Ethical Hacking & Countermeasure Specialist - EC-Council

Ethical Hacking & Countermeasure Specialist 

EHS301 

Course Title: 

Ethical Hacking & Countermeasure Specialist: Attack Phases 

Page 1 of 12 

Attack Phases Copyright © by EC-Council 

All Rights Reserved. Reproduction is Strictly Prohibited.


EHS301 

Course Description 

This certification covers a plethora of the offensive security topics ranging from how perimeter defenses 

work to scanning and attacking the simulated networks. A wide variety of tools, viruses, and malware is 

presented in this and the other four books, providing a complete understanding of the tactics and tools 

used by hackers. By gaining a thorough understanding of how hackers operate, an Ethical Hacker will be 

able to set up strong countermeasures and defensive systems to protect an organization's critical 

infrastructure and information. 

Certificate Info 

Ethical Hacking & Countermeasure Specialist: Attack Phases 

Who Should Attend 

This course will significantly benefit the security officers, auditors, security professionals, site 

administrators, and anyone who is concerned about the integrity of the network infrastructure. 

Course Duration 

2 days (9:00AM – 5:00PM) 

CPE/ECE Qualification 

16 ECE Credits awarded for attendance (1 for each classroom hour) 

Suggested Retail: 

$799 USD 

Page 2 of 12 




EHS301 

Required Courseware: 

Visit www.cengage.com/community/eccouncil and click on Training Workshops for ordering details. 

What’s included 

Physical Courseware 

1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate 

Course + Supplement Cost: 

See the “Training Workshops” section at www.cengage.com/community/eccouncil for current pricing 

information. 

Related Certificates: 

Ethical Hacking and Countermeasures: Threats and Defense Mechanisms 

Ethical Hacking and Countermeasures: Web Applications and Data Servers 

Ethical Hacking and Countermeasures: Linux, Macintosh and Mobile Systems 

Ethical Hacking and Countermeasures: Secure Network Infrastructures 

Page 3 of 12 




Course Briefing 

EHS301 

1. Introduction to Ethical Hacking 

Chapter Brief: 

As computers have become strategic in the way business is conducted, companies leveraged their 

capabilities to conduct commerce. Enterprises have begun to realize the need to evaluate their 

systems for vulnerabilities and correct the security lapses. 

Ethical hacking is broadly defined as the methodology that ethical hackers adopt to discover the 

existing vulnerabilities in information systems’ operating environments. Their job is to evaluate 

the security of targets, provide updates regarding any discovered vulnerabilities, and recommend 

the appropriate mitigation procedures. 

The module “Introduction to Ethical Hacking” gives an introduction to cyber warfare and security 

threats. It briefs about hacking and also describes Ethical Hacking. It talks about the 

prerequisites to become an Ethical Hacker, the scope and limitations of ethical hacking, and the 

classification of ethical hackers. The module explains the steps that should be followed while 

conducting an ethical hacking process. 

2. Footprinting 


Footprinting is the blueprint of the security profile of an organization that is undertaken in a 

methodological manner, which gives a unique system profile of an organization. Information 

unveiled at various network levels (Internet/intranet/extranet/wireless) can include details 

regarding: domain name, intrusion detection systems, specific IP addresses, access control 

mechanisms and related lists, contact addresses, authentication mechanisms, and system 

enumeration. An attacker spends 90% of the time in profiling an organization and 10% in 

launching the attack. 

This module discusses about Footprinting terminologies, information gathering methodology, 

and competitive intelligence gathering. It explains about different Footprinting tools that can be 

used to intrude into a system or network and explains the process of creating fake websites and 

the tools used to create fake websites. 

3. Scanning 


Scanning is one of the most important phases of intelligence gathering for an attacker. In the 

process of scanning, the attacker tries to gather information about the specific IP addresses that 

can be accessed over the Internet, their target’s operating systems, system architecture, and the 

services running on each computer. 

This module explains about the scanning methodology that is used to identify the vulnerabilities 

in a network. It explains about the types of scanning, objectives of Scanning, and different tools 

present to perform scanning. It briefs about CEH scanning methodology that includes checking 

for live systems and ports, identifying services, Banner Grabbing/OS Fingerprinting, scanning for 

vulnerability, drawing network diagrams of the vulnerable hosts, and preparing proxies. 

Page 4 of 12 




4. Enumeration 

EHS301 


The attacker’s objective is to identify the valid user’s accounts or groups where he/she can remain 

inconspicuous once the system has been compromised. Enumeration involves making active 

connections to the target system or subjecting it to direct queries. 

The module “Enumeration” explains about the process of extracting the user names. It explains 

the techniques for Enumeration, enumerating user accounts, SNMP enumeration, UNIX/Linux 

enumeration, LDAP enumeration, NTP enumeration, SMTP enumeration, DNS enumeration, and 

web enumeration. The module lists the enumeration tools that can be used to extract the data. 

5. System Hacking 


With the advent of Internet, securing the systems has become a major concern for organizations 

and governments alike. The fear of the trade secrets, financial information, and customer 

information being compromised has urged organizations to evaluate the threat scenario to their 

organizational networks. This led to the organizations hiring “ethical hackers” to launch system 

hacking on the systems and learn about the vulnerabilities in the networks. In System Hacking, 

the system refers to the applications and software that perform business functions or support key 

processes. 

The module “System Hacking” describes the CEH system hacking process which is classified into 

3 stages: gaining access (by cracking passwords and escalating privileges), maintaining access 

(executing applications and hiding files), and clearing access (covering tracks). The module also 

explains the hacking tools that aid the hacking process. The module explains how the attackers 

penetrate into a system with the help of examples and tools. It also presents the countermeasures 

that can be applied in each stage to prevent an attack on the system. 

6. Penetration Testing (PT) 


A penetration test is a simulation of a potential attack from an attacker. The test involves 

analyzing the system for vulnerabilities that may be used by the attacker to break in. It involves 

using proprietary and open source tools to test for known and unknown technical vulnerabilities 

in the networked systems. Apart from the automated techniques, penetration testing involves 

manual techniques for conducting the targeted testing on the specific systems to ensure that there 

are no security flaws that may have gone undetected earlier. 

This module explains how to penetrate through a system or network. It gives an introduction to 

penetration testing, risk management, manual testing, and automated testing. It discusses on how 

to enumerate the devices and DoS enumeration and explains about HackerShield, pen-test using 

different devices, VigilENT, WebInspect, and the tools used for penetration testing. 

Page 5 of 12 




Course Outline 

EHS301 

Chapter 1: Introduction to Ethical Hacking 

• Case Example 

• Introduction to Ethical Hacking 

• Importance of Security 

• Threats and Vulnerabilities 

• Attacks 

• Security Breaches 

• Exposure 

• Elements of Security 

• The Security, Functionality, and Ease of Use Triangle 

• The Growth of Hacking 

• Phases of an Attack 

o Phase 1—Reconnaissance 

o Phase 2—Scanning 

o Phase 3—Gaining Access 

o Phase 4—Maintaining Access 

o Phase 5—Covering Tracks 

• Types of Hacker Attacks 

• Hacktivism 

• Ethical Hackers 

• What Do Ethical Hackers Do 

• Can Hacking Be Ethical 

• Skills of an Ethical Hacker 

• What Is Vulnerability Research 

• Why Hackers Need Vulnerability Research 

• Vulnerability Research Web Sites 

• Conducting Ethical Hacking 

• How Do They Go About It 

• Ethical Hacking Testing 

• Ethical Hacking Deliverables 

• Computer Crimes and Implications 

• Case Example Revisited 

Page 6 of 12 




Chapter 2: Footprinting 

EHS301 

• Case Example 

• Introduction to Footprinting 

• Why Is Footprinting Necessary 

• Revisiting Reconnaissance 

• Footprinting Terminologies 

o 

Open Source Footprinting 

• Information-Gathering Methodology 

o 

Unearthing Initial Information 

• What Is an IP Address 

• Finding a Company’s URL 

• Finding the Internal URLs 

• Public and Private Websites 

• People Searching 

• WHOIS Lookup 

• Whois Lookup Result Analysis 

• WHOIS Lookup Result 

• Footprinting Through Job Sites 

• Information Gathering Stances 

• Why Do Hacker Need Competitive Intelligence 

• Competitive Intelligence Tools 

• Footprinting Tools 

• Big Brother 

• Wikto 

• Exomind 

• WHOIS Tools 

• SmartWhois 

• ActiveWhois 

• CountryWhois 

• CallerIP 

• Web Data Extractor 

• DNS Information Tools 

• DNSstuff.com 

• Expired Domains 

o 

Locating the Network Range 

• NeoTrace (now McAfee Visual Trace) 

Page 7 of 12 




• Path Analyzer Pro 

• TouchGraph 

• E-Mail Spiders 

• Locating Network Activity 

• Google Earth 

• Meta Search Engines 

• Faking Web Sites Using Man-In-The-Middle Phishing Kit 

• Case Example Revisited: What Happened Next 

EHS301 

Chapter 3: Scanning 

• Introduction to Scanning 

• Scanning Defined 

• Objectives of Scanning 

• Scanning Methodology 

• Surfing Anonymously 

• Scanning Countermeasures 

• Tools 

o Angry IP Scanner 

• Firewalk Tool 

o Firewalk 

o Firewalk Output 

o Nmap 

• Nmap: Scan Methods 

• Nmap Scan Options 

• Nmap Output Format 

• Nmap Timing Options 

• Nmap Options 

• Nmap: Output 

• Nmap: Host/Ports Details 

• Nmap: Host Details 

• Nmap: Hosts Viewer 

o NetScanTools 

o WUPS 

o SuperScan 

o Global Network Inventory 

o Net Tools Suite Pack 

Page 8 of 12 




o FloppyScan 

EHS301 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

o 

Atelier Web Ports Traffic Analyzer 

Atelier Web Security Port Scanner 

Ike-scan 

Infiltrator Network Security Scanner 

YAPS: Yet another Port Scanner 

Advanced Port Scanner 

NetGadgets 

P-Ping Tools 

LANView 

NetBrute 

Advanced IP Scanner 

Colasoft MAC Scanner 

Active Network Monitor 

Advanced Serial Data Logger 

WotWeb 

Antiy Ports 

Port Detective 

PhoneSweep 

Httprint 

IIS Lockdown Wizard 

ServerMask 

PageXchanger 

SAINT 

ISS Security Scanner 

Nessus 

Retina Network Security Scanner 

IPsonar 

BSA Visibility 

SocksChain 

Happy Browser 

Browzar 

Torpark 

Proxy+ 

JAP 

HTTPort 

SentryPC 

Page 9 of 12 




EHS301 

Chapter 4: Enumeration 

• Introduction to Enumeration 

• Enumeration Defined 

• Techniques for Enumeration 

• Null Session Enumeration 

• Windows Session Establishment 

• Establishing Netbios Null Sessions 

• So What's the Big Deal 

• SNMP Enumeration 

• Management Information Base 

• SNMP UNIX Enumeration 

• UNIX Enumeration 

• LDAP Enumeration 

• NTP Enumeration 

• SMTP Enumeration 

• Web Enumeration 

• Web Application Directory Enumeration 

• Default Password Enumeration 

• Enumeration Procedure 

• Enumerating User Accounts on Linux and OS X with rpcclient 

• Tools 

o Null Session Tools 

o User Account Tools 

o PsTools 

o SNMP Enumeration Tools 

o LDAP Enumeration Tools 

o General Enumeration Tools 

Chapter 5: System Hacking 

• Introduction to System Hacking 

• Gaining Access 

• Cracking Passwords 

• Types of Password Attacks 

o Passive Online Attack: Wire Sniffing 

o Passive Online Attack: Man-in-the-Middle and Replay Attacks 

o Active Online Attack: Password Guessing 

Page 10 of 12 




o Offline Attacks 

EHS301 

• Brute-force Attack 

• Attack: Pre-Computed Hashes 

o 

o 

o 

o 

Syllable Attack/ Rule-based Attack 

Distributed Network Attack 

Rainbow Attack 

Non-Technical Attacks 

o Password Cracking Web Sites 

• Password Guessing 

• Tool: 

o 

o 

Windows Password Cracker 

Windows Password Recovery 

• Microsoft Authentication 

• Password Cracking Tools 

• Password Cracking Countermeasures 

• Escalating Privileges 

• Cracking NT/2000 Passwords 

• Login Hack: Example 

• Executing Applications 

• Keyloggers and Spyware 

• Keylogger and Spyware Countermeasures 

• Hiding Files 

• Rootkits 

• Steganography 

• Steganography Tools 

• Steganography Detection 

• Steganalysis Tools 

• Covering Tracks 

Chapter 6: Penetration Testing (PT) 

• Introduction to Penetration Testing 

• Security Assessments 

• Types of Penetration Testing 

o 

o 

o 

o 

Black-box Penetration Testing 

Grey-box Penetration Testing 

White-box Penetration Testing 

Announced Testing/ Unannounced Testing 

Page 11 of 12 




• Why Penetration Testing 

EHS301 

• What Should be Tested 

• What Makes a Good Penetration Test 

• Strategies of Penetration Testing 

o 

o 

o 

o 

o 

o 

o 

External Penetration Testing 

Internal Security Assessment 

Application Security Assessment 

Network Security Assessment 

Wireless/Remote Access Assessment 

Telephony Security Assessment 

Social Engineering 

• Phases of Penetration Testing 

o 

o 

o 

o 

o 

Planning Phase 

Enumerating Devices 

Pre-attack Phase 

Attack Phase 

Post-attack Phase 

• Tools 

• Other Tools Useful in a Pen-Test 

Page 12 of 12

Ethical Hacking & Countermeasure Specialist - EC-Council

Create successful ePaper yourself

Delete template?

Save as template?