Certified Ethical Hacker (CEH) Certification Training Course
Baltimore | Columbia | Maryland | Washington DC | Northern Virginia

Certified Ethical Hacker (CEH) Training Course Description:

During our five day EC-Council Certified Ethical Hacker Certification (CEH v7) training course students will learn to look for the vulnerabilities and weaknesses within different target systems using the same knowledge and tools as a malicious hacker. Through our CEH course, students will begin to understand how perimeter defenses work and, through hands-on exercises, will be monitoring and attacking a network specifically designed for this course. Students will then learn what steps to take to properly secure a system and how intruders escalate privileges. In addition, students will learn about policy creation, intrusion detection, virus creation, DDoS attacks, buffer overflows, and social engineering. At the end of the CEH training course, students will walk out the door with hacking skills that are highly in demand as well as the internationally recognized Certified Ethical Hacker certification!

The certification exam voucher is included and the student has the option of taking the exam on the last day of the class.

The United States Department of Defense has listed CEH as an approved certification for its Information Assurance Workforce Improvement Program (DoD 8570.1).

Certified Ethical Hacker (CEH) Course Outline:

Module 1: Ethical Hacking Introduction

• Reports on Today’s Internet Crimes and the Data Compromised
• Terms and Elements of Information Security
• The Security, Functionality and Usability Triangle
• The Fundamentals of Hacking
• What is Hacking?
• Hacktivism
• 5 Phases of Hacking
• 4 Types of System Attacks
• Ethical Hacking as a Defense
• Scope and Limitations
• Skill Sets of an Ethical Hacker
• Vulnerability Research and Penetration Testing

Module 2: Footprinting and Reconnaissance

• Footprinting Terminologies and Fundamental Procedures
• Locating URLs: Company and Internal 
• Public and Restricted Websites
• Information Search and Data Extraction
• Company
• Location
• People
• Financial Services
• Job Sites
• DNS
• Website and Target Monitoring Techniques
• Competitive Intelligence Gathering
• WHOIS Lookup
• Locate the Network Range
• Traceroute Analysis and Tools
• Website Mirroring
• Google as a Hacking Tool
• Footprinting Countermeasures
• Footprinting Pen Testing

Module 3: Scanning Networks

• Types of Network Scanning
• ICMP and PingSweep Tools
• TCP and Three-Way Handshake
• 12 Top Scanning Techniques
• Scanning Tools and Countermeasures
• War Dialing Tools and Countermeasures
• Banner Grabbing Tools, Techniques and Countermeasures
• Hiding File Extensions
• Vulnerability Scanning Tools
• Network Vulnerability Scanners
• Network Mapping Software
• Proxy Servers Fundamentals, Tools and Techniques
• SocksChain
• TOR (The Onion Routing)
• Tunneling Tools and Techniques
• Anonymizers Tools and Techniques
• Text Conversion to Avoid Filters
• Censorship Circumvention Tool:  Psiphon
• G-Zapper
• Spoofing IP Address: Detection Techniques and Countermeasures
• Scanning Pen Testing

Module 4: Enumeration

• Enumeration Fundamentals
• Techniques for Enumeration:
• Netbios Enumeration
• Enumerating User Accounts
• Enumerate Systems Using Default Passwords
• SNMP (Simple Network Management Protocol) Enumeration
• UNIX/Linux Enumeration
• LDAP Enumeration
• NTP Enumeration
• SMTP Enumeration
• DNS Zone Transfer Enumeration Using nslookup
• Enumeration Countermeasures
• Enumeration Pen Testing

Module 5: System Hacking

• System Hacking Information Preparedness and Established Goals
• CEH Hacking Methodology (CHM)
• Password Cracking Fundamentals, Techniques and Types of Attacks
• Microsoft Authentication
• Hash Passwords Stored in Windows SAM
• LAN Manager Hash and Backward Compatibility
• Kerberos Authentication
• Tools for Password Hashing and Cracking
• Password Cracking Defense
• Active@ Password Changer
• Privilege Escalation Tools and Defense
• Executing Applications
• Remote Execution Tools
• Keylogger Types and Defense Techniques
• Spyware Types and Defense Techniques
• How to Defend against Spyware?
• Rootkits Types, Detection and Defense
• NTFS Data Stream Creation, Detectors and Defense
• Steganography Types, Tools and Techniques
• Covering Your Tracks: Tools and Techniques
• System Hacking Penetration Testing

Module 6: Trojans and Backdoors

• Trojan Fundamentals, Purpose and Attack Signals
• Overt and Covert Channels
• Common Ports Trojans use to Infect Systems
• Wrappers
• Techniques to Deploy a Trojan and Enter into a System
• Trojan Types and Classifications 
• BlackBerry Trojan: PhoneSnoop
• MAC OS X Trojan: DNSChanger and Hell Raiser
• Scanning and Monitoring Tools and Techniques
• Trojan and Backdoor Countermeasures
• Trojan Horse Construction Kit
• Anti-Trojan Software Types
• Pen Testing for Trojans and Backdoors

Module 7: Viruses and Worms

• Fundamentals and Statistics on Viruses and Worms
• Phases of a Virus Life
• Indications of Virus Attack
• Virus Hoaxes
• Analysis and Types of Viruses  
• Transient and Terminate and Stay Resident Viruses
• Constructing a Simple Virus Program
• Computer  Worms
• Worms vs. Viruses
• Worm Infection and Analysis
• Internet Worm Maker Thing
• Sheep Dip Computer
• Anti-Virus Sensors Systems
• Malware Analysis Procedure
• String Extracting Tools
• Compression and Decompression Tools
• Process Monitoring Tools
• Log Packet Content Monitoring Tools
• Debugging Tool
• Virus  Analysis and Detection Tools
• Online Malware Testing and Analysis
• Virus and Worms Countermeasures
• Companion Antivirus: Immunet Protect
• Penetration Testing for Virus

Module 8: Sniffers

• Benefits and Components of Lawful Intercept
• Wiretapping
• Sniffing Procedures, Threats and Types
• Switch Attacks
• Vulnerable Protocols
• Data Link Layer in OSI Model
• Hardware Protocol Analyzers
• SPAN Port
• MAC Flooding Attacks
• DHCP Attacks
• Address Resolution Protocol (ARP) Attacks and Tools
• Configuring Cisco Switches
• MAC Spoofing/Duplicating Tools and Defense
• DNS Poisoning Techniques
• Sniffing, Discovery and Analyzer Tools
• TCP/IP Packet Crafter
• Sniffing Defense, Detection and Prevention Procedures and Tools

Module 9: Social Engineering

• Social Engineering Overview
• Human Behaviors Most Vulnerable to Social Engineering Attacks
• Detecting an Impending Attack
• Social Engineering Attack Phases and the Impact of a Successful Attack
• Command Injection Attacks
• Social Engineering Attacks: Common Targets and Intrusion Tactics
• Types of Social Engineering Attacks
• Insider Attack
• Prevention Strategies
• Social Engineering Using Social Networking Sites and the Risks of Company Social Networks
• Identity Theft Statistics and Scenarios
• Detect Phishing Emails
• Social Engineering and Identity Theft Countermeasures
• Social Engineering Pen Testing

Module 10: Denial of Service (DoS)

• Overview and Symptoms of a DoS Attack
• Distributed Denial of Service Attacks (DDoS)
• Organized Cyber Crime
• Internet Chat Query (ICQ) and Internet Relay Chat (IRC)
• Botnet
• WikiLeak Operation Payback
• DoS Attack Techniques, Tools and Detection
• DoS/DDoS Attack Countermeasure Strategies
• Post-attack Forensics
• Botnet Defense Strategies
• DoS/DDoS Protection at ISP Level
• TCP Intercept on Cisco IOS Software
• Advanced DDoS Protection Tools
• Denial of Service (DoS) Attack Penetration Testing

Module 11: Session Hijacking

• Overview and Dangers of Session Hijacking
• Process and Techniques for Successful Session Hijacking
• Brute Force and HTTP Referrer Attacks
• Spoofing vs. Hijacking
• Packet Analyzer for a Local Session Hijack
• Session Hijacking Types and Tools
• Session Token Predictors
• Man-in-the-Middle and Man-in-the-Browser Attacks
• Client-side Attacks
• Cross-site Script Attack
• Session Fixation Attacks
• Network Level Session Hijacking
• Three-Way Handshake
• Sequence Numbers Prediction
• TCP/IP Hijacking and IP Spoofing
• Hijacking and Spoofing Attack Types
• Session Hijacking Prevention, Protection and Defense
• Session Hijacking Remediation
• IPSec
• Session Hijacking Pen Testing

Module 12: Hijacking Webservers

• Overview of Webservers
• Open Source and IIS Webserver Architecture
• Website Defacement
• Webserver Attack Implications
• Webserver Attack Types
• Webserver Misconfiguration
• Webserver Password Cracking
• Attacks on Web Applications
• Phases and Tools for a Webserver Attack
• Web Password Cracking Tools
• Countermeasures and Defense Methods
• HTTP Response Splitting and Web Cache Poisoning Defense Methods
• Patches and Hotfixes Approaches and Tools
• Patch Management Tools
• Web Application Security Scanners
• Webserver Malware Infection Monitoring Tools
• Webserver Security Tools
• Web Server Penetration Testing

Module 13: Hacking Web Applications

• Security Statistics and Overview of Web Applications
• Web Application Components, Architecture and Functions
• Web 2.0 Applications
• Vulnerability Stack
• Web Attack Vectors
• Web Application Threats
• Unvalidated Input
• Parameter and Form Tampering
• Directory Traversal
• Security Misconfiguration
• Injection Flaws and Attack Types
• Hidden Field Manipulation Attack
• Cross-Site Scripting (XSS) Attacks
• Web Application DoS Attack
• Buffer Overflow Attacks
• Cookie/Session Poisoning and Session Fixation Attacks
• Insufficient Transport Layer Protection
• Improper Error Handling
• Insecure Cryptographic Storage
• Broken Authentication and Session Management
• Unvalidated Redirects and Forwards
• Web Services Architecture: Attacks and Poisoning
• Footprint Web Infrastructure
• Web Spidering Using Burp Suite
• Web Server Hacking Tools
• Web Application Analysis
• Attack Authentication Mechanism
• Username Enumeration
• Password Attack Types
• Session Attack Types
• Cookie Exploitation
• Authorization and Session Management Attacks
• Injection Attacks
• Attack Data Connectivity
• Attack Web App Client
• Web Services: Probing and Attack Tools
• Web Application Hacking Tools
• Encoding Schemes and Defense
• Web Application Countermeasures and Firewalls
• Web Application Pen Testing

Module 14: SQL Injection

• SQL Injection Overview and Threats
• SQL Injection Attacks
• Server Side Technologies
• HTTP Post Request
• Detecting an SQL Injection Vulnerability
• Black Box Pen Testing for SQL Injection
• SQL Injection Types
• Blind SQL Injection
• Method for SQL Injection
• Gathering Information
• Database, Table and Column Enumeration
• Features of Different DBMSs
• Password Grabbing
• Transferring the Database to the Attacker’s Machine
• Interacting with the Operating System and FileSystem
• Network Reconnaissance Full Query
• SQL Injection Tools
• IDS Evasion Types and Techniques
• SQL Injection Attack Defense Methods
• Tools and Techniques for SQL Injection Detection

Module 15: Wireless Network Hacking

• Overview of US Wireless Networks at Home and Public Places
• Types and Standards of Wireless Networks
• Service Set Identifier (SSID)
• Wi-Fi Authentication Modes
• Wi-Fi Chalking and Hotspot Finders
• Types of Wireless Antenna and the Parabolic Grid Antenna
• Wireless Encryption Types
• Weak Initialization Vectors (IV)
• Breaking Encryption Types and Defense Methods
• Types of Wireless Threats
• Rogue, Misconfigured and HoneySpot Access Point Attacks
• Client Mis-association, Unauthorized Association and Ad Hoc Connection Attack
• AP MAC Spoofing
• Denial-of-Service Attack
• Jamming Signal Attack and Wi-Fi Jamming Devices
• Methods for Wireless Hacking
• Locating Potential Wi-Fi Networks to Attack, Scanning Methods
• Wireless Network Footprinting
• Wi-Fi Discovery Tools
• GPS Mapping
• Wardriving Techniques and Tools
• Wireless Traffic Analysis Tools and Techniques
• Wireless Cards and Chipsets and Wi-Fi USB Dongle
• Wi-Fi Packet and Wireless Sniffers
• Spectrum Analysis
• Aircrack-ng Suite
• Hidden SSIDs
• Fragmentation and MAC Spoofing Attack
• DoS: Deauthentication and Disassociation Attacks
• Man-in-the-Middle Attack and MITM Attack Using Aircrack-ng
• Wireless ARP Poisoning Attack
• Rogue Access Point and Evil Twin
• Cracking WEP and WPA: Tools and Methods
• RF Monitoring Tools
• Bluetooth Hacking Methods, Tools and Defense 
• Blocking and Detecting Rogue Access Points
• Wireless Security Layers and Defense Methods Against Wireless Attacks
• Wireless Intrusion Prevention Systems and Deployment
• Wi-Fi Security Auditing Tools
• Wi-Fi Intrusion Prevention System
• Wi-Fi Predictive Planning Tools
• Wi-Fi Vulnerability Scanning Tools
• Wireless Penetration Testing

Module 16: IDS, Firewall, and Honeypot Invasion

• Intrusion Detection Systems (IDS) Placement and Overview
• IDS Types
• System Integrity Verifiers (SIV)
• General Indications of Intrusions and System Intrusions
• Firewall Fundamentals, Identification and Types
• DeMilitarized Zone (DMZ)
• Honeypot Types, Tools and Set up Methods
• Intrusion Detection Tools
• Insertion Attack
• DoS
• Obfuscating
• False Positive Generation
• Session Splicing
• Unicode Evasion
• Fragmentation Attack
• Overlapping Fragments
• Time-To-Live Attacks
• Invalid RST Packets
• Urgency Flag
• Polymorphic and ASCII Shellcode
• Application-Layer Attacks
• Desynchronization
• Pre and Post Connection SYN
• Techniques to Bypass Blocked Sites and Firewalls  
• Honeypot Detection Tools
• Firewall Evasion Tools
• Packet Fragment Generators
• Countermeasures
• Firewall/IDS Penetration Testing

Module 17: Buffer Overflow

• Program/Application Vulnerabilities and the Fundamentals of Buffer Overflows
• Stack-Based vs. Heap-Based Buffer Overflow
• Stack Operations
• Programing and Mutating Buffer Overflow Exploits
• Buffer Overflow Steps
• Simple Uncontrolled and Simple Buffer Overflow
• Code Analysis
• Exploiting Semantic Comments in C (Annotations)
• Identifying Buffer Overflows
• BOU (Buffer Overflow Utility)
• Heap and Stack Overflow Testing Methods
• Format String Conditions Testing Tools
• BoF Detection Tools
• Buffer Overflow Defense Methods
• Data Execution Prevention (DEP)
• Enhanced Mitigation Experience Toolkit (EMET)
• BoF Security Tools and Penetration Testing

Module 18: Cryptography

• Overview and Types of Cryptography
• Government Access to Keys (GAK)
• Advanced Encryption Standard (AES) and the Data Encryption Standard (DES)
• Signature Schemes and the DSA
• Types of Encryption Algorithms
• Types of MD5 Hash Calculators
• Online MD5 Decryption Tool
• Cryptography Attacks and Tools
• Cryptanalysis Tools
• Public Key Infrastructure (PKI)
• Certification Authorities and Digital Signatures
• SSL (Secure Sockets Layer)
• Transport Layer Security (TLS)
• Disk Encryption Tools
• Cryptography Attacks
• Code Breaking Methods
• Digital Signature Schemes Attacks

Module 19: Penetration Testing

• Overview of Penetration Testing and its Benefits to an Organization
• Security and Vulnerability Assessments
• Testing Points and Locations
• Common Types of and Techniques for Penetration Testing
• DNS Domain Name and IP Address Information
• Enumerating Host Information on Publicly-Available Networks
• 3 Primary Phases of Penetration Testing
• Penetration Testing Methods
• Penetration Testing Services Outsourcing Options and Procedures
• Evaluating Penetration Testing Tools
• Penetration Testing Assessment Tools
• Testing Network-Filtering Device Tool

CEH v7 Exam (312-50) and Testing:

 CEH v7 Exam Details

• 150 Questions
• Passing Score: 70% (105 out of 150 Questions)
• Test Duration: 4 hours
• Test Format: Multiple choice
• Test Delivery: Prometric or Pearson VUE

CEH Exam Code

The exam code varies when taken at different testing centers.

• Exam 312-50: Web based ‘Prometric Prime’ at Accredited Training Centers (ATC).
• Exam 312-50: Pearson VUE Testing centers
• Exam EC0-350: Proctored test at Authorized Prometric Testing Centers (APTC) globally.

Skills Measured

Exam 312-50 tests CEH candidates on each of the 19 topics covered in-depth through the training course, including:

1. Introduction to Ethical Hacking
2. Footprinting and Reconnaissance
3. Scanning Networks
4. Enumeration
5. System Hacking
6. Trojans and Backdoors
7. Viruses and Worms
8. Sniffers
9. Social Engineering
10. Denial of Service
11. Session Hijacking
12. Hacking Webservers
13. Hacking Web Applications
14. SQL Injection
15. Hacking Wireless Networks
16. Evading IDS, Firewalls, and Honeypots
17. Buffer Overflow
18. Cryptography
19. Penetration Testing

CEH Exam Price: $500

Phoenix TS is an authorized testing center for both Pearson VUE and Prometric. In order to register for your CEH Certification Exam at the Phoenix TS testing center, simply visit the Pearson VUE or Prometric website or call us directly (301-258-8200).

Certified Ethical Hacker (CEH) Standard Price:

5 Day Course

GSA Eligible

The Standard Price Includes:

• Expert training instructor and all course materials including in-class exercises, sample exam questions, textbooks, notepads and any other materials students may need to complete the course.
• Free exam voucher
• Exam retake option (only applicable for students paying tuition without the use of discounts)
• Course retake option
• Full breakfast including doughnuts, bagels, fruits, yogurt, and juice
• Full array of beverages including coffee, tea, water and soda available free all day
• Fresh baked cookies every afternoon only at participating locations

Certified Ethical Hacker (CEH) Group Price:

In order to discuss group pricing options and accommodations please call us at 301-258-8200.

View all Certified Ethical Hacker (CEH) classes