Certificazione Ethical Hacker CEH

 

Certificazione Etichal Hacker ed Esame

La certificazione Ethical Hacker CEH attesta la capacità di portare attacchi informatici a reti, infrastrutture IT, applicazioni e siti web sia dell’organizzazione per cui lavora, sia a clienti, per individuare e risolvere vulnerabilità dei sistemi e migliorarne la sicurezza. L’Ethical Hacker opera con l’autorizzazione dei proprietari del sistema informatico target e adotta tutte le precauzioni per garantire che i risultati dell’indagine da lui condotta restino riservati.

Per ottenere la certificazione CEH è necessario superare l’esame 312-50 EC Council. L’unico percorso formativo ufficiale che prepara e autorizza a sostenere l’esame CEH è il corso Ethical Hacker EC Council.

Il corso è disponibile in due modalità: intensiva presso un ATC o distribuita in modalità Academia.

eForhum adotta questa seconda modalità, ovvero tipicamente Academy, non intensiva, distribuita su un arco temporale ampio di due mesi, serale o sabato, con un monte ore di 80 ore, per creare competenza e buona occupabilità per l’individuo.

Certificazione CEH: argomenti d'esame

Il seguente elenco di argomenti d’esame è tratto dall’exam blueprint v4.0 CEH EC Council.

1. Information Security and Ethical Hacking Overview

1.1. Introduction to Ethical Hacking

  • Information Security Overview
  • Cyber Kill Chain Concepts
  • Hacking Concepts
  • Ethical Hacking Concepts
  • Information Security Controls
  • Information Security Laws and Standards

2. Reconnaissance Techniques

2.1 Footprinting and Reconnaissance

  • Footprinting Concepts
  • Footprinting Methodology
  • Footprinting through Search Engines
  • Footprinting through Web Services
  • Footprinting through Social Networking Sites
  • Website Footprinting
  • Email Footprinting
  • Whois Footprinting
  • DNS Footprinting
  • Network Footprinting
  • Footprinting through Social Engineering
  • Footprinting Tools
  • Footprinting Countermeasures

2.2 Scanning Networks

  • Network Scanning Concepts
  • Scanning Tools
  • Host Discovery
  • Port and Service Discovery
  • OS Discovery (Banner Grabbing/OS Fingerprinting)
  • Scanning Beyond IDS and Firewall
  • Draw Network Diagrams

2.3 Enumeration

  • Enumeration Concepts
  • NetBIOS Enumeration
  • SNMP Enumeration
  • LDAP Enumeration
  • NTP and NFS Enumeration
  • SMTP and DNS Enumeration
  • Other Enumeration Techniques (IPsec, VoIP, RPC,
  • Unix/Linux, Telnet, FTP, TFTP, SMB, IPv6, and BGP enumeration)
  • Enumeration Countermeasures

3. System Hacking Phases and Attack Techniques

3.1 Vulnerability Analysis

  • Vulnerability Assessment Concepts
  • Vulnerability Classification and Assessment Types
  • Vulnerability Assessment Solutions and Tools
  • Vulnerability Assessment Reports

3.2 System Hacking

  • System Hacking Concepts
  • Gaining Access
  • Cracking Passwords
  • Vulnerability Exploitation
  • Escalating Privileges
  • Maintaining Access
  • Executing Applications
  • Hiding Files
  • Clearing Logs

3.3 Malware Threats

  • Malware Concepts
  • APT Concepts
  • Trojan Concepts
  • Virus and Worm Concepts
  • File-less Malware Concepts
  • Malware Analysis
  • Malware Countermeasures
  • Anti-Malware Software

4. Network and Perimeter Hacking

4.1 Sniffing

  • Sniffing Concepts
  • Sniffing Technique: MAC Attacks
  • Sniffing Technique: DHCP Attacks
  • Sniffing Technique: ARP Poisoning
  • Sniffing Technique: Spoofing Attacks
  • Sniffing Technique: DNS Poisoning
  • Sniffing Tools
  • Sniffing Countermeasures
  • Sniffing Detection Techniques

4.2 Social Engineering

  • Social Engineering Concepts
  • Social Engineering Techniques
  • Insider Threats
  • Impersonation on Social
  • Networking Sites
  • Identity Theft
  • Social Engineering Countermeasures

4.3 Denial-of-Service

  • DoS/DDoS Concepts
  • DoS/DDoS Attack Techniques
  • Botnets
  • DDoS
  • Case Study
  • DoS/DDoS Attack Tools
  • DoS/DDoS Countermeasures
  • DoS/DDoS Protection Tools

4.4 Session Hijacking

  • Session Hijacking Concepts
  • Application Level Session Hijacking
  • Network Level Session Hijacking
  • Session Hijacking Tools
  • Session Hijacking Countermeasures

4.5 Evading IDS, Firewalls, and Honeypots

  • IDS, IPS, Firewall, and Honeypot Concepts
  • IDS, IPS, Firewall, and Honeypot Solutions
  • Evading IDS
  • Evading Firewalls
  • IDS/Firewall Evading Tools
  • Detecting Honeypots
  • IDS/Firewall Evasion Countermeasures

5. Web Application Hacking

5.1 Hacking Web Servers

  • Web Server Concepts
  • Web Server Attacks
  • Web Server Attack Methodology
  • Web Server Attack Tools
  • Web Server Countermeasures
  • Patch Management
  • Web Server Security Tools

5.2 Hacking Web Applications

  • Web App Concepts
  • Web App Threats
  • Web App Hacking Methodology
  • Footprint Web Infrastructure
  • Analyze Web Applications
  • Bypass Client-Side Controls
  • Attack Authentication Mechanism
  • Attack Authorization Schemes
  • Attack Access Controls
  • Attack Session Management Mechanism
  • Perform Injection Attacks
  • Attack Application Logic Flaws
  • Attack Shared Environments
  • Attack Database Connectivity
  • Attack Web App Client
  • Attack Web Services
  • Web API, Webhooks and Web Shell
  • Web App Security

5.3 SQL Injection

  • SQL Injection Concepts
  • Types of SQL Injection
  • SQL Injection Methodology
  • SQL Injection Tools
  • Evasion Techniques
  • SQL Injection Countermeasures

6. Wireless Network Hacking

  • Wireless Concepts
  • Wireless Encryption
  • Wireless Threats
  • Wireless Hacking Methodology
  • Wireless Hacking Tools
  • Bluetooth Hacking
  • Wireless Countermeasures
  • Wireless Security Tools

7. Mobile Platform, IoT, and OT Hacking

7.1 Hacking Mobile Platforms

  • Mobile Platform Attack Vectors
  • Hacking Android OS
  • Hacking iOS
  • Mobile Device Management
  • Mobile Security Guidelines and Tools

7.2 IoT and OT Hacking

  • IoT Concepts
  • IoT Attacks
  • IoT Hacking Methodology
  • IoT Hacking Tools
  • IoT Countermeasures
  • OT Concepts
  • OT Attacks
  • OT Hacking Methodology
  • OT Hacking Tools
  • OT Countermeasures

8. Cloud Computing

  • Cloud Computing Concepts
  • Container Technology
  • Serverless Computing
  • Cloud Computing Threats
  • Cloud Hacking
  • Cloud Security

9. Cryptography

  • Cryptography Concepts
  • Encryption Algorithms
  • Cryptography Tools
  • Public Key Infrastructure (PKI)
  • Email Encryption
  • Disk Encryption
  • Cryptanalysis
  • Countermeasures

Certificazione CEH: iscrizione e validità

La certificazione Certifed Ethical Hacker (ANSI) si può sostenere solo presso i test center accreditati VUE o presso i test Center ETC.

Per ottenere la certificazione è necessario superare l’esame 312-50, che una durata di 4 ore, include 125 domande a risposta multipla. La certificazione ha una validità di 3 anni.

Chi può sostenere l’esame?

  • Chi ha frequentato un corso ufficiale. In tal caso l’esame di certificazione viene incluso all’interno del corso, oppure
  • Chi ha due anni di esperienza in ambito coerente sulle seguenti tematiche:
    • Information Security and Ethical Hacking Overview
    • Reconnaissance Techniques
    • System Hacking Phases and Attack Techniques
    • Network and Perimeter Hacking
    • Web Application Hacking
    • Wireless Network Hacking
    • Mobile Platform, IoT, and OT Hacking
    • Cloud Computing
    • Cryptography

In questo secondo caso l’application all’esame viene valutata direttamente da EC Council.

Il costo dell’esame è incluso nel costo del corso. Per chi ottiene tale autorizzazione di EC Council a sostenere l’esame come privatista il costo dell’esame è di 1190$ presso i test center VUE e 950$ presso i test center ETC.

 

Contatti

    I corsi e le certificazioni informatiche più richiesti

    Cisco CCNA

    Vai ai corsi

    Microsoft Azure

    Vai ai corsi

    VMware VCP-DCV

    Vai ai corsi

    Cisco CyberOps

    Vai ai corsi

    Check Point CCSA

    Vai ai corsi

    Palo Alto PCNSA

    Vai ai corsi

    Ethical Hacker CEH

    Vai ai corsi

    Cisco CCNP

    Vai ai corsi