Certified Ethical Hacker Exam Version Comparison. Version Comparison

Version Comparison

CEHv8 vs CEHv7

CEHv7 CEHv8

Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation of concepts and attacks Exclusive section for best practices to follow to protect information systems against various attacks

New and rich presentation style with eye catching graphics

Latest OS covered and a patched testing environment

Well tested, result oriented, descriptive and analytical lab manual to evaluate the presented concepts

19 Modules 20 Modules

90 Labs 110 Labs

1700 Slides 1770 Slides

Module Comparison of CEHv8 with CEHv7 Introduction to Ethical Hacking

Hacking refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to the system resources. The topics highlighted in red under CEHv8 Module 01: Introduction to Ethical Hacking are the new additions.

CEHv7 Module 01: Introduction to Ethical Hacking

CEHv8 Module 01: Introduction to Ethical Hacking

Data Breach Investigations Report Data Breach Investigations Report Essential Terminologies Essential Terminologies

Elements of Information Security Elements of Information Security

Effects of Hacking on Business Top Information Security Attack Vectors Who Is a Hacker? Motives, Goals, and Objectives of

Information Security Attacks

Hacking Phases Information Security Threats

Types of Attacks on a System Information Warfare Why Ethical Hacking is Necessary IPv6 Security Threats Skills of an Ethical Hacker Hacking vs. Ethical Hacking Vulnerability Research Effects of Hacking on Business What Is Penetration Testing? Who Is a Hacker?

Hacking Phases

Types of Attacks on a System Why Ethical Hacking is Necessary Skills of an Ethical Hacker

Incident Management Process

Types of Security Policies

Vulnerability Research What Is Penetration Testing?

Footprinting and Reconnaissance

Footprinting refers to uncovering and collecting as much information as possible about a target network, for identifying various ways to intrude into an organization’s network system. The topics highlighted in red under CEHv8 Module 02: Footprinting and Reconnaissance are the new additions.

CEHv7 Module 02: Footprinting and Reconnaissance

CEHv8 Module 02: Footprinting and Reconnaissance

Footprinting Terminologies Footprinting Terminologies What Is Footprinting? What Is Footprinting?

Objectives of Footprinting Objectives of Footprinting Footprinting Threats Footprinting Threats

Footprinting through Search Engines Footprinting through Search Engines Website Footprinting Website Footprinting

Email Footprinting Email Footprinting

Competitive Intelligence Competitive Intelligence Footprinting Using Google Footprinting Using Google

WHOIS Footprinting WHOIS Footprinting

DNS Footprinting DNS Footprinting

Network Footprinting Network Footprinting

Footprinting Tools Footprinting through Social Engineering

Footprinting Pen Testing Footprinting Tools

Footprinting Countermeasures Footprinting Pen Testing Footprinting Terminologies What Is Footprinting?

Scanning Networks

Network scanning refers to a set of procedures for identifying hosts, ports, and services in a network. The topics highlighted in red under CEHv8 Module 03: Scanning Networks are the new additions

CEHv7 Module 03: Scanning Networks CEHv8 Module 03: Scanning Networks Overview of Network Scanning Overview of Network Scanning

CEH Scanning Methodology CEH Scanning Methodology Checking for Live Systems Checking for Live Systems

Scanning Techniques Scanning IPv6 Network

IDS Evasion Techniques Scanning Techniques

Banner Grabbing IDS Evasion Techniques

Vulnerability Scanning Banner Grabbing

Drawing Network Diagrams Vulnerability Scanning

Proxy Chaining Drawing Network Diagrams

HTTP Tunneling Techniques Proxy Chaining

SSH Tunneling HTTP Tunneling Techniques

Anonymizers SSH Tunneling

IP Spoofing Detection Techniques Anonymizers

Scanning Countermeasures IP Spoofing Detection Techniques Scanning Pen Testing Scanning Countermeasures

Scanning Pen Testing

Latest Network Scanning Tools Added

6 more Labs Added

Enumeration

In the enumeration phase, attacker creates active connections to system and performs directed queries to gain more information about the target. The topics highlighted in red under CEHv8 Module 04: Enumeration are the new additions.

CEHv7 Module 04: Enumeration CEHv8 Module 04: Enumeration

What Is Enumeration? What Is Enumeration?

Techniques for Enumeration Techniques for Enumeration NetBIOS Enumeration Services and Ports to Enumerate Enumerate Systems Using Default Passwords NetBIOS Enumeration

SNMP Enumeration Enumerate Systems Using Default

Passwords

UNIX/Linux Enumeration SNMP Enumeration

LDAP Enumeration Working of SNMP

NTP Enumeration UNIX/Linux Enumeration

SMTP Enumeration LDAP Enumeration

DNS Enumeration NTP Enumeration

Enumeration Countermeasures SMTP Enumeration Enumeration Pen Testing DNS Enumeration

Enumeration Countermeasures Enumeration Pen Testing

Latest Enumeration Tools Added

1 more Lab Added

System Hacking

Password cracking techniques are used to recover passwords from computer systems. The topics highlighted in red under CEHv8 Module 05 System Hacking are the new additions.

CEHv7 Module 05 System Hacking CEHv8 Module 05 System Hacking System Hacking: Goals System Hacking: Goals

CEH Hacking Methodology (CHM) CEH Hacking Methodology (CHM)

Password Cracking Password Cracking

Microsoft Authentication Stealing Passwords Using Keyloggers How to Defend against Password Cracking Microsoft Authentication

Privilege Escalation How to Defend against Password Cracking Types of Privilege Escalation Privilege Escalation

Executing Applications Types of Privilege Escalation Types of Keystroke Loggers and Spywares Executing Applications

Anti-Keylogger and Anti-Spywares Methodology of Attacker in using Remote Keylogger

Detecting Rootkits Types of Keystroke Loggers and Spywares NTFS Stream Manipulation Anti-Keylogger and Anti-Spywares

Classification of Steganography Various methods to place a rootkit Steganalysis Methods/Attacks on

Steganography

Detecting Rootkits

Covering Tracks NTFS Stream Manipulation

Penetration Testing Application of steganography Classification of Steganography Audio Steganography Methods Issues in Information hiding Steganalysis Methods/Attacks on Steganography

Detecting Text, Image, Audio, and Video Steganography

Covering Tracks

Penetration Testing

Trojans and Backdoors

It is a program in which the malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and cause damage, such as ruining the file allocation table on your hard disk. The topics highlighted in red under CEHv8 Module 06: Trojans and Backdoors are the new additions.

CEHv7 Module 06: Trojans and Backdoors CEHv8 Module 06: Trojans and Backdoors

What Is a Trojan? What Is a Trojan?

What Do Trojan Creators Look For What Do Trojan Creators Look For Indications of a Trojan Attack Indications of a Trojan Attack Common Ports used by Trojans Common Ports used by Trojans How to Infect Systems Using a Trojan How to Infect Systems Using a Trojan Different Ways a Trojan can Get into a

System

Different Ways a Trojan can Get into a System

How to Deploy a Trojan How to Deploy a Trojan

Types of Trojans Types of Trojans

How to Detect Trojans Trojan Analysis

Trojan Countermeasures How to Detect Trojans Trojan Horse Construction Kit Trojan Countermeasures Anti-Trojan Software Trojan Horse Construction Kit Pen Testing for Trojans and Backdoors Anti-Trojan Software

Pen Testing for Trojans and Backdoors

Latest Trojan Detection Tools Added

2 more Labs Added

Viruses and Worms

A virus is a self-replicating program that produces its own code by attaching copies of itself into other executable codes. The topics highlighted in red under CEHv8 Module 07: Viruses and Worms are the new additions.

CEHv7 Module 07: Viruses and Worms CEHv8 Module 07: Viruses and Worms Introduction to Viruses Introduction to Viruses

Stages of Virus Life Stages of Virus Life

Working of Viruses Working of Viruses

Indications of Virus Attack Common Techniques Used to Distribute Malware on the Web

How does a Computer Get Infected by Viruses

Indications of Virus Attack

Types of Viruses How does a Computer Get Infected by Viruses

Virus Maker Virus Analysis

Computer Worms Types of Viruses

Worm Analysis Virus Maker

Worm Maker Computer Worms

Malware Analysis Procedure Worm Analysis Online Malware Analysis Services Worm Maker

Virus and Worms Countermeasures Malware Analysis Procedure

Antivirus Tools Online Malware Analysis Services

Penetration Testing for Virus Virus Detection Methods

Virus and Worms Countermeasures Antivirus Tools

Penetration Testing for Virus

Sniffers

Packet sniffing is a process of monitoring and capturing all data packets passing through a given network using software (application) or hardware device. The topics highlighted in red under CEHv8 Module 08: Sniffing are the new additions.

CEHv7 Module 08: Sniffers CEHv8 Module 08: Sniffing

Packet Sniffing Packet Sniffing

Sniffing Threats Sniffing Threats

Types of Sniffing Attacks Types of Sniffing Attacks Hardware Protocol Analyzers Hardware Protocol Analyzers

MAC Flooding IPv6 Addresses

How DHCP Works MAC Flooding

Rogue DHCP Server Attack How DHCP Works

ARP Spoofing Techniques Rogue DHCP Server Attack

ARP Poisoning Tools ARP Spoofing Techniques

How to Defend Against ARP Poisoning ARP Poisoning Tools

Spoofing Attack Threats How to Defend Against ARP Poisoning How to Defend Against MAC Spoofing Spoofing Attack Threats

DNS Poisoning Techniques MAC Spoofing Technique How to Defend Against DNS Spoofing IRDP Spoofing

Sniffing Tools How to Defend Against MAC Spoofing

Sniffing Pen Testing DNS Poisoning Techniques

How to Defend Against DNS Spoofing Sniffing Tools

Sniffer Detection Technique

Sniffing Pen Testing

Social Engineering

Social engineering is the art of convincing people to reveal confidential information. Social engineers depend on the fact that people are unaware of their valuable information and are careless about protecting it. The topics highlighted in red under CEHv8 Module 09: Social Engineering are the new additions.

CEHv7 Module 09: Social Engineering CEHv8 Module 09: Social Engineering What Is Social Engineering? What Is Social Engineering?

Factors that Make Companies Vulnerable to Attacks

Factors that Make Companies Vulnerable to Attacks

Warning Signs of an Attack Warning Signs of an Attack

Phases in a Social Engineering Attack Phases in a Social Engineering Attack Common Targets of Social Engineering Common Targets of Social Engineering Human-based Social Engineering Human-based Social Engineering Computer-based Social Engineering Computer-based Social Engineering Social Engineering Through Impersonation

on Social Networking Sites

Mobile-based Social Engineering Identify Theft Mobile-based Social Engineering Using

SMS

Social Engineering Countermeasures Social Engineering Through

Impersonation on Social Networking Sites How to Detect Phishing Emails Identify Theft

Identity Theft Countermeasures Social Engineering Countermeasures Social Engineering Pen Testing How to Detect Phishing Emails

Identity Theft Countermeasures

Social Engineering Pen Testing

Social Engineering Toolkit

Denial of Service

Denial of Service (DoS) is an attack on a computer or network that prevents legitimate use of its resources. The topics highlighted in red under CEHv8 Module 10: Denial-of-Service are the new additions.

CEHv7 Module 10: Denial of Service CEHv8 Module 10: Denial-of-Service What Is a Denial of Service Attack? What Is a Denial of Service Attack?

What Are Distributed Denial of Service Attacks?

What Are Distributed Denial of Service Attacks?

Symptoms of a DoS Attack Symptoms of a DoS Attack DoS Attack Techniques DoS Attack Techniques

Botnet Botnet

Botnet Ecosystem Botnet Ecosystem

DDoS Attack Tools Botnet Trojans

DoS Attack Tools DDoS Attack Tools

Detection Techniques DoS Attack Tools

DoS/DDoS Countermeasure Detection Techniques Techniques to Defend against Botnets DoS/DDoS Countermeasure

Advanced DDoS Protection Appliances Techniques to Defend against Botnets Denial of Service (DoS) Attack Penetration

Testing

Advanced DDoS Protection Appliances Denial of Service (DoS) Attack Penetration Testing

Latest DDoS and DoS attack tools added

Latest DoS/DDoS Protection Tools added

Session Hijacking

Session Hijacking refers to the exploitation of a valid computer session where an attacker takes over a session between two computers. The topics highlighted in red under CEHv8 Module 11:

Session Hijacking are the new additions.

CEHv7 Module 11: Session Hijacking CEHv8 Module 11: Session Hijacking What Is Session Hijacking?

Why Session Hijacking Is Successful?

Key Session Hijacking Techniques

Brute Forcing Attack

Session Hijacking Process

Types of Session Hijacking

Application Level Session Hijacking

Session Sniffing

Man-in-the-Middle Attack

Network Level Session Hijacking

TCP/IP Hijacking

Session Hijacking Tools

Protecting against Session Hijacking

IPsec Architecture

Session Hijacking Pen Testing

Latest Session Hijacking Tools Added

Hacking Webservers

Web server pen testing is used to identify, analyze, and report vulnerabilities such as

authentication weaknesses, configuration errors, protocol related vulnerabilities, etc. in a web server. The topics highlighted in red under CEHv8 Module 12: Hacking Webservers are the new additions.

CEHv7 Module 11: Session Hijacking CEHv8 Module 11: Session Hijacking IIS Webserver Architecture IIS Webserver Architecture

Why Web Servers are Compromised? Why Web Servers are Compromised?

Impact of Webserver Attacks Impact of Webserver Attacks

Webserver Attacks Webserver Attacks

Webserver Attack Methodology Webserver Attack Methodology Webserver Attack Tools Webserver Attack Tools

Metasploit Architecture Metasploit Architecture Web Password Cracking Tool Web Password Cracking Tool

Countermeasures Countermeasures

How to Defend Against Web Server Attacks How to Defend Against Web Server Attacks

Patch Management How to Defend against HTTP Response Splitting and Web Cache Poisoning

Patch Management Tools Patch Management

Webserver Pen Testing Patch Management Tools

Latest Webserver Security Tools Added

Latest Webserver Pen Testing Tools Added

Webserver Pen Testing

Hacking Web Applications

Web applications provide an interface between end users and web servers through a set of web pages that are generated at the server end or contain script code to be executed dynamically within the client web browser. The topics highlighted in red under CEHv8 Module 13: Hacking Web Applications are the new additions.

CEHv7 Module 13: Hacking Web Applications

CEHv8 Module 13: Hacking Web Applications

How Web Applications Work How Web Applications Work

Web Attack Vectors Web Attack Vectors

Web Application Threats Web Application Threats Web App Hacking Methodology Web App Hacking Methodology Footprint Web Infrastructure Footprint Web Infrastructure

Hacking Web Servers Hacking Web Servers

Analyze Web Applications Analyze Web Applications

Attack Authentication Mechanism Attack Authentication Mechanism Attack Authorization Schemes Attack Authorization Schemes Session Management Attack Session Management Attack Attack Data Connectivity Attack Data Connectivity

Attack Web App Client Attack Web App Client

Attack Web Services Attack Web Services

Web Application Hacking Tools Latest Web Application Hacking Tools

Countermeasures Countermeasures

Web Application Security Tools Latest Web Application Security Tools Added Web Application Firewall Web Application Firewall

Web Application Pen Testing Web Application Pen Testing

SQL Injection

SQL Injection is the most common website vulnerability on the Internet. It is a flaw in Web Applications and not a database or web server issue. The topics highlighted in red under CEHv8 Module 14: SQL Injection are the new additions.

CEHv7 Module 14: SQL Injection CEHv8 Module 14: SQL Injection

SQL Injection SQL Injection

SQL Injection Attacks SQL Injection Attacks

SQL Injection Detection SQL Injection Detection

SQL Injection Attack Characters SQL Injection Attack Characters Testing for SQL Injection Testing for SQL Injection Types of SQL Injection Types of SQL Injection

Blind SQL Injection Blind SQL Injection

SQL Injection Methodology SQL Injection Methodology Advanced SQL Injection Advanced SQL Injection

Password Grabbing Bypass Website Logins Using SQL Injection Network Reconnaissance Using SQL Injection Password Grabbing

SQL Injection Tools Network Reconnaissance Using SQL Injection

Evasion Technique Latest SQL Injection Tools Added

How to Defend Against SQL Injection Attacks Evasion Technique

SQL Injection Detection Tools How to Defend Against SQL Injection Attacks Latest SQL Injection Detection Tools Added 2 more Labs Added

Hacking Wireless Networks

Wi-Fi is developed on IEEE 802.11 standards, and it is widely used in wireless communication. It provides wireless access to applications and data across a radio network. The topics highlighted in red under CEHv8 Module 15: Hacking Wireless Networks are the new additions.

CEHv7 Module 15: Hacking Wireless Networks

CEHv8 Module 15: Hacking Wireless Networks

Types of Wireless Networks Types of Wireless Networks Wireless Terminologies Wireless Terminologies Types of Wireless Encryption Types of Wireless Encryption How to Break WEP Encryption How to Break WEP Encryption

Wireless Threats Wireless Threats

Footprint the Wireless Network Footprint the Wireless Network

GPS Mapping Mobile-based Wi-Fi Discovery Tools

Wireless Traffic Analysis GPS Mapping

What Is Spectrum Analysis? Wireless Traffic Analysis How to Reveal Hidden SSIDs What Is Spectrum Analysis?

Crack Wi-Fi Encryption How to Reveal Hidden SSIDs Wireless Hacking Tools Crack Wi-Fi Encryption

Bluetooth Hacking Latest Wireless Hacking Tools Added How to BlueJack a Victim Bluetooth Hacking

How to Defend Against Wireless Attacks How to BlueJack a Victim

Wireless Security Tools How to Defend Against Wireless Attacks Wireless Penetration Testing Latest Wireless Security Tools Added

Wireless Penetration Testing

1 more Lab Added

Hacking Mobile Platforms

CEHv8 Module 16 Hacking Mobile Platforms is a new module which covers the following topics:

CEHv8 Module 16 Hacking Mobile Platforms

Mobile Attack Vectors Guidelines for Securing Windows OS Devices

Mobile Platform Vulnerabilities and Risks

Blackberry Attack Vectors

Android OS Architecture Guidelines for Securing BlackBerry Devices

Android Vulnerabilities Mobile Device Management (MDM)

Android Trojans General Guidelines for Mobile

Platform Security Securing Android Devices Mobile Protection Tools

Jailbreaking iOS Mobile Pen Testing

Guidelines for Securing iOS Devices Windows Phone 8 Architecture

Evading IDS, Firewalls, and Honeypots

An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network, to identify the possible violations of security policy, including unauthorized access, as well as misuse. The topics highlighted in red under CEHv8 Module 17: Evading IDS, Firewalls, and Honeypots are the new additions.

CEHv7 Module 16: Evading IDS, Firewalls, and Honeypots

CEHv8 Module 17: Evading IDS, Firewalls, and Honeypots

Ways to Detect an Intrusion Ways to Detect an Intrusion

Types of Intrusion Detection Systems Types of Intrusion Detection Systems

General Indications of Intrusions General Indications of Intrusions

Firewall Architecture Firewall Architecture

How to Set Up a Honeypot How to Set Up a Honeypot

Intrusion Detection Tools Latest Intrusion Detection Tools Added

How Snort Works How Snort Works

Firewalls Firewalls

Honeypot Tools Latest Honeypot Tools Added

Evading IDS Evading IDS

Evading Firewalls Evading Firewalls

Detecting Honeypots Detecting Honeypots

Firewall Evasion Tools Latest Firewall Evasion Tools Added Packet Fragment Generators Packet Fragment Generators

Countermeasures Countermeasures

Firewall/IDS Penetration Testing Firewall/IDS Penetration Testing

1 more Lab Added

Buffer Overflow

A generic buffer overflow occurs when a program tries to store more data in a buffer than it was intended to hold. The topics highlighted in red under CEHv8 Module 18: Buffer Overflow are the new additions.

CEHv7 Module 17: Buffer Overflow CEHv8 Module 18: Buffer Overflow Heap-Based Buffer Overflow Heap-Based Buffer Overflow

Knowledge Required to Program Buffer Overflow Exploits

Why Are Programs and Applications Vulnerable to Buffer Overflows?

Buffer Overflow Steps Knowledge Required to Program Buffer Overflow Exploits

Overflow Using Format String Buffer Overflow Steps

Buffer Overflow Examples Overflow Using Format String How to Mutate a Buffer Overflow Exploit Buffer Overflow Examples

Identifying Buffer Overflows How to Mutate a Buffer Overflow Exploit How to Detect Buffer Overflows in a

Program

Identifying Buffer Overflows

BoF Detection Tools How to Detect Buffer Overflows in a Program

Defense Against Buffer Overflows Latest BoF Detection Tools Added Buffer Overflow Security Tools Defense Against Buffer Overflows Buffer Overflow Penetration Testing Programming Countermeasures

Latest Buffer Overflow Security Tools Added

Buffer Overflow Penetration Testing

Cryptography

Cryptography is the conversion of data into a scrambled code that is decrypted and sent across a private or public network. The topics highlighted in red under CEHv8 Module 19:

Cryptography are the new additions.

CEHv7 Module 18: Cryptography CEHv8 Module 19: Cryptography

Cryptography Cryptography

Encryption Algorithms Encryption Algorithms

Ciphers Ciphers

What Is SSH (Secure Shell)? What Is SSH (Secure Shell)?

Cryptography Tools Latest Cryptography Tools Added Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) Certification Authorities Certification Authorities

Digital Signature Digital Signature

Disk Encryption Disk Encryption

Disk Encryption Tool Disk Encryption Tool Cryptography Attacks Cryptography Attacks

Code Breaking Methodologies Code Breaking Methodologies Cryptanalysis Tools Latest Cryptanalysis Tools Added Online MD5 Decryption Tools Online MD5 Decryption Tools

2 more Labs Added

Penetration Testing

Penetration testing assesses the security model of the organization as a whole. It reveals potential consequences of a real attacker breaking into the network. The topics highlighted in red under CEHv8 Module 20: Penetration Testing are the new additions.

CEHv7 Module 19: Penetration Testing CEHv8 Module 20: Penetration Testing Security Assessments Security Assessments

Vulnerability Assessment Vulnerability Assessment

What Should be Tested? Introduction to Penetration Testing ROI on Penetration Testing Comparing Security Audit, Vulnerability

Assessment, and Penetration Testing Types of Penetration Testing What Should be Tested?

Common Penetration Testing Techniques ROI on Penetration Testing

Pre-Attack Phase Types of Penetration Testing

Attack Phase Common Penetration Testing Techniques

Post-Attack Phase Pre-Attack Phase

Penetration Testing Deliverable Templates Attack Phase

Pen Testing Roadmap Post-Attack Phase

Web Application Testing Penetration Testing Deliverable Templates Outsourcing Penetration Testing Services Pen Testing Roadmap

Web Application Testing

Outsourcing Penetration Testing Services