Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: You can be a Certified Ethical Hacker...

  1. #1
    Senior Member
    Join Date
    Nov 2002
    Posts
    606

    You can be a Certified Ethical Hacker...

    Guys,

    Check this.

    Hackers, that elusive class of computer criminals who break into systems, release viruses, and deface Web sites, right? Wrong! While such computer criminals have helped shape the typical definition of a hacker, not all hackers are out to wreak havoc. There are ethical hackers who crack a system for the sheer challenge of doing so-not to cause damage or destruction. In fact, they often lend a hand to system administrators by notifying them of the loopholes in their system...

    Now a company based in Malaysia is offering a Certified Ethical Hacker Certification. The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. To achieve CEH certification, you must pass 3 comprehensive exams that covers the standards and language involved in common exploits, vulnerabilities and countermeasures. You must also show knowledge of the tools used by hackers in exposing common vulnerabilities as well as the tools used by security professionals for implementing countermeasures. To achieve Certified Ethical Hacker Certification, you must pass an exam in Ethical Hacking and Countermeasures...
    Source and full story here


    ------------------------------------------------------------------------------------------------------------------------


    (And here you have the full exam)


    EXAM:


    Credit Towards Certification
    Certified e-Security Hacker


    Exam Details

    Number of Questions: 50
    Passing Score: 70%
    Test Duration: 2 Hours
    Test Format: Multiple Choice
    Test Delivery: Prometric Prime


    Skills Measured

    Footprinting
    Scanning
    Enumeration
    Hacking Windows 95
    Hacking Windows 98
    Hacking Windows ME
    Hacking Windows XP Home Edition
    Hacking Windows NT
    Hacking Windows 2000
    Novell Netware Hacking
    Hacking UNIX/Linux
    Dial-Up and PBX Hacking
    VPN Hacking
    Hacking through Firewalls
    Denial of Service Attacks (DOS)
    Remote Control and Trojan Horse
    Web Server Hacking
    SSL and E-mail Hacking
    Cracking Passwords
    Hacking Tools


    Test Objectives

    Understanding Hackers

    Know the Hacker
    Hacker Ethics
    Hacker and the Law
    Legal implications of Hacking
    Computer Crime and Punishment

    Footprinting What is Foorprinting?
    Determining the scope of activities
    Network enumeration
    DNS interrogation


    Scanning Determining if the system is alive
    Determining which services are running or listening
    Scan types
    Identifying TCP and UDP services running
    Windows based port scanners
    Port scanning breakdown
    Detecting operating systems
    Active stack fingerprinting
    Passive stack fingerprinting
    Automated discovery tools


    Enumeration

    Windows NT/2000 enumeration
    Windows NT/2000 network enumeration
    Windows NT/2000 host enumeration
    Application and banner enumeration
    Novell enumeration
    UNIX enumeration
    BGP route enumeration


    System Hacking

    Win 9x remote exploits
    Direct connection Win 9x resources
    Win 9x backdoor Trojan and horses
    Server application vulnerabilities
    Win 9x denial of service
    Win 9x local exploits
    Windows ME remote attacks


    Hacking Windows NT

    Remote exploits: Denial of service and buffer overflows
    Privilege escalation
    Exploiting trust
    Sniffers
    Remote control and backdoors
    Port redirection
    Countermeasures to privileged compromise
    Covering tracks
    Disabling auditing
    Clearing the event log
    Hiding files

    Hacking Windows 2000 Footprinting
    Scanning
    Enumeration
    Penetration
    NetBIOS-SMB password guessing
    Eavesdropping on password hashes
    SMBRelay
    Attacks against IIS 5.0
    Remote buffer overflows
    Denial of service
    Privilege escalation
    Grabbing the Windows 2000 password hashes
    EFS
    Startup manipulation
    Remote control
    Keystroke loggers


    Novell Netware Hacking Enumerating Bindery and Trees
    Authenticated enumeration
    Gaining Admin access
    Application vulnerabilities
    Spoofing attacks
    Console logs and NDS files
    Log doctoring


    Hacking UNIX/Linux

    Root abuse
    Vulnerability mapping
    Remote access Vs local access
    Data driven attacks
    Common types of remote attacks
    Hacking root account
    Retrieving /etc/passwd file
    Caching.


    Dial-up, Voicemail and VPN Hacking

    Brute force scripting
    PBX hacking
    Voicemail hacking
    VPN hacking
    Modem scramblers


    Wireless Network Hacking

    IEEE 802.11 Wireless LAN attack
    WAP (Cellular phone) hacking
    Detecting the wireless media
    Hacking Wireless network adapter cards


    Firewalls

    Firewall identification
    Scanning through firewalls
    Packet filtering
    Application proxy vulnerabilities


    Denial of Service (DOS) attacks

    Types of DOS attacks
    Bandwidth consumption
    Resource starvation
    Programming flaws
    Routing and DNS attacks
    Generic DOS attacks
    UNIX and Windows NT DoS
    Remote DOS attacks
    Distributed denial of attacks (DDOS)


    Remote control and back doors

    Discovering remote control software
    Virtual network computing (VNC)
    Attacking Microsoft Terminal Server
    Attacking Citrix ICA


    Hacking the internal user

    Malicious mobile code
    Microsoft ActiveX
    Java Security Holes
    Cookie fraud
    SSL fraud
    E-Mail hacking
    Invoking outbound client connections


    Web Server Hacking

    Attacking Web authentication
    HTTP authentication basic and digest
    Forms-based authentication
    Microsoft Passport
    Password guessing
    Attacking session state management
    Session ID prediction and brute-forcing
    Bypassing SQL-backend login forms
    Input validation attacks
    Attacking Web datastores
    Hacking Web application development
    Web client hacking
    Attacking Web services
    SOAP over HTTPS
    WSDL attack
    Hacking Web services
    Cookie hijacking


    Hacker Tools

    Queso
    Fragrouter
    IPLog
    IPTraf
    Lids
    LSOF
    Nemesis
    Swatch
    Cerberus Internet Scanner
    Crack / Libcrack
    Retina
    Cheops
    Ngrep
    Logcheck
    NFR
    SAM Spade
    Scanlogd
    NAT (NetBIOS Auditing Tool
    Ntop
    Hunt
    John the Ripper
    L0pht Crack
    Strobe
    Firewalk
    Iptables
    SATAN
    SARA
    Sniffit
    Hping2
    Cybercop Scanner
    Tripwire
    DSniff
    Whisker
    Ethereal
    Netcat
    Nessus
    Back Orfice
    Camera/Shy

  2. #2
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Only 50 questions???? wow man, it doesnt seem like that many when all those things are covered, i hope this comes to the Us soon though that would be kinda fun to get.

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    No sh*7!

    I would love to take that cert. I would love to even just take the classes. In my school, if you talk about hacking, people look at you werid with big eyes and won't let you near their PC... lol

    Even the professors. I mean... we are in networking for crying out loud... security is part of it!!!

    Thanks for the heads up Dark Raider!
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Man I would love to take that cert

    Wish I could get it here in US

  5. #5
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741
    They do offer a certification for i guess security guys known as the CISSP. Cissp (Certified information systems security professionals) is a certification available in the US and to most firms will let them know you are more of a whitehat instead of a havoc causer. check them out http://www.cissp.com


    good find though
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  6. #6
    Member neozoon's Avatar
    Join Date
    Dec 2002
    Posts
    33
    Sorry for deceiving you all men but harckers do no harm
    they r always mixed up with crackers who try to invade other systems or to damage others systems you better not mix them up because real hackers know really how defend themselves and take saying things like yousaid as an insult althought theyr peaceful most time.....
    rember hackers build and crackers destroy...
    something else;;;how did the Internet come to world.
    Lemme answer plz===+++>>> Well you won't belive it maybe but thanks to hackers you have the net and you insult them lol
    Now you may try to define hackers as people who want to progress, even if they make a attack it's for pure(iwon't say educative purpses as do crackers publishing them job proudly) fixing and correcting bugs. Also thanx to hackers you can enjoy performant programs and OS with GUI...
    don't think, i am defending them or attacking the crackers, just informing you
    A last thing, i get banned for saying this even b4 you can read it, so mgonna have a maybe last look around in the AO site, who knows!!!
    the most important is that you don't take it personal, enjoy ur surf and fanx for reading...
    Toka Koka: To receive a reward, an equivalent sacrifice has to be made!

  7. #7
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352
    Yea , that would be a blast to take but is there a certain age you have to be in order to be certified?
    "Serenity is not the absence of conflict, but the ability to cope with it."

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    hacker certified, lol
    what an idea ... do peep fight hacker or they encorage hackers.
    i'm getten mix here !!
    if u say i'm hacker, they blow the $h1+ on u
    how come there's a certificate for hacking ?
    When the power of Love overcomes the Love of power, the world will know peace... Jimi Hendrix
    -------------------------------------------------------------
    I dream of giving birth to a child who will ask...... what was war?

  9. #9
    Senior Member
    Join Date
    Oct 2002
    Posts
    181
    Well I'm sorry to say but the Certified Ethical Hacker Certification is not worth the paper it's writen on. In fact the whole exam is a complete ripoff.

    How meny of you have read Hacking exposed? If you have you might notice that

    Skills Measured

    Footprinting
    Scanning
    Enumeration
    Hacking Windows 95
    Hacking Windows 98
    Hacking Windows ME
    Hacking Windows XP Home Edition
    Hacking Windows NT
    Hacking Windows 2000
    Novell Netware Hacking
    Hacking UNIX/Linux
    Dial-Up and PBX Hacking
    VPN Hacking
    Hacking through Firewalls
    Denial of Service Attacks (DOS)
    Remote Control and Trojan Horse
    Web Server Hacking
    SSL and E-mail Hacking
    Cracking Passwords
    Hacking Tools
    is the same as the conents page from the book and what really takes the piss it's in the same order! The contents page can found here http://www.amazon.co.uk/exec/obidos/...079601-8727648

    And it doesn't end there the break down of each section is the same as the book and in the same order again!

    My advice go order the book from Amazon the title is "Hacking Exposed Third edition". It is a very good book on computer security (proberly one of the best).

    If you wont a real certification(sp?) and live in the uk (as it's run by the goverment) try CESG's check course.

    it can be found here http://www.cesg.gov.uk/partnerships/pwi/check/index.htm

    Sorry for the bad news

    SittingDuck
    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    SittingDuck : i don't see any bad news... it's a good news, at least we have a name for a book we can buy and read and learn.

    i'll get ma self a copy of that book, seems interesting
    When the power of Love overcomes the Love of power, the world will know peace... Jimi Hendrix
    -------------------------------------------------------------
    I dream of giving birth to a child who will ask...... what was war?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •