Certified Ethical Hacker (CEH) v13

Course Title: Certified Ethical Hacker (CEH) v13 Preparation Course

Course Objective: To provide students with the fundamental knowledge, skills, and hands-on experience necessary to understand the tactics, techniques, and procedures used by malicious hackers. Upon completion, students will be prepared to sit for the CEH v13 exam and perform ethical hacking and penetration testing activities in a professional capacity.

Target Audience: IT professionals, network security personnel, site administrators, security enthusiasts, and anyone interested in a career in cybersecurity.

Prerequisites:

• Basic understanding of networking (TCP/IP, switches, routers).

• Familiarity with an operating system (Windows and Linux command line).

• Fundamental knowledge of information security concepts.

Course Structure: A mix of theoretical lectures, live demonstrations, guided labs, and capture-the-flag (CTF) exercises.

Detailed Course Content Outline

Module 0: Course Introduction and Setup

• Topics:

  • Welcome and Course Overview

  • The Ethics of Hacking: Laws, Standards, and Compliance

  • Setting up the Lab Environment (Virtualization with VMware/VirtualBox)

  • Introduction to Kali Linux & Parrot OS (The Hacker’s Toolkit)

  • Introduction to Windows Security Tools

  • Lab: Installing and Configuring Kali Linux in a VM.

Module 1: Introduction to Ethical Hacking

• Topics:

  • Key Information Security Concepts (CIA Triad, AAA, etc.)

  • What is Ethical Hacking? Types of Hackers (White Hat, Black Hat, Grey Hat)

  • The 5 Phases of Ethical Hacking (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks)

  • Vulnerability Assessment vs. Penetration Testing

  • Overview of EC-Council’s CEH Exam (Format, Question Types, Tips)

Module 2: Footprinting and Reconnaissance

• Topics:

  • Discovering Information without Actively Engaging the Target

  • Techniques: Google Hacking (Google Dorks), WHOIS, DNS Interrogation (nslookup, dig)

  • Social Engineering Reconnaissance (LinkedIn, Twitter, etc.)

  • Using OSINT (Open-Source Intelligence) Frameworks (Maltego, theHarvester)

  • Lab: Performing a comprehensive footprinting exercise on a target domain.

Module 3: Scanning Networks

• Topics:

  • Objectives of Network Scanning

  • TCP/IP Networking Review (Flags, Three-Way Handshake)

  • Ping Sweeps & Host Discovery (ping, fping, nmap)

  • Port Scanning Techniques (TCP Connect, SYN, UDP, Xmas Scans)

  • OS and Service Detection (Banner Grabbing)

  • Vulnerability Scanning with Nessus and OpenVAS

  • Lab: Using Nmap to map a network, identify live hosts, open ports, and services. Conducting a vulnerability scan.

Module 4: Enumeration

• Topics:

  • Extracting Information from Systems (Users, Groups, Network Shares, etc.)

  • Enumeration Techniques for NetBIOS, SNMP, LDAP, NTP, and SMTP

  • Enumerating SMB Shares (enum4linux, smbclient)

  • Lab: Enumerating user lists and shares from a Windows target.

Module 5: Vulnerability Analysis

• Topics:

  • Vulnerability Assessment Lifecycle

  • Types of Vulnerabilities

  • Vulnerability Scoring (CVSS) and Databases (CVE, NVD)

  • Lab: Analyzing Nessus/OpenVAS scan reports and prioritizing vulnerabilities based on CVSS scores.

Module 6: System Hacking

• Topics:

  • Gaining Initial Access

  • Password Cracking Techniques (Brute-Force, Dictionary, Rainbow Tables)

  • Tools: John the Ripper, Hashcat

  • Privilege Escalation (Windows and Linux)

  • Executing Applications & Maintaining Access (Persistence): Backdoors, Trojans, Rootkits

  • Covering Tracks: Clearing Logs (Windows Event Logs, bash_history)

  • Lab: Cracking password hashes with Hashcat. Performing a simple privilege escalation on a vulnerable VM.

Module 7: Malware Threats

• Topics:

  • Introduction to Malware (Viruses, Worms, Trojans, Ransomware, Spyware)

  • How Malware Propagates

  • Static vs. Dynamic Malware Analysis (Basic)

  • Trojanology: Creating and Detecting Trojans

  • Lab: Analyzing a malware sample in a controlled sandbox (e.g., ANY.RUN, hybrid-analysis).

Module 8: Sniffing and Evasion

• Topics:

  • How Sniffing Works (Promiscuous Mode)

  • Active vs. Passive Sniffing

  • ARP Poisoning (Man-in-the-Middle) Attacks

  • Tools: Wireshark, tcpdump, Ettercap

  • Defending against Sniffing (Static ARP entries, Encryption)

  • Lab: Performing an ARP poisoning attack to capture credentials from a plaintext protocol.

Module 9: Social Engineering

• Topics:

  • The Human Element: The Weakest Link

  • Types of Social Engineering (Phishing, Vishing, Smishing, Pretexting, Tailgating)

  • Creating Phishing Campaigns (Tools: SEToolkit, GoPhish)

  • Demo: Crafting a convincing phishing email and setting up a clone of a login page.

Module 10: Denial-of-Service (DoS/DDoS)

• Topics:

  • What is a DoS/DDoS Attack?

  • How it Works: Volumetric, Protocol, Application Layer Attacks

  • Tools: LOIC, HOIC (and why you shouldn’t use them randomly)

  • Mitigation Strategies

Module 11: Session Hijacking & Hacking Web Servers

• Topics:

  • Session Hijacking Concepts

  • Web Server Architecture & Common Attack Vectors

  • Misconfigurations, Directory Traversal Attacks

  • Tools: Nikto, Burp Suite Scanner

  • Lab: Using Nikto to scan a vulnerable web server for misconfigurations.

Module 12: Hacking Web Applications (Critical Module)

• Topics:

  • The OWASP Top 10 (2021)

  • A1: Broken Access Control (IDOR, Privilege Escalation)

  • A2: Cryptographic Failures (Sensitive Data Exposure)

  • A3: Injection (SQL Injection – SQLi, Command Injection)

  • A7: Identification and Authentication Failures (Broken Auth)

  • Tools: Burp Suite (Repeater, Intruder, Proxy), sqlmap

  • Labs:

    • Performing SQL injection to bypass a login form and dump a database.

    • Using Burp Suite to intercept and manipulate HTTP requests.

Module 13: SQL Injection (Deep Dive)

• Topics:

  • Types of SQLi: In-band (Error-based, Union-based), Blind (Boolean, Time-based)

  • Automating SQLi with sqlmap

  • Lab: Using sqlmap to automatically find and exploit a SQL injection vulnerability.

Module 14: Hacking Wireless Networks

• Topics:

  • Wireless Fundamentals (SSID, BSSID, Channels, Authentication)

  • Wireless Encryption (WEP, WPA, WPA2, WPA3)

  • Cracking WEP and WPA/WPA2 PSK

  • Tools: Aircrack-ng suite (airodump-ng, aireplay-ng, aircrack-ng)

  • Rogue Access Points

  • Lab: Cracking a WPA2 handshake using the Aircrack-ng suite.

Module 15: Hacking Mobile Platforms & IoT

• Topics:

  • Mobile Security Threats (Android vs. iOS)

  • OWASP Mobile Top 10 Overview

  • IoT Security Challenges

  • Common IoT Attacks (Default Credentials, Firmware Exploits)

Module 16: Cloud Computing & Cryptography

• Topics:

  • Cloud Security Concepts & Shared Responsibility Model

  • Common Cloud Misconfigurations (S3 Buckets, IAM Roles)

  • Introduction to Cryptography (Symmetric, Asymmetric, Hashing)

  • Cryptography in Action (Digital Signatures, SSL/TLS)

Module 17: Final Review and Exam Prep

• Topics:

  • Course Recap: Walking through the 5 phases of hacking with all tools learned.

  • Exam Strategy: Time management, question analysis.

  • Practice Test Review

  • Q&A Session

  • Final Capstone Exercise: A multi-stage Capture-The-Flag (CTT) challenge incorporating reconnaissance, scanning, web app hacking, and privilege escalation.

Recommended Tools for Labs (Kali Linux has most pre-installed)

• Recon: nslookup, dig, theHarvester, Maltego

• Scanning: nmap, nessus, OpenVAS

• Exploitation: Metasploit Framework, sqlmap

• Password Cracking: John the Ripper, Hashcat

• Wireless: Aircrack-ng suite

• Web Proxies: Burp Suite Community/Professional, OWASP ZAP

• Vulnerable Practice Environments:

  • VMs: Metasploitable, OWASP Broken Web Apps (BWA), VulnHub machines.

  • Platforms: TryHackMe, Hack The Box (HTB) (easy boxes).

This structure ensures a logical flow from information gathering to exploitation and covers all the key domains of the CEH v13 exam.