CEH v13 của EC Council sẽ được ra mắt vào ngày 23/9/2024 , để các bạn nắm bắt được những sự thay đổi của phiên bản CEH v12 và CEh v13, CEH VIETNAM cung cấp một tài liệu so sánh tổng quan như sau đây.
Ethical Hacking and Countermeasures
Tiêu chí CEHv12 CEHv13 Tổng số Module 20 20 Tổng số Slide 1676 1266 Tổng số Lab 220 91 Lab Cốt lõi + 130 Lab Tự học* Kỹ thuật Tấn công 519 550 Công nghệ Mới được Thêm vào MITRE ATT&CK Framework, Diamond Model of Intrusion Analysis, Kỹ thuật Thiết lập Tính Bền vững, Né tránh NAC và Bảo mật Endpoint, Fog Computing, Edge Computing, và Grid Computing Ethical Hacking Dựa trên AI, Tấn công Active Directory, Tấn công và Giảm thiểu Ransomware, AI và Machine Learning trong An ninh mạng, Thách thức Bảo mật IoT, Lỗ hổng Cơ sở Hạ tầng Quan trọng, Mối đe dọa Deepfake Hệ điều hành Sử dụng cho Lab Windows 11, Windows Server 2022, Windows Server 2019, Parrot Security, Android, Ubuntu Linux Windows 11, Windows Server 2022, Windows Server 2019, Parrot Security, Android, Ubuntu Linux Kỳ thi 125 Câu hỏi (MCQ) 125 Câu hỏi (MCQ) Thời gian Thi 4 Giờ 4 Giờ Phương thức Thi VUE / ECCEXAM VUE / ECCEXAM Tuân thủ NICE Final NICE 2.0 Framework Final NICE 2.0 Framework
Các lab tự học sẽ được cung cấp riêng như CEH Self Study Upgrade Lab Pack.
Tóm tắt Thay đổi CEHv13
Module 01: Introduction to Ethical Hacking bao gồm ethical hacking dựa trên AI trong CEHv13
Module 2: Footprinting and Reconnaissance đến Module 7: Malware Threats, Module 9: Social Engineering, và Module 13: Hacking Web Servers đến Module 15: SQL Injection đề cập đến các kỹ thuật tự động hóa hacking sử dụng AI trong CEHv13
Module 06: System Hacking bao gồm khai thác môi trường AD trong CEHv13.
Module 07: Malware Threats bao gồm phân tích malware cho các malware mới nhất trong CEHv13
Module 07: Malware Threats bao gồm các khái niệm malware dựa trên AI trong CEHv13
Module 09: Social Engineering bao gồm các cuộc tấn công deepfake trong CEHv13
Module 13: Hacking Web Servers bao gồm kiến trúc, lỗ hổng và hacking Apache, IIS, và NGINX trong CEHv13
Module 17: Hacking Mobile Platforms bao gồm phân tích các thiết bị Android và iOS trong CEHv13.
Module 19: Cloud Computing bao gồm các phần về hacking AWS, Azure, Google Cloud và container trong CEHv13
Module 20: Cryptography bao gồm các cuộc tấn công và rủi ro đối với Blockchain và điện toán lượng tử trong CEHv13
Cập nhật thông tin theo những phát triển mới nhất với luồng phù hợp
Bao gồm OS mới nhất và môi trường kiểm tra được vá lỗi
Tất cả ảnh chụp màn hình công cụ được thay thế bằng phiên bản mới nhất
Tất cả các slide liệt kê công cụ được cập nhật với các công cụ mới nhất
Tất cả các slide biện pháp đối phó được cập nhật
So sánh Module
CEHv12 CEHv13 Module 01: Introduction to Ethical Hacking Module 01: Introduction to Ethical Hacking Module 02: Footprinting and Reconnaissance Module 02: Footprinting and Reconnaissance Module 03: Scanning Networks Module 03: Scanning Networks Module 04: Enumeration Module 04: Enumeration Module 05: Vulnerability Analysis Module 05: Vulnerability Analysis Module 06: System Hacking Module 06: System Hacking Module 07: Malware Threats Module 07: Malware Threats Module 08: Sniffing Module 08: Sniffing Module 09: Social Engineering Module 09: Social Engineering Module 10: Denial-of-Service Module 10: Denial-of-Service Module 11: Session Hijacking Module 11: Session Hijacking Module 12: Evading IDS, Firewalls, and Honeypots Module 12: Evading IDS, Firewalls, and Honeypots Module 13: Hacking Web Servers Module 13: Hacking Web Servers Module 14: Hacking Web Applications Module 14: Hacking Web Applications Module 15: SQL Injection Module 15: SQL Injection Module 16: Hacking Wireless Networks Module 16: Hacking Wireless Networks Module 17: Hacking Mobile Platforms Module 17: Hacking Mobile Platforms Module 18: IoT and OT Hacking Module 18: IoT and OT Hacking Module 19: Cloud Computing Module 19: Cloud Computing Module 20: Cryptography Module 20: Cryptography
So sánh Nội dung Khóa học
Các ký hiệu được sử dụng:
Các điểm màu đỏ là nội dung mới trong CEHv13 (CEH VIETNAM sẽ dùng fotn chữ in đậm thay cho màu đỏ)
Các điểm màu xanh dương đã được sửa đổi đáng kể trong CEHv13 (CEH VIETNAM sẽ dùng font chữ in nghiêng thay cho màu xanh)
Các điểm bị gạch ngang đã bị loại bỏ khỏi CEHv12
CEHv12 CEHv13 Module 01: Introduction to Ethical Hacking Module 01: Introduction to Ethical Hacking Information Security Overview Information Security Overview ▪ Elements of Information Security ▪ Elements of Information Security ▪ Motives, Goals, and Objectives of Information Security Attacks ▪ Information Security Attacks: Motives, Goals, and Objectives ▪ Classification of Attacks o Motives (Goals) ▪ Information Warfare o Tactics, Techniques, and Procedures (TTPs) Hacking Methodologies and Frameworks o Vulnerability ▪ CEH Hacking Methodology (CHM) ▪ Classification of Attacks ▪ Cyber Kill Chain Methodology ▪ Information Warfare ▪ Tactics, Techniques, and Procedures (TTPs) Hacking Concepts ▪ Adversary Behavioral Identification ▪ What is Hacking? ▪ Indicators of Compromise (IoCs) ▪ Who is a Hacker? o Categories of Indicators of Compromise ▪ Hacker and their Motivations ▪ MITRE ATT&CK Framework Ethical Hacking Concepts ▪ Diamond Model of Intrusion Analysis ▪ What is Ethical Hacking? Hacking Concepts ▪ Why Ethical Hacking is Necessary ▪ What is Hacking? ▪ Scope and Limitations of Ethical Hacking ▪ Who is a Hacker? ▪ Skills of an Ethical Hacker ▪ Hacker Classes ▪ AI-Driven Ethical Hacking Ethical Hacking Concepts ▪ How AI-Driven Ethical Hacking Helps Ethical Hacker? ▪ What is Ethical Hacking? ▪ Myth: AI will Replace Ethical Hackers ▪ Why Ethical Hacking is Necessary ▪ ChatGPT-Powered AI Tools for Ethical Hackers ▪ Scope and Limitations of Ethical Hacking Hacking Methodologies and Frameworks ▪ Skills of an Ethical Hacker ▪ CEH Ethical Hacking Framework Information Security Controls ▪ Cyber Kill Chain Methodology ▪ Information Assurance (IA) o Tactics, Techniques, and Procedures (TTPs) ▪ Continual/Adaptive Security Strategy ▪ Adversary Behavioral Identification ▪ Defense-in-Depth ▪ Indicators of Compromise (IoCs)
Tiếp tục so sánh nội dung khóa học (biên soạn bởi CEH VIETNAM):
CEHv12 CEHv13 ▪ What is Risk? o Categories of Indicators of Compromise ▪ Risk Management ▪ MITRE ATT&CK Framework ▪ Cyber Threat Intelligence ▪ Diamond Model of Intrusion Analysis o Threat Intelligence Lifecycle Information Security Controls ▪ Threat Modeling ▪ Information Assurance (IA) ▪ Incident Management ▪ Continual/Adaptive Security Strategy o Incident Handling and Response ▪ Defense-in-Depth ▪ Role of AI and ML in Cyber Security ▪ What is Risk? o How Do AI and ML Prevent Cyber Attacks? ▪ Risk Management Information Security Laws and Standards ▪ Cyber Threat Intelligence ▪ Payment Card Industry Data Security Standard (PCI DSS) ▪ Threat Intelligence Lifecycle ▪ ISO/IEC 27001:2013 ▪ Threat Modeling ▪ Health Insurance Portability and Accountability Act (HIPAA) ▪ Incident Management ▪ Sarbanes Oxley Act (SOX) ▪ Incident Handling and Response ▪ The Digital Millennium Copyright Act (DMCA) ▪ Role of AI and ML in Cyber Security ▪ The Federal Information Security Management Act (FISMA) o How Do AI and ML Prevent Cyber Attacks? ▪ General Data Protection Regulation (GDPR) Information Security Laws and Standards ▪ Data Protection Act 2018 (DPA) ▪ Payment Card Industry Data Security Standard (PCI DSS) ▪ Cyber Law in Different Countries ▪ ISO/IEC Standards ▪ Health Insurance Portability and Accountability Act (HIPAA) ▪ Sarbanes Oxley Act (SOX) ▪ The Digital Millennium Copyright Act (DMCA) ▪ The Federal Information Security Management Act (FISMA) ▪ General Data Protection Regulation (GDPR) ▪ Data Protection Act 2018 (DPA) ▪ Cyber Law in Different Countries Module 02: Footprinting and Reconnaissance Module 02: Footprinting and Reconnaissance Footprinting Concepts Footprinting Concepts ▪ What is Footprinting? ▪ Reconnaissance ▪ Information Obtained in Footprinting o Types of Footprinting/Reconnaissance ▪ Footprinting Methodology ▪ Information Obtained in Footprinting Footprinting through Search Engines ▪ Objectives of Footprinting
Tiếp tục dịch so sánh nội dung khóa học (biên soạn bởi CEH VIETNAM):
CEHv12 CEHv13 ▪ Footprinting through Search Engines ▪ Footprinting Threats ▪ Footprint Using Advanced Google Hacking Techniques ▪ Footprinting Methodology ▪ Google Hacking Database Footprinting through Search Engines ▪ VPN Footprinting through Google Hacking Database ▪ Footprinting Using Advanced Google Hacking Techniques ▪ Other Techniques for Footprinting through Search Engines o What can a Hacker Do with Google Hacking? o Google Advanced Search o Footprinting Using Advanced Google Hacking Techniques with AI o Advanced Image Search o Google Hacking Database o Reverse Image Search ▪ VPN Footprinting through Google Hacking Database o Video Search Engines o VPN Footprinting through Google Hacking Database with AI o Meta Search Engines ▪ Footprinting through SHODAN Search Engine o FTP Search Engines ▪ Other Techniques for Footprinting through Search Engines o IoT Search Engines Footprinting through Internet Research Services Footprinting through Web Services ▪ Finding a Company’s Top-Level Domains (TLDs) and Sub-domains ▪ Finding a Company’s Top-Level Domains (TLDs) and Sub-domains o Finding a Company’s Top-Level Domains (TLDs) and Sub-domains with AI ▪ Finding the Geographical Location of the Target ▪ Extracting Website Information from https://archive.org ▪ People Search on Social Networking Sites and People Search Services ▪ Footprinting through People Search Services ▪ Gathering Information from LinkedIn ▪ Footprinting through Job Sites ▪ Harvesting Email Lists ▪ Dark Web Footprinting ▪ Footprinting through Job Sites o Searching the Dark Web with Advanced Search Parameters ▪ Deep and Dark Web Footprinting ▪ Determining the Operating System ▪ Determining the Operating System ▪ Competitive Intelligence Gathering ▪ VoIP and VPN Footprinting through SHODAN o Competitive Intelligence – When Did this Company Begin? How Did it Develop? ▪ Competitive Intelligence Gathering o Competitive Intelligence – What Are the Company’s Plans? ▪ Other Techniques for Footprinting through Web Services o Competitive Intelligence – What Expert Opinions Say About the Company? o Finding the Geographical Location of the Target ▪ Other Techniques for Footprinting through Internet Research Services o Gathering Information from Financial Services Footprinting through Social Networking Sites
Tiếp tục so sánh nội dung khóa học:
CEHv12 CEHv13 o Gathering Information from Business Profile Sites ▪ People Search on Social Networking Sites o Monitoring Targets Using Alerts ▪ Gathering Information from LinkedIn o Tracking the Online Reputation of the Target ▪ Harvesting Email Lists o Gathering Information from Groups, Forums, and Blogs o Harvesting Email Lists with AI o Gathering Information from NNTP Usenet Newsgroups ▪ Analyzing Target Social Media Presence o Gathering Information from Public Source-Code Repositories o Tools for Footprinting through Social Networking Sites Footprinting through Social Networking Sites o Footprinting through Social Networking Sites with AI ▪ Collecting Information through Social Engineering on Social Networking Sites Whois Footprinting ▪ General Resources for Locating Information from Social Media Sites ▪ Whois Lookup ▪ Conducting Location Search on Social Media Sites ▪ Finding IP Geolocation Information ▪ Constructing and Analyzing Social Network Graphs DNS Footprinting ▪ Tools for Footprinting through Social Networking Sites ▪ Extracting DNS Information Website Footprinting ▪ DNS Lookup with AI ▪ Website Footprinting ▪ Reverse DNS Lookup ▪ Website Footprinting using Web Spiders Network and Email Footprinting ▪ Mirroring Entire Website ▪ Locate the Network Range ▪ Extracting Website Information from https://archive.org ▪ Traceroute ▪ Other Techniques for Website Footprinting o Traceroute with AI o Extracting Website Links o Traceroute Analysis o Gathering the Wordlist from the Target Website o Traceroute Tools o Extracting Metadata of Public Documents ▪ Tracking Email Communications o Monitoring Web Pages for Updates and Changes o Collecting Information from Email Header o Searching for Contact Information, Email Addresses, and Telephone Numbers from Company Website o Email Tracking Tools o Searching for Web Pages Posting Patterns and Revision Numbers Footprinting through Social Engineering o Monitoring Website Traffic of the Target Company ▪ Collecting Information through Social Engineering on Social Networking Sites Email Footprinting ▪ Collecting Information Using Eavesdropping, Shoulder Surfing, Dumpster Diving, and Impersonation
Tiếp tục so sánh nội dung khóa học CEH v12 vs CEH v13:
CEHv12 CEHv13 ▪ Tracking Email Communications Footprinting Tasks using Advanced Tools and AI ▪ Email Tracking Tools ▪ AI-Powered OSINT Tools Whois Footprinting ▪ Create and Run Custom Python Script to Automate Footprinting Tasks with AI ▪ Whois Lookup Footprinting Countermeasures ▪ Finding IP Geolocation Information DNS Footprinting ▪ Extracting DNS Information ▪ Reverse DNS Lookup Network Footprinting ▪ Locate the Network Range ▪ Traceroute ▪ Traceroute Analysis ▪ Traceroute Tools Footprinting through Social Engineering ▪ Footprinting through Social Engineering ▪ Collect Information Using Eavesdropping, Shoulder Surfing, Dumpster Diving, and Impersonation Footprinting Tools ▪ Footprinting Tools: Maltego and Recon-ng ▪ Footprinting Tools: FOCA and OSRFramework ▪ Footprinting Tools: OSINT Framework ▪ Footprinting Tools: Recon-Dog and BillCipher ▪ Footprinting Tools: Spyse Footprinting Countermeasures ▪ Footprinting Countermeasures Module 03: Scanning Networks Module 03: Scanning Networks Network Scanning Concepts Network Scanning Concepts ▪ Overview of Network Scanning ▪ Overview of Network Scanning ▪ TCP Communication Flags ▪ TCP Communication Flags ▪ TCP/IP Communication ▪ TCP/IP Communication Scanning Tools Scanning Tools ▪ Scanning Tools: Nmap Host Discovery ▪ Scanning Tools: Hping3 ▪ Host Discovery Techniques o Hping Commands o ARP Ping Scan ▪ Scanning Tools o UDP Ping Scan ▪ Scanning Tools for Mobile o ICMP ECHO Ping Scan
Tiếp tục so sánh nội dung khóa học EH v12 vs CEH v13:
CEHv12 CEHv13 Host Discovery o ICMP ECHO Ping Sweep ▪ Host Discovery Techniques o ICMP Timestamp Ping Scan o ARP Ping Scan o ICMP Address Mask Ping Scan o UDP Ping Scan o TCP SYN Ping Scan o ICMP ECHO Ping Scan o TCP ACK Ping Scan o ICMP ECHO Ping Sweep o IP Protocol Ping Scan o ICMP Timestamp Ping Scan o Host Discovery with AI o ICMP Address Mask Ping Scan o Ping Sweep Tools o TCP SYN Ping Scan Port and Service Discovery o TCP ACK Ping Scan ▪ Port Scanning Techniques o IP Protocol Ping Scan ▪ TCP Connect/Full-Open Scan o Ping Sweep Tools o Stealth Scan (Half-Open Scan) Port and Service Discovery o Inverse TCP Flag Scan ▪ Port Scanning Techniques o Xmas Scan o TCP Scanning o TCP Maimon Scan • TCP Connect/Full Open Scan o ACK Flag Probe Scan • Stealth Scan (Half-open Scan) o IDLE/IPID Header Scan • Inverse TCP Flag Scan o UDP Scan ✓ Xmas Scan o SCTP INIT Scan ✓ FIN Scan o SCTP COOKIE ECHO Scan ✓ NULL Scan o SSDP and List Scan ✓ TCP Maimon Scan o IPv6 Scan • ACK Flag Probe Scan o Port Scanning with AI ✓ TTL-Based Scan o Service Version Discovery ✓ Window-Based Scan o Service Version Discovery with AI • IDLE/IPID Header Scan o Nmap Scan Time Reduction Techniques o UDP Scan OS Discovery (Banner Grabbing/OS Fingerprinting) o SCTP INIT Scan ▪ OS Discovery/Banner Grabbing o SCTP COOKIE ECHO Scan ▪ How to Identify Target System OS o SSDP and List Scan o OS Discovery using Nmap and Unicornscan o IPv6 Scan o OS Discovery using Nmap Script Engine ▪ Service Version Discovery o OS Discovery using IPv6 Fingerprinting ▪ Nmap Scan Time Reduction Techniques o OS Discovery with AI OS Discovery (Banner Grabbing/OS Fingerprinting) ▪ Create and Run Custom Script to Automate Network Scanning Tasks With AI ▪ OS Discovery/Banner Grabbing Scanning Beyond IDS and Firewall ▪ How to Identify Target System OS ▪ Packet Fragmentation o OS Discovery using Wireshark ▪ Source Routing
Tiếp tục so sánh nội dung khóa học CEH v12 và CEH v13:
CEHv12 CEHv13 o OS Discovery using Nmap and Unicornscan Source Port Manipulation o OS Discovery using Nmap Script Engine ▪ IP Address Decoy o OS Discovery using IPv6 Fingerprinting ▪ IP Address Spoofing Scanning Beyond IDS and Firewall ▪ MAC Address Spoofing ▪ IDS/Firewall Evasion Techniques ▪ Creating Custom Packets o Packet Fragmentation ▪ Randomizing Host Order and Sending Bad Checksums o Source Routing ▪ Proxy Servers o Source Port Manipulation o Proxy Chaining o IP Address Decoy o Proxy Tools o IP Address Spoofing ▪ Anonymizers o MAC Address Spoofing o Censorship Circumvention Tools o Creating Custom Packets Network Scanning Countermeasures o Randomizing Host Order and Sending Bad Checksums ▪ Ping Sweep Countermeasures o Proxy Servers ▪ Port Scanning Countermeasures • Proxy Chaining ▪ Banner Grabbing Countermeasures • Proxy Tools ▪ IP Spoofing Detection Techniques • Proxy Tools for Mobile ▪ IP Spoofing Countermeasures o Anonymizers ▪ Scanning Detection and Prevention Tools • Censorship Circumvention Tools: Alkasir and Tails Network Scanning Countermeasures ▪ Ping Sweep Countermeasures ▪ Port Scanning Countermeasures ▪ Banner Grabbing Countermeasures ▪ IP Spoofing Detection Techniques o Direct TTL Probes o IP Identification Number o TCP Flow Control Method ▪ IP Spoofing Countermeasures ▪ Scanning Detection and Prevention Tools Module 04: Enumeration Module 04: Enumeration Enumeration Concepts Enumeration Concepts ▪ What is Enumeration? ▪ What is Enumeration? ▪ Techniques for Enumeration ▪ Techniques for Enumeration ▪ Services and Ports to Enumerate ▪ Services and Ports to Enumerate NetBIOS Enumeration NetBIOS Enumeration
Tiếp tục so sánh nội dung khóa học:
CEHv12 CEHv13 ▪ NetBIOS Enumeration ▪ NetBIOS Enumeration Tools ▪ NetBIOS Enumeration Tools ▪ Enumerating User Accounts ▪ Enumerating User Accounts ▪ Enumerating Shared Resources Using Net View ▪ Enumerating Shared Resources Using Net View ▪ NetBIOS Enumeration using AI SNMP Enumeration SNMP Enumeration ▪ SNMP (Simple Network Management Protocol) Enumeration ▪ Working of SNMP ▪ Working of SNMP ▪ Management Information Base (MIB) ▪ Management Information Base (MIB) ▪ Enumerating SNMP using SnmpWalk ▪ Enumerating SNMP using SnmpWalk ▪ Enumerating SNMP using Nmap ▪ Enumerating SNMP using Nmap ▪ SNMP Enumeration Tools ▪ SNMP Enumeration Tools ▪ SNMP Enumeration with SnmpWalk and Nmap using AI LDAP Enumeration LDAP Enumeration ▪ LDAP Enumeration ▪ Manual and Automated LDAP Enumeration ▪ Manual and Automated LDAP Enumeration ▪ LDAP Enumeration Tools ▪ LDAP Enumeration Tools NTP and NFS Enumeration NTP and NFS Enumeration ▪ NTP Enumeration ▪ NTP Enumeration ▪ NTP Enumeration Commands ▪ NTP Enumeration Commands ▪ NTP Enumeration Tools ▪ NTP Enumeration Tools ▪ NFS Enumeration ▪ NFS Enumeration ▪ NFS Enumeration Tools ▪ NFS Enumeration Tools SMTP and DNS Enumeration SMTP and DNS Enumeration ▪ SMTP Enumeration ▪ SMTP Enumeration ▪ SMTP Enumeration using Nmap ▪ SMTP Enumeration using Nmap ▪ SMTP Enumeration using Metasploit ▪ SMTP Enumeration using Metasploit ▪ SMTP Enumeration Tools ▪ SMTP Enumeration Tools ▪ SMTP Enumeration using AI ▪ DNS Enumeration Using Zone Transfer ▪ DNS Enumeration Using Zone Transfer ▪ DNS Cache Snooping ▪ DNS Cache Snooping ▪ DNSSEC Zone Walking ▪ DNSSEC Zone Walking ▪ DNS and DNSSEC Enumeration using Nmap ▪ DNS Enumeration Using OWASP Amass Other Enumeration Techniques ▪ DNS and DNSSEC Enumeration Using Nmap ▪ IPsec Enumeration ▪ DNS Enumeration with Nmap Using AI ▪ VoIP Enumeration ▪ DNS Cache Snooping using AI ▪ RPC Enumeration Other Enumeration Techniques ▪ Unix/Linux User Enumeration ▪ IPsec Enumeration ▪ Telnet and SMB Enumeration ▪ IPsec Enumeration with AI ▪ FTP and TFTP Enumeration ▪ VoIP Enumeration
Phần so sánh nội dung khóa học còn lại giữa 2 phiên bản CEH v12 vs CEH v13 các bạn hãy xem trong các phần tiếp theo :
CEHv12 CEHv13 ▪ IPv6 Enumeration ▪ RPC Enumeration ▪ BGP Enumeration ▪ Unix/Linux User Enumeration Enumeration Countermeasures ▪ SMB Enumeration ▪ Enumeration Countermeasures ▪ SMB Enumeration with AI ▪ DNS Enumeration Countermeasures ▪ Create and Run Custom Script to Automate Network Enumeration Tasks with AI Enumeration Countermeasures Module 05: Vulnerability Analysis Module 05: Vulnerability Analysis Vulnerability Assessment Concepts Vulnerability Assessment Concepts ▪ What is Vulnerability? ▪ Vulnerability Classification o Examples of Vulnerabilities o Misconfigurations/Weak Configurations ▪ Vulnerability Research o Application Flaws ▪ Resources for Vulnerability Research o Poor Patch Management ▪ What is Vulnerability Assessment? o Design Flaws ▪ Vulnerability Scoring Systems and Databases o Third-Party Risks ▪ Vulnerability-Management Life Cycle o Default Installations/Default Configurations o Pre-Assessment Phase o Operating System Flaws o Vulnerability Assessment Phase o Default Passwords o Post Assessment Phase o Zero-Day Vulnerabilities Vulnerability Classification and Assessment Types o Legacy Platform Vulnerabilities ▪ Vulnerability Classification o System Sprawl/Undocumented Assets o Misconfigurations/Weak Configurations o Improper Certificate and Key Management o Application Flaws ▪ Vulnerability Scoring Systems and Databases o Poor Patch Management o Common Vulnerability Scoring System (CVSS) o Design Flaws o Common Vulnerabilities and Exposures (CVE) o Third-Party Risks o National Vulnerability Database (NVD) o Default Installations/Default Configurations o Common Weakness Enumeration (CWE) o Operating System Flaws ▪ Vulnerability-Management Life Cycle o Default Passwords o Pre-Assessment Phase o Zero-Day Vulnerabilities o Vulnerability Assessment Phase o Legacy Platform Vulnerabilities o Post Assessment Phase o System Sprawl/Undocumented Assets ▪ Vulnerability Research o Improper Certificate and Key Management o Resources for Vulnerability Research ▪ Types of Vulnerability Assessment ▪ Vulnerability Scanning and Analysis Vulnerability Assessment Tools o Types of Vulnerability Scanning ▪ Comparing Approaches to Vulnerability Assessment Vulnerability Assessment Tools ▪ Characteristics of a Good Vulnerability Assessment Solution ▪ Comparing Approaches to Vulnerability Assessment
CEHv12 CEHv13 ▪ Working of Vulnerability Scanning Solutions ▪ Characteristics of a Good Vulnerability Assessment Solution ▪ Types of Vulnerability Assessment Tools ▪ Working of Vulnerability Scanning Solutions ▪ Choosing a Vulnerability Assessment Tool ▪ Types of Vulnerability Assessment Tools ▪ Criteria for Choosing a Vulnerability Assessment Tool ▪ Choosing a Vulnerability Assessment Tool ▪ Best Practices for Selecting Vulnerability Assessment Tools ▪ Criteria for Choosing a Vulnerability Assessment Tool ▪ Vulnerability Assessment Tools: Qualys Vulnerability Management ▪ Best Practices for Selecting Vulnerability Assessment Tools ▪ Vulnerability Assessment Tools: Nessus Professional and GFI LanGuard ▪ Vulnerability Assessment Tools ▪ Vulnerability Assessment Tools: OpenVAS and Nikto o Nessus Essentials ▪ Other Vulnerability Assessment Tools o GFI LanGuard ▪ Vulnerability Assessment Tools for Mobile o OpenVAS Vulnerability Assessment Reports o Nikto ▪ Vulnerability Assessment Reports o Qualys Vulnerability Management ▪ Components of a Vulnerability Assessment Report ▪ AI-Powered Vulnerability Assessment Tools ▪ Vulnerability Assessment using AI ▪ Vulnerability Scan using Nmap with AI ▪ Vulnerability Assessment using Python Script with AI ▪ Vulnerability Scan using Skipfish with AI Vulnerability Assessment Reports ▪ Components of a Vulnerability Assessment Report Module 06: System Hacking Module 06: System Hacking Gaining Access Gaining Access ▪ Cracking Passwords ▪ Cracking Passwords o Microsoft Authentication o Microsoft Authentication o How Hash Passwords Are Stored in Windows SAM? o How Hash Passwords Are Stored in Windows SAM? o NTLM Authentication Process o Tools to Extract the Password Hashes o Kerberos Authentication o NTLM Authentication Process o Password Cracking o Kerberos Authentication o Types of Password Attacks o Password Cracking • Non-Electronic Attacks o Types of Password Attacks • Active Online Attacks • Non-Electronic Attacks ✓ Dictionary, Brute-Force, and Rule-based Attack • Active Online Attacks ✓ Password Spraying Attack and Mask Attack ✓ Other Active Online Attacks ✓ Password Guessing • Passive Online Attacks ✓ Default Passwords • Offline Attacks ✓ Trojans/Spyware/Keyloggers o Password Recovery Tools ✓ Hash Injection/Pass-the-Hash (PtH) Attack o Password-Cracking Tools
CEHv12 CEHv13 ✓ LLMNR/NBT-NS Poisoning o Password Salting ✓ Internal Monologue Attack o How to Defend against Password Cracking ✓ Cracking Kerberos Password o How to Defend against LLMNR/NBT-NS Poisoning ✓ Pass the Ticket Attack o Tools to Detect LLMNR/NBT-NS Poisoning ✓ Other Active Online Attacks o Detecting SMB Attacks against Windows ➢ GPU-based Attack ▪ Vulnerability Exploitation • Passive Online Attacks o Exploit Sites ✓ Wire Sniffing o Windows Exploit Suggester – Next Generation (WES-NG) ✓ Man-in-the-Middle/Manipulator-in-the-Middle and Replay Attacks o Metasploit Framework • Offline Attacks o Metasploit Modules ✓ Rainbow Table Attack o AI-Powered Vulnerability Exploitation Tools o Password Recovery Tools o Buffer Overflow o Tools to Extract the Password Hashes • Types of Buffer Overflow o Password Cracking using Domain Password Audit Tool (DPAT) • Simple Buffer Overflow in C o Password-Cracking Tools: L0phtCrack • Windows Buffer Overflow Exploitation o Password-Cracking Tools: ophcrack o Return-Oriented Programming (ROP) Attack o Password-Cracking Tools o Bypassing ASLR and DEP Security Mechanisms o Password Salting o Heap Spraying o How to Defend against Password Cracking o JIT Spraying o How to Defend against LLMNR/NBT-NS Poisoning o Exploit Chaining o Tools to Detect LLMNR/NBT-NS Poisoning o Domain Mapping and Exploitation with Bloodhound ▪ Vulnerability Exploitation o Post AD Enumeration using PowerView o Exploit Sites o Identifying Insecurities Using GhostPack Seatbelt o Buffer Overflow o Buffer Overflow Detection Tools • Types of Buffer Overflow: Stack-Based Buffer Overflow o Defending against Buffer Overflows • Types of Buffer Overflow: Heap-Based Buffer Overflow Escalating Privileges • Simple Buffer Overflow in C ▪ Privilege Escalation • Windows Buffer Overflow Exploitation ▪ Privilege Escalation Using DLL Hijacking o Return-Oriented Programming (ROP) Attack ▪ Privilege Escalation by Exploiting Vulnerabilities o Exploit Chaining ▪ Privilege Escalation Using Dylib Hijacking o Active Directory Enumeration Using PowerView ▪ Privilege Escalation Using Spectre and Meltdown Vulnerabilities o Domain Mapping and Exploitation with Bloodhound ▪ Privilege Escalation Using Named Pipe Impersonation o Identifying Insecurities Using GhostPack Seatbelt ▪ Privilege Escalation by Exploiting Misconfigured Services o Buffer Overflow Detection Tools ▪ Pivoting and Relaying to Hack External Machines o Defending against Buffer Overflows ▪ Privilege Escalation Using Misconfigured NFS
CEHv12 CEHv13 Escalating Privileges ▪ Privilege Escalation by Bypassing User Account Control (UAC) ▪ Privilege Escalation ▪ Privilege Escalation by Abusing Boot or Logon Initialization Scripts ▪ Privilege Escalation Using DLL Hijacking ▪ Privilege Escalation by Modifying Domain Policy ▪ Privilege Escalation by Exploiting Vulnerabilities ▪ Retrieving Password Hashes of Other Domain Controllers Using DCSync Attack ▪ Privilege Escalation Using Dylib Hijacking ▪ Privilege Escalation by Abusing Active Directory Certificate Services (ADCS) ▪ Privilege Escalation Using Spectre and Meltdown Vulnerabilities ▪ Other Privilege Escalation Techniques ▪ Privilege Escalation Using Named Pipe Impersonation ▪ Privilege Escalation Tools ▪ Privilege Escalation by Exploiting Misconfigured Services ▪ How to Defend against Privilege Escalation ▪ Pivoting and Relaying to Hack External Machines o Tools for Defending against DLL and Dylib Hijacking ▪ Privilege Escalation Using Misconfigured NFS o Defending against Spectre and Meltdown Vulnerabilities ▪ Privilege Escalation Using Windows Sticky Keys o Tools for Detecting Spectre and Meltdown Vulnerabilities ▪ Privilege Escalation by Bypassing User Account Control (UAC) Maintaining Access ▪ Privilege Escalation by Abusing Boot or Logon Initialization Scripts ▪ Executing Applications ▪ Privilege Escalation by Modifying Domain Policy o Remote Code Execution Techniques ▪ Retrieving Password Hashes of Other Domain Controllers Using DCSync Attack • Tools for Executing Applications ▪ Other Privilege Escalation Techniques o Keylogger o Parent PID Spoofing • Types of Keystroke Loggers o Abusing Accessibility Features • Remote Keylogger Attack Using Metasploit o SID-History Injection • Hardware Keyloggers o COM Hijacking • Keyloggers for Windows o Scheduled Tasks in Linux • Keyloggers for macOS ▪ Privilege Escalation Tools o Spyware o FullPowers • Spyware Tools o PEASS-ng • Types of Spyware ▪ How to Defend Against Privilege Escalation o How to Defend against Keyloggers o Tools for Defending against DLL and Dylib Hijacking o Anti-Keyloggers o Defending against Spectre and Meltdown Vulnerabilities o How to Defend against Spyware o Tools for Detecting Spectre and Meltdown Vulnerabilities o Anti-Spyware Maintaining Access ▪ Hiding Files ▪ Executing Applications o Rootkits o Remote Code Execution Techniques • Types of Rootkits • Tools for Executing Applications • How a Rootkit Works o Keylogger • Popular Rootkits • Types of Keystroke Loggers • Detecting Rootkits • Remote Keylogger Attack Using Metasploit • Steps for Detecting Rootkits • Hardware Keyloggers • How to Defend against Rootkits • Keyloggers for Windows • Anti-Rootkits • Keyloggers for macOS o NTFS Data Stream
CEHv12 CEHv13 o Spyware • How to Create NTFS Streams • Spyware Tools: Spytech SpyAgent and Power Spy • NTFS Stream Manipulation • Spyware Tools • How to Defend against NTFS Streams o How to Defend Against Keyloggers • NTFS Stream Detectors • Anti-Keyloggers o What is Steganography? o How to Defend Against Spyware • Classification of Steganography • Anti-Spyware • Types of Steganography based on Cover Medium ▪ Hiding Files • Whitespace Steganography o Rootkits • Image Steganography • Types of Rootkits • Document Steganography • How a Rootkit Works • Video Steganography • Popular Rootkits • Audio Steganography ✓ Purple Fox Rootkit • Folder Steganography ✓ MoonBounce • Spam/Email Steganography ✓ Dubbed Demodex Rootkit • Other Types of Steganography • Detecting Rootkits • Steganalysis • Steps for Detecting Rootkits • Steganalysis Methods/Attacks on Steganography • How to Defend against Rootkits o Detecting Steganography (Text, Image, Audio, and Video Files) • Anti-Rootkits o Steganography Detection Tools o NTFS Data Stream ▪ Establishing Persistence • How to Create NTFS Streams o Maintaining Persistence Using Windows Sticky Keys • NTFS Stream Manipulation o Maintaining Persistence by Abusing Boot or Logon Autostart Executions • How to Defend against NTFS Streams o Domain Dominance Through Different Paths • NTFS Stream Detectors • Remote Code Execution o What is Steganography? • Abusing Data Protection API (DPAPI) • Classification of Steganography • Malicious Replication • Types of Steganography based on Cover Medium • Skeleton Key Attack ✓ Whitespace Steganography • Golden Ticket Attack ✓ Image Steganography • Silver Ticket Attack ➢ Image Steganography Tools o Maintain Domain Persistence Through AdminSDHolder ✓ Document Steganography o Maintaining Persistence Through WMI Event Subscription ✓ Video Steganography o Overpass-the-Hash Attack ✓ Audio Steganography o Linux Post-Exploitation ✓ Folder Steganography o Windows Post-Exploitation ✓ Spam/Email Steganography o How to Defend against Persistence Attacks ✓ Other Types of Steganography Clearing Logs • Steganography Tools for Mobile Phones ▪ Covering Tracks • Steganalysis ▪ Disabling Auditing: Auditpol • Steganalysis Methods/Attacks on Steganography ▪ Clearing Logs
CEHv12 CEHv13 • Detecting Steganography (Text, Image, Audio, and Video Files) ▪ Manually Clearing Event Logs • Steganography Detection Tools ▪ Ways to Clear Online Tracks ▪ Establishing Persistence ▪ Covering BASH Shell Tracks o Maintaining Persistence by Abusing Boot or Logon Autostart Executions ▪ Covering Tracks on a Network o Domain Dominance through Different Paths ▪ Covering Tracks on an OS • Remote Code Execution ▪ Delete Files using Cipher.exe • Abusing DPAPI ▪ Disable Windows Functionality • Malicious Replication ▪ Deleting Windows Activity History • Skeleton Key Attack ▪ Deleting Incognito History • Golden Ticket Attack ▪ Hiding Artifacts in Windows, Linux, and macOS • Silver Ticket Attack ▪ Anti-forensics Techniques o Maintain Domain Persistence Through AdminSDHolder ▪ Track-Covering Tools o Maintaining Persistence Through WMI Event Subscription ▪ Defending against Covering Tracks o Overpass-the-Hash Attack o Linux Post Exploitation o Windows Post Exploitation o How to Defend against Persistence Attacks Clearing Logs ▪ Covering Tracks ▪ Disabling Auditing: Auditpol ▪ Clearing Logs ▪ Manually Clearing Event Logs ▪ Ways to Clear Online Tracks ▪ Covering BASH Shell Tracks ▪ Covering Tracks on a Network ▪ Covering Tracks on an OS ▪ Delete Files using Cipher.exe ▪ Disable Windows Functionality ▪ Hiding Artifacts in Windows, Linux, and macOS ▪ Track-Covering Tools ▪ Defending against Covering Tracks Module 07: Malware Threats Module 07: Malware Threats Malware Concepts Malware Concepts ▪ Introduction to Malware ▪ Introduction to Malware ▪ Different Ways for Malware to Enter a System o Different Ways for Malware to Enter a System ▪ Common Techniques Attackers Use to Distribute Malware on the Web o Common Techniques Attackers Use to Distribute Malware on the Web o RTF Injection ▪ Components of Malware ▪ Components of Malware ▪ Potentially Unwanted Application or Applications (PUAs) ▪ Potentially Unwanted Application or Applications (PUAs) o Adware o Adware APT Concepts
CEHv12 CEHv13 APT Concepts ▪ What are Advanced Persistent Threats? ▪ What are Advanced Persistent Threats? o Characteristics of Advanced Persistent Threats ▪ Characteristics of Advanced Persistent Threats o Advanced Persistent Threat Lifecycle ▪ Advanced Persistent Threat Lifecycle Trojan Concepts Trojan Concepts ▪ What is a Trojan? ▪ What is a Trojan? ▪ How Hackers Use Trojans ▪ How Hackers Use Trojans ▪ Common Ports used by Trojans ▪ Common Ports used by Trojans ▪ Types of Trojans ▪ Types of Trojans o Remote Access Trojans o Remote Access Trojans o Backdoor Trojans o Backdoor Trojans o Botnet Trojans o Botnet Trojans o Rootkit Trojans o Rootkit Trojans o E-banking Trojans o E-banking Trojans • Working of E-banking Trojans • Working of E-banking Trojans • E-banking Trojan: CHAVECLOAK • E-banking Trojan: Dreambot o Point-of-Sale Trojans o Point-of-Sale Trojans o Defacement Trojans o Defacement Trojans o Service Protocol Trojans o Service Protocol Trojans o Mobile Trojans o Mobile Trojans o IoT Trojans o IoT Trojans o Security Software Disabler Trojans o Security Software Disabler Trojans o Destructive Trojans o Destructive Trojans o DDoS Trojans o DDoS Trojans o Command Shell Trojans o Command Shell Trojans ▪ How to Infect Systems Using a Trojan ▪ How to Infect Systems Using a Trojan o Creating a Trojan o Creating a Trojan o Employing a Dropper or Downloader o Employing a Dropper or Downloader o Employing a Wrapper o Employing a Wrapper o Employing a Crypter o Employing a Crypter o Propagating and Deploying a Trojan o Propagating and Deploying a Trojan o Deploy a Trojan through Emails o Exploit Kits o Deploy a Trojan through Covert Channels Virus and Worm Concepts o Deploy a Trojan through Proxy Servers
CEHv12 CEHv13 ▪ Introduction to Viruses o Deploy a Trojan through USB/Flash Drives ▪ Stages of Virus Lifecycle o Techniques for Evading Antivirus Software ▪ Working of Viruses o Exploit Kits o How does a Computer Get Infected by Viruses? Virus and Worm Concepts ▪ Types of Viruses ▪ Introduction to Viruses o System or Boot Sector Viruses o Stages of Virus Lifecycle o File Viruses o Working of Viruses o Multipartite Viruses ▪ How does a Computer Get Infected by Viruses? o Macro Viruses ▪ Types of Viruses o Cluster Viruses o System or Boot Sector Viruses o Stealth Viruses/Tunneling Viruses o File Viruses o Encryption Viruses o Multipartite Viruses o Sparse Infector Viruses o Macro Viruses o Polymorphic Viruses o Cluster Viruses o Metamorphic Viruses o Stealth Viruses/Tunneling Viruses o Overwriting File or Cavity Viruses o Encryption Viruses o Companion/Camouflage Viruses o Sparse Infector Viruses o Shell Viruses o Polymorphic Viruses o File Extension Viruses o Metamorphic Viruses o FAT Viruses o Overwriting File or Cavity Viruses o Logic Bomb Viruses o Companion/Camouflage Viruses o Web Scripting Virus o Shell Viruses o E-mail Viruses o File Extension Viruses o Armored Viruses o FAT Viruses o Add-on Viruses o Logic Bomb Viruses o Intrusive Viruses o Web Scripting Viruses o Direct Action or Transient Viruses o E-mail Viruses o Terminate and Stay Resident (TSR) Viruses o Armored Viruses o Ransomware o Add-on Viruses • BlackCat o Intrusive Viruses • BlackMatter o Direct Action or Transient Viruses ▪ How to Infect Systems Using a Virus: Creating a Virus o Terminate and Stay Resident (TSR) Viruses ▪ How to Infect Systems Using a Virus: Propagating and Deploying a Virus ▪ How to Infect Systems Using a Virus ▪ Computer Worms o Propagating and Deploying a Virus o Worm Makers o Virus Hoaxes Fileless Malware Concepts o Fake AntiVirus ▪ What is Fileless Malware? ▪ Ransomware
CEHv12 CEHv13 ▪ Taxonomy of Fileless Malware Threats o How to Infect Systems Using a Ransomware: Creating Ransomware ▪ How does Fileless Malware Work? ▪ Computer Worms ▪ Launching Fileless Malware through Document Exploits and In-Memory Exploits o How to Infect Systems Using a Worm ▪ Launching Fileless Malware through Script-based Injection o Worm Makers ▪ Launching Fileless Malware by Exploiting System Admin Tools Fileless Malware Concepts ▪ Launching Fileless Malware through Phishing ▪ What is Fileless Malware? ▪ Maintaining Persistence with Fileless Techniques o Taxonomy of Fileless Malware Threats ▪ Fileless Malware ▪ How does Fileless Malware Work? o LemonDuck ▪ Launching Fileless Malware through Document Exploits ▪ Fileless Malware Obfuscation Techniques to Bypass Antivirus ▪ Launching Fileless Malware through In-Memory Exploits Malware Analysis ▪ Launching Fileless Malware through Script-based Injection ▪ What is Sheep Dip Computer? ▪ Launching Fileless Malware by Exploiting System Admin Tools ▪ Antivirus Sensor Systems ▪ Launching Fileless Malware through Phishing ▪ Introduction to Malware Analysis ▪ Launching Fileless Malware through Windows Registry ▪ Malware Analysis Procedure: Preparing Testbed ▪ Maintaining Persistence with Fileless Techniques ▪ Static Malware Analysis ▪ Fileless Malware o File Fingerprinting ▪ Fileless Malware Obfuscation Techniques to Bypass Antivirus o Local and Online Malware Scanning AI-based Malware Concepts o Performing Strings Search ▪ What is AI-based Malware? o Identifying Packing/Obfuscation Methods o Working of AI-based Malware • Identifying Packing/Obfuscation Method of ELF Malware ▪ Indicators of AI-based Malware • Detect It Easy (DIE) ▪ Challenges of AI-based Malware o Finding the Portable Executables (PE) Information ▪ Techniques Used in AI-based Malware Development o Identifying File Dependencies o Generative Adversarial Networks (GANs) o Malware Disassembly o Reinforcement Learning • Ghidra o Natural Language Processing (NLP) • x64dbg ▪ Examples of AI-based Malware o Analyzing ELF Executable Files o AI-Generated Videos: Malware Spread Through YouTube o Analyzing Mach Object (Mach-O) Executable Files Malware Analysis
CEH v13 AI - CEH VIETNAM 
Bình luận về bài viết này