Embed Size (px)
Citation preview
ETHICAL HACKING PRACTITIONER (S-EHP) VERSION 2017
Exam Preparation Guide Ethical Hacking Practitioner
SECO-Institute provides the official Cyber Security & Governance courseware to accredited training
centres where students are trained by accredited instructors. Students can take their exams at an
accredited exam centre or directly at the SECO-Institute. Attending an official certification course is
not a prerequisite for taking an exam. Upon successful completion of a certification exam (with a
passing score of 60%), students can claim their certification title at the SECO-Institute, whereupon
they will receive a title and a digital badge.
The Ethical Hacking Practitioner certificate demonstrates that candidates have acquired a comprehensive
overview of all the aspects of Ethical Hacking. The S-EHP (Ethical Hacking Practitioner) certificate is part of
the SECO-Institute’s Ethical Hacking track. The practitioner level is followed by the S-EHE (Ethical Hacking
Expert) and the S-CEHL (Certified Ethical Hacking Leader) certification courses.
Target audience(s):
- Ethical Hacker
Examination type
Computer-based
- 10 Multiple choice: 3 points per question - 5 Open questions: 8 points per question - 1 Case study: 30 points per case
Time allotted for examination
120 minutes
Examination details
- Pass mark: 60% (out of 100)
- Open book/notes: no
- Electronic equipment permitted: no
- The Rules and Regulations for SECO-Institute examinations apply to this exam.
Exam requirements
The following table lists the topics of the course by module (exam requirements).
Ethical Hacking Practitioner
Learning
objective(s)
• Understand penetration tests; types, process and reporting • Know the basics of cyber law and hacking ethics • Learn reconnaissance skills and the use of port scanning and vulnerability
scanning for intelligence gathering • Learn about social engineering, phishing and reporting • Understand basic networking, including TCP/IP, DNS, DHCP, ARP and WiFI and
how these can be abused • Learn how scanning tools such as NMAP and Nessus work • Learn about firewalls and honeypots • Understand network security, including SSL and VPNs • Gain knowledge about encryption, Public Key Infrastructure, hashing and how to
crack and secure hashes • Learn about web applications and protocols • Understand different web application vulnerabilities based on OWASP • Use of MITM proxies such as Burp Suite and OWASP Zap • Learn about databases and how to attack them and using web shells • Use Metasploit to exploit vulnerabilities and perform actions on a compromised
system • Learn about client-side attacks such as file-type exploitation and drive-by
downloads • Know how to escalate privileges on a system and how to do move from system
to system • Understand how rootkits and buffer overflows work • Overview of countermeasures against buffer overflows (DEP, ASLR) and
Advanced buffer overflows (ROP) • Learn more about exploit payloads and how to build .exes
Course modules • Module 1: Introduction • Module 2: Reconnaissance • Module 3: Infrastructure • Module 4: Web Applications • Module 5: Systems and Applications • Module 6: Exploit Development
Required prior
knowledge
• S-EHF – Ethical Hacking Foundation
Bloom-levels x Know x Understand x Apply Analyse Create
Module 1: Introduction
Learning objective(s)
• Understand the processes involved in doing a penetration test • Discern the types of penetration test • Report on a penetration test • Know the basics of cyber law • Be able to discuss the ethics of hacking
Topics • Penetration Testing o Understanding the penetration testing process
▪ Scope, Boundaries, legal waiver o The different types of Penetration test
▪ -Blackbox, Graybox, Whitebox (code review) o Testing guidelines
▪ OWASP testing guide, NIST, SANS, NCSC, Digid o Reporting on a penetration test
▪ Classification of vulnerabilities using CVSS ▪ Logging findings, gathering evidence ▪ Clearly describing problems
• Law in Cyberspace o Basics of Cybercrime laws o What to do with data breaches
▪ Personally Identifiable Information • Hacking Ethics
o What does ethics concern? o What to do with your vulnerabilities
▪ Elements of disclosure ▪ -What is a good use? Selling, saving, reporting?
o Ethics and Cyber Warfare
Module 2: Reconnaissance
Learning objective(s)
• Gain knowledge about intelligence gathering o Gain knowledge about Open Source Intelligence (OSINT) o Gain knowledge about WHOIS and DNS enumeration
• Gain knowledge about Reconnaissance o Gain basic knowledge about port scanning o Gain basic knowledge about service identification and fingerprinting
Topics • Intelligence Gathering o OSINT
▪ Using search operators in Google and using the GHDB ▪ Using Shodan.io ▪ Using Social Media ▪ Using theHarvester
o WHOIS lookups ▪ What is WHOIS ▪ Use WHOIS online through a browser ▪ Use WHOIS in a terminal environment using ‘whois’ ▪ Using robtex.com in a combined research action
o DNS lookups and enumeration ▪ Use DNS lookup online through a browser on different websites
▪ Forward and Reverse DNS lookup using ‘dig’ ▪ Perform DNS enumeration using DNSenum.pl and fierce.pl
• Reconnaissance o Manual port scanning and automated port scanning (Nmap) o Reading and interpreting scan results o Port probing using netcat o Port probing encrypted services
Module 3: Infrastructure
Learning objective(s)
• Learn the basics of TCP/IP • Understand basic network protocols such as DNS, DHCP, ARP • Know the workings of WiFi and how it can be abused • Understand how scanning tools such as Nmap work
Topics • Internet protocol suite o Overview of the TCP/IP model o Introduction to the Internet Protocol
▪ IPv4 and IPv6 o Understanding TCP
▪ Three way handshake, TCP features (Reliable, ordered, error-checked), as a pipe
o Understanding UDP ▪ Connectionless, no guarantees, less latency
o Wireshark Exercise ▪ -Monitor your network interface and test some applications
o Find at least one application using TCP and one using UDP o Identify the three-way handshake
• Basic network protocols o Understanding how the Domain Name System works
▪ Authoritative name servers, caching, root servers ▪ DNS Spoofing / Cache poisoning attack ▪ A short introduction to DNSSEC
o Understanding DHCP (Dynamic Host Configuration Protocol) ▪ Purpose of DHCP, how the protocol works ▪ Attacks on DHCP: Rogue DHCP server, DHCP lease takeover,
Starvation o Understanding ARP (Address Resolution Protocol)
▪ ARP spoofing attack • WiFi
o Understanding wireless protocols ▪ -WEP / WPA
o How does an evil access point work o How to crack WPA
Module 4: Web applications
Learning objective(s)
• Basic understanding of HTTP methods such as GET, POST, etc. • Basic understanding of web application architecture: front-end, application,
database, server, etc. • OWASP • Exploring web application testing tools • Cross-Site Scripting • Authentication • Using MITM proxies such as Burp Suite and OWASP Zap • Databases (theoretical) • SQL Injection attacks • Web shells • Third party libraries / CMS
Topics • HTTP in general o Understanding HTTP methods such as GET, POST o Understanding HTTP Headers such as Host, User-Agent (request and
response headers), Cookies • Webapp Infrastructure
o Understanding the infrastructure of a web application • OWASP
o OWASP Testing Guide • Webapp testing Tools
o Exploring a web application. Locate applications, folders and files using a directory bruteforcer like ‘dirb’ or ‘dirbuster’, robots.txt, .htaccess
o Web application vulnerability testing (extended) ▪ Using Nikto as a lightweight scanner for web applications ▪ Using more automated tools such as ‘w3af’ or ‘vega’ to scan a
target, which creates a stepping stone to more specific scanners such as ‘wpscan’
• Cross-Site Scripting o Basic understanding of XSS attacks and Session Hijacking o Generate a proof-of-concept (PoC) XSS on a vulnerable web application o Browser Exploitation Framework (BeEF) o Use a more sophisticated attack from within BeEF to attack clients
• Authentication o Understanding different authentication methods such as http auth,
login Attacking several different authentication methods o Brute-force HTTP authentication o Brute-force HTML-based login forms o Use the previously generated XSS to steal a session cookie and perform
session hijacking forms, sessions, etc. • MITM Proxies
o Exploring Burp Suite o Using different functions within Burp to attack a web application o Exploring OWASP Zap o Using different functions within Zap to attack a web application
• Databases o A theoretical explanation about databases and how they are used
• SQL Injection attacks o Understanding SQLi attacks: how and why do they work? o Manually exploiting an SQLi vulnerability to gather credentials for a web
application
o Automating SQL Injection attacks o SQLmap o Taking SQLi further o Using SQLi to upload a web shell
• Web Shells o Exploring functions of a web shell
• Third party libraries / CMS o Understanding the risks of using external dependencies
Module 5: Systems and applications
Learning objective(s)
• Using Metasploit to exploit vulnerabilities and perform actions on a compromised system
• Client-side attacks such as file-type exploitation and drive-by downloads • Pivoting / Lateral Movement
Topics • Metasploit o Understanding, updating and starting Metasploit (and postgresql) o Auxiliary modules o Use auxiliary modules to gather information about target systems o Exploit modules o Exploit a vulnerable target that was found using an auxiliary module o Payload modules o Explore and try different payloads o Post-exploitation modules o Explore the functions of some post-exploitation modules or the ‘run’
command in Meterpreter • Client-side attacks
o Malicious file-type payloads o Create an evil .pdf or .xls file containing a payload
• Pivoting / Lateral movement o Understanding pivoting and lateral movement in general o Tunnel a session through a target to attack another machine
Module 6: Exploit development
Learning objective(s)
• Understand how Buffer Overflow exploits work • Finding a simple Buffer Overflow • Using Fuzzing • Creating an exploit from a Buffer Overflow • Overview of countermeasures (DEP, ASLR) and Advanced buffer overflows (ROP)
Topics • Buffer Overflow Exploits o Theoretical explanation of buffer overflow vulnerabilities
• Exploit Development o Using fuzzing techniques to crash an application and analyze this using a
debugger • Advanced buffer overflows
o Overview of different techniques such as DEP, ASLR, ROP, Egghunting • Payloads
o An extended look at different payloads within the Metasploit Framework or maybe pre-written shellcode from exploit-db
• Malicious executables
How to book your exam?
All our exams are delivered through an online examination system called ProcterU. To enrol for an exam,
go to: https://go.proctoru.com/
Make sure you are fully prepared. Use the ProctorU Preparation checklist to assess whether you are ready
to take the exam.
If you are a new user, select Test Taker. Select "SECO-Institute" as the institution and fill in all the
necessary information. See the instructions for more information. Once you have scheduled your exam,
you will be asked to pay the exam fee. If you have an exam voucher, please fill in the access code.
Our online examination system allows you to book your exam and take it at any place convenient to you.
Do you prefer your kitchen table, your home desk or your office? Would you rather take a test in the day
or at night? It is up to you!
System requirements
To ensure the quality and security of the examination, you will have to meet specific requirements
regarding your computer configuration, your exam environment and your behaviour during the exam.
Click here to see the requirements.
The exam will be taken with special proctor software. To enable webcam and audio recording during the
exam, you have to install software that monitors your activities.
Your exam will be recorded through your webcam and microphone. The recordings will be reviewed by
multiple proctors after you have completed the exam. The proctors will check if you comply with all the
requirements for the examination.
Results
If no non-conformities are detected by the proctors, you will receive the final result by email one month
after you complete the test. The email will also contain information on how to claim your certificate and
digital badge as well as how to use your title.
o Create an .exe file using a payload from the Metasploit Framework • Privilege escalation
o Explain privilege escalation o administrative access to the target that was exploited using the
techniques above
Certification Title
Upon successful completion of an exam, students can claim their S-EHP title at the SECO-Institute. Each
certification level requires a certain number of Continuing Professional Education (CPE) hours over an
annual and a three-year-period. This requirement must be met in order to retain a certification.
Practitioner certifications require a minimum of 20 CPE credits yearly (60 in the three-year certification
cycle).
Digital badges
SECO-Institute and digital badge provider Acclaim have partnered to
provide certification holders with a digital badge of their SECO-Institute
certification. Digital badges can be used in email signatures as well as on
personal websites, social media sites such as LinkedIn and Twitter, and
electronic copies of resumes. Digital badges help certification holders
convey employers, potential employers and interested parties the skills
they have acquired to earn and maintain a specialised certification.
Claim your title at: https://www.seco-institute.org/claim-your-title
