Certified Ethical Hacking and

Security Professional

VS-1078

Certified Ethical Hacking and Security Professional

www.vskills.in

CCCCertified ertified ertified ertified Ethical Hacking and Security Ethical Hacking and Security Ethical Hacking and Security Ethical Hacking and Security

ProfessionalProfessionalProfessionalProfessional

Certification CodeCertification CodeCertification CodeCertification Code VS-1078

Vskills certification for Ethical Hacking and Security Professional assesses the candidate for

testing and managing company’s information security. The certification tests the candidates

on various areas in ethical hacking and security which includes knowledge of ethics and

countermeasures for attacks on system, network (wired and wireless), operating system

(Windows and Linux) and web based attacks.

WWWWhy should one take this certification?hy should one take this certification?hy should one take this certification?hy should one take this certification?

This Course is intended for professionals and graduates wanting to excel in their chosen

areas. It is also well suited for those who are already working and would like to take

certification for further career progression.

Earning Vskills Ethical Hacking and Security Professional Certification can help candidate

differentiate in today's competitive job market, broaden their employment opportunities by

displaying their advanced skills, and result in higher earning potential.

Who will benefit from taking this certification?Who will benefit from taking this certification?Who will benefit from taking this certification?Who will benefit from taking this certification?

Job seekers looking to find employment in IT or information security department of

various companies, students generally wanting to improve their skill set and make their CV

stronger and existing employees looking for a better role can prove their employers the

value of their skills through this certification

Test DetailsTest DetailsTest DetailsTest Details

• Duration:Duration:Duration:Duration: 60 minutes

• No. of questions:No. of questions:No. of questions:No. of questions: 50

• Maximum marks:Maximum marks:Maximum marks:Maximum marks: 50, Passing marks: 25 (50%)

There is no negative marking in this module.

FeFeFeFee Structuree Structuree Structuree Structure

Rs. 4,000/- (Includes all taxes)

Companies Companies Companies Companies that hire Vskills Certified that hire Vskills Certified that hire Vskills Certified that hire Vskills Certified Ethical Hacking and Security Ethical Hacking and Security Ethical Hacking and Security Ethical Hacking and Security

ProfessionalProfessionalProfessionalProfessional

Ethical Hacking and Security professionals are in great demand. Private and public

companies are constantly hiring knowledgeable professionals for their testing and

management of information security measures for a secured environment.

Certified Ethical Hacking and Security Professional

www.vskills.in

Table of Contents

1.1.1.1. IntroductionIntroductionIntroductionIntroduction 1.1 Ethical Hacking evolution and hacktivism 1.2 Need and technical terms 1.3 Skills needed and stages of hacking 2.2.2.2. EthicsEthicsEthicsEthics 2.1 Moral direction and hacker ethics principles 2.2 Security grey areas 2.3 Cyberlaws (IT Act, etc.) 3.3.3.3. Planning Planning Planning Planning 3.1 Maintain anonymity 3.2 Goal setting and target system identification 3.3 Structuring, executing and reporting penetration test 4.4.4.4. CryptographyCryptographyCryptographyCryptography 4.1 Evolution and data encryption methods 4.2 Symmetric and Asymmetric key Cryptography 4.3 Private and public key exchange 4.4 Secret key cryptography 4.5 Message Authentication and Hash functions 4.6 Digital Signatures and public key infrastructure 5.5.5.5. FootprintingFootprintingFootprintingFootprinting 5.1 Information gathering 5.2 DNS, whois and ARIN records 5.3 Using traceroute, e-mail and web spider tracing 6.6.6.6. Social EngineeringSocial EngineeringSocial EngineeringSocial Engineering 6.1 Concepts 6.2 Attack types (phishing, identity theft, URL obfuscation) 6.3 Social network and call center social engineering 7.7.7.7. Physical SecurityPhysical SecurityPhysical SecurityPhysical Security 7.1 Basics and need 7.2 Techniques employed (dumpster driving, smoking doors, etc.) 8.8.8.8. Network Network Network Network Scanning and EnumerationScanning and EnumerationScanning and EnumerationScanning and Enumeration 8.1 Scanning techniques (TCP scanning, ping sweep, OS fingerprinting, etc.) 8.2 Scanners and analyzers like Nmap, backtrack Linux, metasploit, etc. 8.3 HTTP tunneling and IP spoofing 8.4 Enumerating null sessions and SNMP enumeration

Certified Ethical Hacking and Security Professional

www.vskills.in

9.9.9.9. Network AttacksNetwork AttacksNetwork AttacksNetwork Attacks 9.1 TCP/IP packet formats and ports 9.2 Router, switch and firewall vulnerability and security 9.3 DoS, DDoS, session hijacking 10.10.10.10. Wireless NetworksWireless NetworksWireless NetworksWireless Networks 10.1 WEP, WPA authentication and WLAN discovery 10.2 Attack techniques like MAC spoofing, DoS, etc. 10.3 WLAN countermeasures 11.11.11.11. System HackingSystem HackingSystem HackingSystem Hacking 11.1 Password relevance, types and vulnerabilities 11.2 Spyware, root kit and steganography 11.3 Trojans, worms, backdoors and sniffers 12.12.12.12. Windows HackingWindows HackingWindows HackingWindows Hacking 12.1 Windows vulnerabilities 12.2 Null sessions, sharing, patches and NetBIOS 12.3 Windows memory protection, SEH and OllyDbg 13.13.13.13. Linux HackingLinux HackingLinux HackingLinux Hacking 13.1 Services and rhosts files 13.2 NFS and buffer overflow 13.3 Kernel patching 14.14.14.14. Web HackingWeb HackingWeb HackingWeb Hacking 14.1 SSH, FTP, telnet and E-mail attacks, and cache poisoning 14.2 Web server misconfiguration and password cracking 14.3 XSS, CSRF, SQL injection and man in middle attack 14.4 VoIP attacks like eavesdropping, DoS, etc. 15.15.15.15. Emerging TrendsEmerging TrendsEmerging TrendsEmerging Trends 15.1 Cloud security 15.2 Mobile security

Certified Ethical Hacking and Security Professional

www.vskills.in

Course OutlineCourse OutlineCourse OutlineCourse Outline

IntroductionIntroductionIntroductionIntroduction � Understanding the evolution of ethical hacking and emerging concept of hacktivism � Explaining the need for ethical hacking and technical terms associated with it. � Describing the skills needed for ethical hacking and the various stages of hacking EthicsEthicsEthicsEthics � Illustrating the moral direction and hacker ethics principles to follow � Detailing the security grey areas to be careful of and cyber laws as IT Act, etc. Planning Planning Planning Planning � Explaining the precautions for maintaining anonymity during hacking � Detailing the relevance of goal setting and target system identification for hacking � Describing the process of structuring, executing and reporting penetration test CryptographyCryptographyCryptographyCryptography � Illustrating the evolution of cryptography and different data encryption ciphers used � Detailing the concepts and techniques for symmetric and asymmetric key cryptography and private and public key exchange � Understanding the various techniques of secret key cryptography � Explaining the basics of message authentication, hash function, digital signature and public key infrastructure (PKI) FootprintingFootprintingFootprintingFootprinting � Understanding the importance and need for information gathering in hacking � Utilizing the DNS, whois and ARIN records for footprinting � Using traceroute, e-mail and web spider tracing tools to scan the target Social EngineeringSocial EngineeringSocial EngineeringSocial Engineering � Explaining the concepts of social engineering and � Describing the various attack types like phishing, identity theft, URL obfuscation, etc. for social engineering and using social network and call center for the same. Physical SecurityPhysical SecurityPhysical SecurityPhysical Security � Detailing the basics and need for physical security � Illustrating various techniques employed like dumpster driving, smoking doors etc. Network Network Network Network Scanning and EnumerationScanning and EnumerationScanning and EnumerationScanning and Enumeration � Understanding various scanning techniques like TCP scanning, ping sweep, OS fingerprinting, etc. and usage of scanners and analyzers tools for same � Explaining the concepts of HTTP tunneling and IP spoofing � Describing the method for enumerating null sessions and SNMP enumeration

Certified Ethical Hacking and Security Professional

www.vskills.in

Network AttacksNetwork AttacksNetwork AttacksNetwork Attacks � Understanding the various TCP/IP packet formats and ports used � Detailing vulnerabilities and security countermeasures for router, switch and firewall � Describing the concept of network attack like DoS, DDoS, session hijacking Wireless NetworksWireless NetworksWireless NetworksWireless Networks � Illustrating the concepts of WEP, WPA authentication and WLAN discovery � Describing the application of attack techniques like MAC spoofing, DoS, etc. � Explaining the various WLAN countermeasures to use against attacks System HackingSystem HackingSystem HackingSystem Hacking � Detailing the relevance, types and vulnerabilities of password � Explaining the concepts and application of spy ware, rootkit, steganography, trojans, worms, backdoors and sniffers Windows HackingWindows HackingWindows HackingWindows Hacking � Understanding the different vulnerabilities in windows operating system like null sessions, sharing, patches and NetBIOS � Describing windows memory protection, SEH and usage of OllyDbg for debugging Linux HackingLinux HackingLinux HackingLinux Hacking � Explaining the importance of services and rhosts files in Linux � Describing the vulnerabilities in NFS, buffer overflow and kernel patching Web HackingWeb HackingWeb HackingWeb Hacking � Illustrating the different attacks on SSH, FTP, telnet and E-mail and techniques for DNS and ARP cache poisoning � Understanding the Web server misconfiguration vulnerability � Explaining the techniques of web server password cracking, XSS, CSRF, SQL injection and man in middle attack � Describing the various VoIP attacks like eavesdropping, DoS, etc. EmergEmergEmergEmerging Trends ing Trends ing Trends ing Trends � Detailing emerging vulnerabilities and countermeasures for cloud and mobile security

Certified Ethical Hacking and Security Professional

www.vskills.in

Sample QuestionsSample QuestionsSample QuestionsSample Questions

1. 1. 1. 1. TheTheTheThe term DDoS expands to term DDoS expands to term DDoS expands to term DDoS expands to _______._______._______._______.

A. Divisive Denial of Service

B. Distributed Denial of Service

C. Detailed Denial of Service

D. None of the above

2222. The . The . The . The software Metasploit is used for _______.software Metasploit is used for _______.software Metasploit is used for _______.software Metasploit is used for _______.

A. Anti-virus

B. Vulnerability Assessment

C. Anti-malware

D. None of the above

3333. The . The . The . The term XSS refers toterm XSS refers toterm XSS refers toterm XSS refers to _______. _______. _______. _______.

A. eXtended Site Scripting

B. eXtreme Secured Services

C. Cross site scripting

D. None of the above

4444. The . The . The . The tool OllDbg is used for analyzing code for which operating system _______.tool OllDbg is used for analyzing code for which operating system _______.tool OllDbg is used for analyzing code for which operating system _______.tool OllDbg is used for analyzing code for which operating system _______.

A. Microsoft Windows

B. Linux

C. Macintosh

D. None of the above

5555. The . The . The . The operating system back track is used for operating system back track is used for operating system back track is used for operating system back track is used for _______._______._______._______.

A. Penetration testing

B. Virus scanning and removal

C. Malware scanning and removal

D. None of the above

Answers: 1 (B), 2 (B), 3 (C), 4 (A), 5 (A)