Anda di halaman 1dari 33

• Home

• Entrance Exams

• CBSE Helpline

• Sample Papers

• Important Questions

• Project Work

• Forum

• Olympiads

• CBSE Schools

• CBSE Grading


• Studying Tips

• Engineering Exam


• CBSE Books


CISE-Certified Information Security

Expert Exam......CEH-Certified
Ethical Hacker ~ CBSE
Join Us



Yahoo Group

Google Group

SMS Alerts
CISE stands for Certified Information Security Expert. It is a certification provided after an
individual who successfully clears both the levels of ISAT.

A Certified Information Security Expert has in-depth knowledge of the internet, networking &
online threats. He is capable of identifying new threats & can be considered as an Online
Security Consultant.

If you a CISE, various opportunities are waiting for you. Various Companies will just pick you up
seeing that you are a CISE. Apart from that, it can also help you in getting the promotion you
have been looking for. The course is an excellent investment for students in the Technology field
as well as professionals in the internet & networking field.

The CEH certification is for an individual who is usually employed with the organization and
who can be trusted to undertake an attempt to penetrate networks and/or computer systems
using the same methods as a hacker. Illegal hacking (ie; cracking computer systems) is a felony
in the United States and most other countries. But when this type of hacking is done by request
and under a contract between an Ethical Hacker and an organization, it is legal. The most
important point is that an Ethical Hacker has authorization to probe the target with attacks such
as cross site scripting.

A Certified Ethical Hacker is a skilled professional who understands and knows how to look for
the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a
malicious hacker.

Certification is achieved through training at an ATC (Accredited Training Center) or self-study.

If students choose to self-study, in order to sit for the exam they must fill out an application and
also have documented 2 years of information security work experience. Both CEH v4 and v5
utilize EC-Council's exam 312-50. The exam consists of 125 (v4) or 150 (v5) multiple-choice
questions, and students are given up to three or four hours, respectively, to complete the
examination. The exam costs US$250, and is administered via computer at an EC-Council
Accredited Training Center, Pearson VUE, or Prometric testing center (in the United States).
In today’s scenario, everything depends on IT. From tax collections, booking the cheapest airline

tickets, banking online to trading shares online, you name it! If you aren’t a part of IT revolution

yet, you are missing on a lot of ease and opportunities. But as they say, everything comes at a

price, and the price you pay here is risking your privacy and probably your bank balance!

Hacking is easier on poorly built websites and applications. There is nothing as good for a hacker

as a faulty program. During one of Innobuzz PenTest operations, we found a simple coding glitch

that revealed high priority information in the websites of one of the top 10 companies of India! It

is really that infectious! Imagine, if that can happen to large companies, where do YOU stand? If

you are a web developer, and a site designed by you is compromised, you lose your clients, if

you do business online, you lose your customers. And for the average web user, it means loss of

privacy and credit card numbers.

All this is happening at a very fast rate and experts are needed to check and cure these. ITS

Experts are in demand. According to NASSCOM, the demand for ITS Experts will be 10Lakh by

2010 in India. ITS is a THE next big thing in IT and you should make the best of it. Innobuzz

Knowledge Solutions provide quality training in field of ITS which enable you to become an

Ethical Hacker.

Our programs are well researched and developed in consultation with the best Security Experts

around the world. Doing a CISE (Certified Innobuzz Security Expert) will do a lot of value

addition, as this is a unique course offered in India.

Run hacking attacks in our classroom labs, be a hacker for a


Some of the hacking concepts you will learn to master during this hands on hacking course...

• Penetration testing • Evidence removal and anti-

methodologies forensics
• Stealthy network recon • Attacking network infrastructure
• Passive traffic identification devices
• Remote root vulnerability • Hacking by brute forcing
exploitation remotely
• Privilege escalation hacking • Hiding exploit payloads in jpeg
and gif image files
IPv6 Vulnerabilities

• Hacking Web Applications
• Remote access trojan hacking
• Breaking into databases with
• Running shellcode in RAM vs. on
SQL Injection
• Cross Site Scripting hacking
• Wireless insecurity
• Hacking into Cisco routers
• Breaking IP-based ACLs via
• Justifying a penetration test to
management and customers
• CEH/CPT review
• Abusing Windows Named Pipes
for Domain Impersonation
• Defensive techniques

Some of the instructor-led hands-on hacking lab exercises in this security training experience.

• Attacking RDP (Remote Desktop

• Capture the Flag hacking
Protocol) in Windows XP, 2003 &
exercises every night !
• Abusing DNS for host
• Remote keylogging
• Data mining authentication
• Leaking system information
information from clear-text
from Unix and Windows
• Windows 2003 Server & Vista
• Sniffing and hijacking SSL
DNS Cache Poisoning Attacks
encrypted sessions
• Unix, Windows and Cisco
• Breaking wireless security via
password cracking
• Remote buffer overflow exploit
• Malicious event log editing
lab - heap vs. stack overflows
• Client side IE & Firefox exploits
• Attacking Kerberos Pre-Auth
• Tunneling through IPSec VPNs
by abusing ESP
• Spoofing endpoints of
• Data retrieval with SQL Injection
communication tunnels
• Impersonation of other Users-
Hijacking kernel tokens
• Calculating the Return on
Investment (ROI) for an ethical

Hacker Halted Conferences covers security topics in various technologies. Here
are the complete list of topics.

♣ Terrorist Threat to IT Infrastructure

♣ Cyberterrorism
♣ National Infrastructure Attacks
♣ Hackers and their Targets
♣ E-Business Security Under Threat
♣ Phishing Attacks and Social Engineering
♣ Who to Trust in this Untrusting Network world
♣ Wired or Wireless – Security analysis
♣ Prosecution of Cyber Criminals
♣ Forensics Analysis – The Failures
♣ Identity Theft and the Risks
♣ Airports, Banks, and Public Transportation. Are we safe?
♣ Hackers are here. Where are you?
♣ Are you smarter then the hackers.
♣ I can beat you. Don’t think you are smart.
♣ Software vendor’s promises and lies.
♣ Contingency Planning for Organizations
♣ Defense Against Social Engineering
♣ Facilitated Risk Analysis for Business and Security
♣ Hands-on Hacking
♣ Linux Security
♣ Wireless Security
♣ How to Be a More Effective Security Liaison:
♣ Security as a Part-time Job
♣ Effective Information Security
♣ Professional
♣ Sustain a Quality Security
♣ Awareness Program
♣ Winning Security Architecture
♣ Develop Information Security Policies
♣ Develop Information Security Standards and Procedures
♣ How to Perform a Technical Network Vulnerability
♣ Assessment
♣ Administrator Mistakes
♣ Hacker Mistakes
♣ Hiring Hackers and the Law
♣ Hacker Terrorism
♣ Computer and Network Security
♣ End-to-End Digital Investigation
♣ Knowledge Foundations for Data Communications
♣ Managing a Privacy Governance Program
♣ Outsourcing Security
♣ Encryption and Certificate Authorities
♣ Roll-Out of an Asset Classification Program
♣ Return on Investment for Information Security
♣ A Structured Approach to Incident Response
♣ Computer Forensics Tools and How to Make Them Work for You
♣ Wireless Security in the Enterprise
♣ A Pragmatic Approach to Information Security Management
♣ Demystifying Security and Audit of TCP/IP Networks
♣ Penetration Testing: HANDS-ON
♣ Essential Windows Security Tools
♣ IT Law: Business and Security Imperatives for Non-Lawyers
♣ Staying Out of Trouble with Wireless Local Area Networks
♣ Defining and Building an Enterprise Security Architecture
♣ How to Secure and Audit LDAP
♣ Creating and Implementing Security Policies
♣ Blueprint for Avoiding Identity Theft
♣ The Complete Do-It-Yourself NIST Security Toolkit
♣ E-Fraud Forensics: Understanding the Investigative Process A to Z
♣ The Good Guys’ Guide to Uncovering Network Vulnerabilities
♣ VoIP Security Exposed
♣ Hacking Windows - HANDS-ON
♣ Remote Testing for Common Web Application Security Threats
♣ How to Stop an Enemy We Can't Find: Technology on the Front Lines
♣ The Latest Network Hacks and Defenses
♣ Creating an End-to-End Identity Management Architecture
♣ VoIP Security
♣ Laws That Drive Information Security
♣ Threat Trends 2006: The Latest on Phishing, Pharming, Spyware, and More
♣ Planning and Deploying a Strategic Security Architecture
♣ Securing Today's (and Tomorrow's) Mobile Infrastructure
♣ Threats and Countermeasures: Defending Against the Worst Malware in Windows
♣ Manager’s Guide to Perimeter Protection: Firewalls and IDS
♣ Preparing For and Handling Network Security Incidents
♣ How to Conduct a Penetration Test
♣ The Sensor Age: How RFID is about to Revolutionize Business and Information Security
♣ Hacking Web Applications
♣ Conquering Federated Identity Management: Lessons Learned
♣ Phishing: Tackling the Problem
♣ Making Policies Work: From Creation to Enforcement
♣ What Hackers Don't Want You to Know
♣ Best Practices for Vulnerability Management
♣ Mobile Device Security
♣ First-Class Security Tips for Windows Systems
♣ How to Properly Defend Your Port 80
♣ Bleeding-Edge Anti-Forensics
♣ Hardware Token Compromises and Fixes
♣ Advanced SQL Injection
♣ Managing Identity and Access Control Management for Enterprise Security
♣ Google Hacking - DEMO
♣ Presenting the Business Case and ROI for InfoSec
♣ Regulation Riptide: Staying Above Water with Compliance and InfoSecurity
♣ Security in the Services-Oriented Architecture
♣ Safety on the Road: Key Tools to Protect Road Warriors
♣ Rootkits in Windows
♣ Perimeter Penetration Testing
♣ Creating a Threat Recognition Architecture in a Federal Agency
♣ Centrally Managing Fine-Grained Database Access
♣ Managing IT Risks Through the Assessment Process
♣ Different Styles of Intrusion Prevention: What Keeps Out the Hackers?
♣ System Configuration Management: Security and Auditing Challenges
♣ WPAN Security Exposed
♣ Patch Management in a Complex IT Environment
♣ Hacking IPSec Virtual Private Networks (VPNs)
♣ Hacking and Securing .NET
♣ Network Devices Exposed! Routers, Switches, Wireless, Modems, and More
♣ Taking Your Instant Response Team to the Next Level
♣ Identity and Access Management Deployment: Lessons Learned
♣ Biometrics: Opportunities and Challenges
♣ Taking Control of Your Career: Development Options for Information Security Professionals
♣ How to Use PERL as a Security and Audit Tool
♣ Creating and Implementing IM Policies
♣ Late-Breaking Technology Session!
♣ Security and the Homeland
♣ Penetration Testing Databases and Countermeasures
♣ Implementing Cross-Company Authentication Using SAML
♣ Building Security In: Software Security Gets Real
♣ Technical Policy Management
♣ Potholes that Could Derail an Information Security Program
♣ Identity Theft: What, How and Protective Measures
♣ Preparing for the Coming VoIP Security Revolution: IMS
♣ Computers, Crime and Punishment
♣ Creating a Computer Forensic Policy as Part of Your Cyber Response Plan
♣ Leveraging Freeware Hacker Tools
♣ Securing Unix-Based Operating Systems
♣ Protecting Your Network from Next Generation Attacks - DEMO
♣ The Role of Directory Services in Identity Solutions
♣ Hacking Web Services: Strategies, Tools, and Methods - DEMO
♣ Managing Security and Privacy Projects
♣ Everything You Need to Know About Encryption in 90 Minutes
♣ Attacking and Defending RFID Security
♣ Next-Generation Wireless Attacks and Defenses
♣ Firewall Technology: Where Is It Headed?
♣ Looking in the Windows Registry for Forensic Purposes
♣ Open Source Tools for Securing the Infrastructure -
♣ Cops and Robbers Las Vegas Style
♣ Web Application Security Assessments
♣ Provisioning: The ID Management Back Office
♣ Securing the Brains of the Network: DNS and DHCP
♣ Policies for Identity Management
♣ Keeping E-Messaging Secure
♣ Conducting a Business Impact Analysis and Creating a Disaster Recovery Plan
♣ SSL Remote Access Tactics: Unsafe at Any Speed?
♣ Securing Windows 2003
♣ Secure Network Change Management: Look Before You Change
♣ Handling Evidence in an E-Fraud Investigation
♣ Tracking USB Storage Devices Across Windows Systems
♣ ARP Spoofing and Beyond: Attacks and Protection at Layer 2
♣ Integrating Enterprise Access Solutions into a Seamless System
♣ Auditing Web Application Authentication
♣ Getting the Most Out of Your Ethical Hacking Program
♣ Life After California SB1386: Getting a Handle on Security Breach Notification Laws
♣ Managing IT Risk and Compliance: An Effective Framework for the Enterprise
♣ Hacking SSL Virtual Private Networks (VPNs)
♣ Protecting Your Penguins: Developing a Baseline for Linux Security
♣ What Every Organization Should Monitor and Log: A Checklist
♣ The Time is Now: The Convergence of Networks, Time Synchronization and Information

You can register and take any e-Business certification exams through web based Prometric Prime at Any EC-Council Accredited Training Center can proctor the exam. You

cannot take the exam directly through the Internet without a proctor.


Certification exams are priced according to currency values in available countries. Certification exam prices are

subject to change. In some countries, exam prices may differ and additional taxes may apply. Please contact
your ATC for exact pricing.

Exam Fees

Exams with prefix of 212 are priced at $99 U.S.

Exams with prefix of 112 are priced at $ 125 U.S

Exams with prefix of 312 are priced at $250 U.S

Payment is made to Prometric at the time of registration. Prometric accepts payment by credit card.

Pre-paid exam vouchers

Exam vouchers are available from EC-Council Accredited Training Centers around the world. Candidates may

also purchase pre-paid exam vouchers directly by contacting

EC-Council exams are also available through Authorized Prometric Testing Centers in over 180 countries.

Exams Available at APTC

Currently the following exams are available at APTC

• E-Commerce Architect

(Exam Code: EC0-232)

Cost: USD 125/-

This exam only available at Prometric

• Ethical Hacking and Countermeasures

(Exam Code: EC0-350)

Cost: USD 250/-

This exam available at Prometric and VUE

• Computer Hacking Forensic Investigator

(Exam Code: EC0-349)

Cost: USD 250/-

This exam available at Prometric and VUE

EC-Council offers the Certified Ethical Hacker Certification Exam over these channels.

1. Exam 312-50: Web based ‘Prometric Prime’ at Accredited

Training Centers (ATC).

2. Exam EC0-350: Proctored test at Authorized Prometric Testing

Centers (APTC) globally.

3. Exam 312-50: VUE Testing centers

Please note that the difference in the exam is only in terms of exam delivery channel and are
otherwise identical in source.

Eligibility Requirements

To be eligible for appearing in the CEH certification examination, you must:

1. Have attended training for the CEH course at any of the accredited
training centers. Should you choose to defer taking the examination
after your training, and would like to opt for another location; you can
apply for the same at a later date at any ATC of your choice by
submitting your certificate of attendance to EC-Council.

2. If you have opted for self-study and not attended training, you
must have at least two years of information security related experience.

Please download and complete the CEH Exam (EC0-350) Application

Form and fax it to EC-Council at +1-505-212-0667 for verification.
Upon approval, EC-Council will send you an eligibility voucher number
which you can use to register and schedule the test at any Authorized
Prometric Testing Center globally. Please note that Prometric
Registration will not entertain any requests without this voucher

Certification Fees
1. If you have attended training at any accredited training center, you
are eligible to appear for the web based Prometric Prime exam. This
exam is priced at USD 250.

2. If you have chosen self study, and are eligible for the exam as
verified from the CEH Exam EC0-350 Application Form submitted, you
can take the test at any of the Authorized Prometric Testing Centers
globally. This exam is priced at USD 250.

Scheduling Process

1. If you are appearing for Exam 312-50 the web based Prometric
Prime exam, you can contact your ATC to schedule the exam.

2. If you are appearing for Exam EC0-350 at any authorized

Prometric Testing center, you can schedule the exam by contacting
Prometric directly. You can use the voucher number given to you by EC-
Council upon approval of your eligibility application form. Please note
that Prometric will NOT schedule exams without the voucher number.

3. For VUE, please visit

What is the difference between Exam 312-50 and Exam EC0-350?

EC-Council offers the Certified Ethical Hacker examination over two channels – the EC-Council
Accredited Training Center (ATC) and the Authorized Prometric Testing Center (APTC). Only
students who undergo training for CEH at any ATC are eligible to appear for the web based
Prometric Prime exam (Exam 312-50).

Students who opt to pursue self study can appear for the exam EC0-350 at the Authorized
Prometric Testing Center after they fulfill the examination eligibility criteria and produce the
voucher number to Prometric.

In all other aspects the exams are identical in source and lead to the certification ‘Certified
Ethical Hacker’.
Should I attend training to appear for the CEH exam?

EC-Council recommends that CEH aspirants attend formal classroom training at any of
the accredited training centers to reap maximum benefit of the course and have a
greater chance at clearing the examinations. The ATC will check your work experience
before registering for the class. You are also required to sign a Non-Disclosure
Agreement (NDA) when you enroll for the class.

What are the pre-requisites for taking a CEH exam?

If you attend CEH training, you are eligible to appear for the CEH examination. If you
opt for self study, you must complete the eligibility form and fax it to EC-council for

Is there any eligibility criteria?

It is mandatory for you to record two years of information security related work experience and
get the same endorsed by your employer. In case you do not possess the same you can send us a
request detailing your educational background and request for consideration on a case basis.

Why do I have to get approval from EC-Council to appear for the exam without the training?

EC-Council presents the body of knowledge through CEH to educate and assist information
security professionals in hacking tools and techniques for legally accepted security testing
purposes. It is the social responsibility of EC-Council to ensure that this knowledge is imparted
to people with the right intent and obtain assurance that this body of knowledge will not be

Where do I purchase the prepaid examination vouchers?

You can purchase the vouchers directly from VUE or Prometric.

I have just completed the training. Can I defer taking a test to a later date?

Yes, you can. Ensure that you obtain a certificate of attendance upon completion of the training.
You may contact the ATC at a later date and schedule the exam.
I have just completed the training. Can I take the test at a different location?

Yes, you can. You can take the exam at any ATC offering the CEH program by presenting your
certificate of attendance. This will be verified against our records and your exam can be

Do I have to recertify?

You will need to earn EC-Council Continuing Education Credits (ECE) to maintain the
certification. Click here for more information.

Why are there different versions for the exam?

EC-Council certifications are under continuous development. We incorporate new techniques

and technology as they are made available and are deemed necessary to meet the course
objectives. This is reflected in our examination process as well as students are tested on
concepts, techniques and technology.

How many times can I appear for the examination in case I do not pass in the first attempt?

There are no restrictions on the number of times you can appear for the examination, as long as
you are able to contact the test center and schedule your exam in advance. There is no waiting
period between attempts.

To request for another eligibility voucher to resit for the exam at Prometric APTC, send an e-
mail to with your details. You don't need to go through eligibility application
process again.

Can I take the exam at VUE testing centers?

Yes. The 312-50 exam is available at VUE testing centers as well. Just like Prometric APTC, you
will need an eligibility number to attempt the exam at Vue. The eligibility number issued for
Prometric cannot be used for VUE and vice versa. You can indicate in the eligibility application
form which center you will be taking the test. Please visit VUE's EC-Council testing page at
Will EC-Council help me in scheduling the Prometric exam?

You are advised to contact Prometric Registration up to one business day prior to the date of the
scheduled exam, before 7pm Central Standard Time.

When will I get my certificate once I pass the certification examination?

You will receive your welcome kit in eight week’s time upon passing the exam.

How many questions are there in the exam and what is the time duration?

The examination consists of 150 questions. The duration of the test varies according to location and channel.

The exam 312-50 offered through Prometric Prime is of four hour duration. The exam EC0-350 offered through

Prometric APTC is four hours for English speaking countries (US and others) and four and half hours for Non

English speaking countries.

How much should I score to clear the exam?

The passing score is 70%.

I am doing a self study, how do I know I am ready to take the exam? Are there any practice

Yes, you can take our practice tests to become familiar with the examination approach.

Can I purchase practice tests?

CEH exam practice tests are available from PrepLogic

What kind of questions can I expect in the exam? Do you have any exam pointers?

The examination tests you on security related concepts, hacking techniques and technology. You
will be asked to decipher exploit codes, study log files, infer output and apply the knowledge
acquired through the course.

Can I review my answers?

You can mark your questions and review your answers before you end the test.

Register by Telephone

In the US and Canada, candidates can register for EC-Council exams by calling Prometric's direct EC-Council toll-free registration

line at (800) 815-3926 between 7:00 a.m. and 7:00 p.m. CST. Outside the United States and Canada, please visit for a complete list of exam registration phone numbers.

Register Online

Candidates can register for EC-Council exams at, Prometric's online registration web site. Online registration is not

available for beta exams. Online exam registration is available in most countries.

Testing Locations

To locate the Testing Center nearest to you, please visit web site.

Please be prepared to provide the following information to Prometric when calling to schedule your test


1. First and last name: Please provide your name as you would like it to appear

on your certificate.

2. Social Security Number: For candidates who do not have a Social Security

Number or do not wish to provide one, Prometric will assign a unique identification

number. Please use this ID number each time that you schedule a new exam.

3. Mailing address: Please list the address to which all correspondence should

be mailed.

4. Company name: If you have listed your business address, please include your

company name to ensure appropriate routing.

5. E-mail address: For the latest program updates, email is the most efficient

and effective means of contacting you.

6. Contact phone numbers

7. Exam number and title

8. Testing center preference: A Prometric customer service representative can

help you identify the testing center near your location.

9. Method of payment (cash, personal check, credit card (American Express,

Mastercard, and Visa), bank transfers, etc.) Payment options may vary by country.
If your address has changed since you last registered for an exam, please contact Prometric to update your

demographic information.

Scheduling Process

Prometric will schedule each candidate into an Authorized Prometric Testing Center for their exam

appointment. Prometric Registration will only schedule exams that have been paid.

Candidates who need to reschedule an exam can do so as long as they contact Prometric Registration up to one

business day prior to the date of the scheduled exam, before 7pm Central Standard Time.

Exam Day

It is important that a candidate arrives at the testing center at least fifteen minutes before the scheduled exam time. The candidate is

also required to bring two forms of signature identification, one with a photograph, for verification purposes. To maintain the

security of the test environment, candidates are not permitted to bring reference materials of any kind into the testing center.

After an exam has been taken a candidate will automatically receive a score report indicating a pass/fail. If a

candidate has taken a beta exam, however, a score report will be sent six to eight weeks after the termination of

the beta availability period.

Exam Retake Policy

Candidates may attempt each exam any number of times, there is no waiting period between attempts.

Ethical Hacking and

Countermeasures (312-
New CEHv6 Exam
The CEHv6 exam is currently in beta and will be available on the 5th November, 2008. The CEH
v5 exam will be available until June 3rd, 2009 then retired.


• The exam codes EC0-350 are 312-50 are the same exam.

• The exam title "Certified Ethical Hacker" and "Ethical Hacking and

Countermeasures" are the same

• VUE and Prometric systems use different exam codes.

• The CEHv4 exam has been retired since June 1st 2007

• CEHv5 exam is available on Prometric Prime, APTC and VUE.

• Exams at VUE and Prometric APTC requires Eligibility Code. Please visit for details

Credit Towards Certification

Certified Ethical Hacker

Master of Security Science (MSS)

Exam Details (CEHv5)

Number of Questions: 150

Passing Score: 70%
Test Duration: 4 Hours
Test Format: Multiple Choice
Test Delivery: Prometric Prime
Exam Version: 5
Release Date: November 13th, 2006
Exam Cost: USD 250

Skills Measured

The Exam 312-50 tests CEH candidates on the following 22 domains.

1. Ethics and Legal Issues






8.Denial of Service

9. Social Engineering

10. Session Hijacking

11. Hacking Web Servers

12. Web Application Vulnerabilities

13. Web Based Password Cracking Techniques

14. SQL Injection

15. Hacking Wireless Networks

16. Virus and Worms

17. Physical Security

18. Hacking Linux

19. IDS, Firewalls and Honeypots

20. Buffer Overflows

21. Cryptography

22. Penetration Testing Methodologies

Ethics and Legality

 Ethics and Legality

 Understand Ethical Hacking terminology
 Define the Job role of an ethical hacker
 Understand the different phases involved in ethical hacking
 Identify different types of hacking technologies
 List the 5 stages of ethical hacking?
 What is hacktivism?
 List different types of hacker classes
 Define the skills required to become an ethical hacker
 What is vulnerability research?
 Describe the ways in conducting ethical hacking
 Understand the Legal implications of hacking
 Understand 18 U.S.C. § 1030 US Federal Law


 Define the term Footprinting

 Describe information gathering methodology
 Describe competitive intelligence
 Understand DNS enumeration
 Understand Whois, ARIN lookup
 Identify different types of DNS records
 Understand how traceroute is used in Footprinting
 Understand how e-mail tracking works
 Understand how web spiders work


 Define the term port scanning, network scanning and vulnerability

 Understand the CEH scanning methodology
 Understand Ping Sweep techniques
 Understand nmap command switches
 Understand SYN, Stealth, XMAS, NULL, IDLE and FIN scans
 List TCP communication flag types
 Understand War dialing techniques
 Understand banner grabbing and OF fingerprinting techniques
 Understand how proxy servers are used in launching an attack
 How does anonymizers work
 Understand HTTP tunneling techniques
 Understand IP spoofing techniques

 What is Enumeration?
 What is meant by null sessions
 What is SNMP enumeration?
 What are the steps involved in performing enumeration?

System hacking

 Understanding password cracking techniques

 Understanding different types of passwords
 Identifying various password cracking tools
 Understand Escalating privileges
 Understanding keyloggers and other spyware technologies
 Understand how to Hide files
 Understanding rootkits
 Understand Steganography technologies
 Understand how to covering your tracks and erase evidences

Trojans and Backdoors

 What is a Trojan?
 What is meant by overt and covert channels?
 List the different types of Trojans
 What are the indications of a Trojan attack?
 Understand how “Netcat” Trojan works
 What is meant by “wrapping”
 How does reverse connecting Trojans work?
 What are the countermeasure techniques in preventing Trojans?
 Understand Trojan evading techniques


 Understand the protocol susceptible to sniffing

 Understand active and passive sniffing
 Understand ARP poisoning
 Understand ethereal capture and display filters
 Understand MAC flooding
 Understand DNS spoofing techniques
 Describe sniffing countermeasures

Denial of Service

 Understand the types of DoS Attacks

 Understand how DDoS attack works
 Understand how BOTs/BOTNETS work
 What is “smurf” attack
 What is “SYN” flooding
 Describe the DoS/DDoS countermeasures

Social Engineering

 What is Social Engineering?

 What are the Common Types of Attacks
 Understand Dumpster Diving
 Understand Reverse Social Engineering
 Understand Insider attacks
 Understand Identity Theft
 Describe Phishing Attacks
 Understand Online Scams
 Understand URL obfuscation
 Social Engineering countermeasures

Session Hijacking

 Understand Spoofing vs. Hijacking

 List the types of Session Hijacking
 Understand Sequence Prediction
 What are the steps in performing session hijacking
 Describe how you would prevent session hijacking

Hacking Web Servers

 List the types of web server vulnerabilities
 Understand the attacks Against Web Servers
 Understand IIS Unicode exploits
 Understand patch management techniques
 Understand Web Application Scanner
 What is Metasploit Framework?
 Describe Web Server hardening methods

Web Application Vulnerabilities

 Understanding how web application works

 Objectives of web application hacking
 Anatomy of an attack
 Web application threats
 Understand Google hacking
 Understand Web Application Countermeasures

Web Based Password Cracking Techniques

 List the Authentication types

 What is a Password Cracker?
 How does a Password Cracker work?
 Understand Password Attacks - Classification
 Understand Password Cracking Countermeasures

SQL Injection

 What is SQL injection?

 Understand the Steps to conduct SQL injection
 Understand SQL Server vulnerabilities
 Describe SQL Injection countermeasures

Wireless Hacking
 Overview of WEP, WPA authentication systems and cracking
 Overview of wireless Sniffers and SSID, MAC Spoofing
 Understand Rogue Access Points
 Understand Wireless hacking techniques
 Describe the methods in securing wireless networks

Virus and Worms

 Understand the difference between an virus and a Worm

 Understand the types of Viruses
 How a virus spreads and infects the system
 Understand antivirus evasion techniques
 Understand Virus detection methods

Physical Security

 Physical security breach incidents

 Understanding physical security
 What is the need for physical security?
 Who is accountable for physical security?
 Factors affecting physical security

Linux Hacking

 Understand how to compile a Linux Kernel

 Understand GCC compilation commands
 Understand how to install LKM modules
 Understand Linux hardening methods

Evading IDS, Honeypots and Firewalls

 List the types of Intrusion Detection Systems and evasion

 List firewall and honeypot evasion techniques
Buffer Overflows

 Overview of stack based buffer overflows

 Identify the different types of buffer overflows and methods of
 Overview of buffer overflow mutation techniques


 Overview of cryptography and encryption techniques

 Describe how public and private keys are generated
 Overview of MD5, SHA, RC4, RC5, Blowfish algorithms

Penetration Testing Methodologies

 Overview of penetration testing methodologies

 List the penetration testing steps
 Overview of the Pen-Test legal framework
 Overview of the Pen-Test deliverables
 List the automated penetration testing tools

CBSE Result 2011

Enter your Email ID below

Subscribe Free

Get all Latest Sample Papers in your inbox !


• CBSE Heritage India Quiz 2011

• AIEEE 2011 Rescheduled Exam
• CBSE Science Exhibition 2011
• Central Teacher Eligibility Test (CTET)
• Computers in Engineering Graphics Laboratories

Most Popular

• Importance of good handwriting in Exams.

• How To Prepare For IIT-JEE And AIEEE

• Become a classroom star

• Tips and Tricks to Score Best Marks in Exams.

• A study Schedule to crack TOEFL, IELTS !

• Improve your Study Skills in Exam time.

• Better English Speaking Skills.

• 5 Ways to improve your Memory.

• Some AIEEE counseling Tips.

• Settling in to university.

• Must Dos for students.

• Understanding Stress: Common reactions

• High risk Behavior: Drug abuse.

• Psychosomatic Symptom

• Handling Suicide

• Must Dos for parents

• Most Frequently asked questions on Exams.

• How to score Good marks in CBSE.

• What to do after 10th and 12th ???

• Online CAT entrance exams preparation

• Career options in Commerce stream

• Career options in Science stream

• CBSE Latest Sample Question Papers

• How to prepare for English in CBSE

• How to solve question Paper ?

• Examination Tips and Tricks

• Career options after 12th and 10th

• How to avoid stress Before Exams.

• CBSE Tips for scoring Good marks

University Results :

• CCS University, Meerut Results

• Guru Nanak Dev University (GNDU) Results
• Annamalai University Distance Education
• Maharishi Dayanand University MDU Results
• IGNOU Results Indira Gandhi National Open University
• Delhi Book Fair 2009 at Pragati Maidan

UPSC Toppers Interview


• ► 2011 (2)
o ► January (2)
 AIEEE Application Form Status
 Vocational Education in India

• ► 2010 (26)
o ► November (6)
 CBSE Scholarship
 CBSE Eligibility for Improvement of Performance Ex...
 CBSE Class 10 Passing Criteria
 CBSE Class 10th Admission Eligibility Criteria
 CBSE Class 12th Admission Eligibility Criteria
 CBSE Admission Procedure to Class XI
o ► September (2)
 Optional Proficiency Test for Class X
o ► August (1)
 CWG Theme Song
o ► July (3)
 Rupee Symbol of India Finalised
 CBSE Online
o ► June (2)
 DU Cut-off List
 CCE Sample Papers
o ► May (6)
 CGPA to Percentage Calculator
 Admission of CBSE students in Class XI Eligibility...
 CBSE Passing Criteria for Class X
 Statement of Subject wise Performance for Class X
 CBSE CGPA to Percentage Calculator
 CBSE Result 2010 Class X and Class XII
o ► April (2)
 AIEEE 2010 Solutions, Answer Key, Cutoff and Resul...
 Right to Education Act, 2009 Rules
o ► March (2)
 CBSE Syllabus of Media Studies for Class XI
 CBSE Syllabus of Media Studies for Class XII
o ► February (1)
 CBSE Helpline Numbers and list of Counselors
o ► January (1)
 List of Deemed Universities in India

• ► 2009 (96)
o ► December (2)
 CBSE Duplicate Certificate
 IIT JEE Previous Year Question Papers with Solutio...
o ► November (3)
 CBSE Mathematical Olympiad Sample Papers
 AIEEE 2010 Online Application Form
 NTSE Sample Papers
o ► October (3)
 PMT Question Papers
 India University Exam Results Semester and Year wi...
 CBSE CCE In Class IX Exams 2nd Term (October 2009 ...
o ► September (2)
 MP Board Results 2010 | | M.P Board E...
 CBSE Improvement Exams Rules and Procedure for Cla...
o ► July (3)
 CBSE Compartment Results 2010 Class 10th and 12th ...
 WBSSC Result 2010 | West Bengal SSC Exam Result
 MSBTE Summer Results 2010 : Maharashtra State Boar...
o ► June (3)
 GGSIPU IP Counselling Requirements and Tips
 FYJC Mumbai 11th Standard Online Admission Process...
 Bharathiar University UG Results 2010
o ► May (8)
 AIEEE 2010 Exam Results
 IIT JEE 2010 Results Released for Delhi, Bombay, M...
 PTU DateSheet 2010 B.Tech | Punjab Technical Unive...
 Tamil Nadu HSC Results 2010 Pallikalvi TN Board Re...
 Kerala Higher Secondary Result HSE 20010 +2 Result...
 RGTU Time Table Bhopal RGTU Results 2010 RGTU Syll...
o ► April (5)
o ► March (10)
o ► February (18)
o ► January (39)

• ▼ 2008 (478)
o ▼ December (54)
 Happy New Year from CBSE Blog !!!
 Latest Sample Papers 2009 released by CBSE !
 CBSE Datesheet 2009 Released !
 More CBSE schools to come up in city....
 CBSE to introduce Grading System till Class XII
 CBSE Important Questions Class XII Computer Scienc...
 CBSE Important Questions Class XII 2009 Accountanc...
 CBSE Important Questions Class XII 2009 Accountanc...
 CBSE Important Questions Class XII 2009 Accountanc...
 Engineering College Admissions ~
 Career in Animation ~
 Schools of India !
 CBSE Sample Paper Class XII Physical Education Sol...
 CBSE Sample Paper Class XII Physics 2009
 CBSE Guess Paper Class X 2009 Chemsitry
 CBSE Guess Paper Class X 2009 Physics !
 Song of Youth.....India
 Merry Christmas Everyone !
 Inspirational Quotes about Lesson in Life ~ CBSE
 Stupid Signs - funny stupid signboards ~ CBSE
 Fun Quiz - interesting tricky quiz !
 Eight per cent Delhi University students are smoke...
 Delhi University voters spring a surprise ~ CBSE N...
 Delhi University teachers on strike for more pay ~...
 Guarantee To Success for CBSE Students !
 Score Best in Computer Science C++ Class XII and C...
 The Theme for Cenbosec Issue (Jan. - March 2009) ~...
 Results of Zonal Informatics Olympiad 2010
 CBSE Important Questions Class XII Physics !
 CBSE Important Questions Class X Science Magnetic ...
 Help us to Improve our Site !
 Tips and Tricks for Scoring Best Marks in Exams :-...
 Top rated Institutes/Universities of India :- Best...
 Top World Universities for Abroad Studies :- Best ...
 Top Asian Universities for Abroad Studies !
 Top USA & Canada Universities for Abroad Studies !...
 HOTS Questions 2010 for class 10 and class 12 High...
 Important Questions for AIEEE - AIEEE Question Pap...
 What Makes A Good Science Project?
 List of Engineering Entrance Examinations 2009
 Common Proficiency Test (CPT) Exam 2010
 IIT JAM 2009 Application Seats and Programmes
 CISE-Certified Information Security Expert Exam......
 Online Nominal Rolls (Computerised List of Candida...
 15th National Sahodaya Conference
 CBSE Cluster XII (Delhi) Athletic Meet 2008-2009 r...
 Central Sector Scheme of Scholarship for College a...
o ► November (10)
o ► October (24)
o ► September (52)
o ► August (68)
o ► July (54)
o ► June (42)
o ► May (173)
o ► April (1)

Free SMS India Healthcare Delhi UPSC Vocational Training NIOS ICSE NCERT IGNOU SSC

iCBSE © 2010