CEH (Certified Ethical Hacking) Outline

This is a special course designed to address unemployment in the youth. The course aims to achieve the above objective through hands on practical training delivery by a team of dedicated professionals having rich market/work experience. This course is therefore not just for developing a theoretical understanding/back ground of the trainees. Contrary to that, it is primarily aimed at equipping the trainees to perform commercially in a market space in independent capacity or as a member of a team.

The course therefore is designed to impart not only technical skills but also soft skills (i.e. interpersonal/communication skills; personal grooming of the trainees etc.) as well as entrepreneurial skills (i.e. marketing skills; freelancing etc.). The course also seeks to inculcate work ethics to foster better citizenship in general and improve the image of Pakistani work force in particular.

Main Expectations:

In short, the course under reference should be delivered by professional instructors in such a robust hands-on manner that the trainees are comfortably able to employ their skills for earning money (through wage/self-employment) at its conclusion.

This course thus clearly goes beyond the domain of the traditional training practices in vogue and underscores an expectation that a market-centric approach will be adopted as the main driving force while delivering it. The instructors should therefore be experienced enough to be able to identify the training needs for the possible market roles available out there. Moreover, they should also know the strengths and weaknesses of each trainee to prepare them for such market roles during/after the training.

i.          Specially designed practical tasks to be performed by the trainees have been included in the Annexure-I to this document. The record of all tasks performed individually or in groups must be preserved by the management of the training Institute clearly labeling name, trade, session, etc. so that these are ready to be physically inspected/verified through monitoring visits from time to time. The weekly distribution of tasks has also been indicated in the weekly lesson plan given in this document.

ii.          To materialize the main expectations, a special module on Job Search & Entrepreneurial Skills has been included in the latter part of this course (5^th & 6^th month) through which, the trainees will be made aware of the Job search techniques in the local as well as international job markets (Gulf countries). Awareness around the visa process and

immigration laws of the most favored labor destination countries also

iii.          A module on Work Place Ethics has also been included to highlight the importance of good and positive behavior in the workplace in the line with the best practices elsewhere in the world. An outline of such qualities has been given in the Appendix to this document. Its importance should be conveyed in a format that is attractive and interesting for the trainees such as through PPT slides +short video documentaries. Needless to say that if the training provider puts his heart and soul into these otherwise non-technical components, the image of the Pakistani workforce would undergo a positive transformation in the local as well as international job markets.

To maintain interest and motivation of the trainees throughout the course, modern techniques such as:

•              Motivational Lectures

•              Success Stories

•              Case Studies

These techniques would be employed as an additional training tool wherever possible (these are explained in the subsequent section on Training Methodology).

Lastly, evaluation of the competencies acquired by the trainees will be done objectively at various stages of the training and a proper record of the same will be maintained. Suffice to say that for such evaluations, practical tasks would be designed by the training providers to gauge the problem-solving abilities of the trainees.

(i)           Motivational Lectures

The proposed methodology for the training under reference employs motivation as a tool. Hence besides the purely technical content, a trainer is required to include elements of motivation in his/her lecture. To inspire the trainees to utilize the training opportunity to the full and strive towards professional excellence. Motivational lectures may also include general topics such as the importance of moral values and civic role & responsibilities as a Pakistani. A motivational lecture should be delivered with enough zeal to produce a deep impact on the trainees. It may comprise of the following:

·         Clear Purpose to convey the message to trainees effectively.

·         Personal Story to quote as an example to follow.

·         Trainees Fit so that the situation is actionable by trainees and not represent a just idealism.

·         Ending Points to persuade the trainees on changing themselves.

A good motivational lecture should help drive creativity, curiosity, and spark the desire needed for trainees to want to learn more.

The impact of a successful motivational strategy is amongst others commonly visible in increased class participation ratios. It increases the trainees’ willingness to be engaged on the practical tasks for a longer time without boredom and loss of interest because they can see in their mind’s eye where their hard work would take them in short (1-3 years); medium (3 -10 years) and long term (more than 10 years).

Course-related motivational lectures online link is available in Annexure-II.

(ii)          Success Stories

Another effective way of motivating the trainees is using Success Stories. Its inclusion in the weekly lesson plan at regular intervals has been recommended till the end of the training.

A success story may be disseminated orally, through a presentation, or using a video/documentary of someone that has risen to fortune, acclaim, or brilliant achievement. A success story shows how a person achieved his goal through hard work, dedication, and devotion. An inspiring success story contains compelling and significant facts articulated clearly and easily comprehendible words. Moreover, it is helpful if it is assumed that the reader/listener knows nothing of what is being revealed. The optimum impact is created when the story is revealed in the form of:-

·         Directly in person (At least 2-3 cases must be arranged by the training institute)

·         Through an audio/ videotaped message (2-3 high-quality videos must be arranged by the training institute)

It is expected that the training provider would collect relevant high-quality success stories for inclusion in the training as suggested in the weekly lesson plan given in this document.

The suggestive structure and sequence of a sample success story and its various shapes can be seen in Annexure III.

(iii)        Case Studies

Where a situation allows, case studies can also be presented to the trainees to widen their understanding of the real-life specific problem/situation and to explore the solutions.

In simple terms, the case study method of teaching uses a real-life case example/a typical case to demonstrate a phenomenon in action and explain theoretical as well as practical aspects of the knowledge related to the same. It is an effective way to help the trainees comprehend in depth both the theoretical and practical aspects of the complex phenomenon in depth with ease. Case teaching can also stimulate the trainees to participate in discussions and thereby boost their confidence. It also makes the classroom atmosphere interesting thus maintaining the trainee interest in training till the end of the course.

Depending on suitability to the trade, the weekly lesson plan in this document may suggest case studies be presented to the trainees. The trainer may adopt a PowerPoint presentation or video format for such case studies whichever is deemed suitable but only those cases must be selected that are relevant and of a learning value.

The Trainees should be required and supervised to carefully analyze the cases.

For this purpose, they must be encouraged to inquire and collect specific information/data, actively participate in the discussions, and intended solutions to the problem/situation.

Case studies can be implemented in the following ways: –

i.              A  good  quality  trade-specific  documentary  (  At  least  2-3

ii.             Health &Safety case studies (2 cases regarding safety and industrial accidents must be arranged by the training institute)

iii.           Field visits( At least one visit to a trade-specific major industry/ site must be arranged by the training institute)

·         Fundamentals of Networking.

·         Fundamentals of script programming.

·         Basic Cyber Security Concepts.

·         Basic Ethical Hacking Tools.

·         Ethical Hacking Methodology.

Understanding of Ethical Hacking Concepts

·         Define ethical hacking and its role in cybersecurity.

·         Differentiate between ethical hacking and malicious hacking.

·         Comprehend the ethical and legal considerations in penetration testing.

Network Security Fundamentals

·         Demonstrate knowledge of network protocols and their vulnerabilities.

·         Understand network security architecture and defenses.

·         Identify and mitigate common network-based attacks.

Information Security Technologies:

·         Familiarity with various security tools and technologies.

·         Proficiency in using penetration testing tools such as Nmap, Metasploit, Wireshark, etc.

·         Understanding of intrusion detection and prevention systems.

Web Application Security

·         Identify and exploit common web application vulnerabilities.

·         Implement secure coding practices.

·         Perform web application security assessments.

Wireless Network Security

·         Analyze and secure wireless networks.

·         Identify vulnerabilities in wireless protocols.

·         Implement measures to secure wireless communications.

System Security

·         Evaluate and secure operating systems.

·         Implement host-based security measures.

·         Understand and mitigate common system-level vulnerabilities.

Bug Bounty Concepts and Practices

·         Understand the bug bounty ecosystem.

·         Comprehend the role of bug bounty hunters and security researchers.

·         Develop skills for responsible disclosure of security vulnerabilities.

Practical Application of Ethical Hacking

·         Execute penetration testing methodologies.

·         Conduct vulnerability assessments on various targets.

·         Develop and execute a penetration testing plan.

Legal and Ethical Considerations

·         Understand the legal and ethical aspects of ethical hacking.

·         Adhere to ethical guidelines and responsible disclosure practices.

Class hours: 4 hours per day

Theory: 20%

Practical: 80%

Weekly hours: 20 hours per week

Total contact hours: 260 hours

·         Afinity

·         NetSole

·         I2c

·         Multinet

·         Nescom

·         Transworld

·         Netcom

·         Systems

·         Web Work Solution

·         Purelogics

·         Nets-international

·         Ebryx

·         Network Administrator

·         IT Support Officer

·         Manager / Assistant Manager IT

·         Network support engineer

·         Security Analysts

·         Penetration tester

2.    Cyber Security Crash Course in English: https://www.youtube.com/watch?v=hXSFdwIOfnE

3.    Ethical Hacking Crash Course in Urdu: https://www.youtube.com/watch?v=596WPxrBFqo

4.    Network Hacking Crash Course in Urdu: https://www.youtube.com/watch?v=2hoeSbrtmLQ

5.    Bug Bounty Crash Course in Urdu: https://www.youtube.com/watch?v=-

Weeks

·         Course Intro

·         Success stories

·         Job Market

·         Intro to CEH

·         Roles of Security Expert

·         What is cyberspace.

·         What is hacker and its different types.

·         Different functions of OSI layers.

Setup for testing

·         Passive vs. Active Information Gathering

·         Footprinting and Reconnaissance

·         Social Media Intelligence

·         Metadata Analysis

·         DNS Enumeration

· Task 2

Details may be seen at

Gathering Emails and Subdomains

·         Gathering Information on Mobile Apps

·         Types of Network Scans

·         Port Scanning Techniques

· Task 3

Details may be seen at Annexure-I

·         UDP Scanning

·         Banner Grabbing

·         Scanning Tools and Utilities

·         Nmap – Network Mapper

·         Network Mapping and Topology Discovery

·         Vulnerability Scanning

·         Automated Scanning Workflows

·         Scanning for Web Applications

·         Wireless Network Scanning

·         Automating Scans with Scripts

·         Scanning Ethics and Legal Considerations

·         Post-Scanning Analysis

·         Enumeration Basics

·         NetBIOS Enumeration

·         LDAP Enumeration

·         SMB Enumeration

·         SMTP Enumeration

·         NTP Enumeration

·         RDP Enumeration

·         Port Enumeration Techniques

·         Share Enumeration

·         Vulnerability Enumeration

·         Nmap Scripts for Enumeration

·         SNMP Enumeration Tools

·         SMB Enumeration Tools

·         DNS Enumeration Tools

·         Enumeration for Active Directory

·         Enumeration for Linux

·         Enumeration Best Practices

·         Enumeration Ethics and Legal Considerations

·         Types of Vulnerabilities

Details may be seen at

·         Common Vulnerability Scoring System (CVSS)

·         OWASP Top Ten Vulnerabilities

·         Exploitation Frameworks and Vulnerabilities

·         Legal and Ethical Aspects of Vulnerability Analysis

·         Password Cracking Techniques

·         Password Cracking Tools

· Task 5

Details may be seen at Annexure-I

·         Exploiting Weak Passwords

·         Brute Force and Dictionary Attacks

·         Cracking Linux Passwords

·         Privilege Escalation on Windows

·         Rootkits and Trojans

·         Hiding Files and Processes

·         Covering Tracks and Removing Evidence

·         Social Engineering for System Hacking

·         Phishing Attacks

·         Email Spoofing and Impersonation

·         Bypassing Antivirus Software

·         Remote Administration Tools (RATs)

·         Advanced Persistent Threats (APTs)

·         Post-Exploitation Techniques

·         Exploitation Frameworks

·         Legal and Ethical Aspects of System Hacking

·         Malware Analysis Fundamentals

·         Types of Malware and Malicious Code

·         Static Analysis Techniques

·         Dynamic Analysis Techniques

·         Memory Analysis and Forensics

·         Disassembling and Debugging Malicious Code

·         Deobfuscation and Decryption

·         YARA Rules for Malware Detection

·         Identifying and

·         Building Custom Malware Analysis Tools

·         Network Traffic Analysis

·         Threat Intelligence and Malware Data Sources

·         Building a Malware Sandbox

·         Building a Memory Forensics Toolkit

·         Building Custom Analysis Scripts

·         Legal and Ethical Aspects of Malware Analysis

·         Legal and Ethical Aspects of Sniffing

·         Wireshark and Packet Capture Basics

Details may be seen at Annexure-I

·         Packet Filtering and Display Options

·         Packet Decryption Techniques

·         Capturing and Analyzing SSL/TLS Traffic

·         Sniffing on Switched Networks

MITM Attacks

·         DNS Spoofing and Cache Poisoning

·         Sniffing for Malware Traffic

·         Building Custom Sniffing Tools

·         Sniffing for Security and Troubleshooting

·         Sniffing Best Practices and Avoiding Detection

·         Legal and Ethical Aspects of Wireless Hacking

·         Wireless Network Fundamentals (Wi-Fi, WEP, WPA, WPA2)

·         Understanding Wi-Fi Security Vulnerabilities

·         Scanning for Wireless Networks (SSID, BSSID)

·         Rogue AP Detection and Mitigation

·         Cracking WEP Encryption

·         Cracking WPA/WPA2 Encryption (Dictionary Attacks, WPS)

·         Capturing and Analyzing Wireless Traffic

·         Wi-Fi Password Cracking Tools (e.g., Aircrack-ng)

·         Wardriving and GPS Mapping of Wi-Fi Networks

·         Wireless Network Auditing Tools (e.g., Kismet, Fern-Wifi- Cracker)

·         Wireless Sniffing and Packet Injection

Jamming Attacks

·         Evading MAC Address Filtering

·         Wi-Fi Pineapple and Rogue Device Attacks

Systems (NIDS)

·         Cracking WPA3 Encryption (if applicable)

·         Security Best Practices for Wireless Networks

·         Legal Implications of Unauthorized Wireless Hacking

·         Real-World Wireless Hacking Scenarios

·         Legal and Ethical Aspects of Social Engineering

·         Information Gathering for Social Engineering

·  Task 7

Details may be seen at Annexure-I

·         Phishing and Spear Phishing Attacks

·         Influence and Persuasion Techniques

·         Building Trust and Rapport

·         Elicitation and Information Extraction

·         Social Engineering in the Digital Age

·         Social Engineering for Physical Access

·         Building Custom Social Engineering Attacks

·         Countermeasures and Defense Strategies

·         Ethical and Responsible Social Engineering

·         Legal and Ethical Aspects of Session

Hijacking

·         Session Hijacking Techniques (e.g., Session Fixation)

·         Cross-Site Request Forgery (CSRF) Attacks

·         Session Fixation Attacks

·         Session Replay Attacks

·         Detecting and Mitigating Session Hijacking

·         Real-World Session Hijacking Scenarios

·         Countermeasures and Defense Strategies

SQL Injection Attack

·         Legal and Ethical Aspects of DoS Attacks

·         Types of DoS Attacks (e.g., Flood, Amplification, Logic

Bombs)

·  Task 8

Details may be seen at Annexure-I

·         Botnets and Botnet Herders

·         Protocol-Based Attacks (e.g., SYN Flood)

·         Denial of Service Attack Tools

·         Detection and Mitigation of DoS Attacks

·         Building Custom DoS Attack Tools

·         Real-World DoS Attack Scenarios

·         Countermeasures and Defense Strategies

·         Legal and Ethical Aspects of SQL Injection Testing

·         SQL Injection Fundamentals

·         Union-Based SQL Injection

·         Time-Based Blind SQL Injection

·         Out-of-Band SQL Injection

·         Second-Order SQL Injection

·         Stored SQL Injection

·         Boolean-Based Blind SQL Injection

·         Automated SQL Injection Tools

·         Detecting and Analyzing SQL Injection Attacks

·         Error-Based Information Gathering

·         Union-Based Data Extraction

·         Out-of-Band Data Exfiltration

·         SQL Injection through Form Fields

·         SQL Injection through URL Parameters

·         Exploiting SQL Injection for Privilege Escalation

·         Bypassing Web Application Firewalls (WAFs)

·         Legal and Ethical Implications of Exploiting SQL Injection

·         Real-World SQL Injection Scenarios

·         Practical SQL Injection Exercises

·         Legal and Ethical Aspects of Web Server Hacking

·         Web Server Fundamentals (e.g., Apache, Nginx)

·  Task 9

Details may be seen at Annexure-I

·         Vulnerability Scanning and Enumeration

·         Directory Traversal Attacks

·         SQL Injection in Web Servers

·         Remote Code Execution (RCE)

·         Web Shells and Backdoors

·         Denial of Service Attacks on Web Servers

·         Privilege Escalation Techniques

·         Building Secure Web Applications

·         Practical Web Server Hacking Exercises and Demonstrations

·         Countermeasures and Defense Strategies

·         Legal and Ethical Aspects of Web Application Hacking

·         Web Application

·         Web Application Scanning and

Enumeration

·         Cross-Site Scripting (XSS)

·         SQL Injection in Web Applications

·         Insecure Deserialization

·         Session Management Vulnerabilities

·         Web Application Fuzzing and Testing

·         File Upload and File Inclusion Vulnerabilities

·         Secure Coding and Development Best Practices

·         Practical Web Application Hacking Exercises and Demonstrations

·         Countermeasures and Defense Strategies

·         Legal and Ethical Aspects of Mobile

Hacking

Details may be seen at Annexure-I

·         Mobile Application Security Models

·         Setting Up a Mobile Hacking Environment

Jailbreaking (iOS) and Rooting (Android)

Vulnerabilities

·         Insecure Data Transmission (e.g., SSL

Pinning Bypass)

·         Reverse Engineering Mobile Apps

·         In-App Purchases and License Verification

Bypass

Logic

·         Real-World Mobile Exploits and Vulnerabilities

Mobile Exploits

·         Ethical Use of Mobile Hacking Skills

·         iOS Jailbreaks and Bypassing Security Features

·         Mobile App Debugging and Patching

·         Malware Analysis on Mobile Platforms

·         Legal and Ethical Aspects of Cryptography

·         Basic Concepts of Cryptography (Encryption, Decryption)

·  Task 11 Details may be seen at Annexure-I

·         Modern Cryptography Techniques (AES, RSA,

ECC, etc.)

·         Public Key Infrastructure (PKI)

·         Cryptographic Protocols (SSL/TLS, SSH, etc.)

·         Quantum Cryptography and Post-Quantum

·         Secure Key Management and

Exchange

·         Implementing Cryptographic Algorithms

·         Secure Communication with Cryptography

·         Cryptography in Blockchain Technology

·         Cryptography in Mobile Security

·         Cryptography in Web Application Security

·         Practical Cryptographic Exercises

·         Legal and Ethical Aspects of Bug Bounty Hunting

·         Bug Bounty Platforms and Marketplaces

·         Finding and Researching Bug Bounty Programs

·         Types of Security Vulnerabilities (OWASP Top Ten)

·         Mobile Application

·         Proof of Concept (PoC) and Exploitation

·         Creating Detailed Bug Bounty Reports

·         Bug Bounty Rewards and Payments

·         Bug Bounty Platform Tools and Resources

Details may be seen at Annexure-I

Final Project

·         Hands-on Practice on an Information Gathering

2.

team.

Week 2

3.

·         Perform active enumeration on a Windows-based network to identify Active Directory (AD) users, groups, and systems. Explore potential vulnerabilities for privilege escalation and demonstrate the ability to exploit them.

Week 3

4.

vulnerabilities.

Week 4

5.

·         A user’s system has been infected with malware, potentially granting unauthorized access. Your task is to investigate the

system, identify the attack vectors, and remediate the damage.

Week 5

6.

·         You are tasked with conducting a wireless security assessment for a client’s premises. Your goal is to identify any unauthorized or hidden wireless networks that could pose security risks.

Week 6

7.

·         Identify and exploit a session-related vulnerability in a web application. Hijack a user’s session and perform actions on their behalf.

Week 7

8.

Injection Attack

·         Identify a vulnerable login form on a web application. Use SQL injection techniques to bypass authentication and log in as a different

user. Demonstrate how prepared statements can prevent this attack.

Week 8

9.

Week 9

10.

Week10

11.

password cracking techniques.

Week11