Wanna get EC-Council CEH? Think again.

colemic

PC509 wrote: »

CEH isn't intro level (Not as entry level at Security+), so it's lower-mid level. Definitely not upper level. But, it's not intended to be. As with all certs, though, it's the checkbox on your resume that gets you noticed. After that, it's what you know. With CEH, I'd assume you know basic security concepts. Not enough for CISSP, but beyond the basics of Security+. It also shows you want to move forward in the career. Everything else, you have to prove. Kind of like you wouldn't trust a fresh MCSE with your Windows forest (at least, I'd hope not), you shouldn't trust a fresh CEH with your security, either.

It can be a great cert to show dedication to the field and basic knowledge. It's not a miracle cert, it's not some magical hacking cert. But, you'll understand the concepts and how to apply them.

Yes, the name "Certified Ethical Hacker" is a bit much, but it gets attention. It's a business, and that's what they do. Is it respected by others? It can be, but I wouldn't go bragging about it trying to be some hotshot. It doesn't make you a hacker or some security expert. But, like all other certs - it gets you past HR. From there, it's all about what you can do. You may already be a hacker or expert and are working on grabbing some certs to pad the ol' resume, or you may just be looking for the foundations.

I guess you get out of it what you want. If you have no use for it and think it's just a basic, entry level certification, then don't take it. It won't help you. If you see value in it for a job you want or want that foundation knowledge, and can justify the cost - then it's a great certification and you should take it. I wouldn't take the Network+, as it wouldn't hold value for me (after CCNA, it's near worthless unless a job requires it). It's value is based on the individual and their goals. Just because I hold little value in the Net+ in my career now, doesn't mean someone else shouldn't hold value in it.

note: I'm studying for the exam, haven't taken it yet. So, no first hand exam experience.

This right here is what give MANY heartburn about the CEH... by almost all accounts, and any definition, it is a introductory cert. It tests you on usage and syntax of tools; the entire test can be answered correctly by rote memorization. It doesn't teach context, or require you to synthesize knowledge into answering a question that you are not familiar with.

And this is largely, if not exclusively the fault of EC-Council. They have a vested interested in pimping the cert as a 'mastery of hacking technologies.'

I don't hate the cert. I am very annoyed that it is hyped as everything BUT an introductory exam. It is what it is. I don't lose sleep over it.

Just be cautioned that there are many who share my opinion, and you will be sorely disappointed if you think having CEH demontrates anything but knowledge (NOT mastery) of the fundamentals.

cyberguypr

To expand on what the co-founder of this cert said (LOL), I have issues with the way they market the CEH. According to their site:

- The most advanced ethical hacking course in the world that covers cutting edge of hacking technology. FALSE

- EC-Council researchers go deep underground covertly to extract advanced attacks and exploits. If they do, it doesn't show in the training or the cert.

- The certified ethical hacker Tools DVDs included in the certified ethical hacker courseware kit contain over 24 GB of underground hacking and security tools that are not found in any other training course anywhere in the world. Absolute CRAP. They are not found elsewhere because most of them are useless, outdated, or superseded with better/more useful tools.

Then there's this table comparing CEH with SANS. They claim to be super up to date with the latest and greatest. The are basically claiming that CEH offer all of this, while SANS doesn't:

- Even the experienced pen testers get to learn the new techniques to perform their job much more efficiently
- Detailed coverage of how perimeter defense work including standard firewall, IDS and IPS deployments, and how to bypass it for an effective penetration testing effort
- Coverage of distributed denial-of-service attacks, auditing networks for DDoS attacks and countermeasures to protect against such attacks
- It integrates existing information system security auditing and pen testing methodologies such as OWASP, OSSTMM and NIST, and latest research from information security community to create an extensive common knowledge base
- Emphasizes on not just attacks but also demonstrates how to defend those attacks effectively and keeps the students updated with latest trends in hacking

They either haven't been to any SANS course, or completely decided to omit facts and make up some crap.

gespenstern

BlackBeret wrote: »

@gespenstern - To answer your question about the eligibility code and explain why you had problems with the registration process....The eligibility code is what you get from EC-Council after having your voucher approved. You then put that in to their online order form to pay for and register for the test. If you had done this you would not have had to email them to manually register for it. The system isn't automatic, but the instructions weren't hard to figure out.

I deliberately played a 'dumb guy' role to figure out what a regular guy supposed to do during application process and allowed EC-Council to guide me through every step and when the next step was unclear I asked for assistance, also I asked for assistance each time I've met some contradictory statements or other issues that prevented me from moving further according to official guides.

I used their online order form, specifically, their store to buy VUE exam voucher. It didn't ask me for eligibility code. I guess the only way to figure out if it is really needed is to ask someone who is heading towards this exam to seek where to put the code and refuse to go other ways if they don't ask for this code. Still, many people on this forum pass the exam and later ask what to do with the code, because they completed the exam without using it.

IronmanX

colemic wrote: »

CEH demonstrates anything but knowledge (NOT mastery) of the fundamentals.

I think you hit the nail on the head.
I don't think any one could find fault with that statement.

However what week long course or exam would give you mastery in a subject?
From my reading OSCP comes off as the most practical. I would still not expect to come out of the 24 hr "test" period as a master in the subject matter.

OSCP (Offensive Security Pen Testing with Kali) $4900 USD. ***I don't know if that includes the test/exam.
https://www.blackhat.com/us-15/training/penetration-testing-with-kali-linux.html

SANS $5350 USD ***+$629 for the exam.
https://www.sans.org/event/sansfire-2015/courses/

CEH $3000 (Canadian). That is what my company paid and they included a voucher to take the exam.

My company could care less about the certification part it was more about the training. I would love to do some SANS training but its going to be hard to get approval for twice the price.

NetworkNewb

IronmanX wrote: »

My company could care less about the certification part it was more about the training. I would love to do some SANS training but its going to be hard to get approval for twice the price.

The only way my company approved my SANS training is if I got the work study program. $900 for everything, training+exam

colemic

Does the OSCP market itself as making you an expert, and have mastered hacking technologies, like the CEH does? I've never even looked into this cert, but I am pretty sure it doesn't.

The point I was trying to make with my comment that it only demonstrates knowledge, not mastery, is 1) it's a introductory course, and 2) CEH unequivocally markets its as a mastery/expert-level course.

IronmanX wrote: »

I think you hit the nail on the head.
I don't think any one could find fault with that statement.

However what week long course or exam would give you mastery in a subject?
From my reading OSCP comes off as the most practical. I would still not expect to come out of the 24 hr "test" period as a master in the subject matter.

OSCP (Offensive Security Pen Testing with Kali) $4900 USD. ***I don't know if that includes the test/exam.
https://www.blackhat.com/us-15/training/penetration-testing-with-kali-linux.html

SANS $5350 USD ***+$629 for the exam.
https://www.sans.org/event/sansfire-2015/courses/

CEH $3000 (Canadian). That is what my company paid and they included a voucher to take the exam.

My company could care less about the certification part it was more about the training. I would love to do some SANS training but its going to be hard to get approval for twice the price.

colemic

cyberguypr wrote: »

To expand on what the co-founder of this cert said (LOL), I have issues with the way they market the CEH. According to their site:

- The most advanced ethical hacking course in the world that covers cutting edge of hacking technology. FALSE

- EC-Council researchers go deep underground covertly to extract advanced attacks and exploits. If they do, it doesn't show in the training or the cert.

- The certified ethical hacker Tools DVDs included in the certified ethical hacker courseware kit contain over 24 GB of underground hacking and security tools that are not found in any other training course anywhere in the world. Absolute CRAP. They are not found elsewhere because most of them are useless, outdated, or superseded with better/more useful tools.

Then there's this table comparing CEH with SANS. They claim to be super up to date with the latest and greatest. The are basically claiming that CEH offer all of this, while SANS doesn't:

- Even the experienced pen testers get to learn the new techniques to perform their job much more efficiently
- Detailed coverage of how perimeter defense work including standard firewall, IDS and IPS deployments, and how to bypass it for an effective penetration testing effort
- Coverage of distributed denial-of-service attacks, auditing networks for DDoS attacks and countermeasures to protect against such attacks
- It integrates existing information system security auditing and pen testing methodologies such as OWASP, OSSTMM and NIST, and latest research from information security community to create an extensive common knowledge base
- Emphasizes on not just attacks but also demonstrates how to defend those attacks effectively and keeps the students updated with latest trends in hacking

They either haven't been to any SANS course, or completely decided to omit facts and make up some crap.

Or stole it outright... attrition.org is HIGHLY respected in the industry as being brutally honest and accurate.

IronmanX

cyberguypr wrote: »

- EC-Council researchers go deep underground covertly to extract advanced attacks and exploits. If they do, it doesn't show in the training or the cert.




- Detailed coverage of how perimeter defense work including standard firewall, IDS and IPS deployments, and how to bypass it for an effective penetration testing effort
- Coverage of distributed denial-of-service attacks, auditing networks for DDoS attacks and countermeasures to protect against such attacks
- It integrates existing information system security auditing and pen testing methodologies such as OWASP, OSSTMM and NIST, and latest research from information security community to create an extensive common knowledge base
- Emphasizes on not just attacks but also demonstrates how to defend those attacks effectively and keeps the students updated with latest trends in hacking


They either haven't been to any SANS course, or completely decided to omit facts and make up some crap.

My live in person course outline was similar to this (edit I probably should not have posted all this but I found my course to be quite in depth):
"
Module 01: Introduction to Ethical Hacking
** Information Security Overview
- Internet Crime Current Report: IC3
- Data Breach Investigations Report
- Essential Terminology
- Elements of Information Security
- The Security, Functionality, and Usability Triangle
** Information Security Threats and Attack Vectors
- Top Information Security Attack Vectors
- Motives, Goals, and Objectives of Information Security Attacks
- Information Security Threats
- Information Warfare
- IPv6 Security Threats
** Hacking Concepts
- Hacking vs. Ethical Hacking
- Effects of Hacking on Business
- Who Is a Hacker?
- Hacker Classes
- Hacktivism
** Hacking Phases
** Types of Attacks
- Types of Attacks on a System
- Operating System Attacks
- Misconfiguration Attacks
- Application-Level Attacks
- Examples of Application-Level Attacks
- Shrink Wrap Code Attacks
** Information Security Controls
- Why Ethical Hacking is Necessary
- Scope and Limitations of Ethical Hacking
- Skills of an Ethical Hacker
- Defense in Depth
- Incident Management Process
- Information Security Policies
- Classification of Security Policies
- Structure and Contents of Security Policies
- Types of Security Policies
- Steps to Create and Implement Security Policies
- Examples of Security Policies
- Vulnerability Research
- Vulnerability Research Websites
- What Is Penetration Testing?
- Why Penetration Testing
- Penetration Testing Methodology


Module 02: Footprinting and Reconnaissance
** Footprinting Concepts
- Footprinting Terminology
- What is Footprinting?
- Why Footprinting?
- Objectives of Footprinting
** Footprinting Threats
- Footprinting Threats
** Footprinting Methodology
- Footprinting through Search Engines
** Finding Company’s External and Internal URLs
** Public and Restricted Websites
** Collect Location Information
** People Search
** People Search Online Services
** People Search on Social Networking Services
** Gather Information from Financial Services
** Footprinting through Job Sites
** Monitoring Target Using Alerts
- Website Footprinting
** Mirroring Entire Website
** Website Mirroring Tools
** Extract Website Information from http://www.archive.org
** Monitoring Web Updates Using Website Watcher
- Email Footprinting
** Tracking Email Communications
** Collecting Information from Email Header
** Email Tracking Tools
- Competitive Intelligence
** Competitive Intelligence Gathering
** Competitive Intelligence - When Did this Company Begin? How did it develop?
** Competitive Intelligence - What Are the Company's Plans?
** Competitive Intelligence - What Expert Opinions Say About the Company
- Footprinting using Google
** Footprint Using Google Hacking Techniques
** What a Hacker can do with Google Hacking?
** Google Advance Search Operators
** Finding Resources Using Google Advance Operator
** Google Hacking Tool: Google Hacking Database (GHDB)
** Google Hacking Tools
- WHOIS Footprinting
** WHOIS Lookup
** WHOIS Lookup Result Analysis
** WHOIS Lookup Tool: SmartWhois
** WHOIS Lookup Tools
** WHOIS Lookup Online Tools
- DNS Footprinting
** Extracting DNS Information
** DNS Interrogation Tools
- Network Footprinting
** Locate the Network Range
** Determine the Operating System
** Traceroute
** Traceroute Analysis
** Traceroute Tools


- Footprinting through Social Engineering
** Footprinting through Social Engineering
** Collect Information Using Eavesdropping, Shoulder Surfing, and Dumpster Diving
- Footprinting through
** Collect Information through Social Engineering on Social Networking Sites
** Information Available on Social Networking Sites
** Collecting Facebook Information
** Collecting Twitter Information
** Collecting Linkedin Information
** Collecting Youtube Information
** Tracking Users on Social Networking Sites
** Footprinting Tools
- Footprinting Tool: Maltego
- Footprinting Tool: Domain Name Analyzer Pro
- Footprinting Tool: Web Data Extractor
- Additional Footprinting Tools
** Footprinting Countermeasures
** Footprinting Penetration Testing
- Footprinting Pen Testing
- Footprinting Pen Testing Report Templates

Module 03: Scanning Networks
** Overview of Network Scanning
** CEH Scanning Methodology
- Check for Live Systems
** Checking for Live Systems - ICMP Scanning
** Ping Sweep
** Ping Sweep Tools
- Check for Open Ports
** Three-Way Handshake
** TCP Communication Flags
** Create Custom Packet Using TCP Flags
** Create Custom Packet Using TCP Flags
** Scanning IPv6 Network
** Scanning Tool: Nmap
** Hping2 / Hping3
** Hping Commands
** Scanning Techniques
** TCP Connect / Full Open Scan
** Stealth Scan (Half-open Scan)
** Stealth Scan (Half-open Scan)
** Xmas Scan
** FIN Scan
** NULL Scan
** IDLE Scan
** IDLE Scan: Step 1
** IDLE Scan: Step 2 and 3
** ICMP Echo Scanning/List Scan
** UDP Scanning
** Inverse TCP Flag Scanning
** ACK Flag Scanning
** Scanning Tool: NetScan Tools Pro
** Scanning Tools
Do Not Scan These IP Addresses (Unless you want to get into trouble)
** Port Scanning Countermeasures
- Scanning Beyond IDS
** IDS Evasion Techniques
** SYN/FIN Scanning Using IP Fragments
- Banner Grabbing
** Banner Grabbing Tools
** Banner Grabbing Countermeasures: Disabling or Changing Banner
** Hiding File Extensions from Web Pages
- Scan for Vulnerability
** Vulnerability Scanning
** Vulnerability Scanning Tool: Nessus
** Vulnerability Scanning Tool: GAFI LanGuard
** Vulnerability Scanning Tool: SAINT
** Network Vulnerability Scanners
- Draw Network Diagrams
** Drawing Network Diagrams
** Network Discovery Tool: LANsurveyor
** Network Discovery Tool: OpManager
** Network Discovery Tool: NetworkView
** Network Discovery Tool: The Dude
** Network Discovery and Mapping Tools
- Prepare Proxies
** Proxy Servers
** Why Attackers Use Proxy Servers?
** Use of Proxies for Attack
** Proxy Chaining
** Proxy Tool: Proxy Workbench
** Proxy Tool: Proxifier
** Proxy Tool: Proxy Switcher
** Proxy Tool: SocksChain
** Proxy Tool: TOR (The Onion Routing)
** Proxy Tools
** Free Proxy Servers
** HTTP Tunneling Techniques
** Why do I Need HTTP Tunneling
** HTTP Tunneling Tool: Super Network Tunnel
** HTTP Tunneling Tool: HTTP-Tunnel
** SSH Tunneling
** SSH Tunneling Tool: Bitvise
** Anonymizers
** Case: Bloggers Write Text Backwards to Bypass Web Filters in China
** Censorship Circumvention Tool: Psiphon
** Censorship Circumvention Tool: Your-Freedom
** How to Check if Your Website is Blocked in China or Not?
** G-Zapper
** Anonymizers
** Spoofing IP Address
** IP Spoofing Detection Techniques: Direct TTL Probes
** IP Spoofing Detection Techniques: IP Identification Number
** IP Spoofing Detection Techniques: TCP Flow Control Method
** IP Spoofing Countermeasures
- Scanning Pen Testing
Module 04: Enumeration
** Enumeration Concepts
- What is Enumeration?
- Techniques for Enumeration
- Services and Ports to Enumerate
** NetBIOS Enumeration
- NetBIOS Enumeration
- NetBIOS Enumeration Tool: SuperScan
- NetBIOS Enumeration Tool: Hyena
- NetBIOS Enumeration Tool: Winfingerprint
- NetBIOS Enumeration Tool: NetBIOS Enumerator
- Enumerating User Accounts
- Enumerate Systems Using Default Passwords
** SNMP Enumeration
- SNMP (Simple Network Management Protocol) Enumeration
- Working of SNMP
- Management Information Base (MIB)
- SNMP Enumeration Tool: OpUtils
- SNMP Enumeration Tool: SolarWind’s IP Network Browser
- SNMP Enumeration Tools
** UNIX/Linux Enumeration
- UNIX/Linux Enumeration Commands
- Linux Enumeration Tool: Enum4linux
** LDAP Enumeration
- LDAP Enumeration
- LDAP Enumeration Tool: Softerra LDAP Administrator
- LDAP Enumeration Tools
** NTP Enumeration
- NTP Enumeration
- NTP Enumeration Commands
** SMTP Enumeration
- SMTP Enumeration
- SMTP Enumeration Tool: NetScanTools Pro
** DNS Enumeration
- DNS Zone Transfer Enumeration Using NSLookup
** Enumeration Countermeasures
** SMB Enumeration Countermeasures
** Enumeration Pen Testing

IronmanX

Module 05: System Hacking
** Information at Hand Before System Hacking Stage
** System Hacking: Goals
** CEH Hacking Methodology (CHM)
** CEH System Hacking Steps
- Cracking Passwords
** Password Cracking
** Password Complexity
** Password Cracking Techniques
** Types of Password Attacks
** Passive Online Attack: Wire Sniffing
** Passive Online Attack: Eavesdropping
** Passive Online Attacks: Man-in-the-Middle and Replay Attack
Active Online Attack: Password Guessing
** Active Online Attack: Trojan/Spyware/Keylogger
** Active Online Attack: Hash Injection Attack
** Offline Attack: Rainbow Attacks
** Tools to Create Rainbow Tables: Winrtgen and rtgen
** Distributed Network Attack
** Elcomsoft Distributed Password Recovery
** Non-Electronic Attacks
** Default Passwords
** Manual Password Cracking (Guessing)
** Automatic Password Cracking Algorithm
** Stealing Passwords Using USB Drive
** Stealing Passwords Using Keyloggers
** Microsoft Authentication
** How Hash Passwords Are Stored in Windows SAM?
** What Is LAN Manager Hash?
** LM “Hash” Generation
** LM, NTLMv1, and NTLMv2
** NTLM Authentication Process
** Kerberos Authentication
** Salting
** PWdump7 and Fgdump
** L0phtCrack
** Ophcrack
** Cain & Abel
** RainbowCrack
** Password Cracking Tools
** LM Hash Backward Compatibility
** How to Disable LM HASH
** How to Defend against Password Cracking
** Implement and Enforce Strong Security Policy
** CEH System Hacking Steps
- Escalating Privileges
** Privilege Escalation
** Privilege Escalation Tool: Active@ Password Changer
** Privilege Escalation Tools
** How to Defend Against Privilege Escalation
- Executing Applications
** Executing Applications
** Executing Applications: RemoteExec
** Executing Applications: PDQ Deploy
** Executing Applications: DameWare NT Utilities
** Keylogger
** Types of Keystroke Loggers
** Methodology of Attacker in Using Remote Keylogger
** Acoustic/CAM Keylogger
** Keyloggers
** Keylogger: Spytech SpyAgent
** Keylogger: All In One Keylogger
** Keyloggers for Windows
** Keylogger for Mac: Amac Keylogger for Mac
** Keyloggers for MAC
** Hardware Keyloggers
** Spyware
What Does the Spyware Do?
** Types of Spywares
** Desktop Spyware
** Desktop Spyware: Activity Monitor
** Desktop Spyware
** Email and Internet Spyware
** Email and Internet Spyware: Power Spy
** Internet and Email Spyware
** Child Monitoring Spyware
** Child Monitoring Spyware: Net Nanny Home Suite
** Child Monitoring Spyware
** Screen Capturing Spyware
** Screen Capturing Spyware: SoftActivity TS Monitor
** Screen Capturing Spyware
** USB Spyware
** USB Spyware: USBSpy
** USB Spyware
** Audio Spyware
** Audio Spyware: Spy Voice Recorder and Sound Snooper
** Video Spyware
** Video Spyware: WebCam Recorder
** Video Spyware
** Print Spyware
** Print Spyware: Printer Activity Monitor
** Print Spyware
** Telephone/Cellphone Spyware
** Cellphone Spyware: Mobile Spy
** Telephone/Cellphone Spyware
** GPS Spyware
** GPS Spyware: SPYPhone
** GPS Spyware
** How to Defend Against Keyloggers
** Anti-Keylogger
** Anti-Keylogger: Zemana AntiLogger
** Anti-Keylogger
** How to Defend Against Spyware
** Anti-Spyware: PC Tools Spyware Doctor
** Anti-Spywares
- Hiding Files
** Rootkits
** Types of Rootkits
** How Rootkit Works
** Rootkit: Fu
** Rootkit: KBeast
** Rootkit: Hacker Defender HxDef Rootkit
** Detecting Rootkits
** Steps for Detecting Rootkits
** How to Defend against Rootkits
** Anti-Rootkit: Stinger
** Anti-Rootkit: UnHackMe
** Anti-Rootkits
** NTFS Data Stream
** How to Create NTFS Streams
** NTFS Stream Manipulation
How to Defend against NTFS Streams
** NTFS Stream Detector: StreamArmor
** NTFS Stream Detectors
** What Is Steganography?
** Application of Steganography
** Classification of Steganography
** Technical Steganography
** Linguistic Steganography
** Steganography Techniques
** How Steganography Works
** Types of Steganography
** Whitespace Steganography Tool: SNOW
** Image Steganography
** Least Significant Bit Insertion
** Masking and Filtering
** Algorithms and Transformation
** Image Steganography: QuickStego
** Image Steganography Tools
** Document Steganography: wbStego
** Document Steganography Tools
** Video Steganography
** Video Steganography: OmniHide PRO
** Video Steganography Tools
** Audio Steganography
** Audio Steganography Methods
** Audio Steganography: DeepSound
** Audio Steganography Tools
** Folder Steganography: Invisible Secrets 4
** Folder Steganography Tools
** Spam/Email Steganography: Spam Mimic
** Natural Text Steganography: Sams Big G Play Maker
** Issues in Information Hiding
** Steganalysis
** Steganalysis Methods/Attacks on Steganography
** Detecting Text and Image Steganography
** Detecting Audio and Video Steganography
** Steganography Detection Tool: Gargoyle Investigator™ Forensic Pro
** Steganography Detection Tools
- Covering Tracks
** Why Cover Tracks?
** Covering Tracks
** Ways to Clear Online Tracks
** Disabling Auditing: Auditpol
** Covering Tracks Tool: CCleaner
** Covering Tracks Tool: MRU-Blaster
** Track Covering Tools
- Penetration Testing
** Password Cracking
** Privilege Escalation
** Executing Applications
** Hiding Files
** Covering Tracks
Module 06: Trojans and Backdoors
** Trojan Concepts
- What is a Trojan?
- Communication Paths: Overt and Covert Channels
- Purpose of Trojans
- What Do Trojan Creators Look For
- Indications of a Trojan Attack
- Common Ports used by Trojans
** Trojan Infection
- How to Infect Systems Using a Trojan
- Wrappers
- Wrapper Covert Programs
- Different Ways a Trojan can Get into a System
- How to Deploy a Trojan
- Evading Anti-Virus Techniques
** Types of Trojans
- Command Shell Trojans
- Command Shell Trojan: Netcat
- GUI Trojan: MoSucker
- GUI Trojan: Jumper and Biodox
- Document Trojans
- E-mail Trojans
- E-mail Trojans: RemoteByMail
- Defacement Trojans
- Defacement Trojans: Restorator
- Botnet Trojans
- Botnet Trojan: Illusion Bot and NetBot Attacker
- Proxy Server Trojans
- Proxy Server Trojan: W3bPrOxy Tr0j4nCr34t0r (Funny Name)
- FTP Trojans
- VNC Trojans
- VNC Trojans: WinVNC and VNC Stealer
- HTTP/HTTPS Trojans
- HTTP Trojan: HTTP RAT
- Shttpd Trojan - HTTPS (SSL)
- ICMP Tunneling
- Remote Access Trojans
- Remote Access Trojan: RAT DarkComet and Apocalypse
- Covert Channel Trojan: CCTT
- E-banking Trojans
- Banking Trojan Analysis
- E-banking Trojan: ZeuS and SpyEye
- Destructive Trojans: M4sT3r Trojan
- Notification Trojans
- Credit Card Trojans
- Data Hiding Trojans (Encrypted Trojans)
- OS X Trojan: Crisis
- MAC OS X Trojan: DNSChanger
- Mac OS X Trojan: Hell Raiser
- Trojan Analysis: Flame
- Flame C&C Server Analysis
- Trojan Analysis: SpyEye
- Trojan Analysis: ZeroAccess
- Trojan Analysis: Duqu
- Trojan Analysis: Duqu Framework
- Trojan Analysis: Event Driven Framework
** Trojan Detection
- How to Detect Trojans
- Scanning for Suspicious Ports
- Port Monitoring Tools: TCPView and CurrPorts
- Scanning for Suspicious Processes
- Port Monitoring Tools: TCPView and CurrPorts
- Scanning for Suspicious Processes
- Process Monitoring Tool: What's Running
- Process Monitoring Tools
- Scanning for Suspicious Registry Entries
- Registry Entry Monitoring Tool: PC Tools Registry Mechanic
- Registry Entry Monitoring Tools
- Scanning for Suspicious Device Drivers
- Device Drivers Monitoring Tool: DriverView
- Device Drivers Monitoring Tools
- Scanning for Suspicious Windows Services
- Windows Services Monitoring Tool: Windows Service Manager (SrvMan)
- Windows Services Monitoring Tools
- Scanning for Suspicious Startup Programs
- Windows8 Startup Registry Entries
- Startup Programs Monitoring Tool: Starter
- Startup Programs Monitoring Tool: Security AutoRun
- Startup Programs Monitoring Tools
- Scanning for Suspicious Files and Folders
- Files and Folder Integrity Checker: FastSum and WinMD5
- Files and Folder Integrity Checker
- Scanning for Suspicious Network Activities
- Detecting Trojans and Worms with Capsa Network Analyzer
** Countermeasures
- Trojan Countermeasures
- Backdoor Countermeasures
- Trojan Horse Construction Kit
** Anti-Trojan Software
- Anti-Trojan Software: TrojanHunter
- Anti-Trojan Software: Emsisoft Anti-Malware
- Anti-Trojan Softwares
** Pen Testing for Trojans and Backdoors

Module 07: Viruses and Worms
** Virus and Worms Concepts
- Introduction to Viruses
- Virus and Worm Statistics
- Stages of Virus Life
- Working of Viruses: Infection Phase
- Working of Viruses: Attack Phase
- Why Do People Create Computer Viruses
- Indications of Virus Attack
- How does a Computer Get Infected by Viruses
- Common Techniques Used to Distribute Malware on the Web
- Virus Hoaxes and Fake Antiviruses
- Virus Analysis: DNSChanger
** Types of Viruses
- System or Boot Sector Viruses
- File and Multipartite Viruses
- Macro Viruses
- Cluster Viruses
- Stealth/Tunneling Viruses
- Encryption Viruses
- Polymorphic Code
- Metamorphic Viruses
- File Overwriting or Cavity Viruses
- Sparse Infector Viruses
- Companion/Camouflage Viruses
- Shell Viruses
- File Extension Viruses
- Add-on and Intrusive Viruses
- Transient and Terminate and Stay Resident Viruses
- Writing a Simple Virus Program
- Terabit Virus Maker
- JPS Virus Maker and DELmE's Batch Virus Maker
** Computer Worms
- How Is a Worm Different from a Virus?
- Worm Analysis: Stuxnet
- Worm Maker: Internet Worm Maker Thing
** Malware Analysis
- What is Sheep Dip Computer?
- Anti-Virus Sensors Systems
- Malware Analysis Procedure: Preparing Testbed
- Malware Analysis Procedure
- Virus Analysis Tool: IDA Pro
- Online Malware Testing: VirusTotal
- Online Malware Analysis Services
** Counter-measures
- Virus Detection Methods
- Virus and Worms Countermeasures
- Companion Antivirus: Immunet
- Anti-virus Tools
** Penetration Testing for Virus

Module 08: Sniffers
** Sniffing Concepts
- Wiretapping
- Lawful Interception
- Packet Sniffing
- Sniffing Threats
- How a Sniffer Works
- Types of Sniffing Attacks
- Types of Sniffing: Passive Sniffing
- Types of Sniffing: Active Sniffing
- Protocols Vulnerable to Sniffing
- Tie to Data Link Layer in OSI Model
- IPv6 Addresses
- IPv4 and IPv6 Header Comparison
- Hardware Protocol Analyzers
- SPAN Port
** MAC Attacks
- MAC Flooding
- MAC Address/CAM Table
- How CAM Works
- What Happens When CAM Table Is Full?
- Mac Flooding Switches with macof
- MAC Flooding Tool: Yersinia
- How to Defend against MAC Attacks
** DHCP Attacks
- How DHCP Works
- DHCP Request/Reply Messages
- IPv4 DHCP Packet Format
- DHCP Starvation Attack
- DHCP Starvation Attack Tools
- Rogue DHCP Server Attack
- How to Defend Against DHCP Starvation and Rogue Server Attack
** ARP Poisoning
- What Is Address Resolution Protocol (ARP)?
- ARP Spoofing Techniques
- ARP Spoofing Attack
- How Does ARP Spoofing Work
- Threats of ARP Poisoning
- ARP Poisoning Tool: Cain & Abel
- ARP Poisoning Tool: WinArpAttacker
- ARP Poisoning Tool: Ufasoft Snif
- How to Defend Against ARP Poisoning
- Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches
- ARP Spoofing Detection: XArp
** Spoofing Attack
- Spoofing Attack Threats
- MAC Spoofing/Duplicating
- MAC Spoofing Technique: Windows
- MAC Spoofing Tool: SMAC
- IRDP Spoofing
- How to Defend Against MAC Spoofing
** DNS Poisoning
- DNS Poisoning Techniques
- Intranet DNS Spoofing
- Internet DNS Spoofing
- Proxy Server DNS Poisoning
- DNS Cache Poisoning
- How to Defend Against DNS Spoofing
** Sniffing Tools
- Sniffing Tool: Wireshark
- Follow TCP Stream in Wireshark
- Display Filters in Wireshark
- Additional Wireshark Filters
- Sniffing Tool: Cascade Pilot
- Sniffing Tool: Tcpdump/Windump
- Packet Sniffing Tool: Capsa Network Analyzer
- Network Packet Analyzer: OmniPeek Network Analyzer
- Network Packet Analyzer: Observer
- Network Packet Analyzer: Sniff-O-Matic
- Network Packet Analyzer: JitBit Network Sniffer
- Chat Message Sniffer: MSN Sniffer 2
- TCP/IP Packet Crafter: Colasoft Packet Builder
- Additional Sniffing Tools
- How an Attacker Hacks the Network Using Sniffers
** Counter measures
- How to Defend Against Sniffing
- How to Detect Sniffing
- Sniffer Detection Technique: Ping Method
- Sniffer Detection Technique: ARP Method
- Sniffer Detection Technique: DNS Method
- Promiscuous Detection Tool: PromqryUI
** Sniffing Pen Testing

IronmanX

Module 09: Social Engineering
** Social Engineering Concepts
- What is Social Engineering?
- Behaviors Vulnerable to Attacks
- Factors that Make Companies Vulnerable to Attacks
- Why Is Social Engineering Effective?
- Warning Signs of an Attack
- Phases in a Social Engineering Attack
- Impact on the Organization
- “Rebecca” and “Jessica”
- Common Targets of Social Engineering
- Common Targets of Social Engineering: Office Workers
** Social Engineering Techniques
- Types of Social Engineering
- Human-based Social Engineering
- Technical Support Example
- Authority Support Example
- Human-based Social Engineering: Eavesdropping and Shoulder Surfing
- Human-based Social Engineering: Dumpster Diving
- Human-based Social Engineering
- Watch these Movies
- Watch this Movie
- Computer-based Social Engineering
- Computer-based Social Engineering: Pop-Ups
- Computer-based Social Engineering: Phishing
- Computer-based Social Engineering: Spear Phishing
- Mobile-based Social Engineering: Publishing Malicious Apps
- Mobile-based Social Engineering: Repackaging Legitimate Apps
- Mobile-based Social Engineering: Fake Security Applications
- Mobile-based Social Engineering: Using SMS
- Insider Attack
- Disgruntled Employee
- Preventing Insider Threats
- Common Social Engineering Targets and Defense Strategies
** Imperso-nation on Social Networking Sites
- Social Engineering Through Impersonation on Social Networking Sites
- Social Engineering on Facebook
- Social Engineering Example: LinkedIn Profile
- Social Engineering on Twitter
- Risks of Social Networking to Corporate Networks
** Identity Theft
- Identity Theft Statistics 2011
- Identify Theft
- How to Steal an Identity
** STEP 1
** STEP 2
** Comparison
** STEP 3
- Real Steven Gets Huge Credit Card Statement
- Identity Theft - Serious Problem
** Social Engineering Countermeasures
- How to Detect Phishing Emails
- Anti-Phishing Toolbar: Netcraft
- Anti-Phishing Toolbar: PhishTank
- Identity Theft Countermeasures
** Social Engineering Pen Testing
- Social Engineering Pen Testing: Using Emails
- Social Engineering Pen Testing: Using Phone
- Social Engineering Pen Testing: In Person
- Social Engineering Pen Testing: Social Engineering Toolkit (SET)

Module 10: Denial of Service
** DoS/DDoS Concepts
- What is a Denial of Service Attack?
- What Are Distributed Denial of Service Attacks?
- How Distributed Denial of Service Attacks Work
- Symptoms of a DoS Attack
- Cyber Criminals
- Organized Cyber Crime: Organizational Chart
** DoS Attack Techniques
- Bandwidth Attacks
- Service Request Floods
- SYN Attack
- SYN Flooding
- ICMP Flood Attack
- Peer-to-Peer Attacks
- Permanent Denial-of-Service Attack
- Application Level Flood Attacks
** Botnet
- Botnet Propagation Technique
- Botnet Ecosystem
- Botnet Trojan: Shark
- Poison Ivy: Botnet Command Control Center
- Botnet Trojan: PlugBot
- Botnet Trojans: Illusion Bot and NetBot Attacker
** DDoS Case Study
- DDoS Attack
- DDoS Attack Tool: LOIC
- Hackers Advertise Links to Download Botnet
** DoS Attack Tools
** Counter-measures
- Detection Techniques
- Activity Profiling
- Wavelet Analysis
- Sequential Change-Point Detection
- DoS/DDoS Countermeasure Strategies
- DDoS Attack Countermeasures
- DoS/DDoS Countermeasures: Protect Secondary Victims
- DoS/DDoS Countermeasures: Detect and Neutralize Handlers
- DoS/DDoS Countermeasures: Detect Potential Attacks
- DoS/DDoS Countermeasures: Deflect Attacks
- DoS/DDoS Countermeasures: Mitigate Attacks
- Post-Attack Forensics
- Techniques to Defend against Botnets
- DoS/DDoS Countermeasures
- DoS/DDoS Protection at ISP Level
- Enabling TCP Intercept on Cisco IOS Software
- Advanced DDoS Protection Appliances
** DoS/DDoS Protection Tools
- DoS/DDoS Protection Tool: D-Guard Anti-DDoS Firewall
- DoS/DDoS Protection Tools
** Denial-of-Service (DoS) Attack Penetration Testing

Module 11: Session Hijacking
** Session Hijacking Concepts
- What is Session Hijacking?
- Dangers Posed by Hijacking
- Why Session Hijacking is Successful?
- Key Session Hijacking Techniques
- Brute Forcing Attack
- Spoofing vs. Hijacking
- Session Hijacking Process
- Packet Analysis of a Local Session Hijack
- Types of Session Hijacking
- Session Hijacking in OSI Model
- Application Level Session Hijacking
- Session Sniffing
- Predictable Session Token
- How to Predict a Session Token
- Man-in-the-Middle Attack
- Man-in-the-Browser Attack
- Steps to Perform Man-in-the-Browser Attack
- Client-side Attacks
- Cross-site Script Attack
- Session Fixation
- Session Fixation Attack
** Network-level Session Hijacking
- The 3-Way Handshake
- Sequence Numbers
- Sequence Numbers Prediction
- TCP/IP Hijacking
- IP Spoofing: Source Routed Packets
- RST Hijacking
- Blind Hijacking
- Man-in-the-Middle Attack Using Packet Sniffer
- UDP Hijacking
** Session Hijacking Tools
- Session Hijacking Tool: Zaproxy
- Session Hijacking Tool: Burp Suite
- Session Hijacking Tool: JHijack
- Session Hijacking Tools
** Counter-measures
- Protecting against Session Hijacking
- Methods to Prevent Session Hijacking: T- be Followed by Web Developers
- Methods to Prevent Session Hijacking: To be Followed by Web Users
- IPSec
- Modes of IPsec
- IPsec Architecture
- IPsec Authentication and Confidentiality
- Components of IPsec
- IPsec Implementation
** Session Hijacking Pen Testing

Module 12: Hacking Webservers
** Webserver Concepts
- Webserver Market Shares
- Open Source Webserver Architecture
- IIS Webserver Architecture
- Website Defacement
- Why Web Servers are compromised?
- Impact of Webserver Attacks
** Webserver Attacks
- Webserver Misconfiguration
- Webserver Misconfiguration Example
- Directory Traversal Attacks
- HTTP Response Splitting Attack
- Web Cache Poisoning Attack
- HTTP Response Hijacking
- SSH Bruteforce Attack
- Man-in-the-Middle Attack
- Webserver Password Cracking
- Webserver Password Cracking Techniques
- Web Application Attacks
** Attack Methodology
- Webserver Attack Methodology
- Webserver Attack Methodology: Information Gathering
- Webserver Attack Methodology: Webserver Footprinting
- Webserver Footprinting Tools
- Webserver Attack Methodology: Mirroring a Website
- Webserver Attack Methodology: Vulnerability Scanning
- Webserver Attack Methodology: Session Hijacking
- Webserver Attack Methodology: Hacking Web Passwords
** Webserver Attack Tools
- Webserver Attack Tools: Metasploit
- Metasploit Architecture
- Metasploit Exploit Module
- Metasploit Payload Module
- Metasploit Auxiliary Module
- Metasploit NOPS Module
- Webserver Attack Tools: Wfetch
- Web Password Cracking Tool: Brutus
- Web Password Cracking Tool: THC-Hydra
- Web Password Cracking Tool: Internet Password Recovery Toolbox
** Counter-measures
- Countermeasures: Patches and Updates
- Countermeasures: Protocols
- Countermeasures: Accounts
- Countermeasures: Files and Directories
- How to Defend Against Web Server Attacks
- How to Defend against HTTP Response Splitting and Web Cache Poisoning
** Patch Management
- Patches and Hotfixes
- What Is Patch Management?
- Identifying Appropriate Sources for Updates and Patches
- Installation of a Patch
- Implementation and Verification of a Security Patch or Upgrade
- Patch Management Tool: Microsoft Baseline Security Analyzer (MBSA)
- Patch Management Tools
** Webserver Security Tools
- Web Application Security Scanner: Syhunt Dynamic
- Web Application Security Scanner: N-Stalker Web Application Security Scanner
- Web Server Security Scanner: Wikto
- Web Server Security Scanner: Acunetix Web Vulnerability Scanner
- Web Server Malware Infection Monitoring Tool: HackAlert
- Web Server Malware Infection Monitoring Tool: QualysGuard Malware Detection
- Webserver Security Tools
** Webserver Pen Testing
- Web Server Pen Testing Tool: CORE Impact® Pro
- Web Server Pen Testing Tool: Immunity CANVAS
- Web Server Pen Testing
- Web Server Penetration Testing
Module 13: Hacking Web Applications
** Web App Concepts
- Web Application Security Statistics
- Introduction to Web Applications
- Web Application Components
- How Web Applications Work?
- Web Application Architecture
- Web 2.0 Applications
- Vulnerability Stack
- Web Attack Vectors
** Web App Threats
- Web Application Threats - 1
- Web Application Threats - 2
- Invalidated Input
- Parameter/Form Tampering
- Directory Traversal
- Security Misconfiguration
- Injection Flaws
- SQL Injection Attacks
- Command Injection Attacks
- Command Injection Attacks
- Command Injection Example
- File Injection Attack
- What is LDAP Injection?
- How LDAP Injection Works?
- Hidden Field Manipulation Attack
- Cross-Site Scripting (XSS) Attacks
- How XSS Attacks Work?
- Cross-Site Scripting Attack Scenario: Attack via Email
- XSS Example: Attack via Email
- XSS Example: Stealing Users' Cookies
- XSS Example: Sending an Unauthorized Request
- XSS Attack in Blog Posting
- XSS Attack in Comment Field
- XSS **** Sheet
- Cross-Site Request Forgery (CSRF) Attack
- How CSRF Attacks Work?
- Web Application Denial-of-Service (DoS) Attack
- Denial of Service (DoS) Examples
- Buffer Overflow Attacks
- Cookie/Session Poisoning
- How Cookie Poisoning Works?
- Session Fixation Attack
- Insufficient Transport Layer Protection
- Improper Error Handling
- Insecure Cryptographic Storage
- Broken Authentication and Session Management
- Invalidated Redirects and Forwards
- Web Services Architecture
- Web Services Attack
- Web Services Footprinting Attack
- Web Services XML Poisoning
** Web App Hacking Methodology
- Footprint Web Infrastructure
** Footprint Web Infrastructure: Server Discovery
** Footprint Web Infrastructure: Service Discovery
** Footprint Web Infrastructure: Server Identification/Banner Grabbing
** Footprint Web Infrastructure: Hidden Content Discovery
** Web Spidering Using Burp Suite
** Web Spidering Using Mozenda Web Agent Builder
- Attack Web Servers
** Hacking Web Servers
** Web Server Hacking Tool: WebInspect
- Analyze Web Applications
** Analyze Web Applications: Identify Entry Points for User Input
** Analyze Web Applications: Identify Server-Side Technologies
** Analyze Web Applications: Identify Server-Side Functionality
** Analyze Web Applications: Map the Attack Surface
- Attack Authentication Mechanism
** Username Enumeration
** Password Attacks: Password Functionality Exploits
** Password Attacks: Password Guessing
** Password Attacks: Brute-forcing
Session Attacks: Session ID Prediction/ Brute-forcing
** Cookie Exploitation: Cookie Poisoning
- Authorization Attack Schemes
** Authorization Attack
** HTTP Request Tampering
** Authorization Attack: Cookie Parameter Tampering
- Attack Session Management Mechanism
** Session Management Attack
** Attacking Session Token Generation Mechanism
** Attacking Session Tokens Handling Mechanism: Session Token Sniffing
- Perform Injection Attacks
** Injection Attacks
- Attack Data Connectivity
** Connection String Injection
** Connection String Parameter Pollution (CSPP) Attacks
** Connection Pool DoS
- Attack Web App Client
- Attack Web Services
** Web Services Probing Attacks
** Web Service Attacks: SOAP Injection
** Web Service Attacks: XML Injection
** Web Services Parsing Attacks
** Web Service Attack Tool: soapUI
** Web Service Attack Tool: XMLSpy
** Web Application Hacking Tools
- Web Application Hacking Tool: Burp Suite Professional
- Web Application Hacking Tools: CookieDigger
- Web Application Hacking Tools: WebScarab
- Web Application Hacking Tools
** Countermeasures
- Encoding Schemes
- How to Defend Against SQL Injection Attacks?
- How to Defend Against Command Injection Flaws?
- How to Defend Against XSS Attacks?
- How to Defend Against DoS Attack?
- How to Defend Against Web Services Attack?
- Web Application Countermeasures
- How to Defend Against Web Application Attacks?
** Security Tools
- Web Application Security Tool: Acunetix Web Vulnerability Scanner
- Web Application Security Tool: Watcher Web Security Tool
- Web Application Security Scanner: Netsparker
- Web Application Security Tool: N-Stalker Web Application Security Scanner
- Web Application Security Tool: VampireScan
- Web Application Security Tools
- Web Application Firewall: dotDefender
- Web Application Firewall: ServerDefender VP
- Web Application Firewall
** Web App Pen Testing
- Web Application Pen Testing
- Information Gathering
- Configuration Management Testing
- Authentication Testing
- Session Management Testing
Authorization Testing
- Data Validation Testing
- Denial of Service Testing
- Web Services Testing
- AJAX Testing

Module 14: SQL Injection
** SQL Injection Concepts
- SQL Injection
- Scenario
- SQL Injection is the Most Prevalent Vulnerability in 2012
- SQL Injection Threats
- What is SQL Injection?
- SQL Injection Attacks
- How Web Applications Work?
- Server Side Technologies
- HTTP Post Request
- Example 1: Normal SQL Query
- Example 1: SQL Injection Query
- Example 1: Code Analysis
- Example 2: BadProductList.aspx
- Example 2: Attack Analysis
- Example 3: Updating Table
- Example 4: Adding New Records
- Example 5: Identifying the Table Name
- Example 6: Deleting a Table
** Testing for SQL Injection
- SQL Injection Detection
- SQL Injection Error Messages
- SQL Injection Attack Characters
- Additional Methods to Detect SQL Injection
- SQL Injection Black Box Pen Testing
- Testing for SQL Injection
** Types of SQL Injection
- Simple SQL Injection Attack
- Union SQL Injection Example
- SQL Injection Error Based
** Blind SQL Injection
- What is Blind SQL Injection?
- No Error Messages Returned
- Blind SQL Injection: WAITFOR DELAY YES or NO Response
- Blind SQL Injection – Exploitation (MySQL)
- Blind SQL Injection - Extract Database User
- Blind SQL Injection - Extract Database Name
- Blind SQL Injection - Extract Column Name
- Blind SQL Injection - Extract Data from ROWS
** SQL Injection Methodology
** Advanced SQL Injection
- Information Gathering
- Extracting Information through Error Messages
- Understanding SQL Query
- Bypass Website Logins Using SQL Injection
- Database, Table, and Column Enumeration
Advanced Enumeration
- Features of Different DBMSs
- Creating Database Accounts
- Password Grabbing
- Grabbing SQL Server Hashes
- Extracting SQL Hashes (In a Single Statement)
- Transfer Database to Attacker’s Machine
- Interacting with the Operating System
- Interacting with the FileSystem
- Network Reconnaissance Using SQL Injection
- Network Reconnaissance Full Query
** SQL Injection Tools
- SQL Injection Tools: BSQLHacker
- SQL Injection Tools: Marathon Tool
- SQL Injection Tools: SQL Power Injector
- SQL Injection Tools: Havij
- SQL Injection Tools
** Evasion Techniques
- Evading IDS
- Types of Signature Evasion Techniques
- Evasion Technique: Sophisticated Matches
- Evasion Technique: Hex Encoding
- Evasion Technique: Manipulating White Spaces
- Evasion Technique: In-line Comment
- Evasion Technique: Char Encoding
- Evasion Technique: String Concatenation
- Evasion Technique: Obfuscated Codes
** Counter-measures
- How to Defend Against SQL Injection Attacks?
- How to Defend Against SQL Injection Attacks: Use Type-Safe SQL Parameters
- How to Defend Against SQL Injection Attacks
- SQL Injection Detection Tool: Microsoft Source Code Analyzer
- SQL Injection Detection Tool: Microsoft UrlScan Filter
- SQL Injection Detection Tool: dotDefender
- SQL Injection Detection Tool: IBM Security AppScan
- SQL Injection Detection Tool: WebCruiser
- Snort Rule to Detect SQL Injection Attacks
- SQL Injection Detection Tools

IronmanX

Module 15: Hacking Wireless Networks
** Wireless Concepts
- Wireless Networks
- 2010 vs. 2011 Wi-Fi Device Type Comparison
- Wi-Fi Networks at Home and Public Places
- Types of Wireless Networks
- Wireless Standards
- Service Set Identifier (SSID)
- Wi-Fi Authentication Modes
- Wi-Fi Authentication Process Using a Centralized Authentication Server
- Wireless Terminologies
- Wi-Fi Chalking
- Wi-Fi Chalking Symbols
- Types of Wireless Antenna
- Parabolic Grid Antenna
** Wireless Encryption
- Types of Wireless Encryption
- WEP Encryption
- How WEP Works?
- What is WPA?
- How WPA Works?
- Temporal Keys
- What is WPA2?
- How WPA2 Works?
- WEP vs. WPA vs. WPA2
- WEP Issues
- Weak Initialization Vectors (IV)
- How to Break WEP Encryption?
- How to Break WPA/WPA2 Encryption?
- How to Defend Against WPA Cracking?
** Wireless Threats
- Wireless Threats: Access Control Attacks
- Wireless Threats: Integrity Attacks
- Wireless Threats: Confidentiality Attacks
- Wireless Threats: Availability Attacks
- Wireless Threats: Authentication Attacks
- Rogue Access Point Attack
- Client Mis-association
- Misconfigured Access Point Attack
- Unauthorized Association
- Ad Hoc Connection Attack
- HoneySpot Access Point Attack
- AP MAC Spoofing
- Denial-of-Service Attack
- Jamming Signal Attack
- Wi-Fi Jamming Devices
** Wireless Hacking Methodology
- Wi-Fi Discovery
** Footprint the Wireless Network
** Attackers Scanning for Wi-Fi Networks
** Find Wi-Fi Networks to Attack
** Wi-Fi Discovery Tool: inSSIDer
** Wi-Fi Discovery Tool: NetSurveyor
** Wi-Fi Discovery Tool: NetStumbler
** Wi-Fi Discovery Tool: Vistumbler
** Wi-Fi Discovery Tool: WirelessMon
** Mobile-based Wi-Fi Discovery Tool
** Wi-Fi Discovery Tools
- GPS Mapping
** GPS Mapping Tool: WIGLE
** GPS Mapping Tool: Skyhook
** Wi-Fi Hotspot Finder: jiWire
** Wi-Fi Hotspot Finder: WeFi
** How to Discover Wi-Fi Network Using Wardriving?
- Wireless Traffic Analysis
** Wireless Cards and Chipsets
** Wi-Fi USB Dongle: AirPcap
** Wi-Fi Packet Sniffer: Wireshark with AirPcap
Wi-Fi Packet Sniffer: Cascade Pilot
** Wi-Fi Packet Sniffer: OmniPeek
** Wi-Fi Packet Sniffer: CommView for Wi-Fi
** What is Spectrum Analysis?
** Wi-Fi Packet Sniffers
- Launch Wireless Attacks
** Aircrack-ng Suite
** How to Reveal Hidden SSIDs
** Fragmentation Attack
** How to Launch MAC Spoofing Attack?
** Denial of Service: Deauthentication and Disassociation Attacks
** Man-in-the-Middle Attack
** MITM Attack Using Aircrack-ng
** Wireless ARP Poisoning Attack
** Rogue Access Point
** Evil Twin
** How to Set Up a Fake Hotspot (Evil Twin)?
- Crack Wi-Fi Encryption
** How to Crack WEP Using Aircrack?
** How to Crack WEP Using Aircrack? Screenshot 1/2
** How to Crack WEP Using Aircrack? Screenshot 2/2
** How to Crack WPA-PSK Using Aircrack?
** WPA Cracking Tool: KisMAC
** WEP Cracking Using Cain & Abel
** WPA Brute Forcing Using Cain & Abel
** WPA Cracking Tool: Elcomsoft Wireless Security Auditor
** WEP/WPA Cracking Tools
** Wireless Hacking Tools
- Wi-Fi Sniffer: Kismet
- Wardriving Tools
- RF Monitoring Tools
- Wi-Fi Traffic Analyzer Tools
- Wi-Fi Raw Packet Capturing and Spectrum Analyzing Tools
** Bluetooth Hacking
- Bluetooth Stack
- Bluetooth Threats
- How to BlueJack a Victim?
- Bluetooth Hacking Tool: Super Bluetooth Hack
- Bluetooth Hacking Tool: PhoneSnoop
- Bluetooth Hacking Tool: BlueScanner
- Bluetooth Hacking Tools
** Counter-measures
- How to Defend Against Bluetooth Hacking?
- How to Detect and Block Rogue AP?
- Wireless Security Layers
- How to Defend Against Wireless Attacks?
** Wireless Security Tools
- Wireless Intrusion Prevention Systems
- Wireless IPS Deployment
- Wi-Fi Security Auditing Tool: AirMagnet WiFi Analyzer
- Wi-Fi Security Auditing Tool: AirDefense
- Wi-Fi Security Auditing Tool: Adaptive Wireless IPS
- Wi-Fi Security Auditing Tool: Aruba RFProtect WIPS
- Wi-Fi Intrusion Prevention System
- Wi-Fi Predictive Planning Tools
- Wi-Fi Vulnerability Scanning Tools
** Wi-Fi Pen Testing
- Wireless Penetration Testing
- Wireless Penetration Testing Framework
- Wi-Fi Pen Testing Framework
- Pen Testing LEAP Encrypted WLAN
- Pen Testing WPA/WPA2 Encrypted WLAN
- Pen Testing WEP Encrypted WLAN
- Pen Testing Unencrypted WLAN

Module 16: Hacking Mobile Platforms
** Mobile Platform Attack Vectors
- Mobile Threat Report Q2 2012
- Terminology
- Mobile Attack Vectors
- Mobile Platform Vulnerabilities and Risks
- Security Issues Arising from App Stores
- Threats of Mobile Malware
- App Sandboxing Issues
** Hacking Android OS
- Android OS
- Android OS Architecture
- Android Device Administration API
- Android Vulnerabilities
- Android Rooting
- Rooting Android Phones using SuperOneClick
- Rooting Android Phones Using Superboot
- Android Rooting Tools
- Session Hijacking Using DroidSheep
- Android-based Sniffer: FaceNiff
- Android Trojan: ZitMo (ZeuS-in-the-Mobile)
- Android Trojan: GingerBreak
- Android Trojan: AcnetSteal and Cawitt
- Android Trojan: Frogonal and Gamex
- Android Trojan: KabStamper and Mania
- Android Trojan: PremiumSMS and SmsSpy
- Android Trojan: DroidLive SMS and UpdtKiller
- Android Trojan: FakeToken
- Securing Android Devices
- Google Apps Device Policy
- Remote Wipe Service: Remote Wipe
- Android Security Tool: DroidSheep Guard
- Android Vulnerability Scanner: X-Ray
- Android Penetration Testing Tool: Android Network Toolkit - Anti
- Android Device Tracking Tools
** Hacking iOS
- Security News
- Apple iOS
- Jailbreaking iOS
- Types of Jailbreaking
- Jailbreaking Techniques
- App Platform for Jailbroken Devices: Cydia
- Jailbreaking Tools: Redsn0w and Absinthe
- Tethered Jailbreaking of iOS 6 Using RedSn0w
- Jailbreaking Tools: Sn0wbreeze and PwnageTool
- Jailbreaking Tools: LimeRa1n and Jailbreakme.com
- Jailbreaking Tools: Blackra1n and Spirit
- Guidelines for Securing iOS Devices
- iOS Device Tracking Tools
** Hacking Windows Phone OS
- Windows Phone 8
- Windows Phone 8 Architecture
- Secure Boot Process
- Windows Phone 8 Vulnerabilities
- Guidelines for Securing Windows OS Devices
** Hacking BlackBerry
- BlackBerry Operating System
- BlackBerry Enterprise Solution Architecture
- Blackberry Attack Vectors
- Malicious Code Signing
- JAD File Exploits and Memory/ Processes Manipulations
- Short Message Service (SMS) Exploits
- Email Exploits
- PIM Data Attacks and TCP/IP Connections Vulnerabilities
- Telephony Attacks
- Blackberry Spyware: FinSpy Mobile
- BlackBerry Router Protocol
- Guidelines for Securing BlackBerry Devices
** Mobile Device Management (MDM)
- MDM Logical Architecture
- MDM Solution: MaaS360 Mobile Device Management (MDM)
- MDM Solutions
** Mobile Security Guidelines and Tools
- General Guidelines for Mobile Platform Security
- Mobile Device Security Guidelines for Administrator
- Mobile Protection Tool: BullGuard Mobile Security
- Mobile Protection Tool: Lookout
- Mobile Protection Tool: WISeID
- Mobile Protection Tools
** Mobile Pen Testing
- Android Phone Pen Testing
- iPhone Pen Testing
- Windows Phone Pen Testing
- BlackBerry Pen Testing

Module 17: Evading IDS, Firewalls, and Honeypots
** IDS, Firewall and Honeypot Concepts
- Intrusion Detection Systems (IDS) and their Placement
- How IDS Works?
- Ways to Detect an Intrusion
- Types of Intrusion Detection Systems
- System Integrity Verifiers (SIV)
- General Indications of Intrusions
- General Indications of System Intrusions
- Firewall
- Firewall Architecture
- DeMilitarized Zone (DMZ)
- Types of Firewall
- Packet Filtering Firewall
- Circuit-Level Gateway Firewall
- Application-Level Firewall
- Stateful Multilayer Inspection Firewall
- Firewall Identification: Port Scanning
- Firewall Identification: Firewalking
- Firewall Identification: Banner Grabbing
- Honeypot
- Types of Honeypots
- How to Set Up a Honeypot?
** IDS, Firewall and Honeypot System
- Intrusion Detection Tool: Snort
- How Snort Works
- Snort Rules
- Snort Rules : Rule Actions and IP Protocols
- Snort Rules : The Direction Operator and IP Addresses
- Snort Rules : Port Numbers
- Intrusion Detection Systems: Tipping Point
- Intrusion Detection Tools
- Firewall: ZoneAlarm PRO Firewall
- Firewalls
- Honeypot Tool: KFSensor
- Honeypot Tool: SPECTER
- Honeypot Tools
** Evading IDS
- Insertion Attack
- Evasion
- Denial-of-Service Attack (DoS)
- Obfuscating
- False Positive Generation
- Session Splicing
- Unicode Evasion Technique
- Fragmentation Attack
- Overlapping Fragments
- Time-To-Live Attacks
- Invalid RST Packets
- Urgency Flag
- Polymorphic Shellcode
- ASCII Shellcode
- Application-Layer Attacks
- Desynchronization - Pre Connection SYN
- Desynchronization - Post Connection SYN
- Other Types of Evasion
** Evading Firewalls
- IP Address Spoofing
- Source Routing
- Tiny Fragments
- Bypass Blocked Sites Using IP Address in Place of URL
- Bypass Blocked Sites Using Anonymous Website Surfing Sites
- Bypass a Firewall using Proxy Server
- Bypassing Firewall through ICMP Tunneling Method
- Bypassing Firewall through ACK Tunneling Method
- Bypassing Firewall through HTTP Tunneling Method
- Bypassing Firewall through External Systems
- Bypassing Firewall through MITM Attack
** Detecting Honeypots
- Detecting Honeypots
- Honeypot Detecting Tool: Send-Safe Honeypot Hunter
** Firewall Evading Tools
- Firewall Evasion Tool: Traffic IQ Professional
- Firewall Evasion Tool: tcp-over-dns
- Firewall Evasion Tools
- Packet Fragment Generators
** Countermeasures
** Penetration Testing
- Firewall/IDS Penetration Testing
- Firewall Penetration Testing
- IDS Penetration Testing

Module 18: Buffer Overflow
** Buffer Overflow Concepts
- Buffer Overflows
- Why Are Programs and Applications Vulnerable to Buffer Overflows?
- Understanding Stacks
- Stack-Based Buffer Overflow
- Understanding Heap
- Heap-Based Buffer Overflow
- Stack Operations
- Shellcode
- No Operations (NOPs)
** Buffer Overflow Methodology
- Knowledge Required to Program Buffer Overflow Exploits
- Buffer Overflow Steps
- Attacking a Real Program
- Format String Problem
- Overflow using Format String
- Smashing the Stack
- Once the Stack is smashed...
** Buffer Overflow Examples
- Simple Uncontrolled Overflow
- Simple Buffer Overflow in C: Code Analysis
- Exploiting Semantic Comments in C (Annotations)
- How to Mutate a Buffer Overflow Exploit?
** Buffer Overflow Detection
- Identifying Buffer Overflows
- How to Detect Buffer Overflows in a Program?
- Testing for Heap Overflow Conditions: heap.exe
- Steps for Testing for Stack Overflow in OllyDbg Debugger
- Testing for Stack Overflow in OllyDbg Debugger
- Testing for Format String Conditions using IDA Pro
- BoF Detection Tool: Immunity CANVAS
- BoF Detection Tools
** Buffer Overflow Counter-measures
- Defense Against Buffer Overflows
- Preventing BoF Attacks
- Programming Countermeasures
- Data Execution Prevention (DEP)
- Enhanced Mitigation Experience Toolkit (EMET)
- EMET System Configuration Settings
- EMET Application Configuration Settings
** Buffer Overflow Security Tools
- /GS Microsoft ? Official Home Page
- BoF Security Tool: BufferShield
- BoF Security Tools
** Buffer Overflow Penetration Testing

Module 19: Cryptography
** Cryptography Concepts
- Cryptography
- Types of Cryptography
- Government Access to Keys (GAK)
** Encryption Algorithms
- Ciphers
- Advanced Encryption Standard (AES)
- Data Encryption Standard (DES)
- RC4, RC5, RC6 Algorithms
- The DSA and Related Signature Schemes
- RSA (Rivest Shamir Adleman)
- Example of RSA Algorithm
- The RSA Signature Scheme
- Message Digest (One-way Hash) Functions
- Message Digest Function: MD5
- Secure Hashing Algorithm (SHA)
- What is SSH (Secure Shell)?
** Cryptography Tools
- MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
- Cryptography Tool: Advanced Encryption Package
- Cryptography Tool: BCTextEncoder
- Cryptography Tools
** Public Key Infrastructure(PKI)
- Public Key Infrastructure (PKI)
- Certification Authorities
** Email Encryption
- Digital Signature
- SSL (Secure Sockets Layer)
- Transport Layer Security (TLS)
** Disk Encryption
- Disk Encryption Tool: TrueCrypt
- Disk Encryption Tool: GiliSoft Full Disk Encryption
- Disk Encryption Tools
** Cryptography Attacks
- Code Breaking Methodologies
- Brute-Force Attack
- Meet-in-the-Middle Attack on Digital Signature Schemes
** Cryptanalysis Tools
- Cryptanalysis Tool: CrypTool
- Cryptanalysis Tools
- Online MD5 Decryption Tool

IronmanX

Module 20: Penetration Testing
** Pen Testing Concepts
- Security Assessments
- Security Audit
- Vulnerability Assessment
- Limitations of Vulnerability Assessment
- Introduction to Penetration Testing
- Penetration Testing
- Why Penetration Testing?
- Comparing Security Audit, Vulnerability Assessment, and Penetration Testing
- What should be tested?
- What Makes a Good Penetration Test?
- ROI on Penetration Testing
- Testing Points
- Testing Locations
** Types of Pen Testing
- Types of Penetration Testing
- External Penetration Testing
- Internal Security Assessment
- Black-box Penetration Testing
- Grey-box Penetration Testing
- White-box Penetration Testing
- Announced / Unannounced Testing
- Automated Testing
- Manual Testing
** Pen Testing Techniques
- Common Penetration Testing Techniques
- Using DNS Domain Name and IP Address Information
- Enumerating Information about Hosts on Publicly-Available Networks
** Pen Testing Phases
- Phases of Penetration Testing
- Pre-Attack Phase: Define Rules of Engagement (ROE)
- Pre-Attack Phase: Understand Customer Requirements
- Pre-Attack Phase: Create a Checklist of the Testing Requirements
- Pre-Attack Phase: Define the Pen-Testing Scope
- Pre-Attack Phase: Sign Penetration Testing Contract
- Pre-Attack Phase: Sign Confidentiality and Non-Disclosure (NDA) Agreements
- Pre-Attack Phase: Information Gathering
- Attack Phase
- Activity: Perimeter Testing
- Enumerating Devices
- Activity: Acquiring Target
- Activity: Escalating Privileges
- Activity: Execute, Implant, and Retract
- Post-Attack Phase and Activities
- Penetration Testing Deliverable Templates
** Pen Testing Roadmap
- Penetration Testing Methodology
- Application Security Assessment
- Web Application Testing - I
- Web Application Testing - II
- Web Application Testing - III
- Network Security Assessment
- Wireless/Remote Access Assessment
- Wireless Testing
- Telephony Security Assessment
- Social Engineering
- Testing Network-Filtering Devices
- Denial of Service Emulation
** Outsourcing Pen Testing Services
- Outsourcing Penetration Testing Services
- Terms of Engagement
- Project Scope
- Pentest Service Level Agreements
- Penetration Testing Consultants
"


I was very happy with my course. Did I get questioned on every thing in my 130 question exam... No.
Class size was small. 5 students. We each had 2 physical boxes and multiple VMs. We attacked each other (including the instructor) and had a rather good time.


***Sorry for the long posts.

IronmanX

colemic wrote: »

Does the OSCP market itself as making you an expert, and have mastered hacking technologies, like the CEH does? I've never even looked into this cert, but I am pretty sure it doesn't.

Yes your correct.
CEH says: "Think Like a Hacker
To beat a hacker, you need to think like one! This is exactly what this class will teach you. It is the pinnacle of the most desired information security training program any information security professional will ever want to be in. To master the hacking technologies, you will need to become one."

SANS GPEN says "You will bring comprehensive penetration testing and ethical hacking know-how back to your organization."

OSCP says "The OSCP certification, in my opinion, proves that it’s holder is able to identify vulnerabilities, create and modify exploit code, exploit hosts, and successfully preform tasks on the compromised systems over various operating systems."

colemic

And therein lies my point - all of that crammed into 5 days is nothing more than an introduction. 20 modules/5 days = 4 modules/day. Conservatively estimating 50 items per modules in a 12-hour class = 3 hours/module. 180 minutes/50 = roughly THREE MINUTES per topic. At best. By no known definition does that make you anything more than familiar with basic concepts and terminology. Certainly not qualified (IMO) to perform pentests or anything even remotely related to that, and anyone who thinks that equates to two years of work experience is beyond delusional.

It is a introductory cert. Period.

IronmanX

colemic wrote: »

And therein lies my point - all of that crammed into 5 days is nothing more than an introduction. 20 modules/5 days = 4 modules/day. Conservatively estimating 50 items per modules in a 12-hour class = 3 hours/module. 180 minutes/50 = roughly THREE MINUTES per topic. At best. By no known definition does that make you anything more than familiar with basic concepts and terminology. Certainly not qualified (IMO) to perform pentests or anything even remotely related to that, and anyone who thinks that equates to two years of work experience is beyond delusional.

It is a introductory cert. Period.

I have over 11 years of experience. I didn't take the course to by-pass the 2 year requirement. I was the only one in the class planning on taking the exam (My employer doesn't care about any certs). One other guy said he may take it.

Many of those topics can be covered at a very high level. The instructor picked and choose which lab exercises we did with a "if your finish that early try these ones. Or if you want to stay late you should try these ones".


Anyone: What is the offensive security certified professional course like? Kali Linux has a ton of tools included.
Kali Linux Tools Listing | Penetration Testing Tools
There has to be like 300 tools there.

ramrunner800

gespenstern wrote: »

I would respectfully suggest to skip reading it then. Other people may find factual information described in here valuable.



Clearly not everybody, there are some objections as you can easily see.

I can guess where they come from. Some people may have invested in this cert and expect returns. Undermining this cert (that's what I'm doing here) clearly undermines their prospects and may even have financial impact. That can make people angry and try to shut down this thread. I hope that it's not true in your case. I would suggest them not to store all eggs in a single basket and not to stick to a cert that is connected to cases of unprofessional behavior, plagiarism, poor quality, poor security and so on.

After all, it's society's obligation to push certification authorities to meet some standards if they aren't able to do it themselves. EC-Council may change and these criticisms could be used to address their issues.



Not likely, I'm pretty old, not emotional.



PM them. They may show up and ban me and delete this thread. No big deal, it would mean that I just don't belong here as being arrogant and hysterical and harsh truth isn't welcome. Instead, atmosphere of being polite towards nearly fraudulent certs is what is welcome. After all, the certs allow people here to get past HR filters and therefore they are good no matter what and should be respected, aren't they?

Please understand that my issue is not with what you have to say, people are free to come in here and discuss, and reasonable people can disagree on things. My issue is with the manner in which you are doing it. Nobody else here is swearing at other members, or throwing personal attacks. You are certainly being uncivil. Honestly, I tell most people that EC Council is a DoD sponsored scam, but you are so extreme that I somehow find myself arguing for it just because you're too extreme. In any disagreement there is always room for being civil and polite, but perhaps you're a neckbeard who truly lacks that ability.

gespenstern

ramrunner800 wrote: »

Please understand that my issue is not with what you have to say, people are free to come in here and discuss, and reasonable people can disagree on things. My issue is with the manner in which you are doing it. Nobody else here is swearing at other members, or throwing personal attacks. You are certainly being uncivil.

I'm not denying that in one particular case I was rude towards IronmanX. Are there any other people who were victims of my personal attacks? Any personal uncivil attacks in main post? I don't think so, but I may have missed something.

Regarding IronmanX, I felt my words were more or less appropriate in this situation because it was IronmanX who set the tone by suggesting that I'm lying about my pass of this exam and that explains why I'm bashing it. It is insulting, because, first off, I'm an honest person and second, it was an attempt to explain my actions with foul motives. My actions are dictated by my wish to protect the profession (which I clearly expressed twice in the main post) and not by trying to disregard the cert because I've failed to get it. Accusation of being a liar is a serious thing for me, at least, much more serious than anything etiquette related. I'm not anonymous here, everybody can see my real name and linkedin profile, while IronmanX is completely anonymous, and yet, he decided to make bold accusations towards a real person while hiding behind his anonymity. And other minor things like trying to disprove facts and experiences with his personal views, "feeling sorry" for my English, trying to mentor me on DNS attacks, etc. So I felt myself in position to retaliate and use same tone towards him. He doesn't seem to consider such an approach as inappropriate, so who cares?

Now I feel that my reputation is okay, at least, no sane person will think that I'm a liar. And I don't care much about people thinking about my politeness. I remain polite as long as I'm not accused of lying, etc. I always think that harsh truth is better than polite lies. So I stopped replying to his messages in order not to escalate this after addressing accusation & other stuff.

While IronmanX's reputation, on the other hand, has suffered a bit, I think, because he has made a bold accusation, but wasn't able to back it up, among other things... Just wondering, have you noticed IronmanX's uncivil behavior?

Anyways, I feel that I explained myself here and I'm getting back to main theme discussion instead of discussing persons and won't get back to this... unless someone tries to frame me as a liar, of course.

PC509

colemic wrote: »

I don't hate the cert. I am very annoyed that it is hyped as everything BUT an introductory exam. It is what it is. I don't lose sleep over it.

I guess that the definition of introductory exam needs to be explained. Network+ is definitely an introductory exam. I wouldn't call the CCENT an intro exam, though. But, going with Cisco, it is. Security+ would be the intro exam, with the CEH as the next step. My thoughts, of course. It's not very high on the list, but it's not the intro course, IMO. Maybe I'm thinking of it more of a step ladder and not just a knowledge level.

IronmanX

gespenstern wrote: »

"Regarding IronmanX, I felt my words were more or less appropriate in this situation because it was IronmanX who set the tone by suggesting
that I'm lying about my pass of this exam and that explains why I'm bashing it. It is insulting, because, first off, I'm an honest person
and second, it was an attempt to explain my actions with foul motives. My actions are dictated by my wish to protect the profession
(which I clearly expressed twice in the main post) and not by trying to disregard the cert because I've failed to get it.
Accusation of being a liar is a serious thing for me, at least, much more serious than anything etiquette related.
I'm not anonymous here, everybody can see my real name and linkedin profile, while IronmanX is completely anonymous, and yet, he decided
to make bold accusations towards a real person while hiding behind his anonymity. And other minor things like trying to disprove facts
and experiences with his personal views, "feeling sorry" for my English, trying to mentor me on DNS attacks, etc. So I felt myself in
position to retaliate and use same tone towards him. He doesn't seem to consider such an approach as inappropriate, so who cares?"

me:"The original post is a little hard to read through, although i believe the poster did say at one point English is not his first language.
The original poster is coming off as being a little sour. He has said numerous times he has passed, although I'm thinking he didn't pass
and is now bashing it (many comments from the OP about don't work for a company who thinks this cert holds value.)."
^I apologize for insinuating that you didn't pass. I'll have to check the check some on the bottom of the sheet to make sure its not doctored (joking I believe you. A joke in reference to the Edward Snowden passport that was the only passport supposedly leaked (i believe).

Me:"EC Council has its problems for sure. If the original poster speaks English as a second language and took the test in English I feel sorry for him."
^That is a jab at EC Council and not you. As most people know from reading constructive reviews of the CEH exam the questions are not that well written or grammically correect. This is generally explained by it being an international cert and questons not be translated to english properly.



Me: "The original poster is coming off as being a little sour. He has said numerous times he has passed, although I'm thinking he didn't"
^Coming of as a little sour in an understatement. Some one else posted that the post came across as being hysterical and another said your post goes pretty overboard. There really wasn't any constructive reasons given for why you are so upset about EC Council. What are people to think are your reasons behind " Undermining this cert (that's what I'm doing here)"?




Your critisim:
"cert is more or less a joke"
"kind of" legit "
"certain indications pointing an independent examiner to a conclusion that EC-Council is at least unprofessional, or, straight up disrespectful towards examinees and industry."
"some respected professionals disdain it and your reputation may suffer if you brag about having this cert in front of them."
"I'm more concerned about profession here "
"their web-site was hacked and defaced twice in recent years and probably personal information of candidates was stolen."
....Skipping 10 paragrphas of problems with the testing centre that you said you "played a dumb guy" (*not an insult you said it at one point) to see how it would go for others.
"I passed it without preparation after I noticed that I get high percentage of correct answers on cccure in CEH after spending half a year for CISSP preparation. "
...another paragraph about testing centre stuff...
"And yet, being that lame, this exam requires you to pay $600 to challenge it."
"I'd say it is 10 times higher than I would pay if I knew everything that I've written here before engaging".
"In the end, I'd like to say that exam is too easy and those who passed it shouldn't really be considered as hackers in any respected way. I'd say that it gives you "certified ethical script kiddie" label, or C|ESK"
" I really felt myself pissed off when I stared at some of the questions on exam, they really suck in both wording and logic."
"Overall, I regret going through all of this "
"I write this in order to advance and protect the profession"
"certified ethical hacker is more of bragging than being really a hacker and whole idea behind this cert start looking more as a fraud, more like a disguise. That's something not honest and not a true representation."
"(CEH) Name says that you are probably more bold than you may really be and that can lead to consequences when you can't fulfill, can't do what you are expected to because people from outside thought more of your capabilities based purely on the cert name."
"I hope someone from DoD reads this forum periodically and this post may serve as an additional argument in revising these competency policies"
"I feel myself obliged to go to HR and inform them specifically that this cert should be considered"
"I have hard times convincing myself to work for companies who are blind and deaf to proven industry best practices and I just keep thinking to myself well, yeah, you are the next sony/target/anthem cause you can't tell what's wrong and what's right"
"your degrees should be named like 'marketing gosu' or 'criminal justice genius' and awarded by a sh!tty 3rd world overpriced university from overseas with flawed procedure and irrelevant and poorly worded study materials and exam."
"Why do we have so many 'passed CEH, excited!' threads in here and 'CEH is a BS' threads are so rare?"
"Happy HR has a simple dumb criterion to filter out the crowd"
" the only side that suffers here is the industry as a whole and profession because in reality this cert is a BS and doesn't live up to the hype"
"Look closely to your questions on exam and see if they are okay and then share your experience."
"(I had) several so-so (exam questions) and two that were straight-forward BS"
" I just knew what I'm supposed to choose there but in reality I wouldn't justify such questions cause they aren't based on best practices or some rationale and other questions were either typos or misunderstanding"
"That's not true. (I response to "nobody is hiring a CEH thinking they're getting hacker. Everyone knows they're getting an entry level person with basic security knowledge.")
"straight up stupid questions that I can't share..."
"I had hard times taking this exam seriously and did virtually no preparation (never opened Conrad, AIO, did zero labs, etc),"
"questions about outdated Blackberry hacking tools or some nmap switches that I don't use often"
"using this cert as a requirement puts a shade on DoD HR practices "
"this cert and certification body are FLAWED and the cert doesn't live up to its hype and should be disregarded by InfoSec community because of it being unprofessional and undervaluing profession."
"This cert is over-promising and under-delivering"
"It is an entry level at best and it is spoiled by the hype."
" Undermining this cert (that's what I'm doing here)"


In all that I have a hard time finding factual critisism about why you hate it so much. I see a lot of subjective critisism "lame" "hyped" "over hyped" "stupid" "spoiled by the hype" "a joke" "unprofessional" "disrespectful" "too easy" "CEH is just bragging" "sh!tty 3rd world overpriced university" "marketing gosu (guru??)" "CEH is a BS" etc....

How do you expect people to take this as a factual post and not an emotional post?
You state its over hyped serveral times but then say "I had hard times taking this exam seriously and did virtually no preparation (never opened Conrad, AIO, did zero labs, etc)," I don't get it. If it was over hyped to you (subjective) then you would have tried hard to pass, no?

IronmanX

PC509 wrote: »

I guess that the definition of introductory exam needs to be explained. Network+ is definitely an introductory exam. I wouldn't call the CCENT an intro exam, though. But, going with Cisco, it is. Security+ would be the intro exam, with the CEH as the next step. My thoughts, of course. It's not very high on the list, but it's not the intro course, IMO. Maybe I'm thinking of it more of a step ladder and not just a knowledge level.

That is just it. Intro, Intermittent, Expert level certs are all subjective.
CEH is a step above certs like Security+, GSEC, other general basic security policy and procedure certifications. However its lower then OSCP, so most people place it in the middle category.

colemic

I don't see it as a step above Security+ or GSEC, if you can take a 2-week crash course and pass it. Hence I think it is introductory.

IronmanX

colemic wrote: »

I don't see it as a step above Security+ or GSEC, if you can take a 2-week crash course and pass it. Hence I think it is introductory.

The course is actually 1 week.
You can take a 1 week CISSP crash/bootcamp course and pass.

RyujiYamazaki0r0chi

IMO, Security+ and CCNA Security will not land you a job if you are trying to get into Security. Only if you have some kind of professional experience and/or internship. CEH can get you a job without professional experience and/or internship in security. This is in term of those who are college grads or have been working in tech support or help desk.
For those already in the field, I cant say since I am not, it is not worthy in terms of increasing your knowledge and/or get better at what you do already. Only if, the job requires it. But, like i said, that is my opinion.

gespenstern

IronmanX wrote: »

I apologize for insinuating that you didn't pass.

Okay, I apologize for being rude towards you.

joshmadakor

IronmanX wrote: »

The course is actually 1 week.
You can take a 1 week CISSP crash/bootcamp course and pass.

While anything is possible, I don't believe this is true for the majority of people.

Robertf969

I took a two week course and passed, then again the 7 years of experience and indepented study may have helped

colemic

IronmanX wrote: »

The course is actually 1 week.
You can take a 1 week CISSP crash/bootcamp course and pass.

Then how is that not introductory? It's regurgitating simple knowledge, with no application/analysis/understanding needed.

IronmanX

colemic wrote: »

Then how is that not introductory? It's regurgitating simple knowledge, with no application/analysis/understanding needed.

All of the training courses are about 1 week (SANS, EC-Council, Offensive Security).

What makes them not introductory is the assumption of already knowing certain information going in.

I found that the CEH exam regurgitating simple/advance knowledge was of no help. As the Matt Walker books point out the key to success is ruling out the wrong answers. I was stressed during the exam as many questions where coming out of no where, I never seen them covered. I was trying to plan how i would study for attempt number 2 during the exam and got even more stressed by realizing there was no good way. The questions where from all realms of security the only way would be experience.

I ended up scoring a decent score but i did not feel all that confident through out most of the exam. If I would have failed I probably would have been pretty sour about the exam, however I now chalk up all the questions out of no where as making sure cert holders have a few years of experience and are not just regurgitating flag options on 300 different tools.

jvrlopez

Never really had a warm fuzzy anytime when interacting with EC-Council.

After submitting and paying for the experience waiver on CEH, my application just sat there. Numerous emails went unanswered. I finally called and when asked, was told, "Oh, it was approved 10 days ago, we're just waiting for the $500 cost to be paid." Geez, thanks to the lack of automation, my application just sat around for 10 days and I was never notified.

When I completed my CPEs to renew CEH, my new expiration date changed from 08/2016 to 12/2014!!! When I emailed EC Council about this, they replied, "Hi, thank you for completing the CPE process. Your new expiration date is now 08/2014." Totally avoided my question and just stated what their records were showing.

I didn't feel that the test had much to do with hacking. It was more of a review of tools and methodologies. Luckily I don't have to pay for annual maintenance of the cert. I'll let it expire whenever it is set to lapse. I'd check but the Delta is gone and Aspen doesn't work for me.

colemic

You would be the exception on this then, it's one reason that this exam is braindumped so much - it's rote memorization.

IronmanX wrote: »

All of the training courses are about 1 week (SANS, EC-Council, Offensive Security).

What makes them not introductory is the assumption of already knowing certain information going in.

I found that the CEH exam regurgitating simple/advance knowledge was of no help. As the Matt Walker books point out the key to success is ruling out the wrong answers. I was stressed during the exam as many questions where coming out of no where, I never seen them covered. I was trying to plan how i would study for attempt number 2 during the exam and got even more stressed by realizing there was no good way. The questions where from all realms of security the only way would be experience.

I ended up scoring a decent score but i did not feel all that confident through out most of the exam. If I would have failed I probably would have been pretty sour about the exam, however I now chalk up all the questions out of no where as making sure cert holders have a few years of experience and are not just regurgitating flag options on 300 different tools.

@Javi I haven't logged into there in close to a year. Too screwy to use. And it's not like they can't afford to put a quality system in place, as much as they are making on the exam. Besides that, when I took it, there was no maintenance fee, I believe there is now - that's a HELL NO. Not the terms I agreed to.