Exam 312-50 Certified Ethical Hacker
Comparison of CEHv7 and CEHv6.1 Exam Objectives
CEH v7 Exam Objectives CEH v6.1 Exam Objectives
Module 01: Introduction to Ethical Hacking Module 01: Introduction to Ethical Hacking
Understand the issues plaguing the information security world
Understand the issues plaguing the information security world
Gain knowledge on various hacking terminologies
Understand various hacking terminologies
Learn the basic elements of information security
Understand the basic elements of information security
Understand the security, functionality and ease of use triangle
Understand the security, functionality and ease of use triangle
Know the 5 stages of ethical hacking List the 5 stages of ethical hacking
Understand the different types and implications of hacker attacks
Understand the different type of hacker attacks
Understand hactivism and understand the classification of hackers
Define hactivism and understand the classification of hackers
Understand who is an ethical hacker Understand who is an ethical hacker
Gain Information on how to become an ethical hacker
How do you become an ethical hacker
Learn the profile of a typical ethical hacker List the profile of a typical ethical hacker
Understand scope and limitations of ethical hacking
Understand vulnerability research and list the various vulnerability research tools
Understand vulnerability research and list the various vulnerability research tools
Describe the ways to conduct ethical hacking
Learn the different ways an ethical hacker tests a target network
What are the different ways an ethical hacker tests a target network
Understand penetration testing and the various methodologies used
Module 02: Hacking Laws
The Hacking Laws module is removed from CEHv7 core modules and exam objectives
Understand the U.S Federal Laws related to Cyber Crime
o 18 U.S.C. § 1029
o 18 U.S.C. § 1030
o 18 U.S.C. § 1362
o 18 U.S.C. § 1831
Page | 1 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
o 18 U.S.C. § 2318
o 18 U.S.C. § 2320
o 18 U.S.C. § 2510 et seq
o 18 U.S.C. § 2701 et seq
o 47 U.S.C. § 605
o Understand the SPY ACT
o Washington: RCW 9A.52.110
o Florida: § 815.01 to 815.07
o Indiana: IC 35-43
o Federal Managers Financial Integrity Act of 1982
o The Freedom of Information Act: 5 U.S.C. § 552
o Federal Information Security Management Act (FISMA)
o The Privacy Act Of 1974: 5 U.S.C. § 552a
o USA Patriot Act of 2001
o Government Paperwork Elimination Act (GPEA)
Understand the Cyber Crime Law in Mexico
o Section 30-45-5 — Unauthorized computer use
Understand the Cyber Crime Laws in Brazil
o Art. 313-A : Entry of false data into the information system
o Art. 313-B : Unauthorized modification or alteration of the information system
Understand the Cyber Crime Law in Canada
o Canadian Criminal Code Section 342.1
Understand the Cyber Crime Laws in the United Kingdom
o Computer Misuse Act 1990
o Police and Justice Act 2006
Understand the Cyber Crime Law in Europe
o Section 1 - Substantive Criminal Law
Understand the Cyber Crime Law in Belgium
o Computer Hacking Article 550(b)
Understand the Cyber Crime Law in Denmark
Page | 2 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
o Penal Code Section 263
Understand the Cyber Crime Laws in France
o Chapter III: Attacks On Systems For Automated Data Processing
Article 323-1
Article 323-2
Understand the Cyber Crime Laws in Germany
o Penal Code Section 202a. Data Espionage
o Penal Code Section 303a: Alteration of Data
Understand the Cyber Crime Law in Greece
o Criminal Code Article 370C§2
Understand the Cyber Crime Law in Italy
o Penal Code Article 615 ter: Unauthorized access into a computer or telecommunication systems
Understand the Cyber Crime Law in Italy
o Criminal Code Article 138a
Understand the Cyber Crime Laws in Norway
o Penal Code § 145
o Penal Code §145b
o Penal Code § 151 b
Understand the Cyber Crime Laws in Switzerland
o Article 143b
o Article 144b
Understand the Cyber Crime Law in Australia
o The Cybercrime Act 2001
Understand the Cyber Crime Law in India
o The Information Technology Act, 2000
Understand the Cyber Crime Law in Japan
o Law No. 128 of 1999
Understand the Cyber Crime Law in Singapore
o Chapter 50A: Computer misuse Act
Understand the Cyber Crime Laws in Korea
o Chapter VI Stability of the Information and Communications Network: Article 48, Article
Page | 3 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
49
o Chapter IX Penal Provisions: Article 61
Understand the Cyber Crime Law in Malaysia
o Computer Crimes Act 1997
Understand the Cyber Crime Law in Hong Kong
Telecommunication Law
Module 02: Footprinting and Reconnaissance
Module 03: Footprinting
Understand the term Footprinting Define the term Footprinting
Learn the areas and information that hackers seek
Understand the areas and information that hackers seek
Gain knowledge on information gathering tools and methodology
Describe information gathering methodology
Understand the role of financial websites in footprinting
Understand passive information gathering
Understand competitive intelligence and its need
Understand competitive intelligence and its need
Understand DNS enumeration Role of financial websites in footprinting
Understand Whois Role of job portals in footprinting
Learn different types of DNS records Understand DNS enumeration
Understand how traceroute is used in Footprinting
Understand Whois, ARIN lookup , Nslookup
Recognize the Role of search engines in footprinting
Identify different types of DNS records
Learn the website mirroring tools Understand how traceroute is used in Footprinting
Understand how e-mail tracking works Role of search engines in footprinting
Understand Google hacking and its tools Understand how e-mail tracking works
Learn the countermeasures to be taken in footprinting
Understand how web spiders work
Understand pen testing List the steps to fake a website
Module 04: Google Hacking
The Google Hacking concepts are covered in Module 02: Footprinting and Reconnaissance of CEHv7
Understand the term Google Hacking
Understand the Google Hacking Database
How can hackers take advantage of the Google Hacking Database
Page | 4 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
Understand the basics of Google Hacking
Being anonymous using Cache
How can Google be used as a proxy server
Understand directory listings
Understand server versioning
Understand directory traversal
Understand incremental substitution
Understand the advanced Google operators
How to locate exploits and find targets
How to track down web servers, login portals and network hardware
Understand the various Google Hacking Tools
Module 03: Scanning Networks Module 05: Scanning
Understand the term port scanning, network scanning and vulnerability scanning
Define the term port scanning, network scanning and vulnerability scanning
Understand the objectives of scanning Understand the objectives of scanning
Learn the CEH scanning methodology Understand the CEH scanning methodology
Understand Ping Sweep techniques Understand Ping Sweep techniques
Understand the Firewalk tool Understand the Firewalk tool
Gain knowledge on Nmap command switches
Understand Nmap command switches
Understand the three way handshake Understand the three way handshake
Understand the following Scans:
SYN, Stealth, XMAS, NULL, IDLE, FIN, ICMP Echo, List, TCP Connect, Full Open, FTP Bounce, UDP, Reverse Ident, RPC, Window
Understand the following Scans:
SYN, Stealth, XMAS, NULL, IDLE, FIN, ICMP Echo, List, TCP Connect, Full Open, FTP Bounce, UDP, Reverse Ident, RPC, Window
Learn TCP communication flag types Understand FloppyScan
Gain knowledge on War dialing techniques List TCP communication flag types
Understand banner grabbing using OS fingerprinting, Active Stack Fingerprinting, Passive Fingerprinting and other techniques and tools
Understand War dialing techniques
Learn vulnerability scanning using BidiBlah and other hacking tools
Understand banner grabbing using OS fingerprinting, Active Stack Fingerprinting, Passive Fingerprinting and other techniques and tools
Learn to draw network diagrams of Understand vulnerability scanning using BidiBlah
Page | 5 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
vulnerable hosts using various tools and other hacking tools
Understand how proxy servers are used in launching an attack
Draw network diagrams of vulnerable hosts using various tools
Gain insights on working of anonymizers Understand how proxy servers are used in launching an attack
Identify HTTP tunneling techniques How does anonymizers work
Identify IP spoofing techniques Understand HTTP tunneling techniques
Understand various scanning countermeasures
Understand IP spoofing techniques
Understand various scanning countermeasures
Module 04: Enumeration Module 06: Enumeration
Learn the system hacking cycle Understand the system hacking cycle
Understand Enumeration and its techniques
Understand Enumeration and its techniques
Understand null sessions and its countermeasures
Understand null sessions and its countermeasures
Understand SNMP enumeration and its countermeasures
Understand SNMP enumeration and its countermeasures
Describe the steps involved in performing enumeration
Describe the steps involved in performing enumeration
Module 05: System Hacking Module 07: System Hacking
Understand the different types of passwords
Understand the different types of password
Identify the different types of password attacks
Understand the different types of password attacks
Identify password cracking techniques Understand password cracking techniques
Understand Microsoft Authentication mechanism
Understand Microsoft Authentication mechanism
Describe password sniffing Describe password sniffing
Identifying various password cracking tools Identifying various password cracking tools
Identify various password cracking countermeasures
What are the various password cracking countermeasures
Understand privilege escalation Understand privilege escalation
Gain insights on key loggers and other spyware technologies
Understand keyloggers and other spyware technologies
Learn how to defend against spyware Understand different ways to hide files
Page | 6 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
Identify different ways to hide files Understanding rootkits
Understanding rootkits How do you identify rootkits, list the steps for the same
Learn how to identify rootkits and steps involved
Understand Alternate Data Streams
Understand Alternate Data Streams Understand Steganography technologies
Understand Steganography technologies and tools used
Understand how to covering your tracks and erase evidences
Understand covering tracks, tools used and erase evidences
Module 06: Trojans and Backdoors Module 08: Trojans and Backdoors
Define a Trojan What is a Trojan
Identify overt and covert channels Understand overt and covert channels
Understand working of Trojans Understand working of Trojans
Identify the different types of Trojans List the different types of Trojans
What do Trojan creators look for What do Trojan creators look for
Identify the different ways a Trojan can infect a system
List the different ways a Trojan can infect a system
How to indicate a Trojan attack What are the indications of a Trojan attack?
Identify the ports used by Trojan Identify the ports used by Trojan
Identify listening ports using netstat Identify listening ports using netstat
Understand “wrapping” What is meant by “wrapping”
Understand Reverse Shell Trojan Understand Reverse Shell Trojan
Understand ICMP tunneling Understand ICMP tunneling
Identify various classic Trojans Understand various classic Trojans
Learn windows start up monitoring tools Understand how “Netcat” Trojan works
Understand the Trojan horse constructing kit
Understand the Trojan horse constructing kit
Learn Trojan detection techniques Understand Trojan detection techniques
Learn Trojan evading techniques Understand Trojan evading techniques
Learn how to avoid a Trojan infection How to avoid a Trojan infection
Module 07: Viruses and Worms Module 09: Viruses and Worms
Understand virus and its history Understand virus and its history
Characteristics of a virus Characteristics of a virus
Page | 7 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
Learn the working of a virus How does a virus work
Understand the motive behind writing a virus
Understand the motive behind writing a virus
Understand how does a computer get infected by viruses
Symptoms of virus attack
Gain insights on virus hoax What is a virus hoax
Understand virus analysis Understand the difference between a virus and a worm
Understand the difference between a virus and a worm
Understand the life cycle of virus
Understand the life cycle of virus Understand the types of viruses
Identify the types of viruses How a virus spreads and infects the system
Understand how a virus spreads and infects the system
Understand the storage pattern of virus
Understand the storage pattern of virus Understand various types of classic virus found in the wild
Identify various types of classic virus found in the wild
Virus writing technique
Virus writing technique Virus construction kits
Virus construction kits Understand antivirus evasion techniques
Understand antivirus evasion techniques Understand Virus detection methods
Understand Virus detection methods and countermeasures
Understand worm analysis
Module 08: Sniffers Module 10: Sniffers
Understand sniffing and protocols vulnerable to it
Understand sniffing and protocols vulnerable to it
Identify types of sniffing Discuss types of sniffing
Understand Address Resolution Protocol (ARP)
Understand Address Resolution Protocol (ARP)
Understanding the process of ARP Spoofing
How does ARP Spoofing work
Understand active and passive sniffing Understand active and passive sniffing
Understand ARP poisoning Understand ARP poisoning
Understand MAC duplicating Understand MAC duplicating
Learn ethereal capture and display filters Understand ethereal capture and display filters
Understand MAC flooding Understand MAC flooding
Page | 8 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
Understand DNS spoofing techniques Understand DNS spoofing techniques
Identify sniffing countermeasures Describe sniffing countermeasures
Know various sniffing tools
Identify sniffing detection and defensive techniques
Module 09: Social Engineering Module 11: Social Engineering
Understand Social Engineering What is Social Engineering
Understand human weakness Understand human weakness
Identify the different types of social engineering
List the different types of social engineering
Learn warning signs of an attack Understand Dumpster Diving
Understand Dumpster Diving Understand Reverse Social Engineering
Understand Human-based Social Engineering
Understand Insider attacks and its countermeasures
Understand Insider attacks and its countermeasures
Understand Social Engineering threats and defense
Gain insights on Social Engineering threats and defense
Understand Identity Theft
Comprehend Identity Theft Describe Phishing Attacks
Understand Phishing Attacks Understand Online Scams
Identify Online Scams Understand URL obfuscation
Understand URL obfuscation Understand social engineering on social networking sites
Understand social engineering on social networking sites
Social Engineering countermeasures
Identify Social Engineering countermeasures
Module 12: Phishing
Phishing is covered in Module 09: Social Engineering of CEHv7
Understand phishing and reasons for its success
Different types of phishing
Explain the process of phishing
List different types of phishing attacks
List the anti-phishing tools and countermeasures
Module 13: Hacking Email Accounts
Page | 9 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
The Hacking Email Accounts module is removed from CEHv7 core modules and exam objectives
List different ways to get information related to e-mail accounts
Understand various e-mail hacking tools
How to create strong passwords for e-mail accounts
Explain Sign-in Seal
Module 10: Denial of Service Module 14: Denial of Service
Understand a Denial of Service Attack Understand Denial of Service(DoS) attacks
Gain insights on Distributed Denial of Service Attacks
What is the goal of a DoS attack
Examine the working of Distributed Denial of Service Attacks
Impact and modes of DoS attack
Analyze Symptoms of a DoS Attack Types of attacks
Understand Internet Chat Query (ICQ) Classify different types of DoS attacks
Understand Internet Relay Chat (IRC) Understand various tools used to launch DoS attacks
Assess DoS Attack Techniques Understand botnets and their use
Understand Botnets List the types of bots and their mode of infection
Assess DoS/DDoS Attack Tools Understand how DDoS attack works
Describe Detection Techniques Characteristics of a DDoS attack
Identify DoS/DDoS Countermeasure Strategies
Explain the Agent-Handler Model and DDoS IRC Model
Analyze Post-Attack Forensics Understand Reflective DNS attacks
Identify DoS/DDoS Protection Tools How to conduct a DDoS attack
Understand DoS/DDoS Penetration Testing Understand Reflected DoS attack
Describe the DoS/DDoS countermeasures
Module 11: Session Hijacking Module 15: Session Hijacking
Understand what is Session Hijacking Understand session hijacking
Identify Key Session Hijacking Techniques Understand spoofing vs. hijacking
Understand Brute Forcing Attack What are the steps to perform session hijacking
Understand HTTP Referrer Attack List the types in session hijacking
Spoofing vs. Hijacking Understand session hijacking levels
Understand Session Hijacking Process Understand sequence number prediction
Identify types of Session Hijacking Describe countermeasure to session hijacking
Page | 10 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
Analyze Session Hijacking in OSI Model
Understand Application Level Session Hijacking
Discuss Session Sniffing
Describe Man-in-the-Middle Attack
Understand Man-in-the-Browser Attack
Examine Steps to Perform Man-in-the-Browser Attack
Understand Client-side Attacks
Understand Cross-site Script Attack
Understand Session Fixation Attack
Describe Network Level Session Hijacking
Understand TCP/IP Hijacking
Identify Session Hijacking Tools
Identify Countermeasures of Session Hijacking
Understand Session Hijacking Pen Testing
Module 12: Hacking Webservers Module 16: Hacking Webservers
Understand Open Source Webserver Architecture
Understand the working of a webserver
Examine IIS Webserver Architecture How are webservers compromised
Understand Website Defacement Understand web server defacement
Understand why Web Servers are compromised
Understand the attacks against web servers
Analyze Impact of Webserver Attacks List the types of web server vulnerabilities
Examine Webserver Misconfiguration Understand IIS Unicode exploits
Understand Directory Traversal Attacks Understand patch management techniques
Learn regarding HTTP Response Splitting Attack
Understand Web Application Scanner
Understand Web Cache Poisoning Attack What is Metasploit Framework
Understand HTTP Response Hijacking Understand various webserver testing tools
Discuss SSH Bruteforce Attack Understand patch management
Examine Man-in-the-Middle Attack List best practices for patch management
Learn Webserver Password Cracking Techniques
Describe Web Server hardening methods
Identify Web Application Attacks Webserver protection checklist
Understand Webserver Attack Page | 11 Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
Methodology
Identify Webserver Attack Tools
Identify Counter-measures against Webserver Attacks
Understand Patch Management
Assess Webserver Security Tools
Understand Webserver Pen Testing
Module 13: Hacking Web Applications Module 17: Web Application Vulnerabilities
Understand Introduction to Web Applications
Understand the working of a web application
Identify Web Application Components Objectives of web application hacking
Understand working of Web Applications Anatomy of an attack
Examine Web Application Architecture Understand various web application threats and its countermeasures
Assess Parameter/Form Tampering Understand various web application hacking tools
Understand Injection Flaws
Discuss Hidden Field Manipulation Attack
Describe Cross-Site Scripting (XSS) Attacks
Understand Web Services Attack
Understand Web Application Hacking Methodology
Identify Web Application Hacking Tools
Understand how to Defend Against Web Application Attacks
Identify Web Application Security Tools
Understand Web Application Firewalls
Gain insights on Web Application Pen Testing
Module 18: Web Based Password Cracking Techniques
Web Based Password Cracking Techniques are covered in Module 13: Hacking Web Applications of CEHv7
Understand authentication and authentication mechanisms
Rules to select a good password
Things to avoid while selecting passwords
How to protect passwords
How hackers get hold of passwordsPage | 12 Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
What is a Password Cracker?
How does a Password Cracker work
Modus operandi of an attacker using password cracker
Understand Password Attacks - Classification
Understand Password Cracking Countermeasures
Module 14: SQL Injection Module 19: SQL Injection
Understand SQL Injection What is SQL injection
Examine SQL Injection Attacks Understand the steps to conduct SQL injection
Understand working of Web Applications
Understand various SQL injection techniques
Identify Server Side Technologies Understand SQL Server vulnerabilities
Understand SQL Injection Detection How to test for SQL injection vulnerabilities
Discuss SQL Injection Black Box Pen Testing
Understand various SQL injection tools
Types of SQL Injection Understand Blind SQL injection and its countermeasures
Understand Blind SQL Injection
Learn SQL Injection Methodology
Understanding SQL Query
Examine Advanced Enumeration
Describe Password Grabbing
Discuss Grabbing SQL Server Hashes
Identify SQL Injection Tools
Understand Evasion Techniques for SQL Injection
Understand Defensive strategies Against SQL Injection Attacks
Identify SQL Injection Detection Tools
Module 15: Hacking Wireless Networks Module 20: Hacking Wireless Networks
Understand Wireless Networks Understand wireless network architecture
Gain Insights on Wireless Networks Differentiate between wireless and wired network
Understand various types of Wireless Networks
What are the effects of wireless networks on business
Understand Wi-Fi Authentication Modes Understand the types of wireless networksPage | 13 Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
Identify types of Wireless Encryption List the advantage and disadvantage of wireless network
Understand WEP Encryption Understand various wireless standards
Understand WPA/WPA2 Understand various wireless concepts and devices
Discuss Wireless Threats Overview of WEP, WPA, WPA2 authentication systems and cracking techniques
Understand Wireless Hacking Methodology
Overview of wireless Sniffers and SSID, MAC Spoofing
Assess Wireless Hacking Tools Understand Rogue Access Points
Understand Bluetooth Hacking Understand wireless hacking techniques
Understand how to Defend Against Bluetooth Hacking
Understand TKIP, LEAP
Understand how to Defend against Wireless Attacks
Understand MAC Sniffing, AP Spoofing, MITM, DoS attacks
Identify Wi-Fi Security Tools Understand phone jammers
Examine Wireless Penetration Testing Framework
How to detect a wireless network
Understand various wireless hacking tools
List the steps to hack a wireless network
Understand WIDZ and RADIUS
Describe the methods in securing wireless networks
Module 21: Physical Security
The Physical Security module is removed from CEHv7 core modules and exam objectives
Physical security breach incidents
Understanding physical security
Need for physical security
Who is accountable for physical security
Factors affecting physical security
Physical security checklist for organizations
Authentication mechanisms
How to fake fingerprints
Understand wiretapping
Understand lock picking
Understanding wireless and laptop security
Laptop security countermeasures
Understand mantrap, TEMPESTPage | 14 Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
List the challenges in ensuring physical security
Understand spyware technology
Module 22: Linux Hacking
The Linux Hacking module is removed from CEHv7 core modules and exam objectives
What is the need for a Linux Operating System
Linux distributors
Understand the basic commands of Linux
Understand the Linux file structure and networking commands
List the directories in Linux
Understand how to install, configure and compile a Linux Kernel
Understand installing a Kernel patch
Understand GCC compilation commands
List vulnerabilities in Linux
Why is Linux hacked
How to apply patches to vulnerable programs
Understand password cracking in Linux
Understand IP Tables
Basic Linux Operating System Defense
Understand how to install LKM modules
Understand AIDE
Understand Linux hardening methods
Module 16: Evading IDS, Firewalls, and Honeypots
Module 23: Evading IDS, Honeypots and Firewalls
Understand Intrusion Detection Systems (IDS)
Understand Intrusion Detection Systems (IDS)
Learn Ways to Detect an Intrusion Where to place an IDS
Acquire knowledge on various types of Intrusion Detection Systems
Ways to detect an intrusion
Understand what is a Firewall Understand the types of IDS
Types of Firewall Understand System Integrity Verifiers
Identify Firewall Identification Techniques
Understand True/False, Positive/Negative
Understand Honeypot Signature analysis in an IDS
Page | 15 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
Assess various types of Honeypot List the general indications of a possible intrusion
Understand how to Set up a Honeypot Steps to perform after IDS detects attack
Understand IDS, Firewall and Honeypot System
List the IDS evasion techniques
Examine Evading IDS Understand firewall and its working
Understand Evading Firewall List the type of firewalls
Learn detecting Honeypots Understand firewalking, banner grabbing
Identify Firewall Evading tools IDS and Firewall testing tool
Identify Countermeasures What is a honeypot
Analyze Firewall and IDS Penetration Testing
List the types of honeypots, advantage and disadvantage
Honeypot placement
Differentiate between physical and virtual honeypots
Countermeasures to hack attacks
Module 17: Buffer Overflow Module 24: Buffer Overflows
Understand Buffer Overflows (BoF) Why are programs/applications vulnerable to buffer overflow
Understand Stack-Based Buffer Overflow
Understand buffer overflows and reasons for attacks
Know Heap-Based Buffer Overflow List the knowledge required to program buffer overflow exploits
Understand Stack Operations Understand stacks, heaps, NOPS
Identify Buffer Overflow Steps Identify the different types of buffer overflows and methods of detection
Analyze attacking a Real Program Understand assembly language
Examine Smashing the Stack Overview of shellcode
Examples of Buffer Overflow Overview of buffer overflow mutation techniques
Understand how to Mutate a Buffer Overflow Exploit
Writing buffer overflow programs in C
Learn how to identify Buffer Overflows
Buffer overflow code analysis
Testing for Heap Overflow Conditions: heap.exe
Understand steps for Testing Stack Overflow in OllyDbg Debugger
Page | 16 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
Identify Buffer Overflow Detection Tools
Understand Defense Against Buffer Overflows
Identify Buffer Overflow Countermeasures Tools
Understand Buffer Overflow Pen Testing
Module 18 Cryptography Module 25: Cryptography
Understand Cryptography Overview of cryptography and encryption techniques
Learn various types of Cryptography Understand cryptographic algorithms
Understand Ciphers Describe how public and private keys are generated
Gain insights on Advanced Encryption Standard (AES)
Overview of MD5, SHA, RC4, RC5, Blowfish algorithms
Understand RC4, RC5, RC6 Algorithms Understand digital signature
Examine RSA (Rivest Shamir Adleman) List the components of a digital signature
Explain Message Digest Function: MD5 Method of digital signature technology
Understand Secure Hashing Algorithm (SHA)
Application of digital signature
Identify Cryptography Tools Understand digital signature standard
Understand Public Key Infrastructure (PKI)
Digital signature algorithm
Understand Email Encryption Overview of digital certificates
Identify Digital Signature Understand code breaking methodologies
Describe SSL (Secure Sockets Layer) Understand cryptanalysis
Examine Disk Encryption List the cryptography attacks
Identify Disk Encryption Tools
Understand Cryptography Attacks
Identify Cryptanalysis Tools
Module 19: Penetration Testing Module 26: Penetration Testing Methodologies
Understand Penetration Testing (PT) Overview of penetration testing methodologies
Identify Security Assessments Understand security assessments
Examine Risk Management Understand vulnerability assessment and its
Page | 17 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exam 312-50 Certified Ethical Hacker
limitation
Understand various types of Penetration Testing
Understand types of penetration testing
Understand Automated Testing Understand risk management
Understand Manual Testing Outsourcing penetration testing service
Understand Penetration Testing Techniques
List the penetration testing steps
Know the Penetration Testing Phases Overview of the Pen-Test legal framework
Understand Enumerating Devices Overview of the Pen-Test deliverables
Understand Penetration Testing Roadmap
List the automated penetration testing tools
Understand Denial of Service Emulation
Best practices
Outsourcing Pen Testing Services Phases of penetration testing
Identify various Penetration testing tools
Page | 18 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.