Hands-on Tactical Security skills training is what you want to achieve secure networks and secure information - learning how to hack and secure networks in today's world is about staying ahead of the hackers. No organization can fight back against cyber-attacks if their security and system administration staff does not know how the most current attacks are launched and the technical details that allow the attacks to be blocked."
This Intense 72 hour Q/EH® Qualified/ Ethical Hacker class provides you with basic understanding of the hacking skills and tools required to determine potential security weakness in your organization. This class is your next class after Security+ and before CISSP®. Be ready for SERIOUS tactical hands-on labs with advanced Ethical Hacker skills learning how to defend networks from cyber-attack. Step up to Qualified with the Q/EH® Certification. SU courses and certificate programs of mastery are designed to provide you with an immersive learning experience -- from hands-on workshops, certifications, with deep dives on a particular cyber security topic or technology. Every class is structured to give you expertise in critical areas that you can immediately put to use.
- DoD Navy 'P Sparks IAM' - "I sat through SU's Q/EH® class which was fairly impressive and asked a large number of questions concerning their other SUT Exams. Looking at the challenges that the DOD is attempting to address, the Q/ISP strikes me as more appropriate than most of the current SUT Exams. This course/exam group is multi-functional, each section dealing with a very IA oriented goal/need. The Q/PTL® which is part of the Q/ISP® Q/SA® requires a written test, a three hour examination of a specialized test scenario (also graded) and two months of lab time to complete a full assessment report. One of the student reports was 20 pages in length. Definitely a high level of competence to receive a certification."
"Yes. Please quote me, the instructor was great, he was very knowledgeable. I had CEH™ and CHFI™ training from another vendor and I did receive certification but I wish I had attended your classes instead, I would have learned much more."
No death by power point - the Q/EH® study guide engages you in real world scenarios, no old hacking tools, like other Ethical Hacking classes. More than 35 hands-on tactical security labs to ensure you’re qualified and validated to defend networks from cyber threats.
Class Fee: |
$3,990 |
Time: |
72 hrs |
Learning Level: |
Entry |
Contact Hours: |
42 hr Lecture 35 hr labs |
Prerequisites: |
Understanding of TCP/IP Protocols |
Credits: |
72 CPE / 4 CEU |
Method of Delivery: |
Residential (100% face-to-face) or Hybrid |
Instructor: |
TBD |
Method of Evaluation: |
95 % attendance 2. 100 % completion of Lab |
Grading: |
Pass = Attendance+ labs & quizzes Fail > 95% Attendance |
Sample Job Titles:
Blue Team Technician
Certified TEMPEST Professional
Certified TEMPEST Technical Authority
Close Access Technician
Computer Network Defense (CND) Auditor
Compliance Manager /Ethical Hacker
Governance Manager/ Information Security Engineer/ Internal Enterprise Auditor
Network Security Engineer/ Penetration Tester
Red Team Technician/ Reverse Engineer
Risk/Vulnerability Analyst
Technical Surveillance Countermeasures Technician/ Vulnerability Manager
This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.
Text Materials: labs, SU Pen Testing Materials, resource CD’s and attack handouts.Machines a Dual Core 18M Ram, T Gig drives, running MS OS, linux, and VMWare Workstation
Tools for class - Whois, Google Hacking, Nslookup , Sam Spade, Traceroute , NMap , HTTrack , Superscan , Nessus, PSTool, Nbtstat, Solarwinds ,Netcat , John the ripper , Nikto/Wikto ,Web Scarab , HTTP Tunnel (hts.exe) , LCP ,Cain and Abel, Ettercap system hacking ,John the Ripper Wireshark sniffers, TCP dump, D sniff , tcpdump, Metasploit, ISS exploit, web app,Core Impact , Snort , Infostego, Etherape ,Firefox with plugins (Hackbar, XSSme...) ,, ebgoat, X Wget, Cyrpto tool, 'Curl'
KU Outcomes:
- Students will be able to describe potential system attacks and the actors that might perform them.
- Students will be able to describe cyber defense tools, methods and components.
- Students will be able to apply cyber defense methods to prepare a system to repel attacks.
- Students will be able to describe appropriate measures to be taken should a system compromise occur.
- Instruction and review with an experienced master of ethical hacking
- QEH Certification Exam on site last day of class
- Access to SU's IT Professional Reference Library of targeted studies
- snacks
Learning Objectives:
- Apply incident handling processes in-depth, including preparation, identification, containment, eradication, and recovery, to protect enterprise environments
- Analyze the structure of attack techniques, evaluate actors and thwart further actor activity
- Utilize tools to discover malware, including rootkits, back- doors, and trojan horses, choosing appropriate defenses/ response tactics for each
- Use built-in command-line tools, as well as Linux netstat, ps, and lsof to detect an actors presence on a machine
- Analyze routers,ARP tables, switch CAM tables to track an actor activity to dentify a suspect
- Use memory dumps and the Volatility tool to determine an actors activities on a machine, the malware installed, and other machines the actor used as pivot points across the network
- Gain access of a target machine using Metasploit, and then detecting the artifacts and impacts of exploitation through process, file, memory, and log analysis
- Analyze a system to see how actors use the Netcat tool to move files, create backdoors, and build relays through a target environment
- Run the Nmap port scanner and Nessus vulnerability scanner to find openings on target systems, and apply tools such as tcpdump and netstat to detect and analyze the impacts of the scanning activity
- Apply the tcpdump sniffer to analyze network traffic generated by a covert backdoor to determine an actors tactics
- Employ the netstat and Isof tools to diagnose specific types of traffic-flooding denial-of-service techniques and choosing appropriate response actions based on each actor's flood technique
CLICK TO ROLL DOWN OUR CLASS SYLLABUS
Analyze shell history files to find compromised machines, actor-controlled accounts, sniffers, and backdoors
QED certification, tests on the following 22 domains. 44 hrs lecture/ 30 hrs labs
- QED Ethics and Legal Issues
- QED Footprinting
- QED Scanning
- QED Enumeration
- QED System Hacking
- QED Trojans and Backdoors
- QED Sniffers
- QED Denial of Service
- QED Social Engineering
- QED Session Hijacking
- QED Hacking Web Servers
- QED Web Application Vulnerabilities
- QED Web Based Password Cracking Techniques
- QED SQL Injection
- QED Hacking Wireless Networks
- QED Virus and Worms
- QED Hacking Novell
- QED Hacking Linux
- QED IDS, Firewalls and Honeypots
- QED Buffer Overflows
- QED Cryptography
- QED Penetration Testing Methodologies
Lesson Plan 1
Qualified Ethical Hacker /Defender (QEH/D) Module 1: Ethics and Legality
- Understand Ethical Hacking terminology
- Define the Job role of an ethical hacker
- Understand the different phases involved in ethical hacking
- Identify different types of hacking technologies
- List the 5 stages of ethical hacking?
- What is hacktivism?
- List different types of hacker classes
- Define the skills required to become an ethical hacker
- What is vulnerability research?
- Describe the ways in conducting ethical hacking
- Understand the Legal implications of hacking
- Understand 18 U.S.C. § 1030 US Federal Law
Qualified Ethical Hacker /Defender (QEH/D)) Module 2: Footprinting
- Define the term Footprinting
- Describe information gathering methodology
- Describe competitive intelligence
- Understand DNS enumeration
- Understand Whois, ARIN lookup
- Identify different types of DNS records
- Understand how traceroute is used in Footprinting
- Understand how E-mail tracking works
- Understand how web spiders work
Qualified Ethical Hacker /Defender (QEH/D) Module 3: Scanning
- Define the term port scanning, network scanning and vulnerability scanning
- Understand the CEH scanning methodology
- Understand Ping Sweep techniques
- Understand nmap command switches
- Understand SYN, Stealth, XMAS, NULL, IDLE and FIN scans
- List TCP communication flag types
- Understand War dialing techniques
- Understand banner grabbing and OF fingerprinting techniques
- Understand how proxy servers are used in launching an attack
- How does anonymizers work
- Understand HTTP tunneling techniques
- Understand IP Spoffing Techniques
Qualified Ethical Hacker /Defender (QEH/D) Module 4: Enumeration
- What is Enumeration?
- What is meant by null sessions
- What is SNMP enumeration?
- What are the steps involved in performing enumeration?
Lesson Plan 2
Qualified Ethical Hacker /Defender (QEH/D) Module 5: System Hacking
- Understanding password cracking techniques
- Understanding different types of passwords
- Identifying various password cracking tools
- Understand Escalating privileges
- Understanding keyloggers and other spyware technologies
- Understand how to Hide files
- Understanding rootkits
- Understand Steganography technologies
- Understand how to covering your tracks and erase evidences
Qualified Ethical Hacker /Defender (QEH/D)) Module 6: Trojans and Backdoors
- What is a Trojan?
- What is meant by overt and covert channels?
- List the different types of Trojans
- What are the indications of a Trojan attack?
- Understand how “Netcat” Trojan works
- What is meant by “wrapping”
- How does reverse connecting Trojans work?
- What are the countermeasure techniques in preventing Trojans?
- Understand Trojan evading techniques
Qualified Ethical Hacker /Defender (QEH/D) Module 7: Sniffers >
- Understand the protocol susceptible to sniffing
- Understand active and passive sniffing
- Understand ARP poisoning
- Understand ethereal capture and display filters
- Understand MAC flooding
- Understand DNS spoofing techniques
- Describe sniffing countermeasures
Lesson Plan 3
Qualified Ethical Hacker /Defender (QEH/D) Module 8: Denial of Service
- Understand the types of DoS Attacks
- Understand how DDoS attack works
- Understand how BOTs/BOTNETS work
- What is “smurf” attack
- What is “SYN” flooding
- Describe the DoS/DDoS countermeasures
Qualified Ethical Hacker /Defender (QEH/D)) Module 9: Social Engineering
- What is Social Engineering?
- What are the Common Types of Attacks
- Understand Dumpster Diving
- Understand Reverse Social Engineering
- Understand Insider attacks
- Understand Identity Theft
- Describe Phishing Attacks
- Understand Online Scams
- Understand URL obfuscation
- Social Engineering countermeasures
Qualified Ethical Hacker /Defender (QEH/D) Module 10: Session Hijacking
- Understand Spoofing vs. Hijacking
- List the types of Session Hijacking
- Understand Sequence Prediction
- What are the steps in performing session hijacking
- Describe how you would prevent session hijacking
Qualified Ethical Hacker /Defender (QEH/D) Module 11: Hacking Web Servers
- List the types of web server vulnerabilities
- Understand the attacks Against Web Servers
- Understand IIS Unicode exploits
- Understand patch management techniques
- Understand Web Application Scanner
- What is Metasploit Framework?
- Describe Web Server hardening methods
Lesson Plan 4
Qualified Ethical Hacker /Defender (QEH/D) Module 12: Web Application Vulnerabilities
- Understanding how web application works
- Objectives of web application hacking
- Anatomy of an attack
- Web application threats
- Understand Google hacking
- Understand Web Application Countermeasures
Qualified Ethical Hacker /Defender (QEH/D) Module 13: Web Based Password Cracking Techniques
>
- List the Authentication types
- What is a Password Cracker?
- How does a Password Cracker work?
- Understand Password Attacks - Classification
- Understand Password Cracking Countermeasures
Qualified Ethical Hacker /Defender (QEH/D) Module 14: SQL Injection
- What is SQL injection?
- Understand the Steps to conduct SQL injection
- Understand SQL Server vulnerabilities
- Describe SQL Injection countermeasures
Qualified Ethical Hacker /Defender (QEH/D) Module 15: Hacking Wireless Networks
- Overview of WEP, WPA authentication systems and cracking techniques
- Overview of wireless Sniffers and SSID, MAC Spoofing
- Understand Rogue Access Points
- Understand Wireless hacking techniques
- Describe the methods in securing wireless networks
Qualified Ethical Hacker /Defender (QEH/D) Module 16: Virus and Worms
- Understand the difference between an virus and a Worm
- Understand the types of Viruses
- How a virus spreads and infects the system
- Understand antivirus evasion techniques
- Understand Virus detection methods
Lesson Plan 5
Qualified Ethical Hacker /Defender (QEH/D) Module 17: Physical Hacking
- Physical security breach incidents
- Understanding physical security
- What is the need for physical security?
- Who is accountable for physical security?
- Factors affecting physical security
Qualified Ethical Hacker /Defender (QEH/D) Module 18: Linux Hacking
- Understand how to compile a Linux Kernel
- Understand GCC compilation commands
- Understand how to install LKM modules
- Understand Linux hardening methods
Qualified Ethical Hacker /Defender (QEH/D) Module 19: IDS, Firewalls and Honeypots
- List the types of Intrusion Detection Systems and evasion techniques
- List firewall and honeypot evasion techniques
Qualified Ethical Hacker /Defender (QEH/D) Module 20: Buffer Overflows 1 hrs Lecture 1 hr Labs
- Overview of stack based buffer overflows
- Identify the different types of buffer overflows and methods of detection
- Overview of buffer overflow mutation techniques
Qualified Ethical Hacker /Defender (QEH/D) Module 21: Cryptography
- Overview of cryptography and encryption techniques
- Describe how public and private keys are generated
- Overview of MD5, SHA, RC4, RC5, Blowfish algorithms
Qualified Ethical Hacker /Defender (QEH/D) Module 22: Penetration Testing Methodologies
- Overview of penetration testing methodologies
- List the penetration testing steps
- Overview of the Pen-Test legal framework
- Overview of the Pen-Test deliverables
- List the automated penetration testing tools
125 online EXAM starts at 1pm ( 3 hr exam)
Grades - All students must ordinarily take all quizzes, labs, final exam and submit the class practical in order to be eligible for a Q/ISP, Q/IAP, Q/SSE, or Q/WP credential with SU or another school unless granted an exception in writing by the President. Know that Q/ISP classes draws quite the spectrum of students, including "those less comfortable," "those more comfortable," and those somewhere in between. However, what ultimately matters in this course is not so much where you end up relative to your classmates but where you end up relative to yourself in on Friday of class. The course is graded as a pass or fail solely on your attendance and participation. Those less comfortable and somewhere in between are not at a disadvantage vis-à-vis those more comfortable. Escalating labs help you prepare for real world scenarios. Each labs escalates upon itself, increasing in intensity, rising to the next level, while your mitigating the threat step by step
Books - No books are required for this course. However, you may want to supplement your preparation for or review of some lectures with self-assigned readings relevant to those lectures' content from either of the books below. The first is intended for those inexperienced in (or less comfortable with the idea of) hacking. The second is intended for those experienced in (or more comfortable with the idea of) hacking. Both are available at sites like Amazon.com. Both are avail at the SU Hacker Library. Realize that free, if not superior, resources can be found on the SU website.
Those Less Comfortable - Hacking for Dummies, Kevin Beaver - Publication Date: January 29, 2013 | ISBN-10: 1118380932
For Those More Comfortable The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy by Patrick Ngebretson (Jun 24, 2013) The book below is recommended for those interested in understanding how their own computers work for personal edification
|