ECCC-1 - CEH - CERTIFIED ETHICAL HACKER

INFORMAZIONI SUL CORSO

durata

Durata:

5 GIORNI
categoria

Categoria:

EC-Council
qualifica

Qualifica istruttore:

Certified EC-Council Instructor
dedicato a

Dedicato a:

Professionista IT
produttore

Produttore:

EC-Council

SCEGLI LA SEDE PER QUESTO CORSO

CORSO A CALENDARIO

Per vedere le informazioni relative al calendario del corso scegli prima una sede
sede
Sede: PCSNET Roma
prezzo
Prezzo: 3.500 € 2.100 € + IVA
Inizio
Fine
Prezzo
 
12 mar 18
16 mar 18
3.500 € 2.100 €
02 lug 18
06 lug 18
3.500 €
05 nov 18
09 nov 18
3.500 €
sede
Sede: PCSNET Milano
prezzo
Prezzo: 3.500 € + IVA
Questo corso attualmente non ha date a Calendario e può essere erogato in forma dedicata.
Usa il box qui accanto per richiederne uno apposta per te!
sede
Sede: PCSNET NordEst
prezzo
Prezzo: 3.500 € + IVA
Inizio
Fine
Prezzo
 
19 feb 18
23 feb 18
3.500 €
19 mar 18
23 mar 18
3.500 €
07 mag 18
11 mag 18
3.500 €
sede
Sede: PCSNET Torino
prezzo
Prezzo: 3.500 € + IVA
Questo corso attualmente non ha date a Calendario e può essere erogato in forma dedicata.
Usa il box qui accanto per richiederne uno apposta per te!
sede
Sede: PCSNET Emilia Romagna
prezzo
Prezzo: 3.500 € + IVA
Inizio
Fine
Prezzo
 
12 mar 18
16 mar 18
3.500 €
sede
Sede: PCSNET Toscana
prezzo
Prezzo: 3.500 € + IVA
Questo corso attualmente non ha date a Calendario e può essere erogato in forma dedicata.
Usa il box qui accanto per richiederne uno apposta per te!
sede
Sede: PCSNET Marche
prezzo
Prezzo: 3.500 € + IVA
Questo corso attualmente non ha date a Calendario e può essere erogato in forma dedicata.
Usa il box qui accanto per richiederne uno apposta per te!
sede
Sede: PCSNET Umbria
prezzo
Prezzo: 3.500 € + IVA
Questo corso attualmente non ha date a Calendario e può essere erogato in forma dedicata.
Usa il box qui accanto per richiederne uno apposta per te!
sede
Sede: PCSNET Napoli
prezzo
Prezzo: 3.500 € + IVA
Questo corso attualmente non ha date a Calendario e può essere erogato in forma dedicata.
Usa il box qui accanto per richiederne uno apposta per te!
sede
Sede: PCSNET Sicilia
prezzo
Prezzo: 3.500 € + IVA
Questo corso attualmente non ha date a Calendario e può essere erogato in forma dedicata.
Usa il box qui accanto per richiederne uno apposta per te!

CORSO DEDICATO

Per avere informazioni sul corso dedicato compila il form e ti contatteremo

CORSO DEDICATO

Grazie per la tua richiesta, ti contatteremo al più presto.

OBIETTIVI

La classe immergerà i partecipanti in un ambiente fortemente interattivo nel quale verrà loro mostrato come effettuare scanning, testing e hacking dei propri sistemi al fine di renderli più sicuri. La pervasiva presenza di laboratori darà ad ogni partecipante non solo una conoscenza approfondita ma anche un'esperienza pratica con i fondamentali sistemi di sicurezza. I partecipanti inizieranno a comprendere il funzionamento delle difese perimetriche e verranno condotti ad effettuare scanning e attacchi alle proprie reti. I partecipanti apprenderanno inoltre le tecniche degli intrusi per l'escalation dei privilegi e quali passi possono essere attuati per mettere in sicurezza un sistema. I partecipanti apprenderanno anche: l'intrusion detection, la policy creation, il social engineering, gli attacchi DDoS, i buffer overflow e la creazione di virus.

Alla conclusione di questi 5 giorni di formazione intensiva i partecipanti avranno acquisito la conoscenza teorica e pratica dell'Ethical Hacking.

Il corso prepara a sostenere l'esame EC-Council Certified Ethical Hacker 312-50 accreditato ANSI. 

PREREQUISITI

Conoscenza del protocollo TCP/IP

Conoscenza di base dei sistemi operativi Windows

Conoscenza di base dei sistemi operativi Linux

CONTENUTI:

Module 1 Introduction to Ethical Hacking

Information Security Overview

Information Security Threats and Attack Vectors

Hacking Concepts

Hacking Phases

Types of Attacks

Information Security Controls

 

Module 2 Footprinting and Reconnaissance

Footprinting Concepts

Footprinting Threats

Footprinting Methodology

Footprinting Tools

Footprinting Countermeasures

Footprinting Penetration Testing

 

Module 3 Scanning Networks

Overview of Network Scanning

CEH Scanning Methodology

Check for Live Systems

Check for Open Ports

Scanning Beyond IDS

Banner Grabbing

Scan for Vulnerability

Draw Network Diagrams

Prepare Proxies

Scanning Pen Testing

 

Module 4 Enumeration

What is Enumeration?

Techniques for Enumeration

Netbios Enumeration

Enumerating User Accounts

Enumerate Systems Using Default Passwords

SNMP (Simple Network Management Protocol) Enumeration

UNIX/Linux Enumeration

LDAP Enumeration

NTP Enumeration

SMTP Enumeration

DNS Zone Transfer Enumeration Using nslookup

Enumeration Countermeasures

Enumeration Pen Testing

 

Module 5 System Hacking

Information at Hand Before System Hacking Stage

System Hacking: Goals

CEH Hacking Methodology (CHM)

Password Cracking

Microsoft Authentication

How Hash Passwords are Stored in Windows SAM?

What is LAN Manager Hash?

Kerberos Authentication

Salting

PWdump7 and Fgdump

L0phtCrack

Ophcrack

Cain & Abel

RainbowCrack

Password Cracking Tools

LM Hash Backward Compatibility

How to Defend against Password Cracking?

Privilege Escalation

Active@ Password Changer

Privilege Escalation Tools

How to Defend against Privilege Escalation?

Executing Applications

Alchemy Remote Executor

RemoteExec

Execute This!

Keylogger

Types of Keystroke Loggers

Acoustic/CAM Keylogger

Keyloggers

Spyware

How to Defend against Keyloggers?

How to Defend against Spyware?

Rootkits

Types of Rootkits

How Rootkit Works?

Rootkit: Fu

Detecting Rootkits

How to Defend against Rootkits?

Anti-Rootkit: RootkitRevealer and McAfee Rootkit Detective

NTFS Data Stream

What is Steganography?

Types of Steganography

Image Steganography

Document Steganography: wbStego

Video Steganography: Our Secret

Audio Steganography: Mp3stegz

Folder Steganography: Invisible Secrets 4

Spam/Email Steganography: Spam Mimic

Natural Text Steganography: Sams Big G Play Maker

Steganalysis

Steganography Detection Tool: Stegdetect

Why Cover Tracks?

Ways to Clear Online Tracks

Disabling Auditing: Auditpol

Covering Tracks Tool: Window Washer

Covering Tracks Tool: Tracks Eraser Pro

System Hacking Penetration Testing

 

Module 6 Trojans & Backdoors

What is a Trojan?

Overt and Covert Channels

Purpose of Trojans

What Do Trojan Creators Look For?

Indications of a Trojan Attack

Common Ports used by Trojans

How to Infect Systems Using a Trojan?

Wrappers

Different Ways a Trojan can Get into a System

How to Deploy a Trojan?

Evading Anti-Virus Techniques

Types of Trojans

Destructive Trojans

Notification Trojans

Credit Card Trojans

Data Hiding Trojans (Encrypted Trojans)

BlackBerry Trojan: PhoneSnoop

MAC OS X Trojan: DNSChanger

MAC OS X Trojan: DNSChanger

Mac OS X Trojan: Hell Raiser

How to Detect Trojans?

Process Monitoring Tool: What’s Running

Scanning for Suspicious Registry Entries

Registry Entry Monitoring Tools

Scanning for Suspicious Device Drivers

Scanning for Suspicious Windows Services

Scanning for Suspicious Startup Programs

Scanning for Suspicious Files and Folders

Scanning for Suspicious Network Activities

Trojan Countermeasures

Backdoor Countermeasures

Trojan Horse Construction Kit

Anti-Trojan Software: TrojanHunter

Anti-Trojan Software: Emsisoft Anti-Malware

Anti-Trojan Softwares

Pen Testing for Trojans and Backdoors

 

Module 7 Viruses & Worms

Introduction to Viruses

Virus and Worm Statistics 2010

Stages of Virus Life

Working of Viruses: Infection Phase

Working of Viruses: Attack Phase

Why Do People Create Computer Viruses?

Indications of Virus Attack

How does a Computer get Infected by Viruses?

Virus Hoaxes

Virus Analysis:

Types of Viruses

Transient and Terminate and Stay Resident Viruses

Writing a Simple Virus Program

Computer Worms

How is a Worm Different from a Virus?

Example of Worm Infection: Conficker Worm

Worm Analysis:

Worm Maker: Internet Worm Maker Thing

What is Sheep Dip Computer?

Anti-Virus Sensors Systems

Malware Analysis Procedure

String Extracting Tool: Bintext

Compression and Decompression Tool: UPX

Process Monitoring Tools: Process Monitor

Log Packet Content Monitoring Tools: NetResident

Debugging Tool: Ollydbg

Virus Analysis Tool: IDA Pro

Online Malware Testing:

Online Malware Analysis Services

Virus Detection Methods

Virus and Worms Countermeasures

Companion Antivirus: Immunet Protect

Anti-virus Tools

Penetration Testing for Virus

 

Module 8 Sniffers

Sniffing Concepts

MAC Attacks

DHCP Attacks

ARP Poisoning

Spoofing Attack

DNS Poisoning

Sniffing Tools

Counter measures

Sniffing Pen Testing

 

Module 9 Social Engineering

What is Social Engineering?

Behaviors Vulnerable to Attacks

Why is Social Engineering Effective?

Warning Signs of an Attack

Phases in a Social Engineering Attack

Impact on the Organization

Command Injection Attacks

Common Targets of Social Engineering

Types of Social Engineering

Insider Attack

Common Intrusion Tactics and Strategies for Prevention

Social Engineering Through Impersonation on Social Networking Sites

Risks of Social Networking to Corporate Networks

Identity Theft Statistics 2010

Real Steven Gets Huge Credit Card Statement

Identity Theft – Serious Problem

Social Engineering Countermeasures: Policies

How to Detect Phishing Emails?

Identity Theft Countermeasures

Social Engineering Pen Testing

 

Module 10 Denial of Service

What is a Denial of Service Attack?

What is Distributed Denial of Service Attacks?

Symptoms of a DoS Attack

Cyber Criminals

Internet Chat Query (ICQ)

Internet Relay Chat (IRC)

DoS Attack Techniques

Botnet

WikiLeak Operation Payback

DoS Attack Tools

Detection Techniques

DoS/DDoS Countermeasure Strategies

DDoS Attack Countermeasures

Post-attack Forensics

Techniques to Defend against Botnets

DoS/DDoS Countermeasures

DoS/DDoS Protection at ISP Level

Enabling TCP Intercept on Cisco IOS Software

Advanced DDoS Protection: IntelliGuard DDoS Protection System (DPS)

DoS/DDoS Protection Tool

Denial of Service (DoS) Attack Penetration Testing

 

Module 11 Session Hijacking

What is Session Hijacking?

Dangers Posed by Hijacking

Why Session Hijacking is Successful?

Key Session Hijacking Techniques

Brute Forcing

HTTP Referrer Attack

Spoofing vs. Hijacking

Session Hijacking Process

Packet Analysis of a Local Session Hijack

Types of Session Hijacking

Predictable Session Token

Man-in-the-Middle Attack

Man-in-the-Browser Attack

Client-side Attacks

Cross-site Script Attack

Session Fixation

Network Level Session Hijacking

The 3-Way Handshake

Sequence Numbers

TCP/IP Hijacking

IP Spoofing: Source Routed Packets

RST Hijacking

Blind Hijacking

Man-in-the-Middle Attack using Packet Sniffer

UDP Hijacking

Session Hijacking Tools

Countermeasures

Protecting against Session Hijacking

Methods to Prevent Session Hijacking: To be Followed by Web Developers

Methods to Prevent Session Hijacking: To be Followed by Web Users

Defending against Session Hijack Attacks

Session Hijacking Remediation

IPSec

Session Hijacking Pen Testing

 

Module 12 Hijacking Webservers

Webserver Market Shares

Open Source Webserver Architecture

IIS Webserver Architecture

Website Defacement

Case Study

Why Web Servers are Compromised?

Impact of Webserver Attacks

Webserver Misconfiguration

Directory Traversal Attacks

HTTP Response Splitting Attack

Web Cache Poisoning Attack

HTTP Response Hijacking

SSH Bruteforce Attack

Man-in-the-Middle Attack

Webserver Password Cracking

Web Application Attacks

Webserver Attack Methodology

Webserver Attack Tools

Web Password Cracking Tool

Countermeasures

How to Defend Against Web Server Attacks?

How to Defend against HTTP Response Splitting and Web Cache Poisoning?

Patches and Hotfixes

What is Patch Management?

Identifying Appropriate Sources for Updates and Patches

Installation of a Patch

Patch Management Tool: Microsoft Baseline Security Analyzer (MBSA)

Web Application Security Scanner: Sandcat

Web Server Security Scanner: Wikto

Webserver Malware Infection Monitoring Tool: HackAlert

Webserver Security Tools

Web Server Penetration Testing

 

Module 13 Hijacking Web Applications

Web Application Security Statistics

Introduction to Web Applications

Web Application Components

How Web Applications Work?

Web Application Architecture

Web 2.0 Applications

Vulnerability Stack

Web Attack Vectors

Web Application Threats – 1

Web Application Threats – 2

Unvalidated Input

Parameter/Form Tampering

Directory Traversal

Security Misconfiguration

Injection Flaws

What is LDAP Injection?

How LDAP Injection Works?

Hidden Field Manipulation Attack

Cross-Site Scripting (XSS) Attacks

Web Application Denial-of-Service (DoS) Attack

Buffer Overflow Attacks

Cookie/Session Poisoning

Session Fixation Attack

Insufficient Transport Layer Protection

Improper Error Handling

Insecure Cryptographic Storage

Broken Authentication and Session Management

Unvalidated Redirects and Forwards

Web Services Architecture

Footprint Web Infrastructure

Web Spidering Using Burp Suite

Hacking Web Servers

Analyze Web Applications

Attack Authentication Mechanism

Username Enumeration

Password Attacks: Password Functionality Exploits

Password Attacks: Password Guessing

Password Attacks: Brute-forcing

Session Attacks: Session ID Prediction/ Brute-forcing

Cookie Exploitation: Cookie Poisoning

Authorization Attack

Session Management Attack

Injection Attacks

Attack Data Connectivity

Attack Web App Client

Attack Web Services

Web Services Probing Attacks

Web Service Attack Tool: soapUI

Web Service Attack Tool: XMLSpy

Web Application Hacking Tool: Burp Suite Professional

Web Application Hacking Tools: CookieDigger

Web Application Hacking Tools: WebScarab

Encoding Schemes

Web Application Countermeasures

Web Application Firewall: dotDefender

Web Application Firewall: IBM AppScan

Web Application Firewall: ServerDefender VP

Web Application Pen Testing

 

Module 14 SQL Injections

SQL Injection is the Most Prevalent Vulnerability in 2010

SQL Injection Concepts

Testing for SQL Injection

Types of SQL Injection

Blind SQL Injection

SQL Injection Methodology

Advanced SQL Injection

Evasion Techniques

Counter-measures

 

Module 15 Hacking Wireless Networks

Wireless Concepts

Wireless Encryption

Wireless Threats

Wireless Hacking Methodology

Wireless Hacking Tools

Bluetooth Hacking

Counter-measures

Wireless Security Tools

Wi-Fi Pen Testing

 

Module 16 Hacking Mobile Platforms

Mobile Platform Attack Vectors

Hacking Android OS

Hacking iOS

Hacking Windows Phone OS

Hacking BlackBerry

Mobile Device Management (MDM)

Mobile Security Guidelines and Tools

Mobile Pen Testing

 

Module 17 Evading IDS, Firewalls and Honeypots

IDS, Firewall and Honeypot Concepts

IDS, Firewall and Honeypot System

Evading IDS

Evading Firewalls

Detecting Honeypots

Firewall Evading Tools

Countermeasures

Penetration Testing

 

Module 18 Buffer Overflow

Buffer Overflow Concepts

Buffer Overflow Methodology

Buffer Overflow Examples

Buffer Overflow Detection

Buffer Overflow Counter-measures

Buffer Overflow Security Tools

Buffer Overflow Penetration Testing

 

Module 19 Cryptography

Cryptography Concepts

Encryption Algorithms

Cryptography Tools

Public Key Infrastructure(PKI)

Email Encryption

Disk Encryption

Cryptography Attacks

Cryptanalysis Tools

 

Module 20 Penetration Testing

Pen Testing Concepts

Types of Pen Testing

Pen Testing Techniques

Pen Testing Phases

Pen Testing Roadmap

Outsourcing Pen Testing Services

INFO

  • Esame: 312-50 - Certified Ethical Hacker
  • Manuale: Student Kit Ufficiale EC-Council comprensivo di voucher esame
  • Prezzo manuale: 0 € incluso nel prezzo del corso
  • Natura del corso: Operativo (previsti lab su PC)

PARTNERSHIP