CERTIFIED ETHICAL HACKER PROGRAM
The Certified Ethical Hacker (CEH) is a core training program for an information security professional, also referred to as a white-hat hacker, who systematically attempts to inspect network infrastructure with the consent of its owner to find security vulnerabilities which a malicious hacker could potentially exploit. The course helps you assess the security posture of an organization by identifying vulnerabilities in the network and system infrastructure to determine if unauthorized access is possible. The Certified Ethical Hacker program is the most comprehensive Ethical Hacking program in the world. It is the first of three courses within our Vulnerability Assessment and Penetration Testing (VAPT) track.
This program will train you on the most advanced tools and techniques used by black and grey hat hackers alike to break into an organization to assess, document, and remediate vulnerabilities from a vendor-neutral perspective. CEH will put you in the driver’s seat of an interactive, hands-on learning environment that challenges you to test the integrity of systems and networks by hacking them!
CEH’s 5 Phases of Ethical Hacking
Module 01: Introduction to Ethical Hacking
Module 02: Footprinting and Reconnaissance
Module 03: Scanning Networks
Module 04: Enumeration
Module 05: Vulnerability Analysis
Module 06: System Hacking
Module 07: Malware Threats
Module 08: Sniffing
Module 09: Social Engineering
Module 10: Denial-of-Service
Module 11: Session Hijacking
Module 12: Evading IDS, Firewalls, and Honeypots
Module 13: Hacking Web Servers
Module 14: Hacking Web Applications
Module 15: SQL Injection
Module 16: Hacking Wireless Networks
Module 17: Hacking Mobile Platforms
Module 18: IoT Hacking
Module 19: Cloud Computing
Module 20: Cryptography
- What is IP address and Mac address?
Ans: IP address: To every device to an IP address is assigned, so that device can be located to the network.
MAC (Machine Access Control) address: A MAC address is the unique serial number assigned to the every network interface on every device.
- List out some of common tools used by Ethical hackers?
Ans: Below are some of tools:
- John The Ripper
- Burp Suite
- OWASP ZAP
- Angry IP Scanner
- GFI LanGuard
- What are the different types of hacking?
Ans: There are various forms of hacking, which are –
- Computer Hacking
- Password Hacking
- Website Hacking
- Network Hacking
- Email Hacking
- Ethical Hacking
- Explain what is Brute Force Hack?
- Explain what is the DOS (Denial of service) attack?
Ans: Denial of Service, is aamalicious attack on network that is done by flooding the network with useless to traffic. Although, DOS does not cause any theft of the information or security breach, it can cost the website owner is great deal of money and time.
- Explain what is the SQL injection?
Ans: SQL is one of the technique used to steal data from the organizations, it is a fault to created in the application code. SQL injection happens to when you inject the content into an SQL query string and the result mode of content into a SQL query string, and the result modifies the syntax of your query in the ways you did not intend.
- What is Phishing?
Ans: Phishing technique involves sending of false emails, chats or website to the impersonate real system with aim of stealing information from the original website.
- Explain what is the Network Sniffing?
Ans: A network sniffer to monitors data flowing over the computer network links. By allowing you to capture and view the packet to level data on your network, sniffer tool can help you to the locate network problems. Sniffers can be used for both stealing information off the network and also for legitimate network management.
- What is the Mac Flooding?
Ans: Mac Flooding is a technique of where the security of given to network switch is compromised. In Mac flooding the hacker or attacker floods to the switch with a large number of frames, then what an switch can handle. This make switch to behaving as a hub and transmits all the packets at all the ports. Taking the advantage of this attacker will try to send his packet inside the network to a steal the sensitive the information.
- What is footprinting? What are the different techniques of footprinting?
Ans: It is the processes of collecting information about the target before gaining access, and uncovering it. Different techniques of footprinting are –
Open Source Footprinting – It is a way to find administrator contact information. This information is later used to guess the correct password.
Network Enumeration – Here the hacker tries to identify domain names and network blocks of the target.
Scanning – Scanning includes prying on the active IP addresses of a network.
Stack Fingerprinting – : This is the last footprinting step, which involves mapping the port and host.
- What is CIA Triangle?
Ans: CIA Triangle is a model for guiding information security policies in any organization. It stands for –
Confidentiality – Maintaining the secrecy of the information
Integrity – Keeping the information unchanged
Availability – Ensuring an all-time availability of the information to the authorized
- What is SNMP?
Ans: SNMP is the abbreviation for Simple Network Management Protocol and is a simple Transmission Control Protocol/Internet Protocol (TCP/IP) for remote monitoring and managing hosts, routers and other devices on a network.
- What is MIB?
Ans: MIB is the short form of Management Information Base. It is a hierarchical virtual database of network having all the information about network objects. It is used by SNMP and Remote MONitoring 1 (RMON1).
- What is coWPAtty?
Ans: coWPAtty is a C-based tool to run an offline dictionary attack against Wi-Fi Protected Access (WPA/WPA2) and audit pre-shared WPA keys using Pre-Shared Key (PSK)-based authentication. coWPAtty is capable of implementing an accelerated attack if a precomputed Pegasus Mail Keyboard (PMK file) is available for the Service Set Identifier (SSID).
- What are the various stages of hacking?
Ans. There are mainly five stages in hacking:
Reconnaissance: This is the primary phase of hacking, also known as footprinting or information gathering phase, where hacker collects as much information as possible about the target. It involves host, network, DNS records, and more.
Scanning: It takes the data discovered during reconnaissance and uses to examine the network.
Gaining access: The phase where attackers enter into a system/network using various tools and techniques.
Maintaining access: Once hackers gain access, they want to maintain access for future exploitation and attacks. This can be done using trojans, rootkits, and other malicious files.
Covering tracks: Once the hackers are able to gain and maintain access, they cover tracks to avoid detection. It involves the modifying/deleting/corrupting value of logs, removing all traces of work, uninstalling applications, deleting folders, and more.
- What is a firewall?
Ans: A firewall is a network security system that allows or blocks network traffic as per predetermined security rules. These are placed on the boundary of trusted and untrusted networks.
- What is the difference between encryption and hashing?
Ans: Hashing is used to validate the integrity of the content, while encryption ensures data confidentiality and security. Encryption is a two-way function that includes encryption and decryption, while hashing is a one-way function that changes a plain text to a unique digest that is irreversible.
- What is Adware?
Ans: Adware is a type of unwanted software created to show advertisements automatically onto your desktop or mobile screens. These appear mostly while using a web browser on a computer system or a mobile.
- What is Data Breach?
Ans: Data breach comes under the process of a Cyberattack that enables cybercriminals to get unauthorized entry to a computer or a network. This allows them to steal private, confidential, sensitive and financial data of customers or existing users.
- What is a Script kiddie?
Ans: A script kiddie is someone who lacks basic skills of programming knowledge and makes use of simple software to perform an attack on a computer.
Scope of Ethical Hacking:
As the number of cyber-threats increases, and the demand for cyber-security increases as well, the need for ethical hackers is also set to try and keep up. In short, the future of ethical hacking jobs is secured for the foreseeable future because no organization/business wants to be left vulnerable.
Demand of Ethical Hacking:
Ethical hackers are systems and network experts in fending off cyber-attacks and this, therefore, puts them at the front line when it comes to preventing cyber-attacks. In the UK for example, JOBLIFT, reports that the demand for jobs in ethical hacking increased by 3X the rate of supply. (The average monthly increase in ethical hacking job vacancies was up 4% while the average monthly increase in demand for the jobs rose by 12%).
Other reasons for the increase in demand include:
- The increasing adoption of cloud computing coupled with inconsistencies associated with security patching
- Ransomware and other threats are consistently becoming more sophisticated
- Increased budgetary allocations towards cybersecurity (global spending on cybersecurity will exceed $1 trillion between 2017 and 2021)
- The number of internet users keeps increasing (There were nearly 4 billion Internet users in 2018 (roughly half of the world’s population of 7.7 billion), up from 2 billion in 2015.
Ethical Hacking Job Profiles:
- Network administrator/manager
- Security investigator
- Penetration tester
- Web security administrator/manager
- Data security analyst/specialist
- Computer/digital forensics investigator
- IT security administrator/consultant/manager
- Network defense technicians
Ethical Hacking jobs and salaries in India:
In India on an average a certified ethical hacker earns an average salary of Rs 3,67,249 per year which increases with experience cumulatively upto more than 15 lakh per year. According to Payscale.com the current average salary of a CEH professional is $ 90,000 or INR 64,06,560 per year. With the right number of years of experience the number touches an even better benchmark.
- Paladion Networks Rs 214,551 – Rs 509,714
- Wipro Technologies Ltd. Rs 101,980 – Rs 800,000
- Tata Consultancy Services Limited Rs 290,874 – Rs 630,000
- EY (Ernst & Young) Rs 316,266 – Rs 752,553
- InfoSys Limited Rs 121,641 – Rs 910,630
- Bangalore, Karnataka Rs 256,635 – Rs 1,133,880
- Mumbai, Maharashtra Rs 218,305 – Rs 1,072,867
- Chennai, Tamil Nadu Rs 241,957 – Rs 913,540
- Pune, Maharashtra Rs 254,028 – Rs 1,043,389
- Hyderabad, Andhra Pradesh Rs 236,718 – Rs 982,635
Years of Experience
- Less than 1 year 15%
- 1-4 years 48%
- 5-9 years 23%
- 10-19 years 13%
- 20 years or more 1%
Skills Required Becoming an Ethical Hacker:
- Interest in keeping abreast with the latest developments in computing
- Keen observation and ability to work with details
- Ability to take challenge
- Adaptability and patience
- Proficient in the art of inspection, foot printing, testing and social engineering
- Analytical and logical thinking
- Problem solving skills
- Creativity and resourcefulness
- Good in computer networking
- CEH is the essential certification which would be highly helpful