Search
Wednesday, July 18, 2018

CEH v8

CEH v8 Wiki

Home


Please note that this wiki currently (Oct 2015) mostly only a listing of the contents of the course and contains very little info. I'll be adding info in due course, from the various sets of notes I took from courses I attended, online resources I watched or read, and books I read, inclucing links to the software packages referred to in the course.

To search for lists of tools available for the various hacking disciplines, use the Search link above and seach for 70015. To search for flow lists (i.e. ordered steps to follow in carrying out specific hacking tasks), search for /=10\\' or just /=. Almost all of the tools referenced in the CEH course are Windows-based, although many have Linux counterparts or were ported from the original Linux tool - as an added reference I have added the list of tools available in Kali Linux in this wiki so that the tools (70015) search will bring them up too!

Kali Linux Tools

The list of tools from Kali Linux is included in this wiki so that it is searchable along with the rest of the CEH course material for tools (70015). Clicking on the tool names listed on the various pages will take you directly to the Kali Linux site reference page for that tool, in a new window.

CEH v8 on Practice-Labs.com

One of the things that I hated the most about the practical aspect of the online CEH course I did was the ridiculous emphasis on software installation. Instead of just building VMs that have all the relevant software pre-installed, so that users can spend their time constructively learning about the various software packages, most of the time was spent wading through screenshot after screenshot walking me through installing the various packages. Note to Practice-Labs.com - anyone who is computer literate enough to do this course knows how to install software... you don't have to hold their hand through it all the time! Better still, build VMs with the software pre-installed and save us all hours of tedium!

This section links to pages that include only the relevant stuff from the labs, along with my own notes and, most importantly, links to the various software packages used.

Skillsoft CEH v8 Course

This section contains a listing of the modules that make up the online course, along with the total duration of each of the sections. The timing does not include the tests, but does include the concluding exercises of each module, which are always timed at 10 minutes.

Hacking [50 minutes]
  • Information Security Overview [15 minutes]
    • Information security overview
    • Security threats and attack vectors
  • Hacking Concepts [18 minutes]
    • The hacker
    • Hacking phases
    • Attack types
  • Information Security Controls [17 minutes]
    • Ethical hacking function
    • Incident management
    • Information security policies
Penetration Testing [44 minutes]
  • Penetration Testing Overview [8 minutes]
    • Penetration testing
  • Penetration Testing Techniques [20 minutes]
    • Types of penetration tests
    • Penetration testing techniques
    • Penetration testing phases
  • Penetration Testing Outsourcing [6 minutes]
    • Penetration testing outsourcing
  • Ethical Hacking and Penetration Testing Concepts [10 minutes]
    • Exercise: Hacking and penetration testing concepts
Footprinting and Reconnaissance [96 minutes]
  • What is Footprinting? [7 minutes]
    • Footprinting overview
  • Footprinting through Search Engines and Web Sites [23 minutes]
    • Footprinting through search engines
    • Demo: Web site footprinting
  • Footprinting through Email, Google and WHOIS [19 minutes]
    • Email footprinting
    • Competitive intelligence
    • Google footprinting
    • WHOIS footprinting
  • Footprinting through Networking and Social Engineering [20 minutes]
    • DNS footprinting
    • Demo: Network footprinting
    • Social engineering
    • Social nework web sites
  • Footprinting Tools and Countermeasures [17 minutes]
    • Footprinting tools
    • Demo: Network footprinting
    • Footprinting countermeasures
    • Penetration testing
  • Footprinting [10 minutes]
    • Exercise: Footprinting
Network Scanning [97 minutes]
  • Network Scanning Overview [11 minutes]
    • Overview of network scanning
    • Demo: Checking for live systems
  • Scanning for Open Ports [25 minutes]
    • Scanning TCP and IPv6
    • Demo: Scanning tools
    • Scanning techniques and countermeasures
  • Banner Grabbing and Vulnerability Scanning [18 minutes]
    • IDS evasion
    • Demo: Banner grabbing
    • Vulnerability scanning
    • Network diagramming
  • Proxy Servers and Tunneling [18 minutes]
    • Proxy servers
    • Proxy tools
    • HTTP and SSH tunneling
  • Censorship, Privacy and IP Spoofing [12 minutes]
    • Censorship and privacy
    • IP spoofing
  • Scanning Penetration Testing [3 minutes]
    • Penetration testing
  • Scanning Tools and Methodologies [10 minutes]
    • Exercise: Network scanning
Enumeration [45 minutes]
  • Enumeration Overview [4 minutes]
    • What is enumeration?
  • OS-Based Enumeration [15 minutes]
    • Demo: NetBIOS enumeration
    • UNIX and Linux enumeration
  • Network Protocol-Based Enumeration [19 minutes]
    • SNMP enumeration
    • LDAP enumeration
    • NTP enumeration
    • SMTP enumeration
    • Demo: DNS enumeration
  • Enumeration Countermeasures and Penetration Testing [7 minutes]
    • Enumeration countermeasures
    • Enumeration penetration testing
Cryptography [53 minutes]
  • Cryptography Concepts [3 minutes]
    • Overview of cryptography
  • Cryptographic Algorithms and Tools [16 minutes]
    • Cryptographic algorithms
    • Cryptographic tools
  • PKI and Email and Disk Encryption [15 minutes]
    • PKI
    • Email encryption
    • Demo: Disk encryption
  • Cryptographic Attacks and Cryptanalysis Tools [9 minutes]
    • Cryptographic attacks
    • Cryptanalysis tools
  • Enumeration Tools and Techniques [10 minutes]
    • Exercise: Enumeration
Cracking Passwords and Executing Applications [68 minutes]
  • System Hacking Overview [3 minutes]
    • Overview of system hacking
  • Cracking Passwords [15 minutes]
    • Password overview and attacks
    • Online and offline password attacks
    • Demo: Stealing and cracking passwords
    • Privilege escalation
  • Microsoft Authentication [15 minutes]
    • NTLM and Kerberos
    • Password cracking tools
    • Password cracking countermeasures
  • Keyloggers [15 minutes]
    • Executing applications
    • Keyloggers
    • Keylogger countermeasures
  • Spyware [20 minutes]
    • Desktop, email and Internet spyware
    • Types of spyware
    • Antispyware
Hiding Files and Covering Tracks [52 minutes]
  • Hiding Files [18 minutes]
    • Rootkits
    • Rootkit countermeasures
    • Demo: NTFS streams
  • Steganography [15 minutes]
    • Steganography overview
    • Types of steganography
    • Steganalysis
  • Covering Tracks and Penetration Testing [9 minutes]
    • Covering tracks
    • Penetration testing
  • System Hacking [10 minutes]
    • Exercise: System hacking
Trojans and Backdoors [66 minutes]
  • Trojan Overview [10 minutes]
    • Overview of trojans
    • Trojan infection
  • Trojan Types [21 minutes]
    • Command shell and GUI trojans
    • Document, email and defacement trojans
    • Network trojans
    • Banking and credit card trojans
  • Trojan Analysis [11 minutes]
    • MAC OS trojans
    • Trojan analysis
  • Scanning for Trojans [17 minutes]
    • Scanning ports and processes
    • Scanning registry, drivers and services
    • Scanning startup programs
  • Trojan Countermeasures and Penetration Testing [7 minutes]
    • Trojan countermeasures
    • Antitrojan software
    • Penetration testing
Viruses and Worms [53 minutes]
  • Virus and Worm Overview [8 minutes]
    • Virus and worm overview
    • Virus and worm infections
  • Types of Viruses and Worms [17 minutes]
    • Types of virus
    • Making a virus
    • Worms
  • Virus and Worm Countermeasures and Penetration Testing [18 minutes]
    • Demo: Malware analysis
    • Virus and worm countermeasures
    • Penetration testing
  • Malware [10 minutes]
    • Exercise: Malware
Sniffing [94 minutes]
  • Sniffing Overview [17 minutes]
    • Types of sniffing
    • Sniffing protocols and hardware
  • DHCP and MAC Attacks [15 minutes]
    • MAC attacks
    • DHCP attacks
  • ARP Poisoning [20 minutes]
    • ARP poisoning
    • Demo: ARP poisoning and countermeasures
  • MAC and DNS Spoofing [12 minutes]
    • MAC spoofing
    • DNS spoofing
  • Tools, Countermeasures and Penetration Testing [20 minutes]
    • Sniffing tools
    • Sniffing countermeasures
    • Sniffing penetration testing
  • Sniffing Attacks and Countermeasures [10 minutes]
    • Exercise: Sniffing
Social Engineering [39 minutes]
  • Social Engineering Overview [8 minutes]
    • Social engineering
    • Social engineering attacks
  • Social Engineering Techniques [9 minutes]
    • Types of social engineering
    • Computer-based social engineering
    • Mobile-based social engineering
  • Impersonation Using Social Networking [5 minutes]
    • Impersonation using social networking
    • Identity theft
  • Social Engineering Countermeasures [7 minutes]
    • Social engineering and identity theft
    • Social engineering pen testing
  • Planning for Social Engineering Attacks [10 minutes]
    • Exercise: Social engineering
Denial of Service [27 minutes]
  • Denial of Service Overview [7 minutes]
    • What is DoS?
    • Attack types
  • DoS and DDoS [8 minutes]
    • Botnets
    • DDoS case study
    • DoS and DDoS tools
    • Demo: Performing DoS attacks
  • DoS Detection, Protection and Penetration Testing [12 minutes]
    • Detection and countermeasures
    • Protection tools
    • Penetration testing
Session Hijacking [33 minutes]
  • Session Hijacking Overview [5 minutes]
    • What is session hijacking?
    • Types of attack
  • Application-Level and Network-Level Session Hijacking [15 minutes]
    • Application-level session hijacking
    • Network-level session hijacking
    • Session hijacking tools
  • Session Hijacking Countermeasures and Pen Testing [11 minutes]
    • Countermeasures
    • Penetration testing
    • Demo: Performing session hijacking
  • Denial of Service and Session Hijacking Attacks [2 minutes]
    • Exercise: DoS and session hijacking attacks
Hacking Web Servers [92 minutes]
  • Web Server Concepts [8 minutes]
    • Web server concepts
  • Web Server Attacks [20 minutes]
    • Web server misconfiguration
    • Web server attacks
    • Web server attack methodologies
  • Web Server Attack Tools [20 minutes]
    • Metasploit and Wfetch
    • Web password cracking tools
    • Demo: Web server footprinting
  • Web Server Attack Countermeasures and Patch Management [17 minutes]
    • Web server attack countermeasures and defenses
    • Patch management
  • Web Server Security [17 minutes]
    • Web server security tools
    • Web server penetration testing
  • Hacking Web Servers [10 minutes]
    • Exercise: Hacking web servers
Hacking Web Applications [102 minutes]
  • Web Application Overview [7 minutes]
    • Web Applications
  • Web Application XSS and Injection Attacks [20 minutes]
    • Threats and injection attacks
    • XSS attacks
    • Demo: Hacking web applications
  • Web Application CSRF and DoS Attacks [12 minutes]
    • CSRF, DoS and other attacks
    • Web services architecture and attacks
  • Web Application Hacking Methodology [22 minutes]
    • Footprinting and hacking webservers
    • Authentication and authorization attacks
    • Session, injection and data attacks
    • Client and web service attacks
  • Web Application Hacking Tools and Countermeasures [21 minutes]
    • Web application hacking tools
    • Web application hacking countermeasures
    • Web application security
    • Demo: Website vulnerability scanning
  • Web Application Penetration Testing [10 minutes]
    • Penetration testing
  • Hacking Web Applications [10 minutes]
    • Exercise: Hacking web applications
SQL Injection Attacks [102 minutes]
  • SQL Injection Overview [19 minutes]
    • SQL injection overview
    • SQL injection examples
  • Types of SQL Injection [19 minutes]
    • Testing for SQL injection
    • Types of SQL injection
    • Blind SQL injection
  • SQL Injection Methodology [23 minutes]
    • SQL injection methodology
    • Advanced SQL injection
    • Demo: SQL injection on MS SQL database
  • SQL Injection Tools and Evasion Techniques [15 minutes]
    • SQL injection tools
    • Evasion techniques
  • SQL Injection Countermeasures [16 minutes]
    • Countermeasures
    • Countermeasure Tools
  • SQL Injection [10 minutes]
    • SQL Injection
Hacking Wireless Networks [103 minutes]
  • Wireless Networking Overview [7 minutes]
    • Wireless overview
    • Chalking and antennae
  • Wi-Fi Encryption and Attacks [20 minutes]
    • Wi-Fi encryption
    • Wi-Fi attacks
  • Wireless Hacking Methodology: Discovery and Anaylysis [22 minutes]
    • Wi-Fi discovery
    • GPS mapping
    • Traffic analysis
    • Demo: Sniffing with OmniPeek
  • Wireless Hacking Methodology: Cracking Encryption [18 minutes]
    • Wireless attacks
    • Cracking encryption
    • Demo: Using Aircrack-ng
  • Wireless Hacking Tools [10 minutes]
    • Wireless hacking tools
    • Bluetooth hacking
  • Countermeasures, Tools and Penetration Testing [16 minutes]
    • Wireless Countermeasures
    • Wireless Security Tools
    • Penetration Testing
  • Wireless Network Hacking [10 minutes]
    • Exercise: Hacking wireless networks
Hacking Mobile Platforms [90 minutes]
  • Mobile Platform Attacks and Management [17 minutes]
    • Mobile platform attacks
    • Mobile device management
  • Hacking Android OS [15 minutes]
    • Android OS
    • Rooting Android
    • Android hacking tools
  • Protecting Android Devices [12 minutes]
    • Securing devices
    • Android penetration testing
  • Hacking iOS [11 minutes]
    • Jailbreaking iOS
    • Securing iOS
  • Securing Windows OS Devices [5 minutes]
    • Securing Windows OS devices
  • Securing Blackberry Devices [11 minutes]
    • Blackberry OS and architecture
    • Blackberry threats
  • Mobile Platform Security [9 minutes]
    • Mobile platform security and tools
  • Protecting Mobile Devices [10 minutes]
    • Exercise: Hacking mobile platforms
Evading IDS, Firewalls and Honeypots [102 minutes]
  • IDS, Firewall and Honeypot Overview [21 minutes]
    • Intrusion detection
    • Firewall concepts
    • Honeypots
  • IDS, Firewall and Honeypot Tools [24 minutes]
    • Intrusion detection tools
    • Firewalls
    • Honeypot tools
  • IDS Evasion Techniques [22 minutes]
    • IDS evasion and fragmentation
    • TTL and shellcode attacks
    • Application-layer attacks
  • Firewall and Honeypot Evasion [17 minutes]
    • Evasion techniques
    • Bypassing firewalls
    • Detecting honeypots
    • Firewall evasion tools
  • Countermeasures and Penetration Testing [8 minutes]
    • Evasion countermeasures
    • Penetration testing
  • IDS, Firewalls and Honeypots [10 minutes]
    • Exercise: Footprinting
Buffer Overflow [63 minutes]
  • Buffer Overflow Concepts [10 minutes]
    • Buffer overflow concepts
  • Buffer Overflow Methodology and Examples [17 minutes]
    • Buffer overflow methodology
    • Buffer overflow examples
  • Buffer Overflow Detection [11 minutes]
    • Buffer overflow detection
  • Countermeasures and Penetration Testing [15 minutes]
    • Buffer overflow countermeasures
    • Buffer overflow penetration testing
  • Buffer Overflow [10 minutes]
    • Exercise: Buffer overflow

Other Resources

  • CEH Exam Prep Clinic (1 of 2) - Leo Dregier [CEH v7]
  • CEH Exam Prep Clinic (2 of 2) - Leo Dregier [CEH v7]
  • Nearly 900 CEHv8 Exam Questions with Answers
    • Be aware that some of the answers given are incorrect. For example, "A hacker is attempting to see which ports have been left open on a network. which NMAP switch would the hacker use?" has the options: A. -sO, B. -sP, C. -sS and D. -sU. The correct answer is C (open TCP ports) and D (open UDP ports), but they've given A as the answer, which is an IP protocol scan and shows open/active protocols, not ports!

 



“If I had eight hours to chop down a tree, I'd spend the first six of them sharpening my axe.”

Abraham Lincoln

Copyright 2018 by Exweeto Terms Of Use Privacy Statement