I decided to do the CEH course at Infosec. The instructor will be Jeremy Martin. The course outline is shown below:

Day 1
Security testing methodologies
The Ethical Hacking Profession
Passive Intelligence Gathering – 2007 Version
Network Sweeps
Stealthily Network Recon
Passive traffic identification
Identifying system vulnerabilities
IPv6 Vulnerabilities
Abusing Domain Name System (DNS)
Abusing Simple Network Management Protocol
(SNMP)

Some of the instructor-led hands-on lab exercises:
Network Sweeping
Scanning from spoofed IP addresses
Stealthy Recon
Injecting p0f for passive OS fingerprinting
Scanning through firewalls
IPv6 Scanning
Discover all subdomains owned by an
organization
Discover whois record changes over last 3 years
Windows 2003 Server & Vista DNS Cache
Poisoning Attacks
Pumping SNMP for data – OID Dissection
Attacking SNMP
Capture the Flag exercises every night!

Day 2 include:
• Remote buffer overflow exploit lab
• Custom compiling Shellcode
• Running payloads in RAM
• Hiding exploit payloads in jpeg and gif image
files
• Attacking email vectors (Lotus Notes and
Microsoft Exchange, and Outlook Web Access)
• Registry manipulation
• Client side IE & Firefox exploits
• Using custom Trojans to circumvent Antivirus
• Remote kernel overflows
• RDP (Remote Desktop Protocol) Exploitation
• Cracking Windows Passwords
• Building Rainbow Tables
• Cracking Windows 2003 native mode passwords
• Brute forcing salted Unix passwords
• Attacking Kerberos Pre-Auth Hashes
• Cracking IOS and PIX passwords

Day 3
centers on extending access beyond the initial layer of
penetration. You will learn how to deploy trojan software
stealthily, attack through DMZs IDS & IPS, and deploy
cover channel keyloggers and kernel mode rootkits.
• Trojan genres
• Windows, Unix and Linux Trojans
• Kernel Mode Windows Rootkits
• System Call Hijacking vs. Direct Kernel Object
Modification
• Kernel Mode Linux Rootkits
• Covert communication channels
• Spoofing endpoints of communication tunnels
• Tunneling through IPSec VPNs by abusing ESP
• Steganographic Tunnels
• Remote command execution
• Sniffing and hijacking SSL encrypted sessions
• Installing sniffers on low privilege account in
Windows 2003 Server
• Stealthy Remote keylogger installation
• Circumventing Antivirus

Day 4: Attacking Network Infrastructure, Wireless
Attacks, and malicious evidence removal
After compromising and extending access to all
vulnerable systems at your target organization, you will
learn how to cover your tracks from even the most
vigilant defenders. The second half of Day 4 covers
attacking network infrastructure, including routers,
switches, IDS/IPS and firewalls. Some of the Day 4
lectures include:
• Modifying syslog entries
• Raw binary editing to prevent forensic
investigations
• Editing the Windows Event Log
• Abusing Windows Named Pipes for Domain
Impersonation
• Impersonation of other Users- Hijacking kernel
tokens
• Disguising network connections
• Attacking Cisco IOS
• Attacking STP & BGP protocols
• Wireless Insecurity
• Breaking Wireless Security – WEP, WPA, WPA2
• Blinding IDS & IPS
• Attacking IDS & IPS

Some of the instructor-led hands-on lab exercises:
• Malicious event log editing
• Binary filesystem modification for anti-forensics
• Named Pipe abuse
• Kernel Token Hijacking
• Attacking Border Gateway Protocol (BGP)
• Attack WEP
• Cracking WPA
• Cracking WPA2
• Cisco IOS Exploits
• Breaking into Cisco routers
• Blinding IPS
• Attacking IPS

Day 5: Web Application Hacking
Day 5 is totally dedicated to the latest frontier in hacking
and information security -- web application hacking. You will
come to master the penetration of web applications and
web enabled devices.
• Abusing Web Applications
• Attacking Java Applets
• Breaking web app authentication
• SQL Injection techniques
• Modifying form data
• Attacking session IDs
• Cookie stealing
• Cross Site Scripting
• Cross Site Request Forgery (CSRF) Attacks

Thoughts..................

Jeremy is a great guy. He both instructed and spoke at the last ChicagoCon. Be sure to say hello, and let InfoSec know of your affiliation with EH-Net.

Don

Will do and I will keep you guys informed.

Dark_Knight, thanks for the write up, your opinions and insight, I am sure it will be of use to many of the forum considering the boot camp, and studying for the C|EH.

And congratulations.

Spot on BillV. That is sooooo true. Jeremy Martin came highly recommended and believe me he lived up to and surpassed expectations

Dark_Knight,

congrats and thanks for the write-up, sounds like you had a great week.