CEH v11 will teach you the latest commercial-grade hacking tools. Highlights of what sets CEH v11 apart from others are given in this SlideShare.
To learn more about CEH v11, click here: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
2. An Introduction to Ethical Hacking
Incident Handling &
Response
Role of AI & ML
Tactics, Techniques &
Procedures (TTPs)
Attacks Classification
IoCs & Categories
Cyber Kill Chain Concepts
Build responsive strategies to keep
organizations safe by staying updated on
the latest risks.
Acquire in-depth knowledge of
types of attacks & countermeasures.
Behavioral Identification
Cyber Threat Intelligence
Make organizations stronger by describing threat
vectors & attacks.
Create a strong TI program with
threat modeling tools, a well-
tested process, & the availability
of technology.
Prepare for the future & prevent similar
attacks from happening by using IoCs.
Focus more on social & behavioral
patterns, as the majority of cyber
incidents are human enabled.
Learn how threat agents
(attackers) orchestrate and
manage attacks.
Understand how to handle &
respond to cyber incidents
3. 8 Footprinting and Reconnaissance Techniques
Web Services
Social Media Websites
Reverse DNS Lookup
OSINT Framework
Gathering Wordlist from Target Website
Search Engines
Conduct a location-specific search on
popular social media websites
Gather information from free tools & resources
Website Footprinting
Deep & Dark Web
Footprinting
Gather information using reverse image search,
meta search engines, FTP & IoT Search engines
Resolve anonymity issues on
the net by erasing a user's
surfing footprint.
Create custom wordlists for password
cracking using Mentalist
Collect information about the target
by monitoring the target's website
Query the IP address to find the
hostname
Gather information using
business profile sites & NNTP
Usenet Newsgroups
4. 4 Ways to Scan Networks
Service Version Discovery
Source Port Manipulation
Host Discovery
Secure solutions to these problems exist,
often in the form of application-level
proxies or protocol-parsing firewall
modules
Port & Service Discovery
ARP Ping scan and UDP Ping scan, Ping
sweep countermeasures, TCP Ping scan, IP
Portal Ping scan
TCP Maimon scan, SCTP
Scanning, SCTP INIT Scanning, SCTP
COOKIE ECHO Scanning
Nmap Scan time Reduction
Techniques, OS discovery using Nmap &
Unicorn scan, Nmap script engine, IPv6
Fingerprinting
5. Enumeration
DNSSEC Zone Walking
Telnet Enumeration
IPv6 Enumeration
BGP Enumeration
SMB Enumeration
NFS Enumeration
Telnet is a client-server protocol used for
the link to port number 23 of Transmission
Control Protocol
BGP or Border Gateway Protocol is one of the
most important protocols on the internet
TFTP Enumeration
DNS Cache Snooping
NFS allows remote hosts to mount the systems/
directories over a network
When someone queries
a DNS server in order to find out
(snoop) if the DNS server
has a specific DNS record
cached
SMB enumeration is a very important
skill for any pen tester. Before learning
how to enumerate SMB , we must first
learn what SMB is
TFTP doesn't provide directory
listings. This script tries to retrieve
filenames from a list
IPv6 is the latest iteration of
Internet Protocol (IP), and odds are
your devices are chatting with
other devices using this protocol
Technique that is used by
attackers to enumerate the full
content of DNSSEC-signed
DNS zones
6. System Hacking
Privilege Escalations
Using Named Pipe Impersonation by exploiting
misconfigured services
Vulnerability Exploration
Exploit sites, Buffer Overflow (types, Windows Exploitation
& defending against Buffer Overflow)
Types of Password Attacks
Internal Monologue attack, Cracking Kerberos password,
Pass the ticket attack & other active online attacks
7. Malware Threats
Infect Systems Using
Trojans
Infecting System Using Virus
Trojan Analysis
Fileless Malware Concepts
Fileless Malware Analysis
APT Lifecycle
Propagating & deploying a virus
Taxonomy of fileless malware threats, launching
fileless malware, Obfuscation techniques to
bypass Antivirus
Virus Analysis
Trojan Concepts
NFS allows remote hosts to mount the systems/
directories over a network.
Point-of-sale trojans
Astaroth Attack, Fileless malware
countermeasures, Detection & Protection tools
SamSam Ransomware attack
phases
Emotet attack malware phases
Employing a dropper or
downloader, deploying a trojan
through USB/Flash drives
8. Hacking WebApplications
Web API, Web Hooks & Web
Shell
Web API Hacking Methodology
Webshells & API
Web Application Security
Exploiting Insecure Configurations
Web Application Concepts
Identifying the target, launching the
attack,
Web application security testing by manual &
automated web app security assessment, SAST,
DAST, and bug bounty programs
Techniques to Hack an API
Hacking Methodology
Web services, web application threats, injection
attacks, and other web application attacks
Footprint web infrastructure,
analyzing web applications,
bypass client-side controls,
attack authentication
mechanism, attack shared
environments
SSL Configuration, Insecure Direct Object
Reference (IDOR), Login/credential stuffing
attacks, API DDoS Attacks
Reverse engineering, user
spoofing, man-in-the-middle attack,
social engineering
Gaining backdoor access via
webshell, secure API architecture,
API security risks & solutions
OWASP Top 10 API Security
Risks, API Vulnerabilities, Web
Hooks Vs API
9. IoT & OT Hacking
Hacking OT
OT Attacks
OT Hacking Methodologies IoT Attacks
OT Vulnerabilities, threats & attacks,
hacking industrial systems through RF
remote controllers, OT Malware analysis
IoT Hacking Methodology
IoT Vulnerabilities, SDR-based attacks on
IoT, Identifying & Accessing Local IoT
Devices, Fault Injection Attacks
Information gathering using FCC ID
Search, Discovering IoT Devices
with Default, Credentials using IoT
Seeker, Sniffing using Wireshark
Identifying ICS/SCADA Systems using shodan,
gathering default passwords using CRITIFENCE,
vulnerability scanning using Nessus & Skybox
vulnerability control, & many more
OT concepts, components of an
ICS, OT Technologies & Protocols
Countermeasures
How to defend against OT hacking, OT
Vulnerabilities & solutions, securing an
IT/OT Environment, OT Security solutions
10. Cloud Computing
Serverless ComputingCloud Computing Threats
Cloud Hacking Cloud Computing Concepts
OWASP Top 10 Cloud & Serverless
security risks, Container & Kubernetes
vulnerabilities, types of cloud attacks
The growth of cloud computing has made
hacking more rampant. Learn how to protect
data on the cloud
Cloud Security
Container Technology
Cloud storage architecture, role of AI in
cloud computing, VR & augmented reality on
cloud
Container Technology
architecture, What is Docker,
Container Orchestration, What is
Kubernetes?, Container Security
Challenges
Set of policies, technologies,
applications, and controls utilized
to protect virtualized IP, data,
applications, services
Serverless Vs Containers,
Serverless computing frameworks