Muita gente fica se perguntando: O que mudou na CEH v7 ? Diminuiriam os tópicos, adicionaram mais conteúdo ? Consertaram o lance das ferramentas antigas ? Ou simplesmente re-lançaram a mesma coisa ?

Well, acabei encontrando um paper que faz um comparativo detalhado entre a CEH v7 e a V6, vamos vê-lo:

Comparison of CEHv7 and CEHv6.1 Exam Objectives

CEH v7 Exam Objectives CEH v6.1 Exam Objectives
Module 01: Introduction to Ethical Hacking Module 01: Introduction to Ethical Hacking
  • Understand the issues plaguing the information security world
§  Understand the issues plaguing the information security world
  • Gain knowledge on various hacking terminologies
§  Understand various hacking terminologies
  • Learn the basic elements of information security
§  Understand the basic elements of information security
  • Understand the security, functionality and ease of use triangle
§  Understand the security, functionality and ease of use triangle
  • Know the 5 stages of ethical hacking
§  List the 5 stages of ethical hacking
  • Understand the different types and implications of hacker attacks
§  Understand the different type of hacker attacks
  • Understand hactivism and understand the classification of hackers
§  Define hactivism and understand the classification of hackers
  • Understand who is an ethical hacker
§  Understand who is an ethical hacker
  • Gain  Information on how to become an ethical hacker
§  How do you become an ethical hacker
  • Learn the profile of a typical ethical hacker
§  List the profile of a typical ethical hacker
  • Understand scope and limitations of ethical hacking
§  Understand vulnerability research and list the various vulnerability research tools
  • Understand vulnerability research and list the various vulnerability research tools
§  Describe the ways to conduct ethical hacking
  • Learn the different ways an ethical hacker tests a target network
§  What are the different ways an ethical hacker tests a target network
  • Understand penetration testing and the various methodologies used
Module 02: Hacking Laws
The Hacking Laws module is removed from CEHv7 core modules and exam objectives §  Understand the U.S Federal Laws related to Cyber Crime
o   18 U.S.C. § 1029
o   18 U.S.C. § 1030
o   18 U.S.C. § 1362
o   18 U.S.C. § 1831
o   18 U.S.C. § 2318
o   18 U.S.C. § 2320
o   18 U.S.C. § 2510 et seq
o   18 U.S.C. § 2701 et seq
o   47 U.S.C. § 605
o   Understand the SPY ACT
o   Washington: RCW 9A.52.110
o   Florida: § 815.01 to 815.07
o   Indiana: IC 35-43
o   Federal Managers Financial Integrity Act of 1982
o   The Freedom of Information Act: 5 U.S.C. § 552
o   Federal Information Security Management Act (FISMA)
o   The Privacy Act Of 1974: 5 U.S.C. § 552a
o   USA Patriot Act of 2001
o   Government Paperwork Elimination Act (GPEA)
§  Understand the Cyber Crime Law in Mexico
o   Section 30-45-5 — Unauthorized computer use
§  Understand the Cyber Crime Laws in Brazil
o   Art. 313-A : Entry of false data into the information system
o   Art. 313-B : Unauthorized modification or alteration of the information system
§  Understand the Cyber Crime Law in Canada
o   Canadian Criminal Code Section 342.1
§  Understand the Cyber Crime Laws in the United Kingdom
o   Computer Misuse Act 1990
o   Police and Justice Act 2006
§  Understand the Cyber Crime Law in Europe
o   Section 1 – Substantive Criminal Law
§  Understand the Cyber Crime Law in Belgium
o   Computer Hacking Article 550(b)
§  Understand the Cyber Crime Law in Denmark
o   Penal Code Section 263
§  Understand the Cyber Crime Laws in France
o   Chapter III: Attacks On Systems For Automated Data Processing
§  Article 323-1
§  Article 323-2
§  Understand the Cyber Crime Laws in Germany
o   Penal Code Section 202a. Data Espionage
o   Penal Code Section 303a: Alteration of Data
§  Understand the Cyber Crime Law in Greece
o   Criminal Code Article 370C§2
§  Understand the Cyber Crime Law in Italy
o   Penal Code Article 615 ter: Unauthorized access into a computer or telecommunication systems
§  Understand the Cyber Crime Law in Italy
o   Criminal Code Article 138a
§  Understand the Cyber Crime Laws in Norway
o   Penal Code § 145
o   Penal Code §145b
o   Penal Code § 151 b
§  Understand the Cyber Crime Laws in Switzerland
o   Article 143b
o   Article 144b
§  Understand the Cyber Crime Law in Australia
o   The Cybercrime Act 2001
§  Understand the Cyber Crime Law in India
o   The Information Technology Act, 2000
§  Understand the Cyber Crime Law in Japan
o   Law No. 128 of 1999
§  Understand the Cyber Crime Law in Singapore
o   Chapter 50A: Computer misuse Act
§  Understand the Cyber Crime Laws in Korea
o   Chapter VI Stability of the Information and Communications Network: Article 48, Article 49
o   Chapter IX Penal Provisions: Article 61
§  Understand the Cyber Crime Law in Malaysia
o   Computer Crimes Act 1997
§  Understand the Cyber Crime Law in Hong Kong
§  Telecommunication Law
Module 02: Footprinting and Reconnaissance Module 03: Footprinting
  • Understand the term Footprinting
§  Define the term Footprinting
  • Learn the areas and information that hackers seek
§  Understand the areas and information that hackers seek
  • Gain knowledge on information gathering tools and methodology
§  Describe information gathering methodology
  • Understand the role of financial websites in footprinting
§  Understand passive information gathering
  • Understand competitive intelligence and its need
§  Understand competitive intelligence and its need
§  Understand DNS enumeration §  Role of financial websites in footprinting
  • Understand Whois
§  Role of job portals in footprinting
  • Learn different types of DNS records
§  Understand DNS enumeration
  • Understand how  traceroute is used in Footprinting
§  Understand Whois, ARIN lookup , Nslookup
  • Recognize the Role of search engines in footprinting
§  Identify different types of DNS records
  • Learn the website mirroring tools
§  Understand how  traceroute is used in Footprinting
  • Understand how e-mail tracking works
§  Role of search engines in footprinting
  • Understand Google hacking and its tools
§  Understand how e-mail tracking works
  • Learn the countermeasures to be taken in footprinting
§  Understand how web spiders work
  • Understand pen testing
§  List the steps to fake a website
Module 04: Google Hacking
The Google Hacking concepts are covered in Module 02: Footprinting and Reconnaissance of CEHv7 §  Understand the term Google Hacking
§  Understand the Google Hacking Database
§  How can hackers take advantage of the Google Hacking Database
§  Understand the basics of Google Hacking
§  Being anonymous using Cache
§  How can Google be used as a proxy server
§  Understand directory listings
§  Understand server versioning
§  Understand directory traversal
§  Understand incremental substitution
§  Understand the advanced Google operators
§  How to locate exploits and find targets
§  How to track down web servers, login portals and network hardware
§  Understand the various Google Hacking Tools
Module 03: Scanning Networks Module 05: Scanning
  • Understand the term port scanning, network scanning and vulnerability scanning
§  Define the term port scanning, network scanning and vulnerability scanning
  • Understand the objectives of scanning
§  Understand the objectives of scanning
  • Learn the CEH scanning methodology
§  Understand the CEH scanning methodology
  • Understand Ping Sweep techniques
§  Understand Ping Sweep techniques
  • Understand the Firewalk tool
§  Understand the Firewalk tool
  • Gain knowledge on Nmap command switches
§  Understand Nmap command switches
  • Understand the three way handshake
§  Understand the three way handshake
§  Understand the following Scans: 

SYN, Stealth, XMAS, NULL, IDLE, FIN, ICMP Echo, List, TCP Connect, Full Open, FTP Bounce, UDP, Reverse Ident, RPC, Window

§  Understand the following Scans: 

SYN, Stealth, XMAS, NULL, IDLE, FIN, ICMP Echo, List, TCP Connect, Full Open, FTP Bounce, UDP, Reverse Ident, RPC, Window

  • Learn TCP communication flag types
§  Understand FloppyScan
  • Gain knowledge on War dialing techniques
§  List TCP communication flag types
  • Understand banner grabbing using OS fingerprinting, Active Stack Fingerprinting, Passive Fingerprinting and other techniques and tools
§  Understand War dialing techniques
  • Learn vulnerability scanning using BidiBlah and other hacking tools
§  Understand banner grabbing using OS fingerprinting, Active Stack Fingerprinting, Passive Fingerprinting and other techniques and tools
  • Learn to draw network diagrams of vulnerable hosts using various tools
§  Understand vulnerability scanning using BidiBlah and other hacking tools
  • Understand how proxy servers are used in launching an attack
§  Draw network diagrams of vulnerable hosts using various tools
  • Gain insights on working of anonymizers
§  Understand how proxy servers are used in launching an attack
  • Identify HTTP tunneling techniques
§  How does anonymizers work
  • Identify IP spoofing techniques
§  Understand HTTP tunneling techniques
  • Understand various scanning countermeasures
§  Understand IP spoofing techniques
§  Understand various scanning countermeasures
Module 04: Enumeration Module 06: Enumeration
  • Learn the system hacking cycle
§  Understand the system hacking cycle
§  Understand  Enumeration and its techniques §  Understand  Enumeration and its techniques
  • Understand null sessions and its countermeasures
§  Understand null sessions and its countermeasures
  • Understand SNMP enumeration and its countermeasures
§  Understand SNMP enumeration and its countermeasures
  • Describe the steps involved in performing enumeration
§  Describe the steps involved in performing enumeration
Module 05: System Hacking Module 07: System Hacking
  • Understand the different types of passwords
§  Understand the different types of password
  • Identify the different types of password attacks
§  Understand the different types of password attacks
  • Identify password cracking techniques
§  Understand password cracking techniques
  • Understand Microsoft Authentication mechanism
§  Understand Microsoft Authentication mechanism
  • Describe password sniffing
§  Describe password sniffing
  • Identifying various password cracking tools
§  Identifying various password cracking tools
  • Identify various password cracking countermeasures
§  What are the various password cracking countermeasures
  • Understand privilege escalation
§  Understand privilege escalation
  • Gain insights on key loggers and other spyware technologies
§  Understand keyloggers and other spyware technologies
  • Learn how to defend against spyware
§  Understand different ways to hide files
§  Identify different ways to hide files §  Understanding rootkits
  • Understanding rootkits
§  How do you identify rootkits, list the steps for the same
  • Learn how to identify rootkits and steps involved
§  Understand Alternate Data Streams
  • Understand Alternate Data Streams
§  Understand Steganography technologies
  • Understand Steganography technologies and tools used
Understand how to covering your tracks and erase evidences
  • Understand covering tracks, tools used and erase evidences
Module 06: Trojans and Backdoors Module 08: Trojans and Backdoors
  • Define  a Trojan
§  What is a Trojan
  • Identify overt and covert channels
§  Understand overt and covert channels
  • Understand working of Trojans
§  Understand working of Trojans
  • Identify the different types of Trojans
§  List the different types of Trojans
  • What do Trojan creators look for
§  What do Trojan creators look for
  • Identify the different ways a Trojan can infect a system
§  List the different ways a Trojan can infect a system
  • How to indicate a Trojan attack
§  What are the indications of a Trojan attack?
  • Identify the ports used by Trojan
§  Identify the ports used by Trojan
  • Identify listening ports using netstat
§  Identify listening ports using netstat
  • Understand “wrapping”
§  What is meant by “wrapping”
  • Understand Reverse Shell Trojan
§  Understand Reverse Shell Trojan
  • Understand ICMP tunneling
§  Understand ICMP tunneling
  • Identify various classic Trojans
§  Understand various classic Trojans
  • Learn windows start up monitoring tools
§  Understand how “Netcat” Trojan works
  • Understand the Trojan horse constructing kit
§  Understand the Trojan horse constructing kit
§  Learn Trojan detection techniques §  Understand Trojan detection techniques
  • Learn Trojan evading techniques
§  Understand Trojan evading techniques
  • Learn how to avoid a Trojan infection
§  How to avoid a Trojan infection
Module 07: Viruses and Worms Module 09: Viruses and Worms
  • Understand virus and its history
§  Understand virus and its history
  • Characteristics of a virus
§  Characteristics of a virus
  • Learn the working of a virus
§  How does a virus work
  • Understand the motive behind writing a virus
§  Understand the motive behind writing a virus
  • Understand how does a computer get infected by viruses
§  Symptoms of virus attack
  • Gain insights on virus hoax
§  What is a virus hoax
  • Understand virus analysis
§  Understand the difference between a virus and a worm
  • Understand the difference between a virus and a worm
§  Understand the life cycle of virus
  • Understand the life cycle of virus
§  Understand the types of viruses
  • Identify the types of viruses
§  How a virus spreads and infects the system
  • Understand how a virus spreads and infects the system
§  Understand the storage pattern of virus
  • Understand the storage pattern of virus
§  Understand various types of classic virus found in the wild
  • Identify various types of classic virus found in the wild
§  Virus writing technique
  • Virus writing technique
§  Virus construction kits
  • Virus construction kits
§  Understand antivirus evasion techniques
  • Understand antivirus evasion techniques
§  Understand Virus detection methods
  • Understand Virus detection methods and countermeasures
§  Understand worm analysis
Module 08: Sniffers Module 10: Sniffers
  • Understand sniffing and protocols vulnerable to it
§  Understand sniffing and protocols vulnerable to it
  • Identify types of sniffing
§  Discuss types of sniffing
  • Understand Address Resolution Protocol (ARP)
§  Understand Address Resolution Protocol (ARP)
  • Understanding the process of ARP Spoofing
§  How does ARP Spoofing work
  • Understand active and passive sniffing
§  Understand active and passive sniffing
  • Understand ARP poisoning
§  Understand ARP poisoning
  • Understand MAC duplicating
§  Understand MAC duplicating
  • Learn ethereal capture and display filters
Understand ethereal capture and display filters
  • Understand MAC flooding
§  Understand MAC flooding
  • Understand DNS spoofing techniques
§  Understand DNS spoofing techniques
  • Identify sniffing countermeasures
§  Describe sniffing countermeasures
  • Know various sniffing tools
§
  • Identify sniffing detection and defensive techniques
§
Module 09: Social Engineering Module 11: Social Engineering
Understand Social Engineering §  What is Social Engineering
  • Understand human weakness
§  Understand human weakness
  • Identify the different types of social engineering
§  List the different types of social engineering
  • Learn warning signs of an attack
§  Understand Dumpster Diving
  • Understand Dumpster Diving
§  Understand Reverse Social Engineering
  • Understand Human-based Social Engineering
§  Understand Insider attacks and its countermeasures
  • Understand Insider attacks and its countermeasures
§  Understand Social Engineering threats and defense
  • Gain insights on Social Engineering threats and defense
Understand Identity Theft
  • Comprehend Identity Theft
§  Describe Phishing Attacks
  • Understand Phishing Attacks
§  Understand Online Scams
  • Identify Online Scams
§  Understand URL obfuscation
  • Understand URL obfuscation
§  Understand social engineering on social networking sites
  • Understand social engineering on social networking sites
§  Social Engineering countermeasures
  • Identify Social Engineering countermeasures
Module 12: Phishing
Phishing is covered in Module 09: Social Engineering of CEHv7 §  Understand phishing and reasons for its success
§  Different types of phishing
§  Explain the process of phishing
§  List different types of phishing attacks
§  List the anti-phishing tools and countermeasures
Module 13: Hacking Email Accounts
The Hacking Email Accounts module is removed from CEHv7 core modules and exam objectives §  List different ways to get information related to e-mail accounts
§  Understand various e-mail hacking tools
§  How to create strong passwords for e-mail accounts
§  Explain Sign-in Seal
Module 10: Denial of Service Module 14: Denial of Service
  • Understand a Denial of Service Attack
§  Understand Denial of Service(DoS) attacks
  • Gain insights on Distributed Denial of Service Attacks
§  What is the goal of a DoS attack
  • Examine  the working of Distributed Denial of Service Attacks
§  Impact and modes of DoS attack
  • Analyze Symptoms of a DoS Attack
§   Types of attacks
  • Understand Internet Chat Query (ICQ)
§  Classify different  types of DoS attacks
  • Understand Internet Relay Chat  (IRC)
§  Understand various tools used to launch DoS attacks
  • Assess DoS Attack Techniques
§  Understand botnets and their use
  • Understand Botnets
§  List the types of bots and their mode of infection
§  Assess DoS/DDoS Attack Tools §  Understand how DDoS attack works
  • Describe Detection Techniques
§  Characteristics of a DDoS attack
  • Identify DoS/DDoS Countermeasure Strategies
§  Explain the Agent-Handler Model and DDoS IRC Model
  • Analyze Post-Attack Forensics
§  Understand Reflective DNS attacks
  • Identify DoS/DDoS Protection Tools
§  How to conduct a DDoS attack
  • Understand DoS/DDoS Penetration Testing
§  Understand Reflected DoS attack
§  Describe the DoS/DDoS countermeasures
Module 11: Session Hijacking Module 15: Session Hijacking
  • Understand what is Session Hijacking
§  Understand session hijacking
  • Identify Key Session Hijacking Techniques
§  Understand spoofing vs. hijacking
  • Understand Brute Forcing Attack
§  What are the steps to perform session hijacking
  • Understand HTTP Referrer Attack
§  List the types in session hijacking
  • Spoofing vs. Hijacking
§  Understand session hijacking levels
  • Understand Session Hijacking Process
§  Understand sequence number prediction
  • Identify types of Session Hijacking
§  Describe countermeasure to session hijacking
  • Analyze Session Hijacking in OSI Model
  • Understand Application Level Session Hijacking
§  Discuss Session Sniffing
  • Describe Man-in-the-Middle Attack
  • Understand Man-in-the-Browser Attack
  • Examine Steps to Perform Man-in-the-Browser Attack
  • Understand Client-side Attacks
  • Understand Cross-site Script Attack
  • Understand Session Fixation Attack
  • Describe Network Level Session Hijacking
  • Understand TCP/IP Hijacking
  • Identify Session Hijacking Tools
  • Identify Countermeasures of Session Hijacking
  • Understand Session Hijacking Pen Testing
Module 12: Hacking Webservers Module 16: Hacking Webservers
  • Understand Open Source Webserver Architecture
§  Understand the working of a webserver
  • Examine IIS Webserver Architecture
§  How are webservers compromised
  • Understand Website Defacement
§  Understand web server defacement
  • Understand why Web Servers are compromised
§  Understand the attacks against web servers
§  Analyze Impact of  Webserver Attacks §  List the types of web server vulnerabilities
  • Examine Webserver Misconfiguration
§  Understand IIS Unicode exploits
  • Understand Directory Traversal Attacks
§  Understand patch management techniques
  • Learn regarding HTTP Response Splitting Attack
§  Understand Web Application Scanner
  • Understand Web Cache Poisoning Attack
§  What is Metasploit Framework
  • Understand HTTP Response Hijacking
§  Understand various webserver testing tools
  • Discuss SSH Bruteforce Attack
§  Understand patch management
  • Examine Man-in-the-Middle Attack
§  List best practices for patch management
  • Learn Webserver Password Cracking Techniques
§  Describe Web Server hardening methods
  • Identify Web Application Attacks
§  Webserver protection checklist
  • Understand Webserver Attack Methodology
  • Identify Webserver Attack Tools
  • Identify Counter-measures against Webserver Attacks
  • Understand Patch Management
  • Assess Webserver Security Tools
  • Understand Webserver Pen Testing
Module 13: Hacking Web Applications Module 17: Web Application Vulnerabilities
  • Understand Introduction to Web Applications
§  Understand the working of a web application
§  Identify Web Application Components §  Objectives of web application hacking
  • Understand working of Web Applications
§  Anatomy of an attack
  • Examine Web Application Architecture
§  Understand various web application threats and its countermeasures
  • Assess Parameter/Form Tampering
§  Understand various web application hacking tools
  • Understand Injection Flaws
  • Discuss Hidden Field Manipulation Attack
  • Describe Cross-Site Scripting (XSS) Attacks
  • Understand Web Services Attack
  • Understand Web Application Hacking Methodology
  • Identify Web Application Hacking Tools
  • Understand how to Defend Against Web Application Attacks
  • Identify Web Application Security Tools
  • Understand Web Application Firewalls
  • Gain insights on Web Application Pen Testing
Module 18: Web Based Password Cracking Techniques
Web Based Password Cracking Techniques are covered in Module 13: Hacking Web Applications of CEHv7 §  Understand authentication and authentication mechanisms
§  Rules to select a good password
§  Things to avoid while selecting passwords
§  How to protect  passwords
§  How hackers get hold of passwords
§  What is a Password Cracker?
§  How does a Password Cracker work
§  Modus operandi of an attacker using password cracker
§  Understand Password Attacks – Classification
§  Understand Password Cracking Countermeasures
Module 14: SQL Injection Module 19: SQL Injection
§  Understand SQL Injection §  What is SQL injection
§  Examine SQL Injection Attacks §  Understand the steps to conduct SQL injection
§  Understand working of Web Applications §  Understand various SQL injection techniques
§  Identify Server Side Technologies §  Understand SQL Server vulnerabilities
§  Understand SQL Injection Detection §  How to test for SQL injection vulnerabilities
§  Discuss SQL Injection Black Box Pen Testing §  Understand various SQL injection tools
§  Types of SQL Injection §  Understand Blind SQL injection and its countermeasures
§  Understand Blind SQL Injection
§  Learn SQL Injection Methodology
§  Understanding SQL Query
§  Examine Advanced Enumeration
§  Describe Password Grabbing
§  Discuss Grabbing SQL Server Hashes
§  Identify SQL Injection Tools
§  Understand Evasion Techniques for SQL Injection
§  Understand Defensive strategies Against SQL Injection Attacks
§  Identify SQL Injection Detection Tools
Module 15: Hacking Wireless Networks Module 20: Hacking Wireless Networks
§  Understand Wireless Networks §  Understand wireless network architecture
§  Gain Insights on Wireless Networks §  Differentiate between wireless and wired network
§  Understand various types of  Wireless Networks §  What are the effects of wireless networks on business
§  Understand Wi-Fi Authentication Modes §  Understand the types of wireless networks
§  Identify types of Wireless Encryption §  List the advantage and disadvantage of wireless network
§  Understand WEP Encryption §  Understand various wireless standards
§  Understand WPA/WPA2 §  Understand various wireless concepts and devices
§  Discuss Wireless Threats §  Overview of WEP, WPA, WPA2  authentication systems and cracking techniques
§  Understand Wireless Hacking Methodology §  Overview of wireless Sniffers and SSID, MAC Spoofing
§  Assess Wireless Hacking Tools §  Understand Rogue Access Points
§  Understand Bluetooth Hacking §  Understand wireless hacking techniques
§  Understand how to Defend Against Bluetooth Hacking §  Understand TKIP, LEAP
§  Understand how to Defend against Wireless Attacks §  Understand MAC Sniffing, AP Spoofing, MITM, DoS attacks
§  Identify Wi-Fi Security Tools §  Understand phone jammers
§  Examine Wireless Penetration Testing Framework §  How to detect a wireless network
§  Understand various wireless hacking tools
§  List the steps to hack a wireless network
§  Understand WIDZ and RADIUS
§  Describe the methods in securing wireless networks
Module 21: Physical Security
The Physical Security module is removed from CEHv7 core modules and exam objectives §  Physical security breach incidents
§  Understanding physical security
§  Need for physical security
§  Who is accountable for physical security
§  Factors affecting physical security
§  Physical security checklist for organizations
§  Authentication mechanisms
§  How to fake fingerprints
§  Understand wiretapping
§  Understand lock picking
§  Understanding wireless and laptop security
§  Laptop security countermeasures
§  Understand mantrap, TEMPEST
§  List the challenges in ensuring physical security
§  Understand spyware technology
Module 22: Linux Hacking
The Linux Hacking module is removed from CEHv7 core modules and exam objectives §  What is the need for a Linux Operating System
§  Linux distributors
§  Understand the basic commands of Linux
§  Understand the Linux file structure and networking commands
§  List the directories in Linux
§  Understand how to install, configure and compile a Linux Kernel
§  Understand installing a Kernel patch
§  Understand GCC compilation commands
§  List vulnerabilities in Linux
§  Why is Linux hacked
§  How to apply patches to vulnerable programs
§  Understand password cracking in Linux
§  Understand IP Tables
§  Basic Linux Operating System Defense
§  Understand how to install LKM modules
§  Understand AIDE
§  Understand Linux hardening methods
Module 16: Evading IDS, Firewalls, and Honeypots Module 23: Evading IDS, Honeypots and Firewalls
§  Understand Intrusion Detection Systems (IDS) §  Understand Intrusion Detection Systems (IDS)
§  Learn Ways to Detect an Intrusion §  Where to place an IDS
§  Acquire knowledge on various types of Intrusion Detection Systems §  Ways to detect an intrusion
§  Understand what is a Firewall §  Understand the types of IDS
§  Types of Firewall §  Understand System Integrity Verifiers
§  Identify Firewall Identification Techniques §  Understand True/False, Positive/Negative
§  Understand Honeypot §   Signature analysis in an IDS
§  Assess various types of Honeypot §  List the general indications of a possible intrusion
§  Understand how to Set up a Honeypot §  Steps to perform after IDS detects attack
§  Understand IDS, Firewall and Honeypot System §   List the IDS evasion techniques
§  Examine Evading IDS §  Understand firewall and its working
§  Understand Evading Firewall §  List the type of firewalls
§  Learn detecting Honeypots §  Understand firewalking, banner grabbing
§  Identify Firewall Evading tools §  IDS and Firewall testing tool
§  Identify Countermeasures §  What is a honeypot
§  Analyze Firewall and IDS Penetration Testing §  List the types of honeypots, advantage and disadvantage
§  Honeypot placement
§  Differentiate between physical and virtual honeypots
§  Countermeasures  to hack attacks
Module 17:  Buffer Overflow Module 24: Buffer Overflows
§  Understand Buffer Overflows (BoF) §  Why are programs/applications vulnerable to buffer overflow
§  Understand Stack-Based Buffer Overflow §  Understand buffer overflows and reasons for attacks
§  Know Heap-Based Buffer Overflow §  List the knowledge required to program buffer overflow exploits
§  Understand Stack Operations §  Understand stacks, heaps, NOPS
§  Identify Buffer Overflow Steps §  Identify the different types of buffer overflows and methods of detection
§  Analyze attacking a Real Program §  Understand assembly language
§  Examine Smashing the Stack §  Overview of shellcode
§  Examples of Buffer Overflow §  Overview of buffer overflow mutation techniques
§  Understand how to Mutate a Buffer Overflow Exploit §  Writing buffer overflow programs in C
§  Learn how to identify Buffer Overflows §  Buffer overflow code analysis
§  Testing for Heap Overflow Conditions: heap.exe
§  Understand steps for Testing Stack Overflow in OllyDbg Debugger
§  Identify Buffer Overflow Detection Tools
§  Understand Defense Against Buffer Overflows
§  Identify Buffer Overflow Countermeasures Tools
§  Understand Buffer Overflow Pen Testing
Module 18 Cryptography Module 25: Cryptography
§  Understand Cryptography §  Overview of cryptography and encryption techniques
§  Learn various types of Cryptography §  Understand cryptographic algorithms
§  Understand Ciphers §  Describe how public and private keys are generated
§  Gain insights on Advanced Encryption Standard (AES) §  Overview of MD5, SHA, RC4, RC5, Blowfish algorithms
§  Understand RC4, RC5, RC6 Algorithms §  Understand digital signature
§  Examine RSA (Rivest Shamir Adleman) §  List the components of a digital signature
§  Explain Message Digest Function: MD5 §  Method of digital signature technology
§  Understand Secure Hashing Algorithm (SHA) §  Application of digital signature
§  Identify Cryptography Tools §  Understand digital signature standard
§  Understand Public Key Infrastructure (PKI) §  Digital signature algorithm
§  Understand Email Encryption §  Overview of digital certificates
§  Identify Digital Signature §  Understand code breaking methodologies
§  Describe SSL (Secure Sockets Layer) §  Understand cryptanalysis
§  Examine Disk Encryption §  List the cryptography attacks
§  Identify Disk Encryption Tools
§  Understand Cryptography Attacks
§  Identify Cryptanalysis Tools
Module 19: Penetration Testing Module 26: Penetration Testing Methodologies
§  Understand Penetration Testing (PT) §  Overview of penetration testing methodologies
§  Identify Security Assessments §  Understand security assessments
§  Examine Risk Management §  Understand vulnerability assessment and its limitation
§  Understand various types of Penetration Testing §  Understand types of penetration testing
§  Understand Automated Testing §  Understand risk management
§  Understand Manual Testing §  Outsourcing penetration testing service
§  Understand Penetration Testing Techniques §  List the penetration testing steps
§  Know the Penetration Testing Phases §  Overview of the Pen-Test legal framework
§  Understand Enumerating Devices §  Overview of the Pen-Test deliverables
§  Understand Penetration Testing Roadmap §  List the automated penetration testing tools
§  Understand Denial of Service Emulation §  Best practices
§  Outsourcing Pen Testing Services §  Phases of penetration testing
§  Identify various Penetration testing tools
Compartilhar:

Este post tem 2 comentários

  1. Essa prova deve ser tensa!
    A security+ aparenta ser mais light. Alguém confirma?

  2. Na versão 6.1 a prova contemplava 150 questões que deveriam ser respondidas num intervalo de no máximo 4 horas. Realmente é uma prova bastante desgastante.

Deixe uma resposta

Fechar Menu