Description
This is the live face to face class. Maximum of 22 students in Continental US.
Scheduling with Expanding Security is required 60 days in advance.
This exam has not changed. The Certified Ethical Hacker exam (312-50) is available at the ECC Exam Centre and Pearson Vue testing centers.
CEH(Ai) is not the exam it is marketing.
Below the direct quote from the EC Council website: it is designed to scare you into buying their training
To be eligible to apply to sit for the Certified Ethical Hacker Exam, a candidate must either:
- Hold a Certified Ethical Hacker certification of version 1 to 7, * (Prior to being ANAB-accredited, EC-Council’s certifications were named, based on versions – CEHV1, CEHV2 etc. During that time, candidates that attempted the certification exams were vetted for eligibility. In order to avoid “being double bill”, the EC-Council Certification department shall issue a waiver of the application fee of any candidate that has a CEH V1- CEH V7 certification and wishes to attempt the Certified Ethical Hacker ANAB-accredited certification.)
- or Have a minimum of 2 years work experience in InfoSec domain (You will need to pay USD100 as a non-refundable application fee);
- Or Have attended an official EC-Council training (All candidates are required to pay the $100 application fee, however your training fee shall include this fee)
Class & Certification
| Concept | Details | Exam value |
| Introduction to Ethical Hacking | Information Security Overview | 6% |
| Hacking Methodologies and Frameworks | ||
| Hacking Concepts | ||
| Ethical Hacking Concepts | ||
| Information Security Controls | ||
| Information Security Laws and Standards | ||
| Footprinting and Reconnaissance | Footprinting Concepts | 17% |
| Footprinting Methodology | ||
| Footprinting through Search Engines | ||
| Footprinting through Web Services | ||
| Footprinting through Social Networking Sites | ||
| Website Footprinting | ||
| Email Footprinting | ||
| Whois Footprinting | ||
| DNS Footprinting | ||
| Network Footprinting | ||
| Footprinting through Social Engineering | ||
| Footprinting Too|s | ||
| Footprinting Controls | ||
| Scanning Networks | Network Scanning Concepts | |
| Scanning Tools | ||
| Host Discovery | ||
| Port and Service Discovery | ||
| Discovery(Banner Grabbing /OS Fingerprinting) | ||
| Scanning Beyond IDS and Firewall | ||
| Network Scanning Controls | ||
| Enumeration | Enumeration Concepts | |
| NetBIOS Enumeration | ||
| SNMP Enumeration | ||
| LDAP Enumeration | ||
| NTP and NFS Enumeration | ||
| SMTP and DNS Enumeration | ||
| Enumeration Techniques (IPsec,VoIP, RPC, Unix/Linux,Telnet, FTP,TFTP,SMB, IPv6,and BGP enumeration) | ||
| Enumeration Controls | ||
| Vulnerability Analysis | Vulnerability Assessment Concepts | 15% |
| Vulnerability Classification and Assessment | ||
| Types | ||
| Vulnerability Assessment Tools | ||
| Vulnerability Assessment Reports | ||
| System Hacking | System Hacking Concepts | |
| Gaining Access | ||
| Password Cracking | ||
| Vulnerability Exploitation | ||
| Escalating Privileges | ||
| Maintaining Access | ||
| Executing Applications | ||
| Hiding Files | ||
| Establishing Persistence | ||
| Clearing Logs | ||
| Malware | Malware Concepts | |
| Advanced persistent threat | ||
| Trojan Concepts | ||
| Virus and Worm Concepts | ||
| Fileless Malware Concepts | ||
| Malware Analysis | ||
| Malware Controls | ||
| Anti-Malware Software | ||
| Sniffing | Sniffing Concepts | 24% |
| Sniffing Technique: MAC Attacks | ||
| Sniffing Technique: DHCP Attacks | ||
| Sniffing Technique: ARP Poisoning | ||
| Sniffing Technique: Spoofing Attacks | ||
| Sniffing Technique: DNS Poisoning | ||
| Sniffing Tools | ||
| Sniffing Controls | ||
| Sniffing Detection Techniques | ||
| Social Engineering | Social Engineering Concepts | |
| Social Engineering Techniques | ||
| Insider Threats | ||
| Impersonation on Social Networking Sites | ||
| Identity Theft | ||
| Social Engineering Controls | ||
| Denial of Service | DoS/DDoS Concepts | |
| Botnets | ||
| DoS /DDoS Attack Techniques | ||
| DoS/DDoS Attack Controls | ||
| DoS/DDoS Protection Tools | ||
| Session Hijacking | Session Hijacking Concepts | |
| Application-Level Session Hijacking | ||
| Network-Level Session Hijacking | ||
| Session Hijacking Tools | ||
| Session Hijacking Controls | ||
| Evasion | IDS, IPS, Firewall, and Honeypot Concepts | |
| IDS, IPS, Firewall, and Honeypot Solutions | ||
| Evading IDS | ||
| Evading Firewalls | ||
| Evading NAC and Endpoint Security | ||
| IDS/Firewall Evading Tools | ||
| Detecting Honeypots | ||
| IDS/Firewall Evasion Controls | ||
| Web Servers | Web Server Concepts | 14% |
| Web Server Attacks | ||
| Web Server Attack Methodology | ||
| Web Server Attack Controls | ||
| Patch Management | ||
| Web Applications | Web App Concepts | |
| Web App Threats | ||
| Web App Hacking Methodology | ||
| Footprint Web Infrastructure | ||
| Analyze Web Applications | ||
| Bypass Client-Side Controls | ||
| Attack Authentication Mechanism | ||
| Attack Authorization Schemes | ||
| Attack Access Controls | ||
| Attack Session Management Mechanism | ||
| Perform Injection/Input Validation Attacks | ||
| Attack Application Logic Flaws | ||
| Attack Shared Environments | ||
| Attack Database Connectivity | ||
| Attack Web App Client | ||
| Attack Web Services | ||
| Web API, Webhooks, and Web Shell | ||
| Web App Security | ||
| SQL Injection | SQL Injection Concepts | |
| Types of SQL Injection | ||
| SQL Injection Methodology | ||
| SQL Injection Tools | ||
| Evasion Techniques | ||
| SQL Injection Controls | ||
| Wireless Networks | Wireless Concepts | 5% |
| Wireless Encryption | ||
| Wireless Threats | ||
| Wireless Hacking Methodology | ||
| Wireless Hacking Tools | ||
| Bluetooth Hacking | ||
| Wireless Attack Controls | ||
| Wireless Security Tools | ||
| Mobile Platforms | Mobile Platform Attack Vectors | 10% |
| Android OS | ||
| Hacking iOS | ||
| Mobile Device Management | ||
| Mobile Security Guidelines and Tools | ||
| IoT and OT | IoT Concepts | |
| IoT Attacks | ||
| IoT Hacking Methodology | ||
| IoT Attack Controls | ||
| OT Concepts | ||
| OT Attacks | ||
| OT Hacking Methodology | ||
| OT Attack Controls | ||
| Cloud Computing | Cloud Computing Concepts | 5% |
| Container Technology | ||
| Serverless Computing | ||
| Cloud Computing Threats | ||
| Cloud Hacking | ||
| Cloud Security | ||
| Cryptography | Cryptography Concepts | 5% |
| Encryption Algorithms | ||
| Cryptography Tools | ||
| Public Key Infrastructure (PKI) | ||
| Email Encryption | ||
| Disk Encryption | ||
| Cryptanalysis | ||
| Cryptography Attack Controls |
Course length: 6 Days 8AM-6PM (10 hours, one hour lunch break, 2 x 20 minute breaks)
Everything included except: Location, meals & exam vouchers.
