Certified Ethical Hacker (CEH) Complete Video Course, 2nd Edition

Certified Ethical Hacker (CEH) Complete Video Course, 2nd Edition
Certified Ethical Hacker (CEH) Complete Video Course, 2nd Edition
English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 18h 36m | 4.00 GB

Learn everything you need to know to pass the Certified Ethical Hacker exam.

Certified Ethical Hacker (CEH) Complete Video Course provides a complete overview of the topics contained in the EC-Council Blueprint for the CEH exam. With 5 modules containing more than 18 hours of training, this course covers all concepts in the objectives so you can master the knowledge you need to pass the exam.

Build your ethical hacking skills with the foundations of reconnaissance, footprinting, enumeration, and vulnerability analysis and dive into hacking web servers, applications, wireless networks, IoT devices, and mobile platforms. Veteran security experts Omar Santos, Nick Garner, and Bo Rothwell provide a thorough foundation through demos and best practices for security risk analysis, as well as hacking tools and methods. With this knowledge, you will be able to confidently mitigate and help guard your network from the multifaceted attacks that you will encounter while also preparing you to pass the CEH exam.

Regardless of your level of experience, this video course explores all sides of a multi-pronged cybersecurity attack to ensure that you are prepared to combat attack threats.

Learn How To

  • Perform footprinting and reconScan networks
  • Perform and take countermeasures against enumeration
  • Conduct a vulnerability analysis
  • Hack systems and cover your tracks
  • Use and prevent malware
  • Perform network sniffing
  • Conduct social engineering methodologies and learn how to prevent them from happening
  • Perform Denial-of-Service (DoS) and session hijacking attacks, as well as take measures to guard against them
  • Hack web servers and applications using multiple tools and techniques
  • Perform attacks using SQL injection
  • Use the best tools and techniques for hacking wireless networks
  • Deploy IDS, firewalls, and honeypots, as well as learn how to evade them
  • Understand and learn how to use cloud computing for penetration testing
  • Understand cryptography and cryptanalysis
  • Exploit the vulnerabilities of Internet of Things (IoT) devices
  • Understand the vulnerabilities of and methods to hack mobile devices

Who Should Take This Course

  • Anyone interested in passing the EC Council Certified Ethical Hacker (CEH) exam
  • Anyone interested in becoming a cybersecurity professional
  • Anyone interested in ethical hacking (penetration testing)

Lesson 1, “Course Overview,” provides a general overview of the CEH exam, as well as the areas of focus. In addition, this lesson discusses what this video course is and isn’t so that you know what to expect to study before you take the CEH exam.

Lesson 2, “Introduction to Ethical Hacking,” explores several general concepts with respect to ethical hacking, focusing on InfoSec; attack concepts, phases, and types; and the legal aspects and methodologies of penetration testing.

Lesson 3, “Footprinting and Recon,” dives into hacking with a focus on footprinting and reconnaissance, the most important steps when evaluating a target to discern vulnerable resources.

Lesson 4, “Scanning Networks,” naturally follows up with what you learned in Lesson 3, where you now have a focused target or targets. In this lesson, you will learn how to scan networks and hosts to find services available for possible exploit. In addition to basic TCP/UDP scanning, this lesson delves into diagramming, tunneling, banners, and other approaches.

Lesson 5, “Enumeration,” covers the fundamentals of enumeration‚Äîthat is, the gathering of user names, machine names, shares, and other important host information.

Lesson 6, “Vulnerability Analysis,” begins with an introduction to vulnerability research and classification before moving on to explore vulnerability assessment, the vulnerability management lifecycle, and the different approaches to vulnerability assessment solutions. This lesson concludes by delving into vulnerability scoring systems, assessment tools, and reports.

Lesson 7, “System Hacking,” covers password cracking, Microsoft authentication, privilege escalation, alternate data streams, root kits, and other key approaches in the hacker’s toolbox.

Lesson 8, “Malware Threats,” is devoted entirely to malware‚Äîwhat it is, where it comes from, detection, and eradication, as well as Trojans and countermeasures.

Lesson 9, “Sniffing,” covers what network sniffing is and the various techniques to get access to the traffic that you want to see to enable further exploits.

Lesson 10, “Social Engineering,” discusses social engineering techniques that you can use to influence people to perform actions or release information that opens up new avenues for network exploitation. As a corollary, this lesson also covers some countermeasures to protect you from becoming a victim of social engineering.

Lesson 11, “Denial-of-Service (DoS),” examines how botnets and DoS tools can be used to cripple a resource so that it cannot provide a service. This lesson also covers some methods you can employ to mitigate or prevent DoS attacks.

Lesson 12, “Session Hijacking,” provides an overview of TCP sessions and some of the vulnerabilities that can be exploited, such as man-in-the middle and cross-site attacks.

Lesson 13, “Hacking Webservers,” looks at some of the common webserver implementations and some of the authentication authorization protocols often used. In addition, you’ll learn about common webserver attacks, methodologies, countermeasures, and several security tools.

Lesson 14, “Hacking Web Applications,” examines different attack vectors and threats, how to perform footprinting of web apps, and how to corral your knowledge of web application evolution, protocols, mechanics, and tools to guard against vulnerabilities.

Lesson 15, “Advanced Web Application Hacking,” provides you with an understanding of vulnerabilities associated with command injection, XML injection, XXS (cross-site scripting), and Cross-Site Request Forgery (CSRF), as well as how to both exploit and mitigate related attacks.

Lesson 16, “SQL Injection,” covers the methodologies and attacks that use SQL injection, as well as tools to detect and defend against these attacks.

Lesson 17, “Hacking Wireless,” kicks off with an in depth look at wireless LAN fundamentals, including mechanics, encryption, and antenna types. The lesson continues by providing a wealth of knowledge about building your own wireless penetration testing lab for hacking practice using tools such as Pineapple, Airecrack-ng suite, cOWPatty, and many others. This lesson also delves into Bluetooth vulnerabilities and offers strategies for defending against wireless attacks.

Lesson 18, “IDS, Firewalls, and Honeypots,” explores IDS, firewall, and honeypot concepts, tools, and related penetration testing methods.

Lesson 19, “Cloud Computing,” covers the relatively new cloud computing environment and the challenges involved with conducting penetration testing in cloud networks.

Lesson 20, “Cryptography,” explores algorithms and tools related to encryption, cryptography, and cryptanalysis.

Lesson 21, “IoT Hacking,” kicks off with a look at how the Internet of Things has become increasingly pervasive and covers the IoT tools ZigBee, IEEE 802.15.4, INSTEON, ZWave, and LoRA. The lesson concludes with coverage of IoT penetration testing methods and security tools.

Lesson 22, “Hacking Mobile Platforms,” delves into security concerns in the era of the BYOD workforce, necessitating a Mobile Device Management (MDM) strategy. An under the hood look at Android and iOS security concerns, tools, and hacking methods concludes the lesson and the course.

Table of Contents

1 Certified Ethical Hacker (CEH) – Introduction
2 Module introduction
3 Learning objectives
4 1.1 Areas of Focus and Exam Info
5 1.2 Course Is and Isn’t
6 Learning objectives
7 2.1 Cybersecurity Overview
8 2.2 Threats and Attack Vectors
9 2.3 Attack Concepts
10 2.4 Understanding the Legal Aspects of Penetration Testing
11 2.5 Exploring Penetration Testing Methodologies
12 2.6 Attack Phases
13 2.7 Attack Types
14 2.8 InfoSec Policies
15 Learning objectives
16 3.1 Footprinting Concepts
17 3.2 Footprinting Objectives
18 3.3 Footprinting Methodologies
19 3.4 Search Engines
20 3.5 Finding People
21 3.6 Competitive Intelligence
22 3.7 Websites
23 3.8 Email Tracking
24 3.9 Network Discovery
25 3.10 DNS_Whois
26 3.11 Social Engineering
27 3.12 Employee Online Activities
28 3.13 Footprinting Tools
29 3.14 Footprinting Countermeasures
30 3.15 Penetration Testing – Footprinting and Recon
31 Learning objectives
32 4.1 Network Scanning Overview
33 4.2 Scanning Techniques
34 4.3 TCP_UDP Refresher
35 4.4 TCP Scanning Types
36 4.5 More TCP Scanning Techniques
37 4.6 Nmap Demo
38 4.7 IDS Evasion
39 4.8 Banner Grabbing
40 4.9 Vulnerability Scanning
41 4.10 Network Diagramming
42 4.11 Using and Chaining Proxies
43 4.12 HTTP and SSH Tunneling
44 4.13 Anonymizers
45 4.14 IP Spoofing and Countermeasures
46 4.15 Penetration Testing – Scanning Networks
47 Module introduction
48 Learning objectives
49 5.1 Enumeration Overview
50 5.2 NetBIOS Enumeration
51 5.3 Users and Default Passwords
52 5.4 SNMP Enumeration
53 5.5 Linux Enumeration
54 5.6 LDAP, NTP, SMTP, DNS Enumeration
55 5.7 Enumerating IKE, IPsec, VPNs
56 5.8 Enumeration Countermeasures
57 5.9 Penetration Testing – Enumeration
58 Learning objectives
59 6.1 Introducing Vulnerability Research and Classification
60 6.2 Exploring Vulnerability Assessment
61 6.3 Vulnerability Management Lifecycle (Vulnerability Assessment Phases)
62 6.4 Understanding Different Approaches of Vulnerability Assessment Solutions
63 6.5 Overview of Vulnerability Scoring Systems
64 6.6 Vulnerability Assessment Tools
65 6.7 Overview of Vulnerability Assessment Reports
66 Learning objectives
67 7.1 Hacking Methodology
68 7.2 Password Cracking
69 7.3 Keyloggers and Anti-keyloggers
70 7.4 Microsoft Authentication
71 7.5 Defense Against Password Cracking
72 7.6 Privilege Escalation
73 7.7 Executing Applications
74 7.8 Rootkits and Anti-rootkits
75 7.9 NTFS Stream Manipulation
76 7.10 Steganography and Steganalysis Methods
77 7.11 Covering Tracks
78 7.12 Penetration Testing – System Hacking
79 Learning objectives
80 8.1 Understanding Malware and Malware Propagation Techniques
81 8.2 Trojans, Backdoors, Viruses, Worms
82 8.3 Indications of Infection
83 8.4 Common Ports
84 8.5 How Malware Gets Into a System
85 8.6 How to Detect
86 8.7 Anti-malware Software
87 8.8 Online Malware Analysis Services
88 8.9 Countermeasures
89 8.10 Penetration Testing – Malware Threats
90 Learning objectives
91 9.1 Sniffing Overview
92 9.2 Sniffing Attack Types
93 9.3 Protocol Analyzers
94 9.4 Sniffing Tools
95 9.5 Sniffing Detection and Defense
96 9.6 Penetration Testing – Sniffing
97 Learning objectives
98 10.1 Social Engineering Concepts
99 10.2 Social Networking
100 10.3 Identity Theft
101 10.4 Social Engineering Countermeasures
102 10.5 Understanding Social Engineering
103 10.6 Surveying Social Engineering Methodologies
104 10.7 Understanding How to Target Employees
105 10.8 Exploring Social Engineering Tools
106 10.9 Exploring the Social Engineering Toolkit (SET)
107 10.10 Surveying Social Engineering Case Studies
108 10.11 Penetration Testing – Social Engineering
109 Module introduction
110 Learning objectives
111 11.1 DoS_DDoS Overview
112 11.2 DoS Techniques
113 11.3 Botnets
114 11.4 DoS Attack Tools
115 11.5 Detection and Countermeasures
116 11.6 DDoS Protection Tools
117 11.7 Penetration Testing – DoS
118 Learning objectives
119 12.1 What Is Session Hijacking
120 12.2 Techniques
121 12.3 Application Level Session Hijacking
122 12.4 MitM Attacks
123 12.5 Cross-site Attacks
124 12.6 Network Level Hijacking
125 12.7 Session Hijacking Tools
126 12.8 Hijacking Protection
127 12.9 Penetration Testing – Session Hijacking
128 Module introduction
129 Learning objectives
130 13.1 Webserver Concepts
131 13.2 Webserver Attacks
132 13.3 Attack Methodology
133 13.4 Countermeasures
134 13.5 System Patch Management
135 13.6 Security Tools
136 13.7 Exploring CMS and Framework Identification
137 13.8 Surveying Web Crawlers and Directory Brute Force
138 13.9 Understanding How Web Application Scanners Work
139 13.10 Introducing Nikto
140 13.11 Introducing the Burp Suite
141 13.12 Introducing OWASP Zed Application Proxy (ZAP)
142 13.13 Introducing OpenVAS
143 Learning objectives
144 14.1 Attack Vectors and Threats
145 14.2 Footprinting
146 14.3 Authentication and Authorization System Attacks
147 14.4 Understanding the Need for Web Application Penetration Testing
148 14.5 Exploring How Web Applications Have Evolved Over Time
149 14.6 Understanding the Web Application Protocols
150 14.7 Exploring the HTTP Request and Response
151 14.8 Surveying Session Management and Cookies
152 14.9 Understanding the APIs
153 14.10 Exploring the Tools Used to Test the APIs
154 14.11 Exploring Cloud Services
155 14.12 Exploring Web Application Frameworks
156 14.13 Surveying Docker Containers
157 14.14 Introducing DevOps
158 14.15 Understanding Authentication Schemes in Web Applications
159 14.16 Exploring Session Management Mechanisms and Related Vulnerabilities
160 14.17 Database Connectivity Attacks
161 Learning objectives
162 15.1 Understanding What is Command Injection
163 15.2 Exploiting Command Injection Vulnerabilities
164 15.3 Understanding What is XML Injection
165 15.4 Exploiting XML Injection Vulnerabilities
166 15.5 Undertanding How to Mitigate Injection Vulnerabilities
167 15.6 Understanding What is XSS
168 15.7 Exploiting Reflected XSS Vulnerabilities
169 15.8 Exploiting Stored XSS Vulnerabilities
170 15.9 Exploiting DOM Based XSS Vulnerabilities
171 15.10 Understanding Cross-Site Request Forgery (CSRF)
172 15.11 Exploiting CSRF Vulnerabilities
173 15.12 Evading Web Application Security Controls
174 15.13 Mitigating XSS and CSRF Vulnerabilities
175 15.14 Surveying the Client-side Code and Storage
176 15.15 Understanding HTML5 Implementations
177 15.16 Understanding AJAX Implementations
178 15.17 Mitigating AJAX, HTML5, and Client-side Vulnerabilities
179 15.18 Understanding the Other Common Security Flaws in Web Applications
180 15.19 Exploiting Insecure Direct Object References and Path Traversal
181 15.20 Surveying Information Disclosure Vulnerabilities
182 15.21 Fuzzing Web Applications
183 15.22 Web Application Security Tools
184 15.23 Web Application Firewalls
185 Learning objectives
186 16.1 Overview
187 16.2 Attacks Using SQL Injection
188 16.3 Methodology
189 16.4 Understanding SQL Injection
190 16.5 Exploiting SQL Injection Vulnerabilities
191 16.6 SQL Injection Defense
192 16.7 Detection Tools
193 Module introduction
194 Learning objectives
195 17.1 Wireless LAN Overview
196 17.2 Wireless Encryption
197 17.3 Wireless Threats
198 17.4 Understanding Wireless Antennas
199 17.5 Surveying Wi-Fi Devices Like the Pinneaple
200 17.6 Building Your Own Lab
201 17.7 Introducing the Aircrack-ng Suite
202 17.8 Introducing Airmon-ng
203 17.9 Understanding Airodump-ng
204 17.10 Introducing Aireplay-ng
205 17.11 Introducing Airdecap-ng
206 17.12 Introducing Airserv-ng
207 17.13 Introducing Airtun-ng
208 17.14 Understanding WEP Fundamentals
209 17.15 Learning How to Crack WEP
210 17.16 Understanding WPA Fundamentals
211 17.17 Surveying Attacks Against WPA2-PSK Networks
212 17.18 Using coWPAtty
213 17.19 Using Pyrit
214 17.20 Exploring WPA Enterprise Hacking
215 17.21 Using Kismet
216 17.22 Using Wireshark
217 17.23 Defining Evil Twin Attacks
218 17.24 Performing Evil Twin Attacks
219 17.25 Using Karmetasploit
220 17.26 Bluetooth and Bluejacking
221 17.27 Understanding Bluetooth Vulnerabilities
222 17.28 Surveying Tools for Bluetooth Monitoring
223 17.29 Wireless Attack Defense
224 17.30 Wireless IPS
225 Learning objectives
226 18.1 IDS, Firewall, and Honeypot Concepts
227 18.2 Firewall Tools
228 18.3 Honeypot Tools
229 18.4 IDS Tools
230 18.5 Evading IDS and Firewalls
231 18.6 Evading IDS and Firewall Tools
232 18.7 Detecting Honeypots
233 18.8 Penetration Testing – IDS, Firewalls, and Honeypots
234 Learning objectives
235 19.1 Overview
236 19.2 Providers
237 19.3 Detection
238 19.4 Instance and VPC Security Methods
239 19.5 Cloud Use as a Pen Testing Source
240 19.6 Understanding the Challenge of Testing Cloud Services
241 19.7 Exploring How to Test in the Cloud
242 Learning objectives
243 20.1 Overview
244 20.2 Algorithms
245 20.3 Tools
246 20.4 Public Key Infrastructure
247 20.5 Email
248 20.6 Disk Encryption and Tools
249 20.7 Attacks Against Cryptography
250 20.8 Cryptanalysis Tools
251 Learning objectives
252 21.1 Understanding IoT Fundamentals
253 21.2 Exploring ZigBee and IEEE 802.15.4
254 21.3 Exploring INSTEON
255 21.4 Exploring ZWave
256 21.5 Exploring LoRA
257 21.6 Overview of IoT Penetration Testing
258 21.7 IoT Security Tools
259 Learning objectives
260 22.1 Understanding OWASP Mobile Device Vulnerabilities
261 22.2 Wrestling with the BYOD Dilemma
262 22.3 Understanding Mobile Device Management (MDM)
263 22.4 Understanding Mobile Device Security Policies
264 22.5 Exploring The Android Security Model
265 22.6 Exploring Android Emulators and SDK
266 22.7 Understanding Android Hacking Tools and Methodologies
267 22.8 Introducing iOS Security
268 22.9 Exploring Jailbraking iOS
269 22.10 Surveying Tools for Dissasembling iOS Applications
270 22.11 Understanding Mobile Spyware
271 22.12 Exploring How to Make Your Own STORM-like Mobile Hacking Device
272 Certified Ethical Hacker (CEH) – Summary