Certified Ethical Hacker Proficiency (Advanced Level)

Topics covered

• define session hijacking, describe how it can be accomplished, and recognize the different types
• define the five core elements of cybersecurity
• describe common application level session hijacking attacks such as man-in-the-middle, man-in-the-browser, cross-site scripting (XSS), and cross-site request forgery (XSRF)
• describe common session-hijacking security controls and countermeasures like detection methods and tools, as well as best-practices like using encrypted protocols and secure session handling techniques
• describe ethical hacking, how it can be a great tool for helping to create a more secure network, and the skills and limitations common to ethical hackers
• describe footprinting and recognize the different types of information you can gather in this initial stage of attack
• describe Google Dorks, recognize some of the useful advanced search features of the Google search engine, and recognize how these features may be used to discover vulnerabilities and sensitive information with our targets
• describe Inverse TCP scans, how to issue an Inverse TCP scan with nmap, and the pros and cons of this scan type
• describe risk as it pertains to cybersecurity, recognize the risk levels, and use a risk matrix to visualize risk
• describe Stealth scans, how to issue a Stealth scan with nmap, and the pros and cons of using this scan type
• describe TCP Connect scans, how to issue a TCP Connect scan with nmap, and the pros and cons of using this type of scan
• recognize commonly used footprinting tools that will help you with not only the exam, but that are employed in real-life as well
• recognize common standards and regulations that pertain to the varied world industries and organizations
• recognize how attackers can use wordlists for purposes such as fuzzing and password attacks, the usefulness of custom wordlists, and how to generate a wordlist based on a target's web presence
• recognize how e-mail tracking systems can glean info like IP addresses, geo-location, and host operating systems
• recognize how risk management helps to minimize the negative effects of risk and the five phases of risk management
• recognize how to discover the public network info associated with your target
• recognize how to gather and inspect metadata for possible sensitive info about a target
• recognize security controls that could be recommended to a client to help them better protect against an attacker's footprinting and recon efforts
• recognize the details of common network-based session hijacking attacks such as UDP, TCP, and RST hijacking used to perform man-in-the-middle attacks
• recognize the types and use of artificial intelligence and machine learning and the role they play in the current cybersecurity battlefield
• recognize what it means to be a hacker and the common hacker classes, as well as the five phases of hacking
• use nmap's ACK scan for the purposes of mapping possible firewall rules and enumerating port states
• use social engineering techniques like shoulder surfing and dumpster diving to obtain useful or sensitive information about your target's organization
• use WHOIS and DNS services to gather useful target information