Course Outline

Course Overview

The Certified Ethical Hacker (CEH) course is designed to provide participants with the essential skills to identify, exploit, and prevent cybersecurity vulnerabilities.

Learners will gain hands-on experience in ethical hacking, penetration testing, and defensive countermeasures — becoming proficient in securing modern IT infrastructures.

Course Outcomes

• After completing this course, participants will be able to:
• Understand ethical hacking concepts and methodologies
• Conduct professional penetration testing across networks, systems, and web apps
• Identify and mitigate security vulnerabilities
• Apply tools like Nmap, Metasploit, Wireshark, and Burp Suite
• Prepare for the EC-Council CEH certification exam

Module 1: Introduction to Ethical Hacking

• What is Ethical Hacking?
• Information Security Overview
• Cyber Kill Chain and Phases of Ethical Hacking
• Hacking Concepts and Types
• Legal and Ethical Issues
• Key Skills and Tools of an Ethical Hacker

Module 2: Footprinting and Reconnaissance

• Footprinting Concepts and Methodology
• Passive and Active Information Gathering
• WHOIS, DNS, and Network Footprinting
• Website and Email Footprinting
• Social Engineering Reconnaissance
• Tools: Nmap, Maltego, Recon-ng

Module 3: Scanning Networks

• Network Scanning Concepts
• Types of Scans (TCP, SYN, UDP, ACK, etc.)
• Port Scanning and Banner Grabbing
• Network Discovery Techniques
• Vulnerability Scanning Tools and Methods
• Tools: Nmap, Nessus, OpenVAS

Module 4: Enumeration

• Enumeration Concepts and Techniques
• NetBIOS, SNMP, LDAP, NFS, SMTP Enumeration
• Windows and Linux Enumeration
• Automated Enumeration Tools

Module 5: Vulnerability Analysis

• Vulnerability Assessment and Management
• Types of Vulnerabilities
• Vulnerability Scanning Tools and Procedures
• Reporting and Mitigation Techniques
• Tools: OpenVAS, Nexpose, Qualys

Module 6: System Hacking

• System Hacking Cycle (Gaining Access, Escalating Privileges, Maintaining Access, Covering Tracks)
• Password Cracking Techniques
• Privilege Escalation
• Spyware, Keyloggers, and Rootkits
• Clearing Logs and Evidence Removal

Module 7: Malware Threats

• Types of Malware: Viruses, Worms, Trojans, Ransomware
• Advanced Persistent Threats (APT)
• Detecting and Analyzing Malware
• Anti-Malware and Prevention Tools

Module 8: Sniffing

• Sniffing Concepts and Techniques
• Types of Sniffing Attacks
• Packet Sniffing Tools (Wireshark, Tcpdump, Ettercap)
• Detection and Countermeasures

Module 9: Social Engineering

• Social Engineering Concepts
• Human-based and Computer-based Attacks
• Phishing, Vishing, and Impersonation Techniques
• Mitigation and Awareness

Module 10: Denial of Service (DoS) and Distributed DoS (DDoS) Attacks

• DoS and DDoS Concepts
• Attack Vectors and Tools
• Botnets and Zombie Networks
• Detection and Prevention Techniques

Module 11: Session Hijacking

• Session Hijacking Concepts and Methods
• Application and Network Level Attacks
• Countermeasures and Detection Tools

Module 12: Evading IDS, Firewalls, and Honeypots

• Intrusion Detection and Prevention Systems
• Evasion Techniques and Methods
• Firewall Architecture and Policies
• Honeypot Concepts and Detection Avoidance

Module 13: Hacking Web Servers and Web Applications

• Web Server Architecture
• Attacks on Web Servers (Directory Traversal, Misconfigurations, etc.)
• OWASP Top 10 Web Application Vulnerabilities
• SQL Injection, XSS, CSRF
• Web Security Testing Tools (Burp Suite, OWASP ZAP)

Module 14: Hacking Wireless Networks

• Wireless Networking Concepts
• Wireless Encryption (WEP, WPA, WPA2, WPA3)
• Wireless Attacks (Evil Twin, Deauthentication, Sniffing)
• Wireless Security Tools and Defense Techniques

Module 15: Hacking Mobile Platforms

• Mobile Platform Attack Vectors
• Android and iOS Architecture and Vulnerabilities
• Mobile Device Management (MDM)
• Mobile Security Best Practices

Module 16: IoT and Cloud Computing Attacks

• IoT Threat Landscape
• Common IoT Vulnerabilities
• Cloud Computing Concepts
• Cloud Attacks and Security Mechanisms

Module 17: Cryptography

• Cryptography Fundamentals
• Symmetric and Asymmetric Encryption
• Hashing, Digital Signatures, and Certificates
• Cryptanalysis and Common Attacks
• Public Key Infrastructure (PKI)

Module 18: Penetration Testing

• Introduction to Penetration Testing
• Phases: Planning, Scanning, Exploitation, Reporting
• Methodologies: OSSTMM, PTES
• Report Writing and Presentation