Certified Ethical Hacker (CEHv11)

Level
Intermediate
Duration
120 hours
Course Fee
₹12000
*Inclusive of GST

The EC-Council CEH v11 (Certified Ethical Hacking) course gives you a broad range of fundamental knowledge for a career in VAPT. Through a combination of lecture, hands-on labs, and self-study, you will learn how to enumerate, analyze, configure, and verify basic server-side and web-application attacks. The course covers configuring hacking tools and frameworks, Intrusion Detection Systems; managing device’s security; and identifying basic to intermediate security threats. The course also gives you a foundation in malware, DDOS, IoT and Cloud Computing security concepts. This course is created for candidates to prepare for real world scenarios in Red Team Operations and will create a solid foundation for candidates to prepare for EC-Council CEH v11 certification

Training Type
Classroom Online Corporate
Batch Timings

For the latest training schedule, please check the Schedules.

Weekdays
  • Early Morning
  • Morning
  • Afternoon
  • Evening
  • Fastrack
Weekdays
  • Morning
  • Afternoon
  • Evening
  • Sat / Sun
  • Sunday Only

Training is available in small groups as well as on one-to-one basis. Get in touch.

Certified Ethical Hacker (CEHv11)

Level
Intermediate
Duration
120 hrs.
Course Fee
₹12000

The EC-Council CEH v11 (Certified Ethical Hacking) course gives you a broad range of fundamental knowledge for a career in VAPT. Through a combination of lecture, hands-on labs, and self-study, you will learn how to enumerate, analyze, configure, and verify basic server-side and web-application attacks. The course covers configuring hacking tools and frameworks, Intrusion Detection Systems; managing device’s security; and identifying basic to intermediate security threats. The course also gives you a foundation in malware, DDOS, IoT and Cloud Computing security concepts. This course is created for candidates to prepare for real world scenarios in Red Team Operations and will create a solid foundation for candidates to prepare for EC-Council CEH v11 certification

Training Type
Classroom Online Corporate
Batch Timings

For the latest training schedule, please check the Schedules.

Weekdays
  • Early Morning
  • Morning
  • Afternoon
  • Evening
  • Fastrack
Weekdays
  • Morning
  • Afternoon
  • Evening
  • Sat / Sun
  • Sunday Only

Training is available in small groups as well as on one-to-one basis. Get in touch.

Course Introduction

This 120 hours of (Lectures + hands-on Lab) Certified Ethical Hacking training is targeted to engineers and technical personnel involved in deploying, implementing and operating optimizing and maintaining Network Security, Server Security, Data & Information Security, Web Application Security, Cloud Security, and IoT Security. The Certified Ethical Hacking covers a breadth of topics like enumeration, vulnerability assessment & penetration testing. Certified Ethical Hacking is a lab-intensive course and objectives are accomplished mainly through hands-on learning.

The key to a high success rate is based on the program’s objectives as follows:

  • Course contents are based course outlines defined by EC-Council
  • Dedicated Monitoring to evaluate and report candidate’s progress
  • Extensive hands-on lab exercises
  • Industry acclaimed, experienced and certified instructors
Course Highlights
  • Project manager can be assigned to track candidate’s performance
  • Curriculum based on course outlines defined by EC-COUNCIL.
  • This Instructor-led classroom course is designed with an aim to build theoretical knowledge supplemented by ample hands-on lab exercises
  • Facility of Lab on cloud available (based on booking)
  • Courseware includes reference material to maximize learning.
  • Assignments and test to ensure concept absorption.
  • Courseware includes reference material to maximize learning.
  • Assignments and test to ensure concept absorption.
Course Objectives
  • Identify, describe, and enumerate the vulnerabilities of different servers.
  • Key issues plaguing the information security world, incident management process, and penetration testing
  • Various types of foot printing, foot printing tools, and countermeasures
  • Network scanning techniques and scanning countermeasures
  • Enumeration techniques and enumeration countermeasures
  • System hacking methodology, steganography, steganography attacks, and covering tracks
  • Different types of Trojans, Trojan analysis, and Trojan countermeasures
  • Working of viruses, virus analysis, computer worms, malware analysis procedure, and countermeasures
  • Packet sniffing techniques and how to defend against sniffing
  • Social Engineering techniques, identify theft, and social engineering countermeasures
  • DoS/DDoS attack techniques, botnets, DDoS attack tools, and DoS/DDoS countermeasures Session hijacking techniques and countermeasures
  • Different types of webserver attacks, attack methodology, and countermeasures
  • Different types of web application attacks, web application hacking methodology, and countermeasures
  • SQL injection attacks and injection detection tools
  • Wireless Encryption, wireless hacking methodology, wireless hacking tools, and wi-fi security tools
  • Mobile platform attack vector, android vulnerabilities, jailbreaking iOS, mobile vulnerabilities, mobile security guidelines, and tools
  • Firewall, IDS and honeypot evasion techniques, evasion tools, and countermeasures
  • Different types of cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools
  • Various types of penetration testing, security audit, vulnerability assessment, and penetration testing roadmap
Course Topics

This course is created to impart knowledge and skills related to security fundamentals, network access, information security, web application security and malware. This course will help candidates prepare to tackle real world Certified Ethical Hacking incidents. The following topics are general guidelines to better reflect the contents of the course and for clarity purposes, the guidelines below may change at any time without notice.

  • Introduction to Ethical Hacking
    1. Understand and build the hacker mindset, infrastructure security, policies and standards and other case studies to recognize the importance of Cyber Security in today’s world and understand concepts such as:
    2. Cyber Kill Chain
    3. Hacking Concepts
    4. Ethics
    5. Information Security Controls
    6. Information Laws and Standards
  • Foot printing & Reconnaissance

    1. Understand how an attacker gathers information to plan out an attack in a step-by-step instruction with various case studies, how to mitigate such attacks and understand concepts such as:
    2. What is Foot printing?
    3. Advanced Google Search Techniques & Google Dorks
    4. Top Level Domains and Sub Domains of an Organization
    5. Locating a target
    6. Searching People on Social Media Websites.
    7. Harvesting Emails
    8. Dark Web Surfing
    9. Shodan Search Engine
    10. Competitive Intelligence
    11. Website Foot printing
    12. Web Spiders
    13. Tracking Email Communications
    14. DNS Lookup
    15. Tracerouting
    16. Eavesdropping, Shoulder Surfing, Impersonation and Dumpster Diving
  • Network Scanning

    1. Gather information about the network and other infrastructure details to find a way inside a network and understand concepts such as:
    2. Network Architecture of an organization
    3. TCP Communication
    4. TCP Communication Flags
    5. Network Scanning
  • Enumeration

    1. List out potential entry points in a system and how to mitigate such attacks and understand concepts such as:
    2. What is Enumeration?
    3. Enumeration Techniques
  • Vulnerability Assessment

    1. Assess and determine weaknesses in a system or a network and understand concepts such as:
    2. What is Vulnerability Assessment?
    3. Vulnerability Lifecycle-Management
    4. Vulnerability Databases and scoring systems
    5. Common terminologies related to vulnerabilities.
    6. Phases of Vulnerability Assessment
    7. Vulnerability Reporting
    8. Bug Bounty Hunting
  • System Hacking

Understand what needs to be done in order to successfully get access to the system and gradually own the infrastructure and how to mitigate such attacks and understand concepts such as:

    1. Exploitation
    2. Payloads
    3. Auxiliary
    4. NOPS
    5. Shellcode
    6. Backdoors
    7. Clearing Evidence
    8. Memory Allocation of programs
    9. CPU Architecture and registers
    10. Memory Buffers and Stacks
    11. Stack based Buffer Overflow
    12. Goals of Hacking
  • Malware Threats

Understand the different types of malwares in-depth and analyze the behaviors and characteristics of different malware. Understand incident response and disaster management with case studies and understand concepts such as:

    1. Malware and Propagation Techniques
    2. Advanced Persistent Threats and its lifecycle
    3. Trojans, their types and how to use them.
    4. Viruses, their types and which one to use in what scenario
    5. Worms
    6. Fileless Malware
    7. Countermeasure Tools
  • Sniffing

Learn information about a network and capture data by using various tools and techniques and how to mitigate such attacks and understand concepts such as:

    1. Sniffing Concepts along with vulnerable protocols
    2. Hardware Protocol Analyzers
    3. Various Sniffing techniques such as MAC Attacks, DHCP Attacks, ARP Poisoning, Spoofing, DNS Poisoning etc. along with countermeasures
  • Social Engineering

Learn how modern-day hackers use Social Engineering to perform various client-side attacks with different case studies and demonstration and how to mitigate such attacks. and understand concepts such as:

    1. Social Engineering Concepts
    2. Human, Computer and mobile based techniques
    3. Impersonation
    4. Insider Threats
    5. Identity Theft and its various forms
    6. Countermeasures
  • Denial of Service

Understand how various hacker groups and cyber crime organizations work together to bring down even the most sophisticated networks and systems to their knees and how to mitigate such attacks and understand concepts such as:

    1. DoS & DDoS attacks
    2. Various types of DoS/DDoS attacks
    3. Concepts of Botnets along with the Botnet Ecosystem
    4. DDoS Case Studies
    5. Mitigation
  • Session Hijacking

Capture different types of user and application data to hijack online accounts and how to mitigate such attacks and understand concepts such as:

    1. Session Hijacking and its different types
    2. Application level and Network Level Session Hijacking
    3. Detect, Protect and Defend against Session Hijacking attacks using different tools
  • Evading IDS, Firewalls and Honeypots
    1. Understand the working, placement, difference and usage of firewalls, IDS/IPS and Honeypots and what works best in different use case scenarios, how to bypass them as an attacker and how to mitigate such attacks and techniques and understand concepts such as:
    2. Firewall Concept and Solutions
    3. IDS/IPS Concept and Solutions
    4. Various techniques to bypass Firewalls and IDS/IPS
    5. How to detect and defeat Honeypots
  • Hacking Webservers

Conceptualize how to attack different types of webs servers and how to mitigate such attacks and techniques and understand concepts such as:

    1. Web Server Concepts
    2. Various Web Server attack vectors in detail
    3. Web Server Attack methods including information gathering, web server foot printing, website mirroring, vulnerability assessment, session hijacking, web server password hacking
    4. Various web server hacking tools
    5. Countermeasures
    6. Patch Management Concepts
  • Hacking Web Applications

Understand the OWASP Top 10 attacks and how attackers use them to infiltrate in web applications and compromise user data and how to mitigate such attacks and techniques and understand concepts such as:

    1. Web Application Concepts
    2. Various Web Application Attacks (OWASP Top 10)
    3. Foot printing Web App infrastructure
    4. Bypassing Client-Side Controls
    5. Attack Authentication mechanisms
    6. Web APIs
    7. Webhooks and web shells
    8. Countermeasures
  • SQL Injection

Understand how SQL databases work, vulnerabilities and exploitation techniques to extract all the data and how to mitigate such attacks and understand concepts such as:

    1. What is a Database?
    2. How Database works
    3. Why is SQL?
    4. What is SQL Injection?
    5. Basic SQL Injection concepts
    6. SQL Injection Vulnerability and Types
    7. Manual SQL Injection
    8. Automated SQL Injection
    9. Countermeasures
  • Hacking Wireless Networks

Understand Wireless Networks, Encryption Algorithms used, Communication, vulnerabilities and various attack techniques used in the real world with case studies and how to mitigate such attacks and understand concepts such as:

    1. Wireless Network Concepts and different types of wireless encryption algorithms
    2. Various Wireless threats
    3. Wireless hacking methods including Wi-Fi discovery, GPS Mapping, Wireless Traffic Analysis, launching wireless attacks and cracking Wi-Fi Encryption
    4. Various Wireless hacking tools
    5. Bluetooth Attacks and tools
    6. Countermeasures
  • Hacking Mobile Platforms

Understand how Android Applications work with an attack scenario and how to mitigate such attacks and understand concepts such as:

    1. Various mobile platform attack vectors and attacks
    2. Various techniques and tools for android phone hacking
    3. iOS Jailbreaking tools
    4. Malware used for iOS Hacking
    5. Mobile Device Management concepts
    6. Countermeasures
  • IoT & OT Hacking

Understand how Internet of Things work, Protocols used, vulnerabilities, exploitation techniques and mitigation techniques. Also understand Operational Technology for Industrial Control Systems (SCADA systems) and how they are compromised with recent case studies and understand concepts such as:

    1. IoT Concepts along with different types of IoT Communication models
    2. Various threats and attacks to IoT networks and devices
    3. IoT hacking methods and tools for information gathering, vulnerability assessment, gain remote access, DoS Attacks, maintaining access etc.
    4. Countermeasures
    5. OT Concepts with threats and attacks
    6. OT Hacking tools and techniques
    7. Countermeasures
  • Cloud Computing

Understand Virtualization, Containerization, Cloud Computing and the latest emerging threats to systems and how to attackers exploit cloud services and how to mitigate such attacks and understand concepts such as:

    1. Cloud Computing and its services
    2. Serverless Computing
    3. Threats and Attacks
    4. Cloud Service Hacking Techniques
    5. Countermeasures and Security Responsibility
  • Cryptography

Understand CIA Triad, Encryption Algorithms, Hashing, Origin-Authenticity, Digital Signatures and Public Key Infrastructure with demonstration and how it can be used to secure networks, data and users and understand concepts such as:

    1. Basic cryptography concepts used to protect confidential data along with different types of cryptography
    2. Ciphers and different encryption algorithms used to encrypt or decrypt the data
    3. Various cryptography tools
    4. Email Encryption and tools
    5. Disk Encryption
    6. Types of cryptanalysis methods
    7. Steganography and Malware Obfuscation
    8. Hashing Concepts
    9. Digital Signatures
    10. Public Key Infrastructure
    11. Countermeasures against cryptographic attacks
Lab Topics

Followings labs will be performed by candidates during lab practice sessions:

Lab 1: Foot printing & Reconnaissance:

  • Task 1 : Email Foot printing & Reconnaissance using OSINT Tools (Self-Study Tasks)
  • Task 2 : Person Foot printing & Reconnaissance using OSINT Tools (Self Study Tasks)
  • Task 3 : Organization Foot printing & Reconnaissance using OSINT Tools (Self Study Tasks)
  • Task 4 : Device Foot printing & Reconnaissance using OSINT Tools (Self Study Tasks)

Lab 2: Network Scanning:

  • Task 1 : Host Discovery
  • Task 2 : Port & Service Discovery
  • Task 3 : OS Discovery
  • Task 4 : Scanning Beyond Firewalls and IDS/IPS
  • Task 5 : Draw Network Diagrams

Lab 3: Enumeration:

  • Task 1 : NetBIOS Enumeration
  • Task 2 : SNMP Enumeration
  • Task 3 : LDAP Enumeration
  • Task 4 : NFS & NTP Enumeration
  • Task 5 : SMTP & DNS Enumeration

Lab 4: Vulnerability Assessment:

  • Task 1 : Assessing Windows Server 2016 SMB Vulnerabilities

Lab 5: System Hacking:

  • Task 1 : Windows Server 2016 Hacking with SMB vulnerabilities
  • Task 2 : Windows Privilege Escalation
  • Task 3 : Kerberos Golden Ticket Attack
  • Task 4 : Ransomware Attack (Step by Step Demonstration Only)
  • Task 5 : Maintaining Access
  • Task 6 : Clearing logs and evidence
  • Task 7 : Windows 10 Client System Hacking
  • Task 8 : Evading Anti-virus
  • Task 9 : Credential Harvesting using various method such as NBT/NS-Poisoning and dictionary attacks
  • Task 10 : Simple Buffer Overflow Programming & Detection

Lab 5: Malware Threats:

  • Task 1 : Malware Analysis Case Studies (Self-Study)

Lab 6: Sniffing:

  • Task 1 : Sniffing network traffic using various open-source tools
  • Task 2 : Analyze Traffic

Lab 7: Social Engineering:

  • Task 1 : Credential Harvesting using Website Phishing

Lab 8: DDOS:

  • Task 1 : Distributed Denial of Service Attack using various tools

Lab 9: Web Applications:

  • Task 1 : Web Application Password Brute Force Attacks on WordPress and other Vulnerable websites
  • Task 2 : Inject Commands to a Linux based Web Server using a Web Application Vulnerability
  • Task 3 : Change a victim’s password with Cross Site Request Forgery Attack
  • Task 4 : Defacing Website with Cross Site Scripting Attacks – DOM, Reflected & Stored
  • Task 5 : Steal Data and crack hashed passwords from Database using SQL Injection Attacks – Manual & Automated
  • Task 6 : Local File Inclusion – Capture the Flag Challenge
  • Task 7 : Remote File Inclusion – Gain access to a Linux Server
  • Task 8 : Hijack Session by stealing cookies and Sessions IDs of an authenticated user.

Lab 10: Firewall:

  • Task 1 : Bypassing Firewall rules to verify open ports and services

Lab 11: Android Hacking:

  • Task 1 : Hack into any Android Phone and steal phone logs, SMS, Contacts, spy with camera and extract location.

Lab 12: Cloud Computing:

  • Task 1 : Dump AWS Cloud Simple Storage Service Data (Demonstration Only)

Lab 13: Cryptography:

  • Task 1 : Cryptography tools to encrypt, decrypt and steganography to hide malware in images.
Virtual Classroom
  • Instructor led online training is an ideal vehicle for delivering training to individuals anywhere in the world at any time.
  • This innovative approach presents live content with instructor delivering the training online.
  • Candidates will be performing labs remotely on our labs on cloud in presence of an online instructor.
  • Rstforum uses microsoft lync engine to deliver instructor led online training.
  • Advances in computer network technology, improvements in bandwidth, interactions, chat and conferencing, and realtime audio and video offers unparalleled training opportunities.
  • Instructor led online training can helps today’s busy professionals to perform their jobs and upgrade knowledge by integrating self-paced instructor led online training in their daily routines.
Miscellaneous
  • Minimum batch size required for batch is 10 participants in the this course.
  • The RST Forum reserves the right to cancel/postpone the class.
  • Course schedule will be provided before commencement of the course.
  • Certificate of participation will be awarded to participants with a minimum 90% attendance.
  • All attendees are to observe the Copyright Law on intellectual properties such as software and courseware from respective vendors.
  • The RST Forum reserves the right to include external participants in the program either for the entire course or individual courses.
  • The RST Forum reserves the right to change/alter the sequence of courses. RST FORUM published Book would be given at 50% discounted rate to the forum students.