CEH 上海(06.28-07.01)
(Certificated Ethical Hacker)被业界称之为道德骇客(正派黑客)认证,是专注于渗透测试的认证。它是一个中立的技术认证,延自美国联邦调查局(FBI)训练人才课程。 黑客攻防是信息安全领域中,最引人注意的部分,CEH就是学习如何面对并防范骇客的攻击行为,不但要了解病毒、木马或蠕虫入侵行为,更要培养黑客的攻防技巧。认证道德黑客了解如何在目标系统中寻找弱点和漏洞,并使用与恶意黑客相同的知识和工具,但以合法的方式评估目标系统的安全状态。要参加CEH训练课程和考试,都须先签保密协议(NDA),主要是避免参加CEH训练课程的学员,非法使用所学的入侵手法。CEH认证被国际上认为是顶级热门安全证书。
EC-COUNCIL 的足迹遍布全球 90多个国家,拥有超过480个全球合作伙伴,EC-COUNCIL 授予60, 000位世界500强的企业安全证书。已取得EC-COUNCIL的安全证书的机构包括美国陆军,联邦调查局(FBI),微软,IBM等。EC-COUNCIL的多项证书得到美国政府机构的大力支持,美国联邦政府通过美国《退伍军人权利法》,国家安全局,国家安全通信与信息系统安全检查委员会,根据美国国防部DOD 8570准则规定,所有军方、联邦政府、外事单位、招聘全职和兼职公务人员,都必须依照工作内容通过资安认证计划书(CEH)。著名的"棱镜门"黑客 斯诺登 就是 CEH证书的持有者。
认证目标人群:
道德黑客认证将加强安全人员,审核员,安全专业人员,网站管理员以及关心网络基础设施完整性的任何人的应用知识。
考试形式:
Number of Questions: 125
Test Duration: 4 Hours
Test Format: Multiple Choice
Test Delivery: ECC EXAM, VUE
Exam Prefix: 312-50 (ECC EXAM), 312-50 (VUE)
主要内容:
Module 1: Introduction toEthical Hacking
· Information Security Overview
· Information Security Threats and Attack Vectors
· Hacking Concepts
· Hacking Phases
· Types of Attacks
· Information Security Controls
Module 2: Footprinting andReconnaissance
· Footprinting Concepts
· Footprinting Threats
· Footprinting Methodology
· Footprinting Tools
· Footprinting Countermeasures
· Footprinting Penetration Testing
Module 3: Scanning Networks
· Overview of Network Scanning
· CEH Scanning Methodology
Module 4: Enumeration
· Enumeration Concepts
· NetBIOS Enumeration
· SNMP Enumeration
· UNIX/Linux Enumeration
· LDAP Enumeration
· NTP Enumeration
· SMTP Enumeration
· DNS Enumeration
· Enumeration Countermeasures
· SMB Enumeration Countermeasures
· Enumeration Pen Testing
Module 5: System Hacking
· Information at Hand Before System Hacking Stage
· System Hacking: Goals
· CEH Hacking Methodology (CHM)
· CEH Hacking Steps
Module 6: Trojans and Backdoors
· Trojan Concepts
· Trojan Infection
· Types of Trojans
· Trojan Detection
· Countermeasures
· Anti-Trojan Software
· Pen Testing for Trojans and Backdoors
Module 7: Viruses and Worms
· Virus and Worms Concepts
· Types of Viruses
· Computer Worms
· Malware Analysis
· Counter-Measures
· Penetration Testing for Virus
Module 8: Sniffers
· Sniffing Concepts
· MAC Attacks
· DHCP Attacks
· ARP Poisoning
· Spoofing Attack
· DNS Poisoning
· Sniffing Tools
· Countermeasures
Module 9: Social Engineering
· Social Engineering Concepts
· Social Engineering Techniques
· Imperso-nation on Social Networking Sites
· Identity Theft
· Social Engineering Countermeasures
· Social Engineering Pen Testing
Module 10: Denial of Service
· DoS/DDoS Concepts
· DoS Attack Techniques
· Botnet
· DoS Attack Tools
· Counter-measures
· DoS/DDoS Protection Tools
· Denial-of Service (DoS) Attack Penetration Testing
Module 11: Session Hijacking
· Session Hijacking Concepts
· Network-level Session Hijacking
· Session Hijacking Tools
· Counter-measures
· Session Hijacking Pen Testing
Module 12: Hacking Webservers
· Webserver Concepts
· Webserver Attacks
· Attack Methodology
· Webserver Attack Tools
· Counter-measures
· Patch Management
· Webserver Security Tools
· Webserver Pen Testing
Module 13: Hacking WebApplications
· Web App Concepts
· Web App Threats
· Web App Hacking Methodology
· Web Application Hacking Tools
· Countermeasures
· Web App Pen Testing
Module 14: SQL Injection
· SQL Injection Concepts
· Testing for SQL Injection
· Types of SQL Injection
· Blind SQL Injection
· SQL Injection Methodology
· Advanced SQL Injection
· Evasion Techniques
· Countermeasures
Module 15: Hacking WirelessNetworks
· Wireless Concepts
· Wireless Encryption
· Wireless Threats
· Wireless Hacking Methodology
· Wireless Hacking Tools
· Bluetooth Hacking
· Countermeasures
· Wireless Security Tools
· Wi-Fi Pen Testing
Module 16: Hacking MobilePlatforms
· Mobile Platform Attack Vectors
· Hacking Android OS
· Hacking iOS
· Hacking Windows Phone OS
· Hacking Blackberry
· Mobile Device Management
· Mobile Security Guidelines and Tools
· Mobile Pen Testing
Module 17: Evading IDS,Firewalls, and Honeypots
· IDS, Firewall and Honeypot Concepts
· IDS, Firewall and Honeypot System
· Evading IDS
· Evading Firewalls
· Detecting Honeypots
· Firewall Evading Tools
· Countermeasures
· Penetration Testing
Module 18: Buffer Overflow
· Buffer Overflow Concepts
· Buffer Overflow Methodology
· Buffer Overflow Examples
· Buffer Overflow Detection
· Buffer Overflow Countermeasures
· Buffer Overflow Security Tools
· Buffer Overflow Pen Testing
Module 19: Cryptography
· Cryptography Concepts
· Encryption Algorithms
· Cryptography Tools
· Public Key Infrastructure (PKI)
· Email Encryption
· Disk Encryption
· Cryptography Attacks
· Cryptanalysis Tools
Module 20: Penetration Testing
· Pen Testing Concepts
· Types of Pen Testing
· Pen Testing Techniques
· Pen Testing Phases
· Pen Testing Roadmap
· Outsourcing Pen Test