ceh v8 pms v2 - s se · cehv8 module 16 hacking mobile platforms demonstrates how to protect your...
TRANSCRIPT
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
CEHv8Product Marketing Presentation
Engineered by Hackers. Presented by Professionals.
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Presentation Flow
Threat Landscape
Cost of Information Security Breaches
Demand for InfoSec Professionals
What is New in CEHv8
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
According to McAfee Q4 2012 report, the number of mobile malware samples discovered by McAfee Labs in 2012 was 44 times the number found in 2011, meaning 95 percent of all mobile malware samples appeared in the last year alone
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
New Malware - 2012
http://www.mcafee.com
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
Q12010
Q22010
Q32010
Q42010
Q12011
Q32011
Q22011
Q42011
Q12012
Q22012
Q32012
According to McAfee Threats Report, Cybercrime malware exhibits far different behaviors than Stuxnet, Duqu, or Shamoon because the goals of the attackers are different
Cybercrime malware seeks profit and (for the most part) stealth; Stuxnet and Duqu are concerned with sabotage and espionage; and Shamoon sows chaos and destruction
CEHv8 Module 06 Trojans and Backdoors andModule 07 Viruses and Wormsdemonstrates how to protect your information systems against malware attacks
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
According to McAfee Q4 2012 report , one of the biggest breaches this quarter affected the South Carolina Department of Revenue, whose website was hacked.
More than 6.4 million citizens were affected
CEHv8 Module 12 Hacking Webservers, and Module 13 Hacking Web Applications demonstrates how to protect your web infrastructure against various web defacement and data breaches
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Percent of Breaches that Remains Undiscovered for Months or more - 2012
60%
50%
40%
30%
70%
2008 2009 2010 2011 2012
67%
55%
44% 41%
55%
http://www.verizonbusiness.com
According to Verizon 2012 Data Breach Investigations Report, 42% of breaches in 2011 were contained in within days compared 34% in 2010
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
In 2012, Facebook had been attacked by the Ramnit worm and passwords of over 45,000 users had been stolen
2012-13 Hacking Trends
Ramnit steals user names, passwords, browser cookies and can also function as a backdoor, allowing a hacker to do other malicious actions on an infected computer. It spread through social networks.
CEHv8 Module 05 System Hacking, Module 06 Trojans and Backdoors, Module 07 Viruses and Worms and Module 09 Social Engineering demonstrates how worms spread and how to protect your systems from such attacks
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
In 2013 February, Facebook reported that it was the target of another ‘sophisticated attack’ that targeted employees visiting a mobile developer website that had been compromised. The attack used a zero‐day exploit to bypass the Java sandbox
2012-13 Hacking Trends
Mobile User
Attacker
Third Party App Store
Official App Store
Mobile App No Vetting
Malicious app sends sensitive data to attacker
Call logs/photo/videos/sensitive docs
CEHv8 Module 16 Hacking Mobile Platforms demonstrates how to protect your systems from mobile‐based attack vectors
In 2013, The same zero‐day Java vulnerability that was used on Facebook was also injected into an iOS developer website and used to target Microsoft
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
In 2012, Microsoft’s online store in India was temporarily hacked by the Chinese hacker group, Evil Shadow Team
2012-13 Hacking Trends
CEHv8 Module 12 Hacking Webservers, and Module 13 Hacking Web Applications demonstrates how to protect your online stores from attacks
Evil Shadow Team defaced Microsoft Store page, Users of Microsoft Store in India have been advised to change their passwords on the site as soon as it comes back online
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
In November 2012, NBC television network’s websites were hacked resulting in dead pages while others failed to work properly
2012-13 Hacking Trends
CEHv8 Module 05 System Hacking, Module 06 Trojans and Backdoors, Module 07 Viruses and Worms, Module 09 Social Engineering, Module 12 Hacking Webservers, and Module 13 Hacking Web Applications demonstrates how how to protect your information systems from such attacks
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
In 2013, Twitter’s own systems were hacked in early February. attackers may have had access to usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users
2012-13 Hacking Trends
CEHv8 Module 05 System Hacking, Module 12 Hacking Webservers, and Module 13 Hacking Web Applications demonstrates how to protect your online stores from attacks
Did you know that this attack have exploited Java plug‐ins inside their browsers, as the technology has been labeled highly vulnerable to malicious software attacks
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
2012-13 Hacking Trends
In February 2013, Evernote reported that hackers had managed to gain access to Evernote’s user information, which includes usernames, email address associated with the Evernote accounts and encrypted passwords
Evernote UserDatabase
Attacker
Cloud Storage
Malicious Webserver
User
User click on Malicious links send by attacker Attacker send spams to user
Passwords, Credit card details, etc.
CEHv8 Module 05 System Hacking, Module 06 Trojans and Backdoors, Module 07 Viruses and Worms and Module 09 Social Engineering demonstrates how worms spread and how to protect your systems from such attacks
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Exploitation of default or guessable credentials
Use of stolen login Credentials
Brute force and dictionary attacks
Exploitation of backdoor command and control channel
Exploitation of insufficient authentication (e.g., no login required)
SQl injection
Remote file inclusion
Abuse of functionality
Unknown
55%
40%
29%
25%
6%
3%
1%
3%
4%http://www.verizonbusiness.com
According to Verizon 2012 Data Breach Investigations Report, some techniques, varieties such as abuse of functionality, were responsible for significant amounts of compromised records in one or two incidents
Hacking Methods by Percent of Breaches Within Hacking – 2012
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
US Universities
Command and Control Center
RAT Trojan sends confidential information to attackers
Remote Access Trojans (RAT) are installed on The Times computers
Botnet in China
The New York Times Network
Chinese Attackers
How the Hack Worked?
The hackers set a Command and Control center which in turn infects a large number of machines to create a Botnet, the army of infected computers, used to attack other targets. To run their Times spying campaign, the attackers used a number of compromised computer systems registered to universities in North Carolina, Arizona, Wisconsin and New Mexico. Using university computers as proxies and switching IP addresses were simply efforts to hide the source of the attacks
CEHv8 Module 05 and 10 demonstrates how to protect your information systems against these attacks
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Need for Vigilance on Mobile Devices
http://www.mcafee.com
The Android platform remains the largest target for both mobile malware and spyware
The volume of mobile threats is growing much faster than it did for PCs
0
5000
10000
15000
20000
25000
2004 2005 2006 2007 2008 2009 2010 2011 2012
Total Mobile Malware in the Database
Android Java MESymbian Others
80%
Total Mobile Malware by Platform
CEHv8 Module 16 demonstrates how to protect your mobile devices against these attacks
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Did you know that this attack exploited system vulnerabilities to steal millions of data records. CEHv8 Module 10 demonstrates how to protect your web sites against these attacks
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Threat Action Categories by Percent of Breaches and Percent of Records - 2012
Malware
Hacking
Social
Misuse
Physical
Error
62%
28%/97%
58%/99%
22%/38%
7%/<1%
17%/<1%
7%/<1%
http://www.verizonbusiness.com
855 incidents, 174 million compromised records
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Presentation Flow
Threat Landscape
Cost of Information Security Breaches
Demand for InfoSec Professionals
What is New in CEHv8
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Spider.io, a security researcher, 'Chameleon Botnet' takes $6-million-a-month in ad money. The botnet has targeted at least 202 Web sites that serve 14 billion ad impressions. The botnet apparently accounted for 9 billion of them
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
2012 Norton Cybercrime Report
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
$‐
$1,000,000
$2,000,000
$3,000,000
$4,000,000
$5,000,000
$6,000,000
$7,000,000
UK AU JP DE US
$8,000,000
$9,000,000
$10,000,000
Total Cost of Cyber Crime in Five Countries - 2012
$3,252,912 $3,386,201
$5,154,447 $5,950,725
$8,933,510
Cost expressed in US dollars, n = 199 separate companies
According to PonemonInstitute Research Report on the estimated average cost of cyber crime, the US sample reports the highest total average cost at $8.9 million
http://cyberintegrity.files.wordpress.com
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
The botnets have targeted at least 202 Web sites, hitting them with as little as 9 billion ad impressions. The sites themselves are receiving 14 billion ad impressions, meaning the majority are coming from the botnet
But here's the crux of the issue: advertisers are paying the sites 69 cents per thousand ad impressions, believing that they're legitimate. The Chameleon botnet, therefore, is able to siphon $6 million per month in cash from the advertisers
CEHv8 Module 10 demonstrates how to protect your information systems against Botnets attacks
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Presentation Flow
Threat Landscape
Cost of Information Security Breaches
Demand for InfoSec Professionals
What is New in CEHv8
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
The Pentagon plans to dramatically boost the ranks of U.S. cybersecurityforces, expanding its number of cyber warriors more than five-fold, the
Washington Post reported Sunday. But that strategy immediately confronts a critical shortage of those with the required skills
http://www.huffingtonpost.com
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Demand For IT Security ExpertsOutstrips Supply
11:14, 07 March 13
Employers will pay more for certified ‐‐ and experienced –IT security pros, studies find Demand for information security experts in the United States is outstripping the available supply by a widening margin, according to a pair of recently‐released reports.
A report from Burning Glass Technologies, which develops technologies designed to match people with jobs, shows that demand for cybersecurity professionals over the past five years grew 3.5 times faster than demand for other IT jobs and about 12 times faster than for all other jobs.
In 2012, there were more than 67,400 separate postings for cyber security‐related jobs in a range of industries, including defense, financial services, retail, healthcare and professional services. The 2012 total is 73% higher than the number of security jobs posted in 2007, Burning Glass said.
http://news.techworld.com
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Need for ‘Cyber Warriors’ Grows in Military, Private Sector
October 19, 2012
http://www.globalresearch.ca
The Department of Defense reports an average of 6 million cyber intrusionattempts or attacks a day, and says demand for cyber operators has neverbeen higher. To respond to these threats, the Pentagon plans to expand itsranks beyond the 900 cyber warfare operators in U.S. CyberCommand.
The Center for Cyber Research expects to educate up to 1,000 studentsevery year within the next few years, up from about 700 now, according toRichard A. Raines, the center’s director before he departed recently to workfor the Oak Ridge National Laboratory in Tennessee.
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Security News
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Security News
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Security News
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
IT Staff Shortages Raise Cyber Crime Risk
http://news.sky.com
The lack of skilled workers is hampering Britain's ability to protect itself from costly internet attacks, according to spending watchdog the National Audit Office.The number of IT and cyber security professionals in the UK has not increased in line with the growth of the internet and it could take two decades to fill the gap, the NAO said.Government, education and business representatives have told the NAO the country lacks technical skills and the current pipeline of graduates will not meet demand.The cost of cyber crime to Britain is currently thought to be up to £27bn a year.NAO head Amyas Morse said: "The threat to cyber security is persistent and continually evolving."Business, government and the public must constantly be alert to the level of risk if they are to succeed in detecting and resisting the threat of cyber attack."
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Salary Trends
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Presentation Flow
Threat Landscape
Cost of Information Security Breaches
Demand for InfoSec Professionals
What is New in CEHv8
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
ITS NOT ABOUT WHAT YOU KNOW | ITS ABOUT
WHAT YOU CAN DO WITH WHAT YOU KNOW
Introducing CEHv8
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
What is CEHv8?
CEHv8 is a comprehensive ethical hacking and information systems security auditing program focusing on latest security threats, advanced attack vectors and practical real time demonstration of latest hacking techniques, methodologies, tools, tricks and security measures
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
More technical depth of the content with an emphasis on vulnerability assessment, risk assessment, penetration testing and system protection
Courseware is developed by subject matter experts from all over the world and are constantly updated to ensure that the students are exposed to the latest advances in the space
What is CEHv8?
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
All CEHv8 members will be accredited under the ANSI’s personal certification program
What is New in CEHv8?
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
What is New in CEHv8?
ANSI Accredited Exam Process
ANSI/ISO/IEC 17024High quality certification exam
Standard exam development process
Imparts high value of our certifications
1 2
3 4
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
What is New in CEHv8?
ANSI Accredited Exam Development Process
1. Objective Domain Definition
2. Job Analysis
4. Exam Item Writing
6. Scheme Committee Approval
7. Publish BETA exam
8. Exam Evaluation
9. Launch Final exam
5. Standard Setting
3. Scheme Committee Approval
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Compliance to National Initiative for Cybersecurity Education (NICE)
100 percent mapping to NICE Protect and Defend specialty area
Skills and job roles based learning
Standard-based training modules
Better industry acceptance
What is New in CEHv8?
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Compliance to National Initiative For Cybersecurity Education (NICE)
CEH Eco-system
The new CEHv8 completely map to National Initiative for Cybersecurity Education (NICE) framework ‐ NICE's speciality area category 'Protect and Defend'
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
What is New in CEHv8?
Standard based required training for network security professionals
Recognition by National Security Agency (NSA) and the Committee on National Security Systems (CNSS)
Better industry acceptance
CNSS 4013 Recognition
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
The United States of America Department of Defense issued
Directive 8570 in 2004 to mandate baseline certifications for all Information Assurance “IA” positions
CND Analyst
CND Infrastructure
Support
CND Incident
Responder
CND Auditor
In February of 2010, this directive was enhanced to include the Certified Ethical Hacker across the Computer Network Defense Categories “CND”
CEH is a part of:
What is New in CEHv8?
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
What is New in CEHv8?
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
New Attack Vectors are Evolving
Focus is shifting to mobile platformsEnterprises are working with mobile workforce
Evolution of New Operating Systems and Technologies
Windows 8 and Windows Server 2012Android 4.1 Jelly Beans and iOS 6
Skill-based Learning Via Lab is in
DemandOrganizations are looking for professional who are proficient in performing certain tasks
Standards and Compliance Focus
Provide a baseline for InfoSec educationProvides consistency across key skill areas and job roles
Why Should You Move to CEHv8?
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Advanced Hacking Concepts
Expert Training on Advanced Concepts
Compliance Management
Comprehensive Application Security
Advanced Hacking Concepts
Backup, Recovery and Continuity ManagementAccess Control and IS SecurityTesting, Validation and Auditing of Information SystemIS Accreditation and Certification
Advanced Network Packet AnalysisSecuring IIS and Apache Web ServersWindows System Administration using PowershellHacking SQL and Oracle DatabasesAdvanced Log Management for Information Assurance
Hacking Mobile Devices And SmartphonesCorporate EspionageWriting Virus CodesExploit WritingReverse Engineering
Secure Application Development with .NETSecure Application Development with ASPSecure Application Development with JavaSecure Coding in XML
CEHv8
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Emphasis on Mobile Platforms and Tablet Computers
CEHv8 focuses on the latest hacking attacks targeted to mobile platform and tablet computers and covers countermeasures to secure mobile infrastructure
Coverage of latest development in mobile and web technologies including Andriod OS 4.1 and Apps, iOS 6 and Apps, BlackBerry 7 OS, Windows Phone 8 and HTML 5
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
State of the Art Integrated Labs
Labs will be presented as a part of large case study
CEHv8 will come with more realistic hack websites to practice the learning
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Latest Operating Systems (Windows 8 and Windows Server 2012)
CEH v8 program focuses on addressing security issues to the latest operating systems including Windows 8 and Windows Server 2012
It also focuses on addressing the existing threats to operating environments dominated by Windows 7 and other operating systems (backward compatibility)
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Advanced Lab Environment
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Cloud-based Lab Environment: iLabs
EC‐Council iLabs provides a complete back‐end management system to automatically build, configure, and then teardown our lab environments
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
iLabs Advantage
Student Benefits Instructor/ATC benefits
Fully Automated Lab Environment
Unlimited Access over Subscription Term
Simple clientless connection through web browser
Fully loaded with Backtrack, Windows Server 2012 64‐bit, Server 2008 64‐bit, Windows 7 all Operating Systems
Save‐State Technology enabled
Labs @ HOME!
No more difficult Lab Setup
No Software licensing Fees
No Hardware to maintain
Full Controls to reset or re‐spin systems live
Instant recovery
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Data Breach Investigations ReportEssential TerminologiesElements of Information SecurityTop Information Security Attack VectorsMotives, Goals, and Objectives of Information Security AttacksInformation Security ThreatsInformation WarfareIPv6 Security ThreatsHacking vs. Ethical HackingEffects of Hacking on BusinessWho Is a Hacker?Hacking PhasesTypes of Attacks on a SystemWhy Ethical Hacking is NecessarySkills of an Ethical HackerIncident Management ProcessTypes of Security PoliciesVulnerability ResearchWhat Is Penetration Testing?
Data Breach Investigations Report
Essential Terminologies
Elements of Information Security
Effects of Hacking on Business
Who Is a Hacker?
Hacking Phases
Types of Attacks on a System
Why Ethical Hacking is Necessary
Skills of an Ethical Hacker
Vulnerability Research
What Is Penetration Testing?
The topics highlighted in red under CEHv8 Module 01: Introduction to Ethical Hacking are the new additions
Module Comparison of CEHv8 with CEHv7
CEHv7 Module 01: Introduction to Ethical Hacking CEHv8 Module 01: Introduction to Ethical Hacking
Hacking refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to the system resources
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
Footprinting TerminologiesWhat Is Footprinting?Objectives of FootprintingFootprinting ThreatsFootprinting through Search EnginesWebsite FootprintingEmail FootprintingCompetitive IntelligenceFootprinting Using GoogleWHOIS FootprintingDNS FootprintingNetwork FootprintingFootprinting through Social EngineeringFootprinting through Social Networking SitesFootprinting ToolsFootprinting CountermeasuresFootprinting Pen Testing
The topics highlighted in red under CEHv8 Module 02: Footprinting and Reconnaissance are the new additions
CEHv7 Module 02: Footprinting and Reconnaissance CEHv8 Module 02: Footprinting and Reconnaissance
Footprinting refers to uncovering and collecting as much information as possible about a target network, for identifying various ways to intrude into an organization’s network system
Footprinting TerminologiesWhat Is Footprinting?Objectives of FootprintingFootprinting ThreatsFootprinting through Search EnginesWebsite FootprintingEmail FootprintingCompetitive IntelligenceFootprinting Using GoogleWHOIS FootprintingDNS FootprintingNetwork FootprintingFootprinting ToolsFootprinting CountermeasuresFootprinting Pen Testing
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
Overview of Network ScanningCEH Scanning MethodologyChecking for Live SystemsScanning IPv6 NetworkScanning TechniquesIDS Evasion TechniquesBanner GrabbingVulnerability ScanningDrawing Network DiagramsProxy ChainingHTTP Tunneling TechniquesSSH TunnelingAnonymizersIP Spoofing Detection TechniquesScanning CountermeasuresScanning Pen TestingLatest Network Scanning Tools Added6 more Labs Added
The topics highlighted in red under CEHv8 Module 03: Scanning Networks are the new additions
CEHv7 Module 03: Scanning Networks CEHv8 Module 03: Scanning Networks
Overview of Network ScanningCEH Scanning MethodologyChecking for Live SystemsScanning TechniquesIDS Evasion TechniquesBanner GrabbingVulnerability ScanningDrawing Network DiagramsProxy ChainingHTTP Tunneling TechniquesSSH TunnelingAnonymizersIP Spoofing Detection TechniquesScanning CountermeasuresScanning Pen Testing
Network scanning refers to a set of procedures for identifying hosts, ports, andservices in a network
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
What Is Enumeration?Techniques for EnumerationServices and Ports to EnumerateNetBIOS EnumerationEnumerate Systems Using Default PasswordsSNMP EnumerationWorking of SNMPUNIX/Linux EnumerationLDAP EnumerationNTP EnumerationSMTP EnumerationDNS EnumerationEnumeration CountermeasuresEnumeration Pen TestingLatest Enumeration Tools Added1 more Lab Added
The topics highlighted in red under CEHv8 Module 04: Enumeration are the new additions
CEHv7 Module 04: Enumeration CEHv8 Module 04: Enumeration
What Is Enumeration?Techniques for EnumerationNetBIOS EnumerationEnumerate Systems Using Default PasswordsSNMP EnumerationUNIX/Linux EnumerationLDAP EnumerationNTP EnumerationSMTP EnumerationDNS EnumerationEnumeration CountermeasuresEnumeration Pen Testing
In the enumeration phase, attacker creates active connections to system and performs directed queries to gain more information about the target
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
System Hacking: GoalsCEH Hacking Methodology (CHM)Password CrackingStealing Passwords Using KeyloggersMicrosoft AuthenticationHow to Defend against Password CrackingPrivilege EscalationTypes of Privilege EscalationExecuting ApplicationsMethodology of Attacker in using Remote KeyloggerTypes of Keystroke Loggers and SpywaresAnti‐Keylogger and Anti‐SpywaresVarious methods to place a rootkitDetecting RootkitsNTFS Stream ManipulationApplication of steganographyClassification of SteganographyAudio Steganography MethodsIssues in Information hidingSteganalysis Methods/Attacks on SteganographyDetecting Text, Image, Audio, and Video SteganographyCovering TracksPenetration Testing
The topics highlighted in red under CEHv8 Module 05 System Hacking are the new additions
Module Comparison of CEHv8 with CEHv7
CEHv7 Module 05 System Hacking CEHv8 Module 05 System Hacking
System Hacking: GoalsCEH Hacking Methodology (CHM)Password CrackingMicrosoft AuthenticationHow to Defend against Password CrackingPrivilege EscalationTypes of Privilege EscalationExecuting ApplicationsTypes of Keystroke Loggers and SpywaresAnti‐Keylogger and Anti‐SpywaresDetecting RootkitsNTFS Stream ManipulationClassification of SteganographySteganalysis Methods/Attacks on SteganographyCovering TracksPenetration Testing
Password cracking techniques are used to recover passwords from computer systems
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
What Is a Trojan?What Do Trojan Creators Look ForIndications of a Trojan AttackCommon Ports used by TrojansHow to Infect Systems Using a TrojanDifferent Ways a Trojan can Get into a SystemHow to Deploy a TrojanTypes of TrojansTrojan AnalysisHow to Detect TrojansTrojan CountermeasuresTrojan Horse Construction KitAnti‐Trojan SoftwarePen Testing for Trojans and BackdoorsLatest Trojan Detection Tools Added2 more Labs Added
The topics highlighted in red under CEHv8 Module 06: Trojans and Backdoors are the new additions
CEHv7 Module 06: Trojans and Backdoors CEHv8 Module 06: Trojans and Backdoors
It is a program in which the malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and cause damage, such as ruining the file allocation table on your hard disk
What Is a Trojan?What Do Trojan Creators Look ForIndications of a Trojan AttackCommon Ports used by TrojansHow to Infect Systems Using a TrojanDifferent Ways a Trojan can Get into a SystemHow to Deploy a TrojanTypes of TrojansHow to Detect TrojansTrojan CountermeasuresTrojan Horse Construction KitAnti‐Trojan SoftwarePen Testing for Trojans and Backdoors
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
Introduction to VirusesStages of Virus LifeWorking of VirusesCommon Techniques Used to Distribute Malware on the WebIndications of Virus AttackHow does a Computer Get Infected by VirusesVirus AnalysisTypes of VirusesVirus MakerComputer WormsWorm AnalysisWorm MakerMalware Analysis ProcedureOnline Malware Analysis ServicesVirus Detection MethodsVirus and Worms CountermeasuresAntivirus ToolsPenetration Testing for Virus
The topics highlighted in red under CEHv8 Module 07: Viruses and Worms are the new additions
CEHv7 Module 07: Viruses and Worms CEHv8 Module 07: Viruses and Worms
A virus is a self‐replicating program that produces its own code by attaching copies of itself into other executable codes
Introduction to VirusesStages of Virus LifeWorking of VirusesIndications of Virus AttackHow does a Computer Get Infected by VirusesTypes of VirusesVirus MakerComputer WormsWorm AnalysisWorm MakerMalware Analysis ProcedureOnline Malware Analysis ServicesVirus and Worms CountermeasuresAntivirus ToolsPenetration Testing for Virus
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
Packet SniffingSniffing ThreatsTypes of Sniffing AttacksHardware Protocol AnalyzersIPv6 AddressesMAC FloodingHow DHCP WorksRogue DHCP Server AttackARP Spoofing TechniquesARP Poisoning ToolsHow to Defend Against ARP PoisoningSpoofing Attack ThreatsMAC Spoofing TechniqueIRDP SpoofingHow to Defend Against MAC SpoofingDNS Poisoning TechniquesHow to Defend Against DNS SpoofingSniffing ToolsSniffer Detection TechniqueSniffing Pen Testing
The topics highlighted in red under CEHv8 Module 08: Sniffing are the new additions
CEHv7 Module 08: Sniffers CEHv8 Module 08: Sniffing
Packet sniffing is a process of monitoring and capturing all data packets passing through a given network using software (application) or hardware device
Packet SniffingSniffing ThreatsTypes of Sniffing AttacksHardware Protocol AnalyzersMAC FloodingHow DHCP WorksRogue DHCP Server AttackARP Spoofing TechniquesARP Poisoning ToolsHow to Defend Against ARP PoisoningSpoofing Attack ThreatsHow to Defend Against MAC SpoofingDNS Poisoning TechniquesHow to Defend Against DNS SpoofingSniffing ToolsSniffing Pen Testing
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
What Is Social Engineering?Factors that Make Companies Vulnerable to AttacksWarning Signs of an AttackPhases in a Social Engineering AttackCommon Targets of Social EngineeringHuman‐based Social EngineeringComputer‐based Social EngineeringMobile‐based Social EngineeringMobile‐based Social Engineering Using SMSSocial Engineering Through Impersonation on Social Networking SitesIdentify TheftSocial Engineering CountermeasuresHow to Detect Phishing EmailsIdentity Theft CountermeasuresSocial Engineering Pen TestingSocial Engineering Toolkit
The topics highlighted in red under CEHv8 Module 09: Social Engineering are the new additions
CEHv7 Module 09: Social Engineering CEHv8 Module 09: Social Engineering
What Is Social Engineering?Factors that Make Companies Vulnerable to AttacksWarning Signs of an AttackPhases in a Social Engineering AttackCommon Targets of Social EngineeringHuman‐based Social EngineeringComputer‐based Social EngineeringSocial Engineering Through Impersonation on Social Networking SitesIdentify TheftSocial Engineering CountermeasuresHow to Detect Phishing EmailsIdentity Theft CountermeasuresSocial Engineering Pen Testing
Social engineering is the art of convincing people to reveal confidential information
Social engineers depend on the fact that people are unaware of their valuable information and are careless about protecting it
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
What Is a Denial of Service Attack?What Are Distributed Denial of Service Attacks?Symptoms of a DoS AttackDoS Attack TechniquesBotnetBotnet EcosystemBotnet TrojansDDoS Attack ToolsDoS Attack ToolsDetection TechniquesDoS/DDoS CountermeasureTechniques to Defend against BotnetsAdvanced DDoS Protection AppliancesDenial of Service (DoS) Attack Penetration TestingLatest DDoS and DoS attack tools addedLatest DoS/DDoS Protection Tools added
The topics highlighted in red under CEHv8 Module 10: Denial‐of‐Service are the new additions
CEHv7 Module 10: Denial of Service CEHv8 Module 10: Denial‐of‐Service
What Is a Denial of Service Attack?What Are Distributed Denial of Service Attacks?Symptoms of a DoS AttackDoS Attack TechniquesBotnetBotnet EcosystemDDoS Attack ToolsDoS Attack ToolsDetection TechniquesDoS/DDoS CountermeasureTechniques to Defend against BotnetsAdvanced DDoS Protection AppliancesDenial of Service (DoS) Attack Penetration Testing
Denial of Service (DoS) is an attack on a computer or network that prevents legitimate use of its resources
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
What Is Session Hijacking?Why Session Hijacking Is Successful?Key Session Hijacking TechniquesBrute Forcing AttackSession Hijacking ProcessTypes of Session HijackingApplication Level Session HijackingSession SniffingMan‐in‐the‐Middle AttackNetwork Level Session HijackingTCP/IP HijackingSession Hijacking ToolsProtecting against Session HijackingIPsec ArchitectureSession Hijacking Pen TestingLatest Session Hijacking Tools Added
The topics highlighted in red under CEHv8 Module 11: Session Hijacking are the new additions
CEHv7 Module 11: Session Hijacking CEHv8 Module 11: Session Hijacking
What Is Session Hijacking?Why Session Hijacking Is Successful?Key Session Hijacking TechniquesBrute Forcing AttackSession Hijacking ProcessTypes of Session HijackingApplication Level Session HijackingSession SniffingMan‐in‐the‐Middle AttackNetwork Level Session HijackingTCP/IP HijackingSession Hijacking ToolsProtecting against Session HijackingIPsec ArchitectureSession Hijacking Pen Testing
Session Hijacking refers to the exploitation of a valid computer session where an attacker takes over a session between two computers
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
IIS Webserver ArchitectureWhy Web Servers are Compromised?Impact of Webserver AttacksWebserver AttacksWebserver Attack MethodologyWebserver Attack ToolsMetasploit ArchitectureWeb Password Cracking ToolCountermeasuresHow to Defend Against Web Server AttacksHow to Defend against HTTP Response Splitting and Web Cache PoisoningPatch ManagementPatch Management ToolsLatest Webserver Security Tools AddedLatest Webserver Pen Testing Tools AddedWebserver Pen Testing
The topics highlighted in red under CEHv8 Module 12: Hacking Webservers are the new additions
CEHv7 Module 12: Hacking Webservers CEHv8 Module 12: Hacking Webservers
IIS Webserver ArchitectureWhy Web Servers are Compromised?Impact of Webserver AttacksWebserver AttacksWebserver Attack MethodologyWebserver Attack ToolsMetasploit ArchitectureWeb Password Cracking ToolCountermeasuresHow to Defend Against Web Server AttacksPatch ManagementPatch Management ToolsWebserver Pen Testing
Web server pen testing is used to identify, analyze, and report vulnerabilities such as authentication weaknesses, configuration errors, protocol related vulnerabilities, etc. in a web server
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
How Web Applications WorkWeb Attack VectorsWeb Application ThreatsWeb App Hacking MethodologyFootprint Web InfrastructureHacking Web ServersAnalyze Web ApplicationsAttack Authentication MechanismAttack Authorization SchemesSession Management AttackAttack Data ConnectivityAttack Web App ClientAttack Web ServicesLatest Web Application Hacking ToolsCountermeasuresLatest Web Application Security Tools AddedWeb Application FirewallWeb Application Pen Testing
The topics highlighted in red under CEHv8 Module 13: Hacking Web Applications are the new additions
CEHv7 Module 13: Hacking Web Applications CEHv8 Module 13: Hacking Web Applications
Web applications provide an interface between end users and web servers through a set of web ages that are generated at the server end or contain script code to be executed dynamically within the client web browser
How Web Applications WorkWeb Attack VectorsWeb Application ThreatsWeb App Hacking MethodologyFootprint Web InfrastructureHacking Web ServersAnalyze Web ApplicationsAttack Authentication MechanismAttack Authorization SchemesSession Management AttackAttack Data ConnectivityAttack Web App ClientAttack Web ServicesWeb Application Hacking ToolsCountermeasuresWeb Application Security ToolsWeb Application FirewallWeb Application Pen Testing
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
SQL InjectionSQL Injection AttacksSQL Injection DetectionSQL Injection Attack CharactersTesting for SQL InjectionTypes of SQL InjectionBlind SQL InjectionSQL Injection MethodologyAdvanced SQL InjectionBypass Website Logins Using SQL InjectionPassword GrabbingNetwork Reconnaissance Using SQL InjectionLatest SQL Injection Tools AddedEvasion TechniqueHow to Defend Against SQL Injection AttacksLatest SQL Injection Detection Tools Added2 more Labs Added
The topics highlighted in red under CEHv8 Module 14: SQL Injection are the new additions
CEHv7 Module 14: SQL Injection CEHv8 Module 14: SQL Injection
SQL Injection is the most common website vulnerability on the Internet. It is a flaw in Web Applicationsand not a database or web server issue
SQL InjectionSQL Injection AttacksSQL Injection DetectionSQL Injection Attack CharactersTesting for SQL InjectionTypes of SQL InjectionBlind SQL InjectionSQL Injection MethodologyAdvanced SQL InjectionPassword GrabbingNetwork Reconnaissance Using SQL InjectionSQL Injection Tools Evasion TechniqueHow to Defend Against SQL Injection AttacksSQL Injection Detection Tools
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
Types of Wireless NetworksWireless TerminologiesTypes of Wireless EncryptionHow to Break WEP EncryptionWireless ThreatsFootprint the Wireless NetworkMobile‐based Wi‐Fi Discovery ToolsGPS MappingWireless Traffic AnalysisWhat Is Spectrum Analysis?How to Reveal Hidden SSIDsCrack Wi‐Fi EncryptionLatest Wireless Hacking Tools AddedBluetooth HackingHow to BlueJack a VictimHow to Defend Against Wireless AttacksLatest Wireless Security Tools AddedWireless Penetration Testing1 more Lab Added
The topics highlighted in red under CEHv8 Module 15: Hacking Wireless Networks are the new additions
CEHv7 Module 15: Hacking Wireless Networks CEHv8 Module 15: Hacking Wireless Networks
Wi‐Fi is developed on IEEE 802.11 standards, and it is widely used in wireless communication. It provides wireless access to applications and data across a radio network.
Types of Wireless NetworksWireless TerminologiesTypes of Wireless EncryptionHow to Break WEP EncryptionWireless ThreatsFootprint the Wireless NetworkGPS MappingWireless Traffic AnalysisWhat Is Spectrum Analysis?How to Reveal Hidden SSIDsCrack Wi‐Fi EncryptionWireless Hacking ToolsBluetooth HackingHow to BlueJack a VictimHow to Defend Against Wireless AttacksWireless Security Tools Wireless Penetration Testing
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Mobile Attack Vectors
Mobile Platform Vulnerabilities and Risks
Android OS Architecture
Android Vulnerabilities
Android Trojans
Securing Android Devices
Jailbreaking iOS
Guidelines for Securing iOS Devices
Windows Phone 8 Architecture
Guidelines for Securing Windows OS Devices
Blackberry Attack Vectors
Guidelines for Securing BlackBerry Devices
Mobile Device Management (MDM)
General Guidelines for Mobile Platform Security
Mobile Protection Tools
Mobile Pen Testing
Module Comparison of CEHv8 with CEHv7
CEHv8 Module 16 Hacking Mobile Platforms is a new module which covers the following topics:
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
Ways to Detect an IntrusionTypes of Intrusion Detection SystemsGeneral Indications of IntrusionsFirewall ArchitectureTypes of FirewallFirewall IdentificationHow to Set Up a HoneypotLatest Intrusion Detection Tools AddedHow Snort WorksFirewallsLatest Honeypot Tools AddedEvading IDSEvading FirewallsDetecting HoneypotsLatest Firewall Evasion Tools AddedPacket Fragment GeneratorsCountermeasuresFirewall/IDS Penetration Testing1 more Lab Added
The topics highlighted in red under CEHv8 Module 17: Evading IDS, Firewalls, and Honeypots are the new additions
CEHv7 Module 16: Evading IDS, Firewalls, and Honeypots CEHv8 Module 17: Evading IDS, Firewalls, and Honeypots
An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network, to identify the possible violations of security policy, including unauthorized access, as well as misuse
Ways to Detect an IntrusionTypes of Intrusion Detection SystemsGeneral Indications of IntrusionsFirewall ArchitectureTypes of FirewallFirewall IdentificationHow to Set Up a HoneypotIntrusion Detection ToolsHow Snort WorksFirewallsHoneypot ToolsEvading IDSEvading FirewallsDetecting HoneypotsFirewall Evasion ToolsPacket Fragment GeneratorsCountermeasuresFirewall/IDS Penetration Testing
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
Heap‐Based Buffer OverflowWhy Are Programs and Applications Vulnerable to Buffer Overflows?Knowledge Required to Program Buffer Overflow ExploitsBuffer Overflow StepsOverflow Using Format StringBuffer Overflow ExamplesHow to Mutate a Buffer Overflow ExploitIdentifying Buffer OverflowsHow to Detect Buffer Overflows in a ProgramLatest BoF Detection Tools AddedDefense Against Buffer OverflowsProgramming CountermeasuresLatest Buffer Overflow Security Tools AddedBuffer Overflow Penetration Testing
The topics highlighted in red under CEHv8 Module 18: Buffer Overflow are the new additions
CEHv7 Module 17: Buffer Overflow CEHv8 Module 18: Buffer Overflow
Heap‐Based Buffer OverflowKnowledge Required to Program Buffer Overflow ExploitsBuffer Overflow StepsOverflow Using Format StringBuffer Overflow ExamplesHow to Mutate a Buffer Overflow ExploitIdentifying Buffer OverflowsHow to Detect Buffer Overflows in a ProgramBoF Detection ToolsDefense Against Buffer OverflowsBuffer Overflow Security ToolsBuffer Overflow Penetration Testing
A generic buffer overflow occurs when a program tries to store more data in a buffer than it was intended to hold
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
CryptographyEncryption AlgorithmsCiphersWhat Is SSH (Secure Shell)?Latest Cryptography Tools AddedPublic Key Infrastructure (PKI)Certification AuthoritiesDigital SignatureDisk EncryptionDisk Encryption ToolCryptography AttacksCode Breaking MethodologiesLatest Cryptanalysis Tools AddedOnline MD5 Decryption Tools2 more Labs Added
The topics highlighted in red under CEHv8 Module 19: Cryptography are the new additions
CEHv7 Module 18: Cryptography CEHv8 Module 19: Cryptography
Cryptography is the conversion of data into a scrambled code that is decrypted and sent across a private or public network
CryptographyEncryption AlgorithmsCiphersWhat Is SSH (Secure Shell)?Cryptography ToolsPublic Key Infrastructure (PKI)Certification AuthoritiesDigital SignatureDisk EncryptionDisk Encryption ToolCryptography AttacksCode Breaking MethodologiesCryptanalysis ToolsOnline MD5 Decryption Tools
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Module Comparison of CEHv8 with CEHv7
Security AssessmentsVulnerability AssessmentIntroduction to Penetration TestingComparing Security Audit, Vulnerability Assessment, and Penetration TestingWhat Should be Tested?ROI on Penetration TestingTypes of Penetration TestingCommon Penetration Testing TechniquesPre‐Attack PhaseAttack PhasePost‐Attack PhasePenetration Testing Deliverable TemplatesPen Testing RoadmapWeb Application TestingOutsourcing Penetration Testing Services
The topics highlighted in red under CEHv8 Module 20: Penetration Testing are the new additions
CEHv7 Module 19: Penetration Testing CEHv8 Module 20: Penetration Testing
Penetration testing assesses the security model of the organization as a whole
It reveals potential consequences of a real attacker breaking into the network
Security AssessmentsVulnerability AssessmentWhat Should be Tested?ROI on Penetration TestingTypes of Penetration TestingCommon Penetration Testing TechniquesPre‐Attack PhaseAttack PhasePost‐Attack PhasePenetration Testing Deliverable TemplatesPen Testing RoadmapWeb Application TestingOutsourcing Penetration Testing Services
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Visual Content Technology
CEHv8 courseware is enriched with stunning graphicsand animations to demonstrate various hacking concepts and techniques
Concepts are presented in an easy to understand manner with diagrammatic representation of various hacking concepts for a better understanding and learning experience
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Frankenstein System
CEHv8 comes with a mammoth Frankenstein system that provides instructors with an ease for searching, downloading and installing the latest hackingand penetration testing tools
This cloud‐based repository has grown multi‐folds with CEHv8 tools
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
New Contents
More than 40 percent new labsare added
More than 600 new instructor slides
More than 1500 new/updated tools
What is New in CEHv8?
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
CEHv8 Vs CEHv7
CEHv7 CEHv8Updated information as per the latest developments with a proper
flowClassroom friendly with diagrammatic representation of concepts
and attacksRobust best practices to follow to protect information systems
against various attacks
New and rich presentation style with eye catching graphics
Latest OS covered and a patched testing environment
Well tested, result oriented, descriptive and analytical lab manual to evaluate the presented concepts
19 Modules 20 Modules
90 Labs 110 Labs
1700 Slides 1770 Slides
Slides Only Slides with written text (Online)
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Summary of CEHv8 Key Focus Areas
1
2
4
3
5
6
7
8
9
10
11
13
12
14
15
Focus on Mobile Platforms and Tablet Computers Hacking
ANSI Accreditation
Compliance to National Initiative For Cybersecurity Education (NICE)
CNSS 4013 Endorsed
DOD 8570 Recognized
New Attack Vectors
Skill‐based Learning Via Lab is in Demand
Standards and Compliance Focus
State of the Art Integrated Labs
Latest Operating Systems (Windows 8 and Windows Server 2012)
Advanced Lab Environment
Cloud‐based Lab Environment: iLabs
Frankenstein System (For Instructors)
Latest Operating Environment includes Windows Server 2012 and Windows 8
Visual Content Technology
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Course Outline
Introduction to Ethical Hacking
Footprinting and
Reconnaissance
Scanning Networks Enumeration
System Hacking Trojans and Backdoors
Viruses and Worms Sniffing
Social Engineering
Denial‐of‐Service
Session Hijacking
Hacking Webservers
Hacking Web Applications SQL Injection
Hacking Wireless Networks
Hacking Mobile Platforms
Evading IDS, Firewalls, and Honeypots
Buffer Overflow Cryptography Penetration Testing
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Student Instructor Partners
Courseware
Tools DVD
Online Courseware
iLabs access (Based on subscription)
Instructor Slides
Instructor guide
Lab setup guide
DRM Access for CEH
Frankenstein access
Marketing Materials
Lab setup guide
What is in the Package?
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
DVD-ROM Content
CEHv8 DVD‐ROMs includes approximately 24 GBs of hacking tools
All the tools are categories according to courseware presentation
DVDs include white papers and reference material on various security concepts
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Number of Questions: 125
Passing Score: 70%
Test Duration: 4 Hours
Test Format: Multiple Choice
Test Delivery: Prometric Prime / VUE/APTC
The exam code varies when taken at different testing centers.
Exam 315‐50‐ANSI: Web based ‘Prometric Prime’ at Accredited Training Centers (ATC)
Exam 350CEHv8: Proctored test at Authorized Prometric Testing Centers (APTC) globally
Exam 312‐50v8: VUE Testing centers
Exam Info Exam Portaland Codes
Exam Info and Exam Portal
Copyright © by EC-Council. All Rights Reserved. Reproduction is Strictly Prohibited.
Thank You