CEH 上海(06.28-07.01)

  (Certificated Ethical Hacker）被业界称之为道德骇客(正派黑客)认证，是专注于渗透测试的认证。它是一个中立的技术认证，延自美国联邦调查局（FBI）训练人才课程。 黑客攻防是信息安全领域中，最引人注意的部分，CEH就是学习如何面对并防范骇客的攻击行为，不但要了解病毒、木马或蠕虫入侵行为，更要培养黑客的攻防技巧。认证道德黑客了解如何在目标系统中寻找弱点和漏洞，并使用与恶意黑客相同的知识和工具，但以合法的方式评估目标系统的安全状态。要参加CEH训练课程和考试，都须先签保密协议（NDA），主要是避免参加CEH训练课程的学员，非法使用所学的入侵手法。CEH认证被国际上认为是顶级热门安全证书。

        EC-COUNCIL 的足迹遍布全球 90多个国家，拥有超过480个全球合作伙伴，EC-COUNCIL 授予60, 000位世界500强的企业安全证书。已取得EC-COUNCIL的安全证书的机构包括美国陆军，联邦调查局（FBI），微软，IBM等。EC-COUNCIL的多项证书得到美国政府机构的大力支持，美国联邦政府通过美国《退伍军人权利法》，国家安全局，国家安全通信与信息系统安全检查委员会，根据美国国防部DOD 8570准则规定，所有军方、联邦政府、外事单位、招聘全职和兼职公务人员，都必须依照工作内容通过资安认证计划书(CEH)。著名的"棱镜门"黑客 斯诺登 就是 CEH证书的持有者。

 

认证目标人群：

道德黑客认证将加强安全人员，审核员，安全专业人员，网站管理员以及关心网络基础设施完整性的任何人的应用知识。

 

考试形式：

 

Number of Questions: 125

Test Duration: 4 Hours

Test Format: Multiple Choice

Test Delivery: ECC EXAM, VUE

Exam Prefix: 312-50 (ECC EXAM), 312-50 (VUE)

 

主要内容： 

Module 1: Introduction toEthical Hacking

·        Information Security Overview

·        Information Security Threats and Attack Vectors

·        Hacking Concepts

·        Hacking Phases

·        Types of Attacks

·        Information Security Controls

Module 2: Footprinting andReconnaissance

·        Footprinting Concepts

·        Footprinting Threats

·        Footprinting Methodology

·        Footprinting Tools

·        Footprinting Countermeasures

·        Footprinting Penetration Testing

Module 3: Scanning Networks

·        Overview of Network Scanning

·        CEH Scanning Methodology

Module 4: Enumeration

·        Enumeration Concepts

·        NetBIOS Enumeration

·        SNMP Enumeration

·        UNIX/Linux Enumeration

·        LDAP Enumeration

·        NTP Enumeration

·        SMTP Enumeration

·        DNS Enumeration

·        Enumeration Countermeasures

·        SMB Enumeration Countermeasures

·        Enumeration Pen Testing

Module 5: System Hacking

·        Information at Hand Before System Hacking Stage

·        System Hacking: Goals

·        CEH Hacking Methodology (CHM)

·        CEH Hacking Steps

Module 6: Trojans and Backdoors

·        Trojan Concepts

·        Trojan Infection

·        Types of Trojans

·        Trojan Detection

·        Countermeasures

·        Anti-Trojan Software

·        Pen Testing for Trojans and Backdoors

Module 7: Viruses and Worms

·        Virus and Worms Concepts

·        Types of Viruses

·        Computer Worms

·        Malware Analysis

·        Counter-Measures

·        Penetration Testing for Virus

Module 8: Sniffers

·        Sniffing Concepts

·        MAC Attacks

·        DHCP Attacks

·        ARP Poisoning

·        Spoofing Attack

·        DNS Poisoning

·        Sniffing Tools

·        Countermeasures

Module 9: Social Engineering

·        Social Engineering Concepts

·        Social Engineering Techniques

·        Imperso-nation on Social Networking Sites

·        Identity Theft

·        Social Engineering Countermeasures

·        Social Engineering Pen Testing

Module 10: Denial of Service

·        DoS/DDoS Concepts

·        DoS Attack Techniques

·        Botnet

·        DoS Attack Tools

·        Counter-measures

·        DoS/DDoS Protection Tools

·        Denial-of Service (DoS) Attack Penetration Testing

Module 11: Session Hijacking

·        Session Hijacking Concepts

·        Network-level Session Hijacking

·        Session Hijacking Tools

·        Counter-measures

·        Session Hijacking Pen Testing

Module 12: Hacking Webservers

·        Webserver Concepts

·        Webserver Attacks

·        Attack Methodology

·        Webserver Attack Tools

·        Counter-measures

·        Patch Management

·        Webserver Security Tools

·        Webserver Pen Testing

Module 13: Hacking WebApplications

·        Web App Concepts

·        Web App Threats

·        Web App Hacking Methodology

·        Web Application Hacking Tools

·        Countermeasures

·        Web App Pen Testing

Module 14: SQL Injection

·        SQL Injection Concepts

·        Testing for SQL Injection

·        Types of SQL Injection

·        Blind SQL Injection

·        SQL Injection Methodology

·        Advanced SQL Injection

·        Evasion Techniques

·        Countermeasures

Module 15: Hacking WirelessNetworks

·        Wireless Concepts

·        Wireless Encryption

·        Wireless Threats

·        Wireless Hacking Methodology

·        Wireless Hacking Tools

·        Bluetooth Hacking

·        Countermeasures

·        Wireless Security Tools

·        Wi-Fi Pen Testing

Module 16: Hacking MobilePlatforms

·        Mobile Platform Attack Vectors

·        Hacking Android OS

·        Hacking iOS

·        Hacking Windows Phone OS

·        Hacking Blackberry

·        Mobile Device Management

·        Mobile Security Guidelines and Tools

·        Mobile Pen Testing

Module 17: Evading IDS,Firewalls, and Honeypots

·        IDS, Firewall and Honeypot Concepts

·        IDS, Firewall and Honeypot System

·        Evading IDS

·        Evading Firewalls

·        Detecting Honeypots

·        Firewall Evading Tools

·        Countermeasures

·        Penetration Testing

Module 18: Buffer Overflow

·        Buffer Overflow Concepts

·        Buffer Overflow Methodology

·        Buffer Overflow Examples

·        Buffer Overflow Detection

·        Buffer Overflow Countermeasures

·        Buffer Overflow Security Tools

·        Buffer Overflow Pen Testing

Module 19: Cryptography

·        Cryptography Concepts

·        Encryption Algorithms

·        Cryptography Tools

·        Public Key Infrastructure (PKI)

·        Email Encryption

·        Disk Encryption

·        Cryptography Attacks

·        Cryptanalysis Tools

Module 20: Penetration Testing

·        Pen Testing Concepts

·        Types of Pen Testing

·        Pen Testing Techniques

·        Pen Testing Phases

·        Pen Testing Roadmap

·        Outsourcing Pen Test