Certified Ethical Hacker (CEHv12- Master)
Ready to elevate your cyber security skills? Your search ends here! Our CEH Master Course presents an exceptional chance for those dedicated to ethical hacking and cyber security to reach new heights.
What Sets Our CEH Master Course Apart?
Advanced Curriculum Tailored for Mastery
Our CEH Master Course is crafted to empower you with advanced ethical hacking techniques and methodologies. Dive deep into cutting-edge topics like system hacking, malware threats, penetration testing, cryptography, and more. Gain hands-on experience using the latest tools, preparing you to identify vulnerabilities and fortify defenses effectively.
Real-world Simulations for Practical Proficiency
Theory meets practical application in our program. Engage in real-world simulations and hands-on lab sessions, allowing you to apply your knowledge to authentic scenarios. These simulations provide invaluable experience, honing your skills in problem-solving and decision-making in the cyber security landscape.
Industry-Recognized Certification for Career Advancement
Earning our CEH Master certification isn’t just a testament to your skills – it’s a career game-changer. This prestigious certification showcases your expertise, making you a highly sought-after professional in roles such as Security Analysts, Ethical Hackers, Penetration Testers, and more.
Why Choose Our CEH Master Course?
Expert Guidance: Learn from industry experts with extensive experience, ensuring you receive top-notch guidance throughout the program.
Career Opportunities: This course and certification opens doors to a wide array of career opportunities in the rapidly growing field of cyber security. This is the most demanded certification course.
Enroll Today and Secure Your Future in Cyber security!
Join us in mastering the art of ethical hacking through our CEH Master Course. Don’t miss out on this chance to equip yourself with the skills needed to defend against cyber threats and become an invaluable asset in the digital world.
About CEHv12 – Master Certification Exam
The CEHv12 (Certified Ethical Hacker version 12) international certification exam by EC-Council consists of both practical and multiple-choice question (MCQ) sections. This certification exam aims to assess candidates' skills, knowledge, and understanding of ethical hacking techniques, tools, and methodologies.
Here is an overview of the exam format for CEHv12 course:
Multiple-Choice Question (MCQ) Exam Section:
- This section typically includes 125 MCQ based question on the CEHv12 course curriculum.
- Candidates are tested on their theoretical understanding of various cyber security concepts, methodologies, tools, and best practices.
- Questions may cover topics such as Reconnaissance, Scanning networks, Enumeration, Vulnerability Assessment, System Hacking, Sniffing, Social Engineering, Malware Threats, Cryptography, Exploiting Web Application vulnerabilities, Cloud Computing, etc.
- Candidates need to select the correct answer(s) from the options provided.
Practical Exam Section:
- The practical portion of the exam involves 20 hands-on challenges where candidates are required to demonstrate their skills in a simulated environment and are required to perform Ethical Hacking in order to answer 20 questions based on the practicals.
- Candidates are presented with scenarios that mimic real-world cyber security situations.
- They are expected to perform tasks such as port scanning, identifying vulnerabilities, conducting penetration tests, exploiting security weaknesses, analyzing network traffic, performing steganography, cryptography, password cracking and implementing security measures.
- The practical section assesses the candidate's ability to apply their knowledge in practical situations using various tools and techniques.
CEHv12 Master Syllabus:
Section 01: Introduction to Ethical Hacking (Day 1)
Time-Duration: 2 Hours - Comprising 13 Topics
1. Foundational Elements of Information Security
2. Hacker Classification and the Practice of Ethical Hacking
3. Phases of Ethical Hacking
4. Cyber Kill Chain Methodology
5. MITRE ATT&CK Framework
6. Cyber Attacks and its classification
7. Risk Management
8. Incident Management
9. Information Assurance (IA)
10. PCI DSS
11. SOX
12. GDPR
13. HIPAA
Practicals
• Setting up a safe and legal hacking environment (virtual machines, labs).
Section 02: Footprinting and Reconnaissance (Day 2)
Time-Duration: 2 Hours - Comprising 8 Topics
Executing footprinting/reconnaissance on the target network:
1. Via search engines
2. Via social networking platforms
3. Using web services
Conducting footprinting/reconnaissance on the target:
1. DNS
2. Network resources
3. Website
4. Email
5. Whois
Practicals
• Conducting online footprinting using search engines, social media, and specialized tools.
• Utilizing reconnaissance techniques like OSINT (Open-source Intelligence) gathering, WayBack machine, Google Dorking, Email footprinting, and many more.
Section 03: Network Scanning (Day 3)
Time-Duration: 2 Hours - Comprising 5 Topics
1. Host Discovery
2. Port Scanning
3. Operating System discovery
4. Service version scanning
5. Vulnerability Scanning
Practicals-
• Using Nmap to identify open ports, services, and vulnerabilities.
Section 04: Enumeration (Day 4)
Time-Duration: 2 Hours - Focusing on 9 Topic
1. NetBIOS
2. SMTP
3. RPC
4. SMB
5. FTP
6. SNMP
7. LDAP
8. NFS
9. DNS
Practicals-
• Enumerating information such as usernames, shares, and resources using different tools.
• Finding exploits for vulnerable services.
• Introduction to Metasploit Framework
• Brute-Force attacks using Hydra
Section 05: Vulnerability Analysis (Day 5)
Time-Duration: 2 Hours - Comprising 3 Topics
1. Understanding the process of Vulnerability assessment life cycle.
2. Conducting vulnerability research using vulnerability scoring systems and vulnerability databases.
3. Performing vulnerability assessments utilizing a range of vulnerability assessment tools like:
• Nessus
• OpenVAS
• Acunetix web application scanner
• Nikto
Practicals-
• Conducting vulnerability scanning using tools like Nessus, Nikto or OpenVAS
Section 06: System Hacking (Day 6)
Time-Duration: 2 Hours - Comprising 8 Topics
1. Executing active online attacks to crack password hashes of Windows and Linux Operating Systems
2. Performing Authentication bypass on Linux and Windows machine
3. Exploiting vulnerabilities to gain access to remote systems
4. Escalating privileges on Linux machines and Windows machines
5. Concealing data through steganography
6. Use of malwares for maintaining access.
7. Clearing logs on Windows and Linux machines using various utilities
8. Concealing artefacts within Windows and Linux systems
Practicals-
• Password cracking exercises using tools like John the Ripper or Hashcat.
• Exploiting system vulnerabilities in a controlled environment.
• Creating malicious Payloads.
• Tools for Steganography
• Tools for covering tracks on OS.
Section 07: Malware Threats (Day 7)
Time-Duration: 2 Hours - Encompassing 16 Topics
1. Malware
2. Malware Components
3. Trojan Overview
4. Various Types of Trojans
5. Viruses
6. Ransomware
7. Computer Worms
8. Keyloggers
9. Spywares
10. Malware Analysis
11. Static Malware Analysis
12. Dynamic Malware Analysis
13. Methods for Detecting Malwares
14. Antivirus Software
15. Gaining control over a victim machine using a Trojan
16. Infecting the target system with a virus
Practicals-
• Understanding the workings of different malwares like Trojan horse, Ransomewares, etc.
• How to identify and protect the system from Malwares?
Section 08: Network Packet Analysis (Day 8)
Time-Duration: 2 Hours - Covering 10 Topics
1. Network Sniffing
2. MAC Flooding
3. DHCP Starvation Attack
4. ARP Spoofing Attack
5. ARP Poisoning (Man-in-the-middle) attack
6. ARP Poisoning Tools
7. MAC Address Spoofing
8. DNS Poisoning and its tools
9. Sniffing Tools
10. Techniques for Detecting Sniffing
Practicals-
• Packet sniffing using Wireshark or Tcpdump to capture and analyze network traffic.
• Performing Man-in-the-Middle attack using ARP poisioning
• Performing MAC spoofing
• Performing DHCP attacks
Section 09: Social Engineering (Day 9)
Time-Duration: 2 Hours - Encompassing 8 Topics
1. Executing social engineering using various techniques
2. Spoofing the MAC address of a Linux machine
3. Identifying a phishing attack
4. Evaluating an organization's security posture against phishing attacks
5. Key topics include:
• Various Types of Social Engineering
• Human Based Social Engineering
• Computer based Social Engineering
• Mobile based Social Engineering
• Phishing Attacks
• Tools for Phishing
• Insider Threats and Insider Attacks
• Identity Theft
Practicals-
• Conducting phishing simulations to demonstrate social engineering attacks.
• Hiding a malicious link
Section 10: Denial-of-Service (DoS) (Day 10)
Time-Duration: 2 Hours - Encompassing 9 Topics
1. DoS Attacks
2. Distributed DoS (DDoS) Attacks
3. Botnets
4. Techniques Employed in DoS/DDoS Attacks
5. Ping of Death attack
6. Smurf attack
7. SYN flood attack
8. Slowloris attack
9. Tools Used in DoS/DDoS Attacks
Practicals-
• Simulating DoS attacks using tools like LOIC (Low Orbit Ion Cannon), hping3 or Metasploit Framework to understand their impact on systems and networks.
Section 11: Session Hijacking Attack (Day 11)
Time-Duration: 2 Hours - Comprising 8 Topics
1. Session and concept of cookies
2. Session Hijacking
3. Different Varieties of Session Hijacking
4. Spoofing vs hijacking
5. Session Hijacking at the Application Level
6. Client-side Attacks
7. Session Replay Attacks
8. Tools for Session Hijacking
Practicals-
• Performing session hijacking exercises to take control of active sessions of HTTP connections and demonstrate the associated risks.
Section 12: Evading IDS, Firewalls, and Honeypots (Day 12)
Time-Duration: 2 Hours - Covering 6 Topics
1. Understanding the concepts of defensive devices like
2. Intrusion Detection System (IDS)
3. Firewalls
4. Honeypots
5. Outsmarting firewall rules
6. Evading IDS and Firewalls
Practicals-
• Understanding the working of IDS using snort
• Understanding the working of firewalls using firewalld
• Understanding the working of Honeypots
• Using techniques to bypass intrusion detection systems (IDS), and firewalls to understand their limitations.
Section 13: Hacking Web Servers (Day 13)
Time-Duration: 2 Hours - Covering 8 Topics
1. Operations of Web Servers
2. Web Server Attacks
3. DNS Server Hijacking
4. Defacement of Websites
5. Methodology for Web Server Attacks
6. Patch Management
7. Tools for Web Server Attacks
8. Tools for Enhancing Web Server Security
Practicals-
• Exploring vulnerabilities in web servers (such as Apache, Nginx) and exploiting them.
Section 14: Hacking Web Applications (Day 14)
Time-Duration: 2 Hours - Comprising 17 Topics
1. Web Application Architecture
2. Threats to Web Applications
3. Cross Site Scripting (XSS)
4. Directory Traversal
5. Command Injection
6. File upload vulnerabilities
7. Server Side Request Forgery (SSRF)
8. Cross Site Request Forgery (CSRF)
9. Broken Authentication
10. Broken Access control
11. Clickjacking
12. XML External Entities (XXE)
13. OWASP Top 10 Application Security Risks – 2021
14. Methodology for Hacking Web Applications
15. Web APIs
16. Web Shells
17. Security of Web Applications
Practicals-
• Testing web application security using Burp Suite.
• Performing web application vulnerabilities like Cross-Site Scripting, Directory Traversal, File Upload, CSRF, SSRF, Command Injection, etc.
Section 15: SQL Injection Attack (Day 15)
Time-Duration: 2 Hours - Encompassing 7 Topics
1. SQL Injection
2. Different Varieties of SQL Injection
3. Error based SQL Injection
4. Union based SQL Injection
5. Blind SQL Injection
6. Methodology for SQL Injection
7. Tools for SQL Injection
Practicals-
• Conducting SQL injection exercises against vulnerable web applications to retrieve or manipulate data.
• Understanding types of SQL Injection like Error, Union and Blind based SQL injection attacks.
Section 16: Hacking Wireless Networks (Day 16)
Time-Duration: 2 Hours - Covering 11 Topics
1. Wireless network Terminology
2. Characteristics of Wireless Networks
3. Wireless Encryption standards including WEP, WPA, WPA2 and WPA3
4. Threats to Wireless Networks
5. Methodology for Hacking Wireless Networks
6. Techniques for Cracking Wi-Fi network password
7. Evil-twin attack
8. Jamming signal attack
9. De-authentication attack
10. Bluetooth Hacking
11. Threats Associated with Bluetooth
Practicals-
• Performing wireless network password cracking attacks.
• Using tools like aircrack-ng suite to perform other wireless attacks.
Section 17: Hacking Mobile Platforms (Day 17)
Time-Duration: 2 Hours - Encompassing 12 Topics
1. Attack Vectors for Mobile Platforms
2. OWASP's Top 10 Mobile Risks
3. App Sandboxing, SMS Phishing Attack (SMiShing)
4. Android Rooting
5. Techniques for Hacking Android Devices
6. Android Security Tools
7. Jailbreaking iOS
8. Methods for Hacking iOS Devices
9. Tools for iOS Device Security
10. Mobile Device Management (MDM)
11. OWASP's Top 10 Mobile Controls
12. Tools for Mobile Security
Practicals-
• Explore various mobile threats (malware, phishing, etc.) and implement countermeasures.
• Generating malicious Payloads for mobile devices.
• Exploring attacks like DoS, SMS/call bombing, Port scanning, etc.
Section 18: IoT and OT Exploitation (Day 18)
Time-Duration: 2 Hours - Comprising 13 Topics
1. IoT Architecture
2. IoT Communication Models
3. Top 10 IoT Threats by OWASP
4. Vulnerabilities in IoT
5. Methodology for Hacking IoT
6. Tools for Hacking IoT
7. Introduction to OT
8. IT/OT Convergence and IIoT
9. Vulnerabilities in ICS and OT
10. Attacks on OT
11. Methodology for Hacking OT
12. Tools for Hacking OT
13. Tools for OT Security
Practicals-
• Identify and analyze IoT and OT devices within a network using tools like Shodan, search engines, or network scanning techniques.
• Perform vulnerability scanning and analysis of IoT and OT devices using specialized tools like Nessus, nmap, etc to identify weaknesses.
Section 19: Cloud Computing (Day 19)
Time-Duration: 2 Hours - Covering 12 Topics
1. Cloud Computing
2. Types of Cloud Computing Services
3. Cloud Deployment Models
4. Cloud Service Providers
5. Containers
6. Docker
7. Kubernetes
8. Cloud-Based Attacks
9. Hacking in the Cloud
10. Cloud Network Security
11. Controls for Cloud Security
12. Tools for Cloud Security
Practicals-
• Understanding the platforms of Cloud providers like AWS.
• Exploring EC2 service of AWS to deploy a virtual machine.
Section 20: Cryptographic Principles (Day 20)
Time-Duration: 2 Hours - Covering 11 Topics
1. Cryptography
2. Encryption Algorithms
3. Types of Encryption
4. Hashing
5. MD5 and SHA Hash Calculation
6. Cryptography Tools
7. Public Key Infrastructure (PKI)
8. Email Encryption
9. Disk Encryption
10. Cryptography Attacks
11. How to protect from these attacks?
Practicals-
• Hands-on practice with encryption and decryption using tools like OpenSSL or PGPtool.
• Hands-on practice with Hashing using tools like hashmyfiles, hashcalc, etc.
• Understanding cracking hashes using CrackStation.
• Hands-on practice with different kinds of Encoding like Base64, ROT13, Morse code, etc.