Certified Ethical Hacker (CEH), 4th Edition

Certified Ethical Hacker (CEH), 4th Edition

by Omar Santos / Nick Garner
Released November 2024
Publisher(s): Pearson
ISBN: 013539564X

Watch it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

Prepare for the Certified Ethical Hacker (CEH) certification exam.

Overview

15+ hours of video training

  • Get exam topics and skills to successfully prepare for the Certified Ethical Hacker (CEH) certification exam
  • Step-by-step examples of security penetration testing methodologies and concepts
  • Sample questions for each of the topics covered in the exam

Certified Ethical Hacker (CEH), 4th Edition gives a complete overview of the topics in the EC-Council’s updated Certified Ethical Hacker (CEH) exam. This video course has seven modules that dive into the key objectives of the exam, providing an in-depth exploration of ethical hacking, including fundamentals; reconnaissance techniques; network and perimeter hacking; System Hacking Phases and Attack Techniques; web application hacking; wireless, mobile, IoT and OT hacking; cloud computing, and cryptography. Taught by experienced security experts Omar Santos and Nick Garner, this full-featured video course will help learners better understand the world of hacking so they can act to defend attacks, as well as pass the CEH exam.

Related learning

About the Instructors

Omar Santos is a Distinguished Engineer at Cisco focusing on artificial intelligence (AI) security, research, incident response, and vulnerability disclosure. He is a board member of the OASIS Open standards organization and the founder of OpenEoX. Omar’s collaborative efforts extend to numerous organizations, including the Forum of Incident Response and Security Teams (FIRST) and the Industry Consortium for Advancement of Security on the Internet (ICASI). Omar is the co-chair of the FIRST PSIRT Special Interest Group (SIG). Omar is the lead of the DEF CON Red Team Village and the chair of the Common Security Advisory Framework (CSAF) technical committee. He is the author of more than 20 books, numerous video courses, and more than 50 academic research papers. Omar is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. His dedication to cybersecurity has made a significant impact on technology standards, businesses, academic institutions, government agencies, and other entities striving to improve their cybersecurity programs.

Nick Garner, CCIE No. 17871, is a solutions integration architect with Cisco Systems supporting customers in large-scale network design. He has deployed and supported large-scale data center designs for prominent clients in the San Francisco Bay area and works with Amazon Web Services daily. Prior to Cisco he spent some time with a Cisco partner, Denali Advanced Integration, and is also a founder of several IoT companies that operate exclusively in AWS. He is also a veteran of the United States Marine Corps.

Skill Level:

Intermediate

Course Requirement

None

About Pearson Video Training

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, and Que. Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.

Table of contents

  1. Introduction
    1. Certified Ethical Hacker (CEH): Introduction
  2. Module 1: Information Security, Cybersecurity, and Ethical Hacking Overview
    1. Module Introduction
  3. Lesson 1: Introduction to Ethical Hacking
    1. Learning objectives
    2. 1.1 Introducing Information Security and Cybersecurity
    3. 1.2 Understanding the Cyber Kill Chain and Hacking Concepts
    4. 1.3 Surveying Ethical Hacking Methodologies
    5. 1.4 Undertanding Information Security Controls
    6. 1.5 Understanding Security Laws and Standards
    7. 1.6 Planning and Scoping a Penetration Testing Assessment
    8. 1.7 Building Your Own Hacking Lab with WebSploit Labs
  4. Module 2: Reconnaissance Techniques
    1. Module Introduction
  5. Lesson 2: Footprinting and Reconnaissance
    1. Learning objectives
    2. 2.1 Understanding Information Gathering and Vulnerability Identification
    3. 2.2 Introducing Open Source Intelligence (OSINT) Techniques
    4. 2.3 Exploring Footprinting Methodologies
    5. 2.4 Utilizing Search Engines for Footprinting
    6. 2.5 Footprinting Web Services
    7. 2.6 Exploiting Social Networking Sites for Footprinting
    8. 2.7 Surveying Password Dumps, File Metadata, and Public Source-code Repositories
    9. 2.8 Using Whois for Footprinting
    10. 2.9 Implementing DNS Footprinting
    11. 2.10 Executing Network Footprinting
    12. 2.11 Applying Social Engineering for Footprinting
    13. 2.12 Introducing Shodan, Maltego, AMass, Recon-NG, and other Recon Tools
    14. 2.13 Identifying Cloud vs. Self-hosted Assets
  6. Lesson 3: Scanning Networks
    1. Learning objectives
    2. 3.1 Surveying Network Scanning Concepts
    3. 3.2 Exploiting Scanning Tools
    4. 3.3 Understanding Host Discovery
    5. 3.4 Performing Website and Web Application Reconnaissance
    6. 3.5 Performing OS Discovery (Banner Grabbing/OS Fingerprinting)
    7. 3.6 Scanning Beyond IDS and Firewall
    8. 3.7 Creating Network Diagrams
    9. 3.8 Discovering Cloud Assets
    10. 3.9 Crafting Packets with Scapy to Perform Reconnaissance
  7. Lesson 4: Enumeration
    1. Learning objectives
    2. 4.1 Introducing Enumeration Techniques
    3. 4.2 Performing NetBIOS Enumeration
    4. 4.3 Performing SNMP Enumeration
    5. 4.4 Performing LDAP Enumeration
    6. 4.5 Performing NTP and NFS Enumeration
    7. 4.6 Performing SMTP and DNS Enumeration
    8. 4.7 Conducting Additional Enumeration Techniques
    9. 4.8 Surveying Enumeration Countermeasures
  8. Module 3: System Hacking Phases and Attack Techniques
    1. Module Introduction
  9. Lesson 5: Vulnerability Analysis
    1. Learning objectives
    2. 5.1 Understanding Vulnerability Assessment Concepts
    3. 5.2 Classifying and Assessing Vulnerability Types
    4. 5.3 Utilizing Vulnerability Assessment Tools
    5. 5.4 Generating Vulnerability Assessment Reports
  10. Lesson 6: System Hacking
    1. Learning objectives
    2. 6.1 Understanding System Hacking Concepts
    3. 6.2 Gaining System Access
    4. 6.3 Cracking Passwords
    5. 6.4 Exploiting Known and Zero-Day Vulnerabilities
    6. 6.5 Escalating Privileges
    7. 6.6 Maintaining Access, Command and Control, and Exfiltration
    8. 6.7 Executing Applications
    9. 6.8 Hiding Files
    10. 6.9 Clearing Logs
    11. 6.10 Performing On-Path Attacks
    12. 6.11 Introduction to Lateral Movement and Exfiltration
    13. 6.12 Understanding Post-Engagement Cleanup
  11. Lesson 7: Malware Threats
    1. Learning objectives
    2. 7.1 Understanding Malware Concepts
    3. 7.2 Comprehending APT Concepts
    4. 7.3 Grasping Trojan Concepts
    5. 7.4 Exploring Virus and Worm Concepts
    6. 7.5 Examining Fileless Malware and Living off the Land Techniques
    7. 7.6 Analyzing Malware
    8. 7.7 Implementing Malware Countermeasures
  12. Module 4: Network and Perimeter Hacking
    1. Module Introduction
  13. Lesson 8: Sniffing
    1. Learning objectives
    2. 8.1 Introducing Sniffing Concepts
    3. 8.2 Performing MAC Attacks
    4. 8.3 Conducting DHCP Attacks
    5. 8.4 Performing ARP Poisoning
    6. 8.5 Performing Spoofing Attacks
    7. 8.6 Performing DNS Poisoning
    8. 8.7 Surveying Sniffing Tools
    9. 8.8 Exploring Sniffing Countermeasures and Detection Techniques
  14. Lesson 9: Social Engineering
    1. Learning objectives
    2. 9.1 Introducing Social Engineering Concepts and Techniques
    3. 9.2 Understanding the Insider Threat
    4. 9.3 Impersonation on Social Networking Sites
    5. 9.4 Understanding Identity Theft
    6. 9.5 Understanding Social Engineering Countermeasures
  15. Lesson 10: Denial-of-Service
    1. Learning objectives
    2. 10.1 Introducing DoS/DDoS Concepts and Attack Techniques
    3. 10.2 Defining what are Botnets
    4. 10.3 Exploring DDoS Case Studies
    5. 10.4 Surveying DoS/DDoS Attack Tools
    6. 10.5 Understanding DoS/DDoS Countermeasures and Protection Tools
  16. Lesson 11: Session Hijacking
    1. Learning objectives
    2. 11.1 Introducing Session Hijacking Concepts
    3. 11.2 Performing Application Level Session Hijacking
    4. 11.3 Understanding Network Level Session Hijacking
    5. 11.4 Surveying Session Hijacking Tools
    6. 11.5 Understanding Session Hijacking Countermeasures
  17. Lesson 12: Evading IDS, Firewalls, and Honeypots
    1. Learning objectives
    2. 12.1 Introducing IDS, IPS, Firewall, and Honeypot Concepts
    3. 12.2 Exploring IDS, IPS, Firewall, and Honeypot Solutions
    4. 12.3 Evading IDS and Firewalls
    5. 12.4 Surveying IDS/Firewall Evading Tools
    6. 12.5 Detecting Honeypots and Sandboxes
    7. 12.6 Understanding IDS/Firewall Evasion Countermeasures
  18. Module 5: Web Application Hacking
    1. Module Introduction
  19. Lesson 13: Hacking Web Servers
    1. Learning objectives
    2. 13.1 Introducing Web Server Concepts
    3. 13.2 Exploring Web Server Attacks
    4. 13.3 Surveying Web Server Attack Methodologies
    5. 13.4 Understanding Web Server Countermeasures
    6. 13.5 Understanding Patch Management
  20. Lesson 14: Hacking Web Applications
    1. Learning objectives
    2. 14.1 Understanding Web App Concepts and Identifying Web App Threats
    3. 14.2 Exploring the OWASP Top 10 for Web Applications
    4. 14.3 Applying Web App Hacking Methodologies and Footprinting Web Infrastructure
    5. 14.4 Analyzing Web Applications and Bypassing Client-Side Controls
    6. 14.5 Attacking Authentication Mechanisms
    7. 14.6 Attacking Session Management Mechanisms
    8. 14.7 Exploiting Authorization Schemes and Access Controls Flaws
    9. 14.8 Exploiting Cross-site Scripting (XSS) and Cross-site Request Forgery (CSRF) Vulnerabilities
    10. 14.9 Understanding Server-side Request Forgery (SSRF) Vulnerabilities
    11. 14.10 Exploiting Buffer Overflows and Creating Payloads
    12. 14.11 Attacking Application Logic Flaws and Shared Environments
    13. 14.12 Attacking Database Connectivity and Web App Clients
    14. 14.13 Attacking Web Services, Exploiting Web APIs, Webhooks, and Web Shells
    15. 14.14 Ensuring Web App Security
  21. Lesson 15: SQL Injection
    1. Learning objectives
    2. 15.1 Introducing SQL Injection Concepts
    3. 15.2 Understanding the Types of SQL Injection
    4. 15.3 Exploring the SQL Injection Methodologies
    5. 15.4 Exploring SQL Injection Tools
    6. 15.5 Exploring SQL Injection Evasion Techniques
    7. 15.6 Understanding SQL Injection Countermeasures
  22. Module 6: Wireless, Mobile, IoT, and OT Hacking
    1. Module Introduction
  23. Lesson 16: Hacking Wireless Networks
    1. Learning objectives
    2. 16.1 Introducing Wireless Concepts
    3. 16.2 Understanding Wireless Encryption
    4. 16.3 Exploring Wireless Threats
    5. 16.4 Understanding Wireless Hacking Methodologies
    6. 16.5 Surveying Wireless Hacking Tools
    7. 16.6 Hacking Bluetooth
    8. 16.7 Introducing Wireless Countermeasure
    9. 16.8 Exploring Wireless Security Tools
  24. Lesson 17: Hacking Mobile Platforms
    1. Learning objectives
    2. 17.1 Understanding Mobile Platform Attack Vectors
    3. 17.2 Hacking Android OS
    4. 17.3 Hacking iOS
    5. 17.4 Understanding Mobile Device Management
    6. 17.5 Surveying Mobile Security Guidelines and Tools
  25. Lesson 18: IoT and OT Hacking
    1. Learning objectives
    2. 18.1 Understanding IoT Concepts
    3. 18.2 Surveying IoT Hacking Methodologies and IoT Hacking Tools
    4. 18.3 Implementing IoT Attack Countermeasures
    5. 18.4 Introducing OT, ICS, and SCADA Concepts and Attacks
    6. 18.5 Implementing OT Attack Countermeasures
  26. Module 7: Cloud Computing and Cryptography
    1. Module Introduction
  27. Lesson 19: Cloud Computing
    1. Learning objectives
    2. 19.1 Understanding Cloud Computing Concepts
    3. 19.2 Exploring Container Technology and Kubernetes
    4. 19.3 Leveraging Serverless Computing
    5. 19.4 Identifying Cloud Computing Threats
    6. 19.5 Conducting Cloud Hacking
    7. 19.6 Ensuring Cloud Security
    8. 19.7 Surveying Patch Management in the Cloud
    9. 19.8 Introducing DevSecOps
    10. 19.9 Securing Code, Applications, and Building DevSecOps Pipelines
  28. Lesson 20: Cryptography
    1. Learning objectives
    2. 20.1 Introducing Cryptography and Cryptanalysis
    3. 20.2 Understanding the Different Encryption Algorithms and Post-Quantum Cryptography
    4. 20.3 Describing Hashing Algorithms
    5. 20.4 Understanding Public Key Infrastructure (PKI)
    6. 20.5 Understanding Email Encryption
    7. 20.6 Understanding Disk Encryption
    8. 20.7 Introducing Certificate Authorities (CAs) and Certificate Enrollment
    9. 20.8 Surveying SSL and TLS Implementations
    10. 20.9 Surveying IPsec Implementations and Modern VPN Implementations
  29. Module 8: Securing Generative AI
    1. Module Introduction
  30. Lesson 21: Introduction to AI Threats and LLM Security
    1. Learning objectives
    2. 21.1 Understanding the Significance of LLMs in the AI Landscape
    3. 21.2 Exploring the Resources for this Course - GitHub Repositories and Others
    4. 21.3 Introducing Retrieval Augmented Generation (RAG)
    5. 21.4 Understanding the OWASP Top-10 Risks for LLMs
    6. 21.5 Exploring the MITRE ATLAS™ (Adversarial Threat Landscape for Artificial-Intelligence Systems) Framework
    7. 21.6 Understanding the NIST Taxonomy and Terminology of Attacks and Mitigations
  31. Lesson 22: Understanding Prompt Injection Insecure Output Handling
    1. Learning objectives
    2. 22.1 Defining Prompt Injection Attacks
    3. 22.2 Exploring Real-life Prompt Injection Attacks
    4. 22.3 Using ChatML for OpenAI API Calls to Indicate to the LLM the Source of Prompt Input
    5. 22.4 Enforcing Privilege Control on LLM Access to Backend Systems
    6. 22.5 Best Practices Around API Tokens for Plugins, Data Access, and Function-level Permissions
    7. 22.6 Understanding Insecure Output Handling Attacks
    8. 22.7 Using the OWASP ASVS to Protect Against Insecure Output Handling
  32. Lesson 23: Training Data Poisoning, Model Denial of Service Supply Chain Vulnerabilities
    1. Learning objectives
    2. 23.1 Understanding Training Data Poisoning Attacks
    3. 23.2 Exploring Model Denial of Service Attacks
    4. 23.3 Understanding the Risks of the AI and ML Supply Chain
    5. 23.4 Best Practices when Using Open-Source Models from Hugging Face and Other Sources
    6. 23.5 Securing Amazon BedRock, SageMaker, Microsoft Azure AI Services, and Other Environments
  33. Lesson 24: Sensitive Information Disclosure, Insecure Plugin Design, and Excessive Agency
    1. Learning objectives
    2. 24.1 Understanding Sensitive Information Disclosure
    3. 24.2 Exploiting Insecure Plugin Design
    4. 24.3 Avoiding Excessive Agency
  34. Lesson 25: Overreliance, Model Theft, and Red Teaming AI Models
    1. Learning objectives
    2. 25.1 Understanding Overreliance
    3. 25.2 Exploring Model Theft Attacks
    4. 25.3 Understanding Red Teaming of AI Models
  35. Lesson 26: Protecting Retrieval Augmented Generation (RAG) Implementations
    1. Learning objectives
    2. 26.1 Understanding the RAG, LangChain, Llama Index, and AI Orchestration
    3. 26.2 Securing Embedding Models
    4. 26.3 Securing Vector Databases
    5. 26.4 Monitoring and Incident Response
  36. Summary
    1. Certified Ethical Hacker (CEH): Summary

Product information

  • Title: Certified Ethical Hacker (CEH), 4th Edition
  • Author(s): Omar Santos / Nick Garner
  • Release date: November 2024
  • Publisher(s): Pearson
  • ISBN: 013539564X