The Certified Ethical Hacker (CEH) exam was developed by the International Council of E-Commerce Consultants (EC-Council) to provide an industry-wide means of certifying the competency of security professionals. The CEH certification is granted to those who have attained the level of knowledge and security skills needed to perform security audits and penetration testing of systems and network. The CEH exam is periodically updated to keep the certification applicable to the most recent hacking tools and vulnerabilities. This is necessary because a CEH must be familiar with the latest attacks and exploits. The most recent revisions to the exam as of this writing are found in version 6. The version 6 exam objectives are reflected in this book.
Chapter 1 Introduction to Ethical Hacking, Ethics, and Legality
Chapter 2 Gathering Target Information: Reconnaissance, Foot printing, and Social Engineering
Chapter 3 Gathering Network and Host Information: Scanning and Enumeration
Chapter 4 System Hacking: Password Cracking, Escalating Privileges, and Hiding Files
Chapter 5 Trojans, Backdoors, Viruses, and Worms
Chapter 6 Gathering Data from Networks: Sniffers
Chapter 7 Denial of Service and Session Hijacking
Chapter 8 Web Hacking: Google, Web Servers, Web Application Vulnerabilities, and Web- Based Password Cracking Techniques
Chapter 9 Attacking Applications: SQL Injection and Buffer Overflows
Chapter 10 Wireless Network Hacking
Chapter 11 Physical Site Security
Chapter 12 Hacking Linux Systems
Chapter 13 Bypassing Network Security: Evading IDSs, Honeypots, and Firewalls Chapter 14 Cryptography
Chapter 15 Performing a Penetration Test
Ethics and Legality Understand ethical hacking terminology
Define the job role of an ethical hacker
Understand the different phases involved in ethical hacking
Identify different types of hacking technologies
List the 5 stages of ethical hacking What is hacktivism?
1 List different types of hacker classes
Define the skills required to become an ethical hacker
What is vulnerability research? 1
Describe the ways of conducting ethical hacking 1
Understand the legal implications of hacking 1
Understand 18 U.S.C. § 1030 US Federal Law 1
Foot printing Define the term foot printing
Describe information gathering methodology 2
Describe competitive intelligence 2
Understand DNS enumeration 2
Understand Whose, ARIN lookup 2
Identify different types of DNS records 2
Understand how trace route is used in foot printing 2
Understand how email tracking works 2
Understand how web spiders work 2
Scanning Define the terms port scanning, network scanning, and vulnerability
Understand the CEH scanning methodology
Understand Ping Sweep techniques
Understand nmap command switches
Understand SYN, Stealth, XMAS, NULL, IDLE, and FIN scans
List TCP communication flag types 3 Understand war dialing techniques
Understand banner grabbing and OF fingerprinting techniques
Understand how proxy servers are used in launching an attack 3 How do anonymizers work?
Understand HTTP tunneling techniques 3 Understand IP spoofing techniques
What is enumeration? 3 What is meant by null sessions?
What is SNMP enumeration?
What are the steps involved in performing enumeration?
System Hacking Understanding password cracking techniques
Understanding different types of passwords
Identifying various password cracking tools
Understand escalating privileges
Understanding key loggers and other spyware technologies
Understand how to hide files
Understanding root kits
Understand steganography technologies
Understand how to cover your tracks and erase evidence
Trojans and Backdoors What is a Trojan
What is meant by overt and covert channels?
List the different types of Trojans
What are the indications of a Trojan attack?
Understand how “Netcat” Trojan works
What is meant by “wrapping”?
How do reverse connecting Trojans work?
What are the countermeasure techniques in preventing Trojans?
Understand Trojan evading techniques
Sniffers Understand the protocol susceptible to sniffing
Understand active and passive sniffing
Understand ARP poisoning
Understand Ethereal capture and display filters
Understand MAC flooding
Understand DNS spoofing techniques
Describe sniffing countermeasures
Denial of Service Understand the types of DoS Attacks
Understand how DDoS attack works
Understand how BOTs/BOTNETs work
What is a “Smurf” attack?
What is “SYN” flooding?
Describe the DoS/DDoS countermeasures
Session Hijacking Understand spoofing vs. hijacking
List the types of session hijacking
Understand sequence prediction
What are the steps in performing session hijacking?
Describe how you would prevent session hijacking
Hacking Web Servers List the types of web server vulnerabilities 8
Understand the attacks against web servers
Understand IIS Unicode exploits
Understand patch management techniques
Understand Web Application Scanner
What is the Metasploit Framework?
Describe web server hardening methods
Web Application Vulnerabilities Understanding how a web application works
Objectives of web application hacking
Anatomy of an attack
Web application threats
Understand Google hacking
Understand web application countermeasures
Web-Based Password Cracking Techniques List the authentication types
What is a password cracker?
How does a password cracker work?
Understand password attacks – classification
Understand password cracking countermeasures
SQL Injection What is SQL injection?
Understand the steps to conduct SQL injection
Understand SQL Server vulnerabilities
Describe SQL injection countermeasures
Overview of WEP, WPA authentication systems, and cracking techniques
Overview of wireless sniffers and SSID, MAC spoofing
Understand rogue access points
Understand wireless hacking techniques
Describe the methods of securing wireless networks
Virus and Worms Understand the difference between a virus and a worm 5
Understand the types of viruses
How a virus spreads and infects the system
Understand antivirus evasion techniques
Understand virus detection methods
Physical Security Physical security breach incidents
Understanding physical security
What is the need for physical security?
Who is accountable for physical security?
Factors affecting physical security
Linux Hacking Understand how to compile a Linux kernel
Understand GCC compilation commands
Understand how to install LKM modules
Understand Linux hardening methods
Evading IDS, Honeypots, and Firewalls List the types of intrusion detection systems and evasion techniques
List firewall and honeypot evasion techniques
Identify the different types of buffer overflows and methods of detection
Overview of buffer overflow mutation techniques
Cryptography Overview of cryptography and encryption techniques
Describe how public and private keys are generated
Overview of MD5, SHA, RC4, RC5, Blowfish algorithms
Penetration Testing Methodologies
Overview of penetration testing methodologies
List the penetration testing steps
Overview of the pen-test legal framework
Overview of the pen-test deliverables
List the automated penetration testing tools
Tags: #Ceh Certified Ethical Hacker study guide pdf #Ceh Study Guide free Download #Ceh Study guide v9 pdf #Ceh v9: Certified Ethical Hacker version 9 study Guide #Ceh: Official Certified Ethical Hacker Review Guide #Certified Ethical Hacker v8 pdf #Certified Ethical Hacker v9 pdf #The Ceh Prep Guide pdf