Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

Version Change Document

Ethical Hacking and Countermeasures

Version Comparison

CEHv10 Change Summary

1. The Module 05: Vulnerability Analysis is a completely new module in CEHv10
2. The Module 18: IoT Hacking is a completely new module in CEHv10
3. The Module 16: vading IDS, Firewalls, and Honeypots from CEHv9 is moved to Module
12 in CEHv10
4. The Module 07: Malware Threats module includes static and dynamic malware analysis
in CEHv10
5. All the tool screenshots are replaced with the latest version
6. All the tool listing slides are updated with the latest tools

Module Comparison

CEHv9
Module 01: Introduction to Ethical Hacking
Module 02: Footprinting and
Reconnaissance
Module 03: Scanning Networks
Module 04: Enumeration
Module 05: System Hacking
Module 06: Malware Threats
Module 07: Sniffing
Module 08: Social Engineering
CEHv10
Module 01: Introduction to Ethical Hacking
Module 02: Footprinting and
Reconnaissance
Module 03: Scanning Networks
Module 04: Enumeration
Module 05: Vulnerability Analysis
Module 06: System Hacking
Module 07: Malware Threats
Module 08: Sniffing

Page | 1 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
Module 09: Denial-of-Service
Module 10: Session Hijacking
Module 11: Hacking Webservers
Module 12: Hacking Web Applications
Module 13: SQL Injection
Module 14: Hacking Wireless Networks
Module 15: Hacking Mobile Platforms
Module 16: Evading IDS, Firewalls, and
Honeypots
Module 17: Cloud Computing Security
Module 18: Cryptography
Page | 2
Exam 312-50 Certified Ethical Hacker
Module 09: Social Engineering
Module 10: Denial-of-Service
Module 11: Session Hijacking
Module 12: Evading IDS, Firewalls, and
Honeypots
Module 13: Hacking Web Servers
Module 14: Hacking Web Applications
Module 15: SQL Injection
Module 16: Hacking Wireless Networks
Module 17: Hacking Mobile Platforms
Module 18: IoT Hacking
Module 19: Cloud Computing
Module 20: Cryptography
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

Courseware Content Comparison

The notations used:
1. Red points are new slides in CEHv10
2. Blue points are substantially modified in CEHv10
3. Striked points are removed from CEHv9

CEHv9 CEHv10
Module 01: Introduction to Ethical Hacking Module 01: Introduction to Ethical Hacking
 Internet is Integral Part of Business and Personal
 Information Security Overview
Life - What Happens Online in 60 Seconds
o Internet is Integral Part of Business and
 Information Security Overview Personal Life - What Happens Online in 60
Seconds
o Case Study: eBay Data Breach o Essential Terminology
o Case Study: Google Play Hack o Elements of Information Security
o The Security, Functionality, and Usability
o Case Study: The Home Depot Data Breach
Triangle
o Case Study: JPMorgan Chase Data Breach  Information Security Threats and Attack Vectors
o Motives, Goals, and Objectives of Information
o Year of the Mega Breach
Security Attacks
o Data Breach Statistics o Top Information Security Attack Vectors
o Malware Trends in 2015 o Information Security Threat Categories
o Essential Terminology o Types of Attacks on a System
o Elements of Information Security o Information Warfare
o The Security, Functionality, and Usability
 Hacking Concepts
Triangle
 Information Security Threats and Attack Vectors o What is Hacking?
o Motives, Goals, and Objectives of Information
o Who is a Hacker?
Security Attacks
o Top Information Security Attack Vectors o Hacker Classes
o Information Security Threats Categories o Hacking Phases
o Types of Attacks on a System  Reconnaissance
o Information Warfare  Scanning
 Hacking Concepts, Types, and Phases  Gaining Access
o What is Hacking?  Maintaining Access
o Who is a Hacker?  Clearing Tracks
o Hacker Classes  Ethical Hacking Concepts
o Hacking Phases o What is Ethical Hacking?
 Reconnaissance o Why Ethical Hacking is Necessary

Page | 3 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
 Scanning
 Gaining Access
 Maintaining Access
 Clearing Tracks
 Ethical Hacking Concepts and Scope
o What is Ethical Hacking?
o Why Ethical Hacking is Necessary
o Scope and Limitations of Ethical Hacking
o Skills of an Ethical Hacker
 Information Security Controls
o Information Assurance (IA)
o Information Security Management Program
o Threat Modeling
o Enterprise Information Security Architecture
(EISA)
o Network Security Zoning
o Defense in Depth
o Information Security Policies
 Types of Security Policies
 Examples of Security Policies
 Privacy Policies at Workplace
 Steps to Create and Implement Security
Policies
 HR/Legal Implications of Security Policy
Enforcement
o Physical Security
 Physical Security Controls
o Incident Management
 Incident Management Process
 Responsibilities of an Incident Response
Team
o What is Vulnerability Assessment?
 Types of Vulnerability Assessment
 Network Vulnerability Assessment
Methodology
Page | 4
Exam 312-50 Certified Ethical Hacker
o Scope and Limitations of Ethical Hacking
o Skills of an Ethical Hacker
 Information Security Controls
o Information Assurance (IA)
o Information Security Management Program
o Enterprise Information Security Architecture
(EISA)
o Network Security Zoning
o Defense-in-Depth
o Information Security Policies
 Types of Security Policies
 Examples of Security Policies
 Privacy Policies at Workplace
 Steps to Create and Implement Security
Policies
 HR/Legal Implications of Security Policy
Enforcement
o Physical Security
 Types of Physical Security Control
 Physical Security Controls
o What is Risk?
 Risk Management
 Key Roles and Responsibilities in Risk
Management
o Threat Modeling
o Incident Management
 Incident Management Process
 Responsibilities of an Incident Response
Team
o Security Incident and Event Management
(SIEM)
 SIEM Architecture
o User Behavior Analytics (UBA)
o Network Security Controls
 Access Control
 Types of Access Control
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
 Vulnerability Research
 Vulnerability Research Websites
o Penetration Testing
 Why Penetration Testing
 Comparing Security Audit, Vulnerability
Assessment, and Penetration Testing
 Blue Teaming/Red Teaming
 Types of Penetration Testing
 Phases of Penetration Testing
 Security Testing Methodology
 Penetration Testing Methodology
 Information Security Laws and Standards
o Payment Card Industry Data Security
Standard (PCI-DSS)
o ISO/IEC 27001:2013
o Health Insurance Portability and
Accountability Act (HIPAA)
o Sarbanes Oxley Act (SOX)
o The Digital Millennium Copyright Act (DMCA)
and Federal Information Security
Management Act (FISMA)
o Cyber Law in Different Countries
Module 02: Footprinting and Reconnaissance
 Footprinting Concepts
o What is Footprinting?
o Objectives of Footprinting
 Footprinting Methodology
o Footprinting through Search Engines
Page | 5
Exam 312-50 Certified Ethical Hacker
 User Identification, Authentication,
Authorization and Accounting
o Identity and Access Management (IAM)
o Data Leakage
 Data Leakage Threats
 What is Data Loss Prevention (DLP)?
o Data Backup
o Data Recovery
o Role of AI/ML in Cyber Security
 Penetration Testing Concepts
o Penetration Testing
o Why Penetration Testing
o Comparing Security Audit, Vulnerability
Assessment, and Penetration Testing
o Blue Teaming/Red Teaming
o Types of Penetration Testing
o Phases of Penetration Testing
o Security Testing Methodology
 Information Security Laws and Standards
o Payment Card Industry Data Security
Standard (PCI-DSS)
o ISO/IEC 27001:2013
o Health Insurance Portability and
Accountability Act (HIPAA)
o Sarbanes Oxley Act (SOX)
o The Digital Millennium Copyright Act (DMCA)
o Federal Information Security Management
Act (FISMA)
o Cyber Law in Different Countries
Module 02: Footprinting and Reconnaissance
 Footprinting Concepts
o What is Footprinting?
o Objectives of Footprinting
 Footprinting through Search Engines
o Footprinting through Search Engines
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
 Finding Company’s Public and Restricted
Websites
 Determining the Operating System
 Collect Location Information
 People Search: Social Networking Services
Sites/People Search Services
 People Search Online Services
 Gather Information from Financial Services
 Footprinting through Job Sites
 Monitoring Target Using Alerts
 Information Gathering Using Groups,
Forums, and Blogs
o Footprinting using Advanced Google Hacking
Techniques
 Google Advance Search Operators
 Google Hacking Databases
 Information Gathering Using Google
Advanced Search
o Footprinting through Social Networking Sites
 Collect Information through Social
Engineering on Social Networking Sites
 Information Available on Social
Networking Sites
o Website Footprinting
 Website Footprinting using Web Spiders
 Mirroring Entire Website
 Website Mirroring Tools
 Extract Website Information from
http://www.archive.org
 Monitoring Web Updates Using Website-
Watcher
 Web Updates Monitoring Tools
o Email Footprinting
 Tracking Email Communications
 Collecting Information from Email
Header
Page | 6
Exam 312-50 Certified Ethical Hacker
o Footprint Using Advanced Google Hacking
Techniques
o Information Gathering Using Google
Advanced Search and Image Search
o Google Hacking Database
o VoIP and VPN Footprinting through Google
Hacking Database
 Footprinting through Web Services
o Finding Company’s Top-level Domains (TLDs)
and Sub-domains
o Finding the Geographical Location of the
Target
o People Search on Social Networking Sites and
People Search Services
o Gathering Information from LinkedIn
o Gather Information from Financial Services
o Footprinting through Job Sites
o Monitoring Target Using Alerts
o Information Gathering Using Groups, Forums,
and Blogs
o Determining the Operating System
o VoIP and VPN Footprinting through SHODAN
 Footprinting through Social Networking Sites
o Collecting Information through Social
Engineering on Social Networking Sites
 Website Footprinting
o Website Footprinting
o Website Footprinting using Web Spiders
o Mirroring Entire Website
o Extracting Website Information from
https://archive.org
o Extracting Metadata of Public Documents
o Monitoring Web Pages for Updates and
Changes
 Email Footprinting
o Tracking Email Communications
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
 Email Tracking Tools
o Competitive Intelligence
 Competitive Intelligence Gathering
 Competitive Intelligence - When Did this
Company Begin? How Did it Develop?
 Competitive Intelligence - What Are the
Company's Plans?
 Competitive Intelligence - What Expert
Opinions Say About the Company
 Monitoring Website Traffic of Target
Company
 Tracking Online Reputation of the Target
 Tools for Tracking Online Reputation
of the Target
o WHOIS Footprinting
 WHOIS Lookup
 WHOIS Lookup Result Analysis
 WHOIS Lookup Tools
 WHOIS Lookup Tools for Mobile
o DNS Footprinting
 Extracting DNS Information
 DNS Interrogation Tools
o Network Footprinting
 Locate the Network Range
 Traceroute
 Traceroute Analysis
 Traceroute Tools
o Footprinting through Social Engineering
 Collect Information Using Eavesdropping,
Shoulder Surfing, and Dumpster Diving
 Footprinting Tools
o Footprinting Tool
 Maltego
 Recon-ng
 FOCA
o Additional Footprinting Tools
 Footprinting Countermeasures
 Footprinting Penetration Testing
Page | 7
Exam 312-50 Certified Ethical Hacker
o Collecting Information from Email Header
o Email Tracking Tools
 Competitive Intelligence
o Competitive Intelligence Gathering
o Competitive Intelligence - When Did this
Company Begin? How Did it Develop?
o Competitive Intelligence - What Are the
Company's Plans?
o Competitive Intelligence - What Expert
Opinions Say About the Company
o Monitoring Website Traffic of Target
Company
o Tracking Online Reputation of the Target
 Whois Footprinting
o Whois Lookup
o Whois Lookup Result Analysis
o Whois Lookup Tools
o Finding IP Geolocation Information
 DNS Footprinting
o Extracting DNS Information
o DNS Interrogation Tools
 Network Footprinting
o Locate the Network Range
o Traceroute
o Traceroute Analysis
o Traceroute Tools
 Footprinting through Social Engineering
o Footprinting through Social Engineering
o Collect Information Using Eavesdropping,
Shoulder Surfing, and Dumpster Diving
 Footprinting Tools
o Maltego
o Recon-ng
o FOCA
o Recon-Dog
o OSRFramework
o Additional Footprinting Tools
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
o Footprinting Pen Testing
o Footprinting Pen Testing Report Templates
Module 03: Scanning Networks
 How Tech Companies Prepare for Cyber Attacks
 Overview of Network Scanning
o TCP Communication Flags
o TCP/IP Communication
o Creating Custom Packet Using TCP Flags
 CEH Scanning Methodology
o Check for Live Systems
 Checking for Live Systems - ICMP Scanning
 Ping Sweep
 Ping Sweep Tools
o Check for Open Ports
 SSDP Scanning
 Scanning in IPv6 Networks
 Scanning Tool
 Nmap
 Hping2 / Hping3
 Hping Commands
 Scanning Techniques
 TCP Connect / Full Open Scan
 Stealth Scan (Half-open Scan)
 Inverse TCP Flag Scanning
 Xmas Scan
 ACK Flag Probe Scanning
 IDLE/IPID Header Scan
 IDLE Scan: Step 1
 IDLE Scan: Step 2 and 3
 UDP Scanning
 ICMP Echo Scanning/List Scan
 Scanning Tool: NetScan Tools Pro
 Scanning Tools
 Scanning Tools for Mobile
Page | 8
Exam 312-50 Certified Ethical Hacker
 Countermeasures
o Footprinting Countermeasures
 Footprinting Pen Testing
o Footprinting Pen Testing
o Footprinting Pen Testing Report Templates
Module 03: Scanning Networks
 Network Scanning Concepts
o Overview of Network Scanning
o TCP Communication Flags
o TCP/IP Communication
o Creating Custom Packet Using TCP Flags
o Scanning in IPv6 Networks
 Scanning Tools
o Nmap
o Hping2 / Hping3
 Hping Commands
o Scanning Tools
o Scanning Tools for Mobile
 Scanning Techniques
o Scanning Techniques
 ICMP Scanning - Checking for Live Systems
 Ping Sweep - Checking for Live Systems
 Ping Sweep Tools
 ICMP Echo Scanning
 TCP Connect / Full Open Scan
 Stealth Scan (Half-open Scan)
 Inverse TCP Flag Scanning
 Xmas Scan
 ACK Flag Probe Scanning
 IDLE/IPID Header Scan
 UDP Scanning
 SSDP and List Scanning
o Port Scanning Countermeasures
 Scanning Beyond IDS and Firewall
o IDS/Firewall Evasion Techniques
 Packet Fragmentation
 Source Routing
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
 Port Scanning Countermeasures
o Scanning Beyond IDS
 IDS Evasion Techniques
 SYN/FIN Scanning Using IP Fragments
o Banner Grabbing
 Banner Grabbing Tools
 Banner Grabbing Countermeasures
 Disabling or Changing Banner
 Hiding File Extensions from Web
Pages
o Scan for Vulnerability
 Vulnerability Scanning
 Vulnerability Scanning Tool
 Nessus
 GAFI LanGuard
 Qualys FreeScan
 Network Vulnerability Scanners
 Vulnerability Scanning Tools for Mobile
o Draw Network Diagrams
 Drawing Network Diagrams
 Network Discovery Tool
 Network Topology Mapper
 OpManager and NetworkView
 Network Discovery and Mapping Tools
 Network Discovery Tools for Mobile
o Prepare Proxies
 Proxy Servers
 Proxy Chaining
 Proxy Tool
 Proxy Switcher
 Proxy Workbench
 TOR and CyberGhost
 Proxy Tools
 Proxy Tools for Mobile
Page | 9
Exam 312-50 Certified Ethical Hacker
 IP Address Decoy
 IP Address Spoofing
 IP Spoofing Detection Techniques:
Direct TTL Probes
 IP Spoofing Detection Techniques: IP
Identification Number
 IP Spoofing Detection Techniques:
TCP Flow Control Method
 IP Spoofing Countermeasures
 Proxy Servers
 Proxy Chaining
 Proxy Tools
 Proxy Tools for Mobile
 Anonymizers
 Censorship Circumvention Tools:
Alkasir and Tails
 Anonymizers
 Anonymizers for Mobile
 Banner Grabbing
o Banner Grabbing
o How to Identify Target System OS
o Banner Grabbing Countermeasures
 Draw Network Diagrams
o Drawing Network Diagrams
o Network Discovery and Mapping Tools
o Network Discovery Tools for Mobile
 Scanning Pen Testing
o Scanning Pen Testing
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 Free Proxy Servers

 Introduction to Anonymizers
 Censorship Circumvention Tool: Tails
 G-Zapper
 Anonymizers
 Anonymizers for Mobile
 Spoofing IP Address
 IP Spoofing Detection Techniques
 Direct TTL Probes
 IP Identification Number
 TCP Flow Control Method
 IP Spoofing Countermeasures
o Scanning Pen Testing

Module 04: Enumeration Module 04: Enumeration

 Enumeration Concepts  Enumeration Concepts
o What is Enumeration? o What is Enumeration?
o Techniques for Enumeration o Techniques for Enumeration
o Services and Ports to Enumerate o Services and Ports to Enumerate
 NetBIOS Enumeration  NetBIOS Enumeration
o NetBIOS Enumeration o NetBIOS Enumeration
o NetBIOS Enumeration Tool: SuperScan o NetBIOS Enumeration Tools
o NetBIOS Enumeration Tool: Hyena o Enumerating User Accounts

o NetBIOS Enumeration Tool: Winfingerprint

o Enumerating Shared Resources Using Net
View
o NetBIOS Enumeration Tool: NetBIOS
Enumerator and Nsauditor Network Security  SNMP Enumeration
Auditor
o SNMP (Simple Network Management
o Enumerating User Accounts
Protocol) Enumeration
o Enumerating Shared Resources Using Net
o Working of SNMP
View
 SNMP Enumeration o Management Information Base (MIB)
o SNMP (Simple Network Management
o SNMP Enumeration Tools
Protocol) Enumeration
o Working of SNMP  LDAP Enumeration
o Management Information Base (MIB) o LDAP Enumeration
o SNMP Enumeration Tool: OpUtils o LDAP Enumeration Tools

Page | 10 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
o SNMP Enumeration Tool: Engineer’s Toolset
o SNMP Enumeration Tools
 LDAP Enumeration
o LDAP Enumeration Tool: Softerra LDAP
Administrator
o LDAP Enumeration Tools
 NTP Enumeration
o NTP Enumeration Commands
o NTP Enumeration Tools
 SMTP Enumeration and DNS Enumeration
o SMTP Enumeration
o SMTP Enumeration Tool: NetScanTools Pro
o SMTP Enumeration Tools
o DNS Zone Transfer Enumeration Using
NSLookup
 Enumeration Countermeasures
 SMB Enumeration Countermeasures
 Enumeration Pen Testing
Page | 11
Exam 312-50 Certified Ethical Hacker
 NTP Enumeration
o NTP Enumeration
o NTP Enumeration Commands
o NTP Enumeration Tools
 SMTP and DNS Enumeration
o SMTP Enumeration
o SMTP Enumeration Tools
o DNS Enumeration Using Zone Transfer
 Other Enumeration Techniques
o IPsec Enumeration
o VoIP Enumeration
o RPC Enumeration
o Unix/Linux User Enumeration
 Enumeration Countermeasures
o Enumeration Countermeasures
 Enumeration Pen Testing
o Enumeration Pen Testing
Module 05: Vulnerability Analysis
 Vulnerability Assessment Concepts
o Vulnerability Research
o Vulnerability Classification
o What is Vulnerability Assessment?
o Types of Vulnerability Assessment
o Vulnerability-Management Life Cycle
 Pre-Assessment Phase: Creating a Baseline
 Vulnerability Assessment Phase
 Post Assessment Phase
 Vulnerability Assessment Solutions
o Comparing Approaches to Vulnerability
Assessment
o Working of Vulnerability Scanning Solutions
o Types of Vulnerability Assessment Tools
o Characteristics of a Good Vulnerability
Assessment Solution
o Choosing a Vulnerability Assessment Tool
o Criteria for Choosing a Vulnerability
Assessment Tool
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
Module 05: System Hacking
 Security Breaches 2014
 Information at Hand Before System Hacking
Stage
 System Hacking: Goals
 CEH Hacking Methodology (CHM)
 CEH System Hacking Steps
o Cracking Passwords
 Password Cracking
 Types of Password Attacks
 Non-Electronic Attacks
Page | 12
Exam 312-50 Certified Ethical Hacker
o Best Practices for Selecting Vulnerability
Assessment Tools
 Vulnerability Scoring Systems
o Common Vulnerability Scoring System (CVSS)
o Common Vulnerabilities and Exposures (CVE)
o National Vulnerability Database (NVD)
o Resources for Vulnerability Research
 Vulnerability Assessment Tools
o Vulnerability Assessment Tools
 Qualys Vulnerability Management
 Nessus Professional
 GFI LanGuard
 Qualys FreeScan
 Nikto
 OpenVAS
 Retina CS
 SAINT
 Microsoft Baseline Security Analyzer
(MBSA)
 AVDS - Automated Vulnerability Detection
System
 Vulnerability Assessment Tools
o Vulnerability Assessment Tools for Mobile
 Vulnerability Assessment Reports
o Vulnerability Assessment Reports
o Analyzing Vulnerability Scanning Report
Module 06: System Hacking
 System Hacking Concepts
o CEH Hacking Methodology (CHM)
o System Hacking Goals
 Cracking Passwords
o Password Cracking
o Types of Password Attacks
 Non-Electronic Attacks
 Active Online Attack
 Dictionary, Brute Forcing and Rule-
based Attack
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 Active Online Attack: Dictionary, Brute

 Password Guessing
Forcing and Rule-based Attack
 Active Online Attack: Password Guessing  Default Passwords
 Default Passwords  Trojan/Spyware/Keylogger
 Active Online Attack:  Example of Active Online Attack Using
Trojan/Spyware/Keylogger USB Drive
 Example of Active Online Attack Using USB
 Hash Injection Attack
Drive
 Active Online Attack: Hash
 LLMNR/NBT-NS Poisoning
Injection Attack
 Passive Online Attack: Wire Sniffing  Passive Online Attack
 Passive Online Attacks: Man-in-the-Middle
 Wire Sniffing
and Replay Attack
 Offline Attack: Rainbow Table Attacks  Man-in-the-Middle and Replay Attack
 Tools to Create Rainbow Tables: rtgen and
 Offline Attack
Winrtgen
 Offline Attack: Distributed Network Attack  Rainbow Table Attack
 Tools to Create Rainbow Tables: rtgen
 Elcomsoft Distributed Password Recovery
and Winrtgen
 Microsoft Authentication  Distributed Network Attack
 How Hash Passwords Are Stored in
o Password Recovery Tools
Windows SAM?
 NTLM Authentication Process o Microsoft Authentication
o How Hash Passwords Are Stored in Windows
 Kerberos Authentication
SAM?
 Password Salting o NTLM Authentication Process
 PWdump7 and Fgdump o Kerberos Authentication
 Password Cracking Tools: L0phtCrack and
o Password Salting
Ophcrack
 Password Cracking Tools:
o Tools to Extract the Password Hashes
Cain & Abel and RainbowCrack
 Password Cracking Tools o Password Cracking Tools
 Password Cracking Tools for Mobile:
o How to Defend against Password Cracking
FlexiSPY Password Grabber
o How to Defend against LLMNR/NBT-NS
 How to Defend against Password Cracking
Poisoning
 Implement and Enforce Strong Security
 Escalating Privileges
Policy
o Escalating Privileges o Privilege Escalation
 Privilege Escalation o Privilege Escalation Using DLL Hijacking
o Privilege Escalation by Exploiting
 Privilege Escalation Using DLL Hijacking
Vulnerabilities
Page | 13 Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 Resetting Passwords Using Command

o Privilege Escalation Using Dylib Hijacking
Prompt
 Privilege Escalation Tool: Active@ o Privilege Escalation using Spectre and
Password Changer Meltdown Vulnerabilities
 Privilege Escalation Tools o Other Privilege Escalation Techniques
 How to Defend Against Privilege Escalation o How to Defend Against Privilege Escalation
o Executing Applications  Executing Applications
 Executing Applications o Executing Applications
 Executing Applications: RemoteExec  Tools for Executing Applications
 Executing Applications: PDQ Deploy o Keylogger
 Executing Applications: DameWare
 Types of Keystroke Loggers
Remote Support
 Keylogger  Hardware Keyloggers
 Types of Keystroke Loggers  Keyloggers for Windows
 Hardware Keyloggers  Keyloggers for Mac
 Keylogger: All In One Keylogger o Spyware
 Keyloggers for Windows  Spyware
 Keylogger for Mac: Amac Keylogger
 USB Spyware
for Mac
 Keyloggers for MAC  Audio Spyware
 Spyware  Video Spyware
 Spyware: Spytech SpyAgent  Telephone/Cellphone Spyware
 Spyware: Power Spy 2014  GPS Spyware
 Spyware o How to Defend Against Keyloggers
 USB Spyware: USBSpy  Anti-Keylogger
 Audio Spyware: Spy Voice Recorder
o How to Defend Against Spyware
and Sound Snooper
 Video Spyware: WebCam Recorder  Anti-Spyware
 Cellphone Spyware: Mobile Spy  Hiding Files
 Telephone/Cellphone Spyware o Rootkits
 GPS Spyware: SPYPhone  Types of Rootkits
 GPS Spyware  How Rootkit Works
 How to Defend Against Keyloggers  Rootkits
 Anti-Keylogger: Zemana AntiLogger  Horse Pill
 Anti-Keylogger  GrayFish
 How to Defend Against Spyware  Sirefef
 Anti-Spyware: SUPERAntiSpyware  Necurs
 Anti-Spywares  Detecting Rootkits
o Hiding Files  Steps for Detecting Rootkits

Page | 14 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 Rootkits  How to Defend against Rootkits

 Types of Rootkits  Anti-Rootkits
 How Rootkit Works o NTFS Data Stream
 Rootkit: Avatar  How to Create NTFS Streams
 Rootkit: Necurs  NTFS Stream Manipulation
 Rootkit: Azazel  How to Defend against NTFS Streams
 Rootkit: ZeroAccess  NTFS Stream Detectors
 Detecting Rootkits o What is Steganography?
 Steps for Detecting Rootkits  Classification of Steganography
 Types of Steganography based on Cover
 How to Defend against Rootkits
Medium
 Anti-Rootkit: Stinger and UnHackMe  Whitespace Steganography
 Anti-Rootkits  Image Steganography
 NTFS Data Stream  Image Steganography Tools
 How to Create NTFS Streams  Document Steganography
 NTFS Stream Manipulation  Video Steganography
 How to Defend against NTFS Streams  Audio Steganography
 NTFS Stream Detector: StreamArmor  Folder Steganography
 NTFS Stream Detectors  Spam/Email Steganography
 What is Steganography?  Steganography Tools for Mobile Phones
 Classification of Steganography  Steganalysis
 Types of Steganography based on  Steganalysis Methods/Attacks on
Cover Medium Steganography
 Whitespace Steganography Tool:  Detecting Steganography (Text, Image,
SNOW Audio, and Video Files)
 Image Steganography  Steganography Detection Tools
 Least Significant Bit Insertion  Covering Tracks
 Masking and Filtering o Covering Tracks
 Algorithms and
o Disabling Auditing: Auditpol
Transformation
 Image Steganography:
o Clearing Logs
QuickStego
 Image Steganography Tools o Manually Clearing Event Logs
 Document Steganography:
o Ways to Clear Online Tracks
wbStego
 Document Steganography
o Covering BASH Shell Tracks
Tools
 Video Steganography o Covering Tracks on Network
 Video Steganography:
o Covering Tracks on OS
OmniHide PRO and Masker

Page | 15 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 Video Steganography Tools o Covering Tracks Tools

 Audio Steganography  Penetration Testing
 Audio Steganography:
o Password Cracking
DeepSound
 Audio Steganography Tools o Privilege Escalation
 Folder Steganography: Invisible
o Executing Applications
Secrets 4
 Folder Steganography Tools o Hiding Files
 Spam/Email Steganography:
o Covering Tracks
Spam Mimic
 Steganography Tools for Mobile
Phones
 Steganalysis
 Steganalysis Methods/Attacks on
Steganography
 Detecting Text and Image
Steganography
 Detecting Audio and Video
Steganography
 Steganography Detection Tool:
Gargoyle Investigator™ Forensic Pro
 Steganography Detection Tools
o Covering Tracks
 Disabling Auditing: Auditpol
 Clearing Logs
 Manually Clearing Event Logs
 Ways to Clear Online Tracks
 Covering Tracks Tool
 CCleaner
 MRU-Blaster
 Track Covering Tools
o Penetration Testing
 Password Cracking
 Privilege Escalation
 Executing Applications
 Hiding Files
 Covering Tracks

Page | 16 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

Module 06: Malware Threats Module 07: Malware Threats

 Introduction to Malware  Malware Concepts
o Different Ways a Malware can Get into a
o Introduction to Malware
System
o Common Techniques Attackers Use to o Different Ways a Malware can Get into a
Distribute Malware on the Web System
o Common Techniques Attackers Use to
 Trojan Concepts
Distribute Malware on the Web
o Financial Loss Due to Trojans o Components of Malware
o What is a Trojan?  Trojan Concepts
o How Hackers Use Trojans o What is a Trojan?
o Common Ports used by Trojans o How Hackers Use Trojans
o How to Infect Systems Using a Trojan o Common Ports used by Trojans
o Wrappers o How to Infect Systems Using a Trojan
o Dark Horse Trojan Virus Maker o Trojan Horse Construction Kit
o Trojan Horse Construction Kit o Wrappers
o Crypters: AIO FUD Crypter, Hidden Sight
o Crypters
Crypter, and Galaxy Crypter
o Crypters: Criogenic Crypter, Heaven Crypter,
o How Attackers Deploy a Trojan
and SwayzCryptor
o How Attackers Deploy a Trojan o Exploit Kits
o Exploit Kit o Evading Anti-Virus Techniques
 Exploit Kit o Types of Trojans
 Infinity  Remote Access Trojans
 Phoenix Exploit Kit and Blackhole
 Backdoor Trojans
Exploit Kit
 Bleedinglife and Crimepack  Botnet Trojans
o Evading Anti-Virus Techniques  Rootkit Trojans
o Types of Trojans  E-banking Trojans
 Command Shell Trojans  Working of E-banking Trojans
 Defacement Trojans  E-banking Trojan: ZeuS
 Defacement Trojans: Restorator  Proxy Server Trojans
 Botnet Trojans  Covert Channel Trojans
 Tor-based Botnet Trojans: ChewBacca  Defacement Trojans
 Botnet Trojans: Skynet and CyberGate  Service Protocol Trojans
 Proxy Server Trojans  Mobile Trojans
 Proxy Server Trojan: W3bPrOxy
 IoT Trojans
Tr0j4nCr34t0r (Funny Name)
 FTP Trojans  Other Trojans
 VNC Trojans  Virus and Worm Concepts
Page | 17 Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
 VNC Trojans: Hesperbot
 HTTP/HTTPS Trojans
 HTTP Trojan: HTTP RAT
 Shttpd Trojan - HTTPS (SSL)
 ICMP Tunneling
 Remote Access Trojans
 Optix Pro and MoSucker
 BlackHole RAT and SSH - R.A.T
 njRAT and Xtreme RAT
 SpyGate – RAT and Punisher RAT
 DarkComet RAT, Pandora RAT, and
HellSpy RAT
 ProRat and Theef
 Hell Raiser
 Remote Access Tool: Atelier Web
Remote Commander
 Covert Channel Trojan: CCTT
 E-banking Trojans
 Working of E-banking Trojans
 E-banking Trojan: ZeuS and SpyEye
 E-banking Trojan: Citadel Builder and
Ice IX
 Destructive Trojans: M4sT3r Trojan
 Notification Trojans
 Data Hiding Trojans (Encrypted Trojans)
 Virus and Worms Concepts
o Introduction to Viruses
o Stages of Virus Life
o Working of Viruses
 Infection Phase
 Attack Phase
o Why Do People Create Computer Viruses
o Indications of Virus Attack
o How does a Computer Get Infected by Viruses
o Virus Hoaxes and Fake Antiviruses
o Ransomware
o Types of Viruses
 System or Boot Sector Viruses
Page | 18
Exam 312-50 Certified Ethical Hacker
o Introduction to Viruses
o Stages of Virus Life
o Working of Viruses
o Indications of Virus Attack
o How does a Computer Get Infected by Viruses
o Virus Hoaxes
o Fake Antiviruses
o Ransomware
o Types of Viruses
 System and File Viruses
 Multipartite and Macro Viruses
 Cluster and Stealth Viruses
 Encryption and Sparse Infector Viruses
 Polymorphic Viruses
 Metamorphic Viruses
 Overwriting File or Cavity Viruses
 Companion/Camouflage and Shell Viruses
 File Extension Viruses
 FAT and Logic Bomb Viruses
 Web Scripting and E-mail Viruses
 Other Viruses
o Creating Virus
o Computer Worms
o Worm Makers
 Malware Analysis
o What is Sheep Dip Computer?
o Anti-Virus Sensor Systems
o Introduction to Malware Analysis
o Malware Analysis Procedure: Preparing
Testbed
o Static Malware Analysis
 File Fingerprinting
 Local and Online Malware Scanning
 Performing Strings Search
 Identifying Packing/ Obfuscation Methods
 Finding the Portable Executables (PE)
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
 File and Multipartite Viruses
 Macro Viruses
 Cluster Viruses
 Stealth/Tunneling Viruses
 Encryption Viruses
 Polymorphic Code
 Metamorphic Viruses
 File Overwriting or Cavity Viruses
 Sparse Infector Viruses
 Companion/Camouflage Viruses
 Shell Viruses
 File Extension Viruses
 Add-on and Intrusive Viruses
 Transient and Terminate and Stay
Resident Viruses
o Writing a Simple Virus Program
 Sam’s Virus Generator and JPS Virus
Maker
 Andreinick05's Batch Virus Maker and
DeadLine’s Virus Maker
 Sonic Bat - Batch File Virus Creator and
Poison Virus Maker
o Computer Worms
 How Is a Worm Different from a Virus?
 Computer Worms: Ghost Eye Worm
 Worm Maker: Internet Worm Maker Thing
 Malware Reverse Engineering
o What is Sheep Dip Computer?
o Anti-Virus Sensor Systems
o Malware Analysis Procedure: Preparing
Testbed
o Malware Analysis Procedure
o Malware Analysis Tool: IDA Pro
o Online Malware Testing: VirusTotal
o Online Malware Analysis Services
o Trojan Analysis: Neverquest
o Virus Analysis: Ransom Cryptolocker
o Worm Analysis: Darlloz (Internet of Things
Page | 19
Exam 312-50 Certified Ethical Hacker
Information
 Identifying File Dependencies
 Malware Disassembly
o Dynamic Malware Analysis
 Port Monitoring
 Process Monitoring
 Registry Monitoring
 Windows Services Monitoring
 Startup Programs Monitoring
 Event Logs Monitoring/Analysis
 Installation Monitoring
 Files and Folder Monitoring
 Device Drivers Monitoring
 Network Traffic Monitoring/Analysis
 DNS Monitoring/ Resolution
 API Calls Monitoring
o Virus Detection Methods
o Trojan Analysis: ZeuS/Zbot
o Virus Analysis: WannaCry
 Countermeasures
o Trojan Countermeasures
o Backdoor Countermeasures
o Virus and Worms Countermeasures
 Anti-Malware Software
o Anti-Trojan Software
o Antivirus Software
 Malware Penetration Testing
o Malware Penetration Testing
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

(IoT) Worm)
 Malware Detection
o How to Detect Trojans
 Scanning for Suspicious Ports
 Port Monitoring Tools: TCPView and
CurrPorts
 Scanning for Suspicious Processes
 Process Monitoring Tool: What's
Running
 Process Monitoring Tools
 Scanning for Suspicious Registry Entries
 Registry Entry Monitoring Tool:
RegScanner
 Registry Entry Monitoring Tools
 Scanning for Suspicious Device Drivers
 Device Drivers Monitoring Tool:
DriverView
 Device Drivers Monitoring Tools
 Scanning for Suspicious Windows Services
 Windows Services Monitoring Tool:
Windows Service Manager (SrvMan)
 Windows Services Monitoring Tools
 Scanning for Suspicious Startup Programs
 Windows 8 Startup Registry Entries
 Startup Programs Monitoring Tool:
Security AutoRun
 Startup Programs Monitoring Tools
 Scanning for Suspicious Files and Folders
 Files and Folder Integrity Checker:
FastSum and WinMD5
 Files and Folder Integrity Checker
 Scanning for Suspicious Network Activities
 Detecting Trojans and Worms with Capsa
Network Analyzer
o Virus Detection Methods
 Countermeasures
o Trojan Countermeasures
o Backdoor Countermeasures
o Virus and Worms Countermeasures
 Anti-Malware Software

Page | 20 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

o Anti-Trojan Software
 TrojanHunter
 Emsisoft Anti-Malware
 Anti-Trojan Software
o Companion Antivirus: Immunet
o Antivirus Tools
 Penetration Testing
o Pen Testing for Trojans and Backdoors
o Penetration Testing for Virus

Module 07: Sniffing Module 08: Sniffing

 Sniffing Concepts  Sniffing Concepts
o Network Sniffing and Threats o Network Sniffing
o How a Sniffer Works o Types of Sniffing
o How an Attacker Hacks the Network Using
o Types of Sniffing
Sniffers
 Passive Sniffing o Protocols Vulnerable to Sniffing
o Sniffing in the Data Link Layer of the OSI
 Active Sniffing
Model
o How an Attacker Hacks the Network Using
o Hardware Protocol Analyzers
Sniffers
o Protocols Vulnerable to Sniffing o SPAN Port
o Sniffing in the Data Link Layer of the OSI
o Wiretapping
Model
o Hardware Protocol Analyzer o Lawful Interception
 Hardware Protocol Analyzers  Sniffing Technique: MAC Attacks
o SPAN Port o MAC Address/CAM Table
o Wiretapping o How CAM Works
o Lawful Interception o What Happens When CAM Table Is Full?
o Wiretapping Case Study: PRISM o MAC Flooding
 MAC Attacks o Switch Port Stealing
o MAC Address/CAM Table o How to Defend against MAC Attacks
o How CAM Works  Sniffing Technique: DHCP Attacks
o What Happens When CAM Table Is Full? o How DHCP Works
o MAC Flooding o DHCP Request/Reply Messages
o Mac Flooding Switches with macof o DHCP Starvation Attack
o Switch Port Stealing o Rogue DHCP Server Attack
o How to Defend Against DHCP Starvation and
o How to Defend against MAC Attacks
Rogue Server Attack

Page | 21 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
 DHCP Attacks
o How DHCP Works
o DHCP Request/Reply Messages
o IPv4 DHCP Packet Format
o DHCP Starvation Attack
o DHCP Starvation Attack Tools
o Rogue DHCP Server Attack
o How to Defend Against DHCP Starvation and
Rogue Server Attack
 ARP Poisoning
o What Is Address Resolution Protocol (ARP)?
o ARP Spoofing Attack
o How Does ARP Spoofing Work
o Threats of ARP Poisoning
o ARP Poisoning Tool
 Cain & Abel and WinArpAttacker
 Ufasoft Snif
o How to Defend Against ARP Poisoning
o Configuring DHCP Snooping and Dynamic ARP
Inspection on Cisco Switches
o ARP Spoofing Detection: XArp
 Spoofing Attack
o MAC Spoofing/Duplicating
o MAC Spoofing Technique: Windows
o MAC Spoofing Tool: SMAC
o IRDP Spoofing
o How to Defend Against MAC Spoofing
 DNS Poisoning
o DNS Poisoning Techniques
 Intranet DNS Spoofing
 Internet DNS Spoofing
 Proxy Server DNS Poisoning
 DNS Cache Poisoning
o How to Defend Against DNS Spoofing
 Sniffing Tools
o Sniffing Tool: Wireshark
 Follow TCP Stream in Wireshark
 Display Filters in Wireshark
Page | 22
Exam 312-50 Certified Ethical Hacker
 Sniffing Technique: ARP Poisoning
o What Is Address Resolution Protocol (ARP)?
o ARP Spoofing Attack
o Threats of ARP Poisoning
o ARP Poisoning Tools
o How to Defend Against ARP Poisoning
o Configuring DHCP Snooping and Dynamic ARP
Inspection on Cisco Switches
o ARP Spoofing Detection Tools
 Sniffing Technique: Spoofing Attacks
o MAC Spoofing/Duplicating
o MAC Spoofing Technique: Windows
o MAC Spoofing Tools
o IRDP Spoofing
o How to Defend Against MAC Spoofing
 Sniffing Technique: DNS Poisoning
o DNS Poisoning Techniques
 Intranet DNS Spoofing
 Internet DNS Spoofing
 Proxy Server DNS Poisoning
 DNS Cache Poisoning
o How to Defend Against DNS Spoofing
 Sniffing Tools
o Sniffing Tool: Wireshark
 Follow TCP Stream in Wireshark
 Display Filters in Wireshark
 Additional Wireshark Filters
o Sniffing Tools
o Packet Sniffing Tools for Mobile
 Countermeasures
o How to Defend Against Sniffing
 Sniffing Detection Techniques
o How to Detect Sniffing
o Sniffer Detection Techniques
 Ping Method
 DNS Method
 ARP Method
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 Additional Wireshark Filters o Promiscuous Detection Tools

o Sniffing Tool  Sniffing Pen Testing
 SteelCentral Packet Analyzer o Sniffing Penetration Testing
 Tcpdump/Windump
o Packet Sniffing Tool: Capsa Network Analyzer
o Network Packet Analyzer
 OmniPeek Network Analyzer
 Observer
 Sniff-O-Matic
o TCP/IP Packet Crafter: Colasoft Packet Builder
o Network Packet Analyzer: RSA NetWitness
Investigator
o Additional Sniffing Tools
o Packet Sniffing Tools for Mobile: Wi.cap.
Network Sniffer Pro and FaceNiff
 Countermeasures
o How to Defend Against Sniffing
 Sniffing Detection Techniques
o How to Detect Sniffing
o Sniffer Detection Technique
 Ping Method
 ARP Method
 DNS Method
o Promiscuous Detection Tool
 PromqryUI
 Nmap
 Sniffing Pen Testing

Module 08: Social Engineering Module 09: Social Engineering

 Social Engineering Statistics
 Social Engineering Concepts
o What is Social Engineering?
o Behaviors Vulnerable to Attacks
o Factors that Make Companies Vulnerable to
Attacks
o Why is Social Engineering Effective?
 Social Engineering Concepts
o What is Social Engineering?
o Phases of a Social Engineering Attack
 Social Engineering Techniques
o Types of Social Engineering
o Human-based Social Engineering

Page | 23 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
o Phases in a Social Engineering Attack
 Social Engineering Techniques
o Types of Social Engineering
 Human-based Social Engineering
 Impersonation
 Impersonation Scenario
 Over-Helpfulness of Help Desk
 Third-party Authorization
 Tech Support
 Internal Employee/Client/Vendor
 Repairman
 Trusted Authority Figure
 Eavesdropping and Shoulder Surfing
 Dumpster Diving
 Reverse Social Engineering,
Piggybacking, and Tailgating
 Watch these Movies
 Watch this Movie
 Computer-based Social Engineering
 Phishing
 Spear Phishing
 Mobile-based Social Engineering
 Publishing Malicious Apps
 Repackaging Legitimate Apps
 Fake Security Applications
 Using SMS
o Insider Attack
o Disgruntled Employee
o Preventing Insider Threats
o Common Social Engineering Targets and
Defense Strategies
 Impersonation on Social Networking Sites
o Social Engineering Through Impersonation on
Social Networking Sites
o Social Engineering on Facebook
o Social Engineering on LinkedIn and Twitter
o Risks of Social Networking to Corporate
Page | 24
Exam 312-50 Certified Ethical Hacker
 Impersonation
 Impersonation (Vishing)
 Eavesdropping
 Shoulder Surfing
 Dumpster Diving
 Reverse Social Engineering
 Piggybacking,
 Tailgating
o Computer-based Social Engineering
 Phishing
o Mobile-based Social Engineering
 Publishing Malicious Apps
 Repackaging Legitimate Apps
 Fake Security Applications
 SMiShing (SMS Phishing)
 Insider Threats
o Insider Threat / Insider Attack
o Type of Insider Threats
 Impersonation on Social Networking Sites
o Social Engineering Through Impersonation on
Social Networking Sites
o Impersonation on Facebook
o Social Networking Threats to Corporate
Networks
 Identity Theft
o Identity Theft
 Countermeasures
o Social Engineering Countermeasures
o Insider Threats Countermeasures
o Identity Theft Countermeasures
o How to Detect Phishing Emails?
o Anti-Phishing Toolbar
o Common Social Engineering Targets and
Defense Strategies
 Social Engineering Pen Testing
o Social Engineering Pen Testing
 Using Emails
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

Networks
 Identity Theft  Using Phone
o Identity Theft Statistics  In Person
o Identify Theft o Social Engineering Pen Testing Tools
o How to Steal an Identity
 STEP 1
 STEP 2
 Comparison
 STEP 3
 Real Steven Gets Huge Credit Card
Statement
o Identity Theft - Serious Problem
 Social Engineering Countermeasures
o How to Detect Phishing Emails
o Anti-Phishing Toolbar
 Netcraft
 PhishTank
o Identity Theft Countermeasures
 Penetration Testing
o Social Engineering Pen Testing
 Using Emails
 Using Phone
 In Person
 Social Engineering Toolkit (SET)

Module 09: Denial-of-Service Module 10: Denial-of-Service

 DoS/DDoS Concepts
o DDoS Attack Trends
o What is a Denial of Service Attack?
o What are Distributed Denial of Service
Attacks?
o How Distributed Denial of Service Attacks
Work
 DoS/DDoS Attack Techniques
o Basic Categories of DoS/DDoS Attack Vectors
o DoS/DDoS Attack Techniques
 DoS/DDoS Concepts
o What is a Denial-of-Service Attack?
o What is Distributed Denial-of-Service Attack?
 DoS/DDoS Attack Techniques
o Basic Categories of DoS/DDoS Attack Vectors
o UDP Flood Attack
o ICMP Flood Attack
o Ping of Death and Smurf Attack

Page | 25 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 Bandwidth Attacks o SYN Flood Attack

 Service Request Floods o Fragmentation Attack
 SYN Attack o HTTP GET/POST and Slowloris Attacks
 SYN Flooding o Multi-Vector Attack
 ICMP Flood Attack o Peer-to-Peer Attacks
 Peer-to-Peer Attacks o Permanent Denial-of-Service Attack
o Distributed Reflection Denial-of-Service
 Permanent Denial-of-Service Attack
(DRDoS)
 Application Level Flood Attacks  Botnets
 Distributed Reflection Denial of Service
o Organized Cyber Crime: Organizational Chart
(DRDoS)
 Botnet o Botnet
o Organized Cyber Crime: Organizational Chart o A Typical Botnet Setup
o Botnet o Botnet Ecosystem
o Scanning Methods for Finding Vulnerable
o A Typical Botnet Setup
Machines
o Botnet Ecosystem o How Malicious Code Propagates?
o Scanning Methods for Finding
o Botnet Trojans
Vulnerable Machines
o How Malicious Code Propagates?  DDoS Case Study
o Botnet Trojan: Blackshades NET o DDoS Attack
o Botnet Trojans: Cythosia Botnet and
o Hackers Advertise Links to Download Botnet
Andromeda Bot
o Use of Mobile Devices as Botnets for
o Botnet Trojan: PlugBot
Launching DDoS Attacks
 DDoS Case Study o DDoS Case Study: Dyn DDoS Attack
o DDoS Attack  DoS/DDoS Attack Tools
o Hackers Advertise Links to Download Botnet o DoS/DDoS Attack Tools
 DoS Attack Tools o DoS and DDoS Attack Tool for Mobile
o Pandora DDoS Bot Toolkit  Countermeasures
o Dereil and HOIC o Detection Techniques
o DoS HTTP and BanglaDos o DoS/DDoS Countermeasure Strategies
o DoS and DDoS Attack Tools o DDoS Attack Countermeasures
o DoS and DDoS Attack Tool for Mobile  Protect Secondary Victims
 AnDOSid  Detect and Neutralize Handlers
 Low Orbit Ion Cannon (LOIC)  Prevent Potential Attacks
 Countermeasures  Deflect Attacks
o Detection Techniques  Mitigate Attacks
 Activity Profiling  Post-Attack Forensics

Page | 26 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 Wavelet Analysis o Techniques to Defend against Botnets

 Sequential Change-Point Detection o DoS/DDoS Countermeasures
o DoS/DDoS Countermeasure Strategies o DoS/DDoS Protection at ISP Level
o DDoS Attack Countermeasures o Enabling TCP Intercept on Cisco IOS Software
 DoS/DDoS Countermeasures: Protect
 DoS/DDoS Protection Tools
Secondary Victims
 DoS/DDoS Countermeasures: Detect and
o Advanced DDoS Protection Appliances
Neutralize Handlers
 DoS/DDoS Countermeasures: Detect
o DoS/DDoS Protection Tools
Potential Attacks
 DoS/DDoS Countermeasures: Deflect
 DoS/DDoS Penetration Testing
Attacks
 DoS/DDoS Countermeasures: Mitigate
o Denial-of-Service (DoS) Attack Pen Testing
Attacks
o Post-Attack Forensics
o Techniques to Defend against Botnets
o DoS/DDoS Countermeasures
o DoS/DDoS Protection at ISP Level
o Enabling TCP Intercept on Cisco IOS Software
o Advanced DDoS Protection Appliances
 DoS/DDoS Protection Tools
o DoS/DDoS Protection Tool: FortGuard Anti-
DDoS Firewall 2014
o DoS/DDoS Protection Tools
 Denial-of-Service (DoS) Attack Penetration
Testing

Module 10: Session Hijacking Module 11: Session Hijacking

 Attack Techniques 2015
 Session Hijacking Concepts
o What is Session Hijacking?
o Why Session Hijacking is Successful?
o Session Hijacking Process
o Packet Analysis of a Local Session Hijack
o Types of Session Hijacking
o Session Hijacking in OSI Model
o Spoofing vs. Hijacking
 Application Level Session Hijacking
o Compromising Session IDs using Sniffing
 Session Hijacking Concepts
o What is Session Hijacking?
o Why Session Hijacking is Successful?
o Session Hijacking Process
o Packet Analysis of a Local Session Hijack
o Types of Session Hijacking
o Session Hijacking in OSI Model
o Spoofing vs. Hijacking
 Application Level Session Hijacking
o Application Level Session Hijacking
o Compromising Session IDs using Sniffing and
by Predicting Session Token

Page | 27 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
o Compromising Session IDs by Predicting
Session Token
 How to Predict a Session Token
o Compromising Session IDs Using Man-in-the-
Middle Attack
o Compromising Session IDs Using Man-in-the-
Browser Attack
 Steps to Perform Man-in-the-Browser
Attack
o Compromising Session IDs Using Client-side
Attacks
 Compromising Session IDs Using Client-
side Attacks: Cross-site Script Attack
 Compromising Session IDs Using Client-
side Attacks: Cross-site Request Forgery
Attack
o Compromising Session IDs Using Session
Replay Attack
o Compromising Session IDs Using Session
Fixation
 Session Fixation Attack
o Session Hijacking Using Proxy Servers
 Network-level Session Hijacking
o The 3-Way Handshake
o TCP/IP Hijacking
 TCP/IP Hijacking Process
o IP Spoofing: Source Routed Packets
o RST Hijacking
o Blind Hijacking
o MiTM Attack Using Forged ICMP and ARP
Spoofing
o UDP Hijacking
 Session Hijacking Tools
o Session Hijacking Tool
 Zaproxy
 Burp Suite and Hijack
o Session Hijacking Tools
o Session Hijacking Tools for Mobile:
Page | 28
Exam 312-50 Certified Ethical Hacker
o How to Predict a Session Token
o Compromising Session IDs Using Man-in-the-
Middle Attack
o Compromising Session IDs Using Man-in-the-
Browser Attack
 Steps to Perform Man-in-the-Browser
Attack
o Compromising Session IDs Using Client-side
Attacks
 Compromising Session IDs Using Client-
side Attacks: Cross-site Script Attack
 Compromising Session IDs Using Client-
side Attacks: Cross-site Request Forgery
Attack
o Compromising Session IDs Using Session
Replay Attack
o Compromising Session IDs Using Session
Fixation
o Session Hijacking Using Proxy Servers
o Session Hijacking Using CRIME Attack
o Session Hijacking Using Forbidden Attack
 Network Level Session Hijacking
o TCP/IP Hijacking
o IP Spoofing: Source Routed Packets
o RST Hijacking
o Blind Hijacking
o UDP Hijacking
o MiTM Attack Using Forged ICMP and ARP
Spoofing
 Session Hijacking Tools
o Session Hijacking Tools
o Session Hijacking Tools for Mobile
 Countermeasures
o Session Hijacking Detection Methods
o Protecting against Session Hijacking
o Methods to Prevent Session Hijacking: To be
Followed by Web Developers
o Methods to Prevent Session Hijacking: To be
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
DroidSheep and DroidSniff
 Countermeasures
o Session Hijacking Detection Methods
o Protecting against Session Hijacking
o Methods to Prevent Session Hijacking
 To be Followed by Web Developers
 To be Followed by Web Users
o Approaches Vulnerable to Session Hijacking
and their Preventative Solutions
o IPSec
 Modes of IPsec
 IPsec Architecture
 IPsec Authentication and Confidentiality
 Components of IPsec
 Session Hijacking Pen Testing
Module 16: Evading IDS, Firewalls, and Honeypots
 Survey: The State of Network Security 2014
 Cybersecurity Market Report
 IDS, Firewall and Honeypot Concepts
o Intrusion Detection Systems (IDS) and their
Placement
 How IDS Works
 Ways to Detect an Intrusion
 General Indications of Intrusions
 General Indications of System Intrusions
 Types of Intrusion Detection Systems
 System Integrity Verifiers (SIV)
o Firewall
 Firewall Architecture
 DeMilitarized Zone (DMZ)
 Types of Firewall
 Packet Filtering Firewall
 Circuit-Level Gateway Firewall
 Application-Level Firewall
 Stateful Multilayer Inspection Firewall
o Honeypot
Page | 29
Exam 312-50 Certified Ethical Hacker
Followed by Web Users
o Session Hijacking Detection Tools
o Approaches Vulnerable to Session Hijacking
and their Preventative Solutions
o Approaches to Prevent Session Hijacking
o IPSec
 Components of IPsec
 Benefits of IPsec
 Modes of IPsec
 IPsec Architecture
 IPsec Authentication and Confidentiality
o Session Hijacking Prevention Tools
 Penetration Testing
o Session Hijacking Pen Testing
Module 12: Evading IDS, Firewalls, and Honeypots
 IDS, Firewall and Honeypot Concepts
o Intrusion Detection System (IDS)
 How IDS Detects an Intrusion
 General Indications of Intrusions
 Types of Intrusion Detection Systems
 Types of IDS Alerts
o Firewall
 Firewall Architecture
 DeMilitarized Zone (DMZ)
 Types of Firewalls
 Firewall Technologies
 Packet Filtering Firewall
 Circuit-Level Gateway Firewall
 Application-Level Firewall
 Stateful Multilayer Inspection Firewall
 Application Proxy
 Network Address Translation (NAT)
 Virtual Private Network
 Firewall Limitations
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 Types of Honeypots o Honeypot

 IDS, Firewall and Honeypot System  Types of Honeypots
o Intrusion Detection Tool  IDS, Firewall and Honeypot Solutions
 Snort o Intrusion Detection Tool
 Snort Rules  Snort
 Rule Actions and IP Protocols  Snort Rules
 The Direction Operator and IP  Snort Rules: Rule Actions and IP
Addresses Protocols
 Snort Rules: The Direction Operator
 Port Numbers
and IP Addresses
 Intrusion Detection Systems: Tipping Point  Snort Rules: Port Numbers
 Intrusion Detection Tools: TippingPoint
 Intrusion Detection Tools
and AlienVault® OSSIM™
 Intrusion Detection Tools for Mobile  Intrusion Detection Tools
o Firewall  Intrusion Detection Tools for Mobile
 ZoneAlarm PRO Firewall 2015 o Firewalls
 ZoneAlarm Free Firewall 2018 and Firewall
 Comodo Firewall
Analyzer
 Firewalls  Firewalls
 Firewalls for Mobile: Android Firewall and
 Firewalls for Mobile
Firewall iP
 Firewalls for Mobile o Honeypot Tools
o Honeypot Tool  KFSensor and SPECTER
 KFSensor and SPECTER  Honeypot Tools
 Honeypot Tools  Honeypot Tools for Mobile
 Honeypot Tool for Mobile: HosTaGe  Evading IDS
 Evading IDS o IDS Evasion Techniques
o Insertion Attack  Insertion Attack
o Evasion  Evasion
o Denial-of-Service Attack (DoS)  Denial-of-Service Attack (DoS)
o Obfuscating  Obfuscating
o False Positive Generation  False Positive Generation
o Session Splicing  Session Splicing
o Unicode Evasion Technique  Unicode Evasion
o Fragmentation Attack  Fragmentation Attack
o Overlapping Fragments  Overlapping Fragments
o Time-To-Live Attacks  Time-To-Live Attacks
o Invalid RST Packets  Invalid RST Packets
o Urgency Flag  Urgency Flag
Page | 30 Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

o Polymorphic Shellcode  Polymorphic Shellcode

o ASCII Shellcode  ASCII Shellcode
o Application-Layer Attacks  Application-Layer Attacks
o Desynchronization - Pre Connection SYN  Desynchronization
o Desynchronization - Post Connection SYN  Other Types of Evasion
o Other Types of Evasion  Evading Firewalls
 Evading Firewalls o Firewall Evasion Techniques
o Firewall Identification  Firewall Identification
 Port Scanning  IP Address Spoofing
 Firewalking  Source Routing
 Banner Grabbing  Tiny Fragments
 Bypass Blocked Sites Using IP Address in
o IP Address Spoofing
Place of URL
 Bypass Blocked Sites Using Anonymous
o Source Routing
Website Surfing Sites
o Tiny Fragments  Bypass a Firewall Using Proxy Server
o Bypass Blocked Sites Using IP Address in Place  Bypassing Firewall through ICMP
of URL Tunneling Method
o Bypass Blocked Sites Using Anonymous  Bypassing Firewall through ACK Tunneling
Website Surfing Sites Method
 Bypassing Firewall through HTTP
o Bypass a Firewall Using Proxy Server
Tunneling Method
o Bypassing Firewall through ICMP Tunneling
 Why do I Need HTTP Tunneling
Method
o Bypassing Firewall through ACK Tunneling
 HTTP Tunneling Tools
Method
o Bypassing Firewall through HTTP Tunneling  Bypassing Firewall through SSH Tunneling
Method Method
 SSH Tunneling Tool: Bitvise and
 Why do I Need HTTP Tunneling
Secure Pipes
 Bypassing Firewall through External
 HTTP Tunneling Tools
Systems
 HTTPort and HTTHost  Bypassing Firewall through MITM Attack
 Super Network Tunnel  Bypassing Firewall through Content
 HTTP-Tunnel  Bypassing WAF using XSS Attack
o Bypassing Firewall through SSH Tunneling
 IDS/Firewall Evading Tools
Method
 SSH Tunneling Tool: Bitvise o IDS/Firewall Evasion Tools
o Bypassing Firewall through External Systems o Packet Fragment Generator Tools
o Bypassing Firewall through MITM Attack  Detecting Honeypots
o Bypassing Firewall through Content o Detecting Honeypots
Page | 31 Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
 IDS/Firewall Evading Tools
o IDS/Firewall Evasion Tool
 Traffic IQ Professional
 tcp-over-dns
o IDS/Firewall Evasion Tools
o Packet Fragment Generator: Colasoft Packet
Builder
o Packet Fragment Generators
 Detecting Honeypots
o Detecting Honeypots
o Honeypot Detecting Tool: Send-Safe
Honeypot Hunter
 IDS/Firewall Evasion Countermeasures
o Countermeasures
 Penetration Testing
Module 11: Hacking Webservers
 Webserver Market Shares
 Webserver Concepts
o Web Server Security Issue
o Why Web Servers Are Compromised
o Impact of Webserver Attacks
o Open Source Webserver Architecture
o IIS Web Server Architecture
 Webserver Attacks
o DoS/DDoS Attacks
o DNS Server Hijacking
o DNS Amplification Attack
o Directory Traversal Attacks
o Man-in-the-Middle/Sniffing Attack
o Phishing Attacks
o Website Defacement
o Webserver Misconfiguration
 Webserver Misconfiguration Example
o HTTP Response Splitting Attack
o Web Cache Poisoning Attack
o SSH Bruteforce Attack
Page | 32
Exam 312-50 Certified Ethical Hacker
o Detecting and Defeating Honeypots
o Honeypot Detection Tool: Send-Safe
Honeypot Hunter
 IDS/Firewall Evasion Countermeasures
o How to Defend Against IDS Evasion
o How to Defend Against Firewall Evasion
 Penetration Testing
o Firewall/IDS Penetration Testing
 Firewall Penetration Testing
 IDS Penetration Testing
Module 13: Hacking Web Servers
 Web Server Concepts
o Web Server Operations
o Open Source Web Server Architecture
o IIS Web Server Architecture
o Web Server Security Issue
o Why Web Servers Are Compromised?
o Impact of Web Server Attacks
 Web Server Attacks
o DoS/DDoS Attacks
o DNS Server Hijacking
o DNS Amplification Attack
o Directory Traversal Attacks
o Man-in-the-Middle/Sniffing Attack
o Phishing Attacks
o Website Defacement
o Web Server Misconfiguration
o HTTP Response Splitting Attack
o Web Cache Poisoning Attack
o SSH Brute Force Attack
o Web Server Password Cracking
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
o Webserver Password Cracking
 Webserver Password Cracking Techniques
o Web Application Attacks
 Attack Methodology
o Webserver Attack Methodology
 Information Gathering
 Information Gathering from
Robots.txt File
 Webserver Footprinting
 Webserver Footprinting Tools
 Enumerating Webserver Information
Using Nmap
 Mirroring a Website
 Vulnerability Scanning
 Session Hijacking
 Hacking Web Passwords
 Webserver Attack Tools
o Metasploit
 Metasploit Architecture
 Metasploit Exploit Module
 Metasploit Payload Module
 Metasploit Auxiliary Module
 Metasploit NOPS Module
o Wfetch
o Web Password Cracking Tool: THC-Hydra and
Brutus
 Countermeasures
o Place Web Servers in Separate Secure Server
Security Segment on Network
o Countermeasures
 Patches and Updates
 Protocols
 Accounts
 Files and Directories
o Detecting Web Server Hacking Attempts
o How to Defend Against Web Server Attacks
o How to Defend against HTTP Response
Splitting and Web Cache Poisoning
Page | 33
Exam 312-50 Certified Ethical Hacker
o Web Application Attacks
 Web Server Attack Methodology
o Information Gathering
 Information Gathering from Robots.txt File
o Web Server Footprinting/Banner Grabbing
 Web Server Footprinting Tools
 Enumerating Web Server Information
Using Nmap
o Website Mirroring
 Finding Default Credentials of Web Server
 Finding Default Content of Web Server
 Finding Directory Listings of Web Server
o Vulnerability Scanning
 Finding Exploitable Vulnerabilities
o Session Hijacking
o Web Server Passwords Hacking
o Using Application Server as a Proxy
 Web Server Attack Tools
o Metasploit
 Metasploit Exploit Module
 Metasploit Payload and Auxiliary Module
 Metasploit NOPS Module
o Web Server Attack Tools
 Countermeasures
o Place Web Servers in Separate Secure Server
Security Segment on Network
o Countermeasures
 Patches and Updates
 Protocols
 Accounts
 Files and Directories
o Detecting Web Server Hacking Attempts
o How to Defend Against Web Server Attacks
o How to Defend against HTTP Response
Splitting and Web Cache Poisoning
o How to Defend against DNS Hijacking
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

o How to Defend against DNS Hijacking  Patch Management

 Patch Management o Patches and Hotfixes
o Patches and Hotfixes o What is Patch Management
o What is Patch Management? o Installation of a Patch
o Identifying Appropriate Sources for Updates
o Patch Management Tools
and Patches
o Installation of a Patch  Web Server Security Tools
o Implementation and Verification of a Security
o Web Application Security Scanners
Patch or Upgrade
o Patch Management Tool: Microsoft Baseline
o Web Server Security Scanners
Security Analyzer (MBSA)
o Patch Management Tools o Web Server Security Tools
 Webserver Security Tools  Web Server Pen Testing
o Web Application Security Scanner: Syhunt
Dynamic and N-Stalker Web Application o Web Server Penetration Testing
Security Scanner
o Web Server Security Scanner: Wikto and
o Web Server Pen Testing Tools
Acunetix Web Vulnerability Scanner
o Web Server Malware Infection Monitoring
Tool
 HackAlert
 QualysGuard Malware Detection
o Webserver Security Tools
 Webserver Pen Testing
o Web Server Penetration Testing
o Web Server Pen Testing Tool
 CORE Impact® Pro
 Immunity CANVAS
 Arachni

Module 12: Hacking Web Applications Module 14: Hacking Web Applications
 Web Application Attack Report  Web App Concepts
 Variety of Hacking Actions Within Web App
o Introduction to Web Applications
Attacks Pattern
 Web App Concepts o Web Application Architecture
o Introduction to Web Applications o Web 2.0 Applications
o How Web Applications Work o Vulnerability Stack
o Web Application Architecture  Web App Threats
o OWASP Top 10 Application Security Risks –
o Web 2.0 Applications
2017

Page | 34 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

o Vulnerability Stack  A1 - Injection Flaws

 Web App Threats  SQL Injection Attacks
o Web Application Threats – 1  Command Injection Attacks
o Web Application Threats - 2  Command Injection Example
o Unvalidated Input  File Injection Attack
o Parameter/Form Tampering  LDAP Injection Attacks
o Directory Traversal  A2 - Broken Authentication
o Security Misconfiguration  A3 - Sensitive Data Exposure
o Injection Flaws  A4 - XML External Entity (XXE)
o SQL Injection Attacks  A5 - Broken Access Control
o Command Injection Attacks  A6 - Security Misconfiguration
 Command Injection Example  A7 - Cross-Site Scripting (XSS) Attacks
 Cross-Site Scripting Attack Scenario:
o File Injection Attack
Attack via Email
o What is LDAP Injection?  XSS Attack in Blog Posting
 How LDAP Injection Works  XSS Attack in Comment Field
o Hidden Field Manipulation Attack  Websites Vulnerable to XSS Attack
o Cross-Site Scripting (XSS) Attacks  A8 - Insecure Deserialization
 A9 - Using Components with Known
 How XSS Attacks Work
Vulnerabilities
 Cross-Site Scripting Attack Scenario: Attack
 A10 - Insufficient Logging and Monitoring
via Email
 XSS Example: Attack via Email o Other Web Application Threats
 XSS Example: Stealing Users' Cookies  Directory Traversal
 XSS Example: Sending an Unauthorized
 Unvalidated Redirects and Forwards
Request
 XSS Attack in Blog Posting  Watering Hole Attack
 XSS Attack in Comment Field  Cross-Site Request Forgery (CSRF) Attack
 Websites Vulnerable to XSS Attack  Cookie/Session Poisoning
o Cross-Site Request Forgery (CSRF) Attack  Web Services Architecture
 How CSRF Attacks Work  Web Services Attack
o Web Application Denial-of-Service (DoS)
 Web Services Footprinting Attack
Attack
 Denial of Service (DoS) Examples  Web Services XML Poisoning
o Buffer Overflow Attacks  Hidden Field Manipulation Attack
o Cookie/Session Poisoning  Hacking Methodology
 How Cookie Poisoning Works o Web App Hacking Methodology
o Session Fixation Attack o Footprint Web Infrastructure
o CAPTCHA Attacks  Server Discovery

Page | 35 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
o Insufficient Transport Layer Protection
o Improper Error Handling
o Insecure Cryptographic Storage
o Broken Authentication and Session
Management
o Unvalidated Redirects and Forwards
o Web Services Architecture
o Web Services Attack
o Web Services Footprinting Attack
o Web Services XML Poisoning
 Web App Hacking Methodology
o Footprint Web Infrastructure
 Server Discovery
 Service Discovery
 Server Identification/Banner Grabbing
 Detecting Web App Firewalls and
Proxies on Target Site
 Hidden Content Discovery
 Web Spidering Using Burp Suite
 Web Crawling Using Mozenda Web Agent
Builder
o Attack Web Servers
 Hacking Web Servers
 Web Server Hacking Tool: WebInspect
o Analyze Web Applications
 Identify Entry Points for User Input
 Identify Server-Side Technologies
 Identify Server-Side Functionality
 Map the Attack Surface
o Attack Authentication Mechanism
 User Name Enumeration
 Password Attacks
 Password Functionality Exploits
Page | 36
Exam 312-50 Certified Ethical Hacker
 Service Discovery
 Server Identification/Banner Grabbing
 Detecting Web App Firewalls and Proxies
on Target Site
 Hidden Content Discovery
 Web Spidering Using Burp Suite
 Web Crawling Using Mozenda Web Agent
Builder
o Attack Web Servers
o Analyze Web Applications
 Identify Entry Points for User Input
 Identify Server- Side Technologies
 Identify Server- Side Functionality
 Map the Attack Surface
o Bypass Client-Side Controls
 Attack Hidden Form Fields
 Attack Browser Extensions
 Perform Source Code Review
o Attack Authentication Mechanism
 User Name Enumeration
 Password Attacks: Password Functionality
Exploits
 Password Attacks: Password Guessing and
Brute-forcing
 Session Attacks: Session ID
Prediction/Brute-forcing
 Cookie Exploitation: Cookie Poisoning
o Attack Authorization Schemes
 HTTP Request Tampering
 Cookie Parameter Tampering
o Attack Access Controls
o Attack Session Management Mechanism
 Attacking Session Token Generation
Mechanism
 Attacking Session Tokens Handling
Mechanism: Session Token Sniffing
o Perform Injection/Input Validation Attacks
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
 Password Guessing
 Brute-forcing
 Session Attacks: Session ID Prediction/
Brute-forcing
 Cookie Exploitation: Cookie Poisoning
o Authorization Attack Schemes
 Authorization Attack
 HTTP Request Tampering
 Authorization Attack: Cookie Parameter
Tampering
o Attack Session Management Mechanism
 Session Management Attack
 Attacking Session Token Generation
Mechanism
 Attacking Session Tokens Handling
Mechanism: Session Token Sniffing
o Perform Injection Attacks
 Injection Attacks/Input Validation Attacks
o Attack Data Connectivity
 Connection String Injection
 Connection String Parameter Pollution
(CSPP) Attacks
 Connection Pool DoS
o Attack Web App Client
o Attack Web Services
 Web Services Probing Attacks
 Web Service Attacks
 SOAP Injection
 XML Injection
 Web Services Parsing Attacks
 Web Service Attack Tool: soapUI and
XMLSpy
 Web Application Hacking Tools
o Web Application Hacking Tool
 Burp Suite Professional
 CookieDigger
 WebScarab
o Web Application Hacking Tools
Page | 37
Exam 312-50 Certified Ethical Hacker
o Attack Application Logic Flaws
o Attack Database Connectivity
 Connection String Injection
 Connection String Parameter Pollution
(CSPP) Attacks
 Connection Pool DoS
o Attack Web App Client
o Attack Web Services
 Web Services Probing Attacks
 Web Service Attacks: SOAP Injection
 Web Service Attacks: XML Injection
 Web Services Parsing Attacks
 Web Service Attack Tools
 Web App Hacking Tools
o Web Application Hacking Tools
 Countermeasures
o Web Application Fuzz Testing
o Source Code Review
o Encoding Schemes
o How to Defend Against Injection Attacks
o Web Application Attack Countermeasures
o How to Defend Against Web Application
Attacks
 Web App Security Testing Tools
o Web Application Security Testing Tools
o Web Application Firewall
 Web App Pen Testing
o Web Application Pen Testing
 Information Gathering
 Configuration Management Testing
 Authentication Testing
 Session Management Testing
 Authorization Testing
 Data Validation Testing
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 Countermeasures  Denial-of-Service Testing

o Encoding Schemes  Web Services Testing
o How to Defend Against SQL Injection Attacks  AJAX Testing
o How to Defend Against Command Injection
o Web Application Pen Testing Framework
Flaws
o How to Defend Against XSS Attacks
o How to Defend Against DoS Attack
o How to Defend Against Web Services Attack
o Guidelines for Secure CAPTCHA
Implementation
o Web Application Attack Countermeasures
o How to Defend Against Web Application
Attacks
 Security Tools
o Web Application Security Tool
 Acunetix Web Vulnerability Scanner
 Watcher Web Security Tool
 Netsparker
 N-Stalker Web Application Security
Scanner
 VampireScan
o Web Application Security Tools
o Web Application Firewall
 dotDefender
 ServerDefender VP
o Web Application Firewall
 Web App Pen Testing
o Web Application Pen Testing
 Information Gathering
 Configuration Management Testing
 Authentication Testing
 Session Management Testing
 Authorization Testing
 Data Validation Testing
 Denial-of-Service Testing
 Web Services Testing
 AJAX Testing
o Web Application Pen Testing Framework
 Kali Linux
Page | 38 Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 Metasploit
 Browser Exploitation Framework (BeEF)
 PowerSploit

Module 13: SQL Injection Module 15: SQL Injection

 SQL Injection Statistics
 SQL Most Prevalent Vulnerability 2015
 SQL Injection Concepts
o What is SQL Injection?
o Why Bother about SQL Injection?
o How Web Applications Work
o SQL Injection and Server-side Technologies
o Understanding HTTP Post Request
o Example: Normal SQL Query
o Understanding an SQL Injection Query
 Code Analysis
o Example of a Web App Vulnerable to SQL
Injection
 BadProductList.aspx
 Attack Analysis
o Example of SQL Injection
 Updating Table
 Adding New Records
 Identifying the Table Name
 Deleting a Table
 Types of SQL Injection
o Error Based SQL Injection
o Union SQL Injection
o Blind SQL Injection
 No Error Messages Returned
 Blind SQL Injection: WAITFOR DELAY (YES
or NO Response)
o Boolean Exploitation Technique
 SQL Injection Concepts
o What is SQL Injection?
o SQL Injection and Server-side Technologies
o Understanding HTTP POST Request
o Understanding Normal SQL Query
o Understanding an SQL Injection Query
o Understanding an SQL Injection Query – Code
Analysis
o Example of a Web Application Vulnerable to
SQL Injection: BadProductList.aspx
o Example of a Web Application Vulnerable to
SQL Injection: Attack Analysis
o Examples of SQL Injection
 Types of SQL Injection
o Types of SQL injection
 In-Band SQL Injection
 Error Based SQL Injection
 Union SQL Injection
 Blind/Inferential SQL Injection
 No Error Messages Returned
 Blind SQL Injection: WAITFOR DELAY
(YES or NO Response)
 Blind SQL Injection: Boolean
Exploitation and Heavy Query
 Out-of-Band SQL injection
 SQL Injection Methodology
o SQL Injection Methodology
 Information Gathering and SQL Injection
Vulnerability Detection
 Information Gathering
 Identifying Data Entry Paths
 Extracting Information through Error
Messages

Page | 39 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
 SQL Injection Methodology
o Information Gathering and SQL Injection
Vulnerability Detection
 Information Gathering
 Identifying Data Entry Paths
 Extracting Information through Error
Messages
 Testing for SQL Injection
 Additional Methods to Detect SQL
Injection
 SQL Injection Black Box Pen Testing
 Source Code Review to Detect SQL
Injection Vulnerabilities
o Launch SQL Injection Attacks
 Perform Union SQL Injection
 Perform Error Based SQL Injection
 Perform Error Based SQL Injection:
Using Stored Procedure Injection
 Bypass Website Logins Using SQL Injection
 Perform Blind SQL Injection – Exploitation
(MySQL)
 Blind SQL Injection
 Extract Database User
 Extract Database Name
 Extract Column Name
 Extract Data from ROWS
 Perform Double Blind SQL Injection -
Classical Exploitation (MySQL)
 Perform Blind SQL Injection Using Out
of Band Exploitation Technique
 Exploiting Second-Order SQL Injection
o Advanced SQL Injection
 Database, Table, and Column Enumeration
 Advanced Enumeration
Page | 40
Exam 312-50 Certified Ethical Hacker
 Testing for SQL Injection
 Additional Methods to Detect SQL
Injection
 SQL Injection Black Box Pen Testing
 Source Code Review to Detect SQL
Injection Vulnerabilities
 Testing for Blind SQL Injection
Vulnerability in MySQL and MSSQL
 Launch SQL Injection Attacks
 Perform Union SQL Injection
 Perform Error Based SQL Injection
 Perform Error Based SQL Injection
using Stored Procedure Injection
 Bypass Website Logins Using SQL
Injection
 Perform Blind SQL Injection –
Exploitation (MySQL)
 Blind SQL Injection - Extract Database
User
 Blind SQL Injection - Extract Database
Name
 Blind SQL Injection - Extract Column
Name
 Blind SQL Injection - Extract Data from
ROWS
 Perform Double Blind SQL Injection –
Classical Exploitation (MySQL)
 Perform Blind SQL Injection Using Out
of Band Exploitation Technique
 Exploiting Second-Order SQL Injection
 Bypass Firewall using SQL Injection
 Perform SQL Injection to Insert a New
User and Update Password
 Exporting a Value with Regular
Expression Attack
 Advanced SQL Injection
 Database, Table, and Column
Enumeration
 Advanced Enumeration
 Features of Different DBMSs
 Creating Database Accounts
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 Features of Different DBMSs  Password Grabbing

 Creating Database Accounts  Grabbing SQL Server Hashes
 Extracting SQL Hashes (In a Single
 Password Grabbing
Statement
 Transfer Database to Attacker's
 Grabbing SQL Server Hashes
Machine
 Extracting SQL Hashes (In a Single
 Interacting with the Operating System
Statement)
 Transfer Database to Attacker's Machine  Interacting with the File System
 Network Reconnaissance Using SQL
 Interacting with the Operating System
Injection
 Interacting with the File System  Network Reconnaissance Full Query
 Network Reconnaissance Using SQL  Finding and Bypassing Admin Panel of
Injection a Website
 Network Reconnaissance Full Query  PL/SQL Exploitation
 Creating Server Backdoors using SQL
 SQL Injection Tools
Injection
o BSQLHacker  SQL Injection Tools
o Marathon Tool o SQL Injection Tools
o SQL Power Injector  SQL Power Injector and sqlmap
o Havij  The Mole and jSQL Injection
o SQL Injection Tools o SQL Injection Tools
o SQL Injection Tool for Mobile o SQL Injection Tools for Mobile
 DroidSQLi  Evasion Techniques
 sqlmapchik o Evading IDS
 Evasion Techniques o Types of Signature Evasion Techniques
o Evading IDS  In-line Comment
o Types of Signature Evasion Techniques  Char Encoding
o Evasion Technique  String Concatenation
 Sophisticated Matches  Obfuscated Codes
 Hex Encoding  Manipulating White Spaces
 Manipulating White Spaces  Hex Encoding
 In-line Comment  Sophisticated Matches
 Char Encoding  URL Encoding
 String Concatenation  Null Byte
 Obfuscated Codes  Case Variation
 Countermeasures  Declare Variable
o How to Defend Against SQL Injection Attacks  IP Fragmentation
 Use Type-Safe SQL Parameters  Countermeasures

Page | 41 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

o SQL Injection Detection Tool
 dotDefender
 IBM Security AppScan
 WebCruiser
o Snort Rule to Detect SQL Injection Attacks
o SQL Injection Detection Tools
o How to Defend Against SQL Injection Attacks
 Use Type-Safe SQL Parameters
o SQL Injection Detection Tools
 IBM Security AppScan and Acunetix Web
Vulnerability Scanner
 Snort Rule to Detect SQL Injection Attacks
o SQL Injection Detection Tools

Module 14: Hacking Wireless Networks Module 16: Hacking Wireless Networks
 Are You Protected from Hackers on Public Wi-Fi?  Wireless Concepts
 Wi-Fi Statistics o Wireless Terminologies
 Wireless Concepts o Wireless Networks
o Wireless Terminologies o Wireless Standards
o Wireless Networks o Service Set Identifier (SSID)
o Wi-Fi Networks at Home and Public Places o Wi-Fi Authentication Modes
o Wi-Fi Authentication Process Using a
o Wireless Technology Statistics
Centralized Authentication Server
o Types of Wireless Networks o Types of Wireless Antennas
o Wireless Standards  Wireless Encryption
o Service Set Identifier (SSID) o Types of Wireless Encryption
 WEP (Wired Equivalent Privacy)
o Wi-Fi Authentication Modes
Encryption
o Wi-Fi Authentication Process Using a
 WPA (Wi-Fi Protected Access) Encryption
Centralized Authentication Server
 WPA2 (Wi-Fi Protected Access 2)
o Wi-Fi Chalking
Encryption
 Wi-Fi Chalking Symbols o WEP vs. WPA vs. WPA2
o Types of Wireless Antenna o WEP Issues
 Parabolic Grid Antenna o Weak Initialization Vectors (IV)
 Wireless Encryption  Wireless Threats
o Types of Wireless Encryption o Wireless Threats
 WEP Encryption  Rogue Access Point Attack
 How WEP Works  Client Mis-association
 What is WPA?  Misconfigured Access Point Attack
 How WPA Works  Unauthorized Association
 Temporal Keys  Ad Hoc Connection Attack
 What is WPA2?  Honeypot Access Point Attack
 How WPA2 Works  AP MAC Spoofing
o WEP vs. WPA vs. WPA2  Denial-of-Service Attack

Page | 42 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
o WEP Issues
o Weak Initialization Vectors (IV)
o How to Break WEP Encryption
o How to Break WPA Encryption
o How to Defend Against WPA Cracking
 Wireless Threats
o Access Control Attacks
o Integrity Attacks
o Confidentiality Attacks
o Availability Attacks
o Authentication Attacks
o Rogue Access Point Attack
o Client Mis-association
o Misconfigured Access Point Attack
o Unauthorized Association
o Ad Hoc Connection Attack
o HoneySpot Access Point Attack
o AP MAC Spoofing
o Denial-of-Service Attack
o Jamming Signal Attack
o Wi-Fi Jamming Devices
 Wireless Hacking Methodology
o Wi-Fi Discovery
 Footprint the Wireless Network
 Find Wi-Fi Networks to Attack
 Wi-Fi Discovery Tool
 inSSIDer and NetSurveyor
 Vistumbler and NetStumbler
 Wi-Fi Discovery Tools
 Mobile-based Wi-Fi Discovery Tool
o GPS Mapping
 GPS Mapping Tool
 WIGLE
 Skyhook
 Wi-Fi Hotspot Finder
Page | 43
Exam 312-50 Certified Ethical Hacker
 Key Reinstallation Attack (KRACK)
 Jamming Signal Attack
 Wi-Fi Jamming Devices
 Wireless Hacking Methodology
o Wireless Hacking Methodology
 Wi-Fi Discovery
 Footprint the Wireless Network
 Find Wi-Fi Networks in Range to
Attack
 Wi-Fi Discovery Tools
 Mobile-based Wi-Fi Discovery Tools
 GPS Mapping
 GPS Mapping Tools
 Wi-Fi Hotspot Finder Tools
 How to Discover Wi-Fi Network Using
Wardriving
 Wireless Traffic Analysis
 Choosing the Right Wi-Fi Card
 Wi-Fi USB Dongle: AirPcap
 Wi-Fi Packet Sniffer
 Perform Spectrum Analysis
 Launch Wireless Attacks
 Aircrack-ng Suite
 How to Reveal Hidden SSIDs
 Fragmentation Attack
 How to Launch MAC Spoofing Attack
 Denial-of-Service: Disassociation and
Deauthentication Attacks
 Man-in-the-Middle Attack
 MITM Attack Using Aircrack-ng
 Wireless ARP Poisoning Attack
 Rogue Access Points
 Evil Twin
 How to Set Up a Fake Hotspot (Evil
Twin)
 Crack Wi-Fi Encryption
 How to Break WEP Encryption
 How to Crack WEP Using Aircrack-ng
 How to Break WPA/WPA2 Encryption
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
 Wi-Fi Finder
 WeFi
 How to Discover Wi-Fi Network Using
Wardriving
o Wireless Traffic Analysis
 Wireless Cards and Chipsets
 Wi-Fi USB Dongle: AirPcap
 Wi-Fi Packet Sniffer
 Wireshark with AirPcap
 SteelCentral Packet Analyzer
 OmniPeek Network Analyzer
 CommView for Wi-Fi
 What is Spectrum Analysis?
 Wi-Fi Packet Sniffers
o Launch Wireless Attacks
 Aircrack-ng Suite
 How to Reveal Hidden SSIDs
 Fragmentation Attack
 How to Launch MAC Spoofing Attack
 Denial of Service: Deauthentication and
Disassociation Attacks
 Man-in-the-Middle Attack
 MITM Attack Using Aircrack-ng
 Wireless ARP Poisoning Attack
 Rogue Access Point
 Evil Twin
 How to Set Up a Fake Hotspot (Evil
Twin)
o Crack Wi-Fi Encryption
 How to Crack WEP Using Aircrack
 How to Crack WPA-PSK Using Aircrack
 WPA Cracking Tool: KisMAC
 WEP Cracking Using Cain & Abel
 WPA Brute Forcing Using Cain & Abel
 WPA Cracking Tool: Elcomsoft Wireless
Security Auditor
 WEP/WPA Cracking Tools
Page | 44
Exam 312-50 Certified Ethical Hacker
 How to Crack WPA-PSK Using
Aircrack-ng
 WEP Cracking and WPA Brute Forcing
Using Cain & Abel
 Wireless Hacking Tools
o WEP/WPA Cracking Tools
o WEP/WPA Cracking Tool for Mobile
o Wi-Fi Sniffer
o Wi-Fi Traffic Analyzer Tools
o Other Wireless Hacking Tools
 Bluetooth Hacking
o Bluetooth Stack
o Bluetooth Hacking
o Bluetooth Threats
o How to BlueJack a Victim
o Bluetooth Hacking Tools
 Countermeasures
o Wireless Security Layers
o How to Defend Against WPA/WPA2 Cracking
o How to Defend Against KRACK Attacks
o How to Detect and Block Rogue AP
o How to Defend Against Wireless Attacks
o How to Defend Against Bluetooth Hacking
 Wireless Security Tools
o Wireless Intrusion Prevention Systems
o Wireless IPS Deployment
o Wi-Fi Security Auditing Tools
o Wi-Fi Intrusion Prevention System
o Wi-Fi Predictive Planning Tools
o Wi-Fi Vulnerability Scanning Tools
o Bluetooth Security Tools
o Wi-Fi Security Tools for Mobile
 Wireless Pen Testing
o Wireless Penetration Testing
o Wireless Penetration Testing Framework
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 WEP/WPA Cracking Tool for Mobile:  Pen Testing for General Wi-Fi Network
Penetrate Pro Attack
 Wireless Hacking Tools  Pen Testing WEP Encrypted WLAN
o Wi-Fi Sniffer: Kismet  Pen Testing WPA/WPA2 Encrypted WLAN
o Wardriving Tools  Pen Testing LEAP Encrypted WLAN
o RF Monitoring Tools  Pen Testing Unencrypted WLAN
o Wi-Fi Traffic Analyzer Tools
o Wi-Fi Raw Packet Capturing and Spectrum
Analyzing Tools
o Wireless Hacking Tools for Mobile: WiHack
and Backtrack Simulator
 Bluetooth Hacking
o Bluetooth Stack
o Bluetooth Threats
o How to BlueJack a Victim
o Bluetooth Hacking Tool
 PhoneSnoop
 BlueScanner
o Bluetooth Hacking Tools
 Countermeasures
o How to Defend Against Bluetooth Hacking
o How to Detect and Block Rogue AP
o Wireless Security Layers
o How to Defend Against Wireless Attacks
 Wireless Security Tools
o Wireless Intrusion Prevention Systems
o Wireless IPS Deployment
o Wi-Fi Security Auditing Tool
 AirMagnet WiFi Analyzer
 Motorola’s AirDefense Services Platform
(ADSP)
 Adaptive Wireless IPS
 Aruba RFProtect
o Wi-Fi Intrusion Prevention System
o Wi-Fi Predictive Planning Tools
o Wi-Fi Vulnerability Scanning Tools
o Bluetooth Security Tool: Bluetooth Firewall
o Wi-Fi Security Tools for Mobile: Wifi
Protector, WiFiGuard, and Wifi Inspector

Page | 45 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
 Wi-Fi Pen Testing
o Wireless Penetration Testing
o Wireless Penetration Testing Framework
o Wi-Fi Pen Testing Framework
o Pen Testing LEAP Encrypted WLAN
o Pen Testing WPA/WPA2 Encrypted WLAN
o Pen Testing WEP Encrypted WLAN
o Pen Testing Unencrypted WLAN
Module 15: Hacking Mobile Platforms
 The Future of Mobile
 Mobile Platform Attack Vectors
o Vulnerable Areas in Mobile Business
Environment
o OWASP Mobile Top 10 Risks
o Anatomy of a Mobile Attack
o How a Hacker can Profit from Mobile when
Successfully Compromised
o Mobile Attack Vectors
o Mobile Platform Vulnerabilities and Risks
o Security Issues Arising from App Stores
o App Sandboxing Issues
o Mobile Spam
o SMS Phishing Attack (SMiShing) (Targeted
Attack Scan)
 Why SMS Phishing is Effective?
 SMS Phishing Attack Examples
o Pairing Mobile Devices on Open Bluetooth
and Wi-Fi Connections
 Hacking Android OS
o Android OS
o Android OS Architecture
o Android Device Administration API
o Android Rooting
 Rooting Android Phones using
SuperOneClick
 Rooting Android Phones Using Superboot
Page | 46
Exam 312-50 Certified Ethical Hacker
Module 17: Hacking Mobile Platforms
 Mobile Platform Attack Vectors
o Vulnerable Areas in Mobile Business
Environment
o OWASP Top 10 Mobile Risks - 2016
o Anatomy of a Mobile Attack
o How a Hacker can Profit from Mobile when
Successfully Compromised
o Mobile Attack Vectors and Mobile Platform
Vulnerabilities
o Security Issues Arising from App Stores
o App Sandboxing Issues
o Mobile Spam
o SMS Phishing Attack (SMiShing) (Targeted
Attack Scan)
 SMS Phishing Attack Examples
o Pairing Mobile Devices on Open Bluetooth
and Wi-Fi Connections
 Hacking Android OS
o Android OS
 Android Device Administration API
o Android Rooting
 Rooting Android Using KingoRoot
 Android Rooting Tools
o Blocking Wi-Fi Access using NetCut
o Hacking with zANTI
o Hacking Networks Using Network Spoofer
o Launching DoS Attack using Low Orbit Ion
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

Cannon (LOIC)
o Performing Session Hijacking Using
 Android Rooting Tools
DroidSheep
o Hacking Networks Using Network Spoofer o Hacking with Orbot Proxy
o Session Hijacking Using DroidSheep o Android-based Sniffers
o Android-based Sniffer o Android Trojans
 FaceNiff o Securing Android Devices
 Packet Sniffer, tPacketCapture, and
o Android Security Tool: Find My Device
Android PCAP
o Android Trojan o Android Security Tools
 ZitMo (ZeuS-in-the-Mobile) o Android Vulnerability Scanner
 FakeToken and TRAMP.A o Android Device Tracking Tools
 Fakedefender and Obad  Hacking iOS
 FakeInst and OpFake o Apple iOS
 AndroRAT and Dendroid o Jailbreaking iOS
o Securing Android Devices  Jailbreaking Techniques
 Google Apps Device Policy  Jailbreaking of iOS 11.2.1 Using Cydia
 Jailbreaking of iOS 11.2.1 Using Pangu
 Remote Wipe Service: Remote Wipe
Anzhuang
 Android Security Tool  Jailbreaking Tools
 DroidSheep Guard o iOS Trojans
 TrustGo Mobile Security and Sophos
o Guidelines for Securing iOS Devices
Mobile Security
 360 Security, AVL, and Avira Antivirus
o iOS Device Tracking Tools
Security
 Android Vulnerability Scanner: X-Ray o iOS Device Security Tools
 Android Device Tracking Tools  Mobile Spyware
 Hacking iOS o Mobile Spyware
o Apple iOS o Mobile Spyware: mSpy
o Jailbreaking iOS o Mobile Spywares
 Types of Jailbreaking  Mobile Device Management
 Jailbreaking Techniques o Mobile Device Management (MDM)
 App Platform for Jailbroaken Devices:
o Mobile Device Management Solutions
Cydia
 Jailbreaking Tool: Pangu o Bring Your Own Device (BYOD)
 Untethered Jailbreaking of iOS
 BYOD Risks
7.1.1/7.1.2 Using Pangu for Mac
 Jailbreaking Tools  BYOD Policy Implementation
 Redsn0w and Absinthe  BYOD Security Guidelines
 evasi0n7 and GeekSn0w  Mobile Security Guidelines and Tools
Page | 47 Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

o General Guidelines for Mobile Platform

 Sn0wbreeze and PwnageTool
Security
o Mobile Device Security Guidelines for
 LimeRa1n and Blackra1n
Administrator
o Guidelines for Securing iOS Devices o SMS Phishing Countermeasures
 iOS Device Tracking Tools o Mobile Protection Tools
 Hacking Windows Phone OS o Mobile Anti-Spyware
o Windows Phone 8  Mobile Pen Testing
o Windows Phone 8 Architecture o Android Phone Pen Testing
o Secure Boot Process o iPhone Pen Testing
o Guidelines for Securing Windows OS Devices o Mobile Pen Testing Toolkit: Hackode
 Windows OS Device Tracking Tool:
FollowMee GPS Tracker
 Hacking BlackBerry
o BlackBerry Operating System
o BlackBerry Enterprise Solution Architecture
o Blackberry Attack Vectors
 Malicious Code Signing
 JAD File Exploits and Memory/ Processes
Manipulations
 Short Message Service (SMS) Exploits
 Email Exploits
 PIM Data Attacks and TCP/IP Connections
Vulnerabilities
o Guidelines for Securing BlackBerry Devices
 BlackBerry Device Tracking Tools:
MobileTracker and Position Logic
Blackberry Tracker
 Mobile Spyware: mSpy and StealthGenie
 Mobile Spyware
 Mobile Device Management
o Mobile Device Management (MDM)
 MDM Solution: MaaS360 Mobile Device
Management (MDM)
 MDM Solutions
o Bring Your Own Device (BYOD)
 BYOD Risks
 BYOD Policy Implementation
 BYOD Security Guidelines for
Administrator

Page | 48 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 BYOD Security Guidelines for Employee

 Mobile Security Guidelines and Tools
o General Guidelines for Mobile Platform
Security
o Mobile Device Security Guidelines for
Administrator
o SMS Phishing Countermeasures
o Mobile Protection Tool
 BullGuard Mobile Security
 Lookout
 WISeID
 zIPS
o Mobile Protection Tools
o Mobile Anti-Spyware
 Mobile Pen Testing
o Android Phone Pen Testing
o iPhone Pen Testing
o Windows Phone Pen Testing
o BlackBerry Pen Testing
o Mobile Pen Testing Toolkit
 zANTI
 dSploit
 Hackode (The Hacker's Toolbox)

Module 18: IoT Hacking

 IoT Concepts
o What is IoT
o How IoT Works
o IoT Architecture
o IoT Application Areas and Devices
o IoT Technologies and Protocols
o IoT Communication Models
o Challenges of IoT
o Threat vs Opportunity
 IoT Attacks
o IoT Security Problems
o OWASP Top 10 IoT Vulnerabilities and
Obstacles
o IoT Attack Surface Areas

Page | 49 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

o IoT Threats
o Hacking IoT Devices: General Scenario
o IoT Attacks
 DDoS Attack
 Exploit HVAC
 Rolling Code Attack
 BlueBorne Attack
 Jamming Attack
 Hacking Smart Grid / Industrial Devices:
Remote Access using Backdoor
 Othr IoT Attacks
o IoT Attacks in Different Sectors
o Case Study: Dyn Attack
 IoT Hacking Methodology
o What is IoT Device Hacking?
o IoT Hacking Methodology
 Information Gathering Using Shodan
 Information Gathering using MultiPing
 Vulnerability Scanning using Nmap
 Vulnerability Scanning using RIoT
Vulnerability Scanner
 Sniffing using Foren6
 Rolling code Attack using RFCrack
 Hacking Zigbee Devices with Attify Zigbee
Framework
 BlueBorne Attack Using HackRF One
 Gaining Remote Access using Telnet
 Maintain Access by Exploiting Firmware
 IoT Hacking Tools
o Information Gathering Tools
o Sniffing Tools
o Vulnerability Scanning Tools
o IoT Hacking Tools
 Countermeasures
o How to Defend Against IoT Hacking
o General Guidelines for IoT Device
Manufacturing Companies
o OWASP Top 10 IoT Vulnerabilities Solutions
o IoT Framework Security Considerations

Page | 50 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
Module 17: Cloud Computing
 Statistics: Cloud Predictions
 Introduction to Cloud Computing
o Types of Cloud Computing Services
o Separation of Responsibilities in Cloud
o Cloud Deployment Models
o NIST Cloud Computing Reference Architecture
o Cloud Computing Benefits
o Understanding Virtualization
o Benefits of Virtualization in Cloud
 Cloud Computing Threats
 Cloud Computing Attacks
o Service Hijacking using Social Engineering
Attacks
o Service Hijacking using Network Sniffing
o Session Hijacking using XSS Attack
o Session Hijacking using Session Riding
o Domain Name System (DNS) Attacks
o Side Channel Attacks or Cross-guest VM
Breaches
 Side Channel Attack Countermeasures
o SQL Injection Attacks
o Cryptanalysis Attacks
 Cryptanalysis Attack Countermeasures
o Wrapping Attack
o Denial-of-Service (DoS) and Distributed
Denial-of-Service (DDoS) Attacks
 Cloud Security
o Cloud Security Control Layers
o Cloud Security is the Responsibility of both
Cloud Provider and Consumer
o Cloud Computing Security Considerations
Page | 51
Exam 312-50 Certified Ethical Hacker
o IoT Security Tools
 IoT Pen Testing
o IoT Pen Testing
Module 19: Cloud Computing
 Cloud Computing Concepts
o Introduction to Cloud Computing
o Separation of Responsibilities in Cloud
o Cloud Deployment Models
o NIST Cloud Deployment Reference
Architecture
o Cloud Computing Benefits
o Understanding Virtualization
 Cloud Computing Threats
o Cloud Computing Threats
 Cloud Computing Attacks
o Service Hijacking using Social Engineering
Attacks
o Service Hijacking using Network Sniffing
o Session Hijacking using XSS Attack
o Session Hijacking using Session Riding
o Domain Name System (DNS) Attacks
o Side Channel Attacks or Cross-guest VM
Breaches
o SQL Injection Attacks
o Cryptanalysis Attacks
o Wrapping Attack
o Denial-of-Service (DoS) and Distributed
Denial-of-Service (DDoS) Attacks
o Man-in-the-Cloud Attack
 Cloud Security
o Cloud Security Control Layers
o Cloud Security is the Responsibility of both
Cloud Provider and Consumer
o Cloud Computing Security Considerations
o Placement of Security Controls in the Cloud
o Best Practices for Securing Cloud
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

o Placement of Security Controls in the Cloud o NIST Recommendations for Cloud Security
o Organization/Provider Cloud Security
o Best Practices for Securing Cloud
Compliance Checklist
o NIST Recommendations for Cloud Security  Cloud Security Tools
o Organization/Provider Cloud Security
o Cloud Security Tools
Compliance Checklist
 Cloud Security Tools  Cloud Penetration Testing
o Core CloudInspect o What is Cloud Pen Testing?
o Key Considerations for Pen Testing in the
o CloudPassage Halo
Cloud
o Cloud Security Tools o Cloud Penetration Testing
 Cloud Penetration Testing o Recommendations for Cloud Testing
o What is Cloud Pen Testing?
o Key Considerations for Pen Testing in the
Cloud
o Scope of Cloud Pen Testing
o Cloud Penetration Testing
o Recommendations for Cloud Testing

Module 18: Cryptography Module 20: Cryptography

 Market Survey 2014: The Year of Encryption  Cryptography Concepts
 Case Study: Heartbleed o Cryptography
 Case Study: Poodlebleed  Types of Cryptography
 Cryptography Concepts o Government Access to Keys (GAK)
o Cryptography  Encryption Algorithms
o Types of Cryptography o Ciphers
o Government Access to Keys (GAK) o Data Encryption Standard (DES)
 Encryption Algorithms o Advanced Encryption Standard (AES)
o Ciphers o RC4, RC5, and RC6 Algorithms
o Data Encryption Standard (DES) o Twofish
o Advanced Encryption Standard (AES) o The DSA and Related Signature Schemes
o RC4, RC5, RC6 Algorithms o Rivest Shamir Adleman (RSA)
o The DSA and Related Signature Schemes o Diffie-Hellman
o RSA (Rivest Shamir Adleman) o Message Digest (One-Way Hash) Functions
 The RSA Signature Scheme  Message Digest Function: MD5
 Example of RSA Algorithm  Secure Hashing Algorithm (SHA)
o Message Digest (One-way Hash) Functions  RIPEMD - 160
 Message Digest Function: MD5  HMAC
o Secure Hashing Algorithm (SHA)  Cryptography Tools

Page | 52 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

o What is SSH (Secure Shell)? o MD5 Hash Calculators

 Cryptography Tools o Hash Calculators for Mobile
o MD5 Hash Calculators: HashCalc, MD5
o Cryptography Tools
Calculator and HashMyFiles
o Hash Calculators for Mobile: MD5 Hash
 Advanced Encryption Package 2017
Calculator, Hash Droid, and Hash Calculator
o Cryptography Tool  BCTextEncoder
 Advanced Encryption Package 2014  Cryptography Tools
 BCTextEncoder o Cryptography Tools for Mobile
o Cryptography Tools  Public Key Infrastructure (PKI)
o Cryptography Tools for Mobile: Secret Space
o Public Key Infrastructure (PKI)
Encryptor, CryptoSymm, and Cipher Sender
 Public Key Infrastructure (PKI)  Certification Authorities
 Signed Certificate (CA) Vs. Self Signed
o Certification Authorities
Certificate
o Signed Certificate (CA) Vs. Self Signed
 Email Encryption
Certificate
 Email Encryption o Digital Signature
o Digital Signature o Secure Sockets Layer (SSL)
o SSL (Secure Sockets Layer) o Transport Layer Security (TLS)
o Transport Layer Security (TLS) o Cryptography Toolkit
o Cryptography Toolkit  OpenSSL
 OpenSSL  Keyczar
 Keyczar o Pretty Good Privacy (PGP)
o Pretty Good Privacy (PGP)  Disk Encryption
 Disk Encryption o Disk Encryption
o Disk Encryption Tools: Symantec Drive
o Disk Encryption Tools
Encryption and GiliSoft Full Disk Encryption
o Disk Encryption Tools  VeraCrypt
 Cryptography Attacks  Symantec Drive Encryption
o Code Breaking Methodologies  Disk Encryption Tools
o Brute-Force Attack  Cryptanalysis
o Meet-in-the-Middle Attack on Digital
o Cryptanalysis Methods
Signature Schemes
o Side Channel Attack  Linear Cryptanalysis
 Side Channel Attack - Scenario  Differential Cryptanalysis
 Cryptanalysis Tools  Integral Cryptanalysis
o Cryptanalysis Tool: CrypTool o Code Breaking Methodologies
o Cryptanalysis Tools o Cryptography Attacks
o Online MD5 Decryption Tools  Brute-Force Attack
Page | 53 Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

 Birthday Attack
 Birthday Paradox: Probability
 Meet-in-the-Middle Attack on Digital
Signature Schemes
 Side Channel Attack
 Hash Collision Attack
 DUHK Attack
 Rainbow Table Attack
o Cryptanalysis Tools
o Online MD5 Decryption Tools
 Countermeasures
o How to Defend Against Cryptographic Attacks

Page | 54 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

Labs Comparison
The notations used:
1. Red points are new labs in CEHv10
2. Blue points are substantially modified labs in CEHv10
3. Striked labs are removed from CEHv10

CEHv9 CEHv10
Module 01: Introduction to Ethical Hacking Module 01: Introduction to Ethical Hacking

Module 02: Footprinting and Reconnaissance
1. Open source information gathering using
Windows Command line utilities
2. Gathering personal information using Online
People Search Services
3. Collecting Information about a Target Website
Using Firebug
4. Extracting a Company’s Data Using Web Data
Extractor
5. Mirroring Website Using HTTrack Web Site
Copier
6. Collecting Information about a Target by
Tracing Emails
7. Gathering IP and Domain Name Information
Using Whois Lookup
8. Advanced network Route Tracing using Path
Analyzer Pro
9. Footprinting a target Using Maltego
10. Performing Automated Network
Reconnaissance Using Recon-ng
11. Using Open-source Reconnaissance Tool
Recon-ng to Gather Personnel Information
12. Collecting Information from Social Networking
Sites Using Recon-ng Pushpin
13. Automated Fingerprinting of an Organization
Using FOCA
14. Identifying Vulnerabilities and Information
Disclosures in Search Engines Using
SearchDiggity
Page | 55
Module 02: Footprinting and Reconnaissance
1. Open Source Information Gathering using
Windows Command Line Utilities
2. Finding Company’s Sub-domains using Sublist3r
3. Gathering Personal Information using Online
People Search Services
4. Gathering Information from LinkedIn using
InSpy
5. Collecting Information About a Target Website
using Firebug
6. Extracting a Company’s Data using Web Data
Extractor
7. Mirroring Website using HTTrack Web Site
Copier
8. Collecting Information About a Target by
Tracing Emails
9. Gathering IP and Domain Name Information
using Whois Lookup
10. Advanced Network Route Tracing Using Path
Analyzer Pro
11. Footprinting a Target using Maltego
12. Performing Automated Network
Reconnaissance using Recon-ng
13. Using the Open-source Reconnaissance Tool
Recon-ng to Gather Personnel Information
14. Collecting Information from Social Networking
Sites using Recon-ng Pushpin
15. Automated Fingerprinting of an Organization
using FOCA
16. Open Source Intelligence Gathering using
OSRFramework
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

17. Information Gathering using Metasploit

18. Information Gathering using theHarvester

Module 03: Scanning Networks Module 03: Scanning Networks

1. UDP and TCP Packet Crafting Techniques using 1. Scanning the Network using the Colasoft Packet
HPING3 Builder
2. Scanning the Network Using the Colasoft 2. UDP and TCP Packet Crafting Techniques using
Packet Builder HPING3
3. Basic Network Troubleshooting Using the
3. Basic Network Troubleshooting using MegaPing
MegaPing
4. Understanding Network Scanning Using Nmap 4. Understanding Network Scanning using Nmap
5. Exploring Various Network Scanning
5. Scanning a Network using NetScan Tools Pro
Techniques
6. Scanning a Network Using the NetScan Tools 6. Scanning for Network Traffic Going through a
Pro Computer’s Adapter using IP-Tools
7. Avoiding Scanning Detection using Multiple 7. Checking for Live Systems using Angry IP
Decoy IP Addresses Scanner
8. Vulnerability Analysis Using the Nessus 8. Exploring Various Network Scanning Techniques
9. Scanning for Network Vulnerabilities Using the 9. Perform ICMP Probing using Ping/Traceroute
GFI LanGuard 2014 for Network Troubleshooting
10. Drawing Network Diagrams Using Network 10. Avoiding Scanning Detection using Multiple
Topology Mapper Decoy IP Addresses
11. Scanning Devices in a Network using The Dude 11. Daisy Chaining using Proxy Workbench
12. Daisy Chaining using Proxy Workbench 12. Anonymous Browsing using Proxy Switcher
13. Anonymous Browsing using Proxy Switcher 13. Anonymous Browsing using CyberGhost
14. Identify Target System’s OS with Time-to-Live
14. Anonymous Browsing using CyberGhost
(TTL) and TCP Window Sizes using Wireshark
15. Drawing Network Diagrams using Network
Topology Mapper

Module 04: Enumeration Module 04: Enumeration

1. NetBIOS Enumeration Using Global Network 1. NetBIOS Enumeration using Global Network
Inventory Inventory
2. Enumerating Network Resources Using 2. Enumerating Network Resources using
Advanced IP Scanner Advanced IP canner
3. Performing Network Enumeration Using 3. Performing Network Enumeration using
SuperScan SuperScan
4. Enumerating Resources in a Local Machine 4. Enumerating Resources in a Local Machine
Using Hyena using Hyena
5. Performing Network Enumeration Using 5. Performing Network Enumeration using
NetBIOS Enumerator NetBIOS Enumerator
6. Enumerating a Network Using SoftPerfect 6. Enumerating a Network using SoftPerfect
Network Scanner Network Scanner
Page | 56 Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Version Change Document
7. Enumerating a Target Network using Nmap
and Net Use
8. Enumerating Services on a Target Machine
9. SNMP Enumeration Using SNMPCHECK
10. LDAP Enumeration Using Active Directory
Explorer (ADExplorer)
11. Performing Network Enumeration Using
Various DNS Interrogation Tools
Module 05: System Hacking
1. Dumping and Cracking SAM Hashes to Extract
Plaintext Passwords
2. Creating and Using the Rainbow Tables
3. Auditing System Passwords Using L0phtCrack
4. Exploiting Client Side Vulnerabilities and
Establishing a VNC Session
5. Escalating Privileges by Exploiting Client Side
Vulnerabilities
6. Exploiting freeSSHd Vulnerability and Gaining
Access to a Target System
7. Hacking Windows 8.1 using Metasploit and
Post Exploitation Using Meterpreter
8. System Monitoring Using RemoteExec
9. User System Monitoring and Surveillance Using
Spytech SpyAgent
10. Web Activity Monitoring and Recording using
Power Spy 2014
11. Hiding Files Using NTFS Streams
12. Find Hidden Files Using ADS Spy
13. Hiding Data Using White Space Steganography
14. Image Steganography Using OpenStego
15. Image Steganography Using Quick Stego
16. Viewing, Enabling and Clearing the Audit
Policies Using Auditpol
Page | 57
Exam 312-50 Certified Ethical Hacker
7. Enumerating a Target Network using Nmap and
Net Use
8. Enumerating Services on a Target Machine
9. SNMP Enumeration using snmp_enum
10. LDAP Enumeration using Active Directory
Explorer (ADExplorer)
11. Enumerating Information from Windows and
Samba Host using Enum4linux
Module 05: Vulnerability Analysis
1. Vulnerability Analysis using Nessus
2. Scanning for Network Vulnerabilities using the
GFI LanGuard
3. CGI Scanning with Nikto
Module 06: System Hacking
1. Active Online Attack using Responder
2. Dumping and Cracking SAM Hashes to Extract
Plaintext Passwords
3. Creating and using the Rainbow Tables
4. Auditing System Passwords using L0phtCrack
5. Exploiting Client Side Vulnerabilities and
Establishing a VNC Session
6. Escalating Privileges by Exploiting Client Side
Vulnerabilities
7. Hacking Windows Server 2012 with a Malicious
Office Document using TheFatRat
8. Hacking Windows 10 using Metasploit and Post-
Exploitation using Meterpreter
9. User System Monitoring and Surveillance using
Spytech SpyAgent
10. Web Activity Monitoring and Recording using
Power Spy
11. Hiding Files using NTFS Streams
12. Hiding Data using White Space Steganography
13. Image Steganography using OpenStego
14. Image Steganography using Quick Stego
15. Covert channels using Covert_TCP
16. Viewing, Enabling and Clearing Audit Policies
using Auditpol
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

Module 06: Malware Threats Module 07: Malware Threats

1. Creating a HTTP Trojan and Remotely
Controlling a Target Machine Using HTTP RAT
2. Creating a Trojan Server Using the GUI Trojan
MoSucker
3. Gaining Control over a Victim machine Using
njRAT
4. Obfuscating a Trojan Using SwayzCryptor and
Making it Undetectable from Various Anti-
Virus Programs
5. Creating a Trojan Server Using the ProRat Tool
6. Creating a Trojan Server Using the Theef
7. Attaining Remote Access Using Atelier Web
Remote Commander
8. Building a Botnet Infrastructure Using Umbra
Loader
9. Creating a Virus Using the JPS Virus Maker Tool
10. Creating a Worm Using Ghost Eye Worm and
maintaining a Persistent Connection Using
njRAT
11. Creating a Worm Using the Internet Worm
Maker Thing
12. Virus analysis using IDA Pro
13. Virus analysis using Virus Total
14. Virus Analysis Using OllyDbg
15. Detecting Trojans
16. Monitoring TCP/IP Connections Using the
CurrPorts
1. Gaining Control over a Victim Machine using
njRAT
2. Obfuscating a Trojan using SwayzCryptor and
Making it Undetectable to Various Anti-Virus
Programs
3. Creating a Trojan Server using the GUI Trojan
MoSucker
4. Creating a Server using the ProRat Tool
5. Creating a Trojan Server using Theef
6. Creating a HTTP Trojan and Remote Controlling
a Target Machine using HTTP RAT
7. Creating a Virus using the JPS Virus Maker Tool
8. Creating a Worm using the Internet Worm
Maker Thing
9. Virus Analysis using VirusTotal
10. Virus Analysis using IDA Pro
11. Virus Analysis using OllyDbg
12. Monitoring TCP/IP Connections using the
CurrPorts
13. Performing Registry Entry Monitoring
14. Startup Program Monitoring Tool
15. Perform Device Driver Monitoring
16. Detecting Trojans
17. Removing Malware using ClamWin

Module 07: Sniffing Module 08: Sniffing

1. Performing Man-in-the-Middle Attack using
1 Sniffing Passwords using Wireshark
Cain & Abel
2 Analyzing a Network Using the Capsa Network
2. Spoofing MAC Address using SMAC
Analyzer
3 Sniffing the Network Using the OmniPeek
3. Sniffing Passwords using Wireshark
Network Analyzer
4. Analyzing a Network using the Capsa Network
4 Spoofing MAC Address Using SMAC
Analyzer

Page | 58 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

5 Performing Man-in-the-Middle Attack using 5. Sniffing the Network using the Omnipeek
Cain & Abel Network Analyzer
6 Detecting Systems running in Promiscuous 6. Detecting ARP Poisoning in a Switch Based
mode in a Network using PromqryUI Network
7 Detecting ARP Poisoning in a Switch Based
7. Detecting ARP Attacks with XArp Tool
Network
8 Detecting ARP attacks with XArp tool
9 Performing DNS Poisoning in a Switch Based
Network

Module 08: Social Engineering Module 09: Social Engineering

1. Detecting Phishing Using Netcraft 1. Detecting Phishing using Netcraft
2. Detecting Phishing Using PhishTank 2. Detecting Phishing using PhishTank
3. Sniffing Facebook Credentials using Social 3. Sniffing Facebook Credentials using Social
Engineering Toolkit (SET) Engineering Toolkit (SET)
4. Creating a Malicious Payload Using SET and 4. Phishing User Credentials using SpeedPhish
Exploiting a Windows Machine Framework (SPF)

Module 09: Denial-of-Service Module 10: Denial-of-Service

1. SYN Flooding a Target Host Using Metasploit 1. SYN Flooding a Target Host using Metasploit
2. SYN Flooding a Target Host Using hping3 2. SYN Flooding a Target Host using hping3
3. Performing Distributed Denial of Service Attack
3. HTTP Flooding using DoSHTTP
using HOIC
4. Implementing DoS Attack on a Router using 4. Detecting and Analyzing DoS Attack Traffic using
Slowloris Script KFSensor and Wireshark
5. Performing Distributed Denial of Service Attack
Using HOIC
6. Detecting and Analyzing DoS Attack Traffic
Using KFSensor and Wireshark

Module 10: Session Hijacking Module 11: Session Hijacking

1. Session Hijacking Using the Zed Attack Proxy 1. Session Hijacking using the Zed Attack Proxy
(ZAP) (ZAP)
2. Perform sslstrip and Intercept HTTP Traffic
2. Hijacking a User Session Using Firebug
through BetterCAP
3. Hijacking HTTPS Traffic in a Network Using
sslstrip
4. Performing a MiTM Attack and Hijacking an
Established Session Using Websploit

Module 16: Evading IDS, Firewalls, and Honeypots Module 12: Evading IDS, Firewalls, and Honeypots
1. Detecting Intrusions using Snort 1. Detecting Intrusions using Snort

Page | 59 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

2. Detecting Malicious Network Traffic Using 2. Detecting Malicious Network Traffic using
HoneyBot HoneyBOT
3. Detecting Intruders and Worms using KFSensor 3. Detecting Intruders and Worms using KFSensor
Honeypot IDS Honeypot IDS
4. Bypassing Windows Firewall Using Nmap 4. Bypassing Windows Firewall using Nmap
Evasion Techniques Evasion Techniques
5. Bypassing Firewall Rules Using HTTP/FTP 5. Bypassing Firewall Rules using HTTP/FTP
Tunneling Tunneling
6. Bypassing Windows Firewall and Maintaining a
6. Bypassing Windows Firewall using Metasploit
Persistent Connection with a Victim

Module 11: Hacking Webservers Module 13: Hacking Web Servers

1. Performing Web Server Reconnaissance using 1. Performing Web Server Reconnaissance using
Skipfish Skipfish
2. Footprinting Webserver Using the httprecon 2. Footprinting a Web Server using the httprecon
Tool Tool
3. Footprinting a Webserver Using ID Serve 3. Footprinting a Web Server using ID Serve
4. Exploiting Java Vulnerability using Metasploit
4. Uniscan Web Server Fingerprinting in Kali Linux
Framework
5. Performing ShellShock Exploitation on a Web
Server and Gaining Unrestricted Access to the 5. Cracking FTP Credentials using Dictionary Attack
Server
6. Cracking FTP Credentials Using Dictionary
Attack

Module 12: Hacking Web Applications Module 14: Hacking Web Applications
1. Exploiting Parameter Tampering and XSS 1. Exploiting Parameter Tampering and XSS
Vulnerabilities in Web Applications Vulnerabilities in Web Applications
2. Using Stored XSS Attack to Hijack an 2. Performing Cross-Site Request Forgery (CSRF)
Authenticated User Session Attack
3. Enumerating and Hacking a Web Application 3. Enumerating and Hacking a Web Application
Using WPScan and Metasploit using WPScan and Metasploit
4. Exploiting Remote Command Execution
4. Exploiting WordPress Plugin Vulnerabilities
Vulnerability to Compromise a Target Web
using Metasploit
Server
5. Exploiting Remote Command Execution
5. Exploiting File Upload Vulnerability at Different
Vulnerability to Compromise a Target Web
Security Levels
Server
6. Auditing Web Application Framework Using 6. Website Vulnerability Scanning using Acunetix
W3AF WVS
7. Website Vulnerability Scanning Using Acunetix 7. Auditing Web Application Framework using
WVS Vega

Page | 60 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

Module 13: SQL Injection Module 15: SQL Injection

1. SQL Injection Attacks on MS SQL Database 1. SQL Injection Attacks on MSSQL Database
2. Performing SQL Injection Attack against MSSQL
2. Performing Blind SQL Injection on DVWA
to Extract Databases and WebShell using
Application
SQLMAP
3. Testing for SQL Injection Using IBM Security 3. Testing for SQL Injection using IBM Security
AppScan Tool AppScan Tool
4. Testing for SQL Injection Using WebCruiser
4. Scanning Web Applications using N-Stalker Tool
Tool
5. Scanning Web Applications Using N-Stalker
Tool

Module 14: Hacking Wireless Networks Module 16: Hacking Wireless Networks
1. WiFi Packet Sniffing using Microsoft Network
1. WiFi Packet Sniffing Using AirPcap with Wireshark
Monitor and Wireshark
2. Sniffing the Network Using the OmniPeek Network
Analyzer
2. Cracking a WEP Network with Aircrack-ng

3. Cracking a WEP Network with Aircrack-ng for

3. Cracking a WPA Network with Aircrack-ng
Windows

Module 15: Hacking Mobile Platforms Module 17: Hacking Mobile Platforms
1. Creating Binary Payloads using Kali Linux to 1. Creating Binary Payloads using Kali Linux to
Hack Android Hack Android
2. Harvesting Users’ Credentials Using Social 2. Harvesting Users’ Credentials using Social
Engineering Toolkit Engineering Toolkit
3. Using Mobile Platform to Enforce a DoS Attack 3. Using Mobile Platform to Enforce a DoS Attack
on a Victim Machine on a Target Website
4. Securing Android Device from Malicious 4. Hacking Android Device with a Malicious App
Applications using TheFatRat
5. Securing Android Devices from Malicious
Applications

Module 17: Cloud Computing Security Module 19: Cloud Computing

1. Building a Cloud Using ownCloud and 1. Building a Cloud using ownCloud and
WampServer LAMPServer
2. Securing ownCloud from Malicious File Uploads
2. Transferring Cloud Data Over Secure Channel
using ClamAV
3. Harvesting Cloud Credentials by Exploiting Java 3. Bypassing ownCloud AV and Hacking the Host
Vulnerability using Kali Linux
4. Performing Cloud Vulnerability Assessment 4. Implementing DoS Attack on Linux Cloud Server
Using Mobile Based Security Scanner zANTI using Slowloris Script

Page | 61 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker
Version Change Document

Module 18: Cryptography Module 20: Cryptography

1. Calculating MD5 Hashes and Verifying File
1. Calculating One-way Hashes using HashCalc
Integrity Using Quick Checksum Verifier
2. Calculating One-way Hashes Using HashCalc 2. Calculating MD5 Hashes using MD5 Calculator
3. Understanding File and Text Encryption using
3. Calculating MD5 Hashes Using MD5 Calculator
CryptoForge
4. Understanding File and Text Encryption Using 4. Basic Data Encryption using Advanced
CryptoForge Encryption Package
5. Basic Data Encryption Using Advanced 5. Encrypting and Decrypting the Data using
Encryption Package BCTextEncoder
6. Encrypting and Decrypting the Data Using
6. Creating and using Self-Signed Certificates
BCTextEncoder
7. Exploiting OpenSSL Heartbleed Vulnerability on
7. Basic Disk Encryption using VeraCrypt
a HTTPS website
8. Basic Data Encrypting using Rohos Disk
8. Creating and Using Self-Signed Certificates
Encryption
9. Basic Disk Encryption Using VeraCrypt 9. Basic Data Encryption using CrypTool
10. Basic Data Encrypting Using Rohos Disk
Encryption
11. Basic Data Encryption Using CrypTool

Page | 62 Ethical Hacking and Countermeasures Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.