EH-Net

I decided to do the CEH course at Infosec. The instructor will be Jeremy Martin. The course outline is shown below:

Day 1
Security testing methodologies
The Ethical Hacking Profession
Passive Intelligence Gathering – 2007 Version
Network Sweeps
Stealthily Network Recon
Passive traffic identification
Identifying system vulnerabilities
IPv6 Vulnerabilities
Abusing Domain Name System (DNS)
Abusing Simple Network Management Protocol
(SNMP)

Some of the instructor-led hands-on lab exercises:
Network Sweeping
Scanning from spoofed IP addresses
Stealthy Recon
Injecting p0f for passive OS fingerprinting
Scanning through firewalls
IPv6 Scanning
Discover all subdomains owned by an
organization
Discover whois record changes over last 3 years
Windows 2003 Server & Vista DNS Cache
Poisoning Attacks
Pumping SNMP for data – OID Dissection
Attacking SNMP
Capture the Flag exercises every night!

Day 2 include:
• Remote buffer overflow exploit lab
• Custom compiling Shellcode
• Running payloads in RAM
• Hiding exploit payloads in jpeg and gif image
files
• Attacking email vectors (Lotus Notes and
Microsoft Exchange, and Outlook Web Access)
• Registry manipulation
• Client side IE & Firefox exploits
• Using custom Trojans to circumvent Antivirus
• Remote kernel overflows
• RDP (Remote Desktop Protocol) Exploitation
• Cracking Windows Passwords
• Building Rainbow Tables
• Cracking Windows 2003 native mode passwords
• Brute forcing salted Unix passwords
• Attacking Kerberos Pre-Auth Hashes
• Cracking IOS and PIX passwords

Day 3
centers on extending access beyond the initial layer of
penetration. You will learn how to deploy trojan software
stealthily, attack through DMZs IDS & IPS, and deploy
cover channel keyloggers and kernel mode rootkits.
• Trojan genres
• Windows, Unix and Linux Trojans
• Kernel Mode Windows Rootkits
• System Call Hijacking vs. Direct Kernel Object
Modification
• Kernel Mode Linux Rootkits
• Covert communication channels
• Spoofing endpoints of communication tunnels
• Tunneling through IPSec VPNs by abusing ESP
• Steganographic Tunnels
• Remote command execution
• Sniffing and hijacking SSL encrypted sessions
• Installing sniffers on low privilege account in
Windows 2003 Server
• Stealthy Remote keylogger installation
• Circumventing Antivirus

Day 4: Attacking Network Infrastructure, Wireless
Attacks, and malicious evidence removal
After compromising and extending access to all
vulnerable systems at your target organization, you will
learn how to cover your tracks from even the most
vigilant defenders. The second half of Day 4 covers
attacking network infrastructure, including routers,
switches, IDS/IPS and firewalls. Some of the Day 4
lectures include:
• Modifying syslog entries
• Raw binary editing to prevent forensic
investigations
• Editing the Windows Event Log
• Abusing Windows Named Pipes for Domain
Impersonation
• Impersonation of other Users- Hijacking kernel
tokens
• Disguising network connections
• Attacking Cisco IOS
• Attacking STP & BGP protocols
• Wireless Insecurity
• Breaking Wireless Security – WEP, WPA, WPA2
• Blinding IDS & IPS
• Attacking IDS & IPS

Some of the instructor-led hands-on lab exercises:
• Malicious event log editing
• Binary filesystem modification for anti-forensics
• Named Pipe abuse
• Kernel Token Hijacking
• Attacking Border Gateway Protocol (BGP)
• Attack WEP
• Cracking WPA
• Cracking WPA2
• Cisco IOS Exploits
• Breaking into Cisco routers
• Blinding IPS
• Attacking IPS

Day 5: Web Application Hacking
Day 5 is totally dedicated to the latest frontier in hacking
and information security -- web application hacking. You will
come to master the penetration of web applications and
web enabled devices.
• Abusing Web Applications
• Attacking Java Applets
• Breaking web app authentication
• SQL Injection techniques
• Modifying form data
• Attacking session IDs
• Cookie stealing
• Cross Site Scripting
• Cross Site Request Forgery (CSRF) Attacks

Thoughts..................

Sounds like it will be a great course. Jeremy is very knowledgeable. Good luck and let us know how it goes.

BillV

Jeremy is a great guy. He both instructed and spoke at the last ChicagoCon. Be sure to say hello, and let InfoSec know of your affiliation with EH-Net.

Don

Looks like a nice course covering a lot of subjects, let us know how you get on.

Will do and I will keep you guys informed.

Guys the course ended yesterday and lemme tell you it was awesome. Its the best money I spent in a long while. The instructor was VERY good. So Don, Jeremy did live up to expectations. That guy knows so much its just down right scary  :D
I also mentioned the site in class every opportunity I got. In fact when I introduced myself to Jeremy I told he comes highly recommended from the guys over @EH. Jeremy didnt just read from a script he regularly gave REAL world examples.

I sat 2 exams, CPT part 1 and the CEH v5. The CPT was held on Thursday and the CEH on Friday. The material in the course went by quickly and so I wasnt feeling 100% confident about doing either test. I felt the material was just too much to cover in the time frame. So I didnt do he CPT on Thursday instead I went back to my room to study. At one point I said it just wasnt gonna happen and I deceided to do the test at some other time.

Well guys on Friday morning I decided to just go balls out. So I did both tests back to back.I passed BOTH. So now I am CEH ;)

For all the newbies thinking about doing the course Boot Camp style here's my 2cents. What you get out of the course will depend a lot on YOU. The material goes by like USAIN BOLT running the 100m. So if you can get material before hand that would go a far way.You also have to ask A LOT of questions. This is very important. You cannot be afraid to ask questions. Also talk to the instructor every opportunity you get. Utilize the break sessions etc.

Before I did the course I read several threads on this board stating what you needed to know before doing the course.Well they were spot on. Be comfortable with networking knowledge not necessarily a guru but comfy. This proved quite challenging for me because I am from a programming background. Also get comfy with the TCP/IP communication it goes a long way.

At the end of the day the CEH wont make u a hacker. It will open up your eyes to what is out there after which you can then choose the path your gonna take. I plan to do Web Application and Wireless track.

All in all it was a damn good course.

Dark_Knight, thanks for the write up, your opinions and insight, I am sure it will be of use to many of the forum considering the boot camp, and studying for the C|EH.

And congratulations.

Dark_Knight, congrats!! Well done :)


I just want to add a little to this... a successful course also depends on the instructor as well. Be sure to ask the training center for information about the instructor prior to attending the course. You'll want to make sure that the course material is reflected in their experience.

BillV

Spot on BillV. That is sooooo true. Jeremy Martin came highly recommended and believe me he lived up to and surpassed expectations

Gratz on passing your test Dark Knight.  I just completed the ECSA/LPT bootcamp yesterday and also had an amazing instructor, Larry Detar.  The instructor can make a world of difference in how well a bootcamp can go, cause as you know, a bootcamp is like taking the full set of Encyclopedia Britannica, opening up the top of your head and trying to stuff the whole set in at once.

If an instructor is not skilled in covering that much information effectively, the bootcamp will always result in failure.   Glad to hear you got a great instructor.

Any plans on other certs now?

Dark_Knight,

congrats and thanks for the write-up, sounds like you had a great week.

Hi Guys

Grats on the CEH certification
I got my CEH certification about two months ago and am really thinking about the ECSA. Just curiously (a) is the course interesting and well structured (b) Is there any chance that this cert will really take off as an industry recognised cert.

I'm really intent on getting the cert. Thanks for the help guys