerabilities in web applications using comprehensive hacking methodologies and countermeasures.
• Hands-on Labs:
  • Perform Web Application Reconnaissance using Various Tools.
  • Perform Web Spidering.
  • Perform Web Application Vulnerability Scanning.
  • Perform Web Application Attacks.
  • Detect Web Application Vulnerabilities using Various Tools.
  • Perform Web Application Hacking using AI.
• Key topics covered:
  • Web Application Security Risks (OWASP Top 10)
  • Footprinting Web Infrastructure
  • Bypass Client-side Controls
  • Attack Access Controls, Web Services, APIs
  • Security Testing and Fuzz Testing
  • Encoding Schemes and Attack Countermeasures
  • Security Testing Tools

Module 15: SQL Injection

• Master SQL injection attack techniques, evasion methods, and implement countermeasures.
• Hands-on Labs:
  • Perform an SQL Injection Attack Against MSSQL to Extract Databases.
  • Detect SQL Injection Vulnerabilities using Various Tools.
  • Perform SQL Injection using AI.
• Key topics covered:
  • SQL Injection Types and Methodology
  • Error Based, Union, Blind/Inferential Injections
  • Information Gathering and Attack Launching
  • Advanced Techniques and AI Integration
  • Evasion and Countermeasures
  • Detection Tools

Module 16: Hacking Wireless Networks

• Learn about wireless encryption, threats, hacking methodologies, tools, and countermeasures.
• Hands-on Labs:
  • Footprint a Wireless Network.
  • Perform Wireless Traffic Analysis.
  • Crack a WPA2 Network.
  • Create a Rogue Access Point.
• Key topics covered:
  • Wireless Standards and Encryption
  • Wireless Threats and Hacking Methods
  • Wi-Fi Discovery and Traffic Analysis
  • Encryption Cracking and Rogue APs
  • Security Auditing Tools

Module 17: Hacking Mobile Platforms

• Explore mobile platform attack vectors, Android and iOS hacking techniques, and security tools.
• Hands-on Labs:
  • Hack an Android Device by Creating Binary Payloads.
  • Exploit the Android Platform through ADB.
  • Hack an Android Device by Creating APK File.
  • Secure Android Devices using Various Security Tools.
• Key topics covered:
  • Mobile Attack Anatomy
  • App Sandboxing Issues
  • SMS Phishing, Call Spoofing, OTP Hijacking
  • Camera/Microphone Capture Attacks
  • Android Rooting and Hacking Tools
  • iOS Jailbreaking and Security Tools
  • Mobile Device Management (MDM)
  • Mobile Security Guidelines and Tools

Module 18: IoT and OT Hacking

• Understand IoT and OT attack types, hacking methodologies, tools, and countermeasures.
• Hands-on Labs:
  • Gather Information using Online Footprinting Tools.
  • Capture and Analyze IoT Device Traffic.
  • Perform IoT Attacks.
• Key topics covered:
  • IoT and OT Architecture
  • Technologies, Protocols, and Vulnerabilities
  • Threats and Attack Methodologies
  • Hacking Tools and Security Tools
  • IT/OT Convergence (IIoT)
  • Security Controls

Module 19: Cloud Computing

• Explore cloud computing concepts, container technologies, serverless computing, threats, attacks, and security techniques.
• Hands-on Labs:
  • Perform S3 Bucket Enumeration using Various Tools.
  • Exploit Open S3 Buckets.
  • Escalate IAM User Privileges by Exploiting Misconfigured Policies.
  • Perform vulnerability assessment on Docker images.
• Key topics covered:
  • Cloud, Fog, and Edge Computing
  • Containerization (Docker, Kubernetes)
  • Serverless Computing
  • Cloud Security Risks (OWASP Top 10)
  • Threats and Attack Methodologies
  • AWS, Azure, Google Cloud Hacking
  • Container and Kubernetes Vulnerabilities
  • Security Controls and Tools

Module 20: Cryptography

• Learn encryption algorithms, cryptography tools, PKI, email and disk encryption, attacks, and cryptanalysis.
• Hands-on Labs:
  • Encrypt Information using Various Cryptography Tools.
  • Create and Use Self-signed Certificates.
  • Perform Email and Disk Encryption.
  • Perform Cryptanalysis using Various Tools.
  • Perform Cryptography using AI.
• Key topics covered:
  • Cryptography Principles and Ciphers
  • Symmetric and Asymmetric Encryption Algorithms
  • Message Digest Functions
  • Quantum Cryptography
  • Public Key Infrastructure (PKI)
  • Email and Disk Encryption
  • Blockchain Security
  • Cryptanalysis Methods and Tools
  • AI-based Cryptography