slider 01

Certified Ethical Hacker CEHv13 AI

Course Duration: 50 Hours
Course PDF:

Course Overview

The Certified Ethical Hacker- Artificial Intelligence (CEHv13- AI) course is one of the most important and demanding certification courses designed by the EC Council. This course provides all the skills required to become an Ethical Hacker and builds foundational knowledge for exploring Penetration Testing. It is a highly valuable and regarded certification in the Cyber Security domain. This new version includes Artificial Intelligence which empowers ethical hackers in securing modern networks. Its key topics include web application security, IoT, OT security, Cloud Computing, Malware Threats, Cryptography, and Network security. After completing the course, you will have proficiency in ethical hacking methodology and hands-on experience with popular tools like Nmap, Burp Suite, Metasploit Framework, Nessus, Hydra, Hashcat, and others.

Syllabus

Chapter I – Introduction to Ethical Hacking
  • Basics of Information Security
  • Hacker Types and Ethical Hacking Practices
  • Phases involved in Ethical Hacking
  • Understanding Cyber Kill Chain Methodology
  • Exploring MITRE ATT&CK Framework
  • Classification of Cyber Attacks
  • Managing Risks in Security
  • Handling Security Incidents
  • Information Assurance (IA)
  • Overview of PCI DSS
  • Understanding SOX
  • GDPR Essentials
  • HIPAA and Its Relevance

Practical: Setting up a secure hacking environment using virtual machines and labs.

Chapter II – Reconnaissance and Footprinting
  • Search Engine based Footprinting
  • Social Media based Footprinting
  • Web Services
  • DNS Footprinting
  • Network Footprinting
  • Website Footprinting
  • Email Footprinting
  • Whois Lookups

Practical: Using search engines, social media, and specialized tools for online footprinting. Employing reconnaissance techniques like OSINT, WHOIS information gathering, WayBack machine, Google Dorking, IMINT and Email footprinting.

Chapter III – Scanning
  • Discovering Hosts
  • Scanning Ports
  • Identifying Operating Systems
  • Service Version Detection
  • Vulnerability Scanning

Practical: Utilizing Nmap for recognizing open ports, services, and vulnerabilities.

Chapter IV – Enumeration
  • Identifying Service Vulnerabilities
  • Brute-forcing Credentials of various services
  • Exploring SSH and Telnet
  • Understanding SMTP Enumeration
  • RDP and VNC Enumeration
  • Investigating SMB
  • Examining FTP
  • Investigating DNS

Practical: Extracting information like usernames, shares, and resources using various tools. Identifying exploits for vulnerable services. Introduction to Metasploit Framework. Brute-Force attacks using Hydra.

Chapter V – Vulnerability Analysis
  • Understanding the Vulnerability Assessment Life Cycle
  • Researching vulnerabilities through scoring systems and databases
  • Conducting vulnerability assessments using tools like Nessus, nikto, Burp Suite Professional

Practical: Performing vulnerability scans using tools like Nessus, Nikto, or OpenVAS.

Chapter VI – System Hacking
  • Executing active attacks to crack password hashes of Windows and Linux OS
  • Bypassing Authentication on Linux and Windows machines
  • Exploiting vulnerabilities to gain remote system access
  • Escalating Privileges on Linux and Windows
  • Concealing data through Steganography
  • Using Malwares for persistent access.
  • Clearing logs on Windows and Linux machines using various utilities
  • Hiding artifacts within Windows and Linux systems

Practical: Cracking passwords using tools like John the Ripper or Hashcat. Exploiting system vulnerabilities in a controlled environment. Generating malicious Payloads. Tools for Steganography. Tools for covering tracks on various OS.

Chapter VII – Malware Threats
  • Understanding Malware and its Components
  • Overview of Trojan Horses
  • Different Types of Trojans
  • Gaining control through Trojans
  • Exploring Viruses
  • Introduction to Ransomware
  • Understanding Computer Worms
  • Keyloggers and Spywares
  • Analysis of Malware
  • Static and Dynamic Malware Analysis
  • Techniques for Detecting Malwares
  • Antivirus Software

Practical: Working with various malwares like Trojan horses, Ransomware, etc. Identifying and protecting systems from Malware threats.

Chapter VIII – Sniffing
  • Network Sniffing
  • MAC Flooding
  • DHCP Starvation Attack
  • ARP Spoofing Attack
  • ARP Poisoning (Man-in-the-middle)
  • Tools for ARP Poisoning
  • MAC Address Spoofing
  • DNS Poisoning and relevant tools
  • Sniffing Tools
  • Detection Techniques for Sniffing

Practical: Packet sniffing using Wireshark or Tcpdump for network traffic analysis. Executing Man-in-the-Middle attack using ARP poisoning. Performing MAC spoofing. Conducting DHCP attacks.

Chapter IX – Social Engineering
  • Executing social engineering through various techniques
  • Linux machine MAC address spoofing
  • Identifying phishing attacks
  • Evaluating an organization’s security against phishing
  • Key topics include-
  • Different Types of Social Engineering
  • Human, Computer, and Mobile-based Social Engineering
  • Phishing Attacks and Tools
  • Insider Threats and Attacks
  • Identity Theft

Practical: Simulating phishing attacks to demonstrate social engineering tactics. Embedding a malicious link.

Chapter X – DoS
  • DoS Attacks
  • Distributed DoS (DDoS) Attacks
  • Understanding Botnets
  • Techniques used in DoS/DDoS Attacks
  • Ping of Death attack
  • Smurf attack
  • SYN flood attack
  • Slowloris attack
  • Tools used in DoS/DDoS Attacks

Practical: Simulating DoS attacks using tools like LOIC, hping3, or Metasploit Framework to understand their impact on systems and networks.

Chapter XI – Session Hijacking
  • Understanding Sessions and Cookies
  • Exploring Session Hijacking
  • Varieties of Session Hijacking
  • Differentiating Spoofing and Hijacking
  • Application-Level Session Hijacking
  • Client-Side Attacks
  • Session Replay Attacks
  • Tools for Session Hijacking

Practical: Demonstrating session hijacking exercises to gain control of active HTTP connections and illustrate associated risks.

Chapter XII – Evading IDS, Firewall and Honeypots
  • Understanding Defensive Devices- IDS, Firewalls, Honeypots
  • Intrusion Detection System (IDS) Overview
  • Firewall Concepts
  • Honeypot Functionality
  • Circumventing Firewall Rules
  • Strategies for Evading IDS and Firewalls

Practical: Exploring IDS functions using Snort. Understanding Firewalls using Firewalld and Windows Firewalls. Exploring Honeypots. Implementing techniques to bypass IDS and Firewalls to understand their limitations.

Chapter XIII – Hacking Web Server
  • Understanding Web Architecture
  • Functions of Web Servers
  • Attacks on Web Servers
  • DNS Server Hijacking
  • Defacement of Websites
  • Methodologies for Attacking Web Servers
  • Patch Management
  • Tools for Web Server Attacks
  • Tools for Enhancing Web Server Security

Practical: Identifying vulnerabilities in web servers (like Apache, Nginx) and exploiting them.

Chapter XIV – Hacking Web Application
  • Web Application Architecture
  • Threats to Web Applications
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Directory Traversal
  • Command Injection
  • File Upload Vulnerabilities
  • Server-Side Request Forgery (SSRF)
  • Cross-Site Request Forgery (CSRF)
  • Broken Authentication
  • Broken Access Control
  • Clickjacking
  • OWASP Top 10 Application Security Risks – 2021
  • Methodology for Hacking Web Applications
  • Web Shells
  • Web Application Security Measures

Practical: Assessing web application security using Burp Suite. Exploiting web application vulnerabilities like Cross-Site Scripting, Directory Traversal, File Upload, CSRF, SSRF, Command Injection, etc.

Chapter XV – SQL Injection
  • Understanding SQL Injection
  • Varieties of SQL Injection
  • Error-Based SQL Injection
  • Union-Based SQL Injection
  • Blind SQL Injection
  • Methodology for SQL Injection
  • Tools for SQL Injection

Practical: Executing SQL injection exercises against vulnerable web applications to retrieve or manipulate data. Understanding different types of SQL Injection like Error, Union, and Blind-based attacks.

Chapter XVI – Hacking Wireless Networks
  • Wireless Network Terminology
  • Characteristics of Wireless Networks
  • Wireless Encryption Standards (WEP, WPA, WPA2, WPA3)
  • Threats to Wireless Networks
  • Methodology for Hacking Wireless Networks
  • Techniques for Cracking Wi-Fi Passwords
  • Evil-Twin Attacks
  • Jamming Signal Attack
  • De-Authentication Attack
  • Threats Associated with Bluetooth

Practical: Conducting wireless network password cracking attacks. Employing tools like aircrack-ng suite for various wireless attacks.

Chapter XVII – Hacking Mobile devices
  • Attack Vectors for Mobile Platforms
  • App Sandboxing, SMS Phishing Attack (SMiShing)
  • Android Rooting
  • Hacking Techniques for Android Devices
  • Android Security Tools
  • Jailbreaking iOS
  • Hacking Methods for iOS Devices
  • Tools for iOS Device Security
  • Bring You Own Device (BYOD)
  • Mobile Device Management (MDM)
  • Tools for Mobile Security

Practical: Exploring various mobile threats (malware, phishing, etc.) and implementing countermeasures. Generating malicious Payloads for mobile devices. Exploring attacks like DoS, SMS/call bombing, Port scanning, etc.

Chapter XVIII – IoT and OT Hacking
  • IoT Architecture
  • IoT Communication Models
  • Vulnerabilities in IoT
  • Methodology for Hacking IoT
  • Tools for Hacking IoT
  • Introduction to OT
  • IT/OT Convergence and IIoT
  • Vulnerabilities in ICS and OT
  • Attacks on OT
  • Methodology for Hacking OT
  • Tools for Hacking OT
  • Tools for OT Security

Practical: Identifying and analyzing IoT and OT devices within a network using tools like Shodan, search engines, or network scanning techniques. Conducting vulnerability scanning and analysis of IoT and OT devices using specialized tools like Nessus, nmap, etc.

Chapter XIX – Cloud Computing
  • Cloud Computing Overview
  • Types of Cloud Computing Services
  • Cloud Deployment Models
  • Cloud Architecture
  • Cloud Service Providers
  • Containers
  • Docker
  • Cloud-Based Attacks
  • Cloud Network Security
  • Controls for Cloud Security

Practical: Understanding Cloud platforms like AWS. Exploring AWS EC2 service for deploying a virtual machine.

Chapter XX – Cryptography
  • Introduction to Cryptography
  • Encryption Algorithms
  • Types of Encryption
  • Hashing
  • MD5 and SHA Hash Calculation
  • Cryptographic Tools
  • Public Key Infrastructure (PKI)
  • Email Encryption
  • Disk Encryption
  • Cryptography Attacks
  • Countermeasures for Attacks

Practical: Hands-on practice with encryption and decryption using tools like OpenSSL or PGPtool. Practical experience with Hashing using tools like hashmyfiles, hashcalc, etc. Understanding password cracking using CrackStation. Exploring different Encoding methods like Base64, ROT13, Morse code, etc.

Who can enroll?

CEHv13 course is suitable for students or beginners with basic knowledge of networking and Linux operating systems who want to build a strong foundation in Ethical Hacking. It is also ideal for Security Officers, auditors, network administrators, and system administrators looking to strengthen their organization’s defenses against cyber risks. Moreover, this course is most suitable for individuals aiming to make a career in cyber security including roles like penetration testers, security analysts, and ethical hackers.

Course Duration

50 Hours

Download the PDF

CEHv13 AI Syllabus- CyberiumX

Tools Covered

  • OSINT Framework
  • Wayback Machine
  • Nmap
  • Metasploit Framework
  • Hydra
  • Nessus
  • Nikto
  • Burp Suite
  • John The Ripper
  • Hashcat
  • NjRAT
  • DIE
  • Wireshark
  • CHatGPT
  • ShellGPT
  • HackerGPT
  • Tcpdump
  • Ettercap
  • Yersinia
  • Macof
  • SEToolkit
  • Zphisher
  • Hping3
  • Slowloris
  • LOIC
  • Snort
  • Firewalld
  • Pentbox
  • SQLmap
  • Gobuster
  • Sublist3r
  • Aircrack-ng
  • ADB
  • Portdroid
  • Docker
  • Hashmyfiles
  • Hashcalc
  • PGPTool
  • VeraCrypt
  • BCTextEncoder
Book a Demo

Need Help?

IT professionals, cybersecurity enthusiasts, network administrators, and ethical hackers aiming to enhance their skills.

The course covers footprinting, enumeration, vulnerability analysis, system hacking, malware threats, and web application security.

Yes, CEH v13 includes hands-on labs and a practical exam option to test real-world hacking skills.

CEH-certified professionals can work as penetration testers, SOC analysts, security consultants, and incident responders.

Coding is not mandatory, but knowledge of Python, Bash, and PowerShell can be beneficial.