Contenu du cours
CEH -Certified thical Hacking
0/14
GENERAL TABLE OF CONTENTS
Realistic Final exam test
PART 1 – FOUNDATIONS OF ETHICAL HACKING
PART 2 – RECONNAISSANCE AND INFORMATION GATHERING
PART 3 – SCANNING, ENUMERATION, AND VULNERABILITY ANALYSIS
PART 4 – SYSTEM COMPROMISE AND PERSISTENCE
PART 5 – HUMAN FACTOR AND AVAILABILITY
PART 6 – EVASION AND CONTROL BYPASS
PART 6 – EVASION AND CONTROL BYPASS
PART 7 – APPLICATION AND SERVICE SECURITY
PART 8 – WIRELESS, MOBILE, IOT, AND CLOUD
PART 9 – CRYPTOGRAPHY AND DATA PROTECTION
PART 10 – PROFESSIONAL READINESS AND EXAM PREPARATION
APPENDICES – CEH COURSE SUPPORT MATERIAL
CEH v13 Certified Ethical Hacker Realistic Practice Exams

PART 1 – FOUNDATIONS OF ETHICAL HACKING

Chapter 1 – Introduction to Ethical Hacking

1.1 Definition of ethical hacking

1.2 Difference between a malicious hacker, white hat, gray hat, and pentester

1.3 Objectives of a security assessment engagement

1.4 Concepts of attack surface, threat, vulnerability, risk, and impact

1.5 Legal framework, authorizations, and rules of engagement

1.6 Careers related to CEH

1.7 Overview of the domains covered by the CEH certification

1.8 Concrete examples of ethical hacking engagements

1.9 Key Takeaways

1.10 Practice Exercise

Chapter 2 – Attack Methodology and the Cyber Kill Chain

2.1 Why methodology is essential

2.2 The major phases of an attack

2.3 The Cyber Kill Chain: overview

2.4 Reconnaissance

2.5 Weaponization / attack preparation

2.6 Delivery

2.7 Exploitation

2.8 Installation

2.9 Command and Control

2.10 Actions on Objectives

2.11 MITRE ATT&CK: logic and usefulness

2.12 Difference between Kill Chain, ATT&CK, and the pentest cycle

2.13 Guided case study

2.14 Key Takeaways

2.15 Exercise

Chapter 3 – The Ethical Hacker’s Working Environment

3.1 Overview of a test laboratory

3.2 Attack machines, target machines, segmentation

3.3 Operating systems useful in cybersecurity

3.4 Virtual machines and snapshots

3.5 Main tools found in the CEH ecosystem

3.6 Documentation, logging, and traceability

3.7 Lab security

3.8 Key Takeaways

3.9 Exercise

PART 2 – RECONNAISSANCE AND INFORMATION GATHERING

Chapter 4 – Footprinting and Passive Reconnaissance

4.1 Definition of footprinting

4.2 Passive vs active reconnaissance

4.3 Public information sources

4.4 Domain names, IP addresses, ASN, and DNS

4.5 Social media, institutional websites, job postings

4.6 Metadata and information leakage

4.7 Mapping an organization’s exposure

4.8 Associated business risks

4.9 Defensive measures

4.10 Case study

4.11 Key Takeaways

4.12 Exercise

Chapter 5 – Active Reconnaissance

5.1 Principles of active information gathering

5.2 Host identification

5.3 Service discovery

5.4 Banners and technical fingerprints

5.5 Limits and risks of active reconnaissance

5.6 Logging from the defender’s perspective

5.7 Countermeasures

5.8 Key Takeaways

5.9 Exercise

PART 3 – SCANNING, ENUMERATION, AND VULNERABILITY ANALYSIS

Chapter 6 – Network Scanning

6.1 Objectives of scanning

6.2 Types of scans

6.3 Discovery of ports and services

6.4 System identification

6.5 Fingerprinting

6.6 Reading and interpreting results

6.7 Blue Team detection

6.8 False positives and poor interpretation

6.9 Case study

6.10 Key Takeaways

6.11 Exercise

Chapter 7 – Enumeration

7.1 Definition and difference from scanning

7.2 Enumeration of users, groups, services, and shares

7.3 Enumeration in Windows environments

7.4 Enumeration in Linux environments

7.5 LDAP, SMB, DNS, SNMP, RPC: general role

7.6 Offensive and defensive value of enumeration

7.7 Logging and detection

7.8 Key Takeaways

7.9 Exercise

Chapter 8 – Vulnerability Analysis

8.1 Definition of a vulnerability

8.2 Misconfiguration, software weakness, and design flaw

8.3 Concepts of CVE, CVSS, and severity

8.4 Risk-based prioritization

8.5 Vulnerability management lifecycle

8.6 Difference between automated scanning and human validation

8.7 Technical and business vulnerabilities

8.8 Reports and remediation planning

8.9 Case study

8.10 Key Takeaways

8.11 Exercise

PART 4 – SYSTEM COMPROMISE AND PERSISTENCE

Chapter 9 – System Hacking

9.1 Overview

9.2 Typical cycle of system compromise

9.3 Credentials, authentication, and access control

9.4 Privilege escalation: principles

9.5 Lateral movement: principles

9.6 Persistence: general concepts

9.7 Traces left on the system

9.8 Detection and defensive response

9.9 Key Takeaways

9.10 Exercise

Chapter 10 – Malware and Related Threats

10.1 Definition of malware

10.2 Virus, worm, Trojan, ransomware, spyware, rootkit

10.3 Malware lifecycle

10.4 Infection, execution, persistence, exfiltration

10.5 Indicators of compromise

10.6 Defense in depth against malware

10.7 Real incident examples

10.8 Key Takeaways

10.9 Exercise

Chapter 11 – Sniffing and Interception

11.1 What sniffing is

11.2 Switched and non-switched networks

11.3 Traffic-related attacks

11.4 Risks of unencrypted protocols

11.5 ARP, DHCP, DNS: core traffic-related concepts

11.6 Visibility from a SOC analyst’s perspective

11.7 Defense: segmentation, encryption, monitoring

11.8 Key Takeaways

11.9 Exercise

Chapter 12 – Session Hijacking

12.1 User sessions and authentication tokens

12.2 General principle of session hijacking

12.3 Conditions that favor session hijacking

12.4 Risks on the web and in internal networks

12.5 Protection measures

12.6 Case study

12.7 Key Takeaways

12.8 Exercise

PART 5 – HUMAN FACTOR AND AVAILABILITY

Chapter 13 – Social Engineering

13.1 Why humans remain a preferred target

13.2 Phishing, spear phishing, smishing, vishing

13.3 Pretexting, baiting, tailgating

13.4 Weak signals of a social engineering attempt

13.5 Awareness and governance

13.6 Technical and organizational measures

13.7 Business case studies

13.8 Key Takeaways

13.9 Exercise

Chapter 14 – Denial of Service and Availability

14.1 Definition of DoS / DDoS attacks

14.2 Saturation, resource exhaustion, and service disruption

14.3 Business impact

14.4 Detecting service degradation

14.5 Protection measures

14.6 Crisis management

14.7 Key Takeaways

14.8 Exercise

PART 6 – EVASION AND CONTROL BYPASS

Chapter 15 – Evading IDS, Firewalls, and Honeypots

15.1 Role of IDS, IPS, firewalls, and honeypots

15.2 Why attackers try to evade detection

15.3 Obfuscation, fragmentation, and camouflage: general principles

15.4 Limits of technical controls

15.5 Correlation and multilayer defense

15.6 Analytical case study

15.7 Key Takeaways

15.8 Exercise

PART 7 – APPLICATION AND SERVICE SECURITY

Chapter 16 – Web Application Hacking

16.1 Architecture of a web application

16.2 Web attack surface

16.3 Authentication, session handling, and user input

16.4 Common web vulnerabilities

16.5 Business logic and application security

16.6 Importance of secure testing

16.7 Defensive reading of application logs

16.8 Protective measures

16.9 Case study

16.10 Key Takeaways

16.11 Exercise

Chapter 17 – APIs, Exposed Services, and Misconfigurations

17.1 Role of APIs in modern information systems

17.2 Authentication and authorization

17.3 Excessive data exposure

17.4 Security of administrative services

17.5 Logging and monitoring

17.6 Best practices

17.7 Key Takeaways

17.8 Exercise

PART 8 – WIRELESS, MOBILE, IOT, AND CLOUD SECURITY

Chapter 18 – Wireless Network Security

18.1 Wi-Fi fundamentals

18.2 Wireless authentication and encryption

18.3 Common threats against wireless networks

18.4 Risks related to unmanaged access points

18.5 Security best practices

18.6 Case study

18.7 Key Takeaways

18.8 Exercise

Chapter 19 – Mobile Device Security

19.1 Why mobile devices are prime targets

19.2 Threats against smartphones and tablets

19.3 Applications, permissions, and data leakage

19.4 Rooting, hardening, and monitoring

19.5 BYOD and governance

19.6 Key Takeaways

19.7 Exercise

Chapter 20 – IoT and OT

20.1 Difference between IoT and OT

20.2 Specific constraints of industrial environments

20.3 Risks related to connected devices

20.4 Availability, safety, and security

20.5 Segmentation and monitoring best practices

20.6 Case study

20.7 Key Takeaways

20.8 Exercise

Chapter 21 – Cloud Security

21.1 Cloud models: IaaS, PaaS, SaaS

21.2 Shared responsibility

21.3 Common misconfigurations

21.4 Identities, access, and secrets

21.5 Logging, visibility, and compliance

21.6 Security of hybrid environments

21.7 Case study

21.8 Key Takeaways

21.9 Exercise

PART 9 – CRYPTOGRAPHY AND DATA PROTECTION

Chapter 22 – Fundamentals of Cryptography

22.1 Why encryption matters

22.2 Confidentiality, integrity, authenticity, non-repudiation

22.3 Symmetric and asymmetric encryption

22.4 Hashing, signatures, certificates

22.5 Common implementation mistakes

22.6 Use cases in cybersecurity

22.7 Key Takeaways

22.8 Exercise

PART 10 – PROFESSIONAL READINESS AND EXAM PREPARATION

Chapter 23 – Professional Approach for the CEH Candidate

23.1 Thinking like both an analyst and an auditor

23.2 Structuring notes and reports

23.3 Prioritizing risks

23.4 Translating technical weakness into business impact

23.5 Ethics, confidentiality, and professional posture

23.6 Key Takeaways

23.7 Exercise

Chapter 24 – Cross-Functional Case Studies

24.1 Case 1 – From reconnaissance to compromise

24.2 Case 2 – Targeted phishing campaign

24.3 Case 3 – Critical web vulnerability

24.4 Case 4 – Misconfigured cloud incident

24.5 Case 5 – Full attack chain mapped to the Kill Chain

24.6 Guided answers

24.7 Key Takeaways

Chapter 25 – Final CEH Review

25.1 Concepts that must be memorized

25.2 Common confusions to avoid

25.3 Methodological reflexes for the exam

25.4 Mini review quiz

25.5 Exam preparation advice

25.6 General conclusion

 

 

Précédent
Suivant
0% Terminer