Who's Online
There are currently, 198 guest(s) and 1 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
|  |
CHFI v8
Posted by cdupuis on Monday, 19 December 2011 @ 09:48:58 EST (375 reads)
Topic CEH
Anonymous writes "The EC-Council has announced the release of the Computer Hacking Forensic Investigator (CHFI) Version 8.
This new version of the CHFI V8 has been greatly improved and details will be released over the next few days.
Come back in a few days for all the details of the new CHFI v8
Best regards
Clement "
CEH V7 Exam Non Refundable Eligibility Fees for Self Study students
Posted by cdupuis on Tuesday, 05 July 2011 @ 13:50:16 EDT (1696 reads)
Topic CEH
NOTE FROM CLEMENT:
as of July 15, 2011 there will be a fee of $100 imposed on top of the exam cost to people who are doing self study and wish to take the CEH V7 exam without attending official CEH Version 7 training. If you are doing self study and wish to take the CEH V7 exam in the future, ensure you meet all of the requirements below. This new requirement does not apply to students who are attending training at official training centers. See the announcement from the EC-Council below regarding the new requirements:
IMPORTANT UPDATE as of July 15, 2011:
Effective July 15, 2011, EC-Council is introducing a Non Refundable Eligibility Application Fee of USD 100.00 for CEH exams on Prometric APTC and Pearson VUE channels. Any inconvenience is greatly regretted.
Eligibility Requirements ( Effective July 11, 2011)
In order to be eligible to test for the CEH certification examination, you must:-
Have attended training for the CEH course at any of our EC-Council Accredited Training Centers. Should you choose to defer taking the examination after your training, and would like to opt for another location; you can apply for the same at a later date at any ATC of your choice by submitting your certificate of attendance to EC-Council.
In order to be considered for the EC-Council certification exam without attending official training at EC-Council Accredited training center, an applicant must:
a) Have at least two years of information security related experience. b) Remit a non refundable eligibility application fee of USD 100.00 at our website http://www.eccouncil.org/orders.htmC) Submit a completed Exam Eligibility Form. Upon approval, EC-Council will send you an eligibility voucher number which you can use to register and schedule the test at any Authorized Prometric or VUE Testing Center globally. Please note that Prometric and VUE Registration will not entertain any requests without the eligibility number.
Exam voucher can be purchased from EC-Council website or directly from Prometric and VUE at a cost of USD 500.00
Applicants who withdraw their application or whose application is denied by EC-Council will not receive any refunds.
EC-Council reserves the right to revoke the certification status of candidates that attempt this exam without a valid eligibility voucher number.
What are the pre-requisites for taking a CEH exam?
If you attend CEH training, you are eligible to attempt the CEH examination. If you opt for self study, you must complete the eligibility form with a non refundable fee of USD 100.00 payable at http://www.eccouncil.org/orders.htm and email it to EC-Council at finance@eccouncil.org for approval.
Can I take the exam at VUE testing centers?
Yes. The 312-50 exam is available at VUE testing centers as well. Just like Prometric APTC, you will need an eligibility number to attempt the exam at VUE. Please note that a non refundable eligibility fee of USD 100.00 is applicable when applying for eligibility voucher.
The eligibility number issued for Prometric cannot be used for VUE and vice versa.
You can indicate in the eligibility application form which center you will be taking the test. Please visit VUE's EC-Council testing page at:
EC-Council officially released their ILABS for the CEH V7
Posted by cdupuis on Thursday, 09 June 2011 @ 09:08:18 EDT (1339 reads)
Topic CEH
Anonymous writes "Good morning to all,
Yesterday I attended a webinar from the EC-Council on the much awaited ILABS for the CEH Version 7.
The ILABS is an environment in the cloud that allow you to provide a virtual hacking environment to people who are taking the CEH V7 training. The goal of the ILABS is to provide a totally virtual environment for CEH Classes. This will greatly simply class setup as there is NO class setup to be done. Of course this is a pay for service and it is not included as part of most CEH training. It is up to the instructor or the training center to decide if they wish to use this cloud service or provide their own local service.
NOTE: At Secure Ninja we have acquired brand new high end laptops based on the latest "i" series of processor that allow us to run the class with a virtual environement provided on each of the student computer instead of being dependent on the cloud service. This way we are never disconnected from the cloud and we can easily troubleshoot problems. For some of our onsite classes and remote classes the ILABS solution will be use and will be cheaper than renting and shipping laptops to the remote sites.
PRICING OF ILABS
Pricing has been released only for the USA at this point. There will be different pricing scheme offered in different region of the globe. Resellers will decide on what is the markup they wish to make. It will be interesting to see what will be the different pricing scheme per region. As far as I am concerned, I think it should be a uniform price instead of starting a price war on something where the margin will be already quite low.
The prices released so far are: Access for 30 Days will cost you $299, Access for 60 Days will be $399, and finally access for 90 Days will be $499
As you can see this is quite expensive overall. I am not sure how well received this will be in regions such as India where a class might be sold at $1000 USD. Will students be willing to pay a 50% premium to get access to the ILABS for 90 days ?
Warning:
Choose your access option carefully. The ILABS expiry date cannot be extended. If you wish to extend your access you simply loose all of the work you have already done. Your state will not be kept if you change your subscription. Currently there is ONE master image use and all students using the cloud environment get the exact same image. The EC-Council is aware of this serious limitation and they are working on correcting this in the future.
WHERE DO I GET IT?
ILABS will be available from the EC-Councils and authorized training centers are also welcome to become reseller of ILABS. Discussion are taking place right now with Element K to get them as a reseller as well. They are already distributing the CEH V7 package so it would make sense for them to bundle the ILABS as well. I have attempted to find info on the official EC-Council web site on the subject of ILABS but my search return no results. As you can see this is something very new and over the next few weeks you will start seeing more companies, training centers, and local country offices offering ILABS.
WHAT DO I GET IN MY TARGET ?
The target within the ILABS is composed of 4 target machines and 2 student attack machines.
I was a bit surprise to see a Windows Server 2008 used as the attack machine. This is an unusual attack platform. There will be issues with some of the tools as far as running them on a 2008 platform, some of them might not even run on a Windows 2008 platform.
I also notice there is a Backtrack 4r2 machine as a target. Which is a very strange target. By default Backtrack has no ports, no services enabled. Unless they downgraded security on it, it could make for a boring target.
The target range lack the presence of any UNIX style computer such as Solaris or even OSX on intel.
WHO IS IT POWERED BY ?
This is one question that worries a lot of people. When we see giant cloud services providers such as the Amazon EC2 services go down for an extended period of time there is serious concern about availability.
In this case, the ILABS are powered by a company named Hatsize. They do have an impressive list of clients and seems to be a mature solution. Of course, I do not believe they could be a bottleneck. It is simply a matter of the EC-Council provisioning enough resources to ensure quality of service when peak demand is in place.
Each students in the ILABS environment consumes about 6 GB of RAM. You do need a very beefy environment to supports dozens of classes all ongoing at the same time. Hatzise can scale up very high, it is just a matter of prosisioning enough resources for all of the EC-Council ILABS users.
WHAT ARE THE PRO AND CON ?
Here are the PRO side:
No local setup of computers is needed, only a thin or light client is needed to access the ILABS.
Processing is done on the CLOUD computers, so you don't need a beefy computer to access
Bandwidth requirement are fairly slim, only screen refresh is being pushed through
A JAVA applet is used to access the remote labs, if you have a browser you are good to go
The setup is always properly done and matches the labs
Ability to use the VMWare save state or snapshoot
Can do the labs from any location that has internet connectivity
Instructors can monitor progress of students (if manually assigned to the instructor)
Here are the DOWN side:
Instructors cannot upload or download anything from the ILABS Environment, it is AS IS
If the cloud solution is slow or inaccessible, then your class will be slow or worst at a Stand Still
Instructor cannot add, improve, or provide further labs within the environment. They must use what is provided.
Pricing is fairly high, it was promise on the webinar that Version 2 would be cheaper, we will see...
You cannot extend your expiry date without loosing all of your data and changes you have done
Assigning a student to an instructor for monitoring is a manual process at this point
It is not as flexible as a local solution where you can show real life scenarios and add to the can package
THE FUTURE
Version 2 of ILABS are already in the works. It will have better management tools, they also hope the cost will come down a bit by having more flexible subscription package based on usage instead of a fix fee. Of course, there are a lot of things to work out as far as the details but it will come as the platform will mature in the future.
Some of the manual process will be automated for easier usage. A great question was asked as well on the webinar about Accessibility. There is no official support for screen readers or any other type of accessibility tool at this point. I think it is a serious shortcoming that will need to be addressed in the future to allow participation for people coming from Work Improvement programs where there is lots of veterans or people that might have small to very serious disabilities. The EC-Council promised they would look into the issue and provide access in a format that would be compatible.
It was also mentioned the EC-Council is looking at integrating some type of Learning Management System (LMS) along with the ILABS to provide a full learning environment. This is what people are used to when taking training online.
Best regards to all
Talk to you soon
Clement "
CEH V7 Module 01 - Introduction to Ethical Hacking
Posted by cdupuis on Tuesday, 07 June 2011 @ 10:28:36 EDT (1520 reads)
Topic CEH
Anonymous writes "Good morning to all,
Today we will get into Module 01 which is Introduction to Ethical Hacking. This module has a total of 57 slides.
The module is the introduction to Ethical Hacking, it talks about news clipping of large compromise that happened recently, it talks about the Jargon used by hackers and ethical hackers, it then covers some of the crime statistics as well as data breaches statistics, then it gets into the methodology used throughout the CEH v7 class deliverty. This module is more about talking the talk, understanding the steps to follow, there is little technical content in this module.
OBJECTIVES
The modules has a long list of objectives at the beginning. Usually objectives are goals to reach but in this case it is more a list of topics than a list of objectives.
- Elements of Information Security
- The Security, Functionality, and Usability Triangle
- Security Challenges
- Effect of Hacking
- Who is a Hacker?
- Hacker Classes
- Types of Hackers
- Hacking phases
- Types of attacks on a System
- Why Ethical Hacking is Necessary?
- Scope and limitation of Ethcial Hacking
- What Do Ethical Hackers Do?
- Skills of an Ethical Hacker
- Vulnerability Research
MODULE FLOW
Info Security Overview --> Hacking Concepts --> Hacking Phases --> Types of Hacking --> Ethical Hacking --> Vulnerability Research
LINKS RELATED TO THIS MODULE
The Internet Crime Centre
http://www.ic3.gov/default.aspx
The 2011 Verizon Data Breaches Investigation Report
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf
7Safe, UK Security Breach Investigations Report
http://www.7safe.com/breach_report/Breach_report_2010.pdf
TERMINOLOGY
This module introduce you to key terms you must know for the purpose of the exam:
Hack Value
Target of Evaluation
Attack
Exploit
Zero Day
Security
Threats - Vulnerability - Daisy Chaining
Confidentiality - Integrity - Availability (CIA)
Identification - Authentication - Authorization - Authenticity
Non-Repudiation
Black Hat - Grey Hat - White Hat - Suicide Hackers
Hacktivism
METHODOLOGY
This module introduces you to the methodology followed within the Certified Ethical Hacker Version 7 class. It shows you each of the phase one by one and what is includes within each of the steps. You MUST know these steps in the proper order and what they mean before doing your test.
Reconnaissance
- Passive and active
Scanning
- Pre-Attack Phase
- Port Scanning
- Network scanning
- Vulnerability scanners
- Extracting information
Gaining Access
- Get access
- Escalate privileges
- Password Cracking
- Buffer Overflow
- DoS
- DDoS
- Hijacking
- etc...
Maintaining Access
- Backdoor
- Rootkit
- Trojan
Clearing Tracks
- Remove logs
- Remove temporary files
- Remove shell history
- Remove any traces
ATTACK TYPES
After explaining the methodology being used, a large portion of the module covers types of attacks at different layers within the system. At this point the attacks are only mentioned and not thoroughly explained yet. Later on you will get into more details on each of the types of attacks that coud exists.
There are mostly four types of attacks covered: OS Attacks, Misconfiguration attacks, Application Level Attacks, and Shrink Wrap Code attacks.
ETHICAL HACKING
This portion of the modules has a long discussion about Ethical Hacking, what it is, where does it fit into your security infrastructure, what is the business case you can make to justify using Ethical Hacking, what Ethical Hackers do, the concept of Defense in Depth and where the CEH fit within the layers, and a few more slides on Scope and Limitation of Ethical Hacking.
VULNERABILITY RESEARCH
The last portion of the module talks about Vulnerability Research, there are many web sites recommended to you to perform research, it seems many of the important websites are missing from the list. The list contains multiple security magazine websites which are most likely NOT the best source to find new vulnerabilities and the latest news on security threats.
RECOMMENDATIONS AND CLOSING
Overall this is not a very technical modules. It is once again to set the stage, to introduce you to the topic and make you aware of the special language use by Ethical and Unethical hackers. Obvisouly there is a very narrow view when it comes to methodology. Only the EC-Council series of steps is convered as a methodology.
A methodology is a lot more than this. I would strongly recommend to all to visit the OSSTMM web site and to get a copy of the latest Open Source Security Testing Methodology Manual. I would also recommend to read the nice NIST document on Penetration Testing and Security Assessment (NIST SP 800-115). Also you may want to take a look at the Information System Security Assessment Framework. See the links below to those documents:
Get a copy of the OSSTMM Version 3 at:
http://www.isecom.org/mirror/OSSTMM.3.pdf
Get a copy of the NIST 800-115 document at:
http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
Get a copy of the ISSAF (the document is a bit outdated but still has many great tips) at:
http://www.oissg.org/downloads/issaf-0.2/information-systems-security-assessment-framework-issaf-draft-0.2.1b/download.html
Also take a look on the left side of this page, there are dozens of methodology listed within one of the block, you will find methodologies for web application testing, social engineering, etc..
Best regards to all
Clement "
CEH V7 Module 00 -- Review of content
Posted by cdupuis on Monday, 06 June 2011 @ 13:02:40 EDT (1506 reads)
Topic CEH
Anonymous writes "Good morning to all,
As promised in my previous posting I will start reviewing the modules of the Certified Ethical Hacker Version 7 courseware one by one. The CEH v7 package consist of two large student manuals. We will start with manual one and walk through one module at the time. Manual one include the first 10 modules, marked from 00 to 09.
MODULE 00 - Welcome to the Certified Ethical Hacker Class Exam 312-50
This module has 17 slides of content.
The first module is mostly the administrative content. It tells you about the do's and don't. It start with a quick intro by the instructor, then the students are invited to present themselves, and you then have two slides showing the the path taken through the 19 modules of the CEH V7. Then you have a few marketing slides about other EC-Council classes being offered. There is one slide defining what the CEH v7 exam is:
About the CEHv7 exam:
Official Title is: Ethical Hacking and Countermeasures v7
Exam Code: 312-50 / ECO-350
Number of questions: 150
Duration: 4 hours
Availability: Prometric Prime / Prometric APTC / Vue
Passing Score: 70%
The module also explains what the CEH is and what the CEH IS NOT. Mostly it is stated clearly and I quote: "The CEH Program Teaches you 100% Network Offensive Training and not Defensive". This seems to be contradicted in the content of some of the modules as you will see later on, where defensive tips and tricks are sometimes given to better protect your environment.
NDA -- Non Disclosure Agreement
This is the point where your instructor would ask you to sign the NDA before you could attend the class. The agreement also make you aware that the skills acquired are for Ethical Hacking and not for Cracking into public companies information resources. You hack without the owner permission, we will see you in jail :-( As easy as that.
HACKING WEB SITES
The EC-Council has built a whole series of web sites that can be use throughout the modules. Never ever use your skills agains live website on the internet. This is not legal and it is not ethical as well. You can use the sites listed on the certifiedhacker.com web site to practice your skills and attempt to find vulnerabilities.
The main entry page for the mock up web sites is at: http://www.certifiedhacker.com/
You can navigate through all of the websites using the Right and Left arros on each side of the main page.
STUDENT MANUALS
Both student manuals are printed in nice glossy color which makes it very attractive and easy to read as well.
Overall there is no teachnical content in this module, it is a module to set the expectations and tell you how the class will be delivered over the next 5 days.
IMPORTANT NOTE:
The package overall is very large and it is not possible for any instructors to cover ALL of the tools and ALL of the labs. It cannot be done. To do so you would need at least two weeks of training as a minimum with very long days.
YOUR MASTER WILL DECIDE WHICH ONE WILL BE COVERED
It is up to the instructor to decide which labs and which tools will be covered. This is where a seasoned instructor will really make a huge difference. A seasoned instructor will show you the labs you NEED TO KNOW to perform your job in a real testing environment.
At Secure Ninja we have expanded some of the labs that we consider MANDATORY for the students to be an effective tester. We have added some of our own content to further drive some of the key points that will make you an effective member of your company testing team once you go back to your workplace.
This is it for Module 00
See you in our next posting on Module 01 - Introduction to Ethical Hacking
"
The new CEH Version 7 Kit from the EC-Council
Posted by cdupuis on Wednesday, 25 May 2011 @ 16:51:03 EDT (1546 reads)
Topic CEH
Good day to all,
I had quite a few queries asking about what is the content of the new CEH Version 7 study kit that you receive as part of your class attendance at Secure Ninja.
The new study kit went through a serious diet and the new package no longer contains 5 large books with content you cannot even cover in one week. The new package has some of the same content that was in version 6 but everything is better explained and the graphics have been seriously improved. The student books are printed in color which makes it really easy to follow the diagrams and the flow. This is a serious improvement.
The Kid includes:
1. A COLLECTION OF DVD'S WITH TOOLS
There is a collection of five DVD's with tools. It is a large collection that would normally be hard to manage and keep updated. The five DVD's comes in a small plastic case to protect them and also to easily carry them around with you. Remember that the EC-Council now offers their new tool called Frankeinstein which can help you maintain your collection of tools up to date with ease.
2. TWO LARGE STUDENT MANUALS PRINTED IN COLOR
The kit now includes two books printed in color and the books actually fit within the backpack :-)
The first book contains Modules 1 to 9. The second book has modules 10 to 19.
The books are of good quality with labs contained in the students book at the end of each of the modules.
The following modules are now included in the package, you will no longer see 67 modules with only 1/3 of it covered in class. It is now possible for an instructor to cover all of the modules in class without any problem. See list below:
BOOK ONE HAS THE FOLLOWING MODULES FOR A TOTAL OF 734 PAGES
- Introduction to Ethical Hacking
- Footprinting and Reconnaissance
- Scanning Networks
- Enumeration
- System Hacking
- Trojans and Backdoors
- Viruses and Worms
- Sniffers
- Social Engineering
BOOK TWO HAS THE FOLLOWING MODULES FOR A TOTAL OF 773 PAGES
10. Denial of Services
11. Session Hijacking
12. Hacking Web Servers
13. Hacking Web Applications
14. SQL Injection
15. Hacking Wireless Networks with tools
16. Evading IDS, Firewalls, and Honeypots
17. Buffer Overflow
18. Cryptography
19. Penetration Testing
3. EC-COUNCIL T-SHIRT
The kit also include an EC-Council T-Shirt (See picture below)
4. BACKPACK
You also get a nice back pack to put your whole kit into.
This is a quick overview of the new EC-Council Version 7 courseware. I will post a series of articles describing each of the Modules one by one over the next month or so. You will get a lot more details about what is included in each of the modules within each of the posting.
Best regards
Clement
CEH V7 More details
Posted by cdupuis on Wednesday, 09 February 2011 @ 23:10:36 EST (3118 reads)
Topic CEH
Anonymous writes "NOTE FROM CLEMENT:
THis week was a busy week with two webcasts presented by the EC-Council giving us more details about the new CEH Version 7. Below you have a summary of what is new and coming from the new version.
The first thing you will note as you walk into the classroom is the smaller size of the package. There used to be 67 modules which was completely insane. It meant 365 slides per day if you wanted to teach everything over a 5 days period. Now the number has been shrinked to only 19 modules overall. It is now possible to deliver the whole package in 5 days. No more cluttering and useless tools taking hundreds of pages in the courseware.
Reserve your seat at:
http://secureninja.com/course/23/CEH-v7-Certified-Ethical-Hacker/
Overview
Secure Ninja's CEH v7(Certified Ethical Hacker) training and certification boot camp in Washington, DC will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essentials of security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares the student for the EC-Council Certified Ethical Hacker exam 312-50.
The exam number will not changed but there will be exam specifically marked for CEH V7 within the VUE and Prometric testing centers.
Topics Covered
1. Introduction to Ethical Hacking
2. Footprinting and Reconnaissance
3. Scanning Networks
4. Enumeration
5. System Hacking
6. Trojans and Backdoors
7. Viruses and Worms
8. Sniffers
9. Social Engineering
10. Denial of Service
11. Session Hijacking
12. Hacking Webservers
13. Hacking Web Applications
14. SQL Injection
15. Hacking Wireless Networks
16. Evading IDS, Firewalls and Honeypots
17. Buffer Overflows
18. Cryptography
19. Penetration Testing
Who can benefit from such a class:
- Security Officers
- Auditors
- Network Administrators
- Firewall Administrators
- Security Professionals
- Anyone who is concerned about the integrity of the network infrastructure
- I would recommend even Managers get out of their office to learn about the offensive side
Prerequisites
- Strong knowledge of TCP/IP
- Information systems and security background
- Minimum of 12 months of experience in networking
technologies
Required Exams
CEH training at Secure Ninja will properly prepare you for the following exams:
- 312-50 – Ethical Hacking / Countermeasures (CEH)
- 312-99 – Certified Network Defense Architect (CNDA)
Courseware
Official Certified Ethical Hacker v7 Review Guide
Course Length
40 hours
DoD Directive 8570.1-M - CEH v7 meets Government and DoD agencies compliance with Federal Information Security Management Act (FISMA) and DoD Directive 8570.1-M. It is approved for CND Analyst, CND Infrastructure Support, CND Incident Reporter, and CND Auditor. One single class that meet 4 different levels.
CEH 6.1 VS CEH V7- Big Difference!
This version is the version that has cost EC-Council most money so far to produce, they really invested in lots of experts, lots of time, professional graphic designers, Psychometricians, and the community as well for input.
This is not just another version where they added 15 more modules. It is the contrary; the package was submitted to a diet to come out with a top shape package. It is a completely new and updated package. EC-Council mentions terms such as concise, focused, skills, knowledge, supporting elements, and more.
In the CEH 6.1 version the language was about tools, this time it is about knowledge and skills and what is needed to be a true Security Tester. All of the slides were revised and they got rid of slides with lots of text and they replace those slides with amazing graphics where it talks by itself, they say a picture is worth 1000 words and this is true in this case.
The instructor will be the one responsible to explain and there is no need to write all the instructor can say on the slide. The professional graphics are really great looking and you can see there was some thinking behind it. The graphic support is so great the instructor will have very little drawing to do on the board.
KEY UPGRADES
- UPDATED TO LATEST OPERATING SYSTEMS: The next thing that is really exciting is the fact that everything is updated to the latest version of operating systems with the latest patches and hotfixes. The student machines, the instructor machine, the target range, they are all updated to the latest version. No more hacking of old windows 2000 box. Only the latest.
- SLIDE SHOW GETS AN A+: The slide show had a major cleanup on the tool side. Some modules used to have dozens of tools presented, this has changed, and the new layout will showcase only a few tools and only the most relevant tool for the task being done.
- KILLER LAB MANUAL: The lab manual has been completely redone and a new format being used. It has a really nice layout with a great flow.
- COLOR MY WORLD COURSEWARE: As mentioned in my previous message the courseware will be in color, you heard right, no more black and white and bad shades of the gray scale. The courseware will really come to life with vibrant graphics in color. It is nice to see important items and points stand out with a different color. This is really a step forward. I still cannot believe it a large vendor is willing to spend more money to get color in their courseware.
Revolutionary Product
EC-Council releases the most advanced ethical hacking program in the world. This much anticipated version was designed by hackers and security researchers. CEH v7 is a revolutionary training program that combines class metrics, advance lab environment, cutting edge hacking techniques and excellent presentation materials. EC-Council has spent several years in developing this version.
The Certified Ethical Hacker courseware has undergone tremendous improvement from its predecessor. We have invested 4 times the regular investment in the research and development since the last release, and have given CEHv7 a complete makeover.
The new version is a breakaway from earlier releases with more emphasis on techniques and methodologies, which attackers may use to carry out possible attacks against system/networks that are updated and maintained.
Picture speaks thousand words and we at EC-Council have enforced the saying by practicing it. The instructor slides and student manuals in CEHv7 has it all. The new version empowers the instructor with flawless flow and outstanding diagrammatic representation of the hacking techniques, which makes it easier to teach and enables students to understand the concepts better.
CEHv7 provides a comprehensive ethical hacking and network security-training program to meet the standards of highly skilled security professionals. Hundreds of SMEs and authors have contributed towards the content presented in the CEHv7 courseware. Latest tools and exploits uncovered from the underground community are featured in the new package. Our researchers have invested thousands of man hours researching the latest trends and uncovering the covert techniques used by the underground community.
In addition to the makeover, CEHv7 includes two additional bundles; a Monster Hacking Tool Repository, Codenamed Frankenstein and a subscription based Virtual Lab Environment codenamed iLabs.
Frankenstein
Frankenstein is the Hacker version of the Apple Store. It provides user with an ease for searching, downloading and installing the latest hacking and penetration testing tools. By using Frankenstein Version 1.0, users can check the release date of the tool, category under which it is published, probable size of the tool, name of the publisher/author, the website details and technical requirements for the tool to run. This will help all the Certified Members to keep themselves updated of tools released in the wild.
Key benefits:
• Repository of categorized latest tools
• User can download the tool in less time with comparison to manual search
• Helps the user to synchronize & manage the tools from the server
• Search specific tools from the available list of tools
• The system provides a means to generate a HTML report of all the tools downloaded by the user
iLabs
The iLabs is a subscription based service that allows students to logon to a virtualized remote machine running Windows 2003 Server to perform various exercises featured in the CEHv7Lab Guide. All you need is a web browser to connect and start experimenting. The virtual machine setup reduces the time and effort spent by instructors and partners prior to the classroom engagement. It is a hassle free service available 24x7 x number of days subscribed. Different subscription and pricing will be available. Even thou it was not mentioned, I saw a BUY button on the interface, I will bet you that soon we will see commercial software being offer at reduce price in there as well.
Benefits
• Enables students to practice various hacking techniques in a real time and simulated environment
• The course tools and programs are preloaded on the iLabs machine thereby saving productive time and effort
Key Features of CEH v7
• Well organized DVD-ROM content; a repository of approximately 30GB of latest hacking and security tools and more than 1000 minutes of videos demonstrating hacking techniques.
• Well organized content for a better understanding and learning experience
• Concepts are well-illustrated to create self-explanatory slides.
• Diagrammatic representation of concepts and attacks
• Industry standard key tools are featured in detail and other tools are presented as a list for students to try
• Exclusive section for countermeasures against different attacks with detailed explanation of how to implement these countermeasures in real time environment
• The new version has complete section dedicated for penetration testing. It illustrates how to implement learned concepts to test network system security
• A result oriented, descriptive and analytical lab manual; the labs showcased in the courseware are tested against latest Operating Systems with all the patches and hot fixes applied
SO THE OVERALL VIEW OF CEH V7 TRAINING FEATURES ARE: Updated Content
CEH v7 contains updated content based on rapidly evolving security challenges and attack techniques.
Organized Content
The well-designed content enhances the learning experience and ensures better understanding of key concepts,
attack types and hacking methodologies.
Classroom Friendly
The well-structured slides create an interactive classroom environment
Rich in Illustration
The slides contain diagrams and illustrations to create better understanding of
hacking concepts and actual attack paths
New Hacks
CEH v7 provides insights on new hacking techniques, exploits, vulnerabilities, viruses, Trojan and organized
cybercrime.
Hacking Tools
CEH v7 showcases thousands of Hacking tools including password crackers, spyware, live Trojans and viruses.
Security Tools
CEH v7 offers a detailed description of industry-standard security tools and technologies.
Countermeasures
CEH v7 has an exclusive section, which provides detailed explanation of countermeasures to be adopted against
different types of attacks.
Visual Appeal
Eye-catching graphics complement the content and enhance the learning experience.
Penetration Testing
CEH v7 has an exclusive section for Penetration Testing. The section demonstrates how to conduct
network pen testing using proven methodologies.
Lab Setup
Lab setup environment includes 5 virtual machines to test different attack scenarios. Lab
setup manual is accompanied with videos to facilitate learning.
DVD-ROM Content
CEH v7 also provides DVDs with a repository of around 15 GB of latest hacking tools, exploits, viruses, Trojans
and security tools.
Expert Instructors
The course is taught by expert instructors and world renowned network security professionals and engineers.
Frankenstein System
CEH v7 comes with state of the art hacking tools repository system. Using the system, students would be able to
download the current and latest hacking tools available on the Internet. You will never be left with outdated tools.
ILabs
Students will be able to access online cloud based ILabs virtual Lab environment. The entire ILabs systems can be
accessed by using a web browser.
Live Hacking
Students will be able to attack live hacking web applications provided by EC-Council. Students will have realistic
attack experience.
Web Applications
CEH v7 focuses heavily on evolving security threats involving web applications such as SQL
Injections, Cross-site Scripting, Xpath attacks, web services vulnerabilities.
Mobile Phones
Detailed coverage on mobile application threats such as Android, I-Pods, I-Pads
and tablet computers.
Lab exercises
The lab exercises covered in CEH v7 are contributed by leading experts in the security industry. The labs focus real
and practical examples close to an enterprise network environment
Exams
CEH v7 exams follow ANSI compliance and the exam items are created and vetted by the leading psychometricians
in the industry
Career Track & Roles
- Network Administrator
- Systems Administrator
- Systems Engineer
- Systems Architect
- Network Security Specialist
Follow On Courses
- ECSA
- Wireless Security
- Computer Forensics
What is a Certified Ethical Hacker?
The Ethical Hacker is a security specialist who conducts in-depth tests to penetrate networks and computer systems
on behalf of an organization. The objective is to facilitate organizations in ascertaining the vulnerabilities and
security flaws before their exploitation by hackers. Ethical hackers mimic the approach adopted by hackers with
minimum disruption in services. The extent of the tests depends on the contract between the ethical hacker and the
organization.
The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor neutral perspective. The Certified Ethical Hacker certification enhances the skill sets of security administrators,
network administrators, security auditors and other IT professionals. Certified Ethical hackers are skilled in
identifying the threat vectors in the IT infrastructure and use their expertise in strengthening the defenses against
security threats.
About Secure Ninja
Secure Ninja Training is the DC’s Area’s #1 Expert IT Training Center . We are conveniently located in beautiful Historic Old Town Alexandria, VA enhancing your training experience and featuring:
- Metro Accessibility - Short walk from Metro Blue/Yellow Line (leave the car behind)
- 4 minute Drive to Ronald Reagan Washington National Airport
- Available Parking
- World class restaurants and shops at your footsteps
- Closest Expert IT & IT Security Training Center to Fort Belvoir, Boiling AFB, Fort Myer, Department of Homeland Security, US Department of Navy, US Coast Guard, Fort McNair, Washington Navy Yard and the Pentagon
Why Choose Secure Ninja for your Washington DC Expert IT Training?
- Superior Expert Instructors
- Highest Industry Pass Rates
- Small Class - No classroom overcrowding means more attention to you
- Choose from Day, Evening & Weekend Classroom-Based or Live Online Classes to meet your busy schedule
- Accelerated Boot Camps Save You Time And Money
- Personal 1-1 Mentoring
- Easy Financing/ Payment Plans Available!
- Veterans Benefits & GI Bill Approved – Welcome Military
- WIA (Workforce Investment Act) Approved
- Paid Internships & Job Referrals!
- Meet Your DoD 8570-1 Certification Needs. Get Compliant!
- Secure Ninja is the ONLY Testing Center that offers ALL 5 industry standard test vendors in the DC / Baltimore Metropolitan Area. (Prometric, VUE, Kryterion-Online, Certiport and Impact-Testing)
- Lowest Prices! We are locally based keeping our overhead low so we can pass the savings along to you
- DC is our Home. Most training centers set up shop in hotels or rented centers. When you have a need, request or encounter a problem they are not there to answer. Our physical location in Alexandria is open 7 days a week and our staff always there to help.
You can see the CEH V7 Marketing brochure at:
http://secureninja.com/uploads/Secure-Ninja-CEHv7-Complete.pdf
Reserve your seat at:
http://secureninja.com/course/23/CEH-v7-Certified-Ethical-Hacker/ "
EC-Council Certification Status Alert! CPE's are needed.
Posted by cdupuis on Monday, 20 December 2010 @ 11:33:57 EST (2362 reads)
Topic CEH
Anonymous writes "NOTE FROM CLEMENT:
Do not forget to maintain your CPE's or what is called ECE's in the EC-Council world. Some of you might have received a note to this effect. One portion of the message states: "All CEH Certified members must comply or their certifications will be revoked by regulation of ANSI 17024." As you can see it is nice to have all those certs approved under the DoD 8570 directive, approved by ANSI under ISO 17024, but this bring more stringent requirements and you must start early to earn the required CPE's. See the message I have received below:
This is an Official Announcement from EC Council.
Dear CEH Holder,
As you may have heard, the Certified Ethical Hacker has been accepted for DOD's Directive 8570, see the official directive HERE: Although you may not be affected directly by this achievement, acceptance to Directive 8570 speaks the quality of the CEH program and the rigor we have put into it's development and maintenance. This effort translates into real world value for the certification you have just obtained. EC-Council is committed to working hard for you, and the certifications you hold.
Our next major step which is now in process, EC-Council has been entered as a preliminary applicant for ANSI 17024, a governing directive for most respected certifications today. 17024 requires the addition of a Continuing education program. As you may already be familiar with other CPE programs, such as the requirements to maintain certifications like (ISC)2's CISSP, EC-Council has implemented the EC-Council Continuing Education Program. There is no cost associated with this, however you are required to log Credit hours to maintain your certification. All CEH Certified members must comply or their certifications will be revoked by regulation of ANSI 17024. Credits are available in many forms, for details, please click HERE.
To better serve our certified members, EC-Council has also designed a series of programs around continuing education and certification enhancement. As your personal Certification counselor, it would be my pleasure to host a conversation with you, discuss your future plans for certification and EC-Council's Role in that process, as well as guide you through our various systems and resources available to you now that you have achieved certification. If you are interested to speak with me, please feel free to reach out, my contact information is included below.
As a member of EC Council's Certification organization you are qualified to receive our U.S. Newsletter which is available on a monthly basis and will provide you with vital news, information and new continuing education possibilities. EC-Council takes pride in every member and we continually design programs to help you succeed. Our regular communications to you will include member-only discounts, opportunities, programs, etc.
Lynn Long
Online Learning & Training Services
EC-Council | North America
6330 Riverside Plaza Lane NW
Suite 210
Albuquerque, NM 87120
USA
Web: http://iclass.eccouncil.org/
US Office: 505.341.3228 x 120
US Fax: 505.341.0050
"
RENEWAL Information for CEH!
Posted by cdupuis on Wednesday, 19 May 2010 @ 13:35:59 EDT (6716 reads)
Topic CEH
Dear CEH Member,
It has come to our attention that there has been some confusion regarding what the cut-off is for submitting CPEs for Certified Ethical Hacker Certification in the ECE Delta System Portal. In order to simplify this process, please review following guidelines:
1. Any CPE credits submitted to the ECE Delta System from this point on, must not be older than January, 2008.
2. If the candidate took the exam or attended events prior to 2008 they cannot add those events for ECE Delta System Credits.
Note: The Version of Certified Ethical Hacker is not part of the defining Criterion.
If your EC Council certification was obtained prior to January of 2008, you will need to re-certify to maintain your status. The cost of the CEH and CHFI exams is $250 and the ECSA is $300. Please feel free to contact me if you would like my help in setting up your exam.
Also, to aid our members with a low-cost upgrade, we have developed the Official CEH Exam Review course. It is not required, but many of our members are already finding it very helpful.
The Course includes: Certification Voucher, CEH Review Guide (v6), One day, live, on-line instructor-led course, and best of all, a test pass guarantee! ($349)
We apologize for any confusion during this transition period and please feel free to contact me if you have any questions!
Benefit you might not be aware of:
We will not be charging yearly fees for the ECE Delta System.
Regards,
Pascal
You've got the hottest version out there!
Have fun brother, and if anyone has any questions left they call call or email me!
Thanks!
Pascal Nemmar
Account Executive
EC-Council | North America
Web: http://iclass.eccouncil.org/
US Office: 505.341.3228 ext. 106
The EC-Council CHFI Version 4 is soon to be released
Posted by cdupuis on Thursday, 28 January 2010 @ 20:55:58 EST (2143 reads)
Topic CEH
This morning I had the opportunity to listen to a webcast on the new CHFI Version 4 that will very soon be released.
The presenter was no other than Haja Mohideen. Haja Mohideen is the technical director for EC-Council. He manages the certifications and training programs at EC-Council. He has multiple years of experience in IT. He has contributed to the development of EC-Council programs such as CEH, CHFI, LPT, ECSA, etc.
Haja started the webinar by describing what the CHFI Version 4 will be, he used words such as bigger, better, Enormous, a Monster. As you will see below he was not playing with words, it is a very accurate description of what the CHFI Version really is.
The CHFI Version 4 is not a complete rewrite of the course, it is based on the old version 3. More data, content, products, and tools have been added to the 5 days of training. A total of 27 new modules have been added to the content of the CHFI V4. For a great total of approximatively 65 modules overall.
If this pattern is maintained we can expect to have 150 modules for version 7 of the courseware as Haja mentioned semi seriously in the Webinar.
WHAT IS NEW ?
One great addition will be thorough coverage of Encase. The EC-Council has signed an agreement with Guidance Software to get an academic version of the software to be use in class. Guidance has provided a full slide show to be use to teach it as well.
The academic version cannot be used on real case but it allow you to make use of the images contained within the software itself to go through the normal step that would be followed to investigate a computer crime.
Below you have a high level overview and comparison of the old version versus the new version:
|
CHFI VERSION 3 |
CHFI VERSION 4 |
| Number of Modules |
35 |
65 |
| Pages Total |
2751 |
4193 |
| Pages per Module |
74 |
91 |
| Slides Overall |
2457 |
4872 |
| Slides per modules |
66 |
75 |
| Latest Security News |
NO |
YES |
| Cartoon in Slides |
YES |
YES |
MODULES ADDED TO THE COURSE
Below you have a screenshot of some of the modules that were added to the course. This is not the official list as there could be minor changes between now and the final release of the V4 courseware. But it will give you a good idea of what to expect:
WHAT ABOUT THE CHFI V4 EXAM
Of course more content means that the exam must be expanded to cover it properly. The exam will consist of:
150 Questions
4 hours in length
70% is required to pass
Availability as of the 1st of February 2010
Just like the curriculum the exam will not be completely new. Some of the old V3 exam content will remain with the addition of a lot of new questions to cover the new material of the V4 version. More study will be required to master this exam.
HOW COMPLEX DOES THE LAB SETUP HAS TO BE
The lab setup has not change much compare to the old CHFI V3, the following is recommended:
1. Follow same steps as V3
2. Windows Server 2003 with 2 partitions, C & D partitions.
3. CHFI Tools preloaded on each of the machines
Haja discussed why they decided not to move to the new Windows Server 2008 as the base platform. Mostly the main reasons were that 2008 is very well locked down, it is hard to run all of the tools on that platform. 2003 is simple to install and run.
MY PERSONAL OPINION AND FEELING ABOUT THIS VERSION
BIGGER IS NOT ALWAYS BETTER (At least in the world of Penetration Testing and Security Assessment training)
It is very scary to think that this package has close to 5000 slides and more than 4000 pages. At one point one has to wonder how can this be delivered over a period of 5 days. The answer is very simple: IT CANNOT BE
Then what else can be done. The instructor guide usually always propose 3 delivery methods. The usual one where you ONLY cover only the core modules and the class run from 9 AM to 5 PM. The second method is to extend the training hours where you start at 0800 AM and you finish at 6 PM. A few more modules can be covered this way. The third method is simply PURE bootcamp method where you get in class earlier than 8 AM and you stay in class until 10 PM or more. That will allow you to cover yet more modules but not all of them for sure.
From personal experience, you cannot teach for 16 hours a day to students. After 8 to 9 hours or even less in many cases their brain is no longer in receive mode. You need to have some hands on labs or red team exercises to close the day. You let them use their brain and further explore what they have learned under the supervision of a master. This is the only way you will keep them awake and engage that long.
That brings another challenge, it means that the class has to be adapted by the instructor according to his own desire or what the client stressed that he wanted as far as content. It works well when it is an onsite class, the client who pays the bill for all the students can tell you what focus he would like for his class. However, this is not a viable solution for a public class with a mix and match of experience level. It is hard to succeed and still carry along everyone under such a scenario.
A normal class day (8 hours of teaching) usually covers a maximum of 220 slides without any labs. If you introduce labs you have to reduce this down to about 180 slides per day or maybe a bit less. Those numbers have always work very well for us. There is no way you can go through a lot of modules per day when there is an average of 75 slides per modules. This means that on a good day you would cover about 3 modules if you do it correctly. If you multiply this by 5 you get 15 modules done at the end of the week. What about the other 50 you haven't done....
If you can do more than 3 full modules a day it means that you have very little content on your slide or you have slide with one or two bullet points that could have been condensed onto less slides as they add little value to the package. Some of those slides are the dozen of tools listen within some of the modules. The instructor must skip through those at warp speed. They are only there for reference and to make you aware that they exist. Such a list of tools should be listed in the student manual but not one by one on the slides.
Let's say for the sake of argument that you are a top trainer and you can zip through slide at a rythm of 1 slide every two minutes (which is about the normal ratio for a fast instructor who does not add much value to the slides), if you teach for ten hours without any pause or break, you would cover only 300 slides in a day. You would still be short on time and would only complete 4 modules in your full day. This means a total of 20 modules for a 5 day class without any pause, break, lunch break, or labs at all. It does not add up.
THE INSTRUCTOR DECIDE HOW THE CLASS WILL BE
As you might have guessed there are many instructors who can deliver such a class. They are the one in charge and they decide what is more important to cover within all of those modules. The student has to and must do self learning of the modules not covered in class. Certainly NOT what most students would expect. They expect to learn from a master.
This means that you must pick your instructor very carefully as it could make a world of difference from one class to the next.
WHAT CAN BE DONE
Some very serious taught has to be given to the CHFI and the CEH class for that matter. They both suffer from bloatware. Adding, adding, and adding more content does not generate a cohesive CBK or map to clear objective.
150 Questions means 2.3 questions per modules. If a module does not have enough material to generate more then 2.3 questions, it should not be called a module. Seriously, any modules that has content should have 5 or more questions. If an exam with 300 questions is needed then be it. Else your exam does not validate the full spectrum of what the class contains.
This MONSTER as Haja defined it should be cut in three portions where there could be a foundation class, an intermediate, and advanced. Then it would make sense as far as content, progress, and delivery. I think giving someone all of the tools that exists at Home Depot does not make that person a carpenter. Only years of experience and leaning from other carpenters will allow you to become such an expert. You have to learn to walk before you run. It is better to learn one tool at the time than TONS of tools in 5 days.
Anyway, this is a quick overview of the CHFI V4 and some of the challenges and issues that I can foresee in the future.
Do take care
Clement
Resume of the CEH Webcast I attended yesterday
Posted by cdupuis on Thursday, 28 January 2010 @ 12:56:42 EST (1996 reads)
Topic CEH
The theme of the webcast was: First look featuring the brand new
I must admit that the title of this webcast is what really attracted me and made me register. I was also please to see it would be a FULL three hours which is plenty of time to present on brand new topics. Usually one hours webcast are too short to really get into detailed content.
The webcast consisted of an introduction, then they showed two modules of the CEH on web application testing and vulnerability assessment, the last portion was a presentation by Core Security showing the use and features of Core Impact.
As you know some of the modules within the CEH are fairly large in size, attempting to go through two full modules in such a short time frame made this a challenge for the presenter. The presenter demonstrated good knowledge of the suject matter presented but was bound to stay within the slides presented.
Thre first module presented was most certainly disappointing and there was nothing elite or "BRAND NEW"
Within the module there was a slide on IIS7 but this was mostly skipped and covered in about 15 seconds. I would have like to see a lot more about the latest version of web servers such as IIS and others as well. Instead we were taken on a tour of IIS 4.0 and 5.0 vulnerabilities and the demonstration were all agains a target that was a Windows 2000 server (this is not a typo) without any service pack applied. Not what I was expecing from a presentation with "Brand New" in the title.
The first module showed us COOL directory traversal attacks that were done on older version of IIS using a series of cut and paste strings, I doubt any of this would work against modern platform that have been properly hardened and configured. This was a bit disappointing. It is COOL but not very useful in real life today against well maintained targets.
The first module also showed some aging in it's description of Metasploit where it is still being reference as a PERL tool.
Dave Aitel would have been disappointed to see the coverage of CANVAS within this module It was mostly mentioned as a name and very quickly push aside. I think that even thou CANVAS is not as well integrated or polished as CORE IMPACT it should have been covered in more depth as it is a VERY powerful tool as well. Immunity has been doing lots of great work in the security testing community.
Another sign of aging is Nessus being listed as and open source tool. It has not been Open Source and Free for quite a whiile. This would need to be updated.
The modules themselves still have numerous slides showing TOOLS. Only the leading tools should be covered and the long list should be included in the student manual. Powerpoint is not a high content tool, a page in the student book can cover easily a list of 25 tools with description instead of one slide per tool. That would be a lot better.
Some basic SQL injection using the goold old buggy login form was demonstrated and well explained. It would have been great to have more web exploitation demonstration or some advanced and brand new SQL injection techniques demonstrated.
As far as applications are concerned showing how drive by install, trojan and backdoor installation, and other form of social engineering attacks are really done today would have been great. The people behind the technology is the target of many organized criminal groups.
By far the last portion of the presentation was the best. The engineer from Core concentrated on today's hacker playground which is Layer 7 within the OSI model or application security. Once again they clearly showed and demonstrated that you could have layers of firewalls, IDS, and other protection mechanism but the weak link is the person sitting behind the technology.
IMPROVEMENT
The instructor did a great job in module two where he just went on his own instead of staying only within the slide content. He attempted to explain things using the Whiteboard in Webex but the tool is not easy to use. I would recommend adding a few slides on the subjects that he covered.
I would also cover less in future webcast but cover it with more depth. The whole webcast talked about LOTS of things but did not show those things. People do not want to be told about things they want to be educated on how things happen and how people take advantage of their systems and networks.
As far as the core presentation is concerned, I think it was done a bit too quicly for people who have never seen or use the interface. A slide introducing and showing the systems involved in the attacks to be demonstrated would have made it easier to grasp for some of the attendees. The demo were good and all worked as expected but the speed at which it was done made it a bit hard to follow for people that are not used to the product. In fact it went so fast that the moderator was not back yet to take over when they finished.
BEING ETHICAL
A live web site on the internet was demonstrated with Hidden Form Fields being used. Even thou it is very stupid to use Hidden Form Fiedl for sensitive information such as pricing, I think that ethically it was not OK to use such a web site. Even if the instructor claimed that the owner of the website knows about it that does not make it OK to show it on a webcast. It would be like knowing how to steal money from a bank and showing it live on a webcast. That should be avoided in the future.
I understand that the Actualtests.com website did not work as expected but it would have been better to simply explain it and not show a live website as far as I am concerned. You always expose yourself when you show such vulnerabiltiy to a public audience. It was even mentioned that the web site has been used for the past past 5 years within live classes.
It could have been great to mention Server Side validation instead of only Client Side validation.
CONCLUSION
The two most commonly used word throught the presentation was TOOLS and COOL. Myself I strongly believe that you do not need 300 tools to be a good pen tester. A good brain and a browser would probably take you a lot further.
Doing testing in real life is NOT always cool, there are time you are scratching your head and you could be hitting a wall for days before you can make it to the other side of the wall. Such is reality.
Overall it was a good presentation but definitively no what I expected. I expected to get a presentation on web application vulnerabilities that we face today on a day to day basis. Instead I was presented with very basic and older vulnerability that are well documented on the Internet.
Unfortunately the two websites that were to be used for demo purpose did not seem to work as expected and they could not be used. That would have made the instructor presentation a lot easier and a better presentation overall.
In the future, I would at least expect the demo to be done against a modern operating system with service packs and patches applied. Or at least a Windows 2003 as a platform with some patches missing but not Windows 2000 with no service packs.
Best regards
Clement
EC-Council Members Webinar - November 2008
Posted by cdupuis on Saturday, 29 November 2008 @ 20:52:40 EST (2141 reads)
Topic CEH
PRE-RECORDED WEBINAR FOR MEMBERS - NOV 2008
Duration: 60 minutes
Sponsored by Core Security Technologies
|
|
|
|
Zen & the Art of An Internal Penetration Testing Program
(Part I)
Presenter: Mr. Paul Asadoorian
|
This presentation provides you with fundamental knowledge required to create an internal penetration testing program for your organization. It is the answer to questions like "Why do I need to perform internal penetration testing?" and "What kind of systems and applications should I test?" The presentation covers best practices for your systems and network administration, goals of testing, and defining rules and scopes of engagement. Tips and tricks will be offered, including using Nmap for host identification and enumeration, scripting Nmap using Nmap Scripting Engine (advanced testing), and using Ndiff to compare Nmap scan results.
Download the webinar now and listen to what our guest speaker, Paul Asadoorian, Founder and CEO of PaulDotCom, has got to share on this.
Presenter
Mr Paul Asadoorian Founder & CEO, PaulDotCom This Webinar is sponsored by Core Security Technologies.Core Security Technologies is the leader in comprehensive security testing software solutions that IT executives rely on to expose vulnerabilities, measure operational risk, and assure security effectiveness. The company's CORE IMPACT product family offers a comprehensive approach to assessing the security of network systems, endpoint systems, email users and web applications against complex threats. All CORE IMPACT security testing solutions are backed by trusted vulnerability research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups.
|
|
Get yourself updated with the latest!
Hackers are here. Where are you?
# # #
|
|
|
|
FREE Sample Penetration Testing Report Template
Posted by cdupuis on Sunday, 26 October 2008 @ 22:45:51 EDT (2427 reads)
Topic CEH
The following have been developed and used by many of those on the Westminster University courses. They have been offered to the general IT community as open source documents for free download and use.
Basic Stages of Penetration Testing (doc)
Penetration Testing report template (doc & rtf)
NMap commands cheat sheet (doc)
Linux Wireless commands cheat sheet (doc)
Port Numbers (txt)
The resources above are provided by:
http://www.logicallysecure.com/resources/downloads/downloads.htm
C|EH v6 Security Experts or Monkeys with Tool Exposure
Posted by cdupuis on Thursday, 18 September 2008 @ 10:51:09 EDT (7389 reads)
Topic CEH
Anonymous writes "NOTE FROM CLEMENT:
Below you will find a nice article posted by sil @ e-fensive dot net. As the author mentions his goal is not to trash and attack the CEH certification but to express his fair opinion about the certification based on the factual information and his own experience of security certification.
Unfortunately I must admit that his opinion is somehow skewed and not as factual as it really is. It seems that Sil used public information at www.eccouncil.org as the basis of his opinion. I think that I have to add my own note to it simply because I am very familiar with the CEH program, I have delivered many CEH classes in the past, and I am also in touch with some of the most talented instructors delivering the CEH on regular basis and they do have very successful classes.
The public side of the EC-Council website is build by people who are into marketing, they will throw buzzword and say things in a way that is very enticing to visitors but it is not always an accurate representation of how the actual class will be delivered or the way the training company you choose will deliver it. The actual delivery is left to the discretion of the trainer center or the trainer delivering the class with guidelines from the EC-Council on how to make it a success.
Yes, the EC-Council does provide instructions that have to be followed by their Authorized Training center and their Certified Instructors as well. The instructor guide to the CEH V6 does a great job framing how the class will be delivered, it tells the instructor how the class should be configured, how to deliver it, and what the class is and what the class is not.
If a training centre uses the can material within the student books, uses an inexperience tester/security instructor, or does not use any supplement it can make for a dry class where someone is reading the slides to you.
However, I have seen companies out there who spent a large amount of time adding their own unique labs and corresponding target range to add more spice to the existing CEH content. This makes for a class really exciting where you get a lot more than some of the other competitors not going the extra mile.
CHOOSE YOUR INSTRUCTOR CAREFULLY
The instructor you get in class is what makes the biggest differenciator between an average class and a fantastic class. You wish to get someone in class who is an experience tester/security professional on both the defensive and the offensive side. You want somone who has delivered the class dozens of times already. You want someone who has proven his teaching skills over and over again. That will give you your money worth.
I have included my comment in between the paragraph written by Sil below. I will use a bold font below to ensure my comments are clearly visible and you can tell them apart from Sil message.
Here is Sil posting:
I edited and reworded this from a post I made on a certification forum. This will seem like some form of rambling, attack on EC-Council's cert, but its just an opinion. An opinion based on factual information and experience not only with EC-Council, but experience in the industry for well over 10 years professionally in security and too many to count in IT. As I wrote this, I thought long and hard about backlash involved in writing this, the naysayers who won't understand it, many thoughts ran through my mind, but I figured I'd take a hard look at the C|EH v6 since many have asked me about it. Without further ado, let's begin.
Take a common sense, logical view to the C|EH V6 exam. There are now 67 modules associated with the C|EH exam and according to EC-Council, you can take their 5 day course from the hours of 9am - 5pm and pass the exam. The mathematical break down to learn the C|EH if you follow EC-Council: 40 hours to cram 67 modules: 35 minutes per module. Is this realistic? Of course not, yet according to EC-Council's own wording: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Really? Considering there are no pre-requisites, e.g., 1-2 years systems administration, 1-2 years networking experience, an exam taker will have to cram understanding the OSI layer, TCP/IP and networking as a whole in 35 minutes. A miraculous feat in training if you ask me. (http://www.eccouncil.org/Course-Outline/Ethical%20Hacking%20and%20Countermeasures%20Course.htm)
When I first saw the announcement of the CEH V6 my reaction was exactly the same as yours. I taught it was completely retarded to even attempt to deliver that many modules within such a short time frame. Covering all of the modules added to well over 300 powerpoint slides per day which cannot humanly be done.
However, Just like you I was wrong in my ASSUMPTIONS because not ALL of the modules are required for the purpose of the certification exam. Some of the content is for exploration only, to make you think, play, challenge yourself, think outside the box like hacking was meant to be. These modules would never be used at a client site, for example: Hacking and Cheating Computer Games.
The instructor guide clearly guides the instructor on this subject. The instructor guide proposes three ways that the class could be delivered and the training centre decides which of the three ways they wish to use according to time availability.
The CEH description on the public site also clearly state that the class requires "Self Study".
GARBAGE IN = GARBAGE OUT
Your experience and what you get out of of this class or any class for that matter greatly depend on how much of your time you are willing to invest into it prior to sitting in class and while taking the class.
Simply sitting 6 hours per day in class, running away from class as soon as you can at the end of the day, is not going to cut it. You must prepare ahead of time, you must familiarize yourself with Linux, VMWare, and some of the most common tools before even showing up in class. This is how you will get the most just like any other classes you would take.
Here are the three delivery methods proposed:
Method 1
5 Days of training from 0900 hrs until 1700 hrs
21 Modules will be covered
Students have a series of modules as self study
Method 2
6 days of training from 0900 hrs until 1800 hrs
25 Modules will be covered
Students have a series of modules as self study
Method 3 (BOOT CAMP)
6 days of training from 0900 hrs until 2100 hrs
A larger number of modules will be covered
Students have some modules to go through as self study
As you can see this is why you have to select your training company carefully. You wish to get a company that will be delivering the class BOOT CAMP STYLE which is method 3 above. This will give you the best benefit. Some company even offer all in one formulas where all your meals and accommodation will be included in your tuition feed. This means that lunch and supper will be short interruption and not 1.5 hour or more. By the end of the week you have learned a lot, and you will be exhausted for sure. You must dedicate the week to doing your CEH in order to get the most out of it, just like any other certification class out there.
This premise of offering so called practical experience is highly disturbing considering that again, EC-Council makes no mention of candidates acquiring or having any kind of experience in any field be it networking, security, systems, nothing is mentioned. Continuing: Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system.
Now I ask myself, how can a student understand the concepts of role based access controls, permissions, domains, LDAP and other technologies in this amount of time, I mean seriously think about this. How can a student learn to optimally "secure a system" when they're basing their experience on pre-configured lab machines. I've taken the C|EH v5 and I can tell you first hand its filled with tools. All flash no cash. This testing methodology EC-Council is offering conveys a false sense of "security" expertise. A candidate should understand the systems they're "hacking" or "securing" for one, they should know the networking involved with that system down to understanding at an RFC level TCP/IP and the OSI layer to truly understand the technicalities of it all. Otherwise, what is the point of the exam, to point out how many different modules a certifying body can place into an exam? How many tools can the exam creators discover, capture screen shots and label someone an expert at 35 minutes worth of knowledge on the TOOL - not the fundamentals.
The biggest misconception about this entire course is that it will make someone a security expert. While EC-Council may have the best intentions in the creation of the exam, exposing candidates to the different areas of security, the expectations of a candidate truly knowing and understanding even the minimal concepts to pass an exam after again, 35 minutes of teaching on each subject is insane. Snake oil at best. Moving on: Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.
I agree with you that presenting this class as an expert level class is misleading. You should not take word "experience" as a synonym for the word "expert". For example, if I wanted to "experience" the intensity of driving at 200 miles per hour on a Nascar track I would not buy a car and rent track time just for that one time event as I don't even know if I am going to like it or not. I would find an experience driver who can let me ride alongside with him and see what it feels like. Attempting to drive the car myself would be completely foolish, I would most likely hit the wall at the first turn and risk hurting myself badly.
The same apply when learning the basis of security testing. You need someone that will guide you and tell you about the basic skills and techniques that are needed to perform security testing. The class is not meant to be an expert level class, it is a foundation class presenting an overview and introduction to the world of hacking tools and techniques. (Note I did not say Methodologies, this is what the ECSA is about, not this class)
If you look at the text extracted below from the EC-Council documentation, I think they state very clearly what it is and what it is NOT:
----- Beginning of extract -----
What CEHv6 is and what it is not?
The CEHv6 program is 100% focused on hacking technologies and the hacker tools. The emphasis of the program is based on the weapons used by the hacker. Think of it like this: if you want to beat the terrorist in a war, you will need to understand and master the various weapons used by these terrorists. Without the knowledge of their machine guns, tanks and communication techniques you will not be able to effectively produce a counter strategy.
The CEHv6 is NOT a network defense program and security policy implementation program. This course does not cover system administration, firewall rules implementation and configuring security policies. If you are looking for a network defense program then you should look into EC-Council’s ENSA program. CEHv6 = Hacking Technologies
----- End of extract -----
I disagree. There is no way I can think of someone leaving this course becoming "experienced" enough to call themselves a C|EH at its concept. What this course will produce is someone with a wide array of useless knowledge, akin to someone saying "I know TCP/IP like the back of my hands, it consists of packets!" Using pre-defined, often outdated tools does not make someone an experienced security professional let alone a hacker, monkeys can be trained to use tools. Because of the nature of the C|EH's structure, one million tools, 3/4's of them obsolete, I can see more security professionals snickering at the exam and the holders of the C|EH (all versions). A devaluation of the security professional.
Right now I'm currently in parallel studies on my own leisure for the NSA IAM, CISM and OPST with my seat for the CISM confirmed in December. From all I've read and learned, I value my OSCP more than the C|EH and look forward to the OPST exam. The OPST is more structured and realistic using real world experience coming from the most respected and trusted names in the industry. The creators of the OPST exam hold a lot more clout and credibility in my eyes than those of EC-Council. These are my two cents. Now, I've been in the security industry now for quite some time in fact, I've met some of my peers who would have been in diapers when I got involved in computing professionally. It doesn't take a rocket scientist to cobble together every security tool under the sun, give a base introduction to said tool, ask two questions on that tool, and label someone an expert.
I am not sure where you got this misconception. YES, there are many tools out there, there are new ones that are great and there are new ones that are completely crappy. However, there are also older tools who have been used over the years that you can't replace, for example Netcat/Cryptcat. I always stress in class that the best tool ever is your brain followed closely by a good browser. Tools alone will not get you there. I have written a lot of courseware myself and I always stress that understanding the CONCEPT is always more important than having the latest version of tool that came out this morning.
Myself I do not care much for tools or having a large collection of them. What I care about is that the student understand where the tool can be used best, how to use it, what the tool does on your behalf, how it does it as well.
Even if you would give me 100 power tools that does not mean that I could build a nice piece of furniture. However, if you show me the CONCEPT, the TECHNIQUES one by one, then you demonstrate each power tool one by one, you tell me the tips and tricks of using them with the proper technique while not damaging myself (i wish to keep all my fingers), then I might come out with something that looks like a piece of furniture instead of a pile of wood.
I am glad you mentioned the OPST, Pete Herzog at ISECOM has been running a very tight program and I also like his cert very much. It is definitively worth taking a look as an alternative. We need more accessibility to the OPST program here in the states. Recently I have seen that there is some push to bring this deeper into the US market which is good. Competition is always sane in this field and keeps all players in line.
Below you have an extract from the EC-Council web site, i love the clear "WARNING" on the last line very much:
----- Beginning of extract -----
Proof of concept tools
The goal of the class is to demonstrate various hacking techniques using the tools as an example to prove a point. For example, Netbus Trojan is showcased to show how a machine can be controlled by planting a server Trojan and control it by using client software. Practically speaking, the Netbus Trojan will be caught by anti-virus software and quarantined if files are infected. So do not dismiss this Trojan as being OUTDATED and does not work in real life. What you are showcasing is an example of a Trojan at work. This concept is VERY IMPORTANT. A skilled hacker can easily write his own Trojan in C++ with similar features as that of Netbus and call it Netbus 2008 version.
Many tools presented in the syllabus are proof of concept tools to demonstrate a hacking concept. If you blame the tools as being outdated and dismiss them in the class then you will do so for EVERY TOOL IN THE WORLD will be OUTDATED as time moves on.
Please explain this concept before the class starts and you will be safe. The focus of the class is Hacking Technologies using tools as an example. Encourage students to visit various hacker websites to update the tools’ version.
WARNING: YOUR CLASS WILL FAIL IF YOU FOCUS HEAVILY ON THE TOOLS AND NOT THE CONCEPT BEHIND IT
----- End of extract -----
If anyone ever criticized the CISSP for being a mile wide and an inch deep, I beg them to look at the concept that EC-Council is putting forward. A realistic expectation for someone to take this exam if it truly held its weight would be for the candidate to have at minimum six years experience with a mixture of industry experience, even then with the modules cobbled together, it's not asking for enough. From systems administration, to network administration and design, incidence response roles, programming to truly understand buffer overflows, the pre-requisites could go on and on.
Sadly I see the C|EH imploding within a few years as did the MCSE when everyone began labeling it the "Must Consult Someone Experienced" certification with everyone under the sun with zero knowledge acquiring this certifcation. At the core, EC-Council's concept seems to offer an unparalled level of expertise, but knowing the structure of the v5 exam, its content, after having taken the exam, I truly don't believe it's worth the paper its printed on, nor will the v6 be. Perhaps test takers care solely about the gimmicky "Got Hacked" t-shirts or the telephone book thick like books, whatever the case is, someone would have to be extremely clueless to expect a C|EH v6 to be an expert. Either that, or C|EH v6'ers will be uber security geniuses worthy of PhD's in information security at the end of a bootcamp.
I agree with you that the exam could be made tougher. I could easily see an exam of 6 hours with 250 questions or more.
However, once you remove the marketing verbiage and you look at what the class is, I think it is adequate as is.
After all this is a foundation class and only a foundation class. It will NOT make you an expert within one week, in fact it is a lifelong learning experience if you really wish to stay updated and current within the security testing field.
The one thing I would really like to see is a practical test included as well. This would prove that the candidate has not only understood the theory but he can also apply his knowledge. That would make a whole world of difference in properly assessing the skills.
Before many get bent out of shape, be honest with yourself, look at a module:
Module 17: Web Application Vulnerabilities
- Web Application Setup
- Web application Hacking
- Anatomy of an Attack
- Web Application Threats
- Cross-Site Scripting/XSS Flaws
- An Example of XSS
- Countermeasures
- SQL Injection
- Command Injection Flaws
- Countermeasures
- Cookie/Session Poisoning
- Countermeasures
- Parameter/Form Tampering
- Hidden Field at
- Buffer Overflow
- Countermeasures
- Directory Traversal/Forceful Browsing
- Countermeasures
- Cryptographic Interception
- Cookie Snooping
- Authentication Hijacking
- Countermeasures
- Log Tampering
- Error Message Interception
- Attack Obfuscation
- Platform Exploits
- DMZ Protocol Attacks
- Countermeasures
- Security Management Exploits
- Web Services Attacks
- Zero-Day Attacks
- Network Access Attacks
- TCP Fragmentation
- Hacking Tools
- Instant Source
- Wget
- WebSleuth
- BlackWidow
- SiteScope Tool
- WSDigger Tool – Web Services Testing Tool
- CookieDigger Tool
- SSLDigger Tool
- SiteDigger Tool
- WindowBomb
- Burp: Positioning Payloads
- Burp: Configuring Payloads and Content Enumeration
- Burp: Password Guessing
- Burp Proxy
- Burpsuite
- Hacking Tool: cURL
- dotDefender
- Acunetix Web Scanner
- AppScan – Web Application Scanner
- AccessDiver
- Tool: Falcove Web Vulnerability Scanner
- Tool: NetBrute
- Tool: Emsa Web Monitor
- Tool: KeepNI
- Tool: Parosproxy
- Tool: WebScarab
- Tool: Watchfire AppScan
- Tool: WebWatchBot
- Tool: Mapper
63 concepts, tools, methods and countermethods. 35 minutes to learn and understand it all. Seconds to learn every tool, concept, method to make you an "expert." Don't fret though, before one takes the test, EC-Council will verify where they work. Whether or not they will verify someone's duties and experience in the industry, is an altogether different story. A story I seriously find hard to believe. Good luck in attempting to label yourself an expert at anything in the security field by passing this exam. Its akin to someone in medical school studing neurology, coming across a picture of the heart and labeling himself a cardiologist. Not only a cardiologist, but also a neurologist without even finishing up his studies and passing the necessary exams, having the right experience to qualify.
Once again you are wrong in your time estimates and assumption. If you look at the classes being delivered by the top training companies out there, they spend more than half a day on this subject alone which is today one fo the most important one.
The playground for hackers today is at layer 7 today. This is where many of the compromises will happen and you need to spend more time on this.
CONCLUSION
Always put your marketing filtering hat on before you start reading public information about any of the certifications out there. They all attempt to make them sound like it is better than slice bread. However you have to look under the crust to see what you are really getting. The loaf of break might be hollow. The training companies are the bakers in this case and they are the one that ensure you get a full loaf of bread.
Myself, I prefer by far the BOOT CAMP delivery method where you always get copious amount of practical lab time and it is also where you get to sit down, talk with other students in class, and learn by doing. I have seen student stay overnight and sleep in class they were so much into it. This is what training is all about.
It always look easy on the powerpoint slides. However, the life of a security tester is sometimes very boring and tedious, it is not always a sure kill and you do not always get to break in with ease, that happens only in movies.
Last but not least, regardless of the certification you pick, always ensure that you have the best instructor that can be. This is what will make the MOST difference in your training and the learning experience that you get.
The CEH, OPST, GPEN, and many others are ALL entry level security testing/penetraton testing certifications. The world is upside down today. Ten years back people would work in the field for many years and then seek certification into their field of expertise to prove their level of skills and knowledge. Today, people are taking a foundation class to learn more about the subject of interest and then they attempt to get into a new field of expertise. There are many students who simply wishes to learn more about the subject, it is a very different crowd then ten years ago.
Best regards and thanks a whole lot for this great posting highlighting some of the key issues we have with training today.
Clement
J. Oquendo
SGFA, SGFE, C|EH, CHFI, OSCP
sil at e-fensive dot net "
Webinar for EC-Council's Members - August 2008 - Get your CPE's
Posted by cdupuis on Wednesday, 27 August 2008 @ 10:26:09 EDT (9583 reads)
Topic CEH
PRE-RECORDED WEBINAR FOR MEMBERS - AUG 2008
Duration: 45 minutes
|
|
|
|
Drive-by Downloads:
What Businesses Should Know
Presenter: Mr Ryan Naraine,
Security Evangelist of Kaspersky Lab
|
|
Do you know what's happening on your Web server? Is your company's Website a conduit for drive-by malware downloads? Download the webinar and listen to what our guest speaker, Ryan Naraine, a Security Evangelist with Kaspersky Lab, has got to share on this.
This webinar will help you understand the possible threats of drive-by downloads, identify the weakest links, proactively prepare post-infection response plans and ultimately, determine defense-in-depth approaches to protect your company's identity, brands, assets and intellectual properties.
About the Presenter
Ryan Naraine
Security Evangelist of Kaspersky Lab
As a security evangelist at Kaspersky Lab, Ryan Naraine has more than a decade of experience monitoring Internet and computer security trends and hackers' attacks. Along with monitoring current events in the information security arena, he is leading the development of Kaspersky's online community initiatives revolving around secure content management technologies. Ryan is also an active and a leading contributor to ZDNet's Zero Day security blog.
Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security for eWEEK, leading the magazine's and Website's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering daily security threats, vulnerabilities and IT security technologies. In addition, he covered IT security, hackers' attacks and secure content management topics for Jupiter Media's internetnews.com.
|
|
Get yourself updated with the latest!
Hackers are here. Where are you?
# # # |
|
|
|
|
|
Login
Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Big Story of Today
There isn't a Biggest Story for Today, yet.
Old Articles
| Tuesday, May 06 | | · | EC-Council Offers Details and Insights on CEH v6 |
| Friday, January 25 | | · | EC-Council Continuing Education Point System (ECE) |
| Wednesday, December 19 | | · | EC-Council Continuing Education (ECE) Credits |
| Tuesday, November 13 | | · | Career Excellence in Information Security Webinar from EC-Council |
| Friday, July 13 | | · | Hacker Halted Malaysia, Kuala Lumpur |
| Thursday, February 22 | | · | Article on Ethical Hacker in CertMag |
| Tuesday, December 19 | | · | CEH V5 -- THE RETURN OF THE MATRIX |
| Thursday, November 30 | | · | Certified Ethical Hacker Version 5 Exam Released |
| Thursday, November 09 | | · | Certified Ethical Hacker (CEH) V5 has been released |
| Tuesday, July 25 | | · | Ethical Hacking Seminar |
| Tuesday, June 06 | | · | Response from EC-Council regarding false accusations |
| Wednesday, October 13 | | · | The government of India becoming the exclusive provider of CEH training in India |
| Monday, February 23 | | · | CEH V3 Exam available at ALL prometrics centres |
| Tuesday, January 20 | | · | Certified Ethical Hacker (CEH) Certification Version 3 is out |
| Thursday, September 11 | | · | Question of the day |
Older Articles
|
[Criptography] DES Modes