Ceh v7 and v8 Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison

Page | 1 Certified Ethical Hacker Copyright © by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited.

Version Comparison

CEHv8 vs CEHv7

CEHv7 CEHv8

Updated information as per the latest developments with a proper flow

Classroom friendly with diagrammatic representation of concepts and attacks

Exclusive section for best practices to follow to protect information systems against various attacks

New and rich presentation style with eye catching graphics

Latest OS covered and a patched testing environment

Well tested, result oriented, descriptive and analytical lab manual to evaluate the presented concepts

19 Modules 20 Modules

90 Labs 110 Labs

1700 Slides 1770 Slides

No Document Document



Module Comparison of CEHv8 with CEHv7

Introduction to Ethical Hacking

Hacking refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to the system resources. The topics highlighted in red under CEHv8 Module 01: Introduction to Ethical Hacking are the new additions.

CEHv7 Module 01: Introduction to Ethical Hacking

CEHv8 Module 01: Introduction to Ethical Hacking

Data Breach Investigations Report Data Breach Investigations Report

Essential Terminologies Essential Terminologies

Elements of Information Security Elements of Information Security

Effects of Hacking on Business Top Information Security Attack Vectors

Who Is a Hacker? Motives, Goals, and Objectives of Information Security Attacks

Hacking Phases Information Security Threats

Types of Attacks on a System Information Warfare

Why Ethical Hacking is Necessary IPv6 Security Threats

Skills of an Ethical Hacker Hacking vs. Ethical Hacking

Vulnerability Research Effects of Hacking on Business

What Is Penetration Testing? Who Is a Hacker?

Hacking Phases

Types of Attacks on a System

Why Ethical Hacking is Necessary

Skills of an Ethical Hacker

Incident Management Process

Types of Security Policies



Vulnerability Research

What Is Penetration Testing?

Footprinting and Reconnaissance

Footprinting refers to uncovering and collecting as much information as possible about a target network, for identifying various ways to intrude into an organization’s network system. The topics highlighted in red under CEHv8 Module 02: Footprinting and Reconnaissance are the new additions.

CEHv7 Module 02: Footprinting and Reconnaissance

CEHv8 Module 02: Footprinting and Reconnaissance

Footprinting Terminologies Footprinting Terminologies

What Is Footprinting? What Is Footprinting?

Objectives of Footprinting Objectives of Footprinting

Footprinting Threats Footprinting Threats

Footprinting through Search Engines Footprinting through Search Engines

Website Footprinting Website Footprinting

Email Footprinting Email Footprinting

Competitive Intelligence Competitive Intelligence

Footprinting Using Google Footprinting Using Google

WHOIS Footprinting WHOIS Footprinting

DNS Footprinting DNS Footprinting

Network Footprinting Network Footprinting

Footprinting Tools Footprinting through Social Engineering

Footprinting Countermeasures Footprinting through Social Networking Sites



Footprinting Pen Testing Footprinting Tools

Footprinting Countermeasures

Footprinting Pen Testing

Footprinting Terminologies

What Is Footprinting?

Scanning Networks

Network scanning refers to a set of procedures for identifying hosts, ports, and services in a network. The topics highlighted in red under CEHv8 Module 03: Scanning Networks are the new additions

CEHv7 Module 03: Scanning Networks CEHv8 Module 03: Scanning Networks

Overview of Network Scanning Overview of Network Scanning

CEH Scanning Methodology CEH Scanning Methodology

Checking for Live Systems Checking for Live Systems

Scanning Techniques Scanning IPv6 Network

IDS Evasion Techniques Scanning Techniques

Banner Grabbing IDS Evasion Techniques

Vulnerability Scanning Banner Grabbing

Drawing Network Diagrams Vulnerability Scanning

Proxy Chaining Drawing Network Diagrams

HTTP Tunneling Techniques Proxy Chaining

SSH Tunneling HTTP Tunneling Techniques

Anonymizers SSH Tunneling

IP Spoofing Detection Techniques Anonymizers

Scanning Countermeasures IP Spoofing Detection Techniques

Scanning Pen Testing Scanning Countermeasures

Scanning Pen Testing

Latest Network Scanning Tools Added



6 more Labs Added

Enumeration

In the enumeration phase, attacker creates active connections to system and performs directed queries to gain more information about the target. The topics highlighted in red under CEHv8 Module 04: Enumeration are the new additions.

CEHv7 Module 04: Enumeration CEHv8 Module 04: Enumeration

What Is Enumeration? What Is Enumeration?

Techniques for Enumeration Techniques for Enumeration

NetBIOS Enumeration Services and Ports to Enumerate

Enumerate Systems Using Default Passwords NetBIOS Enumeration

SNMP Enumeration Enumerate Systems Using Default Passwords

UNIX/Linux Enumeration SNMP Enumeration

LDAP Enumeration Working of SNMP

NTP Enumeration UNIX/Linux Enumeration

SMTP Enumeration LDAP Enumeration

DNS Enumeration NTP Enumeration

Enumeration Countermeasures SMTP Enumeration

Enumeration Pen Testing DNS Enumeration

Enumeration Countermeasures

Enumeration Pen Testing

Latest Enumeration Tools Added

1 more Lab Added



System Hacking

Password cracking techniques are used to recover passwords from computer systems. The topics highlighted in red under CEHv8 Module 05 System Hacking are the new additions.

CEHv7 Module 05 System Hacking CEHv8 Module 05 System Hacking

System Hacking: Goals System Hacking: Goals

CEH Hacking Methodology (CHM) CEH Hacking Methodology (CHM)

Password Cracking Password Cracking

Microsoft Authentication Stealing Passwords Using Keyloggers

How to Defend against Password Cracking Microsoft Authentication

Privilege Escalation How to Defend against Password Cracking

Types of Privilege Escalation Privilege Escalation

Executing Applications Types of Privilege Escalation

Types of Keystroke Loggers and Spywares Executing Applications

Anti-Keylogger and Anti-Spywares Methodology of Attacker in using Remote Keylogger

Detecting Rootkits Types of Keystroke Loggers and Spywares

NTFS Stream Manipulation Anti-Keylogger and Anti-Spywares

Classification of Steganography Various methods to place a rootkit

Steganalysis Methods/Attacks on Steganography

Detecting Rootkits

Covering Tracks NTFS Stream Manipulation

Penetration Testing Application of steganography

Classification of Steganography

Audio Steganography Methods

Issues in Information hiding

Steganalysis Methods/Attacks on Steganography

Detecting Text, Image, Audio, and Video Steganography

Covering Tracks

Penetration Testing



Trojans and Backdoors

It is a program in which the malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and cause damage, such as ruining the file allocation table on your hard disk. The topics highlighted in red under CEHv8 Module 06: Trojans and Backdoors are the new additions.

CEHv7 Module 06: Trojans and Backdoors CEHv8 Module 06: Trojans and Backdoors

What Is a Trojan? What Is a Trojan?

What Do Trojan Creators Look For What Do Trojan Creators Look For

Indications of a Trojan Attack Indications of a Trojan Attack

Common Ports used by Trojans Common Ports used by Trojans

How to Infect Systems Using a Trojan How to Infect Systems Using a Trojan

Different Ways a Trojan can Get into a System

Different Ways a Trojan can Get into a System

How to Deploy a Trojan How to Deploy a Trojan

Types of Trojans Types of Trojans

How to Detect Trojans Trojan Analysis

Trojan Countermeasures How to Detect Trojans

Trojan Horse Construction Kit Trojan Countermeasures

Anti-Trojan Software Trojan Horse Construction Kit

Pen Testing for Trojans and Backdoors Anti-Trojan Software

Pen Testing for Trojans and Backdoors

Latest Trojan Detection Tools Added

2 more Labs Added



Viruses and Worms

A virus is a self-replicating program that produces its own code by attaching copies of itself into other executable codes. The topics highlighted in red under CEHv8 Module 07: Viruses and Worms are the new additions.

CEHv7 Module 07: Viruses and Worms CEHv8 Module 07: Viruses and Worms

Introduction to Viruses Introduction to Viruses

Stages of Virus Life Stages of Virus Life

Working of Viruses Working of Viruses

Indications of Virus Attack Common Techniques Used to Distribute Malware on the Web

How does a Computer Get Infected by Viruses

Indications of Virus Attack

Types of Viruses How does a Computer Get Infected by Viruses

Virus Maker Virus Analysis

Computer Worms Types of Viruses

Worm Analysis Virus Maker

Worm Maker Computer Worms

Malware Analysis Procedure Worm Analysis

Online Malware Analysis Services Worm Maker

Virus and Worms Countermeasures Malware Analysis Procedure

Antivirus Tools Online Malware Analysis Services

Penetration Testing for Virus Virus Detection Methods

Virus and Worms Countermeasures

Antivirus Tools

Penetration Testing for Virus



Sniffers

Packet sniffing is a process of monitoring and capturing all data packets passing through a given network using software (application) or hardware device. The topics highlighted in red under CEHv8 Module 08: Sniffing are the new additions.

CEHv7 Module 08: Sniffers CEHv8 Module 08: Sniffing

Packet Sniffing Packet Sniffing

Sniffing Threats Sniffing Threats

Types of Sniffing Attacks Types of Sniffing Attacks

Hardware Protocol Analyzers Hardware Protocol Analyzers

MAC Flooding IPv6 Addresses

How DHCP Works MAC Flooding

Rogue DHCP Server Attack How DHCP Works

ARP Spoofing Techniques Rogue DHCP Server Attack

ARP Poisoning Tools ARP Spoofing Techniques

How to Defend Against ARP Poisoning ARP Poisoning Tools

Spoofing Attack Threats How to Defend Against ARP Poisoning

How to Defend Against MAC Spoofing Spoofing Attack Threats

DNS Poisoning Techniques MAC Spoofing Technique

How to Defend Against DNS Spoofing IRDP Spoofing

Sniffing Tools How to Defend Against MAC Spoofing

Sniffing Pen Testing DNS Poisoning Techniques

How to Defend Against DNS Spoofing

Sniffing Tools

Sniffer Detection Technique

Sniffing Pen Testing



Social Engineering

Social engineering is the art of convincing people to reveal confidential information. Social

engineers depend on the fact that people are unaware of their valuable information and are

careless about protecting it. The topics highlighted in red under CEHv8 Module 09: Social

Engineering are the new additions.

CEHv7 Module 09: Social Engineering CEHv8 Module 09: Social Engineering

What Is Social Engineering? What Is Social Engineering?

Factors that Make Companies Vulnerable to Attacks

Factors that Make Companies Vulnerable to Attacks

Warning Signs of an Attack Warning Signs of an Attack

Phases in a Social Engineering Attack Phases in a Social Engineering Attack

Common Targets of Social Engineering Common Targets of Social Engineering

Human-based Social Engineering Human-based Social Engineering

Computer-based Social Engineering Computer-based Social Engineering

Social Engineering Through Impersonation on Social Networking Sites

Mobile-based Social Engineering

Identify Theft Mobile-based Social Engineering Using SMS

Social Engineering Countermeasures Social Engineering Through Impersonation on Social Networking Sites

How to Detect Phishing Emails Identify Theft

Identity Theft Countermeasures Social Engineering Countermeasures

Social Engineering Pen Testing How to Detect Phishing Emails

Identity Theft Countermeasures

Social Engineering Pen Testing

Social Engineering Toolkit



Denial of Service

Denial of Service (DoS) is an attack on a computer or network that prevents legitimate use of its

resources. The topics highlighted in red under CEHv8 Module 10: Denial-of-Service are the new

additions.

CEHv7 Module 10: Denial of Service CEHv8 Module 10: Denial-of-Service

What Is a Denial of Service Attack? What Is a Denial of Service Attack?

What Are Distributed Denial of Service Attacks?

What Are Distributed Denial of Service Attacks?

Symptoms of a DoS Attack Symptoms of a DoS Attack

DoS Attack Techniques DoS Attack Techniques

Botnet Botnet

Botnet Ecosystem Botnet Ecosystem

DDoS Attack Tools Botnet Trojans

DoS Attack Tools DDoS Attack Tools

Detection Techniques DoS Attack Tools

DoS/DDoS Countermeasure Detection Techniques

Techniques to Defend against Botnets DoS/DDoS Countermeasure

Advanced DDoS Protection Appliances Techniques to Defend against Botnets

Denial of Service (DoS) Attack Penetration Testing

Advanced DDoS Protection Appliances

Denial of Service (DoS) Attack Penetration Testing

Latest DDoS and DoS attack tools added

Latest DoS/DDoS Protection Tools added



Session Hijacking

Session Hijacking refers to the exploitation of a valid computer session where an attacker takes

over a session between two computers. The topics highlighted in red under CEHv8 Module 11:

Session Hijacking are the new additions.

CEHv7 Module 11: Session Hijacking CEHv8 Module 11: Session Hijacking

What Is Session Hijacking? What Is Session Hijacking?

Why Session Hijacking Is Successful? Why Session Hijacking Is Successful?

Key Session Hijacking Techniques Key Session Hijacking Techniques

Brute Forcing Attack Brute Forcing Attack

Session Hijacking Process Session Hijacking Process

Types of Session Hijacking Types of Session Hijacking

Application Level Session Hijacking Application Level Session Hijacking

Session Sniffing Session Sniffing

Man-in-the-Middle Attack Man-in-the-Middle Attack

Network Level Session Hijacking Network Level Session Hijacking

TCP/IP Hijacking TCP/IP Hijacking

Session Hijacking Tools Session Hijacking Tools

Protecting against Session Hijacking Protecting against Session Hijacking

IPsec Architecture IPsec Architecture

Session Hijacking Pen Testing Session Hijacking Pen Testing

Latest Session Hijacking Tools Added



Hacking Webservers

Web server pen testing is used to identify, analyze, and report vulnerabilities such as

authentication weaknesses, configuration errors, protocol related vulnerabilities, etc. in a web

server. The topics highlighted in red under CEHv8 Module 12: Hacking Webservers are the new

additions.

CEHv7 Module 11: Session Hijacking CEHv8 Module 11: Session Hijacking

IIS Webserver Architecture IIS Webserver Architecture

Why Web Servers are Compromised? Why Web Servers are Compromised?

Impact of Webserver Attacks Impact of Webserver Attacks

Webserver Attacks Webserver Attacks

Webserver Attack Methodology Webserver Attack Methodology

Webserver Attack Tools Webserver Attack Tools

Metasploit Architecture Metasploit Architecture

Web Password Cracking Tool Web Password Cracking Tool

Countermeasures Countermeasures

How to Defend Against Web Server Attacks How to Defend Against Web Server Attacks

Patch Management How to Defend against HTTP Response Splitting and Web Cache Poisoning

Patch Management Tools Patch Management

Webserver Pen Testing Patch Management Tools

Latest Webserver Security Tools Added

Latest Webserver Pen Testing Tools Added

Webserver Pen Testing



Hacking Web Applications

Web applications provide an interface between end users and web servers through a set of web

pages that are generated at the server end or contain script code to be executed dynamically

within the client web browser. The topics highlighted in red under CEHv8 Module 13: Hacking

Web Applications are the new additions.

CEHv7 Module 13: Hacking Web Applications

CEHv8 Module 13: Hacking Web Applications

How Web Applications Work How Web Applications Work

Web Attack Vectors Web Attack Vectors

Web Application Threats Web Application Threats

Web App Hacking Methodology Web App Hacking Methodology

Footprint Web Infrastructure Footprint Web Infrastructure

Hacking Web Servers Hacking Web Servers

Analyze Web Applications Analyze Web Applications

Attack Authentication Mechanism Attack Authentication Mechanism

Attack Authorization Schemes Attack Authorization Schemes

Session Management Attack Session Management Attack

Attack Data Connectivity Attack Data Connectivity

Attack Web App Client Attack Web App Client

Attack Web Services Attack Web Services

Web Application Hacking Tools Latest Web Application Hacking Tools


Web Application Security Tools Latest Web Application Security Tools Added

Web Application Firewall Web Application Firewall

Web Application Pen Testing Web Application Pen Testing



SQL Injection

SQL Injection is the most common website vulnerability on the Internet. It is a flaw in Web

Applications and not a database or web server issue. The topics highlighted in red under CEHv8

Module 14: SQL Injection are the new additions.

CEHv7 Module 14: SQL Injection CEHv8 Module 14: SQL Injection

SQL Injection SQL Injection

SQL Injection Attacks SQL Injection Attacks

SQL Injection Detection SQL Injection Detection

SQL Injection Attack Characters SQL Injection Attack Characters

Testing for SQL Injection Testing for SQL Injection

Types of SQL Injection Types of SQL Injection

Blind SQL Injection Blind SQL Injection

SQL Injection Methodology SQL Injection Methodology

Advanced SQL Injection Advanced SQL Injection

Password Grabbing Bypass Website Logins Using SQL Injection

Network Reconnaissance Using SQL Injection Password Grabbing

SQL Injection Tools Network Reconnaissance Using SQL Injection

Evasion Technique Latest SQL Injection Tools Added

How to Defend Against SQL Injection Attacks Evasion Technique

SQL Injection Detection Tools How to Defend Against SQL Injection Attacks

Latest SQL Injection Detection Tools Added

2 more Labs Added



Hacking Wireless Networks

Wi-Fi is developed on IEEE 802.11 standards, and it is widely used in wireless communication. It

provides wireless access to applications and data across a radio network. The topics highlighted

in red under CEHv8 Module 15: Hacking Wireless Networks are the new additions.

CEHv7 Module 15: Hacking Wireless Networks

CEHv8 Module 15: Hacking Wireless Networks

Types of Wireless Networks Types of Wireless Networks

Wireless Terminologies Wireless Terminologies

Types of Wireless Encryption Types of Wireless Encryption

How to Break WEP Encryption How to Break WEP Encryption

Wireless Threats Wireless Threats

Footprint the Wireless Network Footprint the Wireless Network

GPS Mapping Mobile-based Wi-Fi Discovery Tools

Wireless Traffic Analysis GPS Mapping

What Is Spectrum Analysis? Wireless Traffic Analysis

How to Reveal Hidden SSIDs What Is Spectrum Analysis?

Crack Wi-Fi Encryption How to Reveal Hidden SSIDs

Wireless Hacking Tools Crack Wi-Fi Encryption

Bluetooth Hacking Latest Wireless Hacking Tools Added

How to BlueJack a Victim Bluetooth Hacking

How to Defend Against Wireless Attacks How to BlueJack a Victim

Wireless Security Tools How to Defend Against Wireless Attacks

Wireless Penetration Testing Latest Wireless Security Tools Added

Wireless Penetration Testing

1 more Lab Added



Hacking Mobile Platforms

CEHv8 Module 16 Hacking Mobile Platforms is a new module which covers the following topics:

CEHv8 Module 16 Hacking Mobile Platforms

Mobile Attack Vectors Guidelines for Securing Windows OS

Devices

Mobile Platform Vulnerabilities and

Risks Blackberry Attack Vectors

Android OS Architecture Guidelines for Securing BlackBerry

Devices

Android Vulnerabilities Mobile Device Management (MDM)

Android Trojans General Guidelines for Mobile

Platform Security

Securing Android Devices Mobile Protection Tools

Jailbreaking iOS Mobile Pen Testing

Guidelines for Securing iOS Devices

Windows Phone 8 Architecture

Evading IDS, Firewalls, and Honeypots

An intrusion detection system (IDS) gathers and analyzes information from within a computer

or a network, to identify the possible violations of security policy, including unauthorized

access, as well as misuse. The topics highlighted in red under CEHv8 Module 17: Evading IDS,

Firewalls, and Honeypots are the new additions.

CEHv7 Module 16: Evading IDS, Firewalls, and Honeypots

CEHv8 Module 17: Evading IDS, Firewalls, and Honeypots

Ways to Detect an Intrusion Ways to Detect an Intrusion

Types of Intrusion Detection Systems Types of Intrusion Detection Systems

General Indications of Intrusions General Indications of Intrusions

Firewall Architecture Firewall Architecture

Types of Firewall Types of Firewall

Firewall Identification Firewall Identification



How to Set Up a Honeypot How to Set Up a Honeypot

Intrusion Detection Tools Latest Intrusion Detection Tools Added

How Snort Works How Snort Works

Firewalls Firewalls

Honeypot Tools Latest Honeypot Tools Added

Evading IDS Evading IDS

Evading Firewalls Evading Firewalls

Detecting Honeypots Detecting Honeypots

Firewall Evasion Tools Latest Firewall Evasion Tools Added

Packet Fragment Generators Packet Fragment Generators


Firewall/IDS Penetration Testing Firewall/IDS Penetration Testing

1 more Lab Added



Buffer Overflow

A generic buffer overflow occurs when a program tries to store more data in a buffer than it

was intended to hold. The topics highlighted in red under CEHv8 Module 18: Buffer Overflow

are the new additions.

CEHv7 Module 17: Buffer Overflow CEHv8 Module 18: Buffer Overflow

Heap-Based Buffer Overflow Heap-Based Buffer Overflow

Knowledge Required to Program Buffer Overflow Exploits

Why Are Programs and Applications Vulnerable to Buffer Overflows?

Buffer Overflow Steps Knowledge Required to Program Buffer Overflow Exploits

Overflow Using Format String Buffer Overflow Steps

Buffer Overflow Examples Overflow Using Format String

How to Mutate a Buffer Overflow Exploit Buffer Overflow Examples

Identifying Buffer Overflows How to Mutate a Buffer Overflow Exploit

How to Detect Buffer Overflows in a Program

Identifying Buffer Overflows

BoF Detection Tools How to Detect Buffer Overflows in a Program

Defense Against Buffer Overflows Latest BoF Detection Tools Added

Buffer Overflow Security Tools Defense Against Buffer Overflows

Buffer Overflow Penetration Testing Programming Countermeasures

Latest Buffer Overflow Security Tools Added

Buffer Overflow Penetration Testing



Cryptography

Cryptography is the conversion of data into a scrambled code that is decrypted and sent across

a private or public network. The topics highlighted in red under CEHv8 Module 19:

Cryptography are the new additions.

CEHv7 Module 18: Cryptography CEHv8 Module 19: Cryptography

Cryptography Cryptography

Encryption Algorithms Encryption Algorithms

Ciphers Ciphers

What Is SSH (Secure Shell)? What Is SSH (Secure Shell)?

Cryptography Tools Latest Cryptography Tools Added

Public Key Infrastructure (PKI) Public Key Infrastructure (PKI)

Certification Authorities Certification Authorities

Digital Signature Digital Signature

Disk Encryption Disk Encryption

Disk Encryption Tool Disk Encryption Tool

Cryptography Attacks Cryptography Attacks

Code Breaking Methodologies Code Breaking Methodologies

Cryptanalysis Tools Latest Cryptanalysis Tools Added

Online MD5 Decryption Tools Online MD5 Decryption Tools

2 more Labs Added



Penetration Testing

Penetration testing assesses the security model of the organization as a whole. It reveals

potential consequences of a real attacker breaking into the network. The topics highlighted in

red under CEHv8 Module 20: Penetration Testing are the new additions.

CEHv7 Module 19: Penetration Testing CEHv8 Module 20: Penetration Testing

Security Assessments Security Assessments

Vulnerability Assessment Vulnerability Assessment

What Should be Tested? Introduction to Penetration Testing

ROI on Penetration Testing Comparing Security Audit, Vulnerability Assessment, and Penetration Testing

Types of Penetration Testing What Should be Tested?

Common Penetration Testing Techniques ROI on Penetration Testing

Pre-Attack Phase Types of Penetration Testing

Attack Phase Common Penetration Testing Techniques

Post-Attack Phase Pre-Attack Phase

Penetration Testing Deliverable Templates Attack Phase

Pen Testing Roadmap Post-Attack Phase

Web Application Testing Penetration Testing Deliverable Templates

Outsourcing Penetration Testing Services Pen Testing Roadmap

Web Application Testing

Outsourcing Penetration Testing Services

Documents

Ceh v7 and v8 Comparison