Certified Ethical Hacker (CEH) by Dean Bushmiller
See: Certified Ethical Hacker (CEH) by Dean Bushmiller
Published by O'Reilly Media, Inc., 2022
- Sep. 7, 9, 14 & 16, 2022, 9 a.m. - 1 p.m. Pacific Daylight Time
- Nov. 9, 11, 16 & 18, 2022, 9 a.m. - 1 p.m. Pacific Standard Time
Ethical hacker activities in detail & passing v12
You can make a good living in the computing world by exposing everyone else’s poor systems administration. Achieving the Certified Ethical Hacker (CEH v12) certification shows your proficiency with the latest commercial-grade hacking tools, techniques, and methodologies used to lawfully hack organizations—and is a great way to get started on your cybersecurity career.
Join cybersecurity professional Dean Bushmiller to build your ethical hacking expertise and learn the best practices, strategies, and tips that will help you pass the CEH v12 on your first go. In four sessions over two weeks, you’ll explore the five phases of hacking—reconnaissance, gaining access, enumeration, maintaining access, and covering tracks—and get hands-on to deploy attacker and victim machines in a series of exercises. Each tool and technique will be mapped to the phases of hacking in a meaningful way.
Dean has been hired to test many organizations and has been a CEH since version 6. Benefit from his extensive experience as you build a deliberate cybersecurity practice. You won’t regret it.
Week 1: Session 1—Footprinting, Reconnaissance, Scanning, and Sniffing Collecting external data readily available to the world typically goes undetected. Wireshark and Nmap are excellent tools for most of these tasks. In Session 1, you’ll learn how to put them to work.
Week 1: Session 2—Enumeration and Vulnerability Assessments Organizations demand information on the true risk of unpatched systems. In Session 2, you’ll discover how to deliver risk assessment using OpenVAS and a great deal of real research.
Week 2: Session 3—System Hacking and Hijacking Adversaries say victims have been “pwned” when they allow an adversary to gain complete control with just one exploit. In Session 3, you’ll see why ethical hackers must try every known exploit and document all the ways they achieved control with tools like Metasploit and bettercap.
Week 2: Session 4—Web Servers, Web Applications, and SQL Injection An organization’s most likely targets are its web presence, middleware, and backend systems. In Session 4, you’ll learn how to use ethical hacking tools including Burp Suite, WebScarab, BeEF, and sqlmap to defend them.
NOTE: With today’s registration, you’ll be signed up for all four sessions. Although you can attend any of the sessions individually, we recommend participating in all four sessions over two weeks.
What you’ll learn and how you can apply it By the end of this live online course, you’ll understand:
Week 1: Session 1—Footprinting, Reconnaissance, Scanning, and Sniffing
How to extract information about the victim organization from outside the target’s view How to discover communication channels, probe client-server connections, and document for future use How to perform packet sniffing on the victim network using tools such as Wireshark Week 1: Session 2—Enumeration and Vulnerability Assessments
How to enumerate a system’s active connection and perform queries to gain specific information about the victim How to identify unpatched or unpatchable systems that represent the failure of information technology defenders to protect the victim Week 2: Session 3—System Hacking and Hijacking
How to gain access, escalate privileges, maintain access, and clear logs to complete a system hack How to intercept traffic between a server and a client at most layers of the TCP/IP stack Week 2: Session 4—Web Servers, Web Applications, and SQL Injection
How to combine system hacking techniques together in a new way for the specific purpose of attacking web servers How to use client-side script interruption techniques to gain access to the victim server or the reverse How to determine which SQL injection type will yield access to sensitive data And you’ll be able to:
Week 1: Session 1—Footprinting, Reconnaissance, Scanning, and Sniffing
Apply the professional penetration testing models ATT&CK and Cyber Kill Chain Understand a packet using Wireshark Week 1: Session 2—Enumeration and Vulnerability Assessments
Use the EC-Council’s top 10 hacking tools, discussed on the version 11 exam Calculate impact metrics, vulnerability types, and applicability statements Week 2: Session 3—System Hacking and Hijacking
Compromise an unprotected web server Perform SQL injection Attack OWASP’s top 10 threats Week 2: Session 4—Web Servers, Web Applications, and SQL Injection
Prepare to pass the v11 exam on your first attempt Apply ethical hacking processes to target systems Implement your own isolated hacking laboratory This live event is for you because… You need to prepare for CEH certification and want a clear plan to do so. You’re a security assessor or auditor. Your organization has a DOD 8570 certification requirement. Prerequisites A computer with the lab environment set up (instructions) An understanding of the topics from the CompTIA Network+ and Security+ certifications Experience with networking, operating systems, and scripting languages Recommended preparation:
Review the course GitHub repository and wiki Explore Kali Linux Tutorial for Beginners (video course) Watch Network Analysis Using Wireshark 3 (video) Explore Wireshark for Packet Analysis and Ethical Hacking (video course) Explore Linux for Network Engineers: Practical Linux with GNS3 (video course) Recommended follow-up:
Follow and explore CEHv11 Certified Ethical Hacker (expert playlist) Watch Securing Windows Server 2019 (video) Schedule The timeframes are only estimates and may vary according to how the class is progressing.
Week 1: Session 1—Footprinting, Reconnaissance, Scanning, and Sniffing Introduction to the CEH v12 (40 minutes)
Presentation: Student expectations Hands-on exercise: Use glossary and notecards The ethical hacker thought process: Part I (30 minutes)
Presentation, demos, and hands-on exercises: Ethical hacker thought process; Wireshark—continuous capture and filter Hands-on exercise: Set up lab—Maltego, Nmap, Wireshark, DNS, search, and social Break Footprinting and fingerprinting (40 minutes)
Presentation, demos, and hands-on exercises: Footprinting and fingerprinting with Nmap and Maltego Q&A Break Reconnaissance and postscope adjustments (40 minutes)
Presentation, demos, and hands-on exercises: Reconnaissance and postscope adjustments Q&A Break Scanning at enterprise scale with Nmap and NSE (40 minutes)
Presentation, demos, and hands-on exercises: Scanning at enterprise scale with Nmap and NSE Q&A Break Sniffing as a easy collection tool (40 minutes)
Presentation, demos, and hands-on exercises: Sniffing as a easy collection tool—SPAN, tap, and splice Q&A Wrap-up and Q&A (10 minutes)
Week 1: Session 2—Enumeration and Vulnerability Assessments Introduction to Session 2 (40 minutes)
Presentation: Student expectations Hands-on exercise: Use glossary and notecards The ethical hacker thought process: Part II (30 minutes)
Presentation and demos: Ethical hacker thought process Hands-on exercise: Set up lab—OpenVAS and Maltego Enumeration (40 minutes)
Presentation, demos, and hands-on exercises: Enumeration—subjects, objects, databases, and flat files Q&A Break Vulnerability assessments (40 minutes)
Presentation, demos, and hands-on exercises: Vulnerability assessments Q&A Break Nmap into OpenVAS (40 minutes)
Presentation, demos, and hands-on exercises: Nmap into OpenVAS; building NASL files Q&A Break Research NVD and ATT&CK (40 minutes)
Presentation, demos, and hands-on exercises: Research NVD and ATT&CK Q&A Wrap-up and Q&A (10 minutes)
Week 2: Session 3—System Hacking and Hijacking Introduction to Session 3 (40 minutes)
Presentation: Student expectations Hands-on exercise: Use glossary and notecards The ethical hacker thought process: Part III (30 minutes)
Presentation and demos: Ethical hacker thought process Hands-on exercise: Set up lab—Nmap, OpenVAS, Metasploit, and bettercap Interception and hijacking (40 minutes)
Presentation, demos, and hands-on exercises: Interception and hijacking Q&A Break Compromising operating systems (40 minutes)
Presentation, demos, and hands-on exercises: Compromising each operating system Q&A Break Iteration of all relevant attacks (40 minutes)
Presentation, demos, and hands-on exercises: Iteration of all relevant attacks Q&A Break Virtual images protect operations (40 minutes)
Presentation, demos, and hands-on exercises: Virtual images protect operations Q&A Wrap-up and Q&A (10 minutes)
Week 2: Session 4—Web Servers, Web Applications, and SQL Injection Introduction to Session 4 (30 minutes)
Presentation: Student expectations Hands-on exercise: Use glossary and notecards The ethical hacker thought process: Part IV (30 minutes)
Presentation and demos: Ethical hacker thought process Hands-on exercise: Set up lab—Snort, Burp Suite, and WebScarab or BeEF, sqlmap, and WebGoat Three-tier web server attacks (60 minutes)
Presentation, demos, and hands-on exercises: Three-tier web server attacks Q&A Break Takeovers, redirects, and DOS attacks (40 minutes)
Presentation, demos, and hands-on exercises: Takeovers, redirects, and DOS attacks Q&A Break SQL injection (70 minutes)
Presentation, demos, and hands-on exercises: SQL injection Q&A Break Wrap-up and Q&A (10 minutes)
YOUR INSTRUCTOR Dean Bushmiller Dean Bushmiller is a leading cybersecurity subject matter expert. He’s been teaching cybersecurity continuously online since 2007. He has over 1,000 hours of recorded training and offers training through O'Reilly, SANS, FED-VTE, the Software Engineering Institute at Carnegie Mellon University, (ISC)2, and Expanding Security, with a lifetime instructor approval rating of over 90%. Dean has held the following certifications: CEH, CHFI, CISSP, CFR, CVLP, ISSMP, CRISC, ISSAP, CCSK, CCSP, AWS-Arch, Azure-Fundamentals, Exin Cloud, CASP, GSEC, CCNA, MCSE 2K Charter, MCDBA, MCSA, MCP, MCT, CISM, PLCOP, PLA, PLCT, AWR-138-W, Cloud+, CEI, LPIC-1, Security+, and Camtasia 2020 Voyager. Though he’s nonmilitary, he’s had the honor of training the US military since 1999; in recognition for outstanding service in the field of information assurance, he’s received eight mission coins.
Cybersecurity: DevSecOps - Security Automation, Cloud Security - Cloud Native Security (AWS Security - Azure Security - GCP Security - IBM Cloud Security - Oracle Cloud Security, Container Security, Docker Security, Podman Security, Kubernetes Security, Google Anthos Security, Red Hat OpenShift Security); CIA Triad (Confidentiality - Integrity - Availability, Authorization - OAuth, Identity and Access Management (IAM), JVM Security (Java Security, Spring Security, Micronaut Security, Quarkus Security, Helidon Security, MicroProfile Security, Dropwizard Security, Vert.x Security, Play Framework Security, Akka Security, Ratpack Security, Netty Security, Spark Framework Security, Kotlin Security - Ktor Security, Scala Security, Clojure Security, Groovy Security;
, JavaScript Security, HTML Security, HTTP Security - HTTPS Security - SSL Security - TLS Security, CSS Security - Bootstrap Security - Tailwind Security, Web Storage API Security (localStorage Security, sessionStorage Security), Cookie Security, IndexedDB Security, TypeScript Security, Node.js Security, NPM Security, Deno Security, Express.js Security, React Security, Angular Security, Vue.js Security, Next.js Security, Remix.js Security, PWA Security, SPA Security, Svelts.js Security, Ionic Security, Web Components Security, Nuxt.js Security, Z Security, htmx Security
Python Security - Django Security - Flask Security - Pandas Security,
Database Security (Database Security on Kubernetes, Database Security on Containers / Database Security on Docker, Cloud Database Security - DBaaS Security, Concurrent Programming and Database Security, Functional Concurrent Programming and Database Security, Async Programming and Databases Security, MySQL Security, Oracle Database Security, Microsoft SQL Server Security, MongoDB Security, PostgreSQL Security, SQLite Security, Amazon RDS Security, IBM Db2 Security, MariaDB Security, Redis Security, Cassandra Security, Amazon Aurora Security, Microsoft Azure SQL Database Security, Neo4j Security, Google Cloud SQL Security, Firebase Realtime Database Security, Apache HBase Security, Amazon DynamoDB Security, Couchbase Server Security, Elasticsearch Security, Teradata Database Security, Memcached Security, Amazon Redshift Security, SQLite Security, CouchDB Security, Apache Kafka Security, IBM Informix Security, SAP HANA Security, RethinkDB Security, InfluxDB Security, MarkLogic Security, ArangoDB Security, RavenDB Security, VoltDB Security, Apache Derby Security, Cosmos DB Security, Hive Security, Apache Flink Security, Google Bigtable Security, Hadoop Security, HP Vertica Security, Alibaba Cloud Table Store Security, InterSystems Caché Security, Greenplum Security, Apache Ignite Security, FoundationDB Security, Amazon Neptune Security, FaunaDB Security, QuestDB Security, Presto Security, TiDB Security, NuoDB Security, ScyllaDB Security, Percona Server for MySQL Security, Apache Phoenix Security, EventStoreDB Security, SingleStore Security, Aerospike Security, MonetDB Security, Google Cloud Spanner Security, SQream Security, GridDB Security, MaxDB Security, RocksDB Security, TiKV Security, Oracle NoSQL Database Security, Google Firestore Security, Druid Security, SAP IQ Security, Yellowbrick Data Security, InterSystems IRIS Security, InterBase Security, Kudu Security, eXtremeDB Security, OmniSci Security, Altibase Security, Google Cloud Bigtable Security, Amazon QLDB Security, Hypertable Security, ApsaraDB for Redis Security, Pivotal Greenplum Security, MapR Database Security, Informatica Security, Microsoft Access Security, Tarantool Security, Blazegraph Security, NeoDatis Security, FileMaker Security, ArangoDB Security, RavenDB Security, AllegroGraph Security, Alibaba Cloud ApsaraDB for PolarDB Security, DuckDB Security, Starcounter Security, EventStore Security, ObjectDB Security, Alibaba Cloud AnalyticDB for PostgreSQL Security, Akumuli Security, Google Cloud Datastore Security, Skytable Security, NCache Security, FaunaDB Security, OpenEdge Security, Amazon DocumentDB Security, HyperGraphDB Security, Citus Data Security, Objectivity/DB). Database drivers (JDBC Security, ODBC), ORM (Hibernate Security, Microsoft Entity Framework), SQL Operators and Functions Security, Database IDEs (JetBrains DataSpell Security, SQL Server Management Studio Security, MySQL Workbench Security, Oracle SQL Developer Security, SQLiteStudio),
Programming Language Security ((1. Python Security, 2. JavaScript Security, 3. Java Security, 4. C# Security, 5. C++ Security, 6. PHP Security, 7. TypeScript Security, 8. Ruby Security, 9. C Security, 10. Swift Security, 11. R Security, 12. Objective-C Security, 13. Scala Security, 14. Golang Security, 15. Kotlin Security, 16. Rust Security, 17. Dart Security, 18. Lua Security, 19. Perl Security, 20. Haskell Security, 21. Julia Security, 22. Clojure Security, 23. Elixir Security, 24. F# Security, 25. Assembly Language Security, 26. Shell Script Security / bash Security, 27. SQL Security, 28. Groovy Security, 29. PowerShell Security, 30. MATLAB Security, 31. VBA Security, 32. Racket Security, 33. Scheme Security, 34. Prolog Security, 35. Erlang Security, 36. Ada Security, 37. Fortran Security, 38. COBOL Security, 39. Lua Security, 40. VB.NET Security, 41. Lisp Security, 42. SAS Security, 43. D Security, 44. LabVIEW Security, 45. PL/SQL Security, 46. Delphi/Object Pascal Security, 47. ColdFusion Security, 49. CLIST Security, 50. REXX);
OS Security, Mobile Security: Android Security - Kotlin Security - Java Security, iOS Security - Swift Security; Windows Security - Windows Server Security, Linux Security (Ubuntu Security, Debian Security, RHEL Security, Fedora Security), UNIX Security (FreeBSD Security), IBM z Mainframe Security (RACF Security), Passwords (Windows Passwords, Linux Passwords, FreeBSD Passwords, Android Passwords, iOS Passwords, macOS Passwords, IBM z/OS Passwords), Passkeys, Hacking (Ethical Hacking, White Hat, Black Hat, Grey Hat), Pentesting (Red Team - Blue Team - Purple Team), Cybersecurity Certifications (CEH, GIAC, CISM, CompTIA Security Plus, CISSP), Mitre Framework, Common Vulnerabilities and Exposures (CVE), Cybersecurity Bibliography, Cybersecurity Courses, Firewalls, CI/CD Security (GitHub Actions Security, Azure DevOps Security, Jenkins Security, Circle CI Security), Functional Programming and Cybersecurity, Cybersecurity and Concurrency, Cybersecurity and Data Science - Cybersecurity and Databases, Cybersecurity and Machine Learning, Cybersecurity Glossary (RFC 4949 Internet Security Glossary), Awesome Cybersecurity, Cybersecurity GitHub, Cybersecurity Topics (navbar_security - see also navbar_aws_security, navbar_azure_security, navbar_gcp_security, navbar_k8s_security, navbar_docker_security, navbar_podman_security, navbar_mainframe_security, navbar_ibm_cloud_security, navbar_oracle_cloud_security, navbar_database_security, navbar_windows_security, navbar_linux_security, navbar_macos_security, navbar_android_security, navbar_ios_security, navbar_os_security, navbar_firewalls, navbar_encryption, navbar_passwords, navbar_iam, navbar_pentesting, navbar_privacy)
© 1994 - 2024 Cloud Monk Losang Jinpa or Fair Use. Disclaimers
SYI LU SENG E MU CHYWE YE. NAN. WEI LA YE. WEI LA YE. SA WA HE.